^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) * fs/cifs/smb2transport.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) International Business Machines Corp., 2002, 2011
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Etersoft, 2012
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Author(s): Steve French (sfrench@us.ibm.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Jeremy Allison (jra@samba.org) 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Pavel Shilovsky (pshilovsky@samba.org) 2012
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * This library is free software; you can redistribute it and/or modify
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * it under the terms of the GNU Lesser General Public License as published
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * by the Free Software Foundation; either version 2.1 of the License, or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * (at your option) any later version.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * This library is distributed in the hope that it will be useful,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) * but WITHOUT ANY WARRANTY; without even the implied warranty of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * the GNU Lesser General Public License for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * You should have received a copy of the GNU Lesser General Public License
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * along with this library; if not, write to the Free Software
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <linux/wait.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <linux/net.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <linux/delay.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <asm/processor.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <linux/mempool.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include <linux/highmem.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <crypto/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include "smb2pdu.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include "cifsglob.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include "cifsproto.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #include "smb2proto.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #include "cifs_debug.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include "smb2status.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #include "smb2glob.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) struct cifs_secmech *p = &server->secmech;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) rc = cifs_alloc_hash("hmac(sha256)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) &p->hmacsha256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) &p->sdeschmacsha256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) struct cifs_secmech *p = &server->secmech;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) rc = cifs_alloc_hash("hmac(sha256)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) &p->hmacsha256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) &p->sdeschmacsha256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) static
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) struct cifs_chan *chan;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) struct cifs_ses *ses = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) struct TCP_Server_Info *it = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) spin_lock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) list_for_each_entry(it, &cifs_tcp_ses_list, tcp_ses_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) list_for_each_entry(ses, &it->smb_ses_list, smb_ses_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) if (ses->Suid == ses_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) goto found;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) __func__, ses_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) rc = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) found:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) if (ses->binding) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) * If we are in the process of binding a new channel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) * to an existing session, use the master connection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) * session key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) * Otherwise, use the channel key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) for (i = 0; i < ses->chan_count; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) chan = ses->chans + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) if (chan->server == server) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) cifs_dbg(VFS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) "%s: Could not find channel signing key for session 0x%llx\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) __func__, ses_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) rc = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) spin_unlock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) static struct cifs_ses *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) struct cifs_ses *ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) if (ses->Suid != ses_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) return ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) struct cifs_ses *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) struct cifs_ses *ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) spin_lock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) ses = smb2_find_smb_ses_unlocked(server, ses_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) spin_unlock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) return ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static struct cifs_tcon *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) struct cifs_tcon *tcon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) if (tcon->tid != tid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) ++tcon->tc_count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) return tcon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) * Obtain tcon corresponding to the tid in the given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) * cifs_ses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) struct cifs_tcon *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) struct cifs_ses *ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) struct cifs_tcon *tcon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) spin_lock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) ses = smb2_find_smb_ses_unlocked(server, ses_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) if (!ses) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) spin_unlock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) spin_unlock(&cifs_tcp_ses_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) return tcon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) bool allocate_crypto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) unsigned char *sigptr = smb2_signature;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) struct kvec *iov = rqst->rq_iov;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) struct cifs_ses *ses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) struct shash_desc *shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) struct crypto_shash *hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) struct sdesc *sdesc = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) struct smb_rqst drqst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) ses = smb2_find_smb_ses(server, shdr->SessionId);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) if (!ses) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) if (allocate_crypto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) rc = cifs_alloc_hash("hmac(sha256)", &hash, &sdesc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) cifs_server_dbg(VFS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) "%s: sha256 alloc failed\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) shash = &sdesc->shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) hash = server->secmech.hmacsha256;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) shash = &server->secmech.sdeschmacsha256->shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) rc = crypto_shash_setkey(hash, ses->auth_key.response,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) SMB2_NTLMV2_SESSKEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) cifs_server_dbg(VFS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) "%s: Could not update with response\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) rc = crypto_shash_init(shash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) * For SMB2+, __cifs_calc_signature() expects to sign only the actual
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) * data, that is, iov[0] should not contain a rfc1002 length.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) * __cifs_calc_signature().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) drqst = *rqst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) rc = crypto_shash_update(shash, iov[0].iov_base,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) iov[0].iov_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) cifs_server_dbg(VFS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) "%s: Could not update with payload\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) drqst.rq_iov++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) drqst.rq_nvec--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) if (allocate_crypto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) cifs_free_hash(&hash, &sdesc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) static int generate_key(struct cifs_ses *ses, struct kvec label,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) struct kvec context, __u8 *key, unsigned int key_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) unsigned char zero = 0x0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) __u8 i[4] = {0, 0, 0, 1};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) __u8 L128[4] = {0, 0, 0, 128};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) __u8 L256[4] = {0, 0, 1, 0};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) unsigned char prfhash[SMB2_HMACSHA256_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) unsigned char *hashptr = prfhash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) struct TCP_Server_Info *server = ses->server;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) memset(key, 0x0, key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) rc = smb3_crypto_shash_allocate(server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) rc = crypto_shash_setkey(server->secmech.hmacsha256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) i, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) label.iov_base, label.iov_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) &zero, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) context.iov_base, context.iov_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) L256, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) L128, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) hashptr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) goto smb3signkey_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) memcpy(key, hashptr, key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) smb3signkey_ret:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) struct derivation {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) struct kvec label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) struct kvec context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) struct derivation_triplet {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) struct derivation signing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) struct derivation encryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) struct derivation decryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) generate_smb3signingkey(struct cifs_ses *ses,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) const struct derivation_triplet *ptriplet)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) struct TCP_Server_Info *server = ses->server;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) * All channels use the same encryption/decryption keys but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) * they have their own signing key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) * When we generate the keys, check if it is for a new channel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) * (binding) in which case we only need to generate a signing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) * key and store it in the channel as to not overwrite the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) * master connection signing key stored in the session
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) if (ses->binding) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) rc = generate_key(ses, ptriplet->signing.label,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) ptriplet->signing.context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) cifs_ses_binding_channel(ses)->signkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) SMB3_SIGN_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) rc = generate_key(ses, ptriplet->signing.label,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) ptriplet->signing.context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) ses->smb3signingkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) SMB3_SIGN_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) memcpy(ses->chans[0].signkey, ses->smb3signingkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) SMB3_SIGN_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) rc = generate_key(ses, ptriplet->encryption.label,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) ptriplet->encryption.context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) ses->smb3encryptionkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) SMB3_ENC_DEC_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) rc = generate_key(ses, ptriplet->decryption.label,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) ptriplet->decryption.context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) ses->smb3decryptionkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) SMB3_ENC_DEC_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) * The session id is opaque in terms of endianness, so we can't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) * print it as a long long. we dump it as we got it on the wire
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) &ses->Suid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) cifs_dbg(VFS, "Session Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) cifs_dbg(VFS, "Signing Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) cifs_dbg(VFS, "ServerIn Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) cifs_dbg(VFS, "ServerOut Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) cifs_dbg(VFS, "ServerIn Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) cifs_dbg(VFS, "ServerOut Key %*ph\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) generate_smb30signingkey(struct cifs_ses *ses)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) struct derivation_triplet triplet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) struct derivation *d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) d = &triplet.signing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) d->label.iov_base = "SMB2AESCMAC";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) d->label.iov_len = 12;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) d->context.iov_base = "SmbSign";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) d->context.iov_len = 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) d = &triplet.encryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) d->label.iov_base = "SMB2AESCCM";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) d->label.iov_len = 11;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) d->context.iov_base = "ServerIn ";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) d->context.iov_len = 10;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) d = &triplet.decryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) d->label.iov_base = "SMB2AESCCM";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) d->label.iov_len = 11;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) d->context.iov_base = "ServerOut";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) d->context.iov_len = 10;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) return generate_smb3signingkey(ses, &triplet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) generate_smb311signingkey(struct cifs_ses *ses)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) struct derivation_triplet triplet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) struct derivation *d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) d = &triplet.signing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) d->label.iov_base = "SMBSigningKey";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) d->label.iov_len = 14;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) d->context.iov_base = ses->preauth_sha_hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) d->context.iov_len = 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) d = &triplet.encryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) d->label.iov_base = "SMBC2SCipherKey";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) d->label.iov_len = 16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) d->context.iov_base = ses->preauth_sha_hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) d->context.iov_len = 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) d = &triplet.decryption;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) d->label.iov_base = "SMBS2CCipherKey";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) d->label.iov_len = 16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) d->context.iov_base = ses->preauth_sha_hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) d->context.iov_len = 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) return generate_smb3signingkey(ses, &triplet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) bool allocate_crypto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) unsigned char smb3_signature[SMB2_CMACAES_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) unsigned char *sigptr = smb3_signature;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) struct kvec *iov = rqst->rq_iov;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) struct shash_desc *shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) struct crypto_shash *hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) struct sdesc *sdesc = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) struct smb_rqst drqst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) u8 key[SMB3_SIGN_KEY_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) rc = smb2_get_sign_key(shdr->SessionId, server, key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) if (allocate_crypto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) shash = &sdesc->shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) hash = server->secmech.cmacaes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) shash = &server->secmech.sdesccmacaes->shash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) rc = crypto_shash_setkey(hash, key, SMB2_CMACAES_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) * we already allocate sdesccmacaes when we init smb3 signing key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) * so unlike smb2 case we do not have to check here if secmech are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) * initialized
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) rc = crypto_shash_init(shash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) * For SMB2+, __cifs_calc_signature() expects to sign only the actual
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) * data, that is, iov[0] should not contain a rfc1002 length.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) * __cifs_calc_signature().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) drqst = *rqst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) rc = crypto_shash_update(shash, iov[0].iov_base,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) iov[0].iov_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) cifs_server_dbg(VFS, "%s: Could not update with payload\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) drqst.rq_iov++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) drqst.rq_nvec--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) if (allocate_crypto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) cifs_free_hash(&hash, &sdesc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) /* must be called with server->srv_mutex held */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) struct smb2_sync_hdr *shdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) struct smb2_sess_setup_req *ssr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) bool is_binding;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) bool is_signed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) shdr = (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) ssr = (struct smb2_sess_setup_req *)shdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) is_binding = shdr->Command == SMB2_SESSION_SETUP &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) if (!is_signed)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) if (server->tcpStatus == CifsNeedNegotiate)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) if (!is_binding && !server->session_estab) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) strncpy(shdr->Signature, "BSRSPYL", 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) rc = server->ops->calc_signature(rqst, server, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) unsigned int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) char server_response_sig[SMB2_SIGNATURE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) struct smb2_sync_hdr *shdr =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) if ((shdr->Command == SMB2_NEGOTIATE) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) (shdr->Command == SMB2_SESSION_SETUP) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) (shdr->Command == SMB2_OPLOCK_BREAK) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) server->ignore_signature ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) (!server->session_estab))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) * BB what if signatures are supposed to be on for session but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) * server does not send one? BB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) /* Do not need to verify session setups with signature "BSRSPYL " */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) shdr->Command);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) * Save off the origiginal signature so we can modify the smb and check
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) * our calculated signature against what the server sent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) rc = server->ops->calc_signature(rqst, server, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) shdr->Command, shdr->MessageId);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) * Set message id for the request. Should be called after wait_for_free_request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) * and when srv_mutex is held.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) static inline void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) smb2_seq_num_into_buf(struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) struct smb2_sync_hdr *shdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) shdr->MessageId = get_next_mid64(server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) /* skip message numbers according to CreditCharge field */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) for (i = 1; i < num; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) get_next_mid(server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) static struct mid_q_entry *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) struct mid_q_entry *temp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) unsigned int credits = le16_to_cpu(shdr->CreditCharge);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) if (server == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) memset(temp, 0, sizeof(struct mid_q_entry));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) kref_init(&temp->refcount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) temp->mid = le64_to_cpu(shdr->MessageId);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) temp->credits = credits > 0 ? credits : 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) temp->pid = current->pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) temp->command = shdr->Command; /* Always LE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) temp->when_alloc = jiffies;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) temp->server = server;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) * The default is for the mid to be synchronous, so the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) * default callback just wakes up the current task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) get_task_struct(current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) temp->creator = current;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) temp->callback = cifs_wake_up_task;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) temp->callback_data = current;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) atomic_inc(&midCount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) temp->mid_state = MID_REQUEST_ALLOCATED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) trace_smb3_cmd_enter(shdr->TreeId, shdr->SessionId,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) le16_to_cpu(shdr->Command), temp->mid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) return temp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) struct smb2_sync_hdr *shdr, struct mid_q_entry **mid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) if (server->tcpStatus == CifsExiting)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) if (server->tcpStatus == CifsNeedReconnect) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) if (server->tcpStatus == CifsNeedNegotiate &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) shdr->Command != SMB2_NEGOTIATE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) if (ses->status == CifsNew) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) if ((shdr->Command != SMB2_SESSION_SETUP) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) (shdr->Command != SMB2_NEGOTIATE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) /* else ok - we are setting up session */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) if (ses->status == CifsExiting) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) if (shdr->Command != SMB2_LOGOFF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) return -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) /* else ok - we are shutting down the session */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) *mid = smb2_mid_entry_alloc(shdr, server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) if (*mid == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) spin_lock(&GlobalMid_Lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) spin_unlock(&GlobalMid_Lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) bool log_error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) unsigned int len = mid->resp_buf_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) struct kvec iov[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) struct smb_rqst rqst = { .rq_iov = iov,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) .rq_nvec = 1 };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) iov[0].iov_base = (char *)mid->resp_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) iov[0].iov_len = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) dump_smb(mid->resp_buf, min_t(u32, 80, len));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) /* convert the length into a more usable form */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) if (len > 24 && server->sign && !mid->decrypted) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) rc = smb2_verify_signature(&rqst, server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) return map_smb2_to_linux_error(mid->resp_buf, log_error);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) struct mid_q_entry *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) struct smb_rqst *rqst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) struct smb2_sync_hdr *shdr =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) struct mid_q_entry *mid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) smb2_seq_num_into_buf(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) rc = smb2_get_mid_entry(ses, server, shdr, &mid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) revert_current_mid_from_hdr(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) return ERR_PTR(rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) rc = smb2_sign_rqst(rqst, server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) revert_current_mid_from_hdr(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) cifs_delete_mid(mid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) return ERR_PTR(rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) return mid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) struct mid_q_entry *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) struct smb2_sync_hdr *shdr =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) struct mid_q_entry *mid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) if (server->tcpStatus == CifsNeedNegotiate &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) shdr->Command != SMB2_NEGOTIATE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) return ERR_PTR(-EAGAIN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) smb2_seq_num_into_buf(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) mid = smb2_mid_entry_alloc(shdr, server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) if (mid == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) revert_current_mid_from_hdr(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) return ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) rc = smb2_sign_rqst(rqst, server);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) revert_current_mid_from_hdr(server, shdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) DeleteMidQEntry(mid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) return ERR_PTR(rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) return mid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) struct crypto_aead *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) if (!server->secmech.ccmaesencrypt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) if (IS_ERR(tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) return PTR_ERR(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) server->secmech.ccmaesencrypt = tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) if (!server->secmech.ccmaesdecrypt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) if (IS_ERR(tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) crypto_free_aead(server->secmech.ccmaesencrypt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) server->secmech.ccmaesencrypt = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) return PTR_ERR(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) server->secmech.ccmaesdecrypt = tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags