1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
212 * @sess: session of connection
213 * @ntlmv2: NTLMv2 challenge response
214 * @blen: NTLMv2 blob length
215 * @domain_name: domain name
216 * @cryptkey: session crypto key
218 * Return: 0 on success, error number on error
220 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
221 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
224 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
225 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
226 struct ksmbd_crypto_ctx *ctx = NULL;
227 char *construct = NULL;
230 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
232 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
236 ctx = ksmbd_crypto_ctx_find_hmacmd5();
238 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
242 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
244 CIFS_HMAC_MD5_HASH_SIZE);
246 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
250 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
252 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
256 len = CIFS_CRYPTO_KEY_SIZE + blen;
257 construct = kzalloc(len, KSMBD_DEFAULT_GFP);
263 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
264 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
266 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
268 ksmbd_debug(AUTH, "Could not update with response\n");
272 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
274 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
277 ksmbd_release_crypto_ctx(ctx);
280 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
282 ksmbd_debug(AUTH, "Could not generate sess key\n");
286 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
290 ksmbd_release_crypto_ctx(ctx);
296 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
298 * @authblob: authenticate blob source pointer
299 * @blob_len: length of the @authblob message
301 * @sess: session of connection
303 * Return: 0 on success, error number on error
305 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
306 int blob_len, struct ksmbd_conn *conn,
307 struct ksmbd_session *sess)
310 unsigned int nt_off, dn_off;
311 unsigned short nt_len, dn_len;
314 if (blob_len < sizeof(struct authenticate_message)) {
315 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
320 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
321 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
322 authblob->Signature);
326 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
327 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
328 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
329 dn_len = le16_to_cpu(authblob->DomainName.Length);
331 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
332 nt_len < CIFS_ENCPWD_SIZE)
335 /* TODO : use domain name that imported from configuration file */
336 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
337 dn_len, true, conn->local_nls);
338 if (IS_ERR(domain_name))
339 return PTR_ERR(domain_name);
341 /* process NTLMv2 authentication */
342 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
344 ret = ksmbd_auth_ntlmv2(conn, sess,
345 (struct ntlmv2_resp *)((char *)authblob + nt_off),
346 nt_len - CIFS_ENCPWD_SIZE,
347 domain_name, conn->ntlmssp.cryptkey);
350 /* The recovered secondary session key */
351 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
352 struct arc4_ctx *ctx_arc4;
353 unsigned int sess_key_off, sess_key_len;
355 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
356 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
358 if (blob_len < (u64)sess_key_off + sess_key_len)
361 if (sess_key_len > CIFS_KEY_SIZE)
364 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), KSMBD_DEFAULT_GFP);
368 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
369 SMB2_NTLMV2_SESSKEY_SIZE);
370 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
371 (char *)authblob + sess_key_off, sess_key_len);
372 kfree_sensitive(ctx_arc4);
379 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
381 * @negblob: negotiate blob source pointer
382 * @blob_len: length of the @authblob message
386 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
387 int blob_len, struct ksmbd_conn *conn)
389 if (blob_len < sizeof(struct negotiate_message)) {
390 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
395 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
396 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
401 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
406 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
408 * @chgblob: challenge blob source pointer to initialize
413 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
414 struct ksmbd_conn *conn)
416 struct target_info *tinfo;
419 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
420 int len, uni_len, conv_len;
421 int cflags = conn->ntlmssp.client_flags;
423 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
424 chgblob->MessageType = NtLmChallenge;
426 flags = NTLMSSP_NEGOTIATE_UNICODE |
427 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
428 NTLMSSP_NEGOTIATE_TARGET_INFO;
430 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
431 flags |= NTLMSSP_NEGOTIATE_SIGN;
432 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
433 NTLMSSP_NEGOTIATE_56);
436 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
437 flags |= NTLMSSP_NEGOTIATE_SEAL;
439 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
440 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
442 if (cflags & NTLMSSP_REQUEST_TARGET)
443 flags |= NTLMSSP_REQUEST_TARGET;
445 if (conn->use_spnego &&
446 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
447 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
449 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
450 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
452 chgblob->NegotiateFlags = cpu_to_le32(flags);
453 len = strlen(ksmbd_netbios_name());
454 name = kmalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
458 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
460 if (conv_len < 0 || conv_len > len) {
465 uni_len = UNICODE_LEN(conv_len);
467 blob_off = sizeof(struct challenge_message);
468 blob_len = blob_off + uni_len;
470 chgblob->TargetName.Length = cpu_to_le16(uni_len);
471 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
472 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
474 /* Initialize random conn challenge */
475 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
476 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
477 CIFS_CRYPTO_KEY_SIZE);
479 /* Add Target Information to security buffer */
480 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
482 target_name = (__u8 *)chgblob + blob_off;
483 memcpy(target_name, name, uni_len);
484 tinfo = (struct target_info *)(target_name + uni_len);
486 chgblob->TargetInfoArray.Length = 0;
487 /* Add target info list for NetBIOS/DNS settings */
488 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
489 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
490 tinfo->Type = cpu_to_le16(type);
491 tinfo->Length = cpu_to_le16(uni_len);
492 memcpy(tinfo->Content, name, uni_len);
493 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
494 target_info_len += 4 + uni_len;
497 /* Add terminator subblock */
500 target_info_len += 4;
502 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
503 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
504 blob_len += target_info_len;
506 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
510 #ifdef CONFIG_SMB_SERVER_KERBEROS5
511 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
512 int in_len, char *out_blob, int *out_len)
514 struct ksmbd_spnego_authen_response *resp;
515 struct ksmbd_login_response_ext *resp_ext = NULL;
516 struct ksmbd_user *user = NULL;
519 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
521 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
525 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
526 ksmbd_debug(AUTH, "krb5 authentication failure\n");
531 if (*out_len <= resp->spnego_blob_len) {
532 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
533 *out_len, resp->spnego_blob_len);
538 if (resp->session_key_len > sizeof(sess->sess_key)) {
539 ksmbd_debug(AUTH, "session key is too long\n");
544 if (resp->login_response.status & KSMBD_USER_FLAG_EXTENSION)
545 resp_ext = ksmbd_ipc_login_request_ext(resp->login_response.account);
547 user = ksmbd_alloc_user(&resp->login_response, resp_ext);
549 ksmbd_debug(AUTH, "login failure\n");
555 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
556 memcpy(out_blob, resp->payload + resp->session_key_len,
557 resp->spnego_blob_len);
558 *out_len = resp->spnego_blob_len;
565 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
566 int in_len, char *out_blob, int *out_len)
573 * ksmbd_sign_smb2_pdu() - function to generate packet signing
576 * @iov: buffer iov array
577 * @n_vec: number of iovecs
578 * @sig: signature value generated for client request packet
581 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
582 int n_vec, char *sig)
584 struct ksmbd_crypto_ctx *ctx;
587 ctx = ksmbd_crypto_ctx_find_hmacsha256();
589 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
593 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
595 SMB2_NTLMV2_SESSKEY_SIZE);
599 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
601 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
605 for (i = 0; i < n_vec; i++) {
606 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
610 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
615 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
617 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
619 ksmbd_release_crypto_ctx(ctx);
624 * ksmbd_sign_smb3_pdu() - function to generate packet signing
627 * @iov: buffer iov array
628 * @n_vec: number of iovecs
629 * @sig: signature value generated for client request packet
632 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
633 int n_vec, char *sig)
635 struct ksmbd_crypto_ctx *ctx;
638 ctx = ksmbd_crypto_ctx_find_cmacaes();
640 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
644 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
650 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
652 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
656 for (i = 0; i < n_vec; i++) {
657 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
661 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
666 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
668 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
670 ksmbd_release_crypto_ctx(ctx);
680 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
681 struct kvec label, struct kvec context, __u8 *key,
682 unsigned int key_size)
684 unsigned char zero = 0x0;
685 __u8 i[4] = {0, 0, 0, 1};
686 __u8 L128[4] = {0, 0, 0, 128};
687 __u8 L256[4] = {0, 0, 1, 0};
689 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
690 unsigned char *hashptr = prfhash;
691 struct ksmbd_crypto_ctx *ctx;
693 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
694 memset(key, 0x0, key_size);
696 ctx = ksmbd_crypto_ctx_find_hmacsha256();
698 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
702 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
704 SMB2_NTLMV2_SESSKEY_SIZE);
706 goto smb3signkey_ret;
708 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
710 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
711 goto smb3signkey_ret;
714 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
716 ksmbd_debug(AUTH, "could not update with n\n");
717 goto smb3signkey_ret;
720 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
724 ksmbd_debug(AUTH, "could not update with label\n");
725 goto smb3signkey_ret;
728 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
730 ksmbd_debug(AUTH, "could not update with zero\n");
731 goto smb3signkey_ret;
734 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
738 ksmbd_debug(AUTH, "could not update with context\n");
739 goto smb3signkey_ret;
742 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
743 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
744 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
745 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
747 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
749 ksmbd_debug(AUTH, "could not update with L\n");
750 goto smb3signkey_ret;
753 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
755 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
757 goto smb3signkey_ret;
760 memcpy(key, hashptr, key_size);
763 ksmbd_release_crypto_ctx(ctx);
767 static int generate_smb3signingkey(struct ksmbd_session *sess,
768 struct ksmbd_conn *conn,
769 const struct derivation *signing)
772 struct channel *chann;
775 chann = lookup_chann_list(sess, conn);
779 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
780 key = chann->smb3signingkey;
782 key = sess->smb3signingkey;
784 rc = generate_key(conn, sess, signing->label, signing->context, key,
789 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
790 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
792 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
793 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
794 ksmbd_debug(AUTH, "Session Key %*ph\n",
795 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
796 ksmbd_debug(AUTH, "Signing Key %*ph\n",
797 SMB3_SIGN_KEY_SIZE, key);
801 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
802 struct ksmbd_conn *conn)
806 d.label.iov_base = "SMB2AESCMAC";
807 d.label.iov_len = 12;
808 d.context.iov_base = "SmbSign";
809 d.context.iov_len = 8;
810 d.binding = conn->binding;
812 return generate_smb3signingkey(sess, conn, &d);
815 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
816 struct ksmbd_conn *conn)
820 d.label.iov_base = "SMBSigningKey";
821 d.label.iov_len = 14;
823 struct preauth_session *preauth_sess;
825 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
828 d.context.iov_base = preauth_sess->Preauth_HashValue;
830 d.context.iov_base = sess->Preauth_HashValue;
832 d.context.iov_len = 64;
833 d.binding = conn->binding;
835 return generate_smb3signingkey(sess, conn, &d);
838 struct derivation_twin {
839 struct derivation encryption;
840 struct derivation decryption;
843 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
844 struct ksmbd_session *sess,
845 const struct derivation_twin *ptwin)
849 rc = generate_key(conn, sess, ptwin->encryption.label,
850 ptwin->encryption.context, sess->smb3encryptionkey,
851 SMB3_ENC_DEC_KEY_SIZE);
855 rc = generate_key(conn, sess, ptwin->decryption.label,
856 ptwin->decryption.context,
857 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
861 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
862 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
863 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
864 ksmbd_debug(AUTH, "Session Key %*ph\n",
865 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
866 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
867 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
868 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
869 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
870 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
871 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
873 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
874 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
875 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
876 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
881 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
882 struct ksmbd_session *sess)
884 struct derivation_twin twin;
885 struct derivation *d;
887 d = &twin.encryption;
888 d->label.iov_base = "SMB2AESCCM";
889 d->label.iov_len = 11;
890 d->context.iov_base = "ServerOut";
891 d->context.iov_len = 10;
893 d = &twin.decryption;
894 d->label.iov_base = "SMB2AESCCM";
895 d->label.iov_len = 11;
896 d->context.iov_base = "ServerIn ";
897 d->context.iov_len = 10;
899 return generate_smb3encryptionkey(conn, sess, &twin);
902 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
903 struct ksmbd_session *sess)
905 struct derivation_twin twin;
906 struct derivation *d;
908 d = &twin.encryption;
909 d->label.iov_base = "SMBS2CCipherKey";
910 d->label.iov_len = 16;
911 d->context.iov_base = sess->Preauth_HashValue;
912 d->context.iov_len = 64;
914 d = &twin.decryption;
915 d->label.iov_base = "SMBC2SCipherKey";
916 d->label.iov_len = 16;
917 d->context.iov_base = sess->Preauth_HashValue;
918 d->context.iov_len = 64;
920 return generate_smb3encryptionkey(conn, sess, &twin);
923 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
927 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
928 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
929 int msg_size = get_rfc1002_len(buf);
930 struct ksmbd_crypto_ctx *ctx = NULL;
932 if (conn->preauth_info->Preauth_HashId !=
933 SMB2_PREAUTH_INTEGRITY_SHA512)
936 ctx = ksmbd_crypto_ctx_find_sha512();
938 ksmbd_debug(AUTH, "could not alloc sha512\n");
942 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
944 ksmbd_debug(AUTH, "could not init shashn");
948 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
950 ksmbd_debug(AUTH, "could not update with n\n");
954 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
956 ksmbd_debug(AUTH, "could not update with n\n");
960 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
962 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
966 ksmbd_release_crypto_ctx(ctx);
970 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
974 struct ksmbd_crypto_ctx *ctx = NULL;
976 ctx = ksmbd_crypto_ctx_find_sha256();
978 ksmbd_debug(AUTH, "could not alloc sha256\n");
982 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
984 ksmbd_debug(AUTH, "could not init shashn");
988 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
990 ksmbd_debug(AUTH, "could not update with n\n");
994 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
996 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
1000 ksmbd_release_crypto_ctx(ctx);
1004 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
1007 struct ksmbd_session *sess;
1013 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1017 ses_enc_key = enc ? sess->smb3encryptionkey :
1018 sess->smb3decryptionkey;
1020 ksmbd_user_session_get(sess);
1021 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1026 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1027 unsigned int buflen)
1031 if (is_vmalloc_addr(buf))
1032 addr = vmalloc_to_page(buf);
1034 addr = virt_to_page(buf);
1035 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1038 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1041 struct scatterlist *sg;
1042 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1043 int i, *nr_entries, total_entries = 0, sg_idx = 0;
1048 nr_entries = kcalloc(nvec, sizeof(int), KSMBD_DEFAULT_GFP);
1052 for (i = 0; i < nvec - 1; i++) {
1053 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1055 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1056 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1057 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1058 (kaddr >> PAGE_SHIFT);
1062 total_entries += nr_entries[i];
1065 /* Add two entries for transform header and signature */
1068 sg = kmalloc_array(total_entries, sizeof(struct scatterlist),
1075 sg_init_table(sg, total_entries);
1076 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1077 for (i = 0; i < nvec - 1; i++) {
1078 void *data = iov[i + 1].iov_base;
1079 int len = iov[i + 1].iov_len;
1081 if (is_vmalloc_addr(data)) {
1082 int j, offset = offset_in_page(data);
1084 for (j = 0; j < nr_entries[i]; j++) {
1085 unsigned int bytes = PAGE_SIZE - offset;
1093 sg_set_page(&sg[sg_idx++],
1094 vmalloc_to_page(data), bytes,
1095 offset_in_page(data));
1102 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1103 offset_in_page(data));
1106 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1111 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1112 unsigned int nvec, int enc)
1114 struct ksmbd_conn *conn = work->conn;
1115 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1116 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1118 struct scatterlist *sg;
1119 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1120 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1121 struct aead_request *req;
1123 unsigned int iv_len;
1124 struct crypto_aead *tfm;
1125 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1126 struct ksmbd_crypto_ctx *ctx;
1128 rc = ksmbd_get_encryption_key(work,
1129 le64_to_cpu(tr_hdr->SessionId),
1133 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1137 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1138 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1139 ctx = ksmbd_crypto_ctx_find_gcm();
1141 ctx = ksmbd_crypto_ctx_find_ccm();
1143 pr_err("crypto alloc failed\n");
1147 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1148 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1149 tfm = CRYPTO_GCM(ctx);
1151 tfm = CRYPTO_CCM(ctx);
1153 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1154 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1155 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1157 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1159 pr_err("Failed to set aead key %d\n", rc);
1163 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1165 pr_err("Failed to set authsize %d\n", rc);
1169 req = aead_request_alloc(tfm, KSMBD_DEFAULT_GFP);
1176 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1177 crypt_len += SMB2_SIGNATURE_SIZE;
1180 sg = ksmbd_init_sg(iov, nvec, sign);
1182 pr_err("Failed to init sg\n");
1187 iv_len = crypto_aead_ivsize(tfm);
1188 iv = kzalloc(iv_len, KSMBD_DEFAULT_GFP);
1194 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1195 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1196 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1199 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1202 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1203 aead_request_set_ad(req, assoc_data_len);
1204 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1207 rc = crypto_aead_encrypt(req);
1209 rc = crypto_aead_decrypt(req);
1214 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1223 ksmbd_release_crypto_ctx(ctx);
projects / J-linux.git / blob