1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash,
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
161 sess->conn->local_nls);
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
185 sess->conn->local_nls);
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
219 int blen, char *domain_name, char *cryptkey)
221 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
222 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
223 struct ksmbd_crypto_ctx *ctx;
224 char *construct = NULL;
227 ctx = ksmbd_crypto_ctx_find_hmacmd5();
229 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
233 rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name);
235 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
239 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
241 CIFS_HMAC_MD5_HASH_SIZE);
243 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
247 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
249 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
253 len = CIFS_CRYPTO_KEY_SIZE + blen;
254 construct = kzalloc(len, GFP_KERNEL);
260 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
261 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
263 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
265 ksmbd_debug(AUTH, "Could not update with response\n");
269 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
271 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
275 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
277 ksmbd_debug(AUTH, "Could not generate sess key\n");
281 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
284 ksmbd_release_crypto_ctx(ctx);
290 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
292 * @authblob: authenticate blob source pointer
294 * @sess: session of connection
296 * Return: 0 on success, error number on error
298 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
299 int blob_len, struct ksmbd_conn *conn,
300 struct ksmbd_session *sess)
303 unsigned int nt_off, dn_off;
304 unsigned short nt_len, dn_len;
307 if (blob_len < sizeof(struct authenticate_message)) {
308 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
313 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
314 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
315 authblob->Signature);
319 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
320 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
321 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
322 dn_len = le16_to_cpu(authblob->DomainName.Length);
324 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len)
327 /* TODO : use domain name that imported from configuration file */
328 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
329 dn_len, true, conn->local_nls);
330 if (IS_ERR(domain_name))
331 return PTR_ERR(domain_name);
333 /* process NTLMv2 authentication */
334 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
336 ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off),
337 nt_len - CIFS_ENCPWD_SIZE,
338 domain_name, conn->ntlmssp.cryptkey);
341 /* The recovered secondary session key */
342 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
343 struct arc4_ctx *ctx_arc4;
344 unsigned int sess_key_off, sess_key_len;
346 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
347 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
349 if (blob_len < (u64)sess_key_off + sess_key_len)
352 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
356 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
357 SMB2_NTLMV2_SESSKEY_SIZE);
358 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
359 (char *)authblob + sess_key_off, sess_key_len);
360 kfree_sensitive(ctx_arc4);
367 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
369 * @negblob: negotiate blob source pointer
370 * @rsp: response header pointer to be updated
371 * @sess: session of connection
374 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
375 int blob_len, struct ksmbd_conn *conn)
377 if (blob_len < sizeof(struct negotiate_message)) {
378 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
383 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
384 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
389 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
394 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
396 * @chgblob: challenge blob source pointer to initialize
397 * @rsp: response header pointer to be updated
398 * @sess: session of connection
402 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
403 struct ksmbd_conn *conn)
405 struct target_info *tinfo;
408 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
409 int len, uni_len, conv_len;
410 int cflags = conn->ntlmssp.client_flags;
412 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
413 chgblob->MessageType = NtLmChallenge;
415 flags = NTLMSSP_NEGOTIATE_UNICODE |
416 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
417 NTLMSSP_NEGOTIATE_TARGET_INFO;
419 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
420 flags |= NTLMSSP_NEGOTIATE_SIGN;
421 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
422 NTLMSSP_NEGOTIATE_56);
425 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
426 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
428 if (cflags & NTLMSSP_REQUEST_TARGET)
429 flags |= NTLMSSP_REQUEST_TARGET;
431 if (conn->use_spnego &&
432 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
433 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
435 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
436 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
438 chgblob->NegotiateFlags = cpu_to_le32(flags);
439 len = strlen(ksmbd_netbios_name());
440 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
444 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
446 if (conv_len < 0 || conv_len > len) {
451 uni_len = UNICODE_LEN(conv_len);
453 blob_off = sizeof(struct challenge_message);
454 blob_len = blob_off + uni_len;
456 chgblob->TargetName.Length = cpu_to_le16(uni_len);
457 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
458 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
460 /* Initialize random conn challenge */
461 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
462 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
463 CIFS_CRYPTO_KEY_SIZE);
465 /* Add Target Information to security buffer */
466 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
468 target_name = (__u8 *)chgblob + blob_off;
469 memcpy(target_name, name, uni_len);
470 tinfo = (struct target_info *)(target_name + uni_len);
472 chgblob->TargetInfoArray.Length = 0;
473 /* Add target info list for NetBIOS/DNS settings */
474 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
475 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
476 tinfo->Type = cpu_to_le16(type);
477 tinfo->Length = cpu_to_le16(uni_len);
478 memcpy(tinfo->Content, name, uni_len);
479 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
480 target_info_len += 4 + uni_len;
483 /* Add terminator subblock */
486 target_info_len += 4;
488 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
489 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
490 blob_len += target_info_len;
492 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
496 #ifdef CONFIG_SMB_SERVER_KERBEROS5
497 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
498 int in_len, char *out_blob, int *out_len)
500 struct ksmbd_spnego_authen_response *resp;
501 struct ksmbd_user *user = NULL;
504 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
506 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
510 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
511 ksmbd_debug(AUTH, "krb5 authentication failure\n");
516 if (*out_len <= resp->spnego_blob_len) {
517 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
518 *out_len, resp->spnego_blob_len);
523 if (resp->session_key_len > sizeof(sess->sess_key)) {
524 ksmbd_debug(AUTH, "session key is too long\n");
529 user = ksmbd_alloc_user(&resp->login_response);
531 ksmbd_debug(AUTH, "login failure\n");
537 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
538 memcpy(out_blob, resp->payload + resp->session_key_len,
539 resp->spnego_blob_len);
540 *out_len = resp->spnego_blob_len;
547 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
548 int in_len, char *out_blob, int *out_len)
555 * ksmbd_sign_smb2_pdu() - function to generate packet signing
558 * @iov: buffer iov array
559 * @n_vec: number of iovecs
560 * @sig: signature value generated for client request packet
563 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
564 int n_vec, char *sig)
566 struct ksmbd_crypto_ctx *ctx;
569 ctx = ksmbd_crypto_ctx_find_hmacsha256();
571 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
575 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
577 SMB2_NTLMV2_SESSKEY_SIZE);
581 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
583 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
587 for (i = 0; i < n_vec; i++) {
588 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
592 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
597 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
599 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
601 ksmbd_release_crypto_ctx(ctx);
606 * ksmbd_sign_smb3_pdu() - function to generate packet signing
609 * @iov: buffer iov array
610 * @n_vec: number of iovecs
611 * @sig: signature value generated for client request packet
614 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
615 int n_vec, char *sig)
617 struct ksmbd_crypto_ctx *ctx;
620 ctx = ksmbd_crypto_ctx_find_cmacaes();
622 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
626 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
632 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
634 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
638 for (i = 0; i < n_vec; i++) {
639 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
643 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
648 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
650 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
652 ksmbd_release_crypto_ctx(ctx);
662 static int generate_key(struct ksmbd_session *sess, struct kvec label,
663 struct kvec context, __u8 *key, unsigned int key_size)
665 unsigned char zero = 0x0;
666 __u8 i[4] = {0, 0, 0, 1};
667 __u8 L128[4] = {0, 0, 0, 128};
668 __u8 L256[4] = {0, 0, 1, 0};
670 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
671 unsigned char *hashptr = prfhash;
672 struct ksmbd_crypto_ctx *ctx;
674 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
675 memset(key, 0x0, key_size);
677 ctx = ksmbd_crypto_ctx_find_hmacsha256();
679 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
683 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
685 SMB2_NTLMV2_SESSKEY_SIZE);
687 goto smb3signkey_ret;
689 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
691 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
692 goto smb3signkey_ret;
695 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
697 ksmbd_debug(AUTH, "could not update with n\n");
698 goto smb3signkey_ret;
701 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
705 ksmbd_debug(AUTH, "could not update with label\n");
706 goto smb3signkey_ret;
709 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
711 ksmbd_debug(AUTH, "could not update with zero\n");
712 goto smb3signkey_ret;
715 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
719 ksmbd_debug(AUTH, "could not update with context\n");
720 goto smb3signkey_ret;
723 if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
724 sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
725 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
727 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
729 ksmbd_debug(AUTH, "could not update with L\n");
730 goto smb3signkey_ret;
733 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
735 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
737 goto smb3signkey_ret;
740 memcpy(key, hashptr, key_size);
743 ksmbd_release_crypto_ctx(ctx);
747 static int generate_smb3signingkey(struct ksmbd_session *sess,
748 struct ksmbd_conn *conn,
749 const struct derivation *signing)
752 struct channel *chann;
755 chann = lookup_chann_list(sess, conn);
759 if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding)
760 key = chann->smb3signingkey;
762 key = sess->smb3signingkey;
764 rc = generate_key(sess, signing->label, signing->context, key,
769 if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding))
770 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
772 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
773 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
774 ksmbd_debug(AUTH, "Session Key %*ph\n",
775 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
776 ksmbd_debug(AUTH, "Signing Key %*ph\n",
777 SMB3_SIGN_KEY_SIZE, key);
781 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
782 struct ksmbd_conn *conn)
786 d.label.iov_base = "SMB2AESCMAC";
787 d.label.iov_len = 12;
788 d.context.iov_base = "SmbSign";
789 d.context.iov_len = 8;
790 d.binding = conn->binding;
792 return generate_smb3signingkey(sess, conn, &d);
795 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
796 struct ksmbd_conn *conn)
800 d.label.iov_base = "SMBSigningKey";
801 d.label.iov_len = 14;
803 struct preauth_session *preauth_sess;
805 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
808 d.context.iov_base = preauth_sess->Preauth_HashValue;
810 d.context.iov_base = sess->Preauth_HashValue;
812 d.context.iov_len = 64;
813 d.binding = conn->binding;
815 return generate_smb3signingkey(sess, conn, &d);
818 struct derivation_twin {
819 struct derivation encryption;
820 struct derivation decryption;
823 static int generate_smb3encryptionkey(struct ksmbd_session *sess,
824 const struct derivation_twin *ptwin)
828 rc = generate_key(sess, ptwin->encryption.label,
829 ptwin->encryption.context, sess->smb3encryptionkey,
830 SMB3_ENC_DEC_KEY_SIZE);
834 rc = generate_key(sess, ptwin->decryption.label,
835 ptwin->decryption.context,
836 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
840 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
841 ksmbd_debug(AUTH, "Cipher type %d\n", sess->conn->cipher_type);
842 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
843 ksmbd_debug(AUTH, "Session Key %*ph\n",
844 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
845 if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
846 sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
847 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
848 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
849 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
850 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
852 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
853 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
854 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
855 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
860 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess)
862 struct derivation_twin twin;
863 struct derivation *d;
865 d = &twin.encryption;
866 d->label.iov_base = "SMB2AESCCM";
867 d->label.iov_len = 11;
868 d->context.iov_base = "ServerOut";
869 d->context.iov_len = 10;
871 d = &twin.decryption;
872 d->label.iov_base = "SMB2AESCCM";
873 d->label.iov_len = 11;
874 d->context.iov_base = "ServerIn ";
875 d->context.iov_len = 10;
877 return generate_smb3encryptionkey(sess, &twin);
880 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess)
882 struct derivation_twin twin;
883 struct derivation *d;
885 d = &twin.encryption;
886 d->label.iov_base = "SMBS2CCipherKey";
887 d->label.iov_len = 16;
888 d->context.iov_base = sess->Preauth_HashValue;
889 d->context.iov_len = 64;
891 d = &twin.decryption;
892 d->label.iov_base = "SMBC2SCipherKey";
893 d->label.iov_len = 16;
894 d->context.iov_base = sess->Preauth_HashValue;
895 d->context.iov_len = 64;
897 return generate_smb3encryptionkey(sess, &twin);
900 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
904 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
905 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
906 int msg_size = get_rfc1002_len(buf);
907 struct ksmbd_crypto_ctx *ctx = NULL;
909 if (conn->preauth_info->Preauth_HashId !=
910 SMB2_PREAUTH_INTEGRITY_SHA512)
913 ctx = ksmbd_crypto_ctx_find_sha512();
915 ksmbd_debug(AUTH, "could not alloc sha512\n");
919 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
921 ksmbd_debug(AUTH, "could not init shashn");
925 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
927 ksmbd_debug(AUTH, "could not update with n\n");
931 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
933 ksmbd_debug(AUTH, "could not update with n\n");
937 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
939 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
943 ksmbd_release_crypto_ctx(ctx);
947 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
951 struct ksmbd_crypto_ctx *ctx = NULL;
953 ctx = ksmbd_crypto_ctx_find_sha256();
955 ksmbd_debug(AUTH, "could not alloc sha256\n");
959 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
961 ksmbd_debug(AUTH, "could not init shashn");
965 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
967 ksmbd_debug(AUTH, "could not update with n\n");
971 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
973 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
977 ksmbd_release_crypto_ctx(ctx);
981 static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id,
984 struct ksmbd_session *sess;
987 sess = ksmbd_session_lookup_all(conn, ses_id);
991 ses_enc_key = enc ? sess->smb3encryptionkey :
992 sess->smb3decryptionkey;
993 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
998 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1003 if (is_vmalloc_addr(buf))
1004 addr = vmalloc_to_page(buf);
1006 addr = virt_to_page(buf);
1007 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1010 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1013 struct scatterlist *sg;
1014 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1015 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1020 for (i = 0; i < nvec - 1; i++) {
1021 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1023 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1024 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1025 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1026 (kaddr >> PAGE_SHIFT);
1030 total_entries += nr_entries[i];
1033 /* Add two entries for transform header and signature */
1036 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1040 sg_init_table(sg, total_entries);
1041 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1042 for (i = 0; i < nvec - 1; i++) {
1043 void *data = iov[i + 1].iov_base;
1044 int len = iov[i + 1].iov_len;
1046 if (is_vmalloc_addr(data)) {
1047 int j, offset = offset_in_page(data);
1049 for (j = 0; j < nr_entries[i]; j++) {
1050 unsigned int bytes = PAGE_SIZE - offset;
1058 sg_set_page(&sg[sg_idx++],
1059 vmalloc_to_page(data), bytes,
1060 offset_in_page(data));
1067 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1068 offset_in_page(data));
1071 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1075 int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,
1076 unsigned int nvec, int enc)
1078 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1079 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1081 struct scatterlist *sg;
1082 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1083 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1084 struct aead_request *req;
1086 unsigned int iv_len;
1087 struct crypto_aead *tfm;
1088 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1089 struct ksmbd_crypto_ctx *ctx;
1091 rc = ksmbd_get_encryption_key(conn,
1092 le64_to_cpu(tr_hdr->SessionId),
1096 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1100 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1101 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1102 ctx = ksmbd_crypto_ctx_find_gcm();
1104 ctx = ksmbd_crypto_ctx_find_ccm();
1106 pr_err("crypto alloc failed\n");
1110 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1111 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1112 tfm = CRYPTO_GCM(ctx);
1114 tfm = CRYPTO_CCM(ctx);
1116 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1117 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1118 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1120 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1122 pr_err("Failed to set aead key %d\n", rc);
1126 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1128 pr_err("Failed to set authsize %d\n", rc);
1132 req = aead_request_alloc(tfm, GFP_KERNEL);
1139 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1140 crypt_len += SMB2_SIGNATURE_SIZE;
1143 sg = ksmbd_init_sg(iov, nvec, sign);
1145 pr_err("Failed to init sg\n");
1150 iv_len = crypto_aead_ivsize(tfm);
1151 iv = kzalloc(iv_len, GFP_KERNEL);
1157 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1158 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1159 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1162 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1165 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1166 aead_request_set_ad(req, assoc_data_len);
1167 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1170 rc = crypto_aead_encrypt(req);
1172 rc = crypto_aead_decrypt(req);
1177 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1186 ksmbd_release_crypto_ctx(ctx);
projects / linux-2.6-microblaze.git / blob