Lines Matching +full:tcon +full:- +full:channel
1 // SPDX-License-Identifier: LGPL-2.1
32 struct cifs_secmech *p = &server->secmech; in smb3_crypto_shash_allocate()
35 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb3_crypto_shash_allocate()
39 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb3_crypto_shash_allocate()
45 cifs_free_hash(&p->hmacsha256); in smb3_crypto_shash_allocate()
52 struct cifs_secmech *p = &server->secmech; in smb311_crypto_shash_allocate()
55 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb311_crypto_shash_allocate()
59 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb311_crypto_shash_allocate()
63 rc = cifs_alloc_hash("sha512", &p->sha512); in smb311_crypto_shash_allocate()
70 cifs_free_hash(&p->aes_cmac); in smb311_crypto_shash_allocate()
71 cifs_free_hash(&p->hmacsha256); in smb311_crypto_shash_allocate()
88 /* If server is a channel, select the primary channel */ in smb3_get_sign_key()
89 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb3_get_sign_key()
91 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb3_get_sign_key()
92 if (ses->Suid == ses_id) in smb3_get_sign_key()
98 rc = -ENOENT; in smb3_get_sign_key()
102 spin_lock(&ses->ses_lock); in smb3_get_sign_key()
103 spin_lock(&ses->chan_lock); in smb3_get_sign_key()
106 ses->ses_status == SES_GOOD); in smb3_get_sign_key()
109 * If we are in the process of binding a new channel in smb3_get_sign_key()
113 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); in smb3_get_sign_key()
114 spin_unlock(&ses->chan_lock); in smb3_get_sign_key()
115 spin_unlock(&ses->ses_lock); in smb3_get_sign_key()
120 * Otherwise, use the channel key. in smb3_get_sign_key()
123 for (i = 0; i < ses->chan_count; i++) { in smb3_get_sign_key()
124 chan = ses->chans + i; in smb3_get_sign_key()
125 if (chan->server == server) { in smb3_get_sign_key()
126 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); in smb3_get_sign_key()
127 spin_unlock(&ses->chan_lock); in smb3_get_sign_key()
128 spin_unlock(&ses->ses_lock); in smb3_get_sign_key()
132 spin_unlock(&ses->chan_lock); in smb3_get_sign_key()
133 spin_unlock(&ses->ses_lock); in smb3_get_sign_key()
136 "%s: Could not find channel signing key for session 0x%llx\n", in smb3_get_sign_key()
138 rc = -ENOENT; in smb3_get_sign_key()
151 /* If server is a channel, select the primary channel */ in smb2_find_smb_ses_unlocked()
152 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb2_find_smb_ses_unlocked()
154 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb2_find_smb_ses_unlocked()
155 if (ses->Suid != ses_id) in smb2_find_smb_ses_unlocked()
158 spin_lock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
159 if (ses->ses_status == SES_EXITING) { in smb2_find_smb_ses_unlocked()
160 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
164 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
175 int rc = -ENOENT; in smb2_get_sign_key()
178 server = server->primary_server; in smb2_get_sign_key()
181 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { in smb2_get_sign_key()
182 if (ses->Suid != ses_id) in smb2_get_sign_key()
186 spin_lock(&ses->ses_lock); in smb2_get_sign_key()
187 switch (ses->ses_status) { in smb2_get_sign_key()
190 if (likely(ses->auth_key.response)) { in smb2_get_sign_key()
191 memcpy(key, ses->auth_key.response, in smb2_get_sign_key()
194 rc = -EIO; in smb2_get_sign_key()
198 rc = -EAGAIN; in smb2_get_sign_key()
201 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
211 struct cifs_tcon *tcon; in smb2_find_smb_sess_tcon_unlocked() local
213 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { in smb2_find_smb_sess_tcon_unlocked()
214 if (tcon->tid != tid) in smb2_find_smb_sess_tcon_unlocked()
216 ++tcon->tc_count; in smb2_find_smb_sess_tcon_unlocked()
217 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, in smb2_find_smb_sess_tcon_unlocked()
219 return tcon; in smb2_find_smb_sess_tcon_unlocked()
226 * Obtain tcon corresponding to the tid in the given
234 struct cifs_tcon *tcon; in smb2_find_smb_tcon() local
242 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); in smb2_find_smb_tcon()
243 if (!tcon) { in smb2_find_smb_tcon()
249 /* tcon already has a ref to ses, so we don't need ses anymore */ in smb2_find_smb_tcon()
252 return tcon; in smb2_find_smb_tcon()
262 struct kvec *iov = rqst->rq_iov; in smb2_calc_signature()
266 __u64 sid = le64_to_cpu(shdr->SessionId); in smb2_calc_signature()
277 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
287 shash = server->secmech.hmacsha256; in smb2_calc_signature()
290 rc = crypto_shash_setkey(shash->tfm, key, sizeof(key)); in smb2_calc_signature()
308 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb2_calc_signature()
322 drqst.rq_nvec--; in smb2_calc_signature()
327 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
345 struct TCP_Server_Info *server = ses->server; in generate_key()
356 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm, in generate_key()
357 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); in generate_key()
363 rc = crypto_shash_init(server->secmech.hmacsha256); in generate_key()
369 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4); in generate_key()
375 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len); in generate_key()
381 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1); in generate_key()
387 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len); in generate_key()
393 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_key()
394 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_key()
395 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4); in generate_key()
397 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4); in generate_key()
404 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr); in generate_key()
436 spin_lock(&ses->ses_lock); in generate_smb3signingkey()
437 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
439 ses->ses_status == SES_GOOD); in generate_smb3signingkey()
443 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
444 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
446 return -EINVAL; in generate_smb3signingkey()
449 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
450 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
456 * When we generate the keys, check if it is for a new channel in generate_smb3signingkey()
458 * key and store it in the channel as to not overwrite the in generate_smb3signingkey()
463 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
464 ptriplet->signing.context, in generate_smb3signingkey()
465 ses->chans[chan_index].signkey, in generate_smb3signingkey()
470 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
471 ptriplet->signing.context, in generate_smb3signingkey()
472 ses->smb3signingkey, in generate_smb3signingkey()
477 /* safe to access primary channel, since it will never go away */ in generate_smb3signingkey()
478 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
479 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, in generate_smb3signingkey()
481 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
483 rc = generate_key(ses, ptriplet->encryption.label, in generate_smb3signingkey()
484 ptriplet->encryption.context, in generate_smb3signingkey()
485 ses->smb3encryptionkey, in generate_smb3signingkey()
489 rc = generate_key(ses, ptriplet->decryption.label, in generate_smb3signingkey()
490 ptriplet->decryption.context, in generate_smb3signingkey()
491 ses->smb3decryptionkey, in generate_smb3signingkey()
503 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), in generate_smb3signingkey()
504 &ses->Suid); in generate_smb3signingkey()
505 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); in generate_smb3signingkey()
507 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); in generate_smb3signingkey()
509 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); in generate_smb3signingkey()
510 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_smb3signingkey()
511 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_smb3signingkey()
513 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
515 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
518 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
520 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
535 d->label.iov_base = "SMB2AESCMAC"; in generate_smb30signingkey()
536 d->label.iov_len = 12; in generate_smb30signingkey()
537 d->context.iov_base = "SmbSign"; in generate_smb30signingkey()
538 d->context.iov_len = 8; in generate_smb30signingkey()
541 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
542 d->label.iov_len = 11; in generate_smb30signingkey()
543 d->context.iov_base = "ServerIn "; in generate_smb30signingkey()
544 d->context.iov_len = 10; in generate_smb30signingkey()
547 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
548 d->label.iov_len = 11; in generate_smb30signingkey()
549 d->context.iov_base = "ServerOut"; in generate_smb30signingkey()
550 d->context.iov_len = 10; in generate_smb30signingkey()
564 d->label.iov_base = "SMBSigningKey"; in generate_smb311signingkey()
565 d->label.iov_len = 14; in generate_smb311signingkey()
566 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
567 d->context.iov_len = 64; in generate_smb311signingkey()
570 d->label.iov_base = "SMBC2SCipherKey"; in generate_smb311signingkey()
571 d->label.iov_len = 16; in generate_smb311signingkey()
572 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
573 d->context.iov_len = 64; in generate_smb311signingkey()
576 d->label.iov_base = "SMBS2CCipherKey"; in generate_smb311signingkey()
577 d->label.iov_len = 16; in generate_smb311signingkey()
578 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
579 d->context.iov_len = 64; in generate_smb311signingkey()
591 struct kvec *iov = rqst->rq_iov; in smb3_calc_signature()
597 rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); in smb3_calc_signature()
608 shash = server->secmech.aes_cmac; in smb3_calc_signature()
612 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
614 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); in smb3_calc_signature()
635 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb3_calc_signature()
648 drqst.rq_nvec--; in smb3_calc_signature()
653 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
661 /* must be called with server->srv_mutex held */
671 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_sign_rqst()
674 is_binding = shdr->Command == SMB2_SESSION_SETUP && in smb2_sign_rqst()
675 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); in smb2_sign_rqst()
676 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; in smb2_sign_rqst()
680 spin_lock(&server->srv_lock); in smb2_sign_rqst()
681 if (server->ops->need_neg && in smb2_sign_rqst()
682 server->ops->need_neg(server)) { in smb2_sign_rqst()
683 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
686 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
687 if (!is_binding && !server->session_estab) { in smb2_sign_rqst()
688 strscpy(shdr->Signature, "BSRSPYL"); in smb2_sign_rqst()
692 rc = server->ops->calc_signature(rqst, server, false); in smb2_sign_rqst()
703 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_verify_signature()
705 if ((shdr->Command == SMB2_NEGOTIATE) || in smb2_verify_signature()
706 (shdr->Command == SMB2_SESSION_SETUP) || in smb2_verify_signature()
707 (shdr->Command == SMB2_OPLOCK_BREAK) || in smb2_verify_signature()
708 server->ignore_signature || in smb2_verify_signature()
709 (!server->session_estab)) in smb2_verify_signature()
718 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) in smb2_verify_signature()
720 shdr->Command); in smb2_verify_signature()
726 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
728 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
730 rc = server->ops->calc_signature(rqst, server, true); in smb2_verify_signature()
735 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { in smb2_verify_signature()
737 shdr->Command, shdr->MessageId); in smb2_verify_signature()
738 return -EACCES; in smb2_verify_signature()
751 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); in smb2_seq_num_into_buf()
753 shdr->MessageId = get_next_mid64(server); in smb2_seq_num_into_buf()
764 unsigned int credits = le16_to_cpu(shdr->CreditCharge); in smb2_mid_entry_alloc()
773 kref_init(&temp->refcount); in smb2_mid_entry_alloc()
774 temp->mid = le64_to_cpu(shdr->MessageId); in smb2_mid_entry_alloc()
775 temp->credits = credits > 0 ? credits : 1; in smb2_mid_entry_alloc()
776 temp->pid = current->pid; in smb2_mid_entry_alloc()
777 temp->command = shdr->Command; /* Always LE */ in smb2_mid_entry_alloc()
778 temp->when_alloc = jiffies; in smb2_mid_entry_alloc()
779 temp->server = server; in smb2_mid_entry_alloc()
786 temp->creator = current; in smb2_mid_entry_alloc()
787 temp->callback = cifs_wake_up_task; in smb2_mid_entry_alloc()
788 temp->callback_data = current; in smb2_mid_entry_alloc()
791 temp->mid_state = MID_REQUEST_ALLOCATED; in smb2_mid_entry_alloc()
792 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), in smb2_mid_entry_alloc()
793 le64_to_cpu(shdr->SessionId), in smb2_mid_entry_alloc()
794 le16_to_cpu(shdr->Command), temp->mid); in smb2_mid_entry_alloc()
802 spin_lock(&server->srv_lock); in smb2_get_mid_entry()
803 if (server->tcpStatus == CifsExiting) { in smb2_get_mid_entry()
804 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
805 return -ENOENT; in smb2_get_mid_entry()
808 if (server->tcpStatus == CifsNeedReconnect) { in smb2_get_mid_entry()
809 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
810 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); in smb2_get_mid_entry()
811 return -EAGAIN; in smb2_get_mid_entry()
814 if (server->tcpStatus == CifsNeedNegotiate && in smb2_get_mid_entry()
815 shdr->Command != SMB2_NEGOTIATE) { in smb2_get_mid_entry()
816 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
817 return -EAGAIN; in smb2_get_mid_entry()
819 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
821 spin_lock(&ses->ses_lock); in smb2_get_mid_entry()
822 if (ses->ses_status == SES_NEW) { in smb2_get_mid_entry()
823 if ((shdr->Command != SMB2_SESSION_SETUP) && in smb2_get_mid_entry()
824 (shdr->Command != SMB2_NEGOTIATE)) { in smb2_get_mid_entry()
825 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
826 return -EAGAIN; in smb2_get_mid_entry()
828 /* else ok - we are setting up session */ in smb2_get_mid_entry()
831 if (ses->ses_status == SES_EXITING) { in smb2_get_mid_entry()
832 if (shdr->Command != SMB2_LOGOFF) { in smb2_get_mid_entry()
833 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
834 return -EAGAIN; in smb2_get_mid_entry()
836 /* else ok - we are shutting down the session */ in smb2_get_mid_entry()
838 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
842 return -ENOMEM; in smb2_get_mid_entry()
843 spin_lock(&server->mid_lock); in smb2_get_mid_entry()
844 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); in smb2_get_mid_entry()
845 spin_unlock(&server->mid_lock); in smb2_get_mid_entry()
854 unsigned int len = mid->resp_buf_size; in smb2_check_receive()
859 iov[0].iov_base = (char *)mid->resp_buf; in smb2_check_receive()
862 dump_smb(mid->resp_buf, min_t(u32, 80, len)); in smb2_check_receive()
864 if (len > 24 && server->sign && !mid->decrypted) { in smb2_check_receive()
873 return map_smb2_to_linux_error(mid->resp_buf, log_error); in smb2_check_receive()
882 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_request()
908 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_async_request()
911 spin_lock(&server->srv_lock); in smb2_setup_async_request()
912 if (server->tcpStatus == CifsNeedNegotiate && in smb2_setup_async_request()
913 shdr->Command != SMB2_NEGOTIATE) { in smb2_setup_async_request()
914 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
915 return ERR_PTR(-EAGAIN); in smb2_setup_async_request()
917 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
924 return ERR_PTR(-ENOMEM); in smb2_setup_async_request()
942 if (!server->secmech.enc) { in smb3_crypto_aead_allocate()
943 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
944 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
953 server->secmech.enc = tfm; in smb3_crypto_aead_allocate()
956 if (!server->secmech.dec) { in smb3_crypto_aead_allocate()
957 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
958 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
963 crypto_free_aead(server->secmech.enc); in smb3_crypto_aead_allocate()
964 server->secmech.enc = NULL; in smb3_crypto_aead_allocate()
969 server->secmech.dec = tfm; in smb3_crypto_aead_allocate()