Lines Matching +full:tcon +full:- +full:channel
1 // SPDX-License-Identifier: LGPL-2.1
32 struct cifs_secmech *p = &server->secmech; in smb3_crypto_shash_allocate()
35 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb3_crypto_shash_allocate()
39 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb3_crypto_shash_allocate()
45 cifs_free_hash(&p->hmacsha256); in smb3_crypto_shash_allocate()
52 struct cifs_secmech *p = &server->secmech; in smb311_crypto_shash_allocate()
55 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb311_crypto_shash_allocate()
59 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb311_crypto_shash_allocate()
63 rc = cifs_alloc_hash("sha512", &p->sha512); in smb311_crypto_shash_allocate()
70 cifs_free_hash(&p->aes_cmac); in smb311_crypto_shash_allocate()
71 cifs_free_hash(&p->hmacsha256); in smb311_crypto_shash_allocate()
88 /* If server is a channel, select the primary channel */ in smb2_get_sign_key()
89 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb2_get_sign_key()
91 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb2_get_sign_key()
92 if (ses->Suid == ses_id) in smb2_get_sign_key()
98 rc = -ENOENT; in smb2_get_sign_key()
102 spin_lock(&ses->ses_lock); in smb2_get_sign_key()
103 spin_lock(&ses->chan_lock); in smb2_get_sign_key()
106 ses->ses_status == SES_GOOD); in smb2_get_sign_key()
109 * If we are in the process of binding a new channel in smb2_get_sign_key()
113 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); in smb2_get_sign_key()
114 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
115 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
120 * Otherwise, use the channel key. in smb2_get_sign_key()
123 for (i = 0; i < ses->chan_count; i++) { in smb2_get_sign_key()
124 chan = ses->chans + i; in smb2_get_sign_key()
125 if (chan->server == server) { in smb2_get_sign_key()
126 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); in smb2_get_sign_key()
127 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
128 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
132 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
133 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
136 "%s: Could not find channel signing key for session 0x%llx\n", in smb2_get_sign_key()
138 rc = -ENOENT; in smb2_get_sign_key()
151 /* If server is a channel, select the primary channel */ in smb2_find_smb_ses_unlocked()
152 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb2_find_smb_ses_unlocked()
154 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb2_find_smb_ses_unlocked()
155 if (ses->Suid != ses_id) in smb2_find_smb_ses_unlocked()
158 spin_lock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
159 if (ses->ses_status == SES_EXITING) { in smb2_find_smb_ses_unlocked()
160 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
164 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
186 struct cifs_tcon *tcon; in smb2_find_smb_sess_tcon_unlocked() local
188 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { in smb2_find_smb_sess_tcon_unlocked()
189 if (tcon->tid != tid) in smb2_find_smb_sess_tcon_unlocked()
191 ++tcon->tc_count; in smb2_find_smb_sess_tcon_unlocked()
192 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, in smb2_find_smb_sess_tcon_unlocked()
194 return tcon; in smb2_find_smb_sess_tcon_unlocked()
201 * Obtain tcon corresponding to the tid in the given
209 struct cifs_tcon *tcon; in smb2_find_smb_tcon() local
217 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); in smb2_find_smb_tcon()
218 if (!tcon) { in smb2_find_smb_tcon()
224 /* tcon already has a ref to ses, so we don't need ses anymore */ in smb2_find_smb_tcon()
227 return tcon; in smb2_find_smb_tcon()
237 struct kvec *iov = rqst->rq_iov; in smb2_calc_signature()
243 ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId)); in smb2_calc_signature()
246 return -ENOENT; in smb2_calc_signature()
250 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
260 shash = server->secmech.hmacsha256; in smb2_calc_signature()
263 rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response, in smb2_calc_signature()
282 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb2_calc_signature()
296 drqst.rq_nvec--; in smb2_calc_signature()
301 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
321 struct TCP_Server_Info *server = ses->server; in generate_key()
332 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm, in generate_key()
333 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); in generate_key()
339 rc = crypto_shash_init(server->secmech.hmacsha256); in generate_key()
345 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4); in generate_key()
351 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len); in generate_key()
357 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1); in generate_key()
363 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len); in generate_key()
369 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_key()
370 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_key()
371 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4); in generate_key()
373 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4); in generate_key()
380 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr); in generate_key()
412 spin_lock(&ses->ses_lock); in generate_smb3signingkey()
413 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
415 ses->ses_status == SES_GOOD); in generate_smb3signingkey()
419 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
420 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
422 return -EINVAL; in generate_smb3signingkey()
425 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
426 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
432 * When we generate the keys, check if it is for a new channel in generate_smb3signingkey()
434 * key and store it in the channel as to not overwrite the in generate_smb3signingkey()
439 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
440 ptriplet->signing.context, in generate_smb3signingkey()
441 ses->chans[chan_index].signkey, in generate_smb3signingkey()
446 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
447 ptriplet->signing.context, in generate_smb3signingkey()
448 ses->smb3signingkey, in generate_smb3signingkey()
453 /* safe to access primary channel, since it will never go away */ in generate_smb3signingkey()
454 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
455 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, in generate_smb3signingkey()
457 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
459 rc = generate_key(ses, ptriplet->encryption.label, in generate_smb3signingkey()
460 ptriplet->encryption.context, in generate_smb3signingkey()
461 ses->smb3encryptionkey, in generate_smb3signingkey()
465 rc = generate_key(ses, ptriplet->decryption.label, in generate_smb3signingkey()
466 ptriplet->decryption.context, in generate_smb3signingkey()
467 ses->smb3decryptionkey, in generate_smb3signingkey()
479 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), in generate_smb3signingkey()
480 &ses->Suid); in generate_smb3signingkey()
481 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); in generate_smb3signingkey()
483 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); in generate_smb3signingkey()
485 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); in generate_smb3signingkey()
486 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_smb3signingkey()
487 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_smb3signingkey()
489 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
491 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
494 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
496 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
511 d->label.iov_base = "SMB2AESCMAC"; in generate_smb30signingkey()
512 d->label.iov_len = 12; in generate_smb30signingkey()
513 d->context.iov_base = "SmbSign"; in generate_smb30signingkey()
514 d->context.iov_len = 8; in generate_smb30signingkey()
517 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
518 d->label.iov_len = 11; in generate_smb30signingkey()
519 d->context.iov_base = "ServerIn "; in generate_smb30signingkey()
520 d->context.iov_len = 10; in generate_smb30signingkey()
523 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
524 d->label.iov_len = 11; in generate_smb30signingkey()
525 d->context.iov_base = "ServerOut"; in generate_smb30signingkey()
526 d->context.iov_len = 10; in generate_smb30signingkey()
540 d->label.iov_base = "SMBSigningKey"; in generate_smb311signingkey()
541 d->label.iov_len = 14; in generate_smb311signingkey()
542 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
543 d->context.iov_len = 64; in generate_smb311signingkey()
546 d->label.iov_base = "SMBC2SCipherKey"; in generate_smb311signingkey()
547 d->label.iov_len = 16; in generate_smb311signingkey()
548 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
549 d->context.iov_len = 64; in generate_smb311signingkey()
552 d->label.iov_base = "SMBS2CCipherKey"; in generate_smb311signingkey()
553 d->label.iov_len = 16; in generate_smb311signingkey()
554 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
555 d->context.iov_len = 64; in generate_smb311signingkey()
567 struct kvec *iov = rqst->rq_iov; in smb3_calc_signature()
573 rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); in smb3_calc_signature()
584 shash = server->secmech.aes_cmac; in smb3_calc_signature()
588 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
590 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); in smb3_calc_signature()
611 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb3_calc_signature()
624 drqst.rq_nvec--; in smb3_calc_signature()
629 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
637 /* must be called with server->srv_mutex held */
647 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_sign_rqst()
650 is_binding = shdr->Command == SMB2_SESSION_SETUP && in smb2_sign_rqst()
651 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); in smb2_sign_rqst()
652 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; in smb2_sign_rqst()
656 spin_lock(&server->srv_lock); in smb2_sign_rqst()
657 if (server->ops->need_neg && in smb2_sign_rqst()
658 server->ops->need_neg(server)) { in smb2_sign_rqst()
659 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
662 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
663 if (!is_binding && !server->session_estab) { in smb2_sign_rqst()
664 strscpy(shdr->Signature, "BSRSPYL"); in smb2_sign_rqst()
668 rc = server->ops->calc_signature(rqst, server, false); in smb2_sign_rqst()
679 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_verify_signature()
681 if ((shdr->Command == SMB2_NEGOTIATE) || in smb2_verify_signature()
682 (shdr->Command == SMB2_SESSION_SETUP) || in smb2_verify_signature()
683 (shdr->Command == SMB2_OPLOCK_BREAK) || in smb2_verify_signature()
684 server->ignore_signature || in smb2_verify_signature()
685 (!server->session_estab)) in smb2_verify_signature()
694 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) in smb2_verify_signature()
696 shdr->Command); in smb2_verify_signature()
702 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
704 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
706 rc = server->ops->calc_signature(rqst, server, true); in smb2_verify_signature()
711 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { in smb2_verify_signature()
713 shdr->Command, shdr->MessageId); in smb2_verify_signature()
714 return -EACCES; in smb2_verify_signature()
727 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); in smb2_seq_num_into_buf()
729 shdr->MessageId = get_next_mid64(server); in smb2_seq_num_into_buf()
740 unsigned int credits = le16_to_cpu(shdr->CreditCharge); in smb2_mid_entry_alloc()
749 kref_init(&temp->refcount); in smb2_mid_entry_alloc()
750 temp->mid = le64_to_cpu(shdr->MessageId); in smb2_mid_entry_alloc()
751 temp->credits = credits > 0 ? credits : 1; in smb2_mid_entry_alloc()
752 temp->pid = current->pid; in smb2_mid_entry_alloc()
753 temp->command = shdr->Command; /* Always LE */ in smb2_mid_entry_alloc()
754 temp->when_alloc = jiffies; in smb2_mid_entry_alloc()
755 temp->server = server; in smb2_mid_entry_alloc()
762 temp->creator = current; in smb2_mid_entry_alloc()
763 temp->callback = cifs_wake_up_task; in smb2_mid_entry_alloc()
764 temp->callback_data = current; in smb2_mid_entry_alloc()
767 temp->mid_state = MID_REQUEST_ALLOCATED; in smb2_mid_entry_alloc()
768 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), in smb2_mid_entry_alloc()
769 le64_to_cpu(shdr->SessionId), in smb2_mid_entry_alloc()
770 le16_to_cpu(shdr->Command), temp->mid); in smb2_mid_entry_alloc()
778 spin_lock(&server->srv_lock); in smb2_get_mid_entry()
779 if (server->tcpStatus == CifsExiting) { in smb2_get_mid_entry()
780 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
781 return -ENOENT; in smb2_get_mid_entry()
784 if (server->tcpStatus == CifsNeedReconnect) { in smb2_get_mid_entry()
785 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
786 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); in smb2_get_mid_entry()
787 return -EAGAIN; in smb2_get_mid_entry()
790 if (server->tcpStatus == CifsNeedNegotiate && in smb2_get_mid_entry()
791 shdr->Command != SMB2_NEGOTIATE) { in smb2_get_mid_entry()
792 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
793 return -EAGAIN; in smb2_get_mid_entry()
795 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
797 spin_lock(&ses->ses_lock); in smb2_get_mid_entry()
798 if (ses->ses_status == SES_NEW) { in smb2_get_mid_entry()
799 if ((shdr->Command != SMB2_SESSION_SETUP) && in smb2_get_mid_entry()
800 (shdr->Command != SMB2_NEGOTIATE)) { in smb2_get_mid_entry()
801 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
802 return -EAGAIN; in smb2_get_mid_entry()
804 /* else ok - we are setting up session */ in smb2_get_mid_entry()
807 if (ses->ses_status == SES_EXITING) { in smb2_get_mid_entry()
808 if (shdr->Command != SMB2_LOGOFF) { in smb2_get_mid_entry()
809 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
810 return -EAGAIN; in smb2_get_mid_entry()
812 /* else ok - we are shutting down the session */ in smb2_get_mid_entry()
814 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
818 return -ENOMEM; in smb2_get_mid_entry()
819 spin_lock(&server->mid_lock); in smb2_get_mid_entry()
820 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); in smb2_get_mid_entry()
821 spin_unlock(&server->mid_lock); in smb2_get_mid_entry()
830 unsigned int len = mid->resp_buf_size; in smb2_check_receive()
835 iov[0].iov_base = (char *)mid->resp_buf; in smb2_check_receive()
838 dump_smb(mid->resp_buf, min_t(u32, 80, len)); in smb2_check_receive()
840 if (len > 24 && server->sign && !mid->decrypted) { in smb2_check_receive()
849 return map_smb2_to_linux_error(mid->resp_buf, log_error); in smb2_check_receive()
858 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_request()
884 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_async_request()
887 spin_lock(&server->srv_lock); in smb2_setup_async_request()
888 if (server->tcpStatus == CifsNeedNegotiate && in smb2_setup_async_request()
889 shdr->Command != SMB2_NEGOTIATE) { in smb2_setup_async_request()
890 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
891 return ERR_PTR(-EAGAIN); in smb2_setup_async_request()
893 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
900 return ERR_PTR(-ENOMEM); in smb2_setup_async_request()
918 if (!server->secmech.enc) { in smb3_crypto_aead_allocate()
919 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
920 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
929 server->secmech.enc = tfm; in smb3_crypto_aead_allocate()
932 if (!server->secmech.dec) { in smb3_crypto_aead_allocate()
933 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
934 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
939 crypto_free_aead(server->secmech.enc); in smb3_crypto_aead_allocate()
940 server->secmech.enc = NULL; in smb3_crypto_aead_allocate()
945 server->secmech.dec = tfm; in smb3_crypto_aead_allocate()