1 // SPDX-License-Identifier: LGPL-2.1
4 * Copyright (C) International Business Machines Corp., 2002, 2011
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
13 #include <linux/list.h>
14 #include <linux/wait.h>
15 #include <linux/net.h>
16 #include <linux/delay.h>
17 #include <linux/uaccess.h>
18 #include <asm/processor.h>
19 #include <linux/mempool.h>
20 #include <linux/highmem.h>
21 #include <crypto/aead.h>
23 #include "cifsproto.h"
24 #include "smb2proto.h"
25 #include "cifs_debug.h"
26 #include "smb2status.h"
30 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
32 struct cifs_secmech *p = &server->secmech;
35 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
39 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
45 cifs_free_hash(&p->hmacsha256);
50 smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
52 struct cifs_secmech *p = &server->secmech;
55 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
59 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
63 rc = cifs_alloc_hash("sha512", &p->sha512);
70 cifs_free_hash(&p->aes_cmac);
71 cifs_free_hash(&p->hmacsha256);
77 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
79 struct cifs_chan *chan;
80 struct TCP_Server_Info *pserver;
81 struct cifs_ses *ses = NULL;
84 bool is_binding = false;
86 spin_lock(&cifs_tcp_ses_lock);
88 /* If server is a channel, select the primary channel */
89 pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
91 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
92 if (ses->Suid == ses_id)
95 cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
101 spin_lock(&ses->ses_lock);
102 spin_lock(&ses->chan_lock);
104 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
105 ses->ses_status == SES_GOOD);
108 * If we are in the process of binding a new channel
109 * to an existing session, use the master connection
112 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
113 spin_unlock(&ses->chan_lock);
114 spin_unlock(&ses->ses_lock);
119 * Otherwise, use the channel key.
122 for (i = 0; i < ses->chan_count; i++) {
123 chan = ses->chans + i;
124 if (chan->server == server) {
125 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
126 spin_unlock(&ses->chan_lock);
127 spin_unlock(&ses->ses_lock);
131 spin_unlock(&ses->chan_lock);
132 spin_unlock(&ses->ses_lock);
135 "%s: Could not find channel signing key for session 0x%llx\n",
140 spin_unlock(&cifs_tcp_ses_lock);
144 static struct cifs_ses *
145 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
147 struct TCP_Server_Info *pserver;
148 struct cifs_ses *ses;
150 /* If server is a channel, select the primary channel */
151 pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
153 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
154 if (ses->Suid != ses_id)
164 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
166 struct cifs_ses *ses;
168 spin_lock(&cifs_tcp_ses_lock);
169 ses = smb2_find_smb_ses_unlocked(server, ses_id);
170 spin_unlock(&cifs_tcp_ses_lock);
175 static struct cifs_tcon *
176 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
178 struct cifs_tcon *tcon;
180 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
181 if (tcon->tid != tid)
191 * Obtain tcon corresponding to the tid in the given
196 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
198 struct cifs_ses *ses;
199 struct cifs_tcon *tcon;
201 spin_lock(&cifs_tcp_ses_lock);
202 ses = smb2_find_smb_ses_unlocked(server, ses_id);
204 spin_unlock(&cifs_tcp_ses_lock);
207 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
209 cifs_put_smb_ses(ses);
210 spin_unlock(&cifs_tcp_ses_lock);
213 spin_unlock(&cifs_tcp_ses_lock);
214 /* tcon already has a ref to ses, so we don't need ses anymore */
215 cifs_put_smb_ses(ses);
221 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
222 bool allocate_crypto)
225 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
226 unsigned char *sigptr = smb2_signature;
227 struct kvec *iov = rqst->rq_iov;
228 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
229 struct cifs_ses *ses;
230 struct shash_desc *shash = NULL;
231 struct smb_rqst drqst;
233 ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId));
234 if (unlikely(!ses)) {
235 cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
239 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
240 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
242 if (allocate_crypto) {
243 rc = cifs_alloc_hash("hmac(sha256)", &shash);
246 "%s: sha256 alloc failed\n", __func__);
250 shash = server->secmech.hmacsha256;
253 rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response,
254 SMB2_NTLMV2_SESSKEY_SIZE);
257 "%s: Could not update with response\n",
262 rc = crypto_shash_init(shash);
264 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
269 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
270 * data, that is, iov[0] should not contain a rfc1002 length.
272 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
273 * __cifs_calc_signature().
276 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
277 rc = crypto_shash_update(shash, iov[0].iov_base,
281 "%s: Could not update with payload\n",
289 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
291 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
295 cifs_free_hash(&shash);
297 cifs_put_smb_ses(ses);
301 static int generate_key(struct cifs_ses *ses, struct kvec label,
302 struct kvec context, __u8 *key, unsigned int key_size)
304 unsigned char zero = 0x0;
305 __u8 i[4] = {0, 0, 0, 1};
306 __u8 L128[4] = {0, 0, 0, 128};
307 __u8 L256[4] = {0, 0, 1, 0};
309 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
310 unsigned char *hashptr = prfhash;
311 struct TCP_Server_Info *server = ses->server;
313 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
314 memset(key, 0x0, key_size);
316 rc = smb3_crypto_shash_allocate(server);
318 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
319 goto smb3signkey_ret;
322 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm,
323 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
325 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
326 goto smb3signkey_ret;
329 rc = crypto_shash_init(server->secmech.hmacsha256);
331 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
332 goto smb3signkey_ret;
335 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4);
337 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
338 goto smb3signkey_ret;
341 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len);
343 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
344 goto smb3signkey_ret;
347 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1);
349 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
350 goto smb3signkey_ret;
353 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len);
355 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
356 goto smb3signkey_ret;
359 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
360 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
361 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4);
363 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4);
366 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
367 goto smb3signkey_ret;
370 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr);
372 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
373 goto smb3signkey_ret;
376 memcpy(key, hashptr, key_size);
387 struct derivation_triplet {
388 struct derivation signing;
389 struct derivation encryption;
390 struct derivation decryption;
394 generate_smb3signingkey(struct cifs_ses *ses,
395 struct TCP_Server_Info *server,
396 const struct derivation_triplet *ptriplet)
399 bool is_binding = false;
402 spin_lock(&ses->ses_lock);
403 spin_lock(&ses->chan_lock);
404 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
405 ses->ses_status == SES_GOOD);
407 chan_index = cifs_ses_get_chan_index(ses, server);
408 /* TODO: introduce ref counting for channels when the can be freed */
409 spin_unlock(&ses->chan_lock);
410 spin_unlock(&ses->ses_lock);
413 * All channels use the same encryption/decryption keys but
414 * they have their own signing key.
416 * When we generate the keys, check if it is for a new channel
417 * (binding) in which case we only need to generate a signing
418 * key and store it in the channel as to not overwrite the
419 * master connection signing key stored in the session
423 rc = generate_key(ses, ptriplet->signing.label,
424 ptriplet->signing.context,
425 ses->chans[chan_index].signkey,
430 rc = generate_key(ses, ptriplet->signing.label,
431 ptriplet->signing.context,
437 /* safe to access primary channel, since it will never go away */
438 spin_lock(&ses->chan_lock);
439 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey,
441 spin_unlock(&ses->chan_lock);
443 rc = generate_key(ses, ptriplet->encryption.label,
444 ptriplet->encryption.context,
445 ses->smb3encryptionkey,
446 SMB3_ENC_DEC_KEY_SIZE);
447 rc = generate_key(ses, ptriplet->decryption.label,
448 ptriplet->decryption.context,
449 ses->smb3decryptionkey,
450 SMB3_ENC_DEC_KEY_SIZE);
458 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
459 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
461 * The session id is opaque in terms of endianness, so we can't
462 * print it as a long long. we dump it as we got it on the wire
464 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
466 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type);
467 cifs_dbg(VFS, "Session Key %*ph\n",
468 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
469 cifs_dbg(VFS, "Signing Key %*ph\n",
470 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
471 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
472 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
473 cifs_dbg(VFS, "ServerIn Key %*ph\n",
474 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
475 cifs_dbg(VFS, "ServerOut Key %*ph\n",
476 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
478 cifs_dbg(VFS, "ServerIn Key %*ph\n",
479 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
480 cifs_dbg(VFS, "ServerOut Key %*ph\n",
481 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
488 generate_smb30signingkey(struct cifs_ses *ses,
489 struct TCP_Server_Info *server)
492 struct derivation_triplet triplet;
493 struct derivation *d;
495 d = &triplet.signing;
496 d->label.iov_base = "SMB2AESCMAC";
497 d->label.iov_len = 12;
498 d->context.iov_base = "SmbSign";
499 d->context.iov_len = 8;
501 d = &triplet.encryption;
502 d->label.iov_base = "SMB2AESCCM";
503 d->label.iov_len = 11;
504 d->context.iov_base = "ServerIn ";
505 d->context.iov_len = 10;
507 d = &triplet.decryption;
508 d->label.iov_base = "SMB2AESCCM";
509 d->label.iov_len = 11;
510 d->context.iov_base = "ServerOut";
511 d->context.iov_len = 10;
513 return generate_smb3signingkey(ses, server, &triplet);
517 generate_smb311signingkey(struct cifs_ses *ses,
518 struct TCP_Server_Info *server)
521 struct derivation_triplet triplet;
522 struct derivation *d;
524 d = &triplet.signing;
525 d->label.iov_base = "SMBSigningKey";
526 d->label.iov_len = 14;
527 d->context.iov_base = ses->preauth_sha_hash;
528 d->context.iov_len = 64;
530 d = &triplet.encryption;
531 d->label.iov_base = "SMBC2SCipherKey";
532 d->label.iov_len = 16;
533 d->context.iov_base = ses->preauth_sha_hash;
534 d->context.iov_len = 64;
536 d = &triplet.decryption;
537 d->label.iov_base = "SMBS2CCipherKey";
538 d->label.iov_len = 16;
539 d->context.iov_base = ses->preauth_sha_hash;
540 d->context.iov_len = 64;
542 return generate_smb3signingkey(ses, server, &triplet);
546 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
547 bool allocate_crypto)
550 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
551 unsigned char *sigptr = smb3_signature;
552 struct kvec *iov = rqst->rq_iov;
553 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
554 struct shash_desc *shash = NULL;
555 struct smb_rqst drqst;
556 u8 key[SMB3_SIGN_KEY_SIZE];
558 rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
560 cifs_server_dbg(VFS, "%s: Could not get signing key\n", __func__);
564 if (allocate_crypto) {
565 rc = cifs_alloc_hash("cmac(aes)", &shash);
569 shash = server->secmech.aes_cmac;
572 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
573 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
575 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE);
577 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
582 * we already allocate aes_cmac when we init smb3 signing key,
583 * so unlike smb2 case we do not have to check here if secmech are
586 rc = crypto_shash_init(shash);
588 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
593 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
594 * data, that is, iov[0] should not contain a rfc1002 length.
596 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
597 * __cifs_calc_signature().
600 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
601 rc = crypto_shash_update(shash, iov[0].iov_base,
604 cifs_server_dbg(VFS, "%s: Could not update with payload\n",
612 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
614 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
618 cifs_free_hash(&shash);
622 /* must be called with server->srv_mutex held */
624 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
627 struct smb2_hdr *shdr;
628 struct smb2_sess_setup_req *ssr;
632 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
633 ssr = (struct smb2_sess_setup_req *)shdr;
635 is_binding = shdr->Command == SMB2_SESSION_SETUP &&
636 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
637 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
641 spin_lock(&server->srv_lock);
642 if (server->ops->need_neg &&
643 server->ops->need_neg(server)) {
644 spin_unlock(&server->srv_lock);
647 spin_unlock(&server->srv_lock);
648 if (!is_binding && !server->session_estab) {
649 strncpy(shdr->Signature, "BSRSPYL", 8);
653 rc = server->ops->calc_signature(rqst, server, false);
659 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
662 char server_response_sig[SMB2_SIGNATURE_SIZE];
663 struct smb2_hdr *shdr =
664 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
666 if ((shdr->Command == SMB2_NEGOTIATE) ||
667 (shdr->Command == SMB2_SESSION_SETUP) ||
668 (shdr->Command == SMB2_OPLOCK_BREAK) ||
669 server->ignore_signature ||
670 (!server->session_estab))
674 * BB what if signatures are supposed to be on for session but
675 * server does not send one? BB
678 /* Do not need to verify session setups with signature "BSRSPYL " */
679 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
680 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
684 * Save off the origiginal signature so we can modify the smb and check
685 * our calculated signature against what the server sent.
687 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
689 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
691 rc = server->ops->calc_signature(rqst, server, true);
696 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
697 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
698 shdr->Command, shdr->MessageId);
705 * Set message id for the request. Should be called after wait_for_free_request
706 * and when srv_mutex is held.
709 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
710 struct smb2_hdr *shdr)
712 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
714 shdr->MessageId = get_next_mid64(server);
715 /* skip message numbers according to CreditCharge field */
716 for (i = 1; i < num; i++)
717 get_next_mid(server);
720 static struct mid_q_entry *
721 smb2_mid_entry_alloc(const struct smb2_hdr *shdr,
722 struct TCP_Server_Info *server)
724 struct mid_q_entry *temp;
725 unsigned int credits = le16_to_cpu(shdr->CreditCharge);
727 if (server == NULL) {
728 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
732 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
733 memset(temp, 0, sizeof(struct mid_q_entry));
734 kref_init(&temp->refcount);
735 temp->mid = le64_to_cpu(shdr->MessageId);
736 temp->credits = credits > 0 ? credits : 1;
737 temp->pid = current->pid;
738 temp->command = shdr->Command; /* Always LE */
739 temp->when_alloc = jiffies;
740 temp->server = server;
743 * The default is for the mid to be synchronous, so the
744 * default callback just wakes up the current task.
746 get_task_struct(current);
747 temp->creator = current;
748 temp->callback = cifs_wake_up_task;
749 temp->callback_data = current;
751 atomic_inc(&mid_count);
752 temp->mid_state = MID_REQUEST_ALLOCATED;
753 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId),
754 le64_to_cpu(shdr->SessionId),
755 le16_to_cpu(shdr->Command), temp->mid);
760 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
761 struct smb2_hdr *shdr, struct mid_q_entry **mid)
763 spin_lock(&server->srv_lock);
764 if (server->tcpStatus == CifsExiting) {
765 spin_unlock(&server->srv_lock);
769 if (server->tcpStatus == CifsNeedReconnect) {
770 spin_unlock(&server->srv_lock);
771 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
775 if (server->tcpStatus == CifsNeedNegotiate &&
776 shdr->Command != SMB2_NEGOTIATE) {
777 spin_unlock(&server->srv_lock);
780 spin_unlock(&server->srv_lock);
782 spin_lock(&ses->ses_lock);
783 if (ses->ses_status == SES_NEW) {
784 if ((shdr->Command != SMB2_SESSION_SETUP) &&
785 (shdr->Command != SMB2_NEGOTIATE)) {
786 spin_unlock(&ses->ses_lock);
789 /* else ok - we are setting up session */
792 if (ses->ses_status == SES_EXITING) {
793 if (shdr->Command != SMB2_LOGOFF) {
794 spin_unlock(&ses->ses_lock);
797 /* else ok - we are shutting down the session */
799 spin_unlock(&ses->ses_lock);
801 *mid = smb2_mid_entry_alloc(shdr, server);
804 spin_lock(&server->mid_lock);
805 list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
806 spin_unlock(&server->mid_lock);
812 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
815 unsigned int len = mid->resp_buf_size;
817 struct smb_rqst rqst = { .rq_iov = iov,
820 iov[0].iov_base = (char *)mid->resp_buf;
821 iov[0].iov_len = len;
823 dump_smb(mid->resp_buf, min_t(u32, 80, len));
824 /* convert the length into a more usable form */
825 if (len > 24 && server->sign && !mid->decrypted) {
828 rc = smb2_verify_signature(&rqst, server);
830 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
834 return map_smb2_to_linux_error(mid->resp_buf, log_error);
838 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
839 struct smb_rqst *rqst)
842 struct smb2_hdr *shdr =
843 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
844 struct mid_q_entry *mid;
846 smb2_seq_num_into_buf(server, shdr);
848 rc = smb2_get_mid_entry(ses, server, shdr, &mid);
850 revert_current_mid_from_hdr(server, shdr);
854 rc = smb2_sign_rqst(rqst, server);
856 revert_current_mid_from_hdr(server, shdr);
865 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
868 struct smb2_hdr *shdr =
869 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
870 struct mid_q_entry *mid;
872 spin_lock(&server->srv_lock);
873 if (server->tcpStatus == CifsNeedNegotiate &&
874 shdr->Command != SMB2_NEGOTIATE) {
875 spin_unlock(&server->srv_lock);
876 return ERR_PTR(-EAGAIN);
878 spin_unlock(&server->srv_lock);
880 smb2_seq_num_into_buf(server, shdr);
882 mid = smb2_mid_entry_alloc(shdr, server);
884 revert_current_mid_from_hdr(server, shdr);
885 return ERR_PTR(-ENOMEM);
888 rc = smb2_sign_rqst(rqst, server);
890 revert_current_mid_from_hdr(server, shdr);
899 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
901 struct crypto_aead *tfm;
903 if (!server->secmech.enc) {
904 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
905 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
906 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
908 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
910 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
914 server->secmech.enc = tfm;
917 if (!server->secmech.dec) {
918 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
919 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
920 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
922 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
924 crypto_free_aead(server->secmech.enc);
925 server->secmech.enc = NULL;
926 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
930 server->secmech.dec = tfm;