mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	CIFS: Encrypt SMB3 requests before sending
This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
This commit is contained in:
		
							parent
							
								
									cabfb3680f
								
							
						
					
					
						commit
						026e93dc0a
					
				| @ -174,6 +174,8 @@ config CIFS_SMB2 | |||||||
| 	select CRYPTO_AES | 	select CRYPTO_AES | ||||||
| 	select CRYPTO_SHA256 | 	select CRYPTO_SHA256 | ||||||
| 	select CRYPTO_CMAC | 	select CRYPTO_CMAC | ||||||
|  | 	select CRYPTO_AEAD2 | ||||||
|  | 	select CRYPTO_CCM | ||||||
| 
 | 
 | ||||||
| 	help | 	help | ||||||
| 	  This enables support for the Server Message Block version 2 | 	  This enables support for the Server Message Block version 2 | ||||||
|  | |||||||
| @ -34,6 +34,7 @@ | |||||||
| #include <linux/random.h> | #include <linux/random.h> | ||||||
| #include <linux/highmem.h> | #include <linux/highmem.h> | ||||||
| #include <crypto/skcipher.h> | #include <crypto/skcipher.h> | ||||||
|  | #include <crypto/aead.h> | ||||||
| 
 | 
 | ||||||
| static int | static int | ||||||
| cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server) | cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server) | ||||||
| @ -874,7 +875,7 @@ out: | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void | void | ||||||
| cifs_crypto_shash_release(struct TCP_Server_Info *server) | cifs_crypto_secmech_release(struct TCP_Server_Info *server) | ||||||
| { | { | ||||||
| 	if (server->secmech.cmacaes) { | 	if (server->secmech.cmacaes) { | ||||||
| 		crypto_free_shash(server->secmech.cmacaes); | 		crypto_free_shash(server->secmech.cmacaes); | ||||||
| @ -896,6 +897,16 @@ cifs_crypto_shash_release(struct TCP_Server_Info *server) | |||||||
| 		server->secmech.hmacmd5 = NULL; | 		server->secmech.hmacmd5 = NULL; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | 	if (server->secmech.ccmaesencrypt) { | ||||||
|  | 		crypto_free_aead(server->secmech.ccmaesencrypt); | ||||||
|  | 		server->secmech.ccmaesencrypt = NULL; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (server->secmech.ccmaesdecrypt) { | ||||||
|  | 		crypto_free_aead(server->secmech.ccmaesdecrypt); | ||||||
|  | 		server->secmech.ccmaesdecrypt = NULL; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	kfree(server->secmech.sdesccmacaes); | 	kfree(server->secmech.sdesccmacaes); | ||||||
| 	server->secmech.sdesccmacaes = NULL; | 	server->secmech.sdesccmacaes = NULL; | ||||||
| 	kfree(server->secmech.sdeschmacsha256); | 	kfree(server->secmech.sdeschmacsha256); | ||||||
|  | |||||||
| @ -1376,6 +1376,8 @@ MODULE_SOFTDEP("pre: nls"); | |||||||
| MODULE_SOFTDEP("pre: aes"); | MODULE_SOFTDEP("pre: aes"); | ||||||
| MODULE_SOFTDEP("pre: cmac"); | MODULE_SOFTDEP("pre: cmac"); | ||||||
| MODULE_SOFTDEP("pre: sha256"); | MODULE_SOFTDEP("pre: sha256"); | ||||||
|  | MODULE_SOFTDEP("pre: aead2"); | ||||||
|  | MODULE_SOFTDEP("pre: ccm"); | ||||||
| #endif /* CONFIG_CIFS_SMB2 */ | #endif /* CONFIG_CIFS_SMB2 */ | ||||||
| module_init(init_cifs) | module_init(init_cifs) | ||||||
| module_exit(exit_cifs) | module_exit(exit_cifs) | ||||||
|  | |||||||
| @ -136,6 +136,8 @@ struct cifs_secmech { | |||||||
| 	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ | 	struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ | ||||||
| 	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */ | 	struct sdesc *sdeschmacsha256;  /* ctxt to generate smb2 signature */ | ||||||
| 	struct sdesc *sdesccmacaes;  /* ctxt to generate smb3 signature */ | 	struct sdesc *sdesccmacaes;  /* ctxt to generate smb3 signature */ | ||||||
|  | 	struct crypto_aead *ccmaesencrypt; /* smb3 encryption aead */ | ||||||
|  | 	struct crypto_aead *ccmaesdecrypt; /* smb3 decryption aead */ | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| /* per smb session structure/fields */ | /* per smb session structure/fields */ | ||||||
|  | |||||||
| @ -445,7 +445,7 @@ extern int SMBNTencrypt(unsigned char *, unsigned char *, unsigned char *, | |||||||
| 			const struct nls_table *); | 			const struct nls_table *); | ||||||
| extern int setup_ntlm_response(struct cifs_ses *, const struct nls_table *); | extern int setup_ntlm_response(struct cifs_ses *, const struct nls_table *); | ||||||
| extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *); | extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *); | ||||||
| extern void cifs_crypto_shash_release(struct TCP_Server_Info *); | extern void cifs_crypto_secmech_release(struct TCP_Server_Info *server); | ||||||
| extern int calc_seckey(struct cifs_ses *); | extern int calc_seckey(struct cifs_ses *); | ||||||
| extern int generate_smb30signingkey(struct cifs_ses *); | extern int generate_smb30signingkey(struct cifs_ses *); | ||||||
| extern int generate_smb311signingkey(struct cifs_ses *); | extern int generate_smb311signingkey(struct cifs_ses *); | ||||||
|  | |||||||
| @ -2154,7 +2154,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) | |||||||
| 	server->tcpStatus = CifsExiting; | 	server->tcpStatus = CifsExiting; | ||||||
| 	spin_unlock(&GlobalMid_Lock); | 	spin_unlock(&GlobalMid_Lock); | ||||||
| 
 | 
 | ||||||
| 	cifs_crypto_shash_release(server); | 	cifs_crypto_secmech_release(server); | ||||||
| 	cifs_fscache_release_client_cookie(server); | 	cifs_fscache_release_client_cookie(server); | ||||||
| 
 | 
 | ||||||
| 	kfree(server->session_key.response); | 	kfree(server->session_key.response); | ||||||
| @ -2273,7 +2273,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||||||
| 	return tcp_ses; | 	return tcp_ses; | ||||||
| 
 | 
 | ||||||
| out_err_crypto_release: | out_err_crypto_release: | ||||||
| 	cifs_crypto_shash_release(tcp_ses); | 	cifs_crypto_secmech_release(tcp_ses); | ||||||
| 
 | 
 | ||||||
| 	put_net(cifs_net_ns(tcp_ses)); | 	put_net(cifs_net_ns(tcp_ses)); | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -20,6 +20,8 @@ | |||||||
| #include <linux/pagemap.h> | #include <linux/pagemap.h> | ||||||
| #include <linux/vfs.h> | #include <linux/vfs.h> | ||||||
| #include <linux/falloc.h> | #include <linux/falloc.h> | ||||||
|  | #include <linux/scatterlist.h> | ||||||
|  | #include <crypto/aead.h> | ||||||
| #include "cifsglob.h" | #include "cifsglob.h" | ||||||
| #include "smb2pdu.h" | #include "smb2pdu.h" | ||||||
| #include "smb2proto.h" | #include "smb2proto.h" | ||||||
| @ -1547,6 +1549,256 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile) | |||||||
| 	return !cfile->invalidHandle; | 	return !cfile->invalidHandle; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static void | ||||||
|  | fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, struct smb_rqst *old_rq) | ||||||
|  | { | ||||||
|  | 	struct smb2_sync_hdr *shdr = | ||||||
|  | 			(struct smb2_sync_hdr *)old_rq->rq_iov[1].iov_base; | ||||||
|  | 	unsigned int orig_len = get_rfc1002_length(old_rq->rq_iov[0].iov_base); | ||||||
|  | 
 | ||||||
|  | 	memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr)); | ||||||
|  | 	tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; | ||||||
|  | 	tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); | ||||||
|  | 	tr_hdr->Flags = cpu_to_le16(0x01); | ||||||
|  | 	get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CMM_NONCE); | ||||||
|  | 	memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8); | ||||||
|  | 	inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4); | ||||||
|  | 	inc_rfc1001_len(tr_hdr, orig_len); | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | static struct scatterlist * | ||||||
|  | init_sg(struct smb_rqst *rqst, u8 *sign) | ||||||
|  | { | ||||||
|  | 	unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages + 1; | ||||||
|  | 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; | ||||||
|  | 	struct scatterlist *sg; | ||||||
|  | 	unsigned int i; | ||||||
|  | 	unsigned int j; | ||||||
|  | 
 | ||||||
|  | 	sg = kmalloc_array(sg_len, sizeof(struct scatterlist), GFP_KERNEL); | ||||||
|  | 	if (!sg) | ||||||
|  | 		return NULL; | ||||||
|  | 
 | ||||||
|  | 	sg_init_table(sg, sg_len); | ||||||
|  | 	sg_set_buf(&sg[0], rqst->rq_iov[0].iov_base + 24, assoc_data_len); | ||||||
|  | 	for (i = 1; i < rqst->rq_nvec; i++) | ||||||
|  | 		sg_set_buf(&sg[i], rqst->rq_iov[i].iov_base, | ||||||
|  | 						rqst->rq_iov[i].iov_len); | ||||||
|  | 	for (j = 0; i < sg_len - 1; i++, j++) { | ||||||
|  | 		unsigned int len = (j < rqst->rq_npages - 1) ? rqst->rq_pagesz | ||||||
|  | 							: rqst->rq_tailsz; | ||||||
|  | 		sg_set_page(&sg[i], rqst->rq_pages[j], len, 0); | ||||||
|  | 	} | ||||||
|  | 	sg_set_buf(&sg[sg_len - 1], sign, SMB2_SIGNATURE_SIZE); | ||||||
|  | 	return sg; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | struct cifs_crypt_result { | ||||||
|  | 	int err; | ||||||
|  | 	struct completion completion; | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | static void cifs_crypt_complete(struct crypto_async_request *req, int err) | ||||||
|  | { | ||||||
|  | 	struct cifs_crypt_result *res = req->data; | ||||||
|  | 
 | ||||||
|  | 	if (err == -EINPROGRESS) | ||||||
|  | 		return; | ||||||
|  | 
 | ||||||
|  | 	res->err = err; | ||||||
|  | 	complete(&res->completion); | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*
 | ||||||
|  |  * Encrypt or decrypt @rqst message. @rqst has the following format: | ||||||
|  |  * iov[0] - transform header (associate data), | ||||||
|  |  * iov[1-N] and pages - data to encrypt. | ||||||
|  |  * On success return encrypted data in iov[1-N] and pages, leave iov[0] | ||||||
|  |  * untouched. | ||||||
|  |  */ | ||||||
|  | static int | ||||||
|  | crypt_message(struct TCP_Server_Info *server, struct smb_rqst *rqst, int enc) | ||||||
|  | { | ||||||
|  | 	struct smb2_transform_hdr *tr_hdr = | ||||||
|  | 			(struct smb2_transform_hdr *)rqst->rq_iov[0].iov_base; | ||||||
|  | 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; | ||||||
|  | 	struct cifs_ses *ses; | ||||||
|  | 	int rc = 0; | ||||||
|  | 	struct scatterlist *sg; | ||||||
|  | 	u8 sign[SMB2_SIGNATURE_SIZE] = {}; | ||||||
|  | 	struct aead_request *req; | ||||||
|  | 	char *iv; | ||||||
|  | 	unsigned int iv_len; | ||||||
|  | 	struct cifs_crypt_result result = {0, }; | ||||||
|  | 	struct crypto_aead *tfm; | ||||||
|  | 	unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); | ||||||
|  | 
 | ||||||
|  | 	init_completion(&result.completion); | ||||||
|  | 
 | ||||||
|  | 	ses = smb2_find_smb_ses(server, tr_hdr->SessionId); | ||||||
|  | 	if (!ses) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Could not find session\n", __func__); | ||||||
|  | 		return 0; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	rc = smb3_crypto_aead_allocate(server); | ||||||
|  | 	if (rc) { | ||||||
|  | 		cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__); | ||||||
|  | 		return rc; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	tfm = enc ? server->secmech.ccmaesencrypt : | ||||||
|  | 						server->secmech.ccmaesdecrypt; | ||||||
|  | 	rc = crypto_aead_setkey(tfm, enc ? ses->smb3encryptionkey : | ||||||
|  | 				ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE); | ||||||
|  | 	if (rc) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Failed to set aead key %d\n", __func__, rc); | ||||||
|  | 		return rc; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE); | ||||||
|  | 	if (rc) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Failed to set authsize %d\n", __func__, rc); | ||||||
|  | 		return rc; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	req = aead_request_alloc(tfm, GFP_KERNEL); | ||||||
|  | 	if (!req) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Failed to alloc aead request", __func__); | ||||||
|  | 		return -ENOMEM; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (!enc) { | ||||||
|  | 		memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE); | ||||||
|  | 		crypt_len += SMB2_SIGNATURE_SIZE; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	sg = init_sg(rqst, sign); | ||||||
|  | 	if (!sg) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Failed to init sg %d", __func__, rc); | ||||||
|  | 		goto free_req; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	iv_len = crypto_aead_ivsize(tfm); | ||||||
|  | 	iv = kzalloc(iv_len, GFP_KERNEL); | ||||||
|  | 	if (!iv) { | ||||||
|  | 		cifs_dbg(VFS, "%s: Failed to alloc IV", __func__); | ||||||
|  | 		goto free_sg; | ||||||
|  | 	} | ||||||
|  | 	iv[0] = 3; | ||||||
|  | 	memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CMM_NONCE); | ||||||
|  | 
 | ||||||
|  | 	aead_request_set_crypt(req, sg, sg, crypt_len, iv); | ||||||
|  | 	aead_request_set_ad(req, assoc_data_len); | ||||||
|  | 
 | ||||||
|  | 	aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||||||
|  | 				  cifs_crypt_complete, &result); | ||||||
|  | 
 | ||||||
|  | 	rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); | ||||||
|  | 
 | ||||||
|  | 	if (rc == -EINPROGRESS || rc == -EBUSY) { | ||||||
|  | 		wait_for_completion(&result.completion); | ||||||
|  | 		rc = result.err; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (!rc && enc) | ||||||
|  | 		memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); | ||||||
|  | 
 | ||||||
|  | 	kfree(iv); | ||||||
|  | free_sg: | ||||||
|  | 	kfree(sg); | ||||||
|  | free_req: | ||||||
|  | 	kfree(req); | ||||||
|  | 	return rc; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | static int | ||||||
|  | smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq, | ||||||
|  | 		       struct smb_rqst *old_rq) | ||||||
|  | { | ||||||
|  | 	struct kvec *iov; | ||||||
|  | 	struct page **pages; | ||||||
|  | 	struct smb2_transform_hdr *tr_hdr; | ||||||
|  | 	unsigned int npages = old_rq->rq_npages; | ||||||
|  | 	int i; | ||||||
|  | 	int rc = -ENOMEM; | ||||||
|  | 
 | ||||||
|  | 	pages = kmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); | ||||||
|  | 	if (!pages) | ||||||
|  | 		return rc; | ||||||
|  | 
 | ||||||
|  | 	new_rq->rq_pages = pages; | ||||||
|  | 	new_rq->rq_npages = old_rq->rq_npages; | ||||||
|  | 	new_rq->rq_pagesz = old_rq->rq_pagesz; | ||||||
|  | 	new_rq->rq_tailsz = old_rq->rq_tailsz; | ||||||
|  | 
 | ||||||
|  | 	for (i = 0; i < npages; i++) { | ||||||
|  | 		pages[i] = alloc_page(GFP_KERNEL|__GFP_HIGHMEM); | ||||||
|  | 		if (!pages[i]) | ||||||
|  | 			goto err_free_pages; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	iov = kmalloc_array(old_rq->rq_nvec, sizeof(struct kvec), GFP_KERNEL); | ||||||
|  | 	if (!iov) | ||||||
|  | 		goto err_free_pages; | ||||||
|  | 
 | ||||||
|  | 	/* copy all iovs from the old except the 1st one (rfc1002 length) */ | ||||||
|  | 	memcpy(&iov[1], &old_rq->rq_iov[1], | ||||||
|  | 				sizeof(struct kvec) * (old_rq->rq_nvec - 1)); | ||||||
|  | 	new_rq->rq_iov = iov; | ||||||
|  | 	new_rq->rq_nvec = old_rq->rq_nvec; | ||||||
|  | 
 | ||||||
|  | 	tr_hdr = kmalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL); | ||||||
|  | 	if (!tr_hdr) | ||||||
|  | 		goto err_free_iov; | ||||||
|  | 
 | ||||||
|  | 	/* fill the 1st iov with a transform header */ | ||||||
|  | 	fill_transform_hdr(tr_hdr, old_rq); | ||||||
|  | 	new_rq->rq_iov[0].iov_base = tr_hdr; | ||||||
|  | 	new_rq->rq_iov[0].iov_len = sizeof(struct smb2_transform_hdr); | ||||||
|  | 
 | ||||||
|  | 	/* copy pages form the old */ | ||||||
|  | 	for (i = 0; i < npages; i++) { | ||||||
|  | 		char *dst = kmap(new_rq->rq_pages[i]); | ||||||
|  | 		char *src = kmap(old_rq->rq_pages[i]); | ||||||
|  | 		unsigned int len = (i < npages - 1) ? new_rq->rq_pagesz : | ||||||
|  | 							new_rq->rq_tailsz; | ||||||
|  | 		memcpy(dst, src, len); | ||||||
|  | 		kunmap(new_rq->rq_pages[i]); | ||||||
|  | 		kunmap(old_rq->rq_pages[i]); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	rc = crypt_message(server, new_rq, 1); | ||||||
|  | 	cifs_dbg(FYI, "encrypt message returned %d", rc); | ||||||
|  | 	if (rc) | ||||||
|  | 		goto err_free_tr_hdr; | ||||||
|  | 
 | ||||||
|  | 	return rc; | ||||||
|  | 
 | ||||||
|  | err_free_tr_hdr: | ||||||
|  | 	kfree(tr_hdr); | ||||||
|  | err_free_iov: | ||||||
|  | 	kfree(iov); | ||||||
|  | err_free_pages: | ||||||
|  | 	for (i = i - 1; i >= 0; i--) | ||||||
|  | 		put_page(pages[i]); | ||||||
|  | 	kfree(pages); | ||||||
|  | 	return rc; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | static void | ||||||
|  | smb3_free_transform_rq(struct smb_rqst *rqst) | ||||||
|  | { | ||||||
|  | 	int i = rqst->rq_npages - 1; | ||||||
|  | 
 | ||||||
|  | 	for (; i >= 0; i--) | ||||||
|  | 		put_page(rqst->rq_pages[i]); | ||||||
|  | 	kfree(rqst->rq_pages); | ||||||
|  | 	/* free transform header */ | ||||||
|  | 	kfree(rqst->rq_iov[0].iov_base); | ||||||
|  | 	kfree(rqst->rq_iov); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| struct smb_version_operations smb20_operations = { | struct smb_version_operations smb20_operations = { | ||||||
| 	.compare_fids = smb2_compare_fids, | 	.compare_fids = smb2_compare_fids, | ||||||
| 	.setup_request = smb2_setup_request, | 	.setup_request = smb2_setup_request, | ||||||
| @ -1793,6 +2045,8 @@ struct smb_version_operations smb30_operations = { | |||||||
| 	.dir_needs_close = smb2_dir_needs_close, | 	.dir_needs_close = smb2_dir_needs_close, | ||||||
| 	.fallocate = smb3_fallocate, | 	.fallocate = smb3_fallocate, | ||||||
| 	.enum_snapshots = smb3_enum_snapshots, | 	.enum_snapshots = smb3_enum_snapshots, | ||||||
|  | 	.init_transform_rq = smb3_init_transform_rq, | ||||||
|  | 	.free_transform_rq = smb3_free_transform_rq, | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| #ifdef CONFIG_CIFS_SMB311 | #ifdef CONFIG_CIFS_SMB311 | ||||||
| @ -1881,6 +2135,8 @@ struct smb_version_operations smb311_operations = { | |||||||
| 	.dir_needs_close = smb2_dir_needs_close, | 	.dir_needs_close = smb2_dir_needs_close, | ||||||
| 	.fallocate = smb3_fallocate, | 	.fallocate = smb3_fallocate, | ||||||
| 	.enum_snapshots = smb3_enum_snapshots, | 	.enum_snapshots = smb3_enum_snapshots, | ||||||
|  | 	.init_transform_rq = smb3_init_transform_rq, | ||||||
|  | 	.free_transform_rq = smb3_free_transform_rq, | ||||||
| }; | }; | ||||||
| #endif /* CIFS_SMB311 */ | #endif /* CIFS_SMB311 */ | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -134,11 +134,14 @@ struct smb2_pdu { | |||||||
| 	__le16 StructureSize2; /* size of wct area (varies, request specific) */ | 	__le16 StructureSize2; /* size of wct area (varies, request specific) */ | ||||||
| } __packed; | } __packed; | ||||||
| 
 | 
 | ||||||
|  | #define SMB3_AES128CMM_NONCE 11 | ||||||
|  | #define SMB3_AES128GCM_NONCE 12 | ||||||
|  | 
 | ||||||
| struct smb2_transform_hdr { | struct smb2_transform_hdr { | ||||||
| 	__be32 smb2_buf_length;	/* big endian on wire */ | 	__be32 smb2_buf_length;	/* big endian on wire */ | ||||||
| 				/* length is only two or three bytes - with
 | 				/* length is only two or three bytes - with
 | ||||||
| 				 one or two byte type preceding it that MBZ */ | 				 one or two byte type preceding it that MBZ */ | ||||||
| 	__u8   ProtocolId[4];	/* 0xFD 'S' 'M' 'B' */ | 	__le32 ProtocolId;	/* 0xFD 'S' 'M' 'B' */ | ||||||
| 	__u8   Signature[16]; | 	__u8   Signature[16]; | ||||||
| 	__u8   Nonce[16]; | 	__u8   Nonce[16]; | ||||||
| 	__le32 OriginalMessageSize; | 	__le32 OriginalMessageSize; | ||||||
|  | |||||||
| @ -56,6 +56,8 @@ extern void smb2_echo_request(struct work_struct *work); | |||||||
| extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode); | extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode); | ||||||
| extern bool smb2_is_valid_oplock_break(char *buffer, | extern bool smb2_is_valid_oplock_break(char *buffer, | ||||||
| 				       struct TCP_Server_Info *srv); | 				       struct TCP_Server_Info *srv); | ||||||
|  | extern struct cifs_ses *smb2_find_smb_ses(struct TCP_Server_Info *server, | ||||||
|  | 					  __u64 ses_id); | ||||||
| 
 | 
 | ||||||
| extern void move_smb2_info_to_cifs(FILE_ALL_INFO *dst, | extern void move_smb2_info_to_cifs(FILE_ALL_INFO *dst, | ||||||
| 				   struct smb2_file_all_info *src); | 				   struct smb2_file_all_info *src); | ||||||
| @ -97,6 +99,7 @@ extern int smb2_unlock_range(struct cifsFileInfo *cfile, | |||||||
| 			     struct file_lock *flock, const unsigned int xid); | 			     struct file_lock *flock, const unsigned int xid); | ||||||
| extern int smb2_push_mandatory_locks(struct cifsFileInfo *cfile); | extern int smb2_push_mandatory_locks(struct cifsFileInfo *cfile); | ||||||
| extern void smb2_reconnect_server(struct work_struct *work); | extern void smb2_reconnect_server(struct work_struct *work); | ||||||
|  | extern int smb3_crypto_aead_allocate(struct TCP_Server_Info *server); | ||||||
| 
 | 
 | ||||||
| /*
 | /*
 | ||||||
|  * SMB2 Worker functions - most of protocol specific implementation details |  * SMB2 Worker functions - most of protocol specific implementation details | ||||||
|  | |||||||
| @ -31,6 +31,7 @@ | |||||||
| #include <asm/processor.h> | #include <asm/processor.h> | ||||||
| #include <linux/mempool.h> | #include <linux/mempool.h> | ||||||
| #include <linux/highmem.h> | #include <linux/highmem.h> | ||||||
|  | #include <crypto/aead.h> | ||||||
| #include "smb2pdu.h" | #include "smb2pdu.h" | ||||||
| #include "cifsglob.h" | #include "cifsglob.h" | ||||||
| #include "cifsproto.h" | #include "cifsproto.h" | ||||||
| @ -114,14 +115,14 @@ smb3_crypto_shash_allocate(struct TCP_Server_Info *server) | |||||||
| 	return 0; | 	return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static struct cifs_ses * | struct cifs_ses * | ||||||
| smb2_find_smb_ses(struct smb2_sync_hdr *shdr, struct TCP_Server_Info *server) | smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id) | ||||||
| { | { | ||||||
| 	struct cifs_ses *ses; | 	struct cifs_ses *ses; | ||||||
| 
 | 
 | ||||||
| 	spin_lock(&cifs_tcp_ses_lock); | 	spin_lock(&cifs_tcp_ses_lock); | ||||||
| 	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { | 	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { | ||||||
| 		if (ses->Suid != shdr->SessionId) | 		if (ses->Suid != ses_id) | ||||||
| 			continue; | 			continue; | ||||||
| 		spin_unlock(&cifs_tcp_ses_lock); | 		spin_unlock(&cifs_tcp_ses_lock); | ||||||
| 		return ses; | 		return ses; | ||||||
| @ -141,7 +142,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) | |||||||
| 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base; | 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base; | ||||||
| 	struct cifs_ses *ses; | 	struct cifs_ses *ses; | ||||||
| 
 | 
 | ||||||
| 	ses = smb2_find_smb_ses(shdr, server); | 	ses = smb2_find_smb_ses(server, shdr->SessionId); | ||||||
| 	if (!ses) { | 	if (!ses) { | ||||||
| 		cifs_dbg(VFS, "%s: Could not find session\n", __func__); | 		cifs_dbg(VFS, "%s: Could not find session\n", __func__); | ||||||
| 		return 0; | 		return 0; | ||||||
| @ -358,7 +359,7 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) | |||||||
| 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base; | 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[1].iov_base; | ||||||
| 	struct cifs_ses *ses; | 	struct cifs_ses *ses; | ||||||
| 
 | 
 | ||||||
| 	ses = smb2_find_smb_ses(shdr, server); | 	ses = smb2_find_smb_ses(server, shdr->SessionId); | ||||||
| 	if (!ses) { | 	if (!ses) { | ||||||
| 		cifs_dbg(VFS, "%s: Could not find session\n", __func__); | 		cifs_dbg(VFS, "%s: Could not find session\n", __func__); | ||||||
| 		return 0; | 		return 0; | ||||||
| @ -618,3 +619,33 @@ smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) | |||||||
| 
 | 
 | ||||||
| 	return mid; | 	return mid; | ||||||
| } | } | ||||||
|  | 
 | ||||||
|  | int | ||||||
|  | smb3_crypto_aead_allocate(struct TCP_Server_Info *server) | ||||||
|  | { | ||||||
|  | 	struct crypto_aead *tfm; | ||||||
|  | 
 | ||||||
|  | 	if (!server->secmech.ccmaesencrypt) { | ||||||
|  | 		tfm = crypto_alloc_aead("ccm(aes)", 0, 0); | ||||||
|  | 		if (IS_ERR(tfm)) { | ||||||
|  | 			cifs_dbg(VFS, "%s: Failed to alloc encrypt aead\n", | ||||||
|  | 				 __func__); | ||||||
|  | 			return PTR_ERR(tfm); | ||||||
|  | 		} | ||||||
|  | 		server->secmech.ccmaesencrypt = tfm; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (!server->secmech.ccmaesdecrypt) { | ||||||
|  | 		tfm = crypto_alloc_aead("ccm(aes)", 0, 0); | ||||||
|  | 		if (IS_ERR(tfm)) { | ||||||
|  | 			crypto_free_aead(server->secmech.ccmaesencrypt); | ||||||
|  | 			server->secmech.ccmaesencrypt = NULL; | ||||||
|  | 			cifs_dbg(VFS, "%s: Failed to alloc decrypt aead\n", | ||||||
|  | 				 __func__); | ||||||
|  | 			return PTR_ERR(tfm); | ||||||
|  | 		} | ||||||
|  | 		server->secmech.ccmaesdecrypt = tfm; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return 0; | ||||||
|  | } | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Pavel Shilovsky
						Pavel Shilovsky