1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
222 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 struct ksmbd_crypto_ctx *ctx;
225 char *construct = NULL;
228 ctx = ksmbd_crypto_ctx_find_hmacmd5();
230 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
234 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
236 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
240 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
242 CIFS_HMAC_MD5_HASH_SIZE);
244 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
248 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
250 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
254 len = CIFS_CRYPTO_KEY_SIZE + blen;
255 construct = kzalloc(len, GFP_KERNEL);
261 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
264 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
266 ksmbd_debug(AUTH, "Could not update with response\n");
270 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
272 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
276 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
278 ksmbd_debug(AUTH, "Could not generate sess key\n");
282 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
285 ksmbd_release_crypto_ctx(ctx);
291 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
293 * @authblob: authenticate blob source pointer
295 * @sess: session of connection
297 * Return: 0 on success, error number on error
299 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
300 int blob_len, struct ksmbd_conn *conn,
301 struct ksmbd_session *sess)
304 unsigned int nt_off, dn_off;
305 unsigned short nt_len, dn_len;
308 if (blob_len < sizeof(struct authenticate_message)) {
309 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
314 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
315 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
316 authblob->Signature);
320 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
321 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
322 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
323 dn_len = le16_to_cpu(authblob->DomainName.Length);
325 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
326 nt_len < CIFS_ENCPWD_SIZE)
329 /* TODO : use domain name that imported from configuration file */
330 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
331 dn_len, true, conn->local_nls);
332 if (IS_ERR(domain_name))
333 return PTR_ERR(domain_name);
335 /* process NTLMv2 authentication */
336 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
338 ret = ksmbd_auth_ntlmv2(conn, sess,
339 (struct ntlmv2_resp *)((char *)authblob + nt_off),
340 nt_len - CIFS_ENCPWD_SIZE,
341 domain_name, conn->ntlmssp.cryptkey);
344 /* The recovered secondary session key */
345 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
346 struct arc4_ctx *ctx_arc4;
347 unsigned int sess_key_off, sess_key_len;
349 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
350 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
352 if (blob_len < (u64)sess_key_off + sess_key_len)
355 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
359 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
360 SMB2_NTLMV2_SESSKEY_SIZE);
361 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
362 (char *)authblob + sess_key_off, sess_key_len);
363 kfree_sensitive(ctx_arc4);
370 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
372 * @negblob: negotiate blob source pointer
373 * @rsp: response header pointer to be updated
374 * @sess: session of connection
377 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
378 int blob_len, struct ksmbd_conn *conn)
380 if (blob_len < sizeof(struct negotiate_message)) {
381 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
386 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
387 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
392 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
397 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
399 * @chgblob: challenge blob source pointer to initialize
400 * @rsp: response header pointer to be updated
401 * @sess: session of connection
405 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
406 struct ksmbd_conn *conn)
408 struct target_info *tinfo;
411 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
412 int len, uni_len, conv_len;
413 int cflags = conn->ntlmssp.client_flags;
415 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
416 chgblob->MessageType = NtLmChallenge;
418 flags = NTLMSSP_NEGOTIATE_UNICODE |
419 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
420 NTLMSSP_NEGOTIATE_TARGET_INFO;
422 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
423 flags |= NTLMSSP_NEGOTIATE_SIGN;
424 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
425 NTLMSSP_NEGOTIATE_56);
428 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
429 flags |= NTLMSSP_NEGOTIATE_SEAL;
431 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
432 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
434 if (cflags & NTLMSSP_REQUEST_TARGET)
435 flags |= NTLMSSP_REQUEST_TARGET;
437 if (conn->use_spnego &&
438 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
439 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
441 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
442 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
444 chgblob->NegotiateFlags = cpu_to_le32(flags);
445 len = strlen(ksmbd_netbios_name());
446 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
450 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
452 if (conv_len < 0 || conv_len > len) {
457 uni_len = UNICODE_LEN(conv_len);
459 blob_off = sizeof(struct challenge_message);
460 blob_len = blob_off + uni_len;
462 chgblob->TargetName.Length = cpu_to_le16(uni_len);
463 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
464 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
466 /* Initialize random conn challenge */
467 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
468 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
469 CIFS_CRYPTO_KEY_SIZE);
471 /* Add Target Information to security buffer */
472 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
474 target_name = (__u8 *)chgblob + blob_off;
475 memcpy(target_name, name, uni_len);
476 tinfo = (struct target_info *)(target_name + uni_len);
478 chgblob->TargetInfoArray.Length = 0;
479 /* Add target info list for NetBIOS/DNS settings */
480 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
481 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
482 tinfo->Type = cpu_to_le16(type);
483 tinfo->Length = cpu_to_le16(uni_len);
484 memcpy(tinfo->Content, name, uni_len);
485 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
486 target_info_len += 4 + uni_len;
489 /* Add terminator subblock */
492 target_info_len += 4;
494 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
495 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
496 blob_len += target_info_len;
498 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
502 #ifdef CONFIG_SMB_SERVER_KERBEROS5
503 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
504 int in_len, char *out_blob, int *out_len)
506 struct ksmbd_spnego_authen_response *resp;
507 struct ksmbd_user *user = NULL;
510 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
512 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
516 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
517 ksmbd_debug(AUTH, "krb5 authentication failure\n");
522 if (*out_len <= resp->spnego_blob_len) {
523 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
524 *out_len, resp->spnego_blob_len);
529 if (resp->session_key_len > sizeof(sess->sess_key)) {
530 ksmbd_debug(AUTH, "session key is too long\n");
535 user = ksmbd_alloc_user(&resp->login_response);
537 ksmbd_debug(AUTH, "login failure\n");
543 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
544 memcpy(out_blob, resp->payload + resp->session_key_len,
545 resp->spnego_blob_len);
546 *out_len = resp->spnego_blob_len;
553 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
554 int in_len, char *out_blob, int *out_len)
561 * ksmbd_sign_smb2_pdu() - function to generate packet signing
564 * @iov: buffer iov array
565 * @n_vec: number of iovecs
566 * @sig: signature value generated for client request packet
569 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
570 int n_vec, char *sig)
572 struct ksmbd_crypto_ctx *ctx;
575 ctx = ksmbd_crypto_ctx_find_hmacsha256();
577 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
581 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
583 SMB2_NTLMV2_SESSKEY_SIZE);
587 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
589 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
593 for (i = 0; i < n_vec; i++) {
594 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
598 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
603 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
605 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
607 ksmbd_release_crypto_ctx(ctx);
612 * ksmbd_sign_smb3_pdu() - function to generate packet signing
615 * @iov: buffer iov array
616 * @n_vec: number of iovecs
617 * @sig: signature value generated for client request packet
620 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
621 int n_vec, char *sig)
623 struct ksmbd_crypto_ctx *ctx;
626 ctx = ksmbd_crypto_ctx_find_cmacaes();
628 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
632 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
638 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
640 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
644 for (i = 0; i < n_vec; i++) {
645 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
649 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
654 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
656 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
658 ksmbd_release_crypto_ctx(ctx);
668 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
669 struct kvec label, struct kvec context, __u8 *key,
670 unsigned int key_size)
672 unsigned char zero = 0x0;
673 __u8 i[4] = {0, 0, 0, 1};
674 __u8 L128[4] = {0, 0, 0, 128};
675 __u8 L256[4] = {0, 0, 1, 0};
677 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
678 unsigned char *hashptr = prfhash;
679 struct ksmbd_crypto_ctx *ctx;
681 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
682 memset(key, 0x0, key_size);
684 ctx = ksmbd_crypto_ctx_find_hmacsha256();
686 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
690 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
692 SMB2_NTLMV2_SESSKEY_SIZE);
694 goto smb3signkey_ret;
696 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
698 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
699 goto smb3signkey_ret;
702 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
704 ksmbd_debug(AUTH, "could not update with n\n");
705 goto smb3signkey_ret;
708 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
712 ksmbd_debug(AUTH, "could not update with label\n");
713 goto smb3signkey_ret;
716 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
718 ksmbd_debug(AUTH, "could not update with zero\n");
719 goto smb3signkey_ret;
722 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
726 ksmbd_debug(AUTH, "could not update with context\n");
727 goto smb3signkey_ret;
730 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
731 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
732 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
734 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
736 ksmbd_debug(AUTH, "could not update with L\n");
737 goto smb3signkey_ret;
740 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
742 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
744 goto smb3signkey_ret;
747 memcpy(key, hashptr, key_size);
750 ksmbd_release_crypto_ctx(ctx);
754 static int generate_smb3signingkey(struct ksmbd_session *sess,
755 struct ksmbd_conn *conn,
756 const struct derivation *signing)
759 struct channel *chann;
762 chann = lookup_chann_list(sess, conn);
766 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
767 key = chann->smb3signingkey;
769 key = sess->smb3signingkey;
771 rc = generate_key(conn, sess, signing->label, signing->context, key,
776 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
777 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
779 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
780 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
781 ksmbd_debug(AUTH, "Session Key %*ph\n",
782 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
783 ksmbd_debug(AUTH, "Signing Key %*ph\n",
784 SMB3_SIGN_KEY_SIZE, key);
788 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
789 struct ksmbd_conn *conn)
793 d.label.iov_base = "SMB2AESCMAC";
794 d.label.iov_len = 12;
795 d.context.iov_base = "SmbSign";
796 d.context.iov_len = 8;
797 d.binding = conn->binding;
799 return generate_smb3signingkey(sess, conn, &d);
802 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
803 struct ksmbd_conn *conn)
807 d.label.iov_base = "SMBSigningKey";
808 d.label.iov_len = 14;
810 struct preauth_session *preauth_sess;
812 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
815 d.context.iov_base = preauth_sess->Preauth_HashValue;
817 d.context.iov_base = sess->Preauth_HashValue;
819 d.context.iov_len = 64;
820 d.binding = conn->binding;
822 return generate_smb3signingkey(sess, conn, &d);
825 struct derivation_twin {
826 struct derivation encryption;
827 struct derivation decryption;
830 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
831 struct ksmbd_session *sess,
832 const struct derivation_twin *ptwin)
836 rc = generate_key(conn, sess, ptwin->encryption.label,
837 ptwin->encryption.context, sess->smb3encryptionkey,
838 SMB3_ENC_DEC_KEY_SIZE);
842 rc = generate_key(conn, sess, ptwin->decryption.label,
843 ptwin->decryption.context,
844 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
848 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
849 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
850 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
851 ksmbd_debug(AUTH, "Session Key %*ph\n",
852 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
853 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
854 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
855 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
856 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
857 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
858 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
860 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
861 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
862 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
863 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
868 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
869 struct ksmbd_session *sess)
871 struct derivation_twin twin;
872 struct derivation *d;
874 d = &twin.encryption;
875 d->label.iov_base = "SMB2AESCCM";
876 d->label.iov_len = 11;
877 d->context.iov_base = "ServerOut";
878 d->context.iov_len = 10;
880 d = &twin.decryption;
881 d->label.iov_base = "SMB2AESCCM";
882 d->label.iov_len = 11;
883 d->context.iov_base = "ServerIn ";
884 d->context.iov_len = 10;
886 return generate_smb3encryptionkey(conn, sess, &twin);
889 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
890 struct ksmbd_session *sess)
892 struct derivation_twin twin;
893 struct derivation *d;
895 d = &twin.encryption;
896 d->label.iov_base = "SMBS2CCipherKey";
897 d->label.iov_len = 16;
898 d->context.iov_base = sess->Preauth_HashValue;
899 d->context.iov_len = 64;
901 d = &twin.decryption;
902 d->label.iov_base = "SMBC2SCipherKey";
903 d->label.iov_len = 16;
904 d->context.iov_base = sess->Preauth_HashValue;
905 d->context.iov_len = 64;
907 return generate_smb3encryptionkey(conn, sess, &twin);
910 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
914 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
915 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
916 int msg_size = get_rfc1002_len(buf);
917 struct ksmbd_crypto_ctx *ctx = NULL;
919 if (conn->preauth_info->Preauth_HashId !=
920 SMB2_PREAUTH_INTEGRITY_SHA512)
923 ctx = ksmbd_crypto_ctx_find_sha512();
925 ksmbd_debug(AUTH, "could not alloc sha512\n");
929 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
931 ksmbd_debug(AUTH, "could not init shashn");
935 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
937 ksmbd_debug(AUTH, "could not update with n\n");
941 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
943 ksmbd_debug(AUTH, "could not update with n\n");
947 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
949 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
953 ksmbd_release_crypto_ctx(ctx);
957 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
961 struct ksmbd_crypto_ctx *ctx = NULL;
963 ctx = ksmbd_crypto_ctx_find_sha256();
965 ksmbd_debug(AUTH, "could not alloc sha256\n");
969 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
971 ksmbd_debug(AUTH, "could not init shashn");
975 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
977 ksmbd_debug(AUTH, "could not update with n\n");
981 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
983 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
987 ksmbd_release_crypto_ctx(ctx);
991 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
994 struct ksmbd_session *sess;
1000 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1004 ses_enc_key = enc ? sess->smb3encryptionkey :
1005 sess->smb3decryptionkey;
1006 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1011 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1012 unsigned int buflen)
1016 if (is_vmalloc_addr(buf))
1017 addr = vmalloc_to_page(buf);
1019 addr = virt_to_page(buf);
1020 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1023 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1026 struct scatterlist *sg;
1027 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1028 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1033 for (i = 0; i < nvec - 1; i++) {
1034 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1036 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1037 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1038 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1039 (kaddr >> PAGE_SHIFT);
1043 total_entries += nr_entries[i];
1046 /* Add two entries for transform header and signature */
1049 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1053 sg_init_table(sg, total_entries);
1054 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1055 for (i = 0; i < nvec - 1; i++) {
1056 void *data = iov[i + 1].iov_base;
1057 int len = iov[i + 1].iov_len;
1059 if (is_vmalloc_addr(data)) {
1060 int j, offset = offset_in_page(data);
1062 for (j = 0; j < nr_entries[i]; j++) {
1063 unsigned int bytes = PAGE_SIZE - offset;
1071 sg_set_page(&sg[sg_idx++],
1072 vmalloc_to_page(data), bytes,
1073 offset_in_page(data));
1080 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1081 offset_in_page(data));
1084 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1088 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1089 unsigned int nvec, int enc)
1091 struct ksmbd_conn *conn = work->conn;
1092 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1093 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1095 struct scatterlist *sg;
1096 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1097 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1098 struct aead_request *req;
1100 unsigned int iv_len;
1101 struct crypto_aead *tfm;
1102 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1103 struct ksmbd_crypto_ctx *ctx;
1105 rc = ksmbd_get_encryption_key(work,
1106 le64_to_cpu(tr_hdr->SessionId),
1110 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1114 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1115 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1116 ctx = ksmbd_crypto_ctx_find_gcm();
1118 ctx = ksmbd_crypto_ctx_find_ccm();
1120 pr_err("crypto alloc failed\n");
1124 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1125 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1126 tfm = CRYPTO_GCM(ctx);
1128 tfm = CRYPTO_CCM(ctx);
1130 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1131 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1132 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1134 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1136 pr_err("Failed to set aead key %d\n", rc);
1140 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1142 pr_err("Failed to set authsize %d\n", rc);
1146 req = aead_request_alloc(tfm, GFP_KERNEL);
1153 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1154 crypt_len += SMB2_SIGNATURE_SIZE;
1157 sg = ksmbd_init_sg(iov, nvec, sign);
1159 pr_err("Failed to init sg\n");
1164 iv_len = crypto_aead_ivsize(tfm);
1165 iv = kzalloc(iv_len, GFP_KERNEL);
1171 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1172 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1173 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1176 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1179 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1180 aead_request_set_ad(req, assoc_data_len);
1181 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1184 rc = crypto_aead_encrypt(req);
1186 rc = crypto_aead_decrypt(req);
1191 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1200 ksmbd_release_crypto_ctx(ctx);