1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
222 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 struct ksmbd_crypto_ctx *ctx;
225 char *construct = NULL;
228 ctx = ksmbd_crypto_ctx_find_hmacmd5();
230 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
234 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
236 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
240 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
242 CIFS_HMAC_MD5_HASH_SIZE);
244 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
248 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
250 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
254 len = CIFS_CRYPTO_KEY_SIZE + blen;
255 construct = kzalloc(len, GFP_KERNEL);
261 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
264 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
266 ksmbd_debug(AUTH, "Could not update with response\n");
270 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
272 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
276 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
278 ksmbd_debug(AUTH, "Could not generate sess key\n");
282 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
285 ksmbd_release_crypto_ctx(ctx);
291 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
293 * @authblob: authenticate blob source pointer
295 * @sess: session of connection
297 * Return: 0 on success, error number on error
299 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
300 int blob_len, struct ksmbd_conn *conn,
301 struct ksmbd_session *sess)
304 unsigned int nt_off, dn_off;
305 unsigned short nt_len, dn_len;
308 if (blob_len < sizeof(struct authenticate_message)) {
309 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
314 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
315 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
316 authblob->Signature);
320 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
321 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
322 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
323 dn_len = le16_to_cpu(authblob->DomainName.Length);
325 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len)
328 /* TODO : use domain name that imported from configuration file */
329 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
330 dn_len, true, conn->local_nls);
331 if (IS_ERR(domain_name))
332 return PTR_ERR(domain_name);
334 /* process NTLMv2 authentication */
335 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
337 ret = ksmbd_auth_ntlmv2(conn, sess,
338 (struct ntlmv2_resp *)((char *)authblob + nt_off),
339 nt_len - CIFS_ENCPWD_SIZE,
340 domain_name, conn->ntlmssp.cryptkey);
343 /* The recovered secondary session key */
344 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
345 struct arc4_ctx *ctx_arc4;
346 unsigned int sess_key_off, sess_key_len;
348 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
349 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
351 if (blob_len < (u64)sess_key_off + sess_key_len)
354 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
358 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
359 SMB2_NTLMV2_SESSKEY_SIZE);
360 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
361 (char *)authblob + sess_key_off, sess_key_len);
362 kfree_sensitive(ctx_arc4);
369 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
371 * @negblob: negotiate blob source pointer
372 * @rsp: response header pointer to be updated
373 * @sess: session of connection
376 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
377 int blob_len, struct ksmbd_conn *conn)
379 if (blob_len < sizeof(struct negotiate_message)) {
380 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
385 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
386 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
391 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
396 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
398 * @chgblob: challenge blob source pointer to initialize
399 * @rsp: response header pointer to be updated
400 * @sess: session of connection
404 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
405 struct ksmbd_conn *conn)
407 struct target_info *tinfo;
410 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
411 int len, uni_len, conv_len;
412 int cflags = conn->ntlmssp.client_flags;
414 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
415 chgblob->MessageType = NtLmChallenge;
417 flags = NTLMSSP_NEGOTIATE_UNICODE |
418 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
419 NTLMSSP_NEGOTIATE_TARGET_INFO;
421 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
422 flags |= NTLMSSP_NEGOTIATE_SIGN;
423 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
424 NTLMSSP_NEGOTIATE_56);
427 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
428 flags |= NTLMSSP_NEGOTIATE_SEAL;
430 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
431 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
433 if (cflags & NTLMSSP_REQUEST_TARGET)
434 flags |= NTLMSSP_REQUEST_TARGET;
436 if (conn->use_spnego &&
437 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
438 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
440 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
441 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
443 chgblob->NegotiateFlags = cpu_to_le32(flags);
444 len = strlen(ksmbd_netbios_name());
445 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
449 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
451 if (conv_len < 0 || conv_len > len) {
456 uni_len = UNICODE_LEN(conv_len);
458 blob_off = sizeof(struct challenge_message);
459 blob_len = blob_off + uni_len;
461 chgblob->TargetName.Length = cpu_to_le16(uni_len);
462 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
463 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
465 /* Initialize random conn challenge */
466 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
467 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
468 CIFS_CRYPTO_KEY_SIZE);
470 /* Add Target Information to security buffer */
471 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
473 target_name = (__u8 *)chgblob + blob_off;
474 memcpy(target_name, name, uni_len);
475 tinfo = (struct target_info *)(target_name + uni_len);
477 chgblob->TargetInfoArray.Length = 0;
478 /* Add target info list for NetBIOS/DNS settings */
479 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
480 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
481 tinfo->Type = cpu_to_le16(type);
482 tinfo->Length = cpu_to_le16(uni_len);
483 memcpy(tinfo->Content, name, uni_len);
484 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
485 target_info_len += 4 + uni_len;
488 /* Add terminator subblock */
491 target_info_len += 4;
493 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
494 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
495 blob_len += target_info_len;
497 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
501 #ifdef CONFIG_SMB_SERVER_KERBEROS5
502 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
503 int in_len, char *out_blob, int *out_len)
505 struct ksmbd_spnego_authen_response *resp;
506 struct ksmbd_user *user = NULL;
509 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
511 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
515 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
516 ksmbd_debug(AUTH, "krb5 authentication failure\n");
521 if (*out_len <= resp->spnego_blob_len) {
522 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
523 *out_len, resp->spnego_blob_len);
528 if (resp->session_key_len > sizeof(sess->sess_key)) {
529 ksmbd_debug(AUTH, "session key is too long\n");
534 user = ksmbd_alloc_user(&resp->login_response);
536 ksmbd_debug(AUTH, "login failure\n");
542 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
543 memcpy(out_blob, resp->payload + resp->session_key_len,
544 resp->spnego_blob_len);
545 *out_len = resp->spnego_blob_len;
552 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
553 int in_len, char *out_blob, int *out_len)
560 * ksmbd_sign_smb2_pdu() - function to generate packet signing
563 * @iov: buffer iov array
564 * @n_vec: number of iovecs
565 * @sig: signature value generated for client request packet
568 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
569 int n_vec, char *sig)
571 struct ksmbd_crypto_ctx *ctx;
574 ctx = ksmbd_crypto_ctx_find_hmacsha256();
576 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
580 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
582 SMB2_NTLMV2_SESSKEY_SIZE);
586 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
588 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
592 for (i = 0; i < n_vec; i++) {
593 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
597 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
602 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
604 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
606 ksmbd_release_crypto_ctx(ctx);
611 * ksmbd_sign_smb3_pdu() - function to generate packet signing
614 * @iov: buffer iov array
615 * @n_vec: number of iovecs
616 * @sig: signature value generated for client request packet
619 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
620 int n_vec, char *sig)
622 struct ksmbd_crypto_ctx *ctx;
625 ctx = ksmbd_crypto_ctx_find_cmacaes();
627 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
631 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
637 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
639 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
643 for (i = 0; i < n_vec; i++) {
644 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
648 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
653 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
655 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
657 ksmbd_release_crypto_ctx(ctx);
667 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
668 struct kvec label, struct kvec context, __u8 *key,
669 unsigned int key_size)
671 unsigned char zero = 0x0;
672 __u8 i[4] = {0, 0, 0, 1};
673 __u8 L128[4] = {0, 0, 0, 128};
674 __u8 L256[4] = {0, 0, 1, 0};
676 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
677 unsigned char *hashptr = prfhash;
678 struct ksmbd_crypto_ctx *ctx;
680 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
681 memset(key, 0x0, key_size);
683 ctx = ksmbd_crypto_ctx_find_hmacsha256();
685 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
689 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
691 SMB2_NTLMV2_SESSKEY_SIZE);
693 goto smb3signkey_ret;
695 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
697 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
698 goto smb3signkey_ret;
701 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
703 ksmbd_debug(AUTH, "could not update with n\n");
704 goto smb3signkey_ret;
707 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
711 ksmbd_debug(AUTH, "could not update with label\n");
712 goto smb3signkey_ret;
715 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
717 ksmbd_debug(AUTH, "could not update with zero\n");
718 goto smb3signkey_ret;
721 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
725 ksmbd_debug(AUTH, "could not update with context\n");
726 goto smb3signkey_ret;
729 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
730 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
731 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
733 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
735 ksmbd_debug(AUTH, "could not update with L\n");
736 goto smb3signkey_ret;
739 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
741 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
743 goto smb3signkey_ret;
746 memcpy(key, hashptr, key_size);
749 ksmbd_release_crypto_ctx(ctx);
753 static int generate_smb3signingkey(struct ksmbd_session *sess,
754 struct ksmbd_conn *conn,
755 const struct derivation *signing)
758 struct channel *chann;
761 chann = lookup_chann_list(sess, conn);
765 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
766 key = chann->smb3signingkey;
768 key = sess->smb3signingkey;
770 rc = generate_key(conn, sess, signing->label, signing->context, key,
775 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
776 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
778 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
779 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
780 ksmbd_debug(AUTH, "Session Key %*ph\n",
781 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
782 ksmbd_debug(AUTH, "Signing Key %*ph\n",
783 SMB3_SIGN_KEY_SIZE, key);
787 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
788 struct ksmbd_conn *conn)
792 d.label.iov_base = "SMB2AESCMAC";
793 d.label.iov_len = 12;
794 d.context.iov_base = "SmbSign";
795 d.context.iov_len = 8;
796 d.binding = conn->binding;
798 return generate_smb3signingkey(sess, conn, &d);
801 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
802 struct ksmbd_conn *conn)
806 d.label.iov_base = "SMBSigningKey";
807 d.label.iov_len = 14;
809 struct preauth_session *preauth_sess;
811 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
814 d.context.iov_base = preauth_sess->Preauth_HashValue;
816 d.context.iov_base = sess->Preauth_HashValue;
818 d.context.iov_len = 64;
819 d.binding = conn->binding;
821 return generate_smb3signingkey(sess, conn, &d);
824 struct derivation_twin {
825 struct derivation encryption;
826 struct derivation decryption;
829 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
830 struct ksmbd_session *sess,
831 const struct derivation_twin *ptwin)
835 rc = generate_key(conn, sess, ptwin->encryption.label,
836 ptwin->encryption.context, sess->smb3encryptionkey,
837 SMB3_ENC_DEC_KEY_SIZE);
841 rc = generate_key(conn, sess, ptwin->decryption.label,
842 ptwin->decryption.context,
843 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
847 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
848 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
849 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
850 ksmbd_debug(AUTH, "Session Key %*ph\n",
851 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
852 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
853 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
854 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
855 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
856 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
857 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
859 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
860 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
861 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
862 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
867 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
868 struct ksmbd_session *sess)
870 struct derivation_twin twin;
871 struct derivation *d;
873 d = &twin.encryption;
874 d->label.iov_base = "SMB2AESCCM";
875 d->label.iov_len = 11;
876 d->context.iov_base = "ServerOut";
877 d->context.iov_len = 10;
879 d = &twin.decryption;
880 d->label.iov_base = "SMB2AESCCM";
881 d->label.iov_len = 11;
882 d->context.iov_base = "ServerIn ";
883 d->context.iov_len = 10;
885 return generate_smb3encryptionkey(conn, sess, &twin);
888 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
889 struct ksmbd_session *sess)
891 struct derivation_twin twin;
892 struct derivation *d;
894 d = &twin.encryption;
895 d->label.iov_base = "SMBS2CCipherKey";
896 d->label.iov_len = 16;
897 d->context.iov_base = sess->Preauth_HashValue;
898 d->context.iov_len = 64;
900 d = &twin.decryption;
901 d->label.iov_base = "SMBC2SCipherKey";
902 d->label.iov_len = 16;
903 d->context.iov_base = sess->Preauth_HashValue;
904 d->context.iov_len = 64;
906 return generate_smb3encryptionkey(conn, sess, &twin);
909 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
913 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
914 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
915 int msg_size = get_rfc1002_len(buf);
916 struct ksmbd_crypto_ctx *ctx = NULL;
918 if (conn->preauth_info->Preauth_HashId !=
919 SMB2_PREAUTH_INTEGRITY_SHA512)
922 ctx = ksmbd_crypto_ctx_find_sha512();
924 ksmbd_debug(AUTH, "could not alloc sha512\n");
928 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
930 ksmbd_debug(AUTH, "could not init shashn");
934 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
936 ksmbd_debug(AUTH, "could not update with n\n");
940 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
942 ksmbd_debug(AUTH, "could not update with n\n");
946 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
948 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
952 ksmbd_release_crypto_ctx(ctx);
956 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
960 struct ksmbd_crypto_ctx *ctx = NULL;
962 ctx = ksmbd_crypto_ctx_find_sha256();
964 ksmbd_debug(AUTH, "could not alloc sha256\n");
968 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
970 ksmbd_debug(AUTH, "could not init shashn");
974 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
976 ksmbd_debug(AUTH, "could not update with n\n");
980 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
982 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
986 ksmbd_release_crypto_ctx(ctx);
990 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
993 struct ksmbd_session *sess;
999 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1003 ses_enc_key = enc ? sess->smb3encryptionkey :
1004 sess->smb3decryptionkey;
1005 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1010 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1011 unsigned int buflen)
1015 if (is_vmalloc_addr(buf))
1016 addr = vmalloc_to_page(buf);
1018 addr = virt_to_page(buf);
1019 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1022 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1025 struct scatterlist *sg;
1026 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1027 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1032 for (i = 0; i < nvec - 1; i++) {
1033 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1035 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1036 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1037 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1038 (kaddr >> PAGE_SHIFT);
1042 total_entries += nr_entries[i];
1045 /* Add two entries for transform header and signature */
1048 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1052 sg_init_table(sg, total_entries);
1053 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1054 for (i = 0; i < nvec - 1; i++) {
1055 void *data = iov[i + 1].iov_base;
1056 int len = iov[i + 1].iov_len;
1058 if (is_vmalloc_addr(data)) {
1059 int j, offset = offset_in_page(data);
1061 for (j = 0; j < nr_entries[i]; j++) {
1062 unsigned int bytes = PAGE_SIZE - offset;
1070 sg_set_page(&sg[sg_idx++],
1071 vmalloc_to_page(data), bytes,
1072 offset_in_page(data));
1079 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1080 offset_in_page(data));
1083 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1087 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1088 unsigned int nvec, int enc)
1090 struct ksmbd_conn *conn = work->conn;
1091 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1092 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1094 struct scatterlist *sg;
1095 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1096 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1097 struct aead_request *req;
1099 unsigned int iv_len;
1100 struct crypto_aead *tfm;
1101 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1102 struct ksmbd_crypto_ctx *ctx;
1104 rc = ksmbd_get_encryption_key(work,
1105 le64_to_cpu(tr_hdr->SessionId),
1109 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1113 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1114 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1115 ctx = ksmbd_crypto_ctx_find_gcm();
1117 ctx = ksmbd_crypto_ctx_find_ccm();
1119 pr_err("crypto alloc failed\n");
1123 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1124 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1125 tfm = CRYPTO_GCM(ctx);
1127 tfm = CRYPTO_CCM(ctx);
1129 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1130 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1131 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1133 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1135 pr_err("Failed to set aead key %d\n", rc);
1139 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1141 pr_err("Failed to set authsize %d\n", rc);
1145 req = aead_request_alloc(tfm, GFP_KERNEL);
1152 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1153 crypt_len += SMB2_SIGNATURE_SIZE;
1156 sg = ksmbd_init_sg(iov, nvec, sign);
1158 pr_err("Failed to init sg\n");
1163 iv_len = crypto_aead_ivsize(tfm);
1164 iv = kzalloc(iv_len, GFP_KERNEL);
1170 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1171 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1172 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1175 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1178 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1179 aead_request_set_ad(req, assoc_data_len);
1180 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1183 rc = crypto_aead_encrypt(req);
1185 rc = crypto_aead_decrypt(req);
1190 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1199 ksmbd_release_crypto_ctx(ctx);
projects / platform / kernel / linux-starfive.git / blob