| 1 | /* |
| 2 | * fs/cifs/cifsencrypt.c |
| 3 | * |
| 4 | * Copyright (C) International Business Machines Corp., 2005,2006 |
| 5 | * Author(s): Steve French (sfrench@us.ibm.com) |
| 6 | * |
| 7 | * This library is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU Lesser General Public License as published |
| 9 | * by the Free Software Foundation; either version 2.1 of the License, or |
| 10 | * (at your option) any later version. |
| 11 | * |
| 12 | * This library is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| 15 | * the GNU Lesser General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU Lesser General Public License |
| 18 | * along with this library; if not, write to the Free Software |
| 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 20 | */ |
| 21 | |
| 22 | #include <linux/fs.h> |
| 23 | #include <linux/slab.h> |
| 24 | #include "cifspdu.h" |
| 25 | #include "cifsglob.h" |
| 26 | #include "cifs_debug.h" |
| 27 | #include "cifs_unicode.h" |
| 28 | #include "cifsproto.h" |
| 29 | #include "ntlmssp.h" |
| 30 | #include <linux/ctype.h> |
| 31 | #include <linux/random.h> |
| 32 | #include <linux/highmem.h> |
| 33 | |
| 34 | /* |
| 35 | * Calculate and return the CIFS signature based on the mac key and SMB PDU. |
| 36 | * The 16 byte signature must be allocated by the caller. Note we only use the |
| 37 | * 1st eight bytes and that the smb header signature field on input contains |
| 38 | * the sequence number before this function is called. Also, this function |
| 39 | * should be called with the server->srv_mutex held. |
| 40 | */ |
| 41 | static int cifs_calc_signature(struct smb_rqst *rqst, |
| 42 | struct TCP_Server_Info *server, char *signature) |
| 43 | { |
| 44 | int i; |
| 45 | int rc; |
| 46 | struct kvec *iov = rqst->rq_iov; |
| 47 | int n_vec = rqst->rq_nvec; |
| 48 | |
| 49 | if (iov == NULL || signature == NULL || server == NULL) |
| 50 | return -EINVAL; |
| 51 | |
| 52 | if (!server->secmech.sdescmd5) { |
| 53 | cERROR(1, "%s: Can't generate signature", __func__); |
| 54 | return -1; |
| 55 | } |
| 56 | |
| 57 | rc = crypto_shash_init(&server->secmech.sdescmd5->shash); |
| 58 | if (rc) { |
| 59 | cERROR(1, "%s: Could not init md5", __func__); |
| 60 | return rc; |
| 61 | } |
| 62 | |
| 63 | rc = crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 64 | server->session_key.response, server->session_key.len); |
| 65 | if (rc) { |
| 66 | cERROR(1, "%s: Could not update with response", __func__); |
| 67 | return rc; |
| 68 | } |
| 69 | |
| 70 | for (i = 0; i < n_vec; i++) { |
| 71 | if (iov[i].iov_len == 0) |
| 72 | continue; |
| 73 | if (iov[i].iov_base == NULL) { |
| 74 | cERROR(1, "null iovec entry"); |
| 75 | return -EIO; |
| 76 | } |
| 77 | /* The first entry includes a length field (which does not get |
| 78 | signed that occupies the first 4 bytes before the header */ |
| 79 | if (i == 0) { |
| 80 | if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ |
| 81 | break; /* nothing to sign or corrupt header */ |
| 82 | rc = |
| 83 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 84 | iov[i].iov_base + 4, iov[i].iov_len - 4); |
| 85 | } else { |
| 86 | rc = |
| 87 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 88 | iov[i].iov_base, iov[i].iov_len); |
| 89 | } |
| 90 | if (rc) { |
| 91 | cERROR(1, "%s: Could not update with payload", |
| 92 | __func__); |
| 93 | return rc; |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | /* now hash over the rq_pages array */ |
| 98 | for (i = 0; i < rqst->rq_npages; i++) { |
| 99 | struct kvec p_iov; |
| 100 | |
| 101 | cifs_rqst_page_to_kvec(rqst, i, &p_iov); |
| 102 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 103 | p_iov.iov_base, p_iov.iov_len); |
| 104 | kunmap(rqst->rq_pages[i]); |
| 105 | } |
| 106 | |
| 107 | rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); |
| 108 | if (rc) |
| 109 | cERROR(1, "%s: Could not generate md5 hash", __func__); |
| 110 | |
| 111 | return rc; |
| 112 | } |
| 113 | |
| 114 | /* must be called with server->srv_mutex held */ |
| 115 | int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server, |
| 116 | __u32 *pexpected_response_sequence_number) |
| 117 | { |
| 118 | int rc = 0; |
| 119 | char smb_signature[20]; |
| 120 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; |
| 121 | |
| 122 | if ((cifs_pdu == NULL) || (server == NULL)) |
| 123 | return -EINVAL; |
| 124 | |
| 125 | if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || |
| 126 | server->tcpStatus == CifsNeedNegotiate) |
| 127 | return rc; |
| 128 | |
| 129 | if (!server->session_estab) { |
| 130 | memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); |
| 131 | return rc; |
| 132 | } |
| 133 | |
| 134 | cifs_pdu->Signature.Sequence.SequenceNumber = |
| 135 | cpu_to_le32(server->sequence_number); |
| 136 | cifs_pdu->Signature.Sequence.Reserved = 0; |
| 137 | |
| 138 | *pexpected_response_sequence_number = server->sequence_number++; |
| 139 | server->sequence_number++; |
| 140 | |
| 141 | rc = cifs_calc_signature(rqst, server, smb_signature); |
| 142 | if (rc) |
| 143 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
| 144 | else |
| 145 | memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); |
| 146 | |
| 147 | return rc; |
| 148 | } |
| 149 | |
| 150 | int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, |
| 151 | __u32 *pexpected_response_sequence) |
| 152 | { |
| 153 | struct smb_rqst rqst = { .rq_iov = iov, |
| 154 | .rq_nvec = n_vec }; |
| 155 | |
| 156 | return cifs_sign_rqst(&rqst, server, pexpected_response_sequence); |
| 157 | } |
| 158 | |
| 159 | /* must be called with server->srv_mutex held */ |
| 160 | int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, |
| 161 | __u32 *pexpected_response_sequence_number) |
| 162 | { |
| 163 | struct kvec iov; |
| 164 | |
| 165 | iov.iov_base = cifs_pdu; |
| 166 | iov.iov_len = be32_to_cpu(cifs_pdu->smb_buf_length) + 4; |
| 167 | |
| 168 | return cifs_sign_smbv(&iov, 1, server, |
| 169 | pexpected_response_sequence_number); |
| 170 | } |
| 171 | |
| 172 | int cifs_verify_signature(struct smb_rqst *rqst, |
| 173 | struct TCP_Server_Info *server, |
| 174 | __u32 expected_sequence_number) |
| 175 | { |
| 176 | unsigned int rc; |
| 177 | char server_response_sig[8]; |
| 178 | char what_we_think_sig_should_be[20]; |
| 179 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; |
| 180 | |
| 181 | if (cifs_pdu == NULL || server == NULL) |
| 182 | return -EINVAL; |
| 183 | |
| 184 | if (!server->session_estab) |
| 185 | return 0; |
| 186 | |
| 187 | if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) { |
| 188 | struct smb_com_lock_req *pSMB = |
| 189 | (struct smb_com_lock_req *)cifs_pdu; |
| 190 | if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE) |
| 191 | return 0; |
| 192 | } |
| 193 | |
| 194 | /* BB what if signatures are supposed to be on for session but |
| 195 | server does not send one? BB */ |
| 196 | |
| 197 | /* Do not need to verify session setups with signature "BSRSPYL " */ |
| 198 | if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0) |
| 199 | cFYI(1, "dummy signature received for smb command 0x%x", |
| 200 | cifs_pdu->Command); |
| 201 | |
| 202 | /* save off the origiginal signature so we can modify the smb and check |
| 203 | its signature against what the server sent */ |
| 204 | memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8); |
| 205 | |
| 206 | cifs_pdu->Signature.Sequence.SequenceNumber = |
| 207 | cpu_to_le32(expected_sequence_number); |
| 208 | cifs_pdu->Signature.Sequence.Reserved = 0; |
| 209 | |
| 210 | mutex_lock(&server->srv_mutex); |
| 211 | rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be); |
| 212 | mutex_unlock(&server->srv_mutex); |
| 213 | |
| 214 | if (rc) |
| 215 | return rc; |
| 216 | |
| 217 | /* cifs_dump_mem("what we think it should be: ", |
| 218 | what_we_think_sig_should_be, 16); */ |
| 219 | |
| 220 | if (memcmp(server_response_sig, what_we_think_sig_should_be, 8)) |
| 221 | return -EACCES; |
| 222 | else |
| 223 | return 0; |
| 224 | |
| 225 | } |
| 226 | |
| 227 | /* first calculate 24 bytes ntlm response and then 16 byte session key */ |
| 228 | int setup_ntlm_response(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 229 | { |
| 230 | int rc = 0; |
| 231 | unsigned int temp_len = CIFS_SESS_KEY_SIZE + CIFS_AUTH_RESP_SIZE; |
| 232 | char temp_key[CIFS_SESS_KEY_SIZE]; |
| 233 | |
| 234 | if (!ses) |
| 235 | return -EINVAL; |
| 236 | |
| 237 | ses->auth_key.response = kmalloc(temp_len, GFP_KERNEL); |
| 238 | if (!ses->auth_key.response) { |
| 239 | cERROR(1, "NTLM can't allocate (%u bytes) memory", temp_len); |
| 240 | return -ENOMEM; |
| 241 | } |
| 242 | ses->auth_key.len = temp_len; |
| 243 | |
| 244 | rc = SMBNTencrypt(ses->password, ses->server->cryptkey, |
| 245 | ses->auth_key.response + CIFS_SESS_KEY_SIZE, nls_cp); |
| 246 | if (rc) { |
| 247 | cFYI(1, "%s Can't generate NTLM response, error: %d", |
| 248 | __func__, rc); |
| 249 | return rc; |
| 250 | } |
| 251 | |
| 252 | rc = E_md4hash(ses->password, temp_key, nls_cp); |
| 253 | if (rc) { |
| 254 | cFYI(1, "%s Can't generate NT hash, error: %d", __func__, rc); |
| 255 | return rc; |
| 256 | } |
| 257 | |
| 258 | rc = mdfour(ses->auth_key.response, temp_key, CIFS_SESS_KEY_SIZE); |
| 259 | if (rc) |
| 260 | cFYI(1, "%s Can't generate NTLM session key, error: %d", |
| 261 | __func__, rc); |
| 262 | |
| 263 | return rc; |
| 264 | } |
| 265 | |
| 266 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 267 | int calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, |
| 268 | char *lnm_session_key) |
| 269 | { |
| 270 | int i; |
| 271 | int rc; |
| 272 | char password_with_pad[CIFS_ENCPWD_SIZE]; |
| 273 | |
| 274 | memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); |
| 275 | if (password) |
| 276 | strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); |
| 277 | |
| 278 | if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) { |
| 279 | memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE); |
| 280 | memcpy(lnm_session_key, password_with_pad, |
| 281 | CIFS_ENCPWD_SIZE); |
| 282 | return 0; |
| 283 | } |
| 284 | |
| 285 | /* calculate old style session key */ |
| 286 | /* calling toupper is less broken than repeatedly |
| 287 | calling nls_toupper would be since that will never |
| 288 | work for UTF8, but neither handles multibyte code pages |
| 289 | but the only alternative would be converting to UCS-16 (Unicode) |
| 290 | (using a routine something like UniStrupr) then |
| 291 | uppercasing and then converting back from Unicode - which |
| 292 | would only worth doing it if we knew it were utf8. Basically |
| 293 | utf8 and other multibyte codepages each need their own strupper |
| 294 | function since a byte at a time will ont work. */ |
| 295 | |
| 296 | for (i = 0; i < CIFS_ENCPWD_SIZE; i++) |
| 297 | password_with_pad[i] = toupper(password_with_pad[i]); |
| 298 | |
| 299 | rc = SMBencrypt(password_with_pad, cryptkey, lnm_session_key); |
| 300 | |
| 301 | return rc; |
| 302 | } |
| 303 | #endif /* CIFS_WEAK_PW_HASH */ |
| 304 | |
| 305 | /* Build a proper attribute value/target info pairs blob. |
| 306 | * Fill in netbios and dns domain name and workstation name |
| 307 | * and client time (total five av pairs and + one end of fields indicator. |
| 308 | * Allocate domain name which gets freed when session struct is deallocated. |
| 309 | */ |
| 310 | static int |
| 311 | build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 312 | { |
| 313 | unsigned int dlen; |
| 314 | unsigned int size = 2 * sizeof(struct ntlmssp2_name); |
| 315 | char *defdmname = "WORKGROUP"; |
| 316 | unsigned char *blobptr; |
| 317 | struct ntlmssp2_name *attrptr; |
| 318 | |
| 319 | if (!ses->domainName) { |
| 320 | ses->domainName = kstrdup(defdmname, GFP_KERNEL); |
| 321 | if (!ses->domainName) |
| 322 | return -ENOMEM; |
| 323 | } |
| 324 | |
| 325 | dlen = strlen(ses->domainName); |
| 326 | |
| 327 | /* |
| 328 | * The length of this blob is two times the size of a |
| 329 | * structure (av pair) which holds name/size |
| 330 | * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + |
| 331 | * unicode length of a netbios domain name |
| 332 | */ |
| 333 | ses->auth_key.len = size + 2 * dlen; |
| 334 | ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); |
| 335 | if (!ses->auth_key.response) { |
| 336 | ses->auth_key.len = 0; |
| 337 | cERROR(1, "Challenge target info allocation failure"); |
| 338 | return -ENOMEM; |
| 339 | } |
| 340 | |
| 341 | blobptr = ses->auth_key.response; |
| 342 | attrptr = (struct ntlmssp2_name *) blobptr; |
| 343 | |
| 344 | /* |
| 345 | * As defined in MS-NTLM 3.3.2, just this av pair field |
| 346 | * is sufficient as part of the temp |
| 347 | */ |
| 348 | attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME); |
| 349 | attrptr->length = cpu_to_le16(2 * dlen); |
| 350 | blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); |
| 351 | cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp); |
| 352 | |
| 353 | return 0; |
| 354 | } |
| 355 | |
| 356 | /* Server has provided av pairs/target info in the type 2 challenge |
| 357 | * packet and we have plucked it and stored within smb session. |
| 358 | * We parse that blob here to find netbios domain name to be used |
| 359 | * as part of ntlmv2 authentication (in Target String), if not already |
| 360 | * specified on the command line. |
| 361 | * If this function returns without any error but without fetching |
| 362 | * domain name, authentication may fail against some server but |
| 363 | * may not fail against other (those who are not very particular |
| 364 | * about target string i.e. for some, just user name might suffice. |
| 365 | */ |
| 366 | static int |
| 367 | find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 368 | { |
| 369 | unsigned int attrsize; |
| 370 | unsigned int type; |
| 371 | unsigned int onesize = sizeof(struct ntlmssp2_name); |
| 372 | unsigned char *blobptr; |
| 373 | unsigned char *blobend; |
| 374 | struct ntlmssp2_name *attrptr; |
| 375 | |
| 376 | if (!ses->auth_key.len || !ses->auth_key.response) |
| 377 | return 0; |
| 378 | |
| 379 | blobptr = ses->auth_key.response; |
| 380 | blobend = blobptr + ses->auth_key.len; |
| 381 | |
| 382 | while (blobptr + onesize < blobend) { |
| 383 | attrptr = (struct ntlmssp2_name *) blobptr; |
| 384 | type = le16_to_cpu(attrptr->type); |
| 385 | if (type == NTLMSSP_AV_EOL) |
| 386 | break; |
| 387 | blobptr += 2; /* advance attr type */ |
| 388 | attrsize = le16_to_cpu(attrptr->length); |
| 389 | blobptr += 2; /* advance attr size */ |
| 390 | if (blobptr + attrsize > blobend) |
| 391 | break; |
| 392 | if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { |
| 393 | if (!attrsize) |
| 394 | break; |
| 395 | if (!ses->domainName) { |
| 396 | ses->domainName = |
| 397 | kmalloc(attrsize + 1, GFP_KERNEL); |
| 398 | if (!ses->domainName) |
| 399 | return -ENOMEM; |
| 400 | cifs_from_utf16(ses->domainName, |
| 401 | (__le16 *)blobptr, attrsize, attrsize, |
| 402 | nls_cp, false); |
| 403 | break; |
| 404 | } |
| 405 | } |
| 406 | blobptr += attrsize; /* advance attr value */ |
| 407 | } |
| 408 | |
| 409 | return 0; |
| 410 | } |
| 411 | |
| 412 | static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash, |
| 413 | const struct nls_table *nls_cp) |
| 414 | { |
| 415 | int rc = 0; |
| 416 | int len; |
| 417 | char nt_hash[CIFS_NTHASH_SIZE]; |
| 418 | wchar_t *user; |
| 419 | wchar_t *domain; |
| 420 | wchar_t *server; |
| 421 | |
| 422 | if (!ses->server->secmech.sdeschmacmd5) { |
| 423 | cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash"); |
| 424 | return -1; |
| 425 | } |
| 426 | |
| 427 | /* calculate md4 hash of password */ |
| 428 | E_md4hash(ses->password, nt_hash, nls_cp); |
| 429 | |
| 430 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash, |
| 431 | CIFS_NTHASH_SIZE); |
| 432 | if (rc) { |
| 433 | cERROR(1, "%s: Could not set NT Hash as a key", __func__); |
| 434 | return rc; |
| 435 | } |
| 436 | |
| 437 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 438 | if (rc) { |
| 439 | cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5"); |
| 440 | return rc; |
| 441 | } |
| 442 | |
| 443 | /* convert ses->user_name to unicode and uppercase */ |
| 444 | len = ses->user_name ? strlen(ses->user_name) : 0; |
| 445 | user = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 446 | if (user == NULL) { |
| 447 | cERROR(1, "calc_ntlmv2_hash: user mem alloc failure"); |
| 448 | rc = -ENOMEM; |
| 449 | return rc; |
| 450 | } |
| 451 | |
| 452 | if (len) { |
| 453 | len = cifs_strtoUTF16((__le16 *)user, ses->user_name, len, nls_cp); |
| 454 | UniStrupr(user); |
| 455 | } else { |
| 456 | memset(user, '\0', 2); |
| 457 | } |
| 458 | |
| 459 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 460 | (char *)user, 2 * len); |
| 461 | kfree(user); |
| 462 | if (rc) { |
| 463 | cERROR(1, "%s: Could not update with user", __func__); |
| 464 | return rc; |
| 465 | } |
| 466 | |
| 467 | /* convert ses->domainName to unicode and uppercase */ |
| 468 | if (ses->domainName) { |
| 469 | len = strlen(ses->domainName); |
| 470 | |
| 471 | domain = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 472 | if (domain == NULL) { |
| 473 | cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure"); |
| 474 | rc = -ENOMEM; |
| 475 | return rc; |
| 476 | } |
| 477 | len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len, |
| 478 | nls_cp); |
| 479 | rc = |
| 480 | crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 481 | (char *)domain, 2 * len); |
| 482 | kfree(domain); |
| 483 | if (rc) { |
| 484 | cERROR(1, "%s: Could not update with domain", |
| 485 | __func__); |
| 486 | return rc; |
| 487 | } |
| 488 | } else if (ses->serverName) { |
| 489 | len = strlen(ses->serverName); |
| 490 | |
| 491 | server = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 492 | if (server == NULL) { |
| 493 | cERROR(1, "calc_ntlmv2_hash: server mem alloc failure"); |
| 494 | rc = -ENOMEM; |
| 495 | return rc; |
| 496 | } |
| 497 | len = cifs_strtoUTF16((__le16 *)server, ses->serverName, len, |
| 498 | nls_cp); |
| 499 | rc = |
| 500 | crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 501 | (char *)server, 2 * len); |
| 502 | kfree(server); |
| 503 | if (rc) { |
| 504 | cERROR(1, "%s: Could not update with server", |
| 505 | __func__); |
| 506 | return rc; |
| 507 | } |
| 508 | } |
| 509 | |
| 510 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 511 | ntlmv2_hash); |
| 512 | if (rc) |
| 513 | cERROR(1, "%s: Could not generate md5 hash", __func__); |
| 514 | |
| 515 | return rc; |
| 516 | } |
| 517 | |
| 518 | static int |
| 519 | CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) |
| 520 | { |
| 521 | int rc; |
| 522 | unsigned int offset = CIFS_SESS_KEY_SIZE + 8; |
| 523 | |
| 524 | if (!ses->server->secmech.sdeschmacmd5) { |
| 525 | cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash"); |
| 526 | return -1; |
| 527 | } |
| 528 | |
| 529 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, |
| 530 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); |
| 531 | if (rc) { |
| 532 | cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__); |
| 533 | return rc; |
| 534 | } |
| 535 | |
| 536 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 537 | if (rc) { |
| 538 | cERROR(1, "CalcNTLMv2_response: could not init hmacmd5"); |
| 539 | return rc; |
| 540 | } |
| 541 | |
| 542 | if (ses->server->secType == RawNTLMSSP) |
| 543 | memcpy(ses->auth_key.response + offset, |
| 544 | ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 545 | else |
| 546 | memcpy(ses->auth_key.response + offset, |
| 547 | ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 548 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 549 | ses->auth_key.response + offset, ses->auth_key.len - offset); |
| 550 | if (rc) { |
| 551 | cERROR(1, "%s: Could not update with response", __func__); |
| 552 | return rc; |
| 553 | } |
| 554 | |
| 555 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 556 | ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
| 557 | if (rc) |
| 558 | cERROR(1, "%s: Could not generate md5 hash", __func__); |
| 559 | |
| 560 | return rc; |
| 561 | } |
| 562 | |
| 563 | |
| 564 | int |
| 565 | setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 566 | { |
| 567 | int rc; |
| 568 | int baselen; |
| 569 | unsigned int tilen; |
| 570 | struct ntlmv2_resp *buf; |
| 571 | char ntlmv2_hash[16]; |
| 572 | unsigned char *tiblob = NULL; /* target info blob */ |
| 573 | |
| 574 | if (ses->server->secType == RawNTLMSSP) { |
| 575 | if (!ses->domainName) { |
| 576 | rc = find_domain_name(ses, nls_cp); |
| 577 | if (rc) { |
| 578 | cERROR(1, "error %d finding domain name", rc); |
| 579 | goto setup_ntlmv2_rsp_ret; |
| 580 | } |
| 581 | } |
| 582 | } else { |
| 583 | rc = build_avpair_blob(ses, nls_cp); |
| 584 | if (rc) { |
| 585 | cERROR(1, "error %d building av pair blob", rc); |
| 586 | goto setup_ntlmv2_rsp_ret; |
| 587 | } |
| 588 | } |
| 589 | |
| 590 | baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp); |
| 591 | tilen = ses->auth_key.len; |
| 592 | tiblob = ses->auth_key.response; |
| 593 | |
| 594 | ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL); |
| 595 | if (!ses->auth_key.response) { |
| 596 | rc = ENOMEM; |
| 597 | ses->auth_key.len = 0; |
| 598 | cERROR(1, "%s: Can't allocate auth blob", __func__); |
| 599 | goto setup_ntlmv2_rsp_ret; |
| 600 | } |
| 601 | ses->auth_key.len += baselen; |
| 602 | |
| 603 | buf = (struct ntlmv2_resp *) |
| 604 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
| 605 | buf->blob_signature = cpu_to_le32(0x00000101); |
| 606 | buf->reserved = 0; |
| 607 | buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); |
| 608 | get_random_bytes(&buf->client_chal, sizeof(buf->client_chal)); |
| 609 | buf->reserved2 = 0; |
| 610 | |
| 611 | memcpy(ses->auth_key.response + baselen, tiblob, tilen); |
| 612 | |
| 613 | /* calculate ntlmv2_hash */ |
| 614 | rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp); |
| 615 | if (rc) { |
| 616 | cERROR(1, "could not get v2 hash rc %d", rc); |
| 617 | goto setup_ntlmv2_rsp_ret; |
| 618 | } |
| 619 | |
| 620 | /* calculate first part of the client response (CR1) */ |
| 621 | rc = CalcNTLMv2_response(ses, ntlmv2_hash); |
| 622 | if (rc) { |
| 623 | cERROR(1, "Could not calculate CR1 rc: %d", rc); |
| 624 | goto setup_ntlmv2_rsp_ret; |
| 625 | } |
| 626 | |
| 627 | /* now calculate the session key for NTLMv2 */ |
| 628 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, |
| 629 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); |
| 630 | if (rc) { |
| 631 | cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__); |
| 632 | goto setup_ntlmv2_rsp_ret; |
| 633 | } |
| 634 | |
| 635 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 636 | if (rc) { |
| 637 | cERROR(1, "%s: Could not init hmacmd5", __func__); |
| 638 | goto setup_ntlmv2_rsp_ret; |
| 639 | } |
| 640 | |
| 641 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 642 | ses->auth_key.response + CIFS_SESS_KEY_SIZE, |
| 643 | CIFS_HMAC_MD5_HASH_SIZE); |
| 644 | if (rc) { |
| 645 | cERROR(1, "%s: Could not update with response", __func__); |
| 646 | goto setup_ntlmv2_rsp_ret; |
| 647 | } |
| 648 | |
| 649 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 650 | ses->auth_key.response); |
| 651 | if (rc) |
| 652 | cERROR(1, "%s: Could not generate md5 hash", __func__); |
| 653 | |
| 654 | setup_ntlmv2_rsp_ret: |
| 655 | kfree(tiblob); |
| 656 | |
| 657 | return rc; |
| 658 | } |
| 659 | |
| 660 | int |
| 661 | calc_seckey(struct cifs_ses *ses) |
| 662 | { |
| 663 | int rc; |
| 664 | struct crypto_blkcipher *tfm_arc4; |
| 665 | struct scatterlist sgin, sgout; |
| 666 | struct blkcipher_desc desc; |
| 667 | unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */ |
| 668 | |
| 669 | get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE); |
| 670 | |
| 671 | tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); |
| 672 | if (IS_ERR(tfm_arc4)) { |
| 673 | rc = PTR_ERR(tfm_arc4); |
| 674 | cERROR(1, "could not allocate crypto API arc4"); |
| 675 | return rc; |
| 676 | } |
| 677 | |
| 678 | desc.tfm = tfm_arc4; |
| 679 | |
| 680 | rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response, |
| 681 | CIFS_SESS_KEY_SIZE); |
| 682 | if (rc) { |
| 683 | cERROR(1, "%s: Could not set response as a key", __func__); |
| 684 | return rc; |
| 685 | } |
| 686 | |
| 687 | sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); |
| 688 | sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); |
| 689 | |
| 690 | rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE); |
| 691 | if (rc) { |
| 692 | cERROR(1, "could not encrypt session key rc: %d", rc); |
| 693 | crypto_free_blkcipher(tfm_arc4); |
| 694 | return rc; |
| 695 | } |
| 696 | |
| 697 | /* make secondary_key/nonce as session key */ |
| 698 | memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE); |
| 699 | /* and make len as that of session key only */ |
| 700 | ses->auth_key.len = CIFS_SESS_KEY_SIZE; |
| 701 | |
| 702 | crypto_free_blkcipher(tfm_arc4); |
| 703 | |
| 704 | return rc; |
| 705 | } |
| 706 | |
| 707 | void |
| 708 | cifs_crypto_shash_release(struct TCP_Server_Info *server) |
| 709 | { |
| 710 | if (server->secmech.hmacsha256) |
| 711 | crypto_free_shash(server->secmech.hmacsha256); |
| 712 | |
| 713 | if (server->secmech.md5) |
| 714 | crypto_free_shash(server->secmech.md5); |
| 715 | |
| 716 | if (server->secmech.hmacmd5) |
| 717 | crypto_free_shash(server->secmech.hmacmd5); |
| 718 | |
| 719 | kfree(server->secmech.sdeschmacsha256); |
| 720 | |
| 721 | kfree(server->secmech.sdeschmacmd5); |
| 722 | |
| 723 | kfree(server->secmech.sdescmd5); |
| 724 | } |
| 725 | |
| 726 | int |
| 727 | cifs_crypto_shash_allocate(struct TCP_Server_Info *server) |
| 728 | { |
| 729 | int rc; |
| 730 | unsigned int size; |
| 731 | |
| 732 | server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0); |
| 733 | if (IS_ERR(server->secmech.hmacmd5)) { |
| 734 | cERROR(1, "could not allocate crypto hmacmd5"); |
| 735 | return PTR_ERR(server->secmech.hmacmd5); |
| 736 | } |
| 737 | |
| 738 | server->secmech.md5 = crypto_alloc_shash("md5", 0, 0); |
| 739 | if (IS_ERR(server->secmech.md5)) { |
| 740 | cERROR(1, "could not allocate crypto md5"); |
| 741 | rc = PTR_ERR(server->secmech.md5); |
| 742 | goto crypto_allocate_md5_fail; |
| 743 | } |
| 744 | |
| 745 | server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0); |
| 746 | if (IS_ERR(server->secmech.hmacsha256)) { |
| 747 | cERROR(1, "could not allocate crypto hmacsha256\n"); |
| 748 | rc = PTR_ERR(server->secmech.hmacsha256); |
| 749 | goto crypto_allocate_hmacsha256_fail; |
| 750 | } |
| 751 | |
| 752 | size = sizeof(struct shash_desc) + |
| 753 | crypto_shash_descsize(server->secmech.hmacmd5); |
| 754 | server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL); |
| 755 | if (!server->secmech.sdeschmacmd5) { |
| 756 | cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5"); |
| 757 | rc = -ENOMEM; |
| 758 | goto crypto_allocate_hmacmd5_sdesc_fail; |
| 759 | } |
| 760 | server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5; |
| 761 | server->secmech.sdeschmacmd5->shash.flags = 0x0; |
| 762 | |
| 763 | size = sizeof(struct shash_desc) + |
| 764 | crypto_shash_descsize(server->secmech.md5); |
| 765 | server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL); |
| 766 | if (!server->secmech.sdescmd5) { |
| 767 | cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5"); |
| 768 | rc = -ENOMEM; |
| 769 | goto crypto_allocate_md5_sdesc_fail; |
| 770 | } |
| 771 | server->secmech.sdescmd5->shash.tfm = server->secmech.md5; |
| 772 | server->secmech.sdescmd5->shash.flags = 0x0; |
| 773 | |
| 774 | size = sizeof(struct shash_desc) + |
| 775 | crypto_shash_descsize(server->secmech.hmacsha256); |
| 776 | server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL); |
| 777 | if (!server->secmech.sdeschmacsha256) { |
| 778 | cERROR(1, "%s: Can't alloc hmacsha256\n", __func__); |
| 779 | rc = -ENOMEM; |
| 780 | goto crypto_allocate_hmacsha256_sdesc_fail; |
| 781 | } |
| 782 | server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256; |
| 783 | server->secmech.sdeschmacsha256->shash.flags = 0x0; |
| 784 | |
| 785 | return 0; |
| 786 | |
| 787 | crypto_allocate_hmacsha256_sdesc_fail: |
| 788 | kfree(server->secmech.sdescmd5); |
| 789 | |
| 790 | crypto_allocate_md5_sdesc_fail: |
| 791 | kfree(server->secmech.sdeschmacmd5); |
| 792 | |
| 793 | crypto_allocate_hmacmd5_sdesc_fail: |
| 794 | crypto_free_shash(server->secmech.hmacsha256); |
| 795 | |
| 796 | crypto_allocate_hmacsha256_fail: |
| 797 | crypto_free_shash(server->secmech.md5); |
| 798 | |
| 799 | crypto_allocate_md5_fail: |
| 800 | crypto_free_shash(server->secmech.hmacmd5); |
| 801 | |
| 802 | return rc; |
| 803 | } |