]> Git Repo - linux.git/blob - fs/ksmbd/auth.c
projects / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
zstd: import usptream v1.5.2
[linux.git] / fs / ksmbd / auth.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *   Copyright (C) 2016 Namjae Jeon <[email protected]>
4  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
5  */
6
7 #include <linux/kernel.h>
8 #include <linux/fs.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
18
19 #include "auth.h"
20 #include "glob.h"
21
22 #include <linux/fips.h>
23 #include <crypto/des.h>
24
25 #include "server.h"
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
33
34 /*
35  * Fixed format data defining GSS header and fixed string
36  * "not_defined_in_RFC4178@please_ignore".
37  * So sec blob data in neg phase could be generated statically.
38  */
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41         0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42         0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43         0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44         0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45         0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46         0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47         0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48         0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49         0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50         0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51         0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52         0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
53 #else
54         0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55         0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56         0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57         0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58         0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59         0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60         0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61         0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62         0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
63         0x72, 0x65
64 #endif
65 };
66
67 void ksmbd_copy_gss_neg_header(void *buf)
68 {
69         memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
70 }
71
72 /**
73  * ksmbd_gen_sess_key() - function to generate session key
74  * @sess:       session of connection
75  * @hash:       source hash value to be used for find session key
76  * @hmac:       source hmac value to be used for finding session key
77  *
78  */
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
80                               char *hmac)
81 {
82         struct ksmbd_crypto_ctx *ctx;
83         int rc;
84
85         ctx = ksmbd_crypto_ctx_find_hmacmd5();
86         if (!ctx) {
87                 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
88                 return -ENOMEM;
89         }
90
91         rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
92                                  hash,
93                                  CIFS_HMAC_MD5_HASH_SIZE);
94         if (rc) {
95                 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
96                 goto out;
97         }
98
99         rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
100         if (rc) {
101                 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
102                 goto out;
103         }
104
105         rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
106                                  hmac,
107                                  SMB2_NTLMV2_SESSKEY_SIZE);
108         if (rc) {
109                 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
110                 goto out;
111         }
112
113         rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
114         if (rc) {
115                 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
116                 goto out;
117         }
118
119 out:
120         ksmbd_release_crypto_ctx(ctx);
121         return rc;
122 }
123
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125                             char *ntlmv2_hash, char *dname)
126 {
127         int ret, len, conv_len;
128         wchar_t *domain = NULL;
129         __le16 *uniname = NULL;
130         struct ksmbd_crypto_ctx *ctx;
131
132         ctx = ksmbd_crypto_ctx_find_hmacmd5();
133         if (!ctx) {
134                 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
135                 return -ENOMEM;
136         }
137
138         ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139                                   user_passkey(sess->user),
140                                   CIFS_ENCPWD_SIZE);
141         if (ret) {
142                 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
143                 goto out;
144         }
145
146         ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
147         if (ret) {
148                 ksmbd_debug(AUTH, "could not init hmacmd5\n");
149                 goto out;
150         }
151
152         /* convert user_name to unicode */
153         len = strlen(user_name(sess->user));
154         uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
155         if (!uniname) {
156                 ret = -ENOMEM;
157                 goto out;
158         }
159
160         conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
161                                   conn->local_nls);
162         if (conv_len < 0 || conv_len > len) {
163                 ret = -EINVAL;
164                 goto out;
165         }
166         UniStrupr(uniname);
167
168         ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
169                                   (char *)uniname,
170                                   UNICODE_LEN(conv_len));
171         if (ret) {
172                 ksmbd_debug(AUTH, "Could not update with user\n");
173                 goto out;
174         }
175
176         /* Convert domain name or conn name to unicode and uppercase */
177         len = strlen(dname);
178         domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
179         if (!domain) {
180                 ret = -ENOMEM;
181                 goto out;
182         }
183
184         conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
185                                   conn->local_nls);
186         if (conv_len < 0 || conv_len > len) {
187                 ret = -EINVAL;
188                 goto out;
189         }
190
191         ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
192                                   (char *)domain,
193                                   UNICODE_LEN(conv_len));
194         if (ret) {
195                 ksmbd_debug(AUTH, "Could not update with domain\n");
196                 goto out;
197         }
198
199         ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
200         if (ret)
201                 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
202 out:
203         kfree(uniname);
204         kfree(domain);
205         ksmbd_release_crypto_ctx(ctx);
206         return ret;
207 }
208
209 /**
210  * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211  * @sess:       session of connection
212  * @ntlmv2:             NTLMv2 challenge response
213  * @blen:               NTLMv2 blob length
214  * @domain_name:        domain name
215  *
216  * Return:      0 on success, error number on error
217  */
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219                       struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
220                       char *cryptkey)
221 {
222         char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223         char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224         struct ksmbd_crypto_ctx *ctx;
225         char *construct = NULL;
226         int rc, len;
227
228         ctx = ksmbd_crypto_ctx_find_hmacmd5();
229         if (!ctx) {
230                 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
231                 return -ENOMEM;
232         }
233
234         rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
235         if (rc) {
236                 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
237                 goto out;
238         }
239
240         rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
241                                  ntlmv2_hash,
242                                  CIFS_HMAC_MD5_HASH_SIZE);
243         if (rc) {
244                 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
245                 goto out;
246         }
247
248         rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
249         if (rc) {
250                 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
251                 goto out;
252         }
253
254         len = CIFS_CRYPTO_KEY_SIZE + blen;
255         construct = kzalloc(len, GFP_KERNEL);
256         if (!construct) {
257                 rc = -ENOMEM;
258                 goto out;
259         }
260
261         memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262         memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
263
264         rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
265         if (rc) {
266                 ksmbd_debug(AUTH, "Could not update with response\n");
267                 goto out;
268         }
269
270         rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
271         if (rc) {
272                 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
273                 goto out;
274         }
275
276         rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
277         if (rc) {
278                 ksmbd_debug(AUTH, "Could not generate sess key\n");
279                 goto out;
280         }
281
282         if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
283                 rc = -EINVAL;
284 out:
285         ksmbd_release_crypto_ctx(ctx);
286         kfree(construct);
287         return rc;
288 }
289
290 /**
291  * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
292  * authenticate blob
293  * @authblob:   authenticate blob source pointer
294  * @usr:        user details
295  * @sess:       session of connection
296  *
297  * Return:      0 on success, error number on error
298  */
299 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
300                                    int blob_len, struct ksmbd_conn *conn,
301                                    struct ksmbd_session *sess)
302 {
303         char *domain_name;
304         unsigned int nt_off, dn_off;
305         unsigned short nt_len, dn_len;
306         int ret;
307
308         if (blob_len < sizeof(struct authenticate_message)) {
309                 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
310                             blob_len);
311                 return -EINVAL;
312         }
313
314         if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
315                 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
316                             authblob->Signature);
317                 return -EINVAL;
318         }
319
320         nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
321         nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
322         dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
323         dn_len = le16_to_cpu(authblob->DomainName.Length);
324
325         if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len)
326                 return -EINVAL;
327
328         /* TODO : use domain name that imported from configuration file */
329         domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
330                                              dn_len, true, conn->local_nls);
331         if (IS_ERR(domain_name))
332                 return PTR_ERR(domain_name);
333
334         /* process NTLMv2 authentication */
335         ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
336                     domain_name);
337         ret = ksmbd_auth_ntlmv2(conn, sess,
338                                 (struct ntlmv2_resp *)((char *)authblob + nt_off),
339                                 nt_len - CIFS_ENCPWD_SIZE,
340                                 domain_name, conn->ntlmssp.cryptkey);
341         kfree(domain_name);
342
343         /* The recovered secondary session key */
344         if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
345                 struct arc4_ctx *ctx_arc4;
346                 unsigned int sess_key_off, sess_key_len;
347
348                 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
349                 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
350
351                 if (blob_len < (u64)sess_key_off + sess_key_len)
352                         return -EINVAL;
353
354                 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
355                 if (!ctx_arc4)
356                         return -ENOMEM;
357
358                 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
359                                  SMB2_NTLMV2_SESSKEY_SIZE);
360                 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
361                                 (char *)authblob + sess_key_off, sess_key_len);
362                 kfree_sensitive(ctx_arc4);
363         }
364
365         return ret;
366 }
367
368 /**
369  * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
370  * negotiate blob
371  * @negblob: negotiate blob source pointer
372  * @rsp:     response header pointer to be updated
373  * @sess:    session of connection
374  *
375  */
376 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
377                                   int blob_len, struct ksmbd_conn *conn)
378 {
379         if (blob_len < sizeof(struct negotiate_message)) {
380                 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
381                             blob_len);
382                 return -EINVAL;
383         }
384
385         if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
386                 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
387                             negblob->Signature);
388                 return -EINVAL;
389         }
390
391         conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
392         return 0;
393 }
394
395 /**
396  * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
397  * challenge blob
398  * @chgblob: challenge blob source pointer to initialize
399  * @rsp:     response header pointer to be updated
400  * @sess:    session of connection
401  *
402  */
403 unsigned int
404 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
405                                    struct ksmbd_conn *conn)
406 {
407         struct target_info *tinfo;
408         wchar_t *name;
409         __u8 *target_name;
410         unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
411         int len, uni_len, conv_len;
412         int cflags = conn->ntlmssp.client_flags;
413
414         memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
415         chgblob->MessageType = NtLmChallenge;
416
417         flags = NTLMSSP_NEGOTIATE_UNICODE |
418                 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
419                 NTLMSSP_NEGOTIATE_TARGET_INFO;
420
421         if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
422                 flags |= NTLMSSP_NEGOTIATE_SIGN;
423                 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
424                                    NTLMSSP_NEGOTIATE_56);
425         }
426
427         if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
428                 flags |= NTLMSSP_NEGOTIATE_SEAL;
429
430         if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
431                 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
432
433         if (cflags & NTLMSSP_REQUEST_TARGET)
434                 flags |= NTLMSSP_REQUEST_TARGET;
435
436         if (conn->use_spnego &&
437             (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
438                 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
439
440         if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
441                 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
442
443         chgblob->NegotiateFlags = cpu_to_le32(flags);
444         len = strlen(ksmbd_netbios_name());
445         name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
446         if (!name)
447                 return -ENOMEM;
448
449         conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
450                                   conn->local_nls);
451         if (conv_len < 0 || conv_len > len) {
452                 kfree(name);
453                 return -EINVAL;
454         }
455
456         uni_len = UNICODE_LEN(conv_len);
457
458         blob_off = sizeof(struct challenge_message);
459         blob_len = blob_off + uni_len;
460
461         chgblob->TargetName.Length = cpu_to_le16(uni_len);
462         chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
463         chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
464
465         /* Initialize random conn challenge */
466         get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
467         memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
468                CIFS_CRYPTO_KEY_SIZE);
469
470         /* Add Target Information to security buffer */
471         chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
472
473         target_name = (__u8 *)chgblob + blob_off;
474         memcpy(target_name, name, uni_len);
475         tinfo = (struct target_info *)(target_name + uni_len);
476
477         chgblob->TargetInfoArray.Length = 0;
478         /* Add target info list for NetBIOS/DNS settings */
479         for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
480              type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
481                 tinfo->Type = cpu_to_le16(type);
482                 tinfo->Length = cpu_to_le16(uni_len);
483                 memcpy(tinfo->Content, name, uni_len);
484                 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
485                 target_info_len += 4 + uni_len;
486         }
487
488         /* Add terminator subblock */
489         tinfo->Type = 0;
490         tinfo->Length = 0;
491         target_info_len += 4;
492
493         chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
494         chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
495         blob_len += target_info_len;
496         kfree(name);
497         ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
498         return blob_len;
499 }
500
501 #ifdef CONFIG_SMB_SERVER_KERBEROS5
502 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
503                             int in_len, char *out_blob, int *out_len)
504 {
505         struct ksmbd_spnego_authen_response *resp;
506         struct ksmbd_user *user = NULL;
507         int retval;
508
509         resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
510         if (!resp) {
511                 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
512                 return -EINVAL;
513         }
514
515         if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
516                 ksmbd_debug(AUTH, "krb5 authentication failure\n");
517                 retval = -EPERM;
518                 goto out;
519         }
520
521         if (*out_len <= resp->spnego_blob_len) {
522                 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
523                             *out_len, resp->spnego_blob_len);
524                 retval = -EINVAL;
525                 goto out;
526         }
527
528         if (resp->session_key_len > sizeof(sess->sess_key)) {
529                 ksmbd_debug(AUTH, "session key is too long\n");
530                 retval = -EINVAL;
531                 goto out;
532         }
533
534         user = ksmbd_alloc_user(&resp->login_response);
535         if (!user) {
536                 ksmbd_debug(AUTH, "login failure\n");
537                 retval = -ENOMEM;
538                 goto out;
539         }
540         sess->user = user;
541
542         memcpy(sess->sess_key, resp->payload, resp->session_key_len);
543         memcpy(out_blob, resp->payload + resp->session_key_len,
544                resp->spnego_blob_len);
545         *out_len = resp->spnego_blob_len;
546         retval = 0;
547 out:
548         kvfree(resp);
549         return retval;
550 }
551 #else
552 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
553                             int in_len, char *out_blob, int *out_len)
554 {
555         return -EOPNOTSUPP;
556 }
557 #endif
558
559 /**
560  * ksmbd_sign_smb2_pdu() - function to generate packet signing
561  * @conn:       connection
562  * @key:        signing key
563  * @iov:        buffer iov array
564  * @n_vec:      number of iovecs
565  * @sig:        signature value generated for client request packet
566  *
567  */
568 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
569                         int n_vec, char *sig)
570 {
571         struct ksmbd_crypto_ctx *ctx;
572         int rc, i;
573
574         ctx = ksmbd_crypto_ctx_find_hmacsha256();
575         if (!ctx) {
576                 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
577                 return -ENOMEM;
578         }
579
580         rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
581                                  key,
582                                  SMB2_NTLMV2_SESSKEY_SIZE);
583         if (rc)
584                 goto out;
585
586         rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
587         if (rc) {
588                 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
589                 goto out;
590         }
591
592         for (i = 0; i < n_vec; i++) {
593                 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
594                                          iov[i].iov_base,
595                                          iov[i].iov_len);
596                 if (rc) {
597                         ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
598                         goto out;
599                 }
600         }
601
602         rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
603         if (rc)
604                 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
605 out:
606         ksmbd_release_crypto_ctx(ctx);
607         return rc;
608 }
609
610 /**
611  * ksmbd_sign_smb3_pdu() - function to generate packet signing
612  * @conn:       connection
613  * @key:        signing key
614  * @iov:        buffer iov array
615  * @n_vec:      number of iovecs
616  * @sig:        signature value generated for client request packet
617  *
618  */
619 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
620                         int n_vec, char *sig)
621 {
622         struct ksmbd_crypto_ctx *ctx;
623         int rc, i;
624
625         ctx = ksmbd_crypto_ctx_find_cmacaes();
626         if (!ctx) {
627                 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
628                 return -ENOMEM;
629         }
630
631         rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
632                                  key,
633                                  SMB2_CMACAES_SIZE);
634         if (rc)
635                 goto out;
636
637         rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
638         if (rc) {
639                 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
640                 goto out;
641         }
642
643         for (i = 0; i < n_vec; i++) {
644                 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
645                                          iov[i].iov_base,
646                                          iov[i].iov_len);
647                 if (rc) {
648                         ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
649                         goto out;
650                 }
651         }
652
653         rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
654         if (rc)
655                 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
656 out:
657         ksmbd_release_crypto_ctx(ctx);
658         return rc;
659 }
660
661 struct derivation {
662         struct kvec label;
663         struct kvec context;
664         bool binding;
665 };
666
667 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
668                         struct kvec label, struct kvec context, __u8 *key,
669                         unsigned int key_size)
670 {
671         unsigned char zero = 0x0;
672         __u8 i[4] = {0, 0, 0, 1};
673         __u8 L128[4] = {0, 0, 0, 128};
674         __u8 L256[4] = {0, 0, 1, 0};
675         int rc;
676         unsigned char prfhash[SMB2_HMACSHA256_SIZE];
677         unsigned char *hashptr = prfhash;
678         struct ksmbd_crypto_ctx *ctx;
679
680         memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
681         memset(key, 0x0, key_size);
682
683         ctx = ksmbd_crypto_ctx_find_hmacsha256();
684         if (!ctx) {
685                 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
686                 return -ENOMEM;
687         }
688
689         rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
690                                  sess->sess_key,
691                                  SMB2_NTLMV2_SESSKEY_SIZE);
692         if (rc)
693                 goto smb3signkey_ret;
694
695         rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
696         if (rc) {
697                 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
698                 goto smb3signkey_ret;
699         }
700
701         rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
702         if (rc) {
703                 ksmbd_debug(AUTH, "could not update with n\n");
704                 goto smb3signkey_ret;
705         }
706
707         rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
708                                  label.iov_base,
709                                  label.iov_len);
710         if (rc) {
711                 ksmbd_debug(AUTH, "could not update with label\n");
712                 goto smb3signkey_ret;
713         }
714
715         rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
716         if (rc) {
717                 ksmbd_debug(AUTH, "could not update with zero\n");
718                 goto smb3signkey_ret;
719         }
720
721         rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
722                                  context.iov_base,
723                                  context.iov_len);
724         if (rc) {
725                 ksmbd_debug(AUTH, "could not update with context\n");
726                 goto smb3signkey_ret;
727         }
728
729         if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
730             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
731                 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
732         else
733                 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
734         if (rc) {
735                 ksmbd_debug(AUTH, "could not update with L\n");
736                 goto smb3signkey_ret;
737         }
738
739         rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
740         if (rc) {
741                 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
742                             rc);
743                 goto smb3signkey_ret;
744         }
745
746         memcpy(key, hashptr, key_size);
747
748 smb3signkey_ret:
749         ksmbd_release_crypto_ctx(ctx);
750         return rc;
751 }
752
753 static int generate_smb3signingkey(struct ksmbd_session *sess,
754                                    struct ksmbd_conn *conn,
755                                    const struct derivation *signing)
756 {
757         int rc;
758         struct channel *chann;
759         char *key;
760
761         chann = lookup_chann_list(sess, conn);
762         if (!chann)
763                 return 0;
764
765         if (conn->dialect >= SMB30_PROT_ID && signing->binding)
766                 key = chann->smb3signingkey;
767         else
768                 key = sess->smb3signingkey;
769
770         rc = generate_key(conn, sess, signing->label, signing->context, key,
771                           SMB3_SIGN_KEY_SIZE);
772         if (rc)
773                 return rc;
774
775         if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
776                 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
777
778         ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
779         ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
780         ksmbd_debug(AUTH, "Session Key   %*ph\n",
781                     SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
782         ksmbd_debug(AUTH, "Signing Key   %*ph\n",
783                     SMB3_SIGN_KEY_SIZE, key);
784         return 0;
785 }
786
787 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
788                                struct ksmbd_conn *conn)
789 {
790         struct derivation d;
791
792         d.label.iov_base = "SMB2AESCMAC";
793         d.label.iov_len = 12;
794         d.context.iov_base = "SmbSign";
795         d.context.iov_len = 8;
796         d.binding = conn->binding;
797
798         return generate_smb3signingkey(sess, conn, &d);
799 }
800
801 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
802                                 struct ksmbd_conn *conn)
803 {
804         struct derivation d;
805
806         d.label.iov_base = "SMBSigningKey";
807         d.label.iov_len = 14;
808         if (conn->binding) {
809                 struct preauth_session *preauth_sess;
810
811                 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
812                 if (!preauth_sess)
813                         return -ENOENT;
814                 d.context.iov_base = preauth_sess->Preauth_HashValue;
815         } else {
816                 d.context.iov_base = sess->Preauth_HashValue;
817         }
818         d.context.iov_len = 64;
819         d.binding = conn->binding;
820
821         return generate_smb3signingkey(sess, conn, &d);
822 }
823
824 struct derivation_twin {
825         struct derivation encryption;
826         struct derivation decryption;
827 };
828
829 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
830                                       struct ksmbd_session *sess,
831                                       const struct derivation_twin *ptwin)
832 {
833         int rc;
834
835         rc = generate_key(conn, sess, ptwin->encryption.label,
836                           ptwin->encryption.context, sess->smb3encryptionkey,
837                           SMB3_ENC_DEC_KEY_SIZE);
838         if (rc)
839                 return rc;
840
841         rc = generate_key(conn, sess, ptwin->decryption.label,
842                           ptwin->decryption.context,
843                           sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
844         if (rc)
845                 return rc;
846
847         ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
848         ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);
849         ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
850         ksmbd_debug(AUTH, "Session Key   %*ph\n",
851                     SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
852         if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
853             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
854                 ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
855                             SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
856                 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
857                             SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
858         } else {
859                 ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
860                             SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
861                 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
862                             SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
863         }
864         return 0;
865 }
866
867 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
868                                   struct ksmbd_session *sess)
869 {
870         struct derivation_twin twin;
871         struct derivation *d;
872
873         d = &twin.encryption;
874         d->label.iov_base = "SMB2AESCCM";
875         d->label.iov_len = 11;
876         d->context.iov_base = "ServerOut";
877         d->context.iov_len = 10;
878
879         d = &twin.decryption;
880         d->label.iov_base = "SMB2AESCCM";
881         d->label.iov_len = 11;
882         d->context.iov_base = "ServerIn ";
883         d->context.iov_len = 10;
884
885         return generate_smb3encryptionkey(conn, sess, &twin);
886 }
887
888 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
889                                    struct ksmbd_session *sess)
890 {
891         struct derivation_twin twin;
892         struct derivation *d;
893
894         d = &twin.encryption;
895         d->label.iov_base = "SMBS2CCipherKey";
896         d->label.iov_len = 16;
897         d->context.iov_base = sess->Preauth_HashValue;
898         d->context.iov_len = 64;
899
900         d = &twin.decryption;
901         d->label.iov_base = "SMBC2SCipherKey";
902         d->label.iov_len = 16;
903         d->context.iov_base = sess->Preauth_HashValue;
904         d->context.iov_len = 64;
905
906         return generate_smb3encryptionkey(conn, sess, &twin);
907 }
908
909 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
910                                      __u8 *pi_hash)
911 {
912         int rc;
913         struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
914         char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
915         int msg_size = get_rfc1002_len(buf);
916         struct ksmbd_crypto_ctx *ctx = NULL;
917
918         if (conn->preauth_info->Preauth_HashId !=
919             SMB2_PREAUTH_INTEGRITY_SHA512)
920                 return -EINVAL;
921
922         ctx = ksmbd_crypto_ctx_find_sha512();
923         if (!ctx) {
924                 ksmbd_debug(AUTH, "could not alloc sha512\n");
925                 return -ENOMEM;
926         }
927
928         rc = crypto_shash_init(CRYPTO_SHA512(ctx));
929         if (rc) {
930                 ksmbd_debug(AUTH, "could not init shashn");
931                 goto out;
932         }
933
934         rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
935         if (rc) {
936                 ksmbd_debug(AUTH, "could not update with n\n");
937                 goto out;
938         }
939
940         rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
941         if (rc) {
942                 ksmbd_debug(AUTH, "could not update with n\n");
943                 goto out;
944         }
945
946         rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
947         if (rc) {
948                 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
949                 goto out;
950         }
951 out:
952         ksmbd_release_crypto_ctx(ctx);
953         return rc;
954 }
955
956 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
957                       __u8 *pi_hash)
958 {
959         int rc;
960         struct ksmbd_crypto_ctx *ctx = NULL;
961
962         ctx = ksmbd_crypto_ctx_find_sha256();
963         if (!ctx) {
964                 ksmbd_debug(AUTH, "could not alloc sha256\n");
965                 return -ENOMEM;
966         }
967
968         rc = crypto_shash_init(CRYPTO_SHA256(ctx));
969         if (rc) {
970                 ksmbd_debug(AUTH, "could not init shashn");
971                 goto out;
972         }
973
974         rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
975         if (rc) {
976                 ksmbd_debug(AUTH, "could not update with n\n");
977                 goto out;
978         }
979
980         rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
981         if (rc) {
982                 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
983                 goto out;
984         }
985 out:
986         ksmbd_release_crypto_ctx(ctx);
987         return rc;
988 }
989
990 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
991                                     int enc, u8 *key)
992 {
993         struct ksmbd_session *sess;
994         u8 *ses_enc_key;
995
996         if (enc)
997                 sess = work->sess;
998         else
999                 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1000         if (!sess)
1001                 return -EINVAL;
1002
1003         ses_enc_key = enc ? sess->smb3encryptionkey :
1004                 sess->smb3decryptionkey;
1005         memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1006
1007         return 0;
1008 }
1009
1010 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1011                                    unsigned int buflen)
1012 {
1013         void *addr;
1014
1015         if (is_vmalloc_addr(buf))
1016                 addr = vmalloc_to_page(buf);
1017         else
1018                 addr = virt_to_page(buf);
1019         sg_set_page(sg, addr, buflen, offset_in_page(buf));
1020 }
1021
1022 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1023                                          u8 *sign)
1024 {
1025         struct scatterlist *sg;
1026         unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1027         int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1028
1029         if (!nvec)
1030                 return NULL;
1031
1032         for (i = 0; i < nvec - 1; i++) {
1033                 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1034
1035                 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1036                         nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1037                                         PAGE_SIZE - 1) >> PAGE_SHIFT) -
1038                                 (kaddr >> PAGE_SHIFT);
1039                 } else {
1040                         nr_entries[i]++;
1041                 }
1042                 total_entries += nr_entries[i];
1043         }
1044
1045         /* Add two entries for transform header and signature */
1046         total_entries += 2;
1047
1048         sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1049         if (!sg)
1050                 return NULL;
1051
1052         sg_init_table(sg, total_entries);
1053         smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1054         for (i = 0; i < nvec - 1; i++) {
1055                 void *data = iov[i + 1].iov_base;
1056                 int len = iov[i + 1].iov_len;
1057
1058                 if (is_vmalloc_addr(data)) {
1059                         int j, offset = offset_in_page(data);
1060
1061                         for (j = 0; j < nr_entries[i]; j++) {
1062                                 unsigned int bytes = PAGE_SIZE - offset;
1063
1064                                 if (!len)
1065                                         break;
1066
1067                                 if (bytes > len)
1068                                         bytes = len;
1069
1070                                 sg_set_page(&sg[sg_idx++],
1071                                             vmalloc_to_page(data), bytes,
1072                                             offset_in_page(data));
1073
1074                                 data += bytes;
1075                                 len -= bytes;
1076                                 offset = 0;
1077                         }
1078                 } else {
1079                         sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1080                                     offset_in_page(data));
1081                 }
1082         }
1083         smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1084         return sg;
1085 }
1086
1087 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1088                         unsigned int nvec, int enc)
1089 {
1090         struct ksmbd_conn *conn = work->conn;
1091         struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1092         unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1093         int rc;
1094         struct scatterlist *sg;
1095         u8 sign[SMB2_SIGNATURE_SIZE] = {};
1096         u8 key[SMB3_ENC_DEC_KEY_SIZE];
1097         struct aead_request *req;
1098         char *iv;
1099         unsigned int iv_len;
1100         struct crypto_aead *tfm;
1101         unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1102         struct ksmbd_crypto_ctx *ctx;
1103
1104         rc = ksmbd_get_encryption_key(work,
1105                                       le64_to_cpu(tr_hdr->SessionId),
1106                                       enc,
1107                                       key);
1108         if (rc) {
1109                 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1110                 return rc;
1111         }
1112
1113         if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1114             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1115                 ctx = ksmbd_crypto_ctx_find_gcm();
1116         else
1117                 ctx = ksmbd_crypto_ctx_find_ccm();
1118         if (!ctx) {
1119                 pr_err("crypto alloc failed\n");
1120                 return -ENOMEM;
1121         }
1122
1123         if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1124             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1125                 tfm = CRYPTO_GCM(ctx);
1126         else
1127                 tfm = CRYPTO_CCM(ctx);
1128
1129         if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1130             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1131                 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1132         else
1133                 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1134         if (rc) {
1135                 pr_err("Failed to set aead key %d\n", rc);
1136                 goto free_ctx;
1137         }
1138
1139         rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1140         if (rc) {
1141                 pr_err("Failed to set authsize %d\n", rc);
1142                 goto free_ctx;
1143         }
1144
1145         req = aead_request_alloc(tfm, GFP_KERNEL);
1146         if (!req) {
1147                 rc = -ENOMEM;
1148                 goto free_ctx;
1149         }
1150
1151         if (!enc) {
1152                 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1153                 crypt_len += SMB2_SIGNATURE_SIZE;
1154         }
1155
1156         sg = ksmbd_init_sg(iov, nvec, sign);
1157         if (!sg) {
1158                 pr_err("Failed to init sg\n");
1159                 rc = -ENOMEM;
1160                 goto free_req;
1161         }
1162
1163         iv_len = crypto_aead_ivsize(tfm);
1164         iv = kzalloc(iv_len, GFP_KERNEL);
1165         if (!iv) {
1166                 rc = -ENOMEM;
1167                 goto free_sg;
1168         }
1169
1170         if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1171             conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1172                 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1173         } else {
1174                 iv[0] = 3;
1175                 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1176         }
1177
1178         aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1179         aead_request_set_ad(req, assoc_data_len);
1180         aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1181
1182         if (enc)
1183                 rc = crypto_aead_encrypt(req);
1184         else
1185                 rc = crypto_aead_decrypt(req);
1186         if (rc)
1187                 goto free_iv;
1188
1189         if (enc)
1190                 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1191
1192 free_iv:
1193         kfree(iv);
1194 free_sg:
1195         kfree(sg);
1196 free_req:
1197         kfree(req);
1198 free_ctx:
1199         ksmbd_release_crypto_ctx(ctx);
1200         return rc;
1201 }
Empty description
This page took 0.105087 seconds and 4 git commands to generate.