1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
212 * @sess: session of connection
213 * @ntlmv2: NTLMv2 challenge response
214 * @blen: NTLMv2 blob length
215 * @domain_name: domain name
216 * @cryptkey: session crypto key
218 * Return: 0 on success, error number on error
220 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
221 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
224 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
225 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
226 struct ksmbd_crypto_ctx *ctx = NULL;
227 char *construct = NULL;
230 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
232 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
236 ctx = ksmbd_crypto_ctx_find_hmacmd5();
238 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
242 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
244 CIFS_HMAC_MD5_HASH_SIZE);
246 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
250 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
252 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
256 len = CIFS_CRYPTO_KEY_SIZE + blen;
257 construct = kzalloc(len, GFP_KERNEL);
263 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
264 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
266 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
268 ksmbd_debug(AUTH, "Could not update with response\n");
272 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
274 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
277 ksmbd_release_crypto_ctx(ctx);
280 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
282 ksmbd_debug(AUTH, "Could not generate sess key\n");
286 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
290 ksmbd_release_crypto_ctx(ctx);
296 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
298 * @authblob: authenticate blob source pointer
299 * @blob_len: length of the @authblob message
301 * @sess: session of connection
303 * Return: 0 on success, error number on error
305 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
306 int blob_len, struct ksmbd_conn *conn,
307 struct ksmbd_session *sess)
310 unsigned int nt_off, dn_off;
311 unsigned short nt_len, dn_len;
314 if (blob_len < sizeof(struct authenticate_message)) {
315 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
320 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
321 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
322 authblob->Signature);
326 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
327 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
328 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
329 dn_len = le16_to_cpu(authblob->DomainName.Length);
331 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
332 nt_len < CIFS_ENCPWD_SIZE)
335 /* TODO : use domain name that imported from configuration file */
336 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
337 dn_len, true, conn->local_nls);
338 if (IS_ERR(domain_name))
339 return PTR_ERR(domain_name);
341 /* process NTLMv2 authentication */
342 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
344 ret = ksmbd_auth_ntlmv2(conn, sess,
345 (struct ntlmv2_resp *)((char *)authblob + nt_off),
346 nt_len - CIFS_ENCPWD_SIZE,
347 domain_name, conn->ntlmssp.cryptkey);
350 /* The recovered secondary session key */
351 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
352 struct arc4_ctx *ctx_arc4;
353 unsigned int sess_key_off, sess_key_len;
355 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
356 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
358 if (blob_len < (u64)sess_key_off + sess_key_len)
361 if (sess_key_len > CIFS_KEY_SIZE)
364 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
368 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
369 SMB2_NTLMV2_SESSKEY_SIZE);
370 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
371 (char *)authblob + sess_key_off, sess_key_len);
372 kfree_sensitive(ctx_arc4);
379 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
381 * @negblob: negotiate blob source pointer
382 * @blob_len: length of the @authblob message
386 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
387 int blob_len, struct ksmbd_conn *conn)
389 if (blob_len < sizeof(struct negotiate_message)) {
390 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
395 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
396 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
401 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
406 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
408 * @chgblob: challenge blob source pointer to initialize
413 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
414 struct ksmbd_conn *conn)
416 struct target_info *tinfo;
419 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
420 int len, uni_len, conv_len;
421 int cflags = conn->ntlmssp.client_flags;
423 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
424 chgblob->MessageType = NtLmChallenge;
426 flags = NTLMSSP_NEGOTIATE_UNICODE |
427 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
428 NTLMSSP_NEGOTIATE_TARGET_INFO;
430 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
431 flags |= NTLMSSP_NEGOTIATE_SIGN;
432 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
433 NTLMSSP_NEGOTIATE_56);
436 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
437 flags |= NTLMSSP_NEGOTIATE_SEAL;
439 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
440 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
442 if (cflags & NTLMSSP_REQUEST_TARGET)
443 flags |= NTLMSSP_REQUEST_TARGET;
445 if (conn->use_spnego &&
446 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
447 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
449 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
450 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
452 chgblob->NegotiateFlags = cpu_to_le32(flags);
453 len = strlen(ksmbd_netbios_name());
454 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
458 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
460 if (conv_len < 0 || conv_len > len) {
465 uni_len = UNICODE_LEN(conv_len);
467 blob_off = sizeof(struct challenge_message);
468 blob_len = blob_off + uni_len;
470 chgblob->TargetName.Length = cpu_to_le16(uni_len);
471 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
472 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
474 /* Initialize random conn challenge */
475 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
476 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
477 CIFS_CRYPTO_KEY_SIZE);
479 /* Add Target Information to security buffer */
480 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
482 target_name = (__u8 *)chgblob + blob_off;
483 memcpy(target_name, name, uni_len);
484 tinfo = (struct target_info *)(target_name + uni_len);
486 chgblob->TargetInfoArray.Length = 0;
487 /* Add target info list for NetBIOS/DNS settings */
488 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
489 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
490 tinfo->Type = cpu_to_le16(type);
491 tinfo->Length = cpu_to_le16(uni_len);
492 memcpy(tinfo->Content, name, uni_len);
493 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
494 target_info_len += 4 + uni_len;
497 /* Add terminator subblock */
500 target_info_len += 4;
502 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
503 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
504 blob_len += target_info_len;
506 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
510 #ifdef CONFIG_SMB_SERVER_KERBEROS5
511 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
512 int in_len, char *out_blob, int *out_len)
514 struct ksmbd_spnego_authen_response *resp;
515 struct ksmbd_user *user = NULL;
518 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
520 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
524 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
525 ksmbd_debug(AUTH, "krb5 authentication failure\n");
530 if (*out_len <= resp->spnego_blob_len) {
531 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
532 *out_len, resp->spnego_blob_len);
537 if (resp->session_key_len > sizeof(sess->sess_key)) {
538 ksmbd_debug(AUTH, "session key is too long\n");
543 user = ksmbd_alloc_user(&resp->login_response);
545 ksmbd_debug(AUTH, "login failure\n");
551 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
552 memcpy(out_blob, resp->payload + resp->session_key_len,
553 resp->spnego_blob_len);
554 *out_len = resp->spnego_blob_len;
561 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
562 int in_len, char *out_blob, int *out_len)
569 * ksmbd_sign_smb2_pdu() - function to generate packet signing
572 * @iov: buffer iov array
573 * @n_vec: number of iovecs
574 * @sig: signature value generated for client request packet
577 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
578 int n_vec, char *sig)
580 struct ksmbd_crypto_ctx *ctx;
583 ctx = ksmbd_crypto_ctx_find_hmacsha256();
585 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
589 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
591 SMB2_NTLMV2_SESSKEY_SIZE);
595 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
597 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
601 for (i = 0; i < n_vec; i++) {
602 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
606 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
611 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
613 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
615 ksmbd_release_crypto_ctx(ctx);
620 * ksmbd_sign_smb3_pdu() - function to generate packet signing
623 * @iov: buffer iov array
624 * @n_vec: number of iovecs
625 * @sig: signature value generated for client request packet
628 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
629 int n_vec, char *sig)
631 struct ksmbd_crypto_ctx *ctx;
634 ctx = ksmbd_crypto_ctx_find_cmacaes();
636 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
640 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
646 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
648 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
652 for (i = 0; i < n_vec; i++) {
653 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
657 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
662 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
664 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
666 ksmbd_release_crypto_ctx(ctx);
676 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
677 struct kvec label, struct kvec context, __u8 *key,
678 unsigned int key_size)
680 unsigned char zero = 0x0;
681 __u8 i[4] = {0, 0, 0, 1};
682 __u8 L128[4] = {0, 0, 0, 128};
683 __u8 L256[4] = {0, 0, 1, 0};
685 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
686 unsigned char *hashptr = prfhash;
687 struct ksmbd_crypto_ctx *ctx;
689 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
690 memset(key, 0x0, key_size);
692 ctx = ksmbd_crypto_ctx_find_hmacsha256();
694 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
698 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
700 SMB2_NTLMV2_SESSKEY_SIZE);
702 goto smb3signkey_ret;
704 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
706 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
707 goto smb3signkey_ret;
710 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
712 ksmbd_debug(AUTH, "could not update with n\n");
713 goto smb3signkey_ret;
716 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
720 ksmbd_debug(AUTH, "could not update with label\n");
721 goto smb3signkey_ret;
724 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
726 ksmbd_debug(AUTH, "could not update with zero\n");
727 goto smb3signkey_ret;
730 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
734 ksmbd_debug(AUTH, "could not update with context\n");
735 goto smb3signkey_ret;
738 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
739 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
740 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
741 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
743 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
745 ksmbd_debug(AUTH, "could not update with L\n");
746 goto smb3signkey_ret;
749 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
751 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
753 goto smb3signkey_ret;
756 memcpy(key, hashptr, key_size);
759 ksmbd_release_crypto_ctx(ctx);
763 static int generate_smb3signingkey(struct ksmbd_session *sess,
764 struct ksmbd_conn *conn,
765 const struct derivation *signing)
768 struct channel *chann;
771 chann = lookup_chann_list(sess, conn);
775 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
776 key = chann->smb3signingkey;
778 key = sess->smb3signingkey;
780 rc = generate_key(conn, sess, signing->label, signing->context, key,
785 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
786 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
788 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
789 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
790 ksmbd_debug(AUTH, "Session Key %*ph\n",
791 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
792 ksmbd_debug(AUTH, "Signing Key %*ph\n",
793 SMB3_SIGN_KEY_SIZE, key);
797 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
798 struct ksmbd_conn *conn)
802 d.label.iov_base = "SMB2AESCMAC";
803 d.label.iov_len = 12;
804 d.context.iov_base = "SmbSign";
805 d.context.iov_len = 8;
806 d.binding = conn->binding;
808 return generate_smb3signingkey(sess, conn, &d);
811 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
812 struct ksmbd_conn *conn)
816 d.label.iov_base = "SMBSigningKey";
817 d.label.iov_len = 14;
819 struct preauth_session *preauth_sess;
821 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
824 d.context.iov_base = preauth_sess->Preauth_HashValue;
826 d.context.iov_base = sess->Preauth_HashValue;
828 d.context.iov_len = 64;
829 d.binding = conn->binding;
831 return generate_smb3signingkey(sess, conn, &d);
834 struct derivation_twin {
835 struct derivation encryption;
836 struct derivation decryption;
839 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
840 struct ksmbd_session *sess,
841 const struct derivation_twin *ptwin)
845 rc = generate_key(conn, sess, ptwin->encryption.label,
846 ptwin->encryption.context, sess->smb3encryptionkey,
847 SMB3_ENC_DEC_KEY_SIZE);
851 rc = generate_key(conn, sess, ptwin->decryption.label,
852 ptwin->decryption.context,
853 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
857 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
858 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
859 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
860 ksmbd_debug(AUTH, "Session Key %*ph\n",
861 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
862 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
863 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
864 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
865 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
866 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
867 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
869 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
870 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
871 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
872 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
877 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
878 struct ksmbd_session *sess)
880 struct derivation_twin twin;
881 struct derivation *d;
883 d = &twin.encryption;
884 d->label.iov_base = "SMB2AESCCM";
885 d->label.iov_len = 11;
886 d->context.iov_base = "ServerOut";
887 d->context.iov_len = 10;
889 d = &twin.decryption;
890 d->label.iov_base = "SMB2AESCCM";
891 d->label.iov_len = 11;
892 d->context.iov_base = "ServerIn ";
893 d->context.iov_len = 10;
895 return generate_smb3encryptionkey(conn, sess, &twin);
898 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
899 struct ksmbd_session *sess)
901 struct derivation_twin twin;
902 struct derivation *d;
904 d = &twin.encryption;
905 d->label.iov_base = "SMBS2CCipherKey";
906 d->label.iov_len = 16;
907 d->context.iov_base = sess->Preauth_HashValue;
908 d->context.iov_len = 64;
910 d = &twin.decryption;
911 d->label.iov_base = "SMBC2SCipherKey";
912 d->label.iov_len = 16;
913 d->context.iov_base = sess->Preauth_HashValue;
914 d->context.iov_len = 64;
916 return generate_smb3encryptionkey(conn, sess, &twin);
919 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
923 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
924 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
925 int msg_size = get_rfc1002_len(buf);
926 struct ksmbd_crypto_ctx *ctx = NULL;
928 if (conn->preauth_info->Preauth_HashId !=
929 SMB2_PREAUTH_INTEGRITY_SHA512)
932 ctx = ksmbd_crypto_ctx_find_sha512();
934 ksmbd_debug(AUTH, "could not alloc sha512\n");
938 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
940 ksmbd_debug(AUTH, "could not init shashn");
944 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
946 ksmbd_debug(AUTH, "could not update with n\n");
950 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
952 ksmbd_debug(AUTH, "could not update with n\n");
956 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
958 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
962 ksmbd_release_crypto_ctx(ctx);
966 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
970 struct ksmbd_crypto_ctx *ctx = NULL;
972 ctx = ksmbd_crypto_ctx_find_sha256();
974 ksmbd_debug(AUTH, "could not alloc sha256\n");
978 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
980 ksmbd_debug(AUTH, "could not init shashn");
984 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
986 ksmbd_debug(AUTH, "could not update with n\n");
990 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
992 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
996 ksmbd_release_crypto_ctx(ctx);
1000 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
1003 struct ksmbd_session *sess;
1009 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1013 ses_enc_key = enc ? sess->smb3encryptionkey :
1014 sess->smb3decryptionkey;
1015 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1020 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1021 unsigned int buflen)
1025 if (is_vmalloc_addr(buf))
1026 addr = vmalloc_to_page(buf);
1028 addr = virt_to_page(buf);
1029 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1032 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1035 struct scatterlist *sg;
1036 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1037 int i, *nr_entries, total_entries = 0, sg_idx = 0;
1042 nr_entries = kcalloc(nvec, sizeof(int), GFP_KERNEL);
1046 for (i = 0; i < nvec - 1; i++) {
1047 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1049 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1050 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1051 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1052 (kaddr >> PAGE_SHIFT);
1056 total_entries += nr_entries[i];
1059 /* Add two entries for transform header and signature */
1062 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1068 sg_init_table(sg, total_entries);
1069 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1070 for (i = 0; i < nvec - 1; i++) {
1071 void *data = iov[i + 1].iov_base;
1072 int len = iov[i + 1].iov_len;
1074 if (is_vmalloc_addr(data)) {
1075 int j, offset = offset_in_page(data);
1077 for (j = 0; j < nr_entries[i]; j++) {
1078 unsigned int bytes = PAGE_SIZE - offset;
1086 sg_set_page(&sg[sg_idx++],
1087 vmalloc_to_page(data), bytes,
1088 offset_in_page(data));
1095 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1096 offset_in_page(data));
1099 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1104 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1105 unsigned int nvec, int enc)
1107 struct ksmbd_conn *conn = work->conn;
1108 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1109 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1111 struct scatterlist *sg;
1112 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1113 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1114 struct aead_request *req;
1116 unsigned int iv_len;
1117 struct crypto_aead *tfm;
1118 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1119 struct ksmbd_crypto_ctx *ctx;
1121 rc = ksmbd_get_encryption_key(work,
1122 le64_to_cpu(tr_hdr->SessionId),
1126 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1130 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1131 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1132 ctx = ksmbd_crypto_ctx_find_gcm();
1134 ctx = ksmbd_crypto_ctx_find_ccm();
1136 pr_err("crypto alloc failed\n");
1140 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1141 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1142 tfm = CRYPTO_GCM(ctx);
1144 tfm = CRYPTO_CCM(ctx);
1146 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1147 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1148 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1150 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1152 pr_err("Failed to set aead key %d\n", rc);
1156 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1158 pr_err("Failed to set authsize %d\n", rc);
1162 req = aead_request_alloc(tfm, GFP_KERNEL);
1169 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1170 crypt_len += SMB2_SIGNATURE_SIZE;
1173 sg = ksmbd_init_sg(iov, nvec, sign);
1175 pr_err("Failed to init sg\n");
1180 iv_len = crypto_aead_ivsize(tfm);
1181 iv = kzalloc(iv_len, GFP_KERNEL);
1187 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1188 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1189 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1192 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1195 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1196 aead_request_set_ad(req, assoc_data_len);
1197 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1200 rc = crypto_aead_encrypt(req);
1202 rc = crypto_aead_decrypt(req);
1207 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1216 ksmbd_release_crypto_ctx(ctx);