1 // SPDX-License-Identifier: LGPL-2.1
4 * Copyright (C) International Business Machines Corp., 2002, 2011
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Jeremy Allison (jra@samba.org) 2006
8 * Pavel Shilovsky (pshilovsky@samba.org) 2012
13 #include <linux/list.h>
14 #include <linux/wait.h>
15 #include <linux/net.h>
16 #include <linux/delay.h>
17 #include <linux/uaccess.h>
18 #include <asm/processor.h>
19 #include <linux/mempool.h>
20 #include <linux/highmem.h>
21 #include <crypto/aead.h>
23 #include "cifsproto.h"
24 #include "smb2proto.h"
25 #include "cifs_debug.h"
26 #include "smb2status.h"
30 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
32 struct cifs_secmech *p = &server->secmech;
35 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
39 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
45 cifs_free_hash(&p->hmacsha256);
50 smb311_crypto_shash_allocate(struct TCP_Server_Info *server)
52 struct cifs_secmech *p = &server->secmech;
55 rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256);
59 rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac);
63 rc = cifs_alloc_hash("sha512", &p->sha512);
70 cifs_free_hash(&p->aes_cmac);
71 cifs_free_hash(&p->hmacsha256);
77 int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
79 struct cifs_chan *chan;
80 struct TCP_Server_Info *pserver;
81 struct cifs_ses *ses = NULL;
84 bool is_binding = false;
86 spin_lock(&cifs_tcp_ses_lock);
88 /* If server is a channel, select the primary channel */
89 pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
91 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
92 if (ses->Suid == ses_id)
95 cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
101 spin_lock(&ses->ses_lock);
102 spin_lock(&ses->chan_lock);
104 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
105 ses->ses_status == SES_GOOD);
108 * If we are in the process of binding a new channel
109 * to an existing session, use the master connection
112 memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
113 spin_unlock(&ses->chan_lock);
114 spin_unlock(&ses->ses_lock);
119 * Otherwise, use the channel key.
122 for (i = 0; i < ses->chan_count; i++) {
123 chan = ses->chans + i;
124 if (chan->server == server) {
125 memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
126 spin_unlock(&ses->chan_lock);
127 spin_unlock(&ses->ses_lock);
131 spin_unlock(&ses->chan_lock);
132 spin_unlock(&ses->ses_lock);
135 "%s: Could not find channel signing key for session 0x%llx\n",
140 spin_unlock(&cifs_tcp_ses_lock);
144 static struct cifs_ses *
145 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
147 struct TCP_Server_Info *pserver;
148 struct cifs_ses *ses;
150 /* If server is a channel, select the primary channel */
151 pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
153 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
154 if (ses->Suid != ses_id)
157 spin_lock(&ses->ses_lock);
158 if (ses->ses_status == SES_EXITING) {
159 spin_unlock(&ses->ses_lock);
163 spin_unlock(&ses->ses_lock);
171 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
173 struct cifs_ses *ses;
175 spin_lock(&cifs_tcp_ses_lock);
176 ses = smb2_find_smb_ses_unlocked(server, ses_id);
177 spin_unlock(&cifs_tcp_ses_lock);
182 static struct cifs_tcon *
183 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid)
185 struct cifs_tcon *tcon;
187 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
188 if (tcon->tid != tid)
198 * Obtain tcon corresponding to the tid in the given
203 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
205 struct cifs_ses *ses;
206 struct cifs_tcon *tcon;
208 spin_lock(&cifs_tcp_ses_lock);
209 ses = smb2_find_smb_ses_unlocked(server, ses_id);
211 spin_unlock(&cifs_tcp_ses_lock);
214 tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
216 cifs_put_smb_ses(ses);
217 spin_unlock(&cifs_tcp_ses_lock);
220 spin_unlock(&cifs_tcp_ses_lock);
221 /* tcon already has a ref to ses, so we don't need ses anymore */
222 cifs_put_smb_ses(ses);
228 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
229 bool allocate_crypto)
232 unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
233 unsigned char *sigptr = smb2_signature;
234 struct kvec *iov = rqst->rq_iov;
235 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
236 struct cifs_ses *ses;
237 struct shash_desc *shash = NULL;
238 struct smb_rqst drqst;
240 ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId));
241 if (unlikely(!ses)) {
242 cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
246 memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
247 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
249 if (allocate_crypto) {
250 rc = cifs_alloc_hash("hmac(sha256)", &shash);
253 "%s: sha256 alloc failed\n", __func__);
257 shash = server->secmech.hmacsha256;
260 rc = crypto_shash_setkey(shash->tfm, ses->auth_key.response,
261 SMB2_NTLMV2_SESSKEY_SIZE);
264 "%s: Could not update with response\n",
269 rc = crypto_shash_init(shash);
271 cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
276 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
277 * data, that is, iov[0] should not contain a rfc1002 length.
279 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
280 * __cifs_calc_signature().
283 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
284 rc = crypto_shash_update(shash, iov[0].iov_base,
288 "%s: Could not update with payload\n",
296 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
298 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
302 cifs_free_hash(&shash);
304 cifs_put_smb_ses(ses);
308 static int generate_key(struct cifs_ses *ses, struct kvec label,
309 struct kvec context, __u8 *key, unsigned int key_size)
311 unsigned char zero = 0x0;
312 __u8 i[4] = {0, 0, 0, 1};
313 __u8 L128[4] = {0, 0, 0, 128};
314 __u8 L256[4] = {0, 0, 1, 0};
316 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
317 unsigned char *hashptr = prfhash;
318 struct TCP_Server_Info *server = ses->server;
320 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
321 memset(key, 0x0, key_size);
323 rc = smb3_crypto_shash_allocate(server);
325 cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
326 goto smb3signkey_ret;
329 rc = crypto_shash_setkey(server->secmech.hmacsha256->tfm,
330 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
332 cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
333 goto smb3signkey_ret;
336 rc = crypto_shash_init(server->secmech.hmacsha256);
338 cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
339 goto smb3signkey_ret;
342 rc = crypto_shash_update(server->secmech.hmacsha256, i, 4);
344 cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
345 goto smb3signkey_ret;
348 rc = crypto_shash_update(server->secmech.hmacsha256, label.iov_base, label.iov_len);
350 cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
351 goto smb3signkey_ret;
354 rc = crypto_shash_update(server->secmech.hmacsha256, &zero, 1);
356 cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
357 goto smb3signkey_ret;
360 rc = crypto_shash_update(server->secmech.hmacsha256, context.iov_base, context.iov_len);
362 cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
363 goto smb3signkey_ret;
366 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
367 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
368 rc = crypto_shash_update(server->secmech.hmacsha256, L256, 4);
370 rc = crypto_shash_update(server->secmech.hmacsha256, L128, 4);
373 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
374 goto smb3signkey_ret;
377 rc = crypto_shash_final(server->secmech.hmacsha256, hashptr);
379 cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
380 goto smb3signkey_ret;
383 memcpy(key, hashptr, key_size);
394 struct derivation_triplet {
395 struct derivation signing;
396 struct derivation encryption;
397 struct derivation decryption;
401 generate_smb3signingkey(struct cifs_ses *ses,
402 struct TCP_Server_Info *server,
403 const struct derivation_triplet *ptriplet)
406 bool is_binding = false;
409 spin_lock(&ses->ses_lock);
410 spin_lock(&ses->chan_lock);
411 is_binding = (cifs_chan_needs_reconnect(ses, server) &&
412 ses->ses_status == SES_GOOD);
414 chan_index = cifs_ses_get_chan_index(ses, server);
415 /* TODO: introduce ref counting for channels when the can be freed */
416 spin_unlock(&ses->chan_lock);
417 spin_unlock(&ses->ses_lock);
420 * All channels use the same encryption/decryption keys but
421 * they have their own signing key.
423 * When we generate the keys, check if it is for a new channel
424 * (binding) in which case we only need to generate a signing
425 * key and store it in the channel as to not overwrite the
426 * master connection signing key stored in the session
430 rc = generate_key(ses, ptriplet->signing.label,
431 ptriplet->signing.context,
432 ses->chans[chan_index].signkey,
437 rc = generate_key(ses, ptriplet->signing.label,
438 ptriplet->signing.context,
444 /* safe to access primary channel, since it will never go away */
445 spin_lock(&ses->chan_lock);
446 memcpy(ses->chans[chan_index].signkey, ses->smb3signingkey,
448 spin_unlock(&ses->chan_lock);
450 rc = generate_key(ses, ptriplet->encryption.label,
451 ptriplet->encryption.context,
452 ses->smb3encryptionkey,
453 SMB3_ENC_DEC_KEY_SIZE);
456 rc = generate_key(ses, ptriplet->decryption.label,
457 ptriplet->decryption.context,
458 ses->smb3decryptionkey,
459 SMB3_ENC_DEC_KEY_SIZE);
464 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
465 cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
467 * The session id is opaque in terms of endianness, so we can't
468 * print it as a long long. we dump it as we got it on the wire
470 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
472 cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type);
473 cifs_dbg(VFS, "Session Key %*ph\n",
474 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
475 cifs_dbg(VFS, "Signing Key %*ph\n",
476 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
477 if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
478 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
479 cifs_dbg(VFS, "ServerIn Key %*ph\n",
480 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
481 cifs_dbg(VFS, "ServerOut Key %*ph\n",
482 SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
484 cifs_dbg(VFS, "ServerIn Key %*ph\n",
485 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
486 cifs_dbg(VFS, "ServerOut Key %*ph\n",
487 SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
494 generate_smb30signingkey(struct cifs_ses *ses,
495 struct TCP_Server_Info *server)
498 struct derivation_triplet triplet;
499 struct derivation *d;
501 d = &triplet.signing;
502 d->label.iov_base = "SMB2AESCMAC";
503 d->label.iov_len = 12;
504 d->context.iov_base = "SmbSign";
505 d->context.iov_len = 8;
507 d = &triplet.encryption;
508 d->label.iov_base = "SMB2AESCCM";
509 d->label.iov_len = 11;
510 d->context.iov_base = "ServerIn ";
511 d->context.iov_len = 10;
513 d = &triplet.decryption;
514 d->label.iov_base = "SMB2AESCCM";
515 d->label.iov_len = 11;
516 d->context.iov_base = "ServerOut";
517 d->context.iov_len = 10;
519 return generate_smb3signingkey(ses, server, &triplet);
523 generate_smb311signingkey(struct cifs_ses *ses,
524 struct TCP_Server_Info *server)
527 struct derivation_triplet triplet;
528 struct derivation *d;
530 d = &triplet.signing;
531 d->label.iov_base = "SMBSigningKey";
532 d->label.iov_len = 14;
533 d->context.iov_base = ses->preauth_sha_hash;
534 d->context.iov_len = 64;
536 d = &triplet.encryption;
537 d->label.iov_base = "SMBC2SCipherKey";
538 d->label.iov_len = 16;
539 d->context.iov_base = ses->preauth_sha_hash;
540 d->context.iov_len = 64;
542 d = &triplet.decryption;
543 d->label.iov_base = "SMBS2CCipherKey";
544 d->label.iov_len = 16;
545 d->context.iov_base = ses->preauth_sha_hash;
546 d->context.iov_len = 64;
548 return generate_smb3signingkey(ses, server, &triplet);
552 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
553 bool allocate_crypto)
556 unsigned char smb3_signature[SMB2_CMACAES_SIZE];
557 unsigned char *sigptr = smb3_signature;
558 struct kvec *iov = rqst->rq_iov;
559 struct smb2_hdr *shdr = (struct smb2_hdr *)iov[0].iov_base;
560 struct shash_desc *shash = NULL;
561 struct smb_rqst drqst;
562 u8 key[SMB3_SIGN_KEY_SIZE];
564 rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
566 cifs_server_dbg(VFS, "%s: Could not get signing key\n", __func__);
570 if (allocate_crypto) {
571 rc = cifs_alloc_hash("cmac(aes)", &shash);
575 shash = server->secmech.aes_cmac;
578 memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
579 memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
581 rc = crypto_shash_setkey(shash->tfm, key, SMB2_CMACAES_SIZE);
583 cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
588 * we already allocate aes_cmac when we init smb3 signing key,
589 * so unlike smb2 case we do not have to check here if secmech are
592 rc = crypto_shash_init(shash);
594 cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
599 * For SMB2+, __cifs_calc_signature() expects to sign only the actual
600 * data, that is, iov[0] should not contain a rfc1002 length.
602 * Sign the rfc1002 length prior to passing the data (iov[1-N]) down to
603 * __cifs_calc_signature().
606 if (drqst.rq_nvec >= 2 && iov[0].iov_len == 4) {
607 rc = crypto_shash_update(shash, iov[0].iov_base,
610 cifs_server_dbg(VFS, "%s: Could not update with payload\n",
618 rc = __cifs_calc_signature(&drqst, server, sigptr, shash);
620 memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
624 cifs_free_hash(&shash);
628 /* must be called with server->srv_mutex held */
630 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
633 struct smb2_hdr *shdr;
634 struct smb2_sess_setup_req *ssr;
638 shdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
639 ssr = (struct smb2_sess_setup_req *)shdr;
641 is_binding = shdr->Command == SMB2_SESSION_SETUP &&
642 (ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
643 is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
647 spin_lock(&server->srv_lock);
648 if (server->ops->need_neg &&
649 server->ops->need_neg(server)) {
650 spin_unlock(&server->srv_lock);
653 spin_unlock(&server->srv_lock);
654 if (!is_binding && !server->session_estab) {
655 strncpy(shdr->Signature, "BSRSPYL", 8);
659 rc = server->ops->calc_signature(rqst, server, false);
665 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
668 char server_response_sig[SMB2_SIGNATURE_SIZE];
669 struct smb2_hdr *shdr =
670 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
672 if ((shdr->Command == SMB2_NEGOTIATE) ||
673 (shdr->Command == SMB2_SESSION_SETUP) ||
674 (shdr->Command == SMB2_OPLOCK_BREAK) ||
675 server->ignore_signature ||
676 (!server->session_estab))
680 * BB what if signatures are supposed to be on for session but
681 * server does not send one? BB
684 /* Do not need to verify session setups with signature "BSRSPYL " */
685 if (memcmp(shdr->Signature, "BSRSPYL ", 8) == 0)
686 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
690 * Save off the origiginal signature so we can modify the smb and check
691 * our calculated signature against what the server sent.
693 memcpy(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE);
695 memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
697 rc = server->ops->calc_signature(rqst, server, true);
702 if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
703 cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
704 shdr->Command, shdr->MessageId);
711 * Set message id for the request. Should be called after wait_for_free_request
712 * and when srv_mutex is held.
715 smb2_seq_num_into_buf(struct TCP_Server_Info *server,
716 struct smb2_hdr *shdr)
718 unsigned int i, num = le16_to_cpu(shdr->CreditCharge);
720 shdr->MessageId = get_next_mid64(server);
721 /* skip message numbers according to CreditCharge field */
722 for (i = 1; i < num; i++)
723 get_next_mid(server);
726 static struct mid_q_entry *
727 smb2_mid_entry_alloc(const struct smb2_hdr *shdr,
728 struct TCP_Server_Info *server)
730 struct mid_q_entry *temp;
731 unsigned int credits = le16_to_cpu(shdr->CreditCharge);
733 if (server == NULL) {
734 cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
738 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
739 memset(temp, 0, sizeof(struct mid_q_entry));
740 kref_init(&temp->refcount);
741 temp->mid = le64_to_cpu(shdr->MessageId);
742 temp->credits = credits > 0 ? credits : 1;
743 temp->pid = current->pid;
744 temp->command = shdr->Command; /* Always LE */
745 temp->when_alloc = jiffies;
746 temp->server = server;
749 * The default is for the mid to be synchronous, so the
750 * default callback just wakes up the current task.
752 get_task_struct(current);
753 temp->creator = current;
754 temp->callback = cifs_wake_up_task;
755 temp->callback_data = current;
757 atomic_inc(&mid_count);
758 temp->mid_state = MID_REQUEST_ALLOCATED;
759 trace_smb3_cmd_enter(le32_to_cpu(shdr->Id.SyncId.TreeId),
760 le64_to_cpu(shdr->SessionId),
761 le16_to_cpu(shdr->Command), temp->mid);
766 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
767 struct smb2_hdr *shdr, struct mid_q_entry **mid)
769 spin_lock(&server->srv_lock);
770 if (server->tcpStatus == CifsExiting) {
771 spin_unlock(&server->srv_lock);
775 if (server->tcpStatus == CifsNeedReconnect) {
776 spin_unlock(&server->srv_lock);
777 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
781 if (server->tcpStatus == CifsNeedNegotiate &&
782 shdr->Command != SMB2_NEGOTIATE) {
783 spin_unlock(&server->srv_lock);
786 spin_unlock(&server->srv_lock);
788 spin_lock(&ses->ses_lock);
789 if (ses->ses_status == SES_NEW) {
790 if ((shdr->Command != SMB2_SESSION_SETUP) &&
791 (shdr->Command != SMB2_NEGOTIATE)) {
792 spin_unlock(&ses->ses_lock);
795 /* else ok - we are setting up session */
798 if (ses->ses_status == SES_EXITING) {
799 if (shdr->Command != SMB2_LOGOFF) {
800 spin_unlock(&ses->ses_lock);
803 /* else ok - we are shutting down the session */
805 spin_unlock(&ses->ses_lock);
807 *mid = smb2_mid_entry_alloc(shdr, server);
810 spin_lock(&server->mid_lock);
811 list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
812 spin_unlock(&server->mid_lock);
818 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
821 unsigned int len = mid->resp_buf_size;
823 struct smb_rqst rqst = { .rq_iov = iov,
826 iov[0].iov_base = (char *)mid->resp_buf;
827 iov[0].iov_len = len;
829 dump_smb(mid->resp_buf, min_t(u32, 80, len));
830 /* convert the length into a more usable form */
831 if (len > 24 && server->sign && !mid->decrypted) {
834 rc = smb2_verify_signature(&rqst, server);
836 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
840 return map_smb2_to_linux_error(mid->resp_buf, log_error);
844 smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
845 struct smb_rqst *rqst)
848 struct smb2_hdr *shdr =
849 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
850 struct mid_q_entry *mid;
852 smb2_seq_num_into_buf(server, shdr);
854 rc = smb2_get_mid_entry(ses, server, shdr, &mid);
856 revert_current_mid_from_hdr(server, shdr);
860 rc = smb2_sign_rqst(rqst, server);
862 revert_current_mid_from_hdr(server, shdr);
871 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
874 struct smb2_hdr *shdr =
875 (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
876 struct mid_q_entry *mid;
878 spin_lock(&server->srv_lock);
879 if (server->tcpStatus == CifsNeedNegotiate &&
880 shdr->Command != SMB2_NEGOTIATE) {
881 spin_unlock(&server->srv_lock);
882 return ERR_PTR(-EAGAIN);
884 spin_unlock(&server->srv_lock);
886 smb2_seq_num_into_buf(server, shdr);
888 mid = smb2_mid_entry_alloc(shdr, server);
890 revert_current_mid_from_hdr(server, shdr);
891 return ERR_PTR(-ENOMEM);
894 rc = smb2_sign_rqst(rqst, server);
896 revert_current_mid_from_hdr(server, shdr);
905 smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
907 struct crypto_aead *tfm;
909 if (!server->secmech.enc) {
910 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
911 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
912 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
914 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
916 cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
920 server->secmech.enc = tfm;
923 if (!server->secmech.dec) {
924 if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
925 (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
926 tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
928 tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
930 crypto_free_aead(server->secmech.enc);
931 server->secmech.enc = NULL;
932 cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
936 server->secmech.dec = tfm;
projects / releases.git / blob