1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
222 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 struct ksmbd_crypto_ctx *ctx = NULL;
225 char *construct = NULL;
228 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
230 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
234 ctx = ksmbd_crypto_ctx_find_hmacmd5();
236 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
240 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
242 CIFS_HMAC_MD5_HASH_SIZE);
244 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
248 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
250 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
254 len = CIFS_CRYPTO_KEY_SIZE + blen;
255 construct = kzalloc(len, GFP_KERNEL);
261 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
264 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
266 ksmbd_debug(AUTH, "Could not update with response\n");
270 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
272 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
275 ksmbd_release_crypto_ctx(ctx);
278 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
280 ksmbd_debug(AUTH, "Could not generate sess key\n");
284 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
288 ksmbd_release_crypto_ctx(ctx);
294 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
296 * @authblob: authenticate blob source pointer
298 * @sess: session of connection
300 * Return: 0 on success, error number on error
302 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
303 int blob_len, struct ksmbd_conn *conn,
304 struct ksmbd_session *sess)
307 unsigned int nt_off, dn_off;
308 unsigned short nt_len, dn_len;
311 if (blob_len < sizeof(struct authenticate_message)) {
312 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
317 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
318 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
319 authblob->Signature);
323 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
324 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
325 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
326 dn_len = le16_to_cpu(authblob->DomainName.Length);
328 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
329 nt_len < CIFS_ENCPWD_SIZE)
332 /* TODO : use domain name that imported from configuration file */
333 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
334 dn_len, true, conn->local_nls);
335 if (IS_ERR(domain_name))
336 return PTR_ERR(domain_name);
338 /* process NTLMv2 authentication */
339 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
341 ret = ksmbd_auth_ntlmv2(conn, sess,
342 (struct ntlmv2_resp *)((char *)authblob + nt_off),
343 nt_len - CIFS_ENCPWD_SIZE,
344 domain_name, conn->ntlmssp.cryptkey);
347 /* The recovered secondary session key */
348 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
349 struct arc4_ctx *ctx_arc4;
350 unsigned int sess_key_off, sess_key_len;
352 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
353 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
355 if (blob_len < (u64)sess_key_off + sess_key_len)
358 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
362 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
363 SMB2_NTLMV2_SESSKEY_SIZE);
364 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
365 (char *)authblob + sess_key_off, sess_key_len);
366 kfree_sensitive(ctx_arc4);
373 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
375 * @negblob: negotiate blob source pointer
376 * @rsp: response header pointer to be updated
377 * @sess: session of connection
380 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
381 int blob_len, struct ksmbd_conn *conn)
383 if (blob_len < sizeof(struct negotiate_message)) {
384 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
389 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
390 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
395 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
400 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
402 * @chgblob: challenge blob source pointer to initialize
403 * @rsp: response header pointer to be updated
404 * @sess: session of connection
408 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
409 struct ksmbd_conn *conn)
411 struct target_info *tinfo;
414 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
415 int len, uni_len, conv_len;
416 int cflags = conn->ntlmssp.client_flags;
418 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
419 chgblob->MessageType = NtLmChallenge;
421 flags = NTLMSSP_NEGOTIATE_UNICODE |
422 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
423 NTLMSSP_NEGOTIATE_TARGET_INFO;
425 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
426 flags |= NTLMSSP_NEGOTIATE_SIGN;
427 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
428 NTLMSSP_NEGOTIATE_56);
431 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
432 flags |= NTLMSSP_NEGOTIATE_SEAL;
434 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
435 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
437 if (cflags & NTLMSSP_REQUEST_TARGET)
438 flags |= NTLMSSP_REQUEST_TARGET;
440 if (conn->use_spnego &&
441 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
442 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
444 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
445 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
447 chgblob->NegotiateFlags = cpu_to_le32(flags);
448 len = strlen(ksmbd_netbios_name());
449 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
453 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
455 if (conv_len < 0 || conv_len > len) {
460 uni_len = UNICODE_LEN(conv_len);
462 blob_off = sizeof(struct challenge_message);
463 blob_len = blob_off + uni_len;
465 chgblob->TargetName.Length = cpu_to_le16(uni_len);
466 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
467 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
469 /* Initialize random conn challenge */
470 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
471 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
472 CIFS_CRYPTO_KEY_SIZE);
474 /* Add Target Information to security buffer */
475 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
477 target_name = (__u8 *)chgblob + blob_off;
478 memcpy(target_name, name, uni_len);
479 tinfo = (struct target_info *)(target_name + uni_len);
481 chgblob->TargetInfoArray.Length = 0;
482 /* Add target info list for NetBIOS/DNS settings */
483 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
484 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
485 tinfo->Type = cpu_to_le16(type);
486 tinfo->Length = cpu_to_le16(uni_len);
487 memcpy(tinfo->Content, name, uni_len);
488 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
489 target_info_len += 4 + uni_len;
492 /* Add terminator subblock */
495 target_info_len += 4;
497 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
498 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
499 blob_len += target_info_len;
501 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
505 #ifdef CONFIG_SMB_SERVER_KERBEROS5
506 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
507 int in_len, char *out_blob, int *out_len)
509 struct ksmbd_spnego_authen_response *resp;
510 struct ksmbd_user *user = NULL;
513 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
515 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
519 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
520 ksmbd_debug(AUTH, "krb5 authentication failure\n");
525 if (*out_len <= resp->spnego_blob_len) {
526 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
527 *out_len, resp->spnego_blob_len);
532 if (resp->session_key_len > sizeof(sess->sess_key)) {
533 ksmbd_debug(AUTH, "session key is too long\n");
538 user = ksmbd_alloc_user(&resp->login_response);
540 ksmbd_debug(AUTH, "login failure\n");
546 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
547 memcpy(out_blob, resp->payload + resp->session_key_len,
548 resp->spnego_blob_len);
549 *out_len = resp->spnego_blob_len;
556 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
557 int in_len, char *out_blob, int *out_len)
564 * ksmbd_sign_smb2_pdu() - function to generate packet signing
567 * @iov: buffer iov array
568 * @n_vec: number of iovecs
569 * @sig: signature value generated for client request packet
572 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
573 int n_vec, char *sig)
575 struct ksmbd_crypto_ctx *ctx;
578 ctx = ksmbd_crypto_ctx_find_hmacsha256();
580 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
584 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
586 SMB2_NTLMV2_SESSKEY_SIZE);
590 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
592 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
596 for (i = 0; i < n_vec; i++) {
597 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
601 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
606 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
608 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
610 ksmbd_release_crypto_ctx(ctx);
615 * ksmbd_sign_smb3_pdu() - function to generate packet signing
618 * @iov: buffer iov array
619 * @n_vec: number of iovecs
620 * @sig: signature value generated for client request packet
623 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
624 int n_vec, char *sig)
626 struct ksmbd_crypto_ctx *ctx;
629 ctx = ksmbd_crypto_ctx_find_cmacaes();
631 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
635 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
641 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
643 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
647 for (i = 0; i < n_vec; i++) {
648 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
652 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
657 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
659 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
661 ksmbd_release_crypto_ctx(ctx);
671 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
672 struct kvec label, struct kvec context, __u8 *key,
673 unsigned int key_size)
675 unsigned char zero = 0x0;
676 __u8 i[4] = {0, 0, 0, 1};
677 __u8 L128[4] = {0, 0, 0, 128};
678 __u8 L256[4] = {0, 0, 1, 0};
680 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
681 unsigned char *hashptr = prfhash;
682 struct ksmbd_crypto_ctx *ctx;
684 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
685 memset(key, 0x0, key_size);
687 ctx = ksmbd_crypto_ctx_find_hmacsha256();
689 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
693 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
695 SMB2_NTLMV2_SESSKEY_SIZE);
697 goto smb3signkey_ret;
699 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
701 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
702 goto smb3signkey_ret;
705 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
707 ksmbd_debug(AUTH, "could not update with n\n");
708 goto smb3signkey_ret;
711 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
715 ksmbd_debug(AUTH, "could not update with label\n");
716 goto smb3signkey_ret;
719 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
721 ksmbd_debug(AUTH, "could not update with zero\n");
722 goto smb3signkey_ret;
725 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
729 ksmbd_debug(AUTH, "could not update with context\n");
730 goto smb3signkey_ret;
733 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
734 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
735 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
736 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
738 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
740 ksmbd_debug(AUTH, "could not update with L\n");
741 goto smb3signkey_ret;
744 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
746 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
748 goto smb3signkey_ret;
751 memcpy(key, hashptr, key_size);
754 ksmbd_release_crypto_ctx(ctx);
758 static int generate_smb3signingkey(struct ksmbd_session *sess,
759 struct ksmbd_conn *conn,
760 const struct derivation *signing)
763 struct channel *chann;
766 chann = lookup_chann_list(sess, conn);
770 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
771 key = chann->smb3signingkey;
773 key = sess->smb3signingkey;
775 rc = generate_key(conn, sess, signing->label, signing->context, key,
780 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
781 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
783 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
784 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
785 ksmbd_debug(AUTH, "Session Key %*ph\n",
786 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
787 ksmbd_debug(AUTH, "Signing Key %*ph\n",
788 SMB3_SIGN_KEY_SIZE, key);
792 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
793 struct ksmbd_conn *conn)
797 d.label.iov_base = "SMB2AESCMAC";
798 d.label.iov_len = 12;
799 d.context.iov_base = "SmbSign";
800 d.context.iov_len = 8;
801 d.binding = conn->binding;
803 return generate_smb3signingkey(sess, conn, &d);
806 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
807 struct ksmbd_conn *conn)
811 d.label.iov_base = "SMBSigningKey";
812 d.label.iov_len = 14;
814 struct preauth_session *preauth_sess;
816 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
819 d.context.iov_base = preauth_sess->Preauth_HashValue;
821 d.context.iov_base = sess->Preauth_HashValue;
823 d.context.iov_len = 64;
824 d.binding = conn->binding;
826 return generate_smb3signingkey(sess, conn, &d);
829 struct derivation_twin {
830 struct derivation encryption;
831 struct derivation decryption;
834 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
835 struct ksmbd_session *sess,
836 const struct derivation_twin *ptwin)
840 rc = generate_key(conn, sess, ptwin->encryption.label,
841 ptwin->encryption.context, sess->smb3encryptionkey,
842 SMB3_ENC_DEC_KEY_SIZE);
846 rc = generate_key(conn, sess, ptwin->decryption.label,
847 ptwin->decryption.context,
848 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
852 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
853 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
854 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
855 ksmbd_debug(AUTH, "Session Key %*ph\n",
856 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
857 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
858 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
859 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
860 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
861 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
862 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
864 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
865 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
866 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
867 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
872 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
873 struct ksmbd_session *sess)
875 struct derivation_twin twin;
876 struct derivation *d;
878 d = &twin.encryption;
879 d->label.iov_base = "SMB2AESCCM";
880 d->label.iov_len = 11;
881 d->context.iov_base = "ServerOut";
882 d->context.iov_len = 10;
884 d = &twin.decryption;
885 d->label.iov_base = "SMB2AESCCM";
886 d->label.iov_len = 11;
887 d->context.iov_base = "ServerIn ";
888 d->context.iov_len = 10;
890 return generate_smb3encryptionkey(conn, sess, &twin);
893 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
894 struct ksmbd_session *sess)
896 struct derivation_twin twin;
897 struct derivation *d;
899 d = &twin.encryption;
900 d->label.iov_base = "SMBS2CCipherKey";
901 d->label.iov_len = 16;
902 d->context.iov_base = sess->Preauth_HashValue;
903 d->context.iov_len = 64;
905 d = &twin.decryption;
906 d->label.iov_base = "SMBC2SCipherKey";
907 d->label.iov_len = 16;
908 d->context.iov_base = sess->Preauth_HashValue;
909 d->context.iov_len = 64;
911 return generate_smb3encryptionkey(conn, sess, &twin);
914 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
918 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
919 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
920 int msg_size = get_rfc1002_len(buf);
921 struct ksmbd_crypto_ctx *ctx = NULL;
923 if (conn->preauth_info->Preauth_HashId !=
924 SMB2_PREAUTH_INTEGRITY_SHA512)
927 ctx = ksmbd_crypto_ctx_find_sha512();
929 ksmbd_debug(AUTH, "could not alloc sha512\n");
933 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
935 ksmbd_debug(AUTH, "could not init shashn");
939 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
941 ksmbd_debug(AUTH, "could not update with n\n");
945 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
947 ksmbd_debug(AUTH, "could not update with n\n");
951 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
953 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
957 ksmbd_release_crypto_ctx(ctx);
961 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
965 struct ksmbd_crypto_ctx *ctx = NULL;
967 ctx = ksmbd_crypto_ctx_find_sha256();
969 ksmbd_debug(AUTH, "could not alloc sha256\n");
973 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
975 ksmbd_debug(AUTH, "could not init shashn");
979 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
981 ksmbd_debug(AUTH, "could not update with n\n");
985 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
987 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
991 ksmbd_release_crypto_ctx(ctx);
995 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
998 struct ksmbd_session *sess;
1004 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1008 ses_enc_key = enc ? sess->smb3encryptionkey :
1009 sess->smb3decryptionkey;
1010 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1015 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1016 unsigned int buflen)
1020 if (is_vmalloc_addr(buf))
1021 addr = vmalloc_to_page(buf);
1023 addr = virt_to_page(buf);
1024 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1027 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1030 struct scatterlist *sg;
1031 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1032 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1037 for (i = 0; i < nvec - 1; i++) {
1038 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1040 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1041 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1042 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1043 (kaddr >> PAGE_SHIFT);
1047 total_entries += nr_entries[i];
1050 /* Add two entries for transform header and signature */
1053 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1057 sg_init_table(sg, total_entries);
1058 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1059 for (i = 0; i < nvec - 1; i++) {
1060 void *data = iov[i + 1].iov_base;
1061 int len = iov[i + 1].iov_len;
1063 if (is_vmalloc_addr(data)) {
1064 int j, offset = offset_in_page(data);
1066 for (j = 0; j < nr_entries[i]; j++) {
1067 unsigned int bytes = PAGE_SIZE - offset;
1075 sg_set_page(&sg[sg_idx++],
1076 vmalloc_to_page(data), bytes,
1077 offset_in_page(data));
1084 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1085 offset_in_page(data));
1088 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1092 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1093 unsigned int nvec, int enc)
1095 struct ksmbd_conn *conn = work->conn;
1096 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1097 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1099 struct scatterlist *sg;
1100 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1101 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1102 struct aead_request *req;
1104 unsigned int iv_len;
1105 struct crypto_aead *tfm;
1106 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1107 struct ksmbd_crypto_ctx *ctx;
1109 rc = ksmbd_get_encryption_key(work,
1110 le64_to_cpu(tr_hdr->SessionId),
1114 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1118 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1119 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1120 ctx = ksmbd_crypto_ctx_find_gcm();
1122 ctx = ksmbd_crypto_ctx_find_ccm();
1124 pr_err("crypto alloc failed\n");
1128 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1129 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1130 tfm = CRYPTO_GCM(ctx);
1132 tfm = CRYPTO_CCM(ctx);
1134 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1135 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1136 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1138 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1140 pr_err("Failed to set aead key %d\n", rc);
1144 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1146 pr_err("Failed to set authsize %d\n", rc);
1150 req = aead_request_alloc(tfm, GFP_KERNEL);
1157 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1158 crypt_len += SMB2_SIGNATURE_SIZE;
1161 sg = ksmbd_init_sg(iov, nvec, sign);
1163 pr_err("Failed to init sg\n");
1168 iv_len = crypto_aead_ivsize(tfm);
1169 iv = kzalloc(iv_len, GFP_KERNEL);
1175 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1176 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1177 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1180 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1183 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1184 aead_request_set_ad(req, assoc_data_len);
1185 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1188 rc = crypto_aead_encrypt(req);
1190 rc = crypto_aead_decrypt(req);
1195 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1204 ksmbd_release_crypto_ctx(ctx);