1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
222 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 struct ksmbd_crypto_ctx *ctx = NULL;
225 char *construct = NULL;
228 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
230 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
234 ctx = ksmbd_crypto_ctx_find_hmacmd5();
236 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
240 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
242 CIFS_HMAC_MD5_HASH_SIZE);
244 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
248 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
250 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
254 len = CIFS_CRYPTO_KEY_SIZE + blen;
255 construct = kzalloc(len, GFP_KERNEL);
261 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
264 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
266 ksmbd_debug(AUTH, "Could not update with response\n");
270 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
272 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
275 ksmbd_release_crypto_ctx(ctx);
278 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
280 ksmbd_debug(AUTH, "Could not generate sess key\n");
284 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
288 ksmbd_release_crypto_ctx(ctx);
294 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
296 * @authblob: authenticate blob source pointer
298 * @sess: session of connection
300 * Return: 0 on success, error number on error
302 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
303 int blob_len, struct ksmbd_conn *conn,
304 struct ksmbd_session *sess)
307 unsigned int nt_off, dn_off;
308 unsigned short nt_len, dn_len;
311 if (blob_len < sizeof(struct authenticate_message)) {
312 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
317 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
318 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
319 authblob->Signature);
323 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
324 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
325 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
326 dn_len = le16_to_cpu(authblob->DomainName.Length);
328 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
329 nt_len < CIFS_ENCPWD_SIZE)
332 /* TODO : use domain name that imported from configuration file */
333 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
334 dn_len, true, conn->local_nls);
335 if (IS_ERR(domain_name))
336 return PTR_ERR(domain_name);
338 /* process NTLMv2 authentication */
339 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
341 ret = ksmbd_auth_ntlmv2(conn, sess,
342 (struct ntlmv2_resp *)((char *)authblob + nt_off),
343 nt_len - CIFS_ENCPWD_SIZE,
344 domain_name, conn->ntlmssp.cryptkey);
347 /* The recovered secondary session key */
348 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
349 struct arc4_ctx *ctx_arc4;
350 unsigned int sess_key_off, sess_key_len;
352 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
353 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
355 if (blob_len < (u64)sess_key_off + sess_key_len)
358 if (sess_key_len > CIFS_KEY_SIZE)
361 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
365 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
366 SMB2_NTLMV2_SESSKEY_SIZE);
367 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
368 (char *)authblob + sess_key_off, sess_key_len);
369 kfree_sensitive(ctx_arc4);
376 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
378 * @negblob: negotiate blob source pointer
379 * @rsp: response header pointer to be updated
380 * @sess: session of connection
383 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
384 int blob_len, struct ksmbd_conn *conn)
386 if (blob_len < sizeof(struct negotiate_message)) {
387 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
392 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
393 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
398 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
403 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
405 * @chgblob: challenge blob source pointer to initialize
406 * @rsp: response header pointer to be updated
407 * @sess: session of connection
411 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
412 struct ksmbd_conn *conn)
414 struct target_info *tinfo;
417 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
418 int len, uni_len, conv_len;
419 int cflags = conn->ntlmssp.client_flags;
421 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
422 chgblob->MessageType = NtLmChallenge;
424 flags = NTLMSSP_NEGOTIATE_UNICODE |
425 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
426 NTLMSSP_NEGOTIATE_TARGET_INFO;
428 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
429 flags |= NTLMSSP_NEGOTIATE_SIGN;
430 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
431 NTLMSSP_NEGOTIATE_56);
434 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
435 flags |= NTLMSSP_NEGOTIATE_SEAL;
437 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
438 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
440 if (cflags & NTLMSSP_REQUEST_TARGET)
441 flags |= NTLMSSP_REQUEST_TARGET;
443 if (conn->use_spnego &&
444 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
445 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
447 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
448 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
450 chgblob->NegotiateFlags = cpu_to_le32(flags);
451 len = strlen(ksmbd_netbios_name());
452 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
456 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
458 if (conv_len < 0 || conv_len > len) {
463 uni_len = UNICODE_LEN(conv_len);
465 blob_off = sizeof(struct challenge_message);
466 blob_len = blob_off + uni_len;
468 chgblob->TargetName.Length = cpu_to_le16(uni_len);
469 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
470 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
472 /* Initialize random conn challenge */
473 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
474 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
475 CIFS_CRYPTO_KEY_SIZE);
477 /* Add Target Information to security buffer */
478 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
480 target_name = (__u8 *)chgblob + blob_off;
481 memcpy(target_name, name, uni_len);
482 tinfo = (struct target_info *)(target_name + uni_len);
484 chgblob->TargetInfoArray.Length = 0;
485 /* Add target info list for NetBIOS/DNS settings */
486 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
487 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
488 tinfo->Type = cpu_to_le16(type);
489 tinfo->Length = cpu_to_le16(uni_len);
490 memcpy(tinfo->Content, name, uni_len);
491 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
492 target_info_len += 4 + uni_len;
495 /* Add terminator subblock */
498 target_info_len += 4;
500 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
501 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
502 blob_len += target_info_len;
504 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
508 #ifdef CONFIG_SMB_SERVER_KERBEROS5
509 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
510 int in_len, char *out_blob, int *out_len)
512 struct ksmbd_spnego_authen_response *resp;
513 struct ksmbd_user *user = NULL;
516 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
518 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
522 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
523 ksmbd_debug(AUTH, "krb5 authentication failure\n");
528 if (*out_len <= resp->spnego_blob_len) {
529 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
530 *out_len, resp->spnego_blob_len);
535 if (resp->session_key_len > sizeof(sess->sess_key)) {
536 ksmbd_debug(AUTH, "session key is too long\n");
541 user = ksmbd_alloc_user(&resp->login_response);
543 ksmbd_debug(AUTH, "login failure\n");
549 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
550 memcpy(out_blob, resp->payload + resp->session_key_len,
551 resp->spnego_blob_len);
552 *out_len = resp->spnego_blob_len;
559 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
560 int in_len, char *out_blob, int *out_len)
567 * ksmbd_sign_smb2_pdu() - function to generate packet signing
570 * @iov: buffer iov array
571 * @n_vec: number of iovecs
572 * @sig: signature value generated for client request packet
575 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
576 int n_vec, char *sig)
578 struct ksmbd_crypto_ctx *ctx;
581 ctx = ksmbd_crypto_ctx_find_hmacsha256();
583 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
587 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
589 SMB2_NTLMV2_SESSKEY_SIZE);
593 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
595 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
599 for (i = 0; i < n_vec; i++) {
600 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
604 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
609 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
611 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
613 ksmbd_release_crypto_ctx(ctx);
618 * ksmbd_sign_smb3_pdu() - function to generate packet signing
621 * @iov: buffer iov array
622 * @n_vec: number of iovecs
623 * @sig: signature value generated for client request packet
626 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
627 int n_vec, char *sig)
629 struct ksmbd_crypto_ctx *ctx;
632 ctx = ksmbd_crypto_ctx_find_cmacaes();
634 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
638 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
644 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
646 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
650 for (i = 0; i < n_vec; i++) {
651 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
655 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
660 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
662 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
664 ksmbd_release_crypto_ctx(ctx);
674 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
675 struct kvec label, struct kvec context, __u8 *key,
676 unsigned int key_size)
678 unsigned char zero = 0x0;
679 __u8 i[4] = {0, 0, 0, 1};
680 __u8 L128[4] = {0, 0, 0, 128};
681 __u8 L256[4] = {0, 0, 1, 0};
683 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
684 unsigned char *hashptr = prfhash;
685 struct ksmbd_crypto_ctx *ctx;
687 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
688 memset(key, 0x0, key_size);
690 ctx = ksmbd_crypto_ctx_find_hmacsha256();
692 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
696 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
698 SMB2_NTLMV2_SESSKEY_SIZE);
700 goto smb3signkey_ret;
702 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
704 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
705 goto smb3signkey_ret;
708 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
710 ksmbd_debug(AUTH, "could not update with n\n");
711 goto smb3signkey_ret;
714 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
718 ksmbd_debug(AUTH, "could not update with label\n");
719 goto smb3signkey_ret;
722 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
724 ksmbd_debug(AUTH, "could not update with zero\n");
725 goto smb3signkey_ret;
728 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
732 ksmbd_debug(AUTH, "could not update with context\n");
733 goto smb3signkey_ret;
736 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
737 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
738 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
739 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
741 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
743 ksmbd_debug(AUTH, "could not update with L\n");
744 goto smb3signkey_ret;
747 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
749 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
751 goto smb3signkey_ret;
754 memcpy(key, hashptr, key_size);
757 ksmbd_release_crypto_ctx(ctx);
761 static int generate_smb3signingkey(struct ksmbd_session *sess,
762 struct ksmbd_conn *conn,
763 const struct derivation *signing)
766 struct channel *chann;
769 chann = lookup_chann_list(sess, conn);
773 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
774 key = chann->smb3signingkey;
776 key = sess->smb3signingkey;
778 rc = generate_key(conn, sess, signing->label, signing->context, key,
783 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
784 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
786 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
787 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
788 ksmbd_debug(AUTH, "Session Key %*ph\n",
789 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
790 ksmbd_debug(AUTH, "Signing Key %*ph\n",
791 SMB3_SIGN_KEY_SIZE, key);
795 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
796 struct ksmbd_conn *conn)
800 d.label.iov_base = "SMB2AESCMAC";
801 d.label.iov_len = 12;
802 d.context.iov_base = "SmbSign";
803 d.context.iov_len = 8;
804 d.binding = conn->binding;
806 return generate_smb3signingkey(sess, conn, &d);
809 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
810 struct ksmbd_conn *conn)
814 d.label.iov_base = "SMBSigningKey";
815 d.label.iov_len = 14;
817 struct preauth_session *preauth_sess;
819 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
822 d.context.iov_base = preauth_sess->Preauth_HashValue;
824 d.context.iov_base = sess->Preauth_HashValue;
826 d.context.iov_len = 64;
827 d.binding = conn->binding;
829 return generate_smb3signingkey(sess, conn, &d);
832 struct derivation_twin {
833 struct derivation encryption;
834 struct derivation decryption;
837 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
838 struct ksmbd_session *sess,
839 const struct derivation_twin *ptwin)
843 rc = generate_key(conn, sess, ptwin->encryption.label,
844 ptwin->encryption.context, sess->smb3encryptionkey,
845 SMB3_ENC_DEC_KEY_SIZE);
849 rc = generate_key(conn, sess, ptwin->decryption.label,
850 ptwin->decryption.context,
851 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
855 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
856 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
857 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
858 ksmbd_debug(AUTH, "Session Key %*ph\n",
859 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
860 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
861 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
862 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
863 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
864 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
865 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
867 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
868 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
869 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
870 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
875 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
876 struct ksmbd_session *sess)
878 struct derivation_twin twin;
879 struct derivation *d;
881 d = &twin.encryption;
882 d->label.iov_base = "SMB2AESCCM";
883 d->label.iov_len = 11;
884 d->context.iov_base = "ServerOut";
885 d->context.iov_len = 10;
887 d = &twin.decryption;
888 d->label.iov_base = "SMB2AESCCM";
889 d->label.iov_len = 11;
890 d->context.iov_base = "ServerIn ";
891 d->context.iov_len = 10;
893 return generate_smb3encryptionkey(conn, sess, &twin);
896 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
897 struct ksmbd_session *sess)
899 struct derivation_twin twin;
900 struct derivation *d;
902 d = &twin.encryption;
903 d->label.iov_base = "SMBS2CCipherKey";
904 d->label.iov_len = 16;
905 d->context.iov_base = sess->Preauth_HashValue;
906 d->context.iov_len = 64;
908 d = &twin.decryption;
909 d->label.iov_base = "SMBC2SCipherKey";
910 d->label.iov_len = 16;
911 d->context.iov_base = sess->Preauth_HashValue;
912 d->context.iov_len = 64;
914 return generate_smb3encryptionkey(conn, sess, &twin);
917 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
921 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
922 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
923 int msg_size = get_rfc1002_len(buf);
924 struct ksmbd_crypto_ctx *ctx = NULL;
926 if (conn->preauth_info->Preauth_HashId !=
927 SMB2_PREAUTH_INTEGRITY_SHA512)
930 ctx = ksmbd_crypto_ctx_find_sha512();
932 ksmbd_debug(AUTH, "could not alloc sha512\n");
936 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
938 ksmbd_debug(AUTH, "could not init shashn");
942 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
944 ksmbd_debug(AUTH, "could not update with n\n");
948 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
950 ksmbd_debug(AUTH, "could not update with n\n");
954 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
956 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
960 ksmbd_release_crypto_ctx(ctx);
964 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
968 struct ksmbd_crypto_ctx *ctx = NULL;
970 ctx = ksmbd_crypto_ctx_find_sha256();
972 ksmbd_debug(AUTH, "could not alloc sha256\n");
976 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
978 ksmbd_debug(AUTH, "could not init shashn");
982 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
984 ksmbd_debug(AUTH, "could not update with n\n");
988 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
990 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
994 ksmbd_release_crypto_ctx(ctx);
998 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
1001 struct ksmbd_session *sess;
1007 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1011 ses_enc_key = enc ? sess->smb3encryptionkey :
1012 sess->smb3decryptionkey;
1013 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1018 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1019 unsigned int buflen)
1023 if (is_vmalloc_addr(buf))
1024 addr = vmalloc_to_page(buf);
1026 addr = virt_to_page(buf);
1027 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1030 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1033 struct scatterlist *sg;
1034 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1035 int i, *nr_entries, total_entries = 0, sg_idx = 0;
1040 nr_entries = kcalloc(nvec, sizeof(int), GFP_KERNEL);
1044 for (i = 0; i < nvec - 1; i++) {
1045 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1047 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1048 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1049 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1050 (kaddr >> PAGE_SHIFT);
1054 total_entries += nr_entries[i];
1057 /* Add two entries for transform header and signature */
1060 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1066 sg_init_table(sg, total_entries);
1067 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1068 for (i = 0; i < nvec - 1; i++) {
1069 void *data = iov[i + 1].iov_base;
1070 int len = iov[i + 1].iov_len;
1072 if (is_vmalloc_addr(data)) {
1073 int j, offset = offset_in_page(data);
1075 for (j = 0; j < nr_entries[i]; j++) {
1076 unsigned int bytes = PAGE_SIZE - offset;
1084 sg_set_page(&sg[sg_idx++],
1085 vmalloc_to_page(data), bytes,
1086 offset_in_page(data));
1093 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1094 offset_in_page(data));
1097 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1102 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1103 unsigned int nvec, int enc)
1105 struct ksmbd_conn *conn = work->conn;
1106 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1107 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1109 struct scatterlist *sg;
1110 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1111 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1112 struct aead_request *req;
1114 unsigned int iv_len;
1115 struct crypto_aead *tfm;
1116 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1117 struct ksmbd_crypto_ctx *ctx;
1119 rc = ksmbd_get_encryption_key(work,
1120 le64_to_cpu(tr_hdr->SessionId),
1124 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1128 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1129 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1130 ctx = ksmbd_crypto_ctx_find_gcm();
1132 ctx = ksmbd_crypto_ctx_find_ccm();
1134 pr_err("crypto alloc failed\n");
1138 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1139 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1140 tfm = CRYPTO_GCM(ctx);
1142 tfm = CRYPTO_CCM(ctx);
1144 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1145 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1146 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1148 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1150 pr_err("Failed to set aead key %d\n", rc);
1154 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1156 pr_err("Failed to set authsize %d\n", rc);
1160 req = aead_request_alloc(tfm, GFP_KERNEL);
1167 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1168 crypt_len += SMB2_SIGNATURE_SIZE;
1171 sg = ksmbd_init_sg(iov, nvec, sign);
1173 pr_err("Failed to init sg\n");
1178 iv_len = crypto_aead_ivsize(tfm);
1179 iv = kzalloc(iv_len, GFP_KERNEL);
1185 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1186 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1187 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1190 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1193 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1194 aead_request_set_ad(req, assoc_data_len);
1195 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1198 rc = crypto_aead_encrypt(req);
1200 rc = crypto_aead_decrypt(req);
1205 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1214 ksmbd_release_crypto_ctx(ctx);
projects / releases.git / blob