2 * fs/cifs/smb2transport.c
4 * Copyright (C) International Business Machines Corp., 2002, 2011
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
10 * This library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published
12 * by the Free Software Foundation; either version 2.1 of the License, or
13 * (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
18 * the GNU Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <linux/list.h>
27 #include <linux/wait.h>
28 #include <linux/net.h>
29 #include <linux/delay.h>
30 #include <linux/uaccess.h>
31 #include <asm/processor.h>
32 #include <linux/mempool.h>
33 #include <linux/highmem.h>
34 #include <crypto/aead.h>
37 #include "cifsproto.h"
38 #include "smb2proto.h"
39 #include "cifs_debug.h"
40 #include "smb2status.h"
44 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
46 struct cifs_secmech *p = &server->secmech;
49 rc = cifs_alloc_hash("hmac(sha256)",
55 rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
61 cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
66 smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
68 struct cifs_secmech *p = &server->secmech;
71 rc = cifs_alloc_hash("hmac(sha256)",
77 rc = cifs_alloc_hash("cmac(aes)", &p->cmacaes, &p->sdesccmacaes);
81 rc = cifs_alloc_hash("sha512", &p->sha512, &p->sdescsha512);
88 cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
89 cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
95 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
97 struct cifs_chan *chan;
98 struct cifs_ses *ses = NULL;
99 struct TCP_Server_Info *it = NULL;
103 spin_lock(&cifs_tcp_ses_lock);
105 list_for_each_entry(it, &cifs_tcp_ses_list, tcp_ses_list) {
106 list_for_each_entry(ses, &it->smb_ses_list, smb_ses_list) {
107 if (ses->Suid == ses_id)
111 cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
119 * If we are in the process of binding a new channel
120 * to an existing session, use the master connection
123 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
128 * Otherwise, use the channel key.
131 for (i = 0; i < ses->chan_count; i++) {
132 chan = ses->chans + i;
133 if (chan->server == server) {
134 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
140 "%s: Could not find channel signing key for session 0x%llx\n",
145 spin_unlock(&cifs_tcp_ses_lock);
149 static struct cifs_ses *
150 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
152 struct cifs_ses *ses;
154 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
155 if (ses->Suid != ses_id)
164 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
166 struct cifs_ses *ses;
168 spin_lock(&cifs_tcp_ses_lock);
169 ses = smb2_find_smb_ses_unlocked(server, ses_id);
170 spin_unlock(&cifs_tcp_ses_lock);
175 static struct cifs_tcon *
176 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
178 struct cifs_tcon *tcon;
180 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
181 if (tcon->tid != tid)
191 * Obtain tcon corresponding to the tid in the given
196 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
198 struct cifs_ses *ses;
199 struct cifs_tcon *tcon;
201 spin_lock(&cifs_tcp_ses_lock);
202 ses = smb2_find_smb_ses_unlocked(server, ses_id);
204 spin_unlock(&cifs_tcp_ses_lock);
207 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
208 spin_unlock(&cifs_tcp_ses_lock);
214 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
215 bool allocate_crypto)
218 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
219 unsigned char *sigptr = smb2_signature;
220 struct kvec *iov = rqst->rq_iov;
221 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
222 struct cifs_ses *ses;
223 struct shash_desc *shash;
224 struct crypto_shash *hash;
225 struct sdesc *sdesc = NULL;
226 struct smb_rqst drqst;
228 ses = smb2_find_smb_ses(server, shdr->SessionId);
230 cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
234 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
235 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
237 if (allocate_crypto) {
238 rc = cifs_alloc_hash("hmac(sha256)", &hash, &sdesc);
241 "%s: sha256 alloc failed\n", __func__);
244 shash = &sdesc->shash;
246 hash = server->secmech.hmacsha256;
247 shash = &server->secmech.sdeschmacsha256->shash;
250 rc = crypto_shash_setkey(hash, ses->auth_key.response,
251 SMB2_NTLMV2_SESSKEY_SIZE);
254 "%s: Could not update with response\n",
259 rc = crypto_shash_init(shash);
261 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
266 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
267 * data, that is, iov[0] should not contain a rfc1002 length.
269 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
270 * __cifs_calc_signature().
273 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
274 rc = crypto_shash_update(shash, iov[0].iov_base,
278 "%s: Could not update with payload\n",
286 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
288 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
292 cifs_free_hash(&hash, &sdesc);
296 static int generate_key(struct cifs_ses *ses, struct kvec label,
297 struct kvec context, __u8 *key, unsigned int key_size)
299 unsigned char zero = 0x0;
300 __u8 i[4] = {0, 0, 0, 1};
301 __u8 L[4] = {0, 0, 0, 128};
303 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
304 unsigned char *hashptr = prfhash;
305 struct TCP_Server_Info *server = ses->server;
307 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
308 memset(key, 0x0, key_size);
310 rc = smb3_crypto_shash_allocate(server);
312 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
313 goto smb3signkey_ret;
316 rc = crypto_shash_setkey(server->secmech.hmacsha256,
317 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
319 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
320 goto smb3signkey_ret;
323 rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
325 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
326 goto smb3signkey_ret;
329 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
332 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
333 goto smb3signkey_ret;
336 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
337 label.iov_base, label.iov_len);
339 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
340 goto smb3signkey_ret;
343 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
346 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
347 goto smb3signkey_ret;
350 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
351 context.iov_base, context.iov_len);
353 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
354 goto smb3signkey_ret;
357 rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
360 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
361 goto smb3signkey_ret;
364 rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
367 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
368 goto smb3signkey_ret;
371 memcpy(key, hashptr, key_size);
382 struct derivation_triplet {
383 struct derivation signing;
384 struct derivation encryption;
385 struct derivation decryption;
389 generate_smb3signingkey(struct cifs_ses *ses,
390 const struct derivation_triplet *ptriplet)
395 * All channels use the same encryption/decryption keys but
396 * they have their own signing key.
398 * When we generate the keys, check if it is for a new channel
399 * (binding) in which case we only need to generate a signing
400 * key and store it in the channel as to not overwrite the
401 * master connection signing key stored in the session
405 rc = generate_key(ses, ptriplet->signing.label,
406 ptriplet->signing.context,
407 cifs_ses_binding_channel(ses)->signkey,
412 rc = generate_key(ses, ptriplet->signing.label,
413 ptriplet->signing.context,
419 memcpy(ses->chans[0].signkey, ses->smb3signingkey,
422 rc = generate_key(ses, ptriplet->encryption.label,
423 ptriplet->encryption.context,
424 ses->smb3encryptionkey,
426 rc = generate_key(ses, ptriplet->decryption.label,
427 ptriplet->decryption.context,
428 ses->smb3decryptionkey,
437 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
438 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
440 * The session id is opaque in terms of endianness, so we can't
441 * print it as a long long. we dump it as we got it on the wire
443 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
445 cifs_dbg(VFS, "Session Key %*ph\n",
446 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
447 cifs_dbg(VFS, "Signing Key %*ph\n",
448 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
449 cifs_dbg(VFS, "ServerIn Key %*ph\n",
450 SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);
451 cifs_dbg(VFS, "ServerOut Key %*ph\n",
452 SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);
458 generate_smb30signingkey(struct cifs_ses *ses)
461 struct derivation_triplet triplet;
462 struct derivation *d;
464 d = &triplet.signing;
465 d->label.iov_base = "SMB2AESCMAC";
466 d->label.iov_len = 12;
467 d->context.iov_base = "SmbSign";
468 d->context.iov_len = 8;
470 d = &triplet.encryption;
471 d->label.iov_base = "SMB2AESCCM";
472 d->label.iov_len = 11;
473 d->context.iov_base = "ServerIn ";
474 d->context.iov_len = 10;
476 d = &triplet.decryption;
477 d->label.iov_base = "SMB2AESCCM";
478 d->label.iov_len = 11;
479 d->context.iov_base = "ServerOut";
480 d->context.iov_len = 10;
482 return generate_smb3signingkey(ses, &triplet);
486 generate_smb311signingkey(struct cifs_ses *ses)
489 struct derivation_triplet triplet;
490 struct derivation *d;
492 d = &triplet.signing;
493 d->label.iov_base = "SMBSigningKey";
494 d->label.iov_len = 14;
495 d->context.iov_base = ses->preauth_sha_hash;
496 d->context.iov_len = 64;
498 d = &triplet.encryption;
499 d->label.iov_base = "SMBC2SCipherKey";
500 d->label.iov_len = 16;
501 d->context.iov_base = ses->preauth_sha_hash;
502 d->context.iov_len = 64;
504 d = &triplet.decryption;
505 d->label.iov_base = "SMBS2CCipherKey";
506 d->label.iov_len = 16;
507 d->context.iov_base = ses->preauth_sha_hash;
508 d->context.iov_len = 64;
510 return generate_smb3signingkey(ses, &triplet);
514 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
515 bool allocate_crypto)
518 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
519 unsigned char *sigptr = smb3_signature;
520 struct kvec *iov = rqst->rq_iov;
521 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
522 struct shash_desc *shash;
523 struct crypto_shash *hash;
524 struct sdesc *sdesc = NULL;
525 struct smb_rqst drqst;
526 u8 key[SMB3_SIGN_KEY_SIZE];
528 rc = smb2_get_sign_key(shdr->SessionId, server, key);
532 if (allocate_crypto) {
533 rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc);
537 shash = &sdesc->shash;
539 hash = server->secmech.cmacaes;
540 shash = &server->secmech.sdesccmacaes->shash;
543 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
544 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
546 rc = crypto_shash_setkey(hash, key, SMB2_CMACAES_SIZE);
548 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
553 * we already allocate sdesccmacaes when we init smb3 signing key,
554 * so unlike smb2 case we do not have to check here if secmech are
557 rc = crypto_shash_init(shash);
559 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
564 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
565 * data, that is, iov[0] should not contain a rfc1002 length.
567 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
568 * __cifs_calc_signature().
571 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
572 rc = crypto_shash_update(shash, iov[0].iov_base,
575 cifs_server_dbg(VFS, "%s: Could not update with payload\n",
583 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
585 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
589 cifs_free_hash(&hash, &sdesc);
593 /* must be called with server->srv_mutex held */
595 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
598 struct smb2_sync_hdr *shdr;
599 struct smb2_sess_setup_req *ssr;
603 shdr = (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
604 ssr = (struct smb2_sess_setup_req *)shdr;
606 is_binding = shdr->Command == SMB2_SESSION_SETUP &&
607 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
608 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
612 if (server->tcpStatus == CifsNeedNegotiate)
614 if (!is_binding && !server->session_estab) {
615 strncpy(shdr->Signature, "BSRSPYL", 8);
619 rc = server->ops->calc_signature(rqst, server, false);
625 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
628 char server_response_sig[SMB2_SIGNATURE_SIZE];
629 struct smb2_sync_hdr *shdr =
630 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
632 if ((shdr->Command == SMB2_NEGOTIATE) ||
633 (shdr->Command == SMB2_SESSION_SETUP) ||
634 (shdr->Command == SMB2_OPLOCK_BREAK) ||
635 server->ignore_signature ||
636 (!server->session_estab))
640 * BB what if signatures are supposed to be on for session but
641 * server does not send one? BB
644 /* Do not need to verify session setups with signature "BSRSPYL " */
645 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
646 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
650 * Save off the origiginal signature so we can modify the smb and check
651 * our calculated signature against what the server sent.
653 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
655 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
657 rc = server->ops->calc_signature(rqst, server, true);
662 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
663 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
664 shdr->Command, shdr->MessageId);
671 * Set message id for the request. Should be called after wait_for_free_request
672 * and when srv_mutex is held.
675 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
676 struct smb2_sync_hdr *shdr)
678 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
680 shdr->MessageId = get_next_mid64(server);
681 /* skip message numbers according to CreditCharge field */
682 for (i = 1; i < num; i++)
683 get_next_mid(server);
686 static struct mid_q_entry *
687 smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr,
688 struct TCP_Server_Info *server)
690 struct mid_q_entry *temp;
691 unsigned int credits = le16_to_cpu(shdr->CreditCharge);
693 if (server == NULL) {
694 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
698 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
699 memset(temp, 0, sizeof(struct mid_q_entry));
700 kref_init(&temp->refcount);
701 temp->mid = le64_to_cpu(shdr->MessageId);
702 temp->credits = credits > 0 ? credits : 1;
703 temp->pid = current->pid;
704 temp->command = shdr->Command; /* Always LE */
705 temp->when_alloc = jiffies;
706 temp->server = server;
709 * The default is for the mid to be synchronous, so the
710 * default callback just wakes up the current task.
712 get_task_struct(current);
713 temp->creator = current;
714 temp->callback = cifs_wake_up_task;
715 temp->callback_data = current;
717 atomic_inc(&midCount);
718 temp->mid_state = MID_REQUEST_ALLOCATED;
719 trace_smb3_cmd_enter(shdr->TreeId, shdr->SessionId,
720 le16_to_cpu(shdr->Command), temp->mid);
725 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
726 struct smb2_sync_hdr *shdr, struct mid_q_entry **mid)
728 if (server->tcpStatus == CifsExiting)
731 if (server->tcpStatus == CifsNeedReconnect) {
732 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
736 if (server->tcpStatus == CifsNeedNegotiate &&
737 shdr->Command != SMB2_NEGOTIATE)
740 if (ses->status == CifsNew) {
741 if ((shdr->Command != SMB2_SESSION_SETUP) &&
742 (shdr->Command != SMB2_NEGOTIATE))
744 /* else ok - we are setting up session */
747 if (ses->status == CifsExiting) {
748 if (shdr->Command != SMB2_LOGOFF)
750 /* else ok - we are shutting down the session */
753 *mid = smb2_mid_entry_alloc(shdr, server);
756 spin_lock(&GlobalMid_Lock);
757 list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
758 spin_unlock(&GlobalMid_Lock);
764 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
767 unsigned int len = mid->resp_buf_size;
769 struct smb_rqst rqst = { .rq_iov = iov,
772 iov[0].iov_base = (char *)mid->resp_buf;
773 iov[0].iov_len = len;
775 dump_smb(mid->resp_buf, min_t(u32, 80, len));
776 /* convert the length into a more usable form */
777 if (len > 24 && server->sign && !mid->decrypted) {
780 rc = smb2_verify_signature(&rqst, server);
782 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
786 return map_smb2_to_linux_error(mid->resp_buf, log_error);
790 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
791 struct smb_rqst *rqst)
794 struct smb2_sync_hdr *shdr =
795 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
796 struct mid_q_entry *mid;
798 smb2_seq_num_into_buf(server, shdr);
800 rc = smb2_get_mid_entry(ses, server, shdr, &mid);
802 revert_current_mid_from_hdr(server, shdr);
806 rc = smb2_sign_rqst(rqst, server);
808 revert_current_mid_from_hdr(server, shdr);
809 cifs_delete_mid(mid);
817 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
820 struct smb2_sync_hdr *shdr =
821 (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
822 struct mid_q_entry *mid;
824 if (server->tcpStatus == CifsNeedNegotiate &&
825 shdr->Command != SMB2_NEGOTIATE)
826 return ERR_PTR(-EAGAIN);
828 smb2_seq_num_into_buf(server, shdr);
830 mid = smb2_mid_entry_alloc(shdr, server);
832 revert_current_mid_from_hdr(server, shdr);
833 return ERR_PTR(-ENOMEM);
836 rc = smb2_sign_rqst(rqst, server);
838 revert_current_mid_from_hdr(server, shdr);
839 DeleteMidQEntry(mid);
847 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
849 struct crypto_aead *tfm;
851 if (!server->secmech.ccmaesencrypt) {
852 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
853 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
854 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
856 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
858 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
862 server->secmech.ccmaesencrypt = tfm;
865 if (!server->secmech.ccmaesdecrypt) {
866 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
867 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
868 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
870 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
872 crypto_free_aead(server->secmech.ccmaesencrypt);
873 server->secmech.ccmaesencrypt = NULL;
874 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
878 server->secmech.ccmaesdecrypt = tfm;