1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun * fs/cifs/cifsencrypt.c
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP
5*4882a593Smuzhiyun * for more detailed information
6*4882a593Smuzhiyun *
7*4882a593Smuzhiyun * Copyright (C) International Business Machines Corp., 2005,2013
8*4882a593Smuzhiyun * Author(s): Steve French (sfrench@us.ibm.com)
9*4882a593Smuzhiyun *
10*4882a593Smuzhiyun * This library is free software; you can redistribute it and/or modify
11*4882a593Smuzhiyun * it under the terms of the GNU Lesser General Public License as published
12*4882a593Smuzhiyun * by the Free Software Foundation; either version 2.1 of the License, or
13*4882a593Smuzhiyun * (at your option) any later version.
14*4882a593Smuzhiyun *
15*4882a593Smuzhiyun * This library is distributed in the hope that it will be useful,
16*4882a593Smuzhiyun * but WITHOUT ANY WARRANTY; without even the implied warranty of
17*4882a593Smuzhiyun * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
18*4882a593Smuzhiyun * the GNU Lesser General Public License for more details.
19*4882a593Smuzhiyun *
20*4882a593Smuzhiyun * You should have received a copy of the GNU Lesser General Public License
21*4882a593Smuzhiyun * along with this library; if not, write to the Free Software
22*4882a593Smuzhiyun * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23*4882a593Smuzhiyun */
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun #include <linux/fs.h>
26*4882a593Smuzhiyun #include <linux/slab.h>
27*4882a593Smuzhiyun #include "cifspdu.h"
28*4882a593Smuzhiyun #include "cifsglob.h"
29*4882a593Smuzhiyun #include "cifs_debug.h"
30*4882a593Smuzhiyun #include "cifs_unicode.h"
31*4882a593Smuzhiyun #include "cifsproto.h"
32*4882a593Smuzhiyun #include "ntlmssp.h"
33*4882a593Smuzhiyun #include <linux/ctype.h>
34*4882a593Smuzhiyun #include <linux/random.h>
35*4882a593Smuzhiyun #include <linux/highmem.h>
36*4882a593Smuzhiyun #include <linux/fips.h>
37*4882a593Smuzhiyun #include <crypto/arc4.h>
38*4882a593Smuzhiyun #include <crypto/aead.h>
39*4882a593Smuzhiyun
__cifs_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server,char * signature,struct shash_desc * shash)40*4882a593Smuzhiyun int __cifs_calc_signature(struct smb_rqst *rqst,
41*4882a593Smuzhiyun struct TCP_Server_Info *server, char *signature,
42*4882a593Smuzhiyun struct shash_desc *shash)
43*4882a593Smuzhiyun {
44*4882a593Smuzhiyun int i;
45*4882a593Smuzhiyun int rc;
46*4882a593Smuzhiyun struct kvec *iov = rqst->rq_iov;
47*4882a593Smuzhiyun int n_vec = rqst->rq_nvec;
48*4882a593Smuzhiyun int is_smb2 = server->vals->header_preamble_size == 0;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun /* iov[0] is actual data and not the rfc1002 length for SMB2+ */
51*4882a593Smuzhiyun if (is_smb2) {
52*4882a593Smuzhiyun if (iov[0].iov_len <= 4)
53*4882a593Smuzhiyun return -EIO;
54*4882a593Smuzhiyun i = 0;
55*4882a593Smuzhiyun } else {
56*4882a593Smuzhiyun if (n_vec < 2 || iov[0].iov_len != 4)
57*4882a593Smuzhiyun return -EIO;
58*4882a593Smuzhiyun i = 1; /* skip rfc1002 length */
59*4882a593Smuzhiyun }
60*4882a593Smuzhiyun
61*4882a593Smuzhiyun for (; i < n_vec; i++) {
62*4882a593Smuzhiyun if (iov[i].iov_len == 0)
63*4882a593Smuzhiyun continue;
64*4882a593Smuzhiyun if (iov[i].iov_base == NULL) {
65*4882a593Smuzhiyun cifs_dbg(VFS, "null iovec entry\n");
66*4882a593Smuzhiyun return -EIO;
67*4882a593Smuzhiyun }
68*4882a593Smuzhiyun
69*4882a593Smuzhiyun rc = crypto_shash_update(shash,
70*4882a593Smuzhiyun iov[i].iov_base, iov[i].iov_len);
71*4882a593Smuzhiyun if (rc) {
72*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with payload\n",
73*4882a593Smuzhiyun __func__);
74*4882a593Smuzhiyun return rc;
75*4882a593Smuzhiyun }
76*4882a593Smuzhiyun }
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun /* now hash over the rq_pages array */
79*4882a593Smuzhiyun for (i = 0; i < rqst->rq_npages; i++) {
80*4882a593Smuzhiyun void *kaddr;
81*4882a593Smuzhiyun unsigned int len, offset;
82*4882a593Smuzhiyun
83*4882a593Smuzhiyun rqst_page_get_length(rqst, i, &len, &offset);
84*4882a593Smuzhiyun
85*4882a593Smuzhiyun kaddr = (char *) kmap(rqst->rq_pages[i]) + offset;
86*4882a593Smuzhiyun
87*4882a593Smuzhiyun rc = crypto_shash_update(shash, kaddr, len);
88*4882a593Smuzhiyun if (rc) {
89*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with payload\n",
90*4882a593Smuzhiyun __func__);
91*4882a593Smuzhiyun kunmap(rqst->rq_pages[i]);
92*4882a593Smuzhiyun return rc;
93*4882a593Smuzhiyun }
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun kunmap(rqst->rq_pages[i]);
96*4882a593Smuzhiyun }
97*4882a593Smuzhiyun
98*4882a593Smuzhiyun rc = crypto_shash_final(shash, signature);
99*4882a593Smuzhiyun if (rc)
100*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not generate hash\n", __func__);
101*4882a593Smuzhiyun
102*4882a593Smuzhiyun return rc;
103*4882a593Smuzhiyun }
104*4882a593Smuzhiyun
105*4882a593Smuzhiyun /*
106*4882a593Smuzhiyun * Calculate and return the CIFS signature based on the mac key and SMB PDU.
107*4882a593Smuzhiyun * The 16 byte signature must be allocated by the caller. Note we only use the
108*4882a593Smuzhiyun * 1st eight bytes and that the smb header signature field on input contains
109*4882a593Smuzhiyun * the sequence number before this function is called. Also, this function
110*4882a593Smuzhiyun * should be called with the server->srv_mutex held.
111*4882a593Smuzhiyun */
cifs_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server,char * signature)112*4882a593Smuzhiyun static int cifs_calc_signature(struct smb_rqst *rqst,
113*4882a593Smuzhiyun struct TCP_Server_Info *server, char *signature)
114*4882a593Smuzhiyun {
115*4882a593Smuzhiyun int rc;
116*4882a593Smuzhiyun
117*4882a593Smuzhiyun if (!rqst->rq_iov || !signature || !server)
118*4882a593Smuzhiyun return -EINVAL;
119*4882a593Smuzhiyun
120*4882a593Smuzhiyun rc = cifs_alloc_hash("md5", &server->secmech.md5,
121*4882a593Smuzhiyun &server->secmech.sdescmd5);
122*4882a593Smuzhiyun if (rc)
123*4882a593Smuzhiyun return -1;
124*4882a593Smuzhiyun
125*4882a593Smuzhiyun rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
126*4882a593Smuzhiyun if (rc) {
127*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
128*4882a593Smuzhiyun return rc;
129*4882a593Smuzhiyun }
130*4882a593Smuzhiyun
131*4882a593Smuzhiyun rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
132*4882a593Smuzhiyun server->session_key.response, server->session_key.len);
133*4882a593Smuzhiyun if (rc) {
134*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
135*4882a593Smuzhiyun return rc;
136*4882a593Smuzhiyun }
137*4882a593Smuzhiyun
138*4882a593Smuzhiyun return __cifs_calc_signature(rqst, server, signature,
139*4882a593Smuzhiyun &server->secmech.sdescmd5->shash);
140*4882a593Smuzhiyun }
141*4882a593Smuzhiyun
142*4882a593Smuzhiyun /* must be called with server->srv_mutex held */
cifs_sign_rqst(struct smb_rqst * rqst,struct TCP_Server_Info * server,__u32 * pexpected_response_sequence_number)143*4882a593Smuzhiyun int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server,
144*4882a593Smuzhiyun __u32 *pexpected_response_sequence_number)
145*4882a593Smuzhiyun {
146*4882a593Smuzhiyun int rc = 0;
147*4882a593Smuzhiyun char smb_signature[20];
148*4882a593Smuzhiyun struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun if (rqst->rq_iov[0].iov_len != 4 ||
151*4882a593Smuzhiyun rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
152*4882a593Smuzhiyun return -EIO;
153*4882a593Smuzhiyun
154*4882a593Smuzhiyun if ((cifs_pdu == NULL) || (server == NULL))
155*4882a593Smuzhiyun return -EINVAL;
156*4882a593Smuzhiyun
157*4882a593Smuzhiyun if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
158*4882a593Smuzhiyun server->tcpStatus == CifsNeedNegotiate)
159*4882a593Smuzhiyun return rc;
160*4882a593Smuzhiyun
161*4882a593Smuzhiyun if (!server->session_estab) {
162*4882a593Smuzhiyun memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
163*4882a593Smuzhiyun return rc;
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun
166*4882a593Smuzhiyun cifs_pdu->Signature.Sequence.SequenceNumber =
167*4882a593Smuzhiyun cpu_to_le32(server->sequence_number);
168*4882a593Smuzhiyun cifs_pdu->Signature.Sequence.Reserved = 0;
169*4882a593Smuzhiyun
170*4882a593Smuzhiyun *pexpected_response_sequence_number = ++server->sequence_number;
171*4882a593Smuzhiyun ++server->sequence_number;
172*4882a593Smuzhiyun
173*4882a593Smuzhiyun rc = cifs_calc_signature(rqst, server, smb_signature);
174*4882a593Smuzhiyun if (rc)
175*4882a593Smuzhiyun memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
176*4882a593Smuzhiyun else
177*4882a593Smuzhiyun memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);
178*4882a593Smuzhiyun
179*4882a593Smuzhiyun return rc;
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun
cifs_sign_smbv(struct kvec * iov,int n_vec,struct TCP_Server_Info * server,__u32 * pexpected_response_sequence)182*4882a593Smuzhiyun int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
183*4882a593Smuzhiyun __u32 *pexpected_response_sequence)
184*4882a593Smuzhiyun {
185*4882a593Smuzhiyun struct smb_rqst rqst = { .rq_iov = iov,
186*4882a593Smuzhiyun .rq_nvec = n_vec };
187*4882a593Smuzhiyun
188*4882a593Smuzhiyun return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
189*4882a593Smuzhiyun }
190*4882a593Smuzhiyun
191*4882a593Smuzhiyun /* must be called with server->srv_mutex held */
cifs_sign_smb(struct smb_hdr * cifs_pdu,struct TCP_Server_Info * server,__u32 * pexpected_response_sequence_number)192*4882a593Smuzhiyun int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
193*4882a593Smuzhiyun __u32 *pexpected_response_sequence_number)
194*4882a593Smuzhiyun {
195*4882a593Smuzhiyun struct kvec iov[2];
196*4882a593Smuzhiyun
197*4882a593Smuzhiyun iov[0].iov_base = cifs_pdu;
198*4882a593Smuzhiyun iov[0].iov_len = 4;
199*4882a593Smuzhiyun iov[1].iov_base = (char *)cifs_pdu + 4;
200*4882a593Smuzhiyun iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length);
201*4882a593Smuzhiyun
202*4882a593Smuzhiyun return cifs_sign_smbv(iov, 2, server,
203*4882a593Smuzhiyun pexpected_response_sequence_number);
204*4882a593Smuzhiyun }
205*4882a593Smuzhiyun
cifs_verify_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server,__u32 expected_sequence_number)206*4882a593Smuzhiyun int cifs_verify_signature(struct smb_rqst *rqst,
207*4882a593Smuzhiyun struct TCP_Server_Info *server,
208*4882a593Smuzhiyun __u32 expected_sequence_number)
209*4882a593Smuzhiyun {
210*4882a593Smuzhiyun unsigned int rc;
211*4882a593Smuzhiyun char server_response_sig[8];
212*4882a593Smuzhiyun char what_we_think_sig_should_be[20];
213*4882a593Smuzhiyun struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
214*4882a593Smuzhiyun
215*4882a593Smuzhiyun if (rqst->rq_iov[0].iov_len != 4 ||
216*4882a593Smuzhiyun rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
217*4882a593Smuzhiyun return -EIO;
218*4882a593Smuzhiyun
219*4882a593Smuzhiyun if (cifs_pdu == NULL || server == NULL)
220*4882a593Smuzhiyun return -EINVAL;
221*4882a593Smuzhiyun
222*4882a593Smuzhiyun if (!server->session_estab)
223*4882a593Smuzhiyun return 0;
224*4882a593Smuzhiyun
225*4882a593Smuzhiyun if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) {
226*4882a593Smuzhiyun struct smb_com_lock_req *pSMB =
227*4882a593Smuzhiyun (struct smb_com_lock_req *)cifs_pdu;
228*4882a593Smuzhiyun if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)
229*4882a593Smuzhiyun return 0;
230*4882a593Smuzhiyun }
231*4882a593Smuzhiyun
232*4882a593Smuzhiyun /* BB what if signatures are supposed to be on for session but
233*4882a593Smuzhiyun server does not send one? BB */
234*4882a593Smuzhiyun
235*4882a593Smuzhiyun /* Do not need to verify session setups with signature "BSRSPYL " */
236*4882a593Smuzhiyun if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0)
237*4882a593Smuzhiyun cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
238*4882a593Smuzhiyun cifs_pdu->Command);
239*4882a593Smuzhiyun
240*4882a593Smuzhiyun /* save off the origiginal signature so we can modify the smb and check
241*4882a593Smuzhiyun its signature against what the server sent */
242*4882a593Smuzhiyun memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8);
243*4882a593Smuzhiyun
244*4882a593Smuzhiyun cifs_pdu->Signature.Sequence.SequenceNumber =
245*4882a593Smuzhiyun cpu_to_le32(expected_sequence_number);
246*4882a593Smuzhiyun cifs_pdu->Signature.Sequence.Reserved = 0;
247*4882a593Smuzhiyun
248*4882a593Smuzhiyun mutex_lock(&server->srv_mutex);
249*4882a593Smuzhiyun rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
250*4882a593Smuzhiyun mutex_unlock(&server->srv_mutex);
251*4882a593Smuzhiyun
252*4882a593Smuzhiyun if (rc)
253*4882a593Smuzhiyun return rc;
254*4882a593Smuzhiyun
255*4882a593Smuzhiyun /* cifs_dump_mem("what we think it should be: ",
256*4882a593Smuzhiyun what_we_think_sig_should_be, 16); */
257*4882a593Smuzhiyun
258*4882a593Smuzhiyun if (memcmp(server_response_sig, what_we_think_sig_should_be, 8))
259*4882a593Smuzhiyun return -EACCES;
260*4882a593Smuzhiyun else
261*4882a593Smuzhiyun return 0;
262*4882a593Smuzhiyun
263*4882a593Smuzhiyun }
264*4882a593Smuzhiyun
265*4882a593Smuzhiyun /* first calculate 24 bytes ntlm response and then 16 byte session key */
setup_ntlm_response(struct cifs_ses * ses,const struct nls_table * nls_cp)266*4882a593Smuzhiyun int setup_ntlm_response(struct cifs_ses *ses, const struct nls_table *nls_cp)
267*4882a593Smuzhiyun {
268*4882a593Smuzhiyun int rc = 0;
269*4882a593Smuzhiyun unsigned int temp_len = CIFS_SESS_KEY_SIZE + CIFS_AUTH_RESP_SIZE;
270*4882a593Smuzhiyun char temp_key[CIFS_SESS_KEY_SIZE];
271*4882a593Smuzhiyun
272*4882a593Smuzhiyun if (!ses)
273*4882a593Smuzhiyun return -EINVAL;
274*4882a593Smuzhiyun
275*4882a593Smuzhiyun ses->auth_key.response = kmalloc(temp_len, GFP_KERNEL);
276*4882a593Smuzhiyun if (!ses->auth_key.response)
277*4882a593Smuzhiyun return -ENOMEM;
278*4882a593Smuzhiyun
279*4882a593Smuzhiyun ses->auth_key.len = temp_len;
280*4882a593Smuzhiyun
281*4882a593Smuzhiyun rc = SMBNTencrypt(ses->password, ses->server->cryptkey,
282*4882a593Smuzhiyun ses->auth_key.response + CIFS_SESS_KEY_SIZE, nls_cp);
283*4882a593Smuzhiyun if (rc) {
284*4882a593Smuzhiyun cifs_dbg(FYI, "%s Can't generate NTLM response, error: %d\n",
285*4882a593Smuzhiyun __func__, rc);
286*4882a593Smuzhiyun return rc;
287*4882a593Smuzhiyun }
288*4882a593Smuzhiyun
289*4882a593Smuzhiyun rc = E_md4hash(ses->password, temp_key, nls_cp);
290*4882a593Smuzhiyun if (rc) {
291*4882a593Smuzhiyun cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
292*4882a593Smuzhiyun __func__, rc);
293*4882a593Smuzhiyun return rc;
294*4882a593Smuzhiyun }
295*4882a593Smuzhiyun
296*4882a593Smuzhiyun rc = mdfour(ses->auth_key.response, temp_key, CIFS_SESS_KEY_SIZE);
297*4882a593Smuzhiyun if (rc)
298*4882a593Smuzhiyun cifs_dbg(FYI, "%s Can't generate NTLM session key, error: %d\n",
299*4882a593Smuzhiyun __func__, rc);
300*4882a593Smuzhiyun
301*4882a593Smuzhiyun return rc;
302*4882a593Smuzhiyun }
303*4882a593Smuzhiyun
304*4882a593Smuzhiyun #ifdef CONFIG_CIFS_WEAK_PW_HASH
calc_lanman_hash(const char * password,const char * cryptkey,bool encrypt,char * lnm_session_key)305*4882a593Smuzhiyun int calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,
306*4882a593Smuzhiyun char *lnm_session_key)
307*4882a593Smuzhiyun {
308*4882a593Smuzhiyun int i, len;
309*4882a593Smuzhiyun int rc;
310*4882a593Smuzhiyun char password_with_pad[CIFS_ENCPWD_SIZE] = {0};
311*4882a593Smuzhiyun
312*4882a593Smuzhiyun if (password) {
313*4882a593Smuzhiyun for (len = 0; len < CIFS_ENCPWD_SIZE; len++)
314*4882a593Smuzhiyun if (!password[len])
315*4882a593Smuzhiyun break;
316*4882a593Smuzhiyun
317*4882a593Smuzhiyun memcpy(password_with_pad, password, len);
318*4882a593Smuzhiyun }
319*4882a593Smuzhiyun
320*4882a593Smuzhiyun if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) {
321*4882a593Smuzhiyun memcpy(lnm_session_key, password_with_pad,
322*4882a593Smuzhiyun CIFS_ENCPWD_SIZE);
323*4882a593Smuzhiyun return 0;
324*4882a593Smuzhiyun }
325*4882a593Smuzhiyun
326*4882a593Smuzhiyun /* calculate old style session key */
327*4882a593Smuzhiyun /* calling toupper is less broken than repeatedly
328*4882a593Smuzhiyun calling nls_toupper would be since that will never
329*4882a593Smuzhiyun work for UTF8, but neither handles multibyte code pages
330*4882a593Smuzhiyun but the only alternative would be converting to UCS-16 (Unicode)
331*4882a593Smuzhiyun (using a routine something like UniStrupr) then
332*4882a593Smuzhiyun uppercasing and then converting back from Unicode - which
333*4882a593Smuzhiyun would only worth doing it if we knew it were utf8. Basically
334*4882a593Smuzhiyun utf8 and other multibyte codepages each need their own strupper
335*4882a593Smuzhiyun function since a byte at a time will ont work. */
336*4882a593Smuzhiyun
337*4882a593Smuzhiyun for (i = 0; i < CIFS_ENCPWD_SIZE; i++)
338*4882a593Smuzhiyun password_with_pad[i] = toupper(password_with_pad[i]);
339*4882a593Smuzhiyun
340*4882a593Smuzhiyun rc = SMBencrypt(password_with_pad, cryptkey, lnm_session_key);
341*4882a593Smuzhiyun
342*4882a593Smuzhiyun return rc;
343*4882a593Smuzhiyun }
344*4882a593Smuzhiyun #endif /* CIFS_WEAK_PW_HASH */
345*4882a593Smuzhiyun
346*4882a593Smuzhiyun /* Build a proper attribute value/target info pairs blob.
347*4882a593Smuzhiyun * Fill in netbios and dns domain name and workstation name
348*4882a593Smuzhiyun * and client time (total five av pairs and + one end of fields indicator.
349*4882a593Smuzhiyun * Allocate domain name which gets freed when session struct is deallocated.
350*4882a593Smuzhiyun */
351*4882a593Smuzhiyun static int
build_avpair_blob(struct cifs_ses * ses,const struct nls_table * nls_cp)352*4882a593Smuzhiyun build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
353*4882a593Smuzhiyun {
354*4882a593Smuzhiyun unsigned int dlen;
355*4882a593Smuzhiyun unsigned int size = 2 * sizeof(struct ntlmssp2_name);
356*4882a593Smuzhiyun char *defdmname = "WORKGROUP";
357*4882a593Smuzhiyun unsigned char *blobptr;
358*4882a593Smuzhiyun struct ntlmssp2_name *attrptr;
359*4882a593Smuzhiyun
360*4882a593Smuzhiyun if (!ses->domainName) {
361*4882a593Smuzhiyun ses->domainName = kstrdup(defdmname, GFP_KERNEL);
362*4882a593Smuzhiyun if (!ses->domainName)
363*4882a593Smuzhiyun return -ENOMEM;
364*4882a593Smuzhiyun }
365*4882a593Smuzhiyun
366*4882a593Smuzhiyun dlen = strlen(ses->domainName);
367*4882a593Smuzhiyun
368*4882a593Smuzhiyun /*
369*4882a593Smuzhiyun * The length of this blob is two times the size of a
370*4882a593Smuzhiyun * structure (av pair) which holds name/size
371*4882a593Smuzhiyun * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
372*4882a593Smuzhiyun * unicode length of a netbios domain name
373*4882a593Smuzhiyun */
374*4882a593Smuzhiyun ses->auth_key.len = size + 2 * dlen;
375*4882a593Smuzhiyun ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
376*4882a593Smuzhiyun if (!ses->auth_key.response) {
377*4882a593Smuzhiyun ses->auth_key.len = 0;
378*4882a593Smuzhiyun return -ENOMEM;
379*4882a593Smuzhiyun }
380*4882a593Smuzhiyun
381*4882a593Smuzhiyun blobptr = ses->auth_key.response;
382*4882a593Smuzhiyun attrptr = (struct ntlmssp2_name *) blobptr;
383*4882a593Smuzhiyun
384*4882a593Smuzhiyun /*
385*4882a593Smuzhiyun * As defined in MS-NTLM 3.3.2, just this av pair field
386*4882a593Smuzhiyun * is sufficient as part of the temp
387*4882a593Smuzhiyun */
388*4882a593Smuzhiyun attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
389*4882a593Smuzhiyun attrptr->length = cpu_to_le16(2 * dlen);
390*4882a593Smuzhiyun blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
391*4882a593Smuzhiyun cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
392*4882a593Smuzhiyun
393*4882a593Smuzhiyun return 0;
394*4882a593Smuzhiyun }
395*4882a593Smuzhiyun
396*4882a593Smuzhiyun /* Server has provided av pairs/target info in the type 2 challenge
397*4882a593Smuzhiyun * packet and we have plucked it and stored within smb session.
398*4882a593Smuzhiyun * We parse that blob here to find netbios domain name to be used
399*4882a593Smuzhiyun * as part of ntlmv2 authentication (in Target String), if not already
400*4882a593Smuzhiyun * specified on the command line.
401*4882a593Smuzhiyun * If this function returns without any error but without fetching
402*4882a593Smuzhiyun * domain name, authentication may fail against some server but
403*4882a593Smuzhiyun * may not fail against other (those who are not very particular
404*4882a593Smuzhiyun * about target string i.e. for some, just user name might suffice.
405*4882a593Smuzhiyun */
406*4882a593Smuzhiyun static int
find_domain_name(struct cifs_ses * ses,const struct nls_table * nls_cp)407*4882a593Smuzhiyun find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp)
408*4882a593Smuzhiyun {
409*4882a593Smuzhiyun unsigned int attrsize;
410*4882a593Smuzhiyun unsigned int type;
411*4882a593Smuzhiyun unsigned int onesize = sizeof(struct ntlmssp2_name);
412*4882a593Smuzhiyun unsigned char *blobptr;
413*4882a593Smuzhiyun unsigned char *blobend;
414*4882a593Smuzhiyun struct ntlmssp2_name *attrptr;
415*4882a593Smuzhiyun
416*4882a593Smuzhiyun if (!ses->auth_key.len || !ses->auth_key.response)
417*4882a593Smuzhiyun return 0;
418*4882a593Smuzhiyun
419*4882a593Smuzhiyun blobptr = ses->auth_key.response;
420*4882a593Smuzhiyun blobend = blobptr + ses->auth_key.len;
421*4882a593Smuzhiyun
422*4882a593Smuzhiyun while (blobptr + onesize < blobend) {
423*4882a593Smuzhiyun attrptr = (struct ntlmssp2_name *) blobptr;
424*4882a593Smuzhiyun type = le16_to_cpu(attrptr->type);
425*4882a593Smuzhiyun if (type == NTLMSSP_AV_EOL)
426*4882a593Smuzhiyun break;
427*4882a593Smuzhiyun blobptr += 2; /* advance attr type */
428*4882a593Smuzhiyun attrsize = le16_to_cpu(attrptr->length);
429*4882a593Smuzhiyun blobptr += 2; /* advance attr size */
430*4882a593Smuzhiyun if (blobptr + attrsize > blobend)
431*4882a593Smuzhiyun break;
432*4882a593Smuzhiyun if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {
433*4882a593Smuzhiyun if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN)
434*4882a593Smuzhiyun break;
435*4882a593Smuzhiyun if (!ses->domainName) {
436*4882a593Smuzhiyun ses->domainName =
437*4882a593Smuzhiyun kmalloc(attrsize + 1, GFP_KERNEL);
438*4882a593Smuzhiyun if (!ses->domainName)
439*4882a593Smuzhiyun return -ENOMEM;
440*4882a593Smuzhiyun cifs_from_utf16(ses->domainName,
441*4882a593Smuzhiyun (__le16 *)blobptr, attrsize, attrsize,
442*4882a593Smuzhiyun nls_cp, NO_MAP_UNI_RSVD);
443*4882a593Smuzhiyun break;
444*4882a593Smuzhiyun }
445*4882a593Smuzhiyun }
446*4882a593Smuzhiyun blobptr += attrsize; /* advance attr value */
447*4882a593Smuzhiyun }
448*4882a593Smuzhiyun
449*4882a593Smuzhiyun return 0;
450*4882a593Smuzhiyun }
451*4882a593Smuzhiyun
452*4882a593Smuzhiyun /* Server has provided av pairs/target info in the type 2 challenge
453*4882a593Smuzhiyun * packet and we have plucked it and stored within smb session.
454*4882a593Smuzhiyun * We parse that blob here to find the server given timestamp
455*4882a593Smuzhiyun * as part of ntlmv2 authentication (or local current time as
456*4882a593Smuzhiyun * default in case of failure)
457*4882a593Smuzhiyun */
458*4882a593Smuzhiyun static __le64
find_timestamp(struct cifs_ses * ses)459*4882a593Smuzhiyun find_timestamp(struct cifs_ses *ses)
460*4882a593Smuzhiyun {
461*4882a593Smuzhiyun unsigned int attrsize;
462*4882a593Smuzhiyun unsigned int type;
463*4882a593Smuzhiyun unsigned int onesize = sizeof(struct ntlmssp2_name);
464*4882a593Smuzhiyun unsigned char *blobptr;
465*4882a593Smuzhiyun unsigned char *blobend;
466*4882a593Smuzhiyun struct ntlmssp2_name *attrptr;
467*4882a593Smuzhiyun struct timespec64 ts;
468*4882a593Smuzhiyun
469*4882a593Smuzhiyun if (!ses->auth_key.len || !ses->auth_key.response)
470*4882a593Smuzhiyun return 0;
471*4882a593Smuzhiyun
472*4882a593Smuzhiyun blobptr = ses->auth_key.response;
473*4882a593Smuzhiyun blobend = blobptr + ses->auth_key.len;
474*4882a593Smuzhiyun
475*4882a593Smuzhiyun while (blobptr + onesize < blobend) {
476*4882a593Smuzhiyun attrptr = (struct ntlmssp2_name *) blobptr;
477*4882a593Smuzhiyun type = le16_to_cpu(attrptr->type);
478*4882a593Smuzhiyun if (type == NTLMSSP_AV_EOL)
479*4882a593Smuzhiyun break;
480*4882a593Smuzhiyun blobptr += 2; /* advance attr type */
481*4882a593Smuzhiyun attrsize = le16_to_cpu(attrptr->length);
482*4882a593Smuzhiyun blobptr += 2; /* advance attr size */
483*4882a593Smuzhiyun if (blobptr + attrsize > blobend)
484*4882a593Smuzhiyun break;
485*4882a593Smuzhiyun if (type == NTLMSSP_AV_TIMESTAMP) {
486*4882a593Smuzhiyun if (attrsize == sizeof(u64))
487*4882a593Smuzhiyun return *((__le64 *)blobptr);
488*4882a593Smuzhiyun }
489*4882a593Smuzhiyun blobptr += attrsize; /* advance attr value */
490*4882a593Smuzhiyun }
491*4882a593Smuzhiyun
492*4882a593Smuzhiyun ktime_get_real_ts64(&ts);
493*4882a593Smuzhiyun return cpu_to_le64(cifs_UnixTimeToNT(ts));
494*4882a593Smuzhiyun }
495*4882a593Smuzhiyun
calc_ntlmv2_hash(struct cifs_ses * ses,char * ntlmv2_hash,const struct nls_table * nls_cp)496*4882a593Smuzhiyun static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
497*4882a593Smuzhiyun const struct nls_table *nls_cp)
498*4882a593Smuzhiyun {
499*4882a593Smuzhiyun int rc = 0;
500*4882a593Smuzhiyun int len;
501*4882a593Smuzhiyun char nt_hash[CIFS_NTHASH_SIZE];
502*4882a593Smuzhiyun __le16 *user;
503*4882a593Smuzhiyun wchar_t *domain;
504*4882a593Smuzhiyun wchar_t *server;
505*4882a593Smuzhiyun
506*4882a593Smuzhiyun if (!ses->server->secmech.sdeschmacmd5) {
507*4882a593Smuzhiyun cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
508*4882a593Smuzhiyun return -1;
509*4882a593Smuzhiyun }
510*4882a593Smuzhiyun
511*4882a593Smuzhiyun /* calculate md4 hash of password */
512*4882a593Smuzhiyun E_md4hash(ses->password, nt_hash, nls_cp);
513*4882a593Smuzhiyun
514*4882a593Smuzhiyun rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash,
515*4882a593Smuzhiyun CIFS_NTHASH_SIZE);
516*4882a593Smuzhiyun if (rc) {
517*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__);
518*4882a593Smuzhiyun return rc;
519*4882a593Smuzhiyun }
520*4882a593Smuzhiyun
521*4882a593Smuzhiyun rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
522*4882a593Smuzhiyun if (rc) {
523*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
524*4882a593Smuzhiyun return rc;
525*4882a593Smuzhiyun }
526*4882a593Smuzhiyun
527*4882a593Smuzhiyun /* convert ses->user_name to unicode */
528*4882a593Smuzhiyun len = ses->user_name ? strlen(ses->user_name) : 0;
529*4882a593Smuzhiyun user = kmalloc(2 + (len * 2), GFP_KERNEL);
530*4882a593Smuzhiyun if (user == NULL) {
531*4882a593Smuzhiyun rc = -ENOMEM;
532*4882a593Smuzhiyun return rc;
533*4882a593Smuzhiyun }
534*4882a593Smuzhiyun
535*4882a593Smuzhiyun if (len) {
536*4882a593Smuzhiyun len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp);
537*4882a593Smuzhiyun UniStrupr(user);
538*4882a593Smuzhiyun } else {
539*4882a593Smuzhiyun memset(user, '\0', 2);
540*4882a593Smuzhiyun }
541*4882a593Smuzhiyun
542*4882a593Smuzhiyun rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
543*4882a593Smuzhiyun (char *)user, 2 * len);
544*4882a593Smuzhiyun kfree(user);
545*4882a593Smuzhiyun if (rc) {
546*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with user\n", __func__);
547*4882a593Smuzhiyun return rc;
548*4882a593Smuzhiyun }
549*4882a593Smuzhiyun
550*4882a593Smuzhiyun /* convert ses->domainName to unicode and uppercase */
551*4882a593Smuzhiyun if (ses->domainName) {
552*4882a593Smuzhiyun len = strlen(ses->domainName);
553*4882a593Smuzhiyun
554*4882a593Smuzhiyun domain = kmalloc(2 + (len * 2), GFP_KERNEL);
555*4882a593Smuzhiyun if (domain == NULL) {
556*4882a593Smuzhiyun rc = -ENOMEM;
557*4882a593Smuzhiyun return rc;
558*4882a593Smuzhiyun }
559*4882a593Smuzhiyun len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len,
560*4882a593Smuzhiyun nls_cp);
561*4882a593Smuzhiyun rc =
562*4882a593Smuzhiyun crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
563*4882a593Smuzhiyun (char *)domain, 2 * len);
564*4882a593Smuzhiyun kfree(domain);
565*4882a593Smuzhiyun if (rc) {
566*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with domain\n",
567*4882a593Smuzhiyun __func__);
568*4882a593Smuzhiyun return rc;
569*4882a593Smuzhiyun }
570*4882a593Smuzhiyun } else {
571*4882a593Smuzhiyun /* We use ses->serverName if no domain name available */
572*4882a593Smuzhiyun len = strlen(ses->serverName);
573*4882a593Smuzhiyun
574*4882a593Smuzhiyun server = kmalloc(2 + (len * 2), GFP_KERNEL);
575*4882a593Smuzhiyun if (server == NULL) {
576*4882a593Smuzhiyun rc = -ENOMEM;
577*4882a593Smuzhiyun return rc;
578*4882a593Smuzhiyun }
579*4882a593Smuzhiyun len = cifs_strtoUTF16((__le16 *)server, ses->serverName, len,
580*4882a593Smuzhiyun nls_cp);
581*4882a593Smuzhiyun rc =
582*4882a593Smuzhiyun crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
583*4882a593Smuzhiyun (char *)server, 2 * len);
584*4882a593Smuzhiyun kfree(server);
585*4882a593Smuzhiyun if (rc) {
586*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with server\n",
587*4882a593Smuzhiyun __func__);
588*4882a593Smuzhiyun return rc;
589*4882a593Smuzhiyun }
590*4882a593Smuzhiyun }
591*4882a593Smuzhiyun
592*4882a593Smuzhiyun rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
593*4882a593Smuzhiyun ntlmv2_hash);
594*4882a593Smuzhiyun if (rc)
595*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
596*4882a593Smuzhiyun
597*4882a593Smuzhiyun return rc;
598*4882a593Smuzhiyun }
599*4882a593Smuzhiyun
600*4882a593Smuzhiyun static int
CalcNTLMv2_response(const struct cifs_ses * ses,char * ntlmv2_hash)601*4882a593Smuzhiyun CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash)
602*4882a593Smuzhiyun {
603*4882a593Smuzhiyun int rc;
604*4882a593Smuzhiyun struct ntlmv2_resp *ntlmv2 = (struct ntlmv2_resp *)
605*4882a593Smuzhiyun (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
606*4882a593Smuzhiyun unsigned int hash_len;
607*4882a593Smuzhiyun
608*4882a593Smuzhiyun /* The MD5 hash starts at challenge_key.key */
609*4882a593Smuzhiyun hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE +
610*4882a593Smuzhiyun offsetof(struct ntlmv2_resp, challenge.key[0]));
611*4882a593Smuzhiyun
612*4882a593Smuzhiyun if (!ses->server->secmech.sdeschmacmd5) {
613*4882a593Smuzhiyun cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
614*4882a593Smuzhiyun return -1;
615*4882a593Smuzhiyun }
616*4882a593Smuzhiyun
617*4882a593Smuzhiyun rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
618*4882a593Smuzhiyun ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
619*4882a593Smuzhiyun if (rc) {
620*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
621*4882a593Smuzhiyun __func__);
622*4882a593Smuzhiyun return rc;
623*4882a593Smuzhiyun }
624*4882a593Smuzhiyun
625*4882a593Smuzhiyun rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
626*4882a593Smuzhiyun if (rc) {
627*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
628*4882a593Smuzhiyun return rc;
629*4882a593Smuzhiyun }
630*4882a593Smuzhiyun
631*4882a593Smuzhiyun if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED)
632*4882a593Smuzhiyun memcpy(ntlmv2->challenge.key,
633*4882a593Smuzhiyun ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
634*4882a593Smuzhiyun else
635*4882a593Smuzhiyun memcpy(ntlmv2->challenge.key,
636*4882a593Smuzhiyun ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
637*4882a593Smuzhiyun rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
638*4882a593Smuzhiyun ntlmv2->challenge.key, hash_len);
639*4882a593Smuzhiyun if (rc) {
640*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
641*4882a593Smuzhiyun return rc;
642*4882a593Smuzhiyun }
643*4882a593Smuzhiyun
644*4882a593Smuzhiyun /* Note that the MD5 digest over writes anon.challenge_key.key */
645*4882a593Smuzhiyun rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
646*4882a593Smuzhiyun ntlmv2->ntlmv2_hash);
647*4882a593Smuzhiyun if (rc)
648*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
649*4882a593Smuzhiyun
650*4882a593Smuzhiyun return rc;
651*4882a593Smuzhiyun }
652*4882a593Smuzhiyun
653*4882a593Smuzhiyun int
setup_ntlmv2_rsp(struct cifs_ses * ses,const struct nls_table * nls_cp)654*4882a593Smuzhiyun setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
655*4882a593Smuzhiyun {
656*4882a593Smuzhiyun int rc;
657*4882a593Smuzhiyun int baselen;
658*4882a593Smuzhiyun unsigned int tilen;
659*4882a593Smuzhiyun struct ntlmv2_resp *ntlmv2;
660*4882a593Smuzhiyun char ntlmv2_hash[16];
661*4882a593Smuzhiyun unsigned char *tiblob = NULL; /* target info blob */
662*4882a593Smuzhiyun __le64 rsp_timestamp;
663*4882a593Smuzhiyun
664*4882a593Smuzhiyun if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
665*4882a593Smuzhiyun if (!ses->domainName) {
666*4882a593Smuzhiyun if (ses->domainAuto) {
667*4882a593Smuzhiyun rc = find_domain_name(ses, nls_cp);
668*4882a593Smuzhiyun if (rc) {
669*4882a593Smuzhiyun cifs_dbg(VFS, "error %d finding domain name\n",
670*4882a593Smuzhiyun rc);
671*4882a593Smuzhiyun goto setup_ntlmv2_rsp_ret;
672*4882a593Smuzhiyun }
673*4882a593Smuzhiyun } else {
674*4882a593Smuzhiyun ses->domainName = kstrdup("", GFP_KERNEL);
675*4882a593Smuzhiyun }
676*4882a593Smuzhiyun }
677*4882a593Smuzhiyun } else {
678*4882a593Smuzhiyun rc = build_avpair_blob(ses, nls_cp);
679*4882a593Smuzhiyun if (rc) {
680*4882a593Smuzhiyun cifs_dbg(VFS, "error %d building av pair blob\n", rc);
681*4882a593Smuzhiyun goto setup_ntlmv2_rsp_ret;
682*4882a593Smuzhiyun }
683*4882a593Smuzhiyun }
684*4882a593Smuzhiyun
685*4882a593Smuzhiyun /* Must be within 5 minutes of the server (or in range +/-2h
686*4882a593Smuzhiyun * in case of Mac OS X), so simply carry over server timestamp
687*4882a593Smuzhiyun * (as Windows 7 does)
688*4882a593Smuzhiyun */
689*4882a593Smuzhiyun rsp_timestamp = find_timestamp(ses);
690*4882a593Smuzhiyun
691*4882a593Smuzhiyun baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
692*4882a593Smuzhiyun tilen = ses->auth_key.len;
693*4882a593Smuzhiyun tiblob = ses->auth_key.response;
694*4882a593Smuzhiyun
695*4882a593Smuzhiyun ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL);
696*4882a593Smuzhiyun if (!ses->auth_key.response) {
697*4882a593Smuzhiyun rc = -ENOMEM;
698*4882a593Smuzhiyun ses->auth_key.len = 0;
699*4882a593Smuzhiyun goto setup_ntlmv2_rsp_ret;
700*4882a593Smuzhiyun }
701*4882a593Smuzhiyun ses->auth_key.len += baselen;
702*4882a593Smuzhiyun
703*4882a593Smuzhiyun ntlmv2 = (struct ntlmv2_resp *)
704*4882a593Smuzhiyun (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
705*4882a593Smuzhiyun ntlmv2->blob_signature = cpu_to_le32(0x00000101);
706*4882a593Smuzhiyun ntlmv2->reserved = 0;
707*4882a593Smuzhiyun ntlmv2->time = rsp_timestamp;
708*4882a593Smuzhiyun
709*4882a593Smuzhiyun get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
710*4882a593Smuzhiyun ntlmv2->reserved2 = 0;
711*4882a593Smuzhiyun
712*4882a593Smuzhiyun memcpy(ses->auth_key.response + baselen, tiblob, tilen);
713*4882a593Smuzhiyun
714*4882a593Smuzhiyun mutex_lock(&ses->server->srv_mutex);
715*4882a593Smuzhiyun
716*4882a593Smuzhiyun rc = cifs_alloc_hash("hmac(md5)",
717*4882a593Smuzhiyun &ses->server->secmech.hmacmd5,
718*4882a593Smuzhiyun &ses->server->secmech.sdeschmacmd5);
719*4882a593Smuzhiyun if (rc) {
720*4882a593Smuzhiyun goto unlock;
721*4882a593Smuzhiyun }
722*4882a593Smuzhiyun
723*4882a593Smuzhiyun /* calculate ntlmv2_hash */
724*4882a593Smuzhiyun rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
725*4882a593Smuzhiyun if (rc) {
726*4882a593Smuzhiyun cifs_dbg(VFS, "Could not get v2 hash rc %d\n", rc);
727*4882a593Smuzhiyun goto unlock;
728*4882a593Smuzhiyun }
729*4882a593Smuzhiyun
730*4882a593Smuzhiyun /* calculate first part of the client response (CR1) */
731*4882a593Smuzhiyun rc = CalcNTLMv2_response(ses, ntlmv2_hash);
732*4882a593Smuzhiyun if (rc) {
733*4882a593Smuzhiyun cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc);
734*4882a593Smuzhiyun goto unlock;
735*4882a593Smuzhiyun }
736*4882a593Smuzhiyun
737*4882a593Smuzhiyun /* now calculate the session key for NTLMv2 */
738*4882a593Smuzhiyun rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
739*4882a593Smuzhiyun ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
740*4882a593Smuzhiyun if (rc) {
741*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
742*4882a593Smuzhiyun __func__);
743*4882a593Smuzhiyun goto unlock;
744*4882a593Smuzhiyun }
745*4882a593Smuzhiyun
746*4882a593Smuzhiyun rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
747*4882a593Smuzhiyun if (rc) {
748*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
749*4882a593Smuzhiyun goto unlock;
750*4882a593Smuzhiyun }
751*4882a593Smuzhiyun
752*4882a593Smuzhiyun rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
753*4882a593Smuzhiyun ntlmv2->ntlmv2_hash,
754*4882a593Smuzhiyun CIFS_HMAC_MD5_HASH_SIZE);
755*4882a593Smuzhiyun if (rc) {
756*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
757*4882a593Smuzhiyun goto unlock;
758*4882a593Smuzhiyun }
759*4882a593Smuzhiyun
760*4882a593Smuzhiyun rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
761*4882a593Smuzhiyun ses->auth_key.response);
762*4882a593Smuzhiyun if (rc)
763*4882a593Smuzhiyun cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
764*4882a593Smuzhiyun
765*4882a593Smuzhiyun unlock:
766*4882a593Smuzhiyun mutex_unlock(&ses->server->srv_mutex);
767*4882a593Smuzhiyun setup_ntlmv2_rsp_ret:
768*4882a593Smuzhiyun kfree(tiblob);
769*4882a593Smuzhiyun
770*4882a593Smuzhiyun return rc;
771*4882a593Smuzhiyun }
772*4882a593Smuzhiyun
773*4882a593Smuzhiyun int
calc_seckey(struct cifs_ses * ses)774*4882a593Smuzhiyun calc_seckey(struct cifs_ses *ses)
775*4882a593Smuzhiyun {
776*4882a593Smuzhiyun unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
777*4882a593Smuzhiyun struct arc4_ctx *ctx_arc4;
778*4882a593Smuzhiyun
779*4882a593Smuzhiyun if (fips_enabled)
780*4882a593Smuzhiyun return -ENODEV;
781*4882a593Smuzhiyun
782*4882a593Smuzhiyun get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
783*4882a593Smuzhiyun
784*4882a593Smuzhiyun ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
785*4882a593Smuzhiyun if (!ctx_arc4) {
786*4882a593Smuzhiyun cifs_dbg(VFS, "Could not allocate arc4 context\n");
787*4882a593Smuzhiyun return -ENOMEM;
788*4882a593Smuzhiyun }
789*4882a593Smuzhiyun
790*4882a593Smuzhiyun arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
791*4882a593Smuzhiyun arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
792*4882a593Smuzhiyun CIFS_CPHTXT_SIZE);
793*4882a593Smuzhiyun
794*4882a593Smuzhiyun /* make secondary_key/nonce as session key */
795*4882a593Smuzhiyun memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
796*4882a593Smuzhiyun /* and make len as that of session key only */
797*4882a593Smuzhiyun ses->auth_key.len = CIFS_SESS_KEY_SIZE;
798*4882a593Smuzhiyun
799*4882a593Smuzhiyun memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
800*4882a593Smuzhiyun kfree_sensitive(ctx_arc4);
801*4882a593Smuzhiyun return 0;
802*4882a593Smuzhiyun }
803*4882a593Smuzhiyun
804*4882a593Smuzhiyun void
cifs_crypto_secmech_release(struct TCP_Server_Info * server)805*4882a593Smuzhiyun cifs_crypto_secmech_release(struct TCP_Server_Info *server)
806*4882a593Smuzhiyun {
807*4882a593Smuzhiyun if (server->secmech.cmacaes) {
808*4882a593Smuzhiyun crypto_free_shash(server->secmech.cmacaes);
809*4882a593Smuzhiyun server->secmech.cmacaes = NULL;
810*4882a593Smuzhiyun }
811*4882a593Smuzhiyun
812*4882a593Smuzhiyun if (server->secmech.hmacsha256) {
813*4882a593Smuzhiyun crypto_free_shash(server->secmech.hmacsha256);
814*4882a593Smuzhiyun server->secmech.hmacsha256 = NULL;
815*4882a593Smuzhiyun }
816*4882a593Smuzhiyun
817*4882a593Smuzhiyun if (server->secmech.md5) {
818*4882a593Smuzhiyun crypto_free_shash(server->secmech.md5);
819*4882a593Smuzhiyun server->secmech.md5 = NULL;
820*4882a593Smuzhiyun }
821*4882a593Smuzhiyun
822*4882a593Smuzhiyun if (server->secmech.sha512) {
823*4882a593Smuzhiyun crypto_free_shash(server->secmech.sha512);
824*4882a593Smuzhiyun server->secmech.sha512 = NULL;
825*4882a593Smuzhiyun }
826*4882a593Smuzhiyun
827*4882a593Smuzhiyun if (server->secmech.hmacmd5) {
828*4882a593Smuzhiyun crypto_free_shash(server->secmech.hmacmd5);
829*4882a593Smuzhiyun server->secmech.hmacmd5 = NULL;
830*4882a593Smuzhiyun }
831*4882a593Smuzhiyun
832*4882a593Smuzhiyun if (server->secmech.ccmaesencrypt) {
833*4882a593Smuzhiyun crypto_free_aead(server->secmech.ccmaesencrypt);
834*4882a593Smuzhiyun server->secmech.ccmaesencrypt = NULL;
835*4882a593Smuzhiyun }
836*4882a593Smuzhiyun
837*4882a593Smuzhiyun if (server->secmech.ccmaesdecrypt) {
838*4882a593Smuzhiyun crypto_free_aead(server->secmech.ccmaesdecrypt);
839*4882a593Smuzhiyun server->secmech.ccmaesdecrypt = NULL;
840*4882a593Smuzhiyun }
841*4882a593Smuzhiyun
842*4882a593Smuzhiyun kfree(server->secmech.sdesccmacaes);
843*4882a593Smuzhiyun server->secmech.sdesccmacaes = NULL;
844*4882a593Smuzhiyun kfree(server->secmech.sdeschmacsha256);
845*4882a593Smuzhiyun server->secmech.sdeschmacsha256 = NULL;
846*4882a593Smuzhiyun kfree(server->secmech.sdeschmacmd5);
847*4882a593Smuzhiyun server->secmech.sdeschmacmd5 = NULL;
848*4882a593Smuzhiyun kfree(server->secmech.sdescmd5);
849*4882a593Smuzhiyun server->secmech.sdescmd5 = NULL;
850*4882a593Smuzhiyun kfree(server->secmech.sdescsha512);
851*4882a593Smuzhiyun server->secmech.sdescsha512 = NULL;
852*4882a593Smuzhiyun }
853