xref: /openbmc/linux/fs/smb/client/smb2transport.c (revision ad4455c6)
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002, 2011
5  *                 Etersoft, 2012
6  *   Author(s): Steve French (sfrench@us.ibm.com)
7  *              Jeremy Allison (jra@samba.org) 2006
8  *              Pavel Shilovsky (pshilovsky@samba.org) 2012
9  *
10  */
11 
12 #include <linux/fs.h>
13 #include <linux/list.h>
14 #include <linux/wait.h>
15 #include <linux/net.h>
16 #include <linux/delay.h>
17 #include <linux/uaccess.h>
18 #include <asm/processor.h>
19 #include <linux/mempool.h>
20 #include <linux/highmem.h>
21 #include <crypto/aead.h>
22 #include "cifsglob.h"
23 #include "cifsproto.h"
24 #include "smb2proto.h"
25 #include "cifs_debug.h"
26 #include "smb2status.h"
27 #include "smb2glob.h"
28 
29 static int
30 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
31 {
32 	struct cifs_secmech *p = &server->secmech;
33 	int rc;
34 
35 	rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
36 	if (rc)
37 		goto err;
38 
39 	rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
40 	if (rc)
41 		goto err;
42 
43 	return 0;
44 err:
45 	cifs_free_hash(&p->hmacsha256);
46 	return rc;
47 }
48 
49 int
50 smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
51 {
52 	struct cifs_secmech *p = &server->secmech;
53 	int rc = 0;
54 
55 	rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
56 	if (rc)
57 		return rc;
58 
59 	rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
60 	if (rc)
61 		goto err;
62 
63 	rc = cifs_alloc_hash("sha512", &p->sha512);
64 	if (rc)
65 		goto err;
66 
67 	return 0;
68 
69 err:
70 	cifs_free_hash(&p->aes_cmac);
71 	cifs_free_hash(&p->hmacsha256);
72 	return rc;
73 }
74 
75 
76 static
77 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
78 {
79 	struct cifs_chan *chan;
80 	struct TCP_Server_Info *pserver;
81 	struct cifs_ses *ses = NULL;
82 	int i;
83 	int rc = 0;
84 	bool is_binding = false;
85 
86 	spin_lock(&cifs_tcp_ses_lock);
87 
88 	/* If server is a channel, select the primary channel */
89 	pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
90 
91 	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
92 		if (ses->Suid == ses_id)
93 			goto found;
94 	}
95 	cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
96 			__func__, ses_id);
97 	rc = -ENOENT;
98 	goto out;
99 
100 found:
101 	spin_lock(&ses->ses_lock);
102 	spin_lock(&ses->chan_lock);
103 
104 	is_binding = (cifs_chan_needs_reconnect(ses, server) &&
105 		      ses->ses_status == SES_GOOD);
106 	if (is_binding) {
107 		/*
108 		 * If we are in the process of binding a new channel
109 		 * to an existing session, use the master connection
110 		 * session key
111 		 */
112 		memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
113 		spin_unlock(&ses->chan_lock);
114 		spin_unlock(&ses->ses_lock);
115 		goto out;
116 	}
117 
118 	/*
119 	 * Otherwise, use the channel key.
120 	 */
121 
122 	for (i = 0; i < ses->chan_count; i++) {
123 		chan = ses->chans + i;
124 		if (chan->server == server) {
125 			memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
126 			spin_unlock(&ses->chan_lock);
127 			spin_unlock(&ses->ses_lock);
128 			goto out;
129 		}
130 	}
131 	spin_unlock(&ses->chan_lock);
132 	spin_unlock(&ses->ses_lock);
133 
134 	cifs_dbg(VFS,
135 		 "%s: Could not find channel signing key for session 0x%llx\n",
136 		 __func__, ses_id);
137 	rc = -ENOENT;
138 
139 out:
140 	spin_unlock(&cifs_tcp_ses_lock);
141 	return rc;
142 }
143 
144 static struct cifs_ses *
145 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
146 {
147 	struct TCP_Server_Info *pserver;
148 	struct cifs_ses *ses;
149 
150 	/* If server is a channel, select the primary channel */
151 	pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
152 
153 	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
154 		if (ses->Suid != ses_id)
155 			continue;
156 		++ses->ses_count;
157 		return ses;
158 	}
159 
160 	return NULL;
161 }
162 
163 struct cifs_ses *
164 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
165 {
166 	struct cifs_ses *ses;
167 
168 	spin_lock(&cifs_tcp_ses_lock);
169 	ses = smb2_find_smb_ses_unlocked(server, ses_id);
170 	spin_unlock(&cifs_tcp_ses_lock);
171 
172 	return ses;
173 }
174 
175 static struct cifs_tcon *
176 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32  tid)
177 {
178 	struct cifs_tcon *tcon;
179 
180 	list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
181 		if (tcon->tid != tid)
182 			continue;
183 		++tcon->tc_count;
184 		return tcon;
185 	}
186 
187 	return NULL;
188 }
189 
190 /*
191  * Obtain tcon corresponding to the tid in the given
192  * cifs_ses
193  */
194 
195 struct cifs_tcon *
196 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32  tid)
197 {
198 	struct cifs_ses *ses;
199 	struct cifs_tcon *tcon;
200 
201 	spin_lock(&cifs_tcp_ses_lock);
202 	ses = smb2_find_smb_ses_unlocked(server, ses_id);
203 	if (!ses) {
204 		spin_unlock(&cifs_tcp_ses_lock);
205 		return NULL;
206 	}
207 	tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
208 	if (!tcon) {
209 		cifs_put_smb_ses(ses);
210 		spin_unlock(&cifs_tcp_ses_lock);
211 		return NULL;
212 	}
213 	spin_unlock(&cifs_tcp_ses_lock);
214 	/* tcon already has a ref to ses, so we don't need ses anymore */
215 	cifs_put_smb_ses(ses);
216 
217 	return tcon;
218 }
219 
220 int
221 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
222 			bool allocate_crypto)
223 {
224 	int rc;
225 	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
226 	unsigned char *sigptr = smb2_signature;
227 	struct kvec *iov = rqst->rq_iov;
228 	struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
229 	struct cifs_ses *ses;
230 	struct shash_desc *shash = NULL;
231 	struct smb_rqst drqst;
232 
233 	ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId));
234 	if (unlikely(!ses)) {
235 		cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
236 		return -ENOENT;
237 	}
238 
239 	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
240 	memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
241 
242 	if (allocate_crypto) {
243 		rc = cifs_alloc_hash("hmac(sha256)", &shash);
244 		if (rc) {
245 			cifs_server_dbg(VFS,
246 					"%s: sha256 alloc failed\n", __func__);
247 			goto out;
248 		}
249 	} else {
250 		shash = server->secmech.hmacsha256;
251 	}
252 
253 	rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response,
254 			SMB2_NTLMV2_SESSKEY_SIZE);
255 	if (rc) {
256 		cifs_server_dbg(VFS,
257 				"%s: Could not update with response\n",
258 				__func__);
259 		goto out;
260 	}
261 
262 	rc = crypto_shash_init(shash);
263 	if (rc) {
264 		cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
265 		goto out;
266 	}
267 
268 	/*
269 	 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
270 	 * data, that is, iov[0] should not contain a rfc1002 length.
271 	 *
272 	 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
273 	 * __cifs_calc_signature().
274 	 */
275 	drqst = *rqst;
276 	if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
277 		rc = crypto_shash_update(shash, iov[0].iov_base,
278 					 iov[0].iov_len);
279 		if (rc) {
280 			cifs_server_dbg(VFS,
281 					"%s: Could not update with payload\n",
282 					__func__);
283 			goto out;
284 		}
285 		drqst.rq_iov++;
286 		drqst.rq_nvec--;
287 	}
288 
289 	rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
290 	if (!rc)
291 		memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
292 
293 out:
294 	if (allocate_crypto)
295 		cifs_free_hash(&shash);
296 	if (ses)
297 		cifs_put_smb_ses(ses);
298 	return rc;
299 }
300 
301 static int generate_key(struct cifs_ses *ses, struct kvec label,
302 			struct kvec context, __u8 *key, unsigned int key_size)
303 {
304 	unsigned char zero = 0x0;
305 	__u8 i[4] = {0, 0, 0, 1};
306 	__u8 L128[4] = {0, 0, 0, 128};
307 	__u8 L256[4] = {0, 0, 1, 0};
308 	int rc = 0;
309 	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
310 	unsigned char *hashptr = prfhash;
311 	struct TCP_Server_Info *server = ses->server;
312 
313 	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
314 	memset(key, 0x0, key_size);
315 
316 	rc = smb3_crypto_shash_allocate(server);
317 	if (rc) {
318 		cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
319 		goto smb3signkey_ret;
320 	}
321 
322 	rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm,
323 		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
324 	if (rc) {
325 		cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
326 		goto smb3signkey_ret;
327 	}
328 
329 	rc = crypto_shash_init(server->secmech.hmacsha256);
330 	if (rc) {
331 		cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
332 		goto smb3signkey_ret;
333 	}
334 
335 	rc = crypto_shash_update(server->secmech.hmacsha256, i, 4);
336 	if (rc) {
337 		cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
338 		goto smb3signkey_ret;
339 	}
340 
341 	rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len);
342 	if (rc) {
343 		cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
344 		goto smb3signkey_ret;
345 	}
346 
347 	rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1);
348 	if (rc) {
349 		cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
350 		goto smb3signkey_ret;
351 	}
352 
353 	rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len);
354 	if (rc) {
355 		cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
356 		goto smb3signkey_ret;
357 	}
358 
359 	if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
360 		(server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
361 		rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4);
362 	} else {
363 		rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4);
364 	}
365 	if (rc) {
366 		cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
367 		goto smb3signkey_ret;
368 	}
369 
370 	rc = crypto_shash_final(server->secmech.hmacsha256, hashptr);
371 	if (rc) {
372 		cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
373 		goto smb3signkey_ret;
374 	}
375 
376 	memcpy(key, hashptr, key_size);
377 
378 smb3signkey_ret:
379 	return rc;
380 }
381 
382 struct derivation {
383 	struct kvec label;
384 	struct kvec context;
385 };
386 
387 struct derivation_triplet {
388 	struct derivation signing;
389 	struct derivation encryption;
390 	struct derivation decryption;
391 };
392 
393 static int
394 generate_smb3signingkey(struct cifs_ses *ses,
395 			struct TCP_Server_Info *server,
396 			const struct derivation_triplet *ptriplet)
397 {
398 	int rc;
399 	bool is_binding = false;
400 	int chan_index = 0;
401 
402 	spin_lock(&ses->ses_lock);
403 	spin_lock(&ses->chan_lock);
404 	is_binding = (cifs_chan_needs_reconnect(ses, server) &&
405 		      ses->ses_status == SES_GOOD);
406 
407 	chan_index = cifs_ses_get_chan_index(ses, server);
408 	/* TODO: introduce ref counting for channels when the can be freed */
409 	spin_unlock(&ses->chan_lock);
410 	spin_unlock(&ses->ses_lock);
411 
412 	/*
413 	 * All channels use the same encryption/decryption keys but
414 	 * they have their own signing key.
415 	 *
416 	 * When we generate the keys, check if it is for a new channel
417 	 * (binding) in which case we only need to generate a signing
418 	 * key and store it in the channel as to not overwrite the
419 	 * master connection signing key stored in the session
420 	 */
421 
422 	if (is_binding) {
423 		rc = generate_key(ses, ptriplet->signing.label,
424 				  ptriplet->signing.context,
425 				  ses->chans[chan_index].signkey,
426 				  SMB3_SIGN_KEY_SIZE);
427 		if (rc)
428 			return rc;
429 	} else {
430 		rc = generate_key(ses, ptriplet->signing.label,
431 				  ptriplet->signing.context,
432 				  ses->smb3signingkey,
433 				  SMB3_SIGN_KEY_SIZE);
434 		if (rc)
435 			return rc;
436 
437 		/* safe to access primary channel, since it will never go away */
438 		spin_lock(&ses->chan_lock);
439 		memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey,
440 		       SMB3_SIGN_KEY_SIZE);
441 		spin_unlock(&ses->chan_lock);
442 
443 		rc = generate_key(ses, ptriplet->encryption.label,
444 				  ptriplet->encryption.context,
445 				  ses->smb3encryptionkey,
446 				  SMB3_ENC_DEC_KEY_SIZE);
447 		rc = generate_key(ses, ptriplet->decryption.label,
448 				  ptriplet->decryption.context,
449 				  ses->smb3decryptionkey,
450 				  SMB3_ENC_DEC_KEY_SIZE);
451 		if (rc)
452 			return rc;
453 	}
454 
455 	if (rc)
456 		return rc;
457 
458 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
459 	cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
460 	/*
461 	 * The session id is opaque in terms of endianness, so we can't
462 	 * print it as a long long. we dump it as we got it on the wire
463 	 */
464 	cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
465 			&ses->Suid);
466 	cifs_dbg(VFS, "Cipher type   %d\n", server->cipher_type);
467 	cifs_dbg(VFS, "Session Key   %*ph\n",
468 		 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
469 	cifs_dbg(VFS, "Signing Key   %*ph\n",
470 		 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
471 	if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
472 		(server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
473 		cifs_dbg(VFS, "ServerIn Key  %*ph\n",
474 				SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
475 		cifs_dbg(VFS, "ServerOut Key %*ph\n",
476 				SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
477 	} else {
478 		cifs_dbg(VFS, "ServerIn Key  %*ph\n",
479 				SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
480 		cifs_dbg(VFS, "ServerOut Key %*ph\n",
481 				SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
482 	}
483 #endif
484 	return rc;
485 }
486 
487 int
488 generate_smb30signingkey(struct cifs_ses *ses,
489 			 struct TCP_Server_Info *server)
490 
491 {
492 	struct derivation_triplet triplet;
493 	struct derivation *d;
494 
495 	d = &triplet.signing;
496 	d->label.iov_base = "SMB2AESCMAC";
497 	d->label.iov_len = 12;
498 	d->context.iov_base = "SmbSign";
499 	d->context.iov_len = 8;
500 
501 	d = &triplet.encryption;
502 	d->label.iov_base = "SMB2AESCCM";
503 	d->label.iov_len = 11;
504 	d->context.iov_base = "ServerIn ";
505 	d->context.iov_len = 10;
506 
507 	d = &triplet.decryption;
508 	d->label.iov_base = "SMB2AESCCM";
509 	d->label.iov_len = 11;
510 	d->context.iov_base = "ServerOut";
511 	d->context.iov_len = 10;
512 
513 	return generate_smb3signingkey(ses, server, &triplet);
514 }
515 
516 int
517 generate_smb311signingkey(struct cifs_ses *ses,
518 			  struct TCP_Server_Info *server)
519 
520 {
521 	struct derivation_triplet triplet;
522 	struct derivation *d;
523 
524 	d = &triplet.signing;
525 	d->label.iov_base = "SMBSigningKey";
526 	d->label.iov_len = 14;
527 	d->context.iov_base = ses->preauth_sha_hash;
528 	d->context.iov_len = 64;
529 
530 	d = &triplet.encryption;
531 	d->label.iov_base = "SMBC2SCipherKey";
532 	d->label.iov_len = 16;
533 	d->context.iov_base = ses->preauth_sha_hash;
534 	d->context.iov_len = 64;
535 
536 	d = &triplet.decryption;
537 	d->label.iov_base = "SMBS2CCipherKey";
538 	d->label.iov_len = 16;
539 	d->context.iov_base = ses->preauth_sha_hash;
540 	d->context.iov_len = 64;
541 
542 	return generate_smb3signingkey(ses, server, &triplet);
543 }
544 
545 int
546 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
547 			bool allocate_crypto)
548 {
549 	int rc;
550 	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
551 	unsigned char *sigptr = smb3_signature;
552 	struct kvec *iov = rqst->rq_iov;
553 	struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
554 	struct shash_desc *shash = NULL;
555 	struct smb_rqst drqst;
556 	u8 key[SMB3_SIGN_KEY_SIZE];
557 
558 	rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
559 	if (unlikely(rc)) {
560 		cifs_server_dbg(VFS, "%s: Could not get signing key\n", __func__);
561 		return rc;
562 	}
563 
564 	if (allocate_crypto) {
565 		rc = cifs_alloc_hash("cmac(aes)", &shash);
566 		if (rc)
567 			return rc;
568 	} else {
569 		shash = server->secmech.aes_cmac;
570 	}
571 
572 	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
573 	memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
574 
575 	rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE);
576 	if (rc) {
577 		cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
578 		goto out;
579 	}
580 
581 	/*
582 	 * we already allocate aes_cmac when we init smb3 signing key,
583 	 * so unlike smb2 case we do not have to check here if secmech are
584 	 * initialized
585 	 */
586 	rc = crypto_shash_init(shash);
587 	if (rc) {
588 		cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
589 		goto out;
590 	}
591 
592 	/*
593 	 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
594 	 * data, that is, iov[0] should not contain a rfc1002 length.
595 	 *
596 	 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
597 	 * __cifs_calc_signature().
598 	 */
599 	drqst = *rqst;
600 	if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
601 		rc = crypto_shash_update(shash, iov[0].iov_base,
602 					 iov[0].iov_len);
603 		if (rc) {
604 			cifs_server_dbg(VFS, "%s: Could not update with payload\n",
605 				 __func__);
606 			goto out;
607 		}
608 		drqst.rq_iov++;
609 		drqst.rq_nvec--;
610 	}
611 
612 	rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
613 	if (!rc)
614 		memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
615 
616 out:
617 	if (allocate_crypto)
618 		cifs_free_hash(&shash);
619 	return rc;
620 }
621 
622 /* must be called with server->srv_mutex held */
623 static int
624 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
625 {
626 	int rc = 0;
627 	struct smb2_hdr *shdr;
628 	struct smb2_sess_setup_req *ssr;
629 	bool is_binding;
630 	bool is_signed;
631 
632 	shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
633 	ssr = (struct smb2_sess_setup_req *)shdr;
634 
635 	is_binding = shdr->Command == SMB2_SESSION_SETUP &&
636 		(ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
637 	is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
638 
639 	if (!is_signed)
640 		return 0;
641 	spin_lock(&server->srv_lock);
642 	if (server->ops->need_neg &&
643 	    server->ops->need_neg(server)) {
644 		spin_unlock(&server->srv_lock);
645 		return 0;
646 	}
647 	spin_unlock(&server->srv_lock);
648 	if (!is_binding && !server->session_estab) {
649 		strncpy(shdr->Signature, "BSRSPYL", 8);
650 		return 0;
651 	}
652 
653 	rc = server->ops->calc_signature(rqst, server, false);
654 
655 	return rc;
656 }
657 
658 int
659 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
660 {
661 	unsigned int rc;
662 	char server_response_sig[SMB2_SIGNATURE_SIZE];
663 	struct smb2_hdr *shdr =
664 			(struct smb2_hdr *)rqst->rq_iov[0].iov_base;
665 
666 	if ((shdr->Command == SMB2_NEGOTIATE) ||
667 	    (shdr->Command == SMB2_SESSION_SETUP) ||
668 	    (shdr->Command == SMB2_OPLOCK_BREAK) ||
669 	    server->ignore_signature ||
670 	    (!server->session_estab))
671 		return 0;
672 
673 	/*
674 	 * BB what if signatures are supposed to be on for session but
675 	 * server does not send one? BB
676 	 */
677 
678 	/* Do not need to verify session setups with signature "BSRSPYL " */
679 	if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
680 		cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
681 			 shdr->Command);
682 
683 	/*
684 	 * Save off the origiginal signature so we can modify the smb and check
685 	 * our calculated signature against what the server sent.
686 	 */
687 	memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
688 
689 	memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
690 
691 	rc = server->ops->calc_signature(rqst, server, true);
692 
693 	if (rc)
694 		return rc;
695 
696 	if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
697 		cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
698 			shdr->Command, shdr->MessageId);
699 		return -EACCES;
700 	} else
701 		return 0;
702 }
703 
704 /*
705  * Set message id for the request. Should be called after wait_for_free_request
706  * and when srv_mutex is held.
707  */
708 static inline void
709 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
710 		      struct smb2_hdr *shdr)
711 {
712 	unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
713 
714 	shdr->MessageId = get_next_mid64(server);
715 	/* skip message numbers according to CreditCharge field */
716 	for (i = 1; i < num; i++)
717 		get_next_mid(server);
718 }
719 
720 static struct mid_q_entry *
721 smb2_mid_entry_alloc(const struct smb2_hdr *shdr,
722 		     struct TCP_Server_Info *server)
723 {
724 	struct mid_q_entry *temp;
725 	unsigned int credits = le16_to_cpu(shdr->CreditCharge);
726 
727 	if (server == NULL) {
728 		cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
729 		return NULL;
730 	}
731 
732 	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
733 	memset(temp, 0, sizeof(struct mid_q_entry));
734 	kref_init(&temp->refcount);
735 	temp->mid = le64_to_cpu(shdr->MessageId);
736 	temp->credits = credits > 0 ? credits : 1;
737 	temp->pid = current->pid;
738 	temp->command = shdr->Command; /* Always LE */
739 	temp->when_alloc = jiffies;
740 	temp->server = server;
741 
742 	/*
743 	 * The default is for the mid to be synchronous, so the
744 	 * default callback just wakes up the current task.
745 	 */
746 	get_task_struct(current);
747 	temp->creator = current;
748 	temp->callback = cifs_wake_up_task;
749 	temp->callback_data = current;
750 
751 	atomic_inc(&mid_count);
752 	temp->mid_state = MID_REQUEST_ALLOCATED;
753 	trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId),
754 			     le64_to_cpu(shdr->SessionId),
755 			     le16_to_cpu(shdr->Command), temp->mid);
756 	return temp;
757 }
758 
759 static int
760 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
761 		   struct smb2_hdr *shdr, struct mid_q_entry **mid)
762 {
763 	spin_lock(&server->srv_lock);
764 	if (server->tcpStatus == CifsExiting) {
765 		spin_unlock(&server->srv_lock);
766 		return -ENOENT;
767 	}
768 
769 	if (server->tcpStatus == CifsNeedReconnect) {
770 		spin_unlock(&server->srv_lock);
771 		cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
772 		return -EAGAIN;
773 	}
774 
775 	if (server->tcpStatus == CifsNeedNegotiate &&
776 	   shdr->Command != SMB2_NEGOTIATE) {
777 		spin_unlock(&server->srv_lock);
778 		return -EAGAIN;
779 	}
780 	spin_unlock(&server->srv_lock);
781 
782 	spin_lock(&ses->ses_lock);
783 	if (ses->ses_status == SES_NEW) {
784 		if ((shdr->Command != SMB2_SESSION_SETUP) &&
785 		    (shdr->Command != SMB2_NEGOTIATE)) {
786 			spin_unlock(&ses->ses_lock);
787 			return -EAGAIN;
788 		}
789 		/* else ok - we are setting up session */
790 	}
791 
792 	if (ses->ses_status == SES_EXITING) {
793 		if (shdr->Command != SMB2_LOGOFF) {
794 			spin_unlock(&ses->ses_lock);
795 			return -EAGAIN;
796 		}
797 		/* else ok - we are shutting down the session */
798 	}
799 	spin_unlock(&ses->ses_lock);
800 
801 	*mid = smb2_mid_entry_alloc(shdr, server);
802 	if (*mid == NULL)
803 		return -ENOMEM;
804 	spin_lock(&server->mid_lock);
805 	list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
806 	spin_unlock(&server->mid_lock);
807 
808 	return 0;
809 }
810 
811 int
812 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
813 		   bool log_error)
814 {
815 	unsigned int len = mid->resp_buf_size;
816 	struct kvec iov[1];
817 	struct smb_rqst rqst = { .rq_iov = iov,
818 				 .rq_nvec = 1 };
819 
820 	iov[0].iov_base = (char *)mid->resp_buf;
821 	iov[0].iov_len = len;
822 
823 	dump_smb(mid->resp_buf, min_t(u32, 80, len));
824 	/* convert the length into a more usable form */
825 	if (len > 24 && server->sign && !mid->decrypted) {
826 		int rc;
827 
828 		rc = smb2_verify_signature(&rqst, server);
829 		if (rc)
830 			cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
831 				 rc);
832 	}
833 
834 	return map_smb2_to_linux_error(mid->resp_buf, log_error);
835 }
836 
837 struct mid_q_entry *
838 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
839 		   struct smb_rqst *rqst)
840 {
841 	int rc;
842 	struct smb2_hdr *shdr =
843 			(struct smb2_hdr *)rqst->rq_iov[0].iov_base;
844 	struct mid_q_entry *mid;
845 
846 	smb2_seq_num_into_buf(server, shdr);
847 
848 	rc = smb2_get_mid_entry(ses, server, shdr, &mid);
849 	if (rc) {
850 		revert_current_mid_from_hdr(server, shdr);
851 		return ERR_PTR(rc);
852 	}
853 
854 	rc = smb2_sign_rqst(rqst, server);
855 	if (rc) {
856 		revert_current_mid_from_hdr(server, shdr);
857 		delete_mid(mid);
858 		return ERR_PTR(rc);
859 	}
860 
861 	return mid;
862 }
863 
864 struct mid_q_entry *
865 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
866 {
867 	int rc;
868 	struct smb2_hdr *shdr =
869 			(struct smb2_hdr *)rqst->rq_iov[0].iov_base;
870 	struct mid_q_entry *mid;
871 
872 	spin_lock(&server->srv_lock);
873 	if (server->tcpStatus == CifsNeedNegotiate &&
874 	   shdr->Command != SMB2_NEGOTIATE) {
875 		spin_unlock(&server->srv_lock);
876 		return ERR_PTR(-EAGAIN);
877 	}
878 	spin_unlock(&server->srv_lock);
879 
880 	smb2_seq_num_into_buf(server, shdr);
881 
882 	mid = smb2_mid_entry_alloc(shdr, server);
883 	if (mid == NULL) {
884 		revert_current_mid_from_hdr(server, shdr);
885 		return ERR_PTR(-ENOMEM);
886 	}
887 
888 	rc = smb2_sign_rqst(rqst, server);
889 	if (rc) {
890 		revert_current_mid_from_hdr(server, shdr);
891 		release_mid(mid);
892 		return ERR_PTR(rc);
893 	}
894 
895 	return mid;
896 }
897 
898 int
899 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
900 {
901 	struct crypto_aead *tfm;
902 
903 	if (!server->secmech.enc) {
904 		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
905 		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
906 			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
907 		else
908 			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
909 		if (IS_ERR(tfm)) {
910 			cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
911 				 __func__);
912 			return PTR_ERR(tfm);
913 		}
914 		server->secmech.enc = tfm;
915 	}
916 
917 	if (!server->secmech.dec) {
918 		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
919 		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
920 			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
921 		else
922 			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
923 		if (IS_ERR(tfm)) {
924 			crypto_free_aead(server->secmech.enc);
925 			server->secmech.enc = NULL;
926 			cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
927 				 __func__);
928 			return PTR_ERR(tfm);
929 		}
930 		server->secmech.dec = tfm;
931 	}
932 
933 	return 0;
934 }
935