1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "buffer_pool.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 str_to_key(unsigned char *str, unsigned char *key)
78 key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
79 key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
80 key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
81 key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
82 key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
83 key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
84 key[7] = str[6] & 0x7F;
85 for (i = 0; i < 8; i++)
86 key[i] = (key[i] << 1);
90 smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
92 unsigned char key2[8];
97 "FIPS compliance enabled: DES not permitted\n");
101 str_to_key(key, key2);
102 des_expand_key(&ctx, key2, DES_KEY_SIZE);
103 des_encrypt(&ctx, out, in);
104 memzero_explicit(&ctx, sizeof(ctx));
108 static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
112 rc = smbhash(p24, c8, p21);
115 rc = smbhash(p24 + 8, c8, p21 + 7);
118 return smbhash(p24 + 16, c8, p21 + 14);
121 /* produce a md4 message digest from data of length n bytes */
122 static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str,
126 struct ksmbd_crypto_ctx *ctx;
128 ctx = ksmbd_crypto_ctx_find_md4();
130 ksmbd_debug(AUTH, "Crypto md4 allocation error\n");
134 rc = crypto_shash_init(CRYPTO_MD4(ctx));
136 ksmbd_debug(AUTH, "Could not init md4 shash\n");
140 rc = crypto_shash_update(CRYPTO_MD4(ctx), link_str, link_len);
142 ksmbd_debug(AUTH, "Could not update with link_str\n");
146 rc = crypto_shash_final(CRYPTO_MD4(ctx), md4_hash);
148 ksmbd_debug(AUTH, "Could not generate md4 hash\n");
150 ksmbd_release_crypto_ctx(ctx);
154 static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce,
155 char *server_challenge, int len)
158 struct ksmbd_crypto_ctx *ctx;
160 ctx = ksmbd_crypto_ctx_find_md5();
162 ksmbd_debug(AUTH, "Crypto md5 allocation error\n");
166 rc = crypto_shash_init(CRYPTO_MD5(ctx));
168 ksmbd_debug(AUTH, "Could not init md5 shash\n");
172 rc = crypto_shash_update(CRYPTO_MD5(ctx), server_challenge, len);
174 ksmbd_debug(AUTH, "Could not update with challenge\n");
178 rc = crypto_shash_update(CRYPTO_MD5(ctx), nonce, len);
180 ksmbd_debug(AUTH, "Could not update with nonce\n");
184 rc = crypto_shash_final(CRYPTO_MD5(ctx), md5_hash);
186 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
188 ksmbd_release_crypto_ctx(ctx);
193 * ksmbd_gen_sess_key() - function to generate session key
194 * @sess: session of connection
195 * @hash: source hash value to be used for find session key
196 * @hmac: source hmac value to be used for finding session key
199 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
202 struct ksmbd_crypto_ctx *ctx;
205 ctx = ksmbd_crypto_ctx_find_hmacmd5();
209 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
211 CIFS_HMAC_MD5_HASH_SIZE);
213 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
217 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
219 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
223 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
225 SMB2_NTLMV2_SESSKEY_SIZE);
227 ksmbd_debug(AUTH, "Could not update with response error %d\n",
232 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
234 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
240 ksmbd_release_crypto_ctx(ctx);
244 static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash,
247 int ret = -EINVAL, len;
248 wchar_t *domain = NULL;
249 __le16 *uniname = NULL;
250 struct ksmbd_crypto_ctx *ctx;
252 ctx = ksmbd_crypto_ctx_find_hmacmd5();
254 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
258 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
259 user_passkey(sess->user),
262 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
266 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
268 ksmbd_debug(AUTH, "could not init hmacmd5\n");
272 /* convert user_name to unicode */
273 len = strlen(user_name(sess->user));
274 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
281 len = smb_strtoUTF16(uniname, user_name(sess->user), len,
282 sess->conn->local_nls);
286 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
290 ksmbd_debug(AUTH, "Could not update with user\n");
294 /* Convert domain name or conn name to unicode and uppercase */
296 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
302 len = smb_strtoUTF16((__le16 *)domain, dname, len,
303 sess->conn->local_nls);
305 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
309 ksmbd_debug(AUTH, "Could not update with domain\n");
313 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
315 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
319 ksmbd_release_crypto_ctx(ctx);
324 * ksmbd_auth_ntlm() - NTLM authentication handler
325 * @sess: session of connection
326 * @pw_buf: NTLM challenge response
327 * @passkey: user password
329 * Return: 0 on success, error number on error
331 int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf)
334 unsigned char p21[21];
335 char key[CIFS_AUTH_RESP_SIZE];
337 memset(p21, '\0', 21);
338 memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE);
339 rc = ksmbd_enc_p24(p21, sess->ntlmssp.cryptkey, key);
341 ksmbd_err("password processing failed\n");
345 ksmbd_enc_md4(sess->sess_key,
346 user_passkey(sess->user),
347 CIFS_SMB1_SESSKEY_SIZE);
348 memcpy(sess->sess_key + CIFS_SMB1_SESSKEY_SIZE, key,
349 CIFS_AUTH_RESP_SIZE);
350 sess->sequence_number = 1;
352 if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) {
353 ksmbd_debug(AUTH, "ntlmv1 authentication failed\n");
357 ksmbd_debug(AUTH, "ntlmv1 authentication pass\n");
362 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
363 * @sess: session of connection
364 * @ntlmv2: NTLMv2 challenge response
365 * @blen: NTLMv2 blob length
366 * @domain_name: domain name
368 * Return: 0 on success, error number on error
370 int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
371 int blen, char *domain_name)
373 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
374 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
375 struct ksmbd_crypto_ctx *ctx;
376 char *construct = NULL;
377 int rc = -EINVAL, len;
379 ctx = ksmbd_crypto_ctx_find_hmacmd5();
381 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc);
385 rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name);
387 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
391 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
393 CIFS_HMAC_MD5_HASH_SIZE);
395 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
399 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
401 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
405 len = CIFS_CRYPTO_KEY_SIZE + blen;
406 construct = kzalloc(len, GFP_KERNEL);
412 memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE);
413 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
415 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
417 ksmbd_debug(AUTH, "Could not update with response\n");
421 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
423 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
427 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
429 ksmbd_debug(AUTH, "Could not generate sess key\n");
433 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
436 ksmbd_release_crypto_ctx(ctx);
442 * __ksmbd_auth_ntlmv2() - NTLM2(extended security) authentication handler
443 * @sess: session of connection
444 * @client_nonce: client nonce from LM response.
445 * @ntlm_resp: ntlm response data from client.
447 * Return: 0 on success, error number on error
449 static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce,
452 char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0};
454 unsigned char p21[21];
455 char key[CIFS_AUTH_RESP_SIZE];
457 rc = ksmbd_enc_update_sess_key(sess_key,
459 (char *)sess->ntlmssp.cryptkey, 8);
461 ksmbd_err("password processing failed\n");
465 memset(p21, '\0', 21);
466 memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE);
467 rc = ksmbd_enc_p24(p21, sess_key, key);
469 ksmbd_err("password processing failed\n");
473 if (memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE) != 0)
480 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
482 * @authblob: authenticate blob source pointer
484 * @sess: session of connection
486 * Return: 0 on success, error number on error
488 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
489 int blob_len, struct ksmbd_session *sess)
492 unsigned int lm_off, nt_off;
493 unsigned short nt_len;
496 if (blob_len < sizeof(struct authenticate_message)) {
497 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
502 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
503 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
504 authblob->Signature);
508 lm_off = le32_to_cpu(authblob->LmChallengeResponse.BufferOffset);
509 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
510 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
512 /* process NTLM authentication */
513 if (nt_len == CIFS_AUTH_RESP_SIZE) {
514 if (le32_to_cpu(authblob->NegotiateFlags) &
515 NTLMSSP_NEGOTIATE_EXTENDED_SEC)
516 return __ksmbd_auth_ntlmv2(sess, (char *)authblob +
517 lm_off, (char *)authblob + nt_off);
519 return ksmbd_auth_ntlm(sess, (char *)authblob +
523 /* TODO : use domain name that imported from configuration file */
524 domain_name = smb_strndup_from_utf16((const char *)authblob +
525 le32_to_cpu(authblob->DomainName.BufferOffset),
526 le16_to_cpu(authblob->DomainName.Length), true,
527 sess->conn->local_nls);
528 if (IS_ERR(domain_name))
529 return PTR_ERR(domain_name);
531 /* process NTLMv2 authentication */
532 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
534 ret = ksmbd_auth_ntlmv2(sess,
535 (struct ntlmv2_resp *)((char *)authblob + nt_off),
536 nt_len - CIFS_ENCPWD_SIZE,
543 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
545 * @negblob: negotiate blob source pointer
546 * @rsp: response header pointer to be updated
547 * @sess: session of connection
550 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
551 int blob_len, struct ksmbd_session *sess)
553 if (blob_len < sizeof(struct negotiate_message)) {
554 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
559 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
560 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
565 sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
570 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
572 * @chgblob: challenge blob source pointer to initialize
573 * @rsp: response header pointer to be updated
574 * @sess: session of connection
578 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
579 struct ksmbd_session *sess)
581 struct target_info *tinfo;
584 unsigned int len, flags, blob_off, blob_len, type, target_info_len = 0;
585 int cflags = sess->ntlmssp.client_flags;
587 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
588 chgblob->MessageType = NtLmChallenge;
590 flags = NTLMSSP_NEGOTIATE_UNICODE |
591 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
592 NTLMSSP_NEGOTIATE_TARGET_INFO;
594 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
595 flags |= NTLMSSP_NEGOTIATE_SIGN;
596 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
597 NTLMSSP_NEGOTIATE_56);
600 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
601 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
603 if (cflags & NTLMSSP_REQUEST_TARGET)
604 flags |= NTLMSSP_REQUEST_TARGET;
606 if (sess->conn->use_spnego &&
607 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
608 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
610 chgblob->NegotiateFlags = cpu_to_le32(flags);
611 len = strlen(ksmbd_netbios_name());
612 name = kmalloc(2 + (len * 2), GFP_KERNEL);
616 len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
617 sess->conn->local_nls);
618 len = UNICODE_LEN(len);
620 blob_off = sizeof(struct challenge_message);
621 blob_len = blob_off + len;
623 chgblob->TargetName.Length = cpu_to_le16(len);
624 chgblob->TargetName.MaximumLength = cpu_to_le16(len);
625 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
627 /* Initialize random conn challenge */
628 get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64));
629 memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey,
630 CIFS_CRYPTO_KEY_SIZE);
632 /* Add Target Information to security buffer */
633 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
635 target_name = (__u8 *)chgblob + blob_off;
636 memcpy(target_name, name, len);
637 tinfo = (struct target_info *)(target_name + len);
639 chgblob->TargetInfoArray.Length = 0;
640 /* Add target info list for NetBIOS/DNS settings */
641 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
642 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
643 tinfo->Type = cpu_to_le16(type);
644 tinfo->Length = cpu_to_le16(len);
645 memcpy(tinfo->Content, name, len);
646 tinfo = (struct target_info *)((char *)tinfo + 4 + len);
647 target_info_len += 4 + len;
650 /* Add terminator subblock */
653 target_info_len += 4;
655 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
656 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
657 blob_len += target_info_len;
659 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
663 #ifdef CONFIG_SMB_SERVER_KERBEROS5
664 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
665 int in_len, char *out_blob, int *out_len)
667 struct ksmbd_spnego_authen_response *resp;
668 struct ksmbd_user *user = NULL;
671 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
673 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
677 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
678 ksmbd_debug(AUTH, "krb5 authentication failure\n");
683 if (*out_len <= resp->spnego_blob_len) {
684 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
685 *out_len, resp->spnego_blob_len);
690 if (resp->session_key_len > sizeof(sess->sess_key)) {
691 ksmbd_debug(AUTH, "session key is too long\n");
696 user = ksmbd_alloc_user(&resp->login_response);
698 ksmbd_debug(AUTH, "login failure\n");
704 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
705 memcpy(out_blob, resp->payload + resp->session_key_len,
706 resp->spnego_blob_len);
707 *out_len = resp->spnego_blob_len;
714 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
715 int in_len, char *out_blob, int *out_len)
722 * ksmbd_sign_smb2_pdu() - function to generate packet signing
725 * @iov: buffer iov array
726 * @n_vec: number of iovecs
727 * @sig: signature value generated for client request packet
730 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
731 int n_vec, char *sig)
733 struct ksmbd_crypto_ctx *ctx;
737 ctx = ksmbd_crypto_ctx_find_hmacsha256();
739 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc);
743 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
745 SMB2_NTLMV2_SESSKEY_SIZE);
749 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
751 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
755 for (i = 0; i < n_vec; i++) {
756 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
760 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
765 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
767 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
769 ksmbd_release_crypto_ctx(ctx);
774 * ksmbd_sign_smb3_pdu() - function to generate packet signing
777 * @iov: buffer iov array
778 * @n_vec: number of iovecs
779 * @sig: signature value generated for client request packet
782 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
783 int n_vec, char *sig)
785 struct ksmbd_crypto_ctx *ctx;
789 ctx = ksmbd_crypto_ctx_find_cmacaes();
791 ksmbd_debug(AUTH, "could not crypto alloc cmac rc %d\n", rc);
795 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
801 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
803 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
807 for (i = 0; i < n_vec; i++) {
808 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
812 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
817 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
819 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
821 ksmbd_release_crypto_ctx(ctx);
831 static int generate_key(struct ksmbd_session *sess, struct kvec label,
832 struct kvec context, __u8 *key, unsigned int key_size)
834 unsigned char zero = 0x0;
835 __u8 i[4] = {0, 0, 0, 1};
836 __u8 L128[4] = {0, 0, 0, 128};
837 __u8 L256[4] = {0, 0, 1, 0};
839 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
840 unsigned char *hashptr = prfhash;
841 struct ksmbd_crypto_ctx *ctx;
843 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
844 memset(key, 0x0, key_size);
846 ctx = ksmbd_crypto_ctx_find_hmacsha256();
848 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc);
849 goto smb3signkey_ret;
852 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
854 SMB2_NTLMV2_SESSKEY_SIZE);
856 goto smb3signkey_ret;
858 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
860 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
861 goto smb3signkey_ret;
864 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
866 ksmbd_debug(AUTH, "could not update with n\n");
867 goto smb3signkey_ret;
870 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
874 ksmbd_debug(AUTH, "could not update with label\n");
875 goto smb3signkey_ret;
878 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
880 ksmbd_debug(AUTH, "could not update with zero\n");
881 goto smb3signkey_ret;
884 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
888 ksmbd_debug(AUTH, "could not update with context\n");
889 goto smb3signkey_ret;
892 if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
893 sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
894 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
896 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
898 ksmbd_debug(AUTH, "could not update with L\n");
899 goto smb3signkey_ret;
902 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
904 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
906 goto smb3signkey_ret;
909 memcpy(key, hashptr, key_size);
912 ksmbd_release_crypto_ctx(ctx);
916 static int generate_smb3signingkey(struct ksmbd_session *sess,
917 const struct derivation *signing)
920 struct channel *chann;
923 chann = lookup_chann_list(sess);
927 if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding)
928 key = chann->smb3signingkey;
930 key = sess->smb3signingkey;
932 rc = generate_key(sess, signing->label, signing->context, key,
937 if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding))
938 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
940 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
941 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
942 ksmbd_debug(AUTH, "Session Key %*ph\n",
943 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
944 ksmbd_debug(AUTH, "Signing Key %*ph\n",
945 SMB3_SIGN_KEY_SIZE, key);
949 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess)
953 d.label.iov_base = "SMB2AESCMAC";
954 d.label.iov_len = 12;
955 d.context.iov_base = "SmbSign";
956 d.context.iov_len = 8;
959 return generate_smb3signingkey(sess, &d);
962 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess)
966 d.label.iov_base = "SMBSigningKey";
967 d.label.iov_len = 14;
968 d.context.iov_base = sess->Preauth_HashValue;
969 d.context.iov_len = 64;
972 return generate_smb3signingkey(sess, &d);
975 struct derivation_twin {
976 struct derivation encryption;
977 struct derivation decryption;
980 static int generate_smb3encryptionkey(struct ksmbd_session *sess,
981 const struct derivation_twin *ptwin)
985 rc = generate_key(sess, ptwin->encryption.label,
986 ptwin->encryption.context, sess->smb3encryptionkey,
987 SMB3_ENC_DEC_KEY_SIZE);
991 rc = generate_key(sess, ptwin->decryption.label,
992 ptwin->decryption.context,
993 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
997 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
998 ksmbd_debug(AUTH, "Cipher type %d\n", sess->conn->cipher_type);
999 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
1000 ksmbd_debug(AUTH, "Session Key %*ph\n",
1001 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
1002 if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1003 sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1004 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
1005 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
1006 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
1007 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
1009 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
1010 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
1011 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
1012 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
1017 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess)
1019 struct derivation_twin twin;
1020 struct derivation *d;
1022 d = &twin.encryption;
1023 d->label.iov_base = "SMB2AESCCM";
1024 d->label.iov_len = 11;
1025 d->context.iov_base = "ServerOut";
1026 d->context.iov_len = 10;
1028 d = &twin.decryption;
1029 d->label.iov_base = "SMB2AESCCM";
1030 d->label.iov_len = 11;
1031 d->context.iov_base = "ServerIn ";
1032 d->context.iov_len = 10;
1034 return generate_smb3encryptionkey(sess, &twin);
1037 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess)
1039 struct derivation_twin twin;
1040 struct derivation *d;
1042 d = &twin.encryption;
1043 d->label.iov_base = "SMBS2CCipherKey";
1044 d->label.iov_len = 16;
1045 d->context.iov_base = sess->Preauth_HashValue;
1046 d->context.iov_len = 64;
1048 d = &twin.decryption;
1049 d->label.iov_base = "SMBC2SCipherKey";
1050 d->label.iov_len = 16;
1051 d->context.iov_base = sess->Preauth_HashValue;
1052 d->context.iov_len = 64;
1054 return generate_smb3encryptionkey(sess, &twin);
1057 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
1061 struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf;
1062 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
1063 int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length);
1064 struct ksmbd_crypto_ctx *ctx = NULL;
1066 if (conn->preauth_info->Preauth_HashId ==
1067 SMB2_PREAUTH_INTEGRITY_SHA512) {
1068 ctx = ksmbd_crypto_ctx_find_sha512();
1070 ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc);
1077 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
1079 ksmbd_debug(AUTH, "could not init shashn");
1083 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
1085 ksmbd_debug(AUTH, "could not update with n\n");
1089 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
1091 ksmbd_debug(AUTH, "could not update with n\n");
1095 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
1097 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
1101 ksmbd_release_crypto_ctx(ctx);
1105 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
1109 struct ksmbd_crypto_ctx *ctx = NULL;
1111 ctx = ksmbd_crypto_ctx_find_sha256();
1113 ksmbd_debug(AUTH, "could not alloc sha256 rc %d\n", rc);
1117 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
1119 ksmbd_debug(AUTH, "could not init shashn");
1123 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
1125 ksmbd_debug(AUTH, "could not update with n\n");
1129 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
1131 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
1135 ksmbd_release_crypto_ctx(ctx);
1139 static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id,
1142 struct ksmbd_session *sess;
1145 sess = ksmbd_session_lookup(conn, ses_id);
1149 ses_enc_key = enc ? sess->smb3encryptionkey :
1150 sess->smb3decryptionkey;
1151 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1156 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1157 unsigned int buflen)
1161 if (is_vmalloc_addr(buf))
1162 addr = vmalloc_to_page(buf);
1164 addr = virt_to_page(buf);
1165 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1168 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1171 struct scatterlist *sg;
1172 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;
1173 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1175 for (i = 0; i < nvec - 1; i++) {
1176 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1178 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1179 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1180 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1181 (kaddr >> PAGE_SHIFT);
1185 total_entries += nr_entries[i];
1188 /* Add two entries for transform header and signature */
1191 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1195 sg_init_table(sg, total_entries);
1196 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1197 for (i = 0; i < nvec - 1; i++) {
1198 void *data = iov[i + 1].iov_base;
1199 int len = iov[i + 1].iov_len;
1201 if (is_vmalloc_addr(data)) {
1202 int j, offset = offset_in_page(data);
1204 for (j = 0; j < nr_entries[i]; j++) {
1205 unsigned int bytes = PAGE_SIZE - offset;
1213 sg_set_page(&sg[sg_idx++],
1214 vmalloc_to_page(data), bytes,
1215 offset_in_page(data));
1222 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1223 offset_in_page(data));
1226 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1230 int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,
1231 unsigned int nvec, int enc)
1233 struct smb2_transform_hdr *tr_hdr =
1234 (struct smb2_transform_hdr *)iov[0].iov_base;
1235 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;
1237 struct scatterlist *sg;
1238 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1239 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1240 struct aead_request *req;
1242 unsigned int iv_len;
1243 struct crypto_aead *tfm;
1244 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1245 struct ksmbd_crypto_ctx *ctx;
1247 rc = ksmbd_get_encryption_key(conn,
1248 le64_to_cpu(tr_hdr->SessionId),
1252 ksmbd_err("Could not get %scryption key\n", enc ? "en" : "de");
1256 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1257 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1258 ctx = ksmbd_crypto_ctx_find_gcm();
1260 ctx = ksmbd_crypto_ctx_find_ccm();
1262 ksmbd_err("crypto alloc failed\n");
1266 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1267 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1268 tfm = CRYPTO_GCM(ctx);
1270 tfm = CRYPTO_CCM(ctx);
1272 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1273 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1274 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1276 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1278 ksmbd_err("Failed to set aead key %d\n", rc);
1282 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1284 ksmbd_err("Failed to set authsize %d\n", rc);
1288 req = aead_request_alloc(tfm, GFP_KERNEL);
1290 ksmbd_err("Failed to alloc aead request\n");
1296 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1297 crypt_len += SMB2_SIGNATURE_SIZE;
1300 sg = ksmbd_init_sg(iov, nvec, sign);
1302 ksmbd_err("Failed to init sg\n");
1307 iv_len = crypto_aead_ivsize(tfm);
1308 iv = kzalloc(iv_len, GFP_KERNEL);
1310 ksmbd_err("Failed to alloc IV\n");
1315 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1316 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1317 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1320 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1323 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1324 aead_request_set_ad(req, assoc_data_len);
1325 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1328 rc = crypto_aead_encrypt(req);
1330 rc = crypto_aead_decrypt(req);
1332 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1340 ksmbd_release_crypto_ctx(ctx);