Lines Matching +full:tcon +full:- +full:channel
1 // SPDX-License-Identifier: LGPL-2.1
32 struct cifs_secmech *p = &server->secmech; in smb3_crypto_shash_allocate()
35 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb3_crypto_shash_allocate()
39 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb3_crypto_shash_allocate()
45 cifs_free_hash(&p->hmacsha256); in smb3_crypto_shash_allocate()
52 struct cifs_secmech *p = &server->secmech; in smb311_crypto_shash_allocate()
55 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); in smb311_crypto_shash_allocate()
59 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); in smb311_crypto_shash_allocate()
63 rc = cifs_alloc_hash("sha512", &p->sha512); in smb311_crypto_shash_allocate()
70 cifs_free_hash(&p->aes_cmac); in smb311_crypto_shash_allocate()
71 cifs_free_hash(&p->hmacsha256); in smb311_crypto_shash_allocate()
88 /* If server is a channel, select the primary channel */ in smb2_get_sign_key()
89 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb2_get_sign_key()
91 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb2_get_sign_key()
92 if (ses->Suid == ses_id) in smb2_get_sign_key()
98 rc = -ENOENT; in smb2_get_sign_key()
102 spin_lock(&ses->ses_lock); in smb2_get_sign_key()
103 spin_lock(&ses->chan_lock); in smb2_get_sign_key()
106 ses->ses_status == SES_GOOD); in smb2_get_sign_key()
109 * If we are in the process of binding a new channel in smb2_get_sign_key()
113 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE); in smb2_get_sign_key()
114 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
115 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
120 * Otherwise, use the channel key. in smb2_get_sign_key()
123 for (i = 0; i < ses->chan_count; i++) { in smb2_get_sign_key()
124 chan = ses->chans + i; in smb2_get_sign_key()
125 if (chan->server == server) { in smb2_get_sign_key()
126 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE); in smb2_get_sign_key()
127 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
128 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
132 spin_unlock(&ses->chan_lock); in smb2_get_sign_key()
133 spin_unlock(&ses->ses_lock); in smb2_get_sign_key()
136 "%s: Could not find channel signing key for session 0x%llx\n", in smb2_get_sign_key()
138 rc = -ENOENT; in smb2_get_sign_key()
151 /* If server is a channel, select the primary channel */ in smb2_find_smb_ses_unlocked()
152 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; in smb2_find_smb_ses_unlocked()
154 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { in smb2_find_smb_ses_unlocked()
155 if (ses->Suid != ses_id) in smb2_find_smb_ses_unlocked()
158 spin_lock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
159 if (ses->ses_status == SES_EXITING) { in smb2_find_smb_ses_unlocked()
160 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
164 spin_unlock(&ses->ses_lock); in smb2_find_smb_ses_unlocked()
186 struct cifs_tcon *tcon; in smb2_find_smb_sess_tcon_unlocked() local
188 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { in smb2_find_smb_sess_tcon_unlocked()
189 if (tcon->tid != tid) in smb2_find_smb_sess_tcon_unlocked()
191 ++tcon->tc_count; in smb2_find_smb_sess_tcon_unlocked()
192 return tcon; in smb2_find_smb_sess_tcon_unlocked()
199 * Obtain tcon corresponding to the tid in the given
207 struct cifs_tcon *tcon; in smb2_find_smb_tcon() local
215 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); in smb2_find_smb_tcon()
216 if (!tcon) { in smb2_find_smb_tcon()
222 /* tcon already has a ref to ses, so we don't need ses anymore */ in smb2_find_smb_tcon()
225 return tcon; in smb2_find_smb_tcon()
235 struct kvec *iov = rqst->rq_iov; in smb2_calc_signature()
241 ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId)); in smb2_calc_signature()
244 return -ENOENT; in smb2_calc_signature()
248 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
258 shash = server->secmech.hmacsha256; in smb2_calc_signature()
261 rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response, in smb2_calc_signature()
280 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb2_calc_signature()
294 drqst.rq_nvec--; in smb2_calc_signature()
299 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb2_calc_signature()
319 struct TCP_Server_Info *server = ses->server; in generate_key()
330 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm, in generate_key()
331 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); in generate_key()
337 rc = crypto_shash_init(server->secmech.hmacsha256); in generate_key()
343 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4); in generate_key()
349 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len); in generate_key()
355 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1); in generate_key()
361 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len); in generate_key()
367 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_key()
368 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_key()
369 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4); in generate_key()
371 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4); in generate_key()
378 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr); in generate_key()
410 spin_lock(&ses->ses_lock); in generate_smb3signingkey()
411 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
413 ses->ses_status == SES_GOOD); in generate_smb3signingkey()
417 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
418 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
420 return -EINVAL; in generate_smb3signingkey()
423 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
424 spin_unlock(&ses->ses_lock); in generate_smb3signingkey()
430 * When we generate the keys, check if it is for a new channel in generate_smb3signingkey()
432 * key and store it in the channel as to not overwrite the in generate_smb3signingkey()
437 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
438 ptriplet->signing.context, in generate_smb3signingkey()
439 ses->chans[chan_index].signkey, in generate_smb3signingkey()
444 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
445 ptriplet->signing.context, in generate_smb3signingkey()
446 ses->smb3signingkey, in generate_smb3signingkey()
451 /* safe to access primary channel, since it will never go away */ in generate_smb3signingkey()
452 spin_lock(&ses->chan_lock); in generate_smb3signingkey()
453 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey, in generate_smb3signingkey()
455 spin_unlock(&ses->chan_lock); in generate_smb3signingkey()
457 rc = generate_key(ses, ptriplet->encryption.label, in generate_smb3signingkey()
458 ptriplet->encryption.context, in generate_smb3signingkey()
459 ses->smb3encryptionkey, in generate_smb3signingkey()
463 rc = generate_key(ses, ptriplet->decryption.label, in generate_smb3signingkey()
464 ptriplet->decryption.context, in generate_smb3signingkey()
465 ses->smb3decryptionkey, in generate_smb3signingkey()
477 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), in generate_smb3signingkey()
478 &ses->Suid); in generate_smb3signingkey()
479 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); in generate_smb3signingkey()
481 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); in generate_smb3signingkey()
483 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); in generate_smb3signingkey()
484 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || in generate_smb3signingkey()
485 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { in generate_smb3signingkey()
487 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
489 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
492 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); in generate_smb3signingkey()
494 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); in generate_smb3signingkey()
509 d->label.iov_base = "SMB2AESCMAC"; in generate_smb30signingkey()
510 d->label.iov_len = 12; in generate_smb30signingkey()
511 d->context.iov_base = "SmbSign"; in generate_smb30signingkey()
512 d->context.iov_len = 8; in generate_smb30signingkey()
515 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
516 d->label.iov_len = 11; in generate_smb30signingkey()
517 d->context.iov_base = "ServerIn "; in generate_smb30signingkey()
518 d->context.iov_len = 10; in generate_smb30signingkey()
521 d->label.iov_base = "SMB2AESCCM"; in generate_smb30signingkey()
522 d->label.iov_len = 11; in generate_smb30signingkey()
523 d->context.iov_base = "ServerOut"; in generate_smb30signingkey()
524 d->context.iov_len = 10; in generate_smb30signingkey()
538 d->label.iov_base = "SMBSigningKey"; in generate_smb311signingkey()
539 d->label.iov_len = 14; in generate_smb311signingkey()
540 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
541 d->context.iov_len = 64; in generate_smb311signingkey()
544 d->label.iov_base = "SMBC2SCipherKey"; in generate_smb311signingkey()
545 d->label.iov_len = 16; in generate_smb311signingkey()
546 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
547 d->context.iov_len = 64; in generate_smb311signingkey()
550 d->label.iov_base = "SMBS2CCipherKey"; in generate_smb311signingkey()
551 d->label.iov_len = 16; in generate_smb311signingkey()
552 d->context.iov_base = ses->preauth_sha_hash; in generate_smb311signingkey()
553 d->context.iov_len = 64; in generate_smb311signingkey()
565 struct kvec *iov = rqst->rq_iov; in smb3_calc_signature()
571 rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key); in smb3_calc_signature()
582 shash = server->secmech.aes_cmac; in smb3_calc_signature()
586 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
588 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE); in smb3_calc_signature()
609 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to in smb3_calc_signature()
622 drqst.rq_nvec--; in smb3_calc_signature()
627 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE); in smb3_calc_signature()
635 /* must be called with server->srv_mutex held */
645 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_sign_rqst()
648 is_binding = shdr->Command == SMB2_SESSION_SETUP && in smb2_sign_rqst()
649 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING); in smb2_sign_rqst()
650 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED; in smb2_sign_rqst()
654 spin_lock(&server->srv_lock); in smb2_sign_rqst()
655 if (server->ops->need_neg && in smb2_sign_rqst()
656 server->ops->need_neg(server)) { in smb2_sign_rqst()
657 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
660 spin_unlock(&server->srv_lock); in smb2_sign_rqst()
661 if (!is_binding && !server->session_estab) { in smb2_sign_rqst()
662 strncpy(shdr->Signature, "BSRSPYL", 8); in smb2_sign_rqst()
666 rc = server->ops->calc_signature(rqst, server, false); in smb2_sign_rqst()
677 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_verify_signature()
679 if ((shdr->Command == SMB2_NEGOTIATE) || in smb2_verify_signature()
680 (shdr->Command == SMB2_SESSION_SETUP) || in smb2_verify_signature()
681 (shdr->Command == SMB2_OPLOCK_BREAK) || in smb2_verify_signature()
682 server->ignore_signature || in smb2_verify_signature()
683 (!server->session_estab)) in smb2_verify_signature()
692 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0) in smb2_verify_signature()
694 shdr->Command); in smb2_verify_signature()
700 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
702 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE); in smb2_verify_signature()
704 rc = server->ops->calc_signature(rqst, server, true); in smb2_verify_signature()
709 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) { in smb2_verify_signature()
711 shdr->Command, shdr->MessageId); in smb2_verify_signature()
712 return -EACCES; in smb2_verify_signature()
725 unsigned int i, num = le16_to_cpu(shdr->CreditCharge); in smb2_seq_num_into_buf()
727 shdr->MessageId = get_next_mid64(server); in smb2_seq_num_into_buf()
738 unsigned int credits = le16_to_cpu(shdr->CreditCharge); in smb2_mid_entry_alloc()
747 kref_init(&temp->refcount); in smb2_mid_entry_alloc()
748 temp->mid = le64_to_cpu(shdr->MessageId); in smb2_mid_entry_alloc()
749 temp->credits = credits > 0 ? credits : 1; in smb2_mid_entry_alloc()
750 temp->pid = current->pid; in smb2_mid_entry_alloc()
751 temp->command = shdr->Command; /* Always LE */ in smb2_mid_entry_alloc()
752 temp->when_alloc = jiffies; in smb2_mid_entry_alloc()
753 temp->server = server; in smb2_mid_entry_alloc()
760 temp->creator = current; in smb2_mid_entry_alloc()
761 temp->callback = cifs_wake_up_task; in smb2_mid_entry_alloc()
762 temp->callback_data = current; in smb2_mid_entry_alloc()
765 temp->mid_state = MID_REQUEST_ALLOCATED; in smb2_mid_entry_alloc()
766 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId), in smb2_mid_entry_alloc()
767 le64_to_cpu(shdr->SessionId), in smb2_mid_entry_alloc()
768 le16_to_cpu(shdr->Command), temp->mid); in smb2_mid_entry_alloc()
776 spin_lock(&server->srv_lock); in smb2_get_mid_entry()
777 if (server->tcpStatus == CifsExiting) { in smb2_get_mid_entry()
778 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
779 return -ENOENT; in smb2_get_mid_entry()
782 if (server->tcpStatus == CifsNeedReconnect) { in smb2_get_mid_entry()
783 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
784 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); in smb2_get_mid_entry()
785 return -EAGAIN; in smb2_get_mid_entry()
788 if (server->tcpStatus == CifsNeedNegotiate && in smb2_get_mid_entry()
789 shdr->Command != SMB2_NEGOTIATE) { in smb2_get_mid_entry()
790 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
791 return -EAGAIN; in smb2_get_mid_entry()
793 spin_unlock(&server->srv_lock); in smb2_get_mid_entry()
795 spin_lock(&ses->ses_lock); in smb2_get_mid_entry()
796 if (ses->ses_status == SES_NEW) { in smb2_get_mid_entry()
797 if ((shdr->Command != SMB2_SESSION_SETUP) && in smb2_get_mid_entry()
798 (shdr->Command != SMB2_NEGOTIATE)) { in smb2_get_mid_entry()
799 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
800 return -EAGAIN; in smb2_get_mid_entry()
802 /* else ok - we are setting up session */ in smb2_get_mid_entry()
805 if (ses->ses_status == SES_EXITING) { in smb2_get_mid_entry()
806 if (shdr->Command != SMB2_LOGOFF) { in smb2_get_mid_entry()
807 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
808 return -EAGAIN; in smb2_get_mid_entry()
810 /* else ok - we are shutting down the session */ in smb2_get_mid_entry()
812 spin_unlock(&ses->ses_lock); in smb2_get_mid_entry()
816 return -ENOMEM; in smb2_get_mid_entry()
817 spin_lock(&server->mid_lock); in smb2_get_mid_entry()
818 list_add_tail(&(*mid)->qhead, &server->pending_mid_q); in smb2_get_mid_entry()
819 spin_unlock(&server->mid_lock); in smb2_get_mid_entry()
828 unsigned int len = mid->resp_buf_size; in smb2_check_receive()
833 iov[0].iov_base = (char *)mid->resp_buf; in smb2_check_receive()
836 dump_smb(mid->resp_buf, min_t(u32, 80, len)); in smb2_check_receive()
838 if (len > 24 && server->sign && !mid->decrypted) { in smb2_check_receive()
847 return map_smb2_to_linux_error(mid->resp_buf, log_error); in smb2_check_receive()
856 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_request()
882 (struct smb2_hdr *)rqst->rq_iov[0].iov_base; in smb2_setup_async_request()
885 spin_lock(&server->srv_lock); in smb2_setup_async_request()
886 if (server->tcpStatus == CifsNeedNegotiate && in smb2_setup_async_request()
887 shdr->Command != SMB2_NEGOTIATE) { in smb2_setup_async_request()
888 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
889 return ERR_PTR(-EAGAIN); in smb2_setup_async_request()
891 spin_unlock(&server->srv_lock); in smb2_setup_async_request()
898 return ERR_PTR(-ENOMEM); in smb2_setup_async_request()
916 if (!server->secmech.enc) { in smb3_crypto_aead_allocate()
917 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
918 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
927 server->secmech.enc = tfm; in smb3_crypto_aead_allocate()
930 if (!server->secmech.dec) { in smb3_crypto_aead_allocate()
931 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || in smb3_crypto_aead_allocate()
932 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in smb3_crypto_aead_allocate()
937 crypto_free_aead(server->secmech.enc); in smb3_crypto_aead_allocate()
938 server->secmech.enc = NULL; in smb3_crypto_aead_allocate()
943 server->secmech.dec = tfm; in smb3_crypto_aead_allocate()