CIFS: implement v3.11 preauth integrity

	unsigned int	max_read;

	unsigned int	max_write;

#ifdef CONFIG_CIFS_SMB311

	__u8	preauth_sha_hash[64]; /* save initital negprot hash */

	 /* save initital negprot hash */

	__u8	preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE];

#endif /* 3.1.1 */

	struct delayed_work reconnect; /* reconnect workqueue job */

	struct mutex reconnect_mutex; /* prevent simultaneous reconnects */

	__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];

	__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];

#ifdef CONFIG_CIFS_SMB311

	__u8 preauth_sha_hash[64];

	__u8 preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE];

#endif /* 3.1.1 */

};

	return 0;

}

#ifdef CONFIG_CIFS_SMB311

/**

 * smb311_update_preauth_hash - update @ses hash with the packet data in @iov

 *

 * Assumes @iov does not contain the rfc1002 length and iov[0] has the

 * SMB2 header.

 */

int

smb311_update_preauth_hash(struct cifs_ses *ses, struct kvec *iov, int nvec)

{

	int i, rc;

	struct sdesc *d;

	struct smb2_sync_hdr *hdr;

	if (ses->server->tcpStatus == CifsGood) {

		/* skip non smb311 connections */

		if (ses->server->dialect != SMB311_PROT_ID)

			return 0;

		/* skip last sess setup response */

		hdr = (struct smb2_sync_hdr *)iov[0].iov_base;

		if (hdr->Flags & SMB2_FLAGS_SIGNED)

			return 0;

	}

	rc = smb311_crypto_shash_allocate(ses->server);

	if (rc)

		return rc;

	d = ses->server->secmech.sdescsha512;

	rc = crypto_shash_init(&d->shash);

	if (rc) {

		cifs_dbg(VFS, "%s: could not init sha512 shash\n", __func__);

		return rc;

	}

	rc = crypto_shash_update(&d->shash, ses->preauth_sha_hash,

				 SMB2_PREAUTH_HASH_SIZE);

	if (rc) {

		cifs_dbg(VFS, "%s: could not update sha512 shash\n", __func__);

		return rc;

	}

	for (i = 0; i < nvec; i++) {

		rc = crypto_shash_update(&d->shash,

					 iov[i].iov_base, iov[i].iov_len);

		if (rc) {

			cifs_dbg(VFS, "%s: could not update sha512 shash\n",

				 __func__);

			return rc;

		}

	}

	rc = crypto_shash_final(&d->shash, ses->preauth_sha_hash);

	if (rc) {

		cifs_dbg(VFS, "%s: could not finalize sha512 shash\n",

			 __func__);

		return rc;

	}

	return 0;

}

#endif

		return rc;

	req->sync_hdr.SessionId = 0;

#ifdef CONFIG_CIFS_SMB311

	memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);

	memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);

#endif

	if (strcmp(ses->server->vals->version_string,

		   SMB3ANY_VERSION_STRING) == 0) {

	/* BB: add check that dialect was valid given dialect(s) we asked for */

#ifdef CONFIG_CIFS_SMB311

	/*

	 * Keep a copy of the hash after negprot. This hash will be

	 * the starting hash value for all sessions made from this

	 * server.

	 */

	memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,

	       SMB2_PREAUTH_HASH_SIZE);

#endif

	/* SMB2 only has an extended negflavor */

	server->negflavor = CIFS_NEGFLAVOR_EXTENDED;

	/* set it to the maximum buffer size value we can send with 1 credit */

		return 0;

#endif

	/* In SMB3.11 preauth integrity supersedes validate negotiate */

	if (tcon->ses->server->dialect == SMB311_PROT_ID)

		return 0;

	/*

	 * validation ioctl must be signed, so no point sending this if we

	 * can not sign it (ie are not known user).  Even if signing is not

	sess_data->buf0_type = CIFS_NO_BUFFER;

	sess_data->nls_cp = (struct nls_table *) nls_cp;

#ifdef CONFIG_CIFS_SMB311

	/*

	 * Initialize the session hash with the server one.

	 */

	memcpy(ses->preauth_sha_hash, ses->server->preauth_sha_hash,

	       SMB2_PREAUTH_HASH_SIZE);

#endif

	while (sess_data->func)

		sess_data->func(sess_data);

#define SMB311_SALT_SIZE			32

/* Hash Algorithm Types */

#define SMB2_PREAUTH_INTEGRITY_SHA512	cpu_to_le16(0x0001)

#define SMB2_PREAUTH_HASH_SIZE 64

struct smb2_preauth_neg_context {

	__le16	ContextType; /* 1 */

					enum securityEnum);

#ifdef CONFIG_CIFS_SMB311

extern int smb311_crypto_shash_allocate(struct TCP_Server_Info *server);

extern int smb311_update_preauth_hash(struct cifs_ses *ses,

				      struct kvec *iov, int nvec);

#endif

#endif			/* _SMB2PROTO_H */