]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - fs/cifs/smb2transport.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CIFS: Separate SMB2 sync header processing
[mirror_ubuntu-zesty-kernel.git] / fs / cifs / smb2transport.c
1 /*
2 * fs/cifs/smb2transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002, 2011
5 * Etersoft, 2012
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 *
10 * This library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published
12 * by the Free Software Foundation; either version 2.1 of the License, or
13 * (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
18 * the GNU Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 #include <linux/fs.h>
26 #include <linux/list.h>
27 #include <linux/wait.h>
28 #include <linux/net.h>
29 #include <linux/delay.h>
30 #include <linux/uaccess.h>
31 #include <asm/processor.h>
32 #include <linux/mempool.h>
33 #include <linux/highmem.h>
34 #include "smb2pdu.h"
35 #include "cifsglob.h"
36 #include "cifsproto.h"
37 #include "smb2proto.h"
38 #include "cifs_debug.h"
39 #include "smb2status.h"
40 #include "smb2glob.h"
41
42 static int
43 smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
44 {
45 int rc;
46 unsigned int size;
47
48 if (server->secmech.sdeschmacsha256 != NULL)
49 return 0; /* already allocated */
50
51 server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
52 if (IS_ERR(server->secmech.hmacsha256)) {
53 cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
54 rc = PTR_ERR(server->secmech.hmacsha256);
55 server->secmech.hmacsha256 = NULL;
56 return rc;
57 }
58
59 size = sizeof(struct shash_desc) +
60 crypto_shash_descsize(server->secmech.hmacsha256);
61 server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
62 if (!server->secmech.sdeschmacsha256) {
63 crypto_free_shash(server->secmech.hmacsha256);
64 server->secmech.hmacsha256 = NULL;
65 return -ENOMEM;
66 }
67 server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
68 server->secmech.sdeschmacsha256->shash.flags = 0x0;
69
70 return 0;
71 }
72
73 static int
74 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
75 {
76 unsigned int size;
77 int rc;
78
79 if (server->secmech.sdesccmacaes != NULL)
80 return 0; /* already allocated */
81
82 rc = smb2_crypto_shash_allocate(server);
83 if (rc)
84 return rc;
85
86 server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
87 if (IS_ERR(server->secmech.cmacaes)) {
88 cifs_dbg(VFS, "could not allocate crypto cmac-aes");
89 kfree(server->secmech.sdeschmacsha256);
90 server->secmech.sdeschmacsha256 = NULL;
91 crypto_free_shash(server->secmech.hmacsha256);
92 server->secmech.hmacsha256 = NULL;
93 rc = PTR_ERR(server->secmech.cmacaes);
94 server->secmech.cmacaes = NULL;
95 return rc;
96 }
97
98 size = sizeof(struct shash_desc) +
99 crypto_shash_descsize(server->secmech.cmacaes);
100 server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
101 if (!server->secmech.sdesccmacaes) {
102 cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
103 kfree(server->secmech.sdeschmacsha256);
104 server->secmech.sdeschmacsha256 = NULL;
105 crypto_free_shash(server->secmech.hmacsha256);
106 crypto_free_shash(server->secmech.cmacaes);
107 server->secmech.hmacsha256 = NULL;
108 server->secmech.cmacaes = NULL;
109 return -ENOMEM;
110 }
111 server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
112 server->secmech.sdesccmacaes->shash.flags = 0x0;
113
114 return 0;
115 }
116
117 static struct cifs_ses *
118 smb2_find_smb_ses(struct smb2_sync_hdr *shdr, struct TCP_Server_Info *server)
119 {
120 struct cifs_ses *ses;
121
122 spin_lock(&cifs_tcp_ses_lock);
123 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
124 if (ses->Suid != shdr->SessionId)
125 continue;
126 spin_unlock(&cifs_tcp_ses_lock);
127 return ses;
128 }
129 spin_unlock(&cifs_tcp_ses_lock);
130
131 return NULL;
132 }
133
134 int
135 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
136 {
137 int rc;
138 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
139 unsigned char *sigptr = smb2_signature;
140 struct kvec *iov = rqst->rq_iov;
141 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base;
142 struct cifs_ses *ses;
143
144 ses = smb2_find_smb_ses(shdr, server);
145 if (!ses) {
146 cifs_dbg(VFS, "%s: Could not find session\n", __func__);
147 return 0;
148 }
149
150 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
151 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
152
153 rc = smb2_crypto_shash_allocate(server);
154 if (rc) {
155 cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
156 return rc;
157 }
158
159 rc = crypto_shash_setkey(server->secmech.hmacsha256,
160 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
161 if (rc) {
162 cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
163 return rc;
164 }
165
166 rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
167 if (rc) {
168 cifs_dbg(VFS, "%s: Could not init sha256", __func__);
169 return rc;
170 }
171
172 rc = __cifs_calc_signature(rqst, server, sigptr,
173 &server->secmech.sdeschmacsha256->shash);
174
175 if (!rc)
176 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
177
178 return rc;
179 }
180
181 static int generate_key(struct cifs_ses *ses, struct kvec label,
182 struct kvec context, __u8 *key, unsigned int key_size)
183 {
184 unsigned char zero = 0x0;
185 __u8 i[4] = {0, 0, 0, 1};
186 __u8 L[4] = {0, 0, 0, 128};
187 int rc = 0;
188 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
189 unsigned char *hashptr = prfhash;
190
191 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
192 memset(key, 0x0, key_size);
193
194 rc = smb3_crypto_shash_allocate(ses->server);
195 if (rc) {
196 cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
197 goto smb3signkey_ret;
198 }
199
200 rc = crypto_shash_setkey(ses->server->secmech.hmacsha256,
201 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
202 if (rc) {
203 cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
204 goto smb3signkey_ret;
205 }
206
207 rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash);
208 if (rc) {
209 cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
210 goto smb3signkey_ret;
211 }
212
213 rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
214 i, 4);
215 if (rc) {
216 cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
217 goto smb3signkey_ret;
218 }
219
220 rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
221 label.iov_base, label.iov_len);
222 if (rc) {
223 cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
224 goto smb3signkey_ret;
225 }
226
227 rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
228 &zero, 1);
229 if (rc) {
230 cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
231 goto smb3signkey_ret;
232 }
233
234 rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
235 context.iov_base, context.iov_len);
236 if (rc) {
237 cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
238 goto smb3signkey_ret;
239 }
240
241 rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
242 L, 4);
243 if (rc) {
244 cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
245 goto smb3signkey_ret;
246 }
247
248 rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash,
249 hashptr);
250 if (rc) {
251 cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
252 goto smb3signkey_ret;
253 }
254
255 memcpy(key, hashptr, key_size);
256
257 smb3signkey_ret:
258 return rc;
259 }
260
261 struct derivation {
262 struct kvec label;
263 struct kvec context;
264 };
265
266 struct derivation_triplet {
267 struct derivation signing;
268 struct derivation encryption;
269 struct derivation decryption;
270 };
271
272 static int
273 generate_smb3signingkey(struct cifs_ses *ses,
274 const struct derivation_triplet *ptriplet)
275 {
276 int rc;
277
278 rc = generate_key(ses, ptriplet->signing.label,
279 ptriplet->signing.context, ses->smb3signingkey,
280 SMB3_SIGN_KEY_SIZE);
281 if (rc)
282 return rc;
283
284 rc = generate_key(ses, ptriplet->encryption.label,
285 ptriplet->encryption.context, ses->smb3encryptionkey,
286 SMB3_SIGN_KEY_SIZE);
287 if (rc)
288 return rc;
289
290 return generate_key(ses, ptriplet->decryption.label,
291 ptriplet->decryption.context,
292 ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
293 }
294
295 int
296 generate_smb30signingkey(struct cifs_ses *ses)
297
298 {
299 struct derivation_triplet triplet;
300 struct derivation *d;
301
302 d = &triplet.signing;
303 d->label.iov_base = "SMB2AESCMAC";
304 d->label.iov_len = 12;
305 d->context.iov_base = "SmbSign";
306 d->context.iov_len = 8;
307
308 d = &triplet.encryption;
309 d->label.iov_base = "SMB2AESCCM";
310 d->label.iov_len = 11;
311 d->context.iov_base = "ServerIn ";
312 d->context.iov_len = 10;
313
314 d = &triplet.decryption;
315 d->label.iov_base = "SMB2AESCCM";
316 d->label.iov_len = 11;
317 d->context.iov_base = "ServerOut";
318 d->context.iov_len = 10;
319
320 return generate_smb3signingkey(ses, &triplet);
321 }
322
323 int
324 generate_smb311signingkey(struct cifs_ses *ses)
325
326 {
327 struct derivation_triplet triplet;
328 struct derivation *d;
329
330 d = &triplet.signing;
331 d->label.iov_base = "SMB2AESCMAC";
332 d->label.iov_len = 12;
333 d->context.iov_base = "SmbSign";
334 d->context.iov_len = 8;
335
336 d = &triplet.encryption;
337 d->label.iov_base = "SMB2AESCCM";
338 d->label.iov_len = 11;
339 d->context.iov_base = "ServerIn ";
340 d->context.iov_len = 10;
341
342 d = &triplet.decryption;
343 d->label.iov_base = "SMB2AESCCM";
344 d->label.iov_len = 11;
345 d->context.iov_base = "ServerOut";
346 d->context.iov_len = 10;
347
348 return generate_smb3signingkey(ses, &triplet);
349 }
350
351 int
352 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
353 {
354 int rc = 0;
355 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
356 unsigned char *sigptr = smb3_signature;
357 struct kvec *iov = rqst->rq_iov;
358 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base;
359 struct cifs_ses *ses;
360
361 ses = smb2_find_smb_ses(shdr, server);
362 if (!ses) {
363 cifs_dbg(VFS, "%s: Could not find session\n", __func__);
364 return 0;
365 }
366
367 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
368 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
369
370 rc = crypto_shash_setkey(server->secmech.cmacaes,
371 ses->smb3signingkey, SMB2_CMACAES_SIZE);
372
373 if (rc) {
374 cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
375 return rc;
376 }
377
378 /*
379 * we already allocate sdesccmacaes when we init smb3 signing key,
380 * so unlike smb2 case we do not have to check here if secmech are
381 * initialized
382 */
383 rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
384 if (rc) {
385 cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
386 return rc;
387 }
388
389 rc = __cifs_calc_signature(rqst, server, sigptr,
390 &server->secmech.sdesccmacaes->shash);
391
392 if (!rc)
393 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
394
395 return rc;
396 }
397
398 /* must be called with server->srv_mutex held */
399 static int
400 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
401 {
402 int rc = 0;
403 struct smb2_sync_hdr *shdr =
404 (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
405
406 if (!(shdr->Flags & SMB2_FLAGS_SIGNED) ||
407 server->tcpStatus == CifsNeedNegotiate)
408 return rc;
409
410 if (!server->session_estab) {
411 strncpy(shdr->Signature, "BSRSPYL", 8);
412 return rc;
413 }
414
415 rc = server->ops->calc_signature(rqst, server);
416
417 return rc;
418 }
419
420 int
421 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
422 {
423 unsigned int rc;
424 char server_response_sig[16];
425 struct smb2_sync_hdr *shdr =
426 (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
427
428 if ((shdr->Command == SMB2_NEGOTIATE) ||
429 (shdr->Command == SMB2_SESSION_SETUP) ||
430 (shdr->Command == SMB2_OPLOCK_BREAK) ||
431 (!server->session_estab))
432 return 0;
433
434 /*
435 * BB what if signatures are supposed to be on for session but
436 * server does not send one? BB
437 */
438
439 /* Do not need to verify session setups with signature "BSRSPYL " */
440 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
441 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
442 shdr->Command);
443
444 /*
445 * Save off the origiginal signature so we can modify the smb and check
446 * our calculated signature against what the server sent.
447 */
448 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
449
450 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
451
452 mutex_lock(&server->srv_mutex);
453 rc = server->ops->calc_signature(rqst, server);
454 mutex_unlock(&server->srv_mutex);
455
456 if (rc)
457 return rc;
458
459 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE))
460 return -EACCES;
461 else
462 return 0;
463 }
464
465 /*
466 * Set message id for the request. Should be called after wait_for_free_request
467 * and when srv_mutex is held.
468 */
469 static inline void
470 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
471 struct smb2_sync_hdr *shdr)
472 {
473 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
474
475 shdr->MessageId = get_next_mid64(server);
476 /* skip message numbers according to CreditCharge field */
477 for (i = 1; i < num; i++)
478 get_next_mid(server);
479 }
480
481 static struct mid_q_entry *
482 smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr,
483 struct TCP_Server_Info *server)
484 {
485 struct mid_q_entry *temp;
486
487 if (server == NULL) {
488 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
489 return NULL;
490 }
491
492 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
493 if (temp == NULL)
494 return temp;
495 else {
496 memset(temp, 0, sizeof(struct mid_q_entry));
497 temp->mid = le64_to_cpu(shdr->MessageId);
498 temp->pid = current->pid;
499 temp->command = shdr->Command; /* Always LE */
500 temp->when_alloc = jiffies;
501 temp->server = server;
502
503 /*
504 * The default is for the mid to be synchronous, so the
505 * default callback just wakes up the current task.
506 */
507 temp->callback = cifs_wake_up_task;
508 temp->callback_data = current;
509 }
510
511 atomic_inc(&midCount);
512 temp->mid_state = MID_REQUEST_ALLOCATED;
513 return temp;
514 }
515
516 static int
517 smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_sync_hdr *shdr,
518 struct mid_q_entry **mid)
519 {
520 if (ses->server->tcpStatus == CifsExiting)
521 return -ENOENT;
522
523 if (ses->server->tcpStatus == CifsNeedReconnect) {
524 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
525 return -EAGAIN;
526 }
527
528 if (ses->status == CifsNew) {
529 if ((shdr->Command != SMB2_SESSION_SETUP) &&
530 (shdr->Command != SMB2_NEGOTIATE))
531 return -EAGAIN;
532 /* else ok - we are setting up session */
533 }
534
535 if (ses->status == CifsExiting) {
536 if (shdr->Command != SMB2_LOGOFF)
537 return -EAGAIN;
538 /* else ok - we are shutting down the session */
539 }
540
541 *mid = smb2_mid_entry_alloc(shdr, ses->server);
542 if (*mid == NULL)
543 return -ENOMEM;
544 spin_lock(&GlobalMid_Lock);
545 list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
546 spin_unlock(&GlobalMid_Lock);
547 return 0;
548 }
549
550 int
551 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
552 bool log_error)
553 {
554 unsigned int len = get_rfc1002_length(mid->resp_buf);
555 struct kvec iov[2];
556 struct smb_rqst rqst = { .rq_iov = iov,
557 .rq_nvec = 2 };
558
559 iov[0].iov_base = (char *)mid->resp_buf;
560 iov[0].iov_len = 4;
561 iov[1].iov_base = (char *)mid->resp_buf + 4;
562 iov[1].iov_len = len;
563
564 dump_smb(mid->resp_buf, min_t(u32, 80, len));
565 /* convert the length into a more usable form */
566 if (len > 24 && server->sign) {
567 int rc;
568
569 rc = smb2_verify_signature(&rqst, server);
570 if (rc)
571 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
572 rc);
573 }
574
575 return map_smb2_to_linux_error(mid->resp_buf, log_error);
576 }
577
578 struct mid_q_entry *
579 smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
580 {
581 int rc;
582 struct smb2_sync_hdr *shdr =
583 (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
584 struct mid_q_entry *mid;
585
586 smb2_seq_num_into_buf(ses->server, shdr);
587
588 rc = smb2_get_mid_entry(ses, shdr, &mid);
589 if (rc)
590 return ERR_PTR(rc);
591 rc = smb2_sign_rqst(rqst, ses->server);
592 if (rc) {
593 cifs_delete_mid(mid);
594 return ERR_PTR(rc);
595 }
596 return mid;
597 }
598
599 struct mid_q_entry *
600 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
601 {
602 int rc;
603 struct smb2_sync_hdr *shdr =
604 (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
605 struct mid_q_entry *mid;
606
607 smb2_seq_num_into_buf(server, shdr);
608
609 mid = smb2_mid_entry_alloc(shdr, server);
610 if (mid == NULL)
611 return ERR_PTR(-ENOMEM);
612
613 rc = smb2_sign_rqst(rqst, server);
614 if (rc) {
615 DeleteMidQEntry(mid);
616 return ERR_PTR(rc);
617 }
618
619 return mid;
620 }
ubuntu-zesty-kernel mirror