Blame - fs/cifs/cifsencrypt.c - SHIFTPHONES/mainline/linux

blob: 6679e07e533e8504981a1d6af211e270b2a3afff [file] [log] [blame]

Steve French	929be90	2021-06-18 00:31:49 -0500	[diff] [blame]	1	// SPDX-License-Identifier: LGPL-2.1
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	2	/*
				3	* fs/cifs/cifsencrypt.c
				4	*
Steve French	8b7a454	2015-03-30 16:58:17 -0500	[diff] [blame]	5	* Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP
				6	* for more detailed information
				7	*
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	8	* Copyright (C) International Business Machines Corp., 2005,2013
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	9	* Author(s): Steve French (sfrench@us.ibm.com)
				10	*
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	11	*/
				12
				13	#include <linux/fs.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	14	#include <linux/slab.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	15	#include "cifspdu.h"
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	16	#include "cifsglob.h"
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	17	#include "cifs_debug.h"
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	18	#include "cifs_unicode.h"
				19	#include "cifsproto.h"
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	20	#include "ntlmssp.h"
Steve French	7c7b25b	2006-06-01 19:20:10 +0000	[diff] [blame]	21	#include <linux/ctype.h>
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	22	#include <linux/random.h>
Jeff Layton	fb308a6	2012-09-18 16:20:35 -0700	[diff] [blame]	23	#include <linux/highmem.h>
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	24	#include <linux/fips.h>
Ronnie Sahlberg	71c0286	2021-08-19 20:34:59 +1000	[diff] [blame^]	25	#include "../cifs_common/arc4.h"
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	26	#include <crypto/aead.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	27
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	28	int __cifs_calc_signature(struct smb_rqst *rqst,
				29	struct TCP_Server_Info server, char signature,
				30	struct shash_desc *shash)
				31	{
				32	int i;
				33	int rc;
				34	struct kvec *iov = rqst->rq_iov;
				35	int n_vec = rqst->rq_nvec;
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	36	int is_smb2 = server->vals->header_preamble_size == 0;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	37
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	38	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
				39	if (is_smb2) {
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	40	if (iov[0].iov_len <= 4)
				41	return -EIO;
				42	i = 0;
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	43	} else {
				44	if (n_vec < 2 \|\| iov[0].iov_len != 4)
				45	return -EIO;
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	46	i = 1; /* skip rfc1002 length */
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	47	}
				48
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	49	for (; i < n_vec; i++) {
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	50	if (iov[i].iov_len == 0)
				51	continue;
				52	if (iov[i].iov_base == NULL) {
				53	cifs_dbg(VFS, "null iovec entry\n");
				54	return -EIO;
				55	}
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	56
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	57	rc = crypto_shash_update(shash,
				58	iov[i].iov_base, iov[i].iov_len);
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	59	if (rc) {
				60	cifs_dbg(VFS, "%s: Could not update with payload\n",
				61	__func__);
				62	return rc;
				63	}
				64	}
				65
				66	/* now hash over the rq_pages array */
				67	for (i = 0; i < rqst->rq_npages; i++) {
Long Li	4c0d2a5	2018-05-30 12:48:03 -0700	[diff] [blame]	68	void *kaddr;
				69	unsigned int len, offset;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	70
Long Li	4c0d2a5	2018-05-30 12:48:03 -0700	[diff] [blame]	71	rqst_page_get_length(rqst, i, &len, &offset);
				72
				73	kaddr = (char *) kmap(rqst->rq_pages[i]) + offset;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	74
Paulo Alcantara	a12d0c5	2018-06-23 14:52:25 -0300	[diff] [blame]	75	rc = crypto_shash_update(shash, kaddr, len);
				76	if (rc) {
				77	cifs_dbg(VFS, "%s: Could not update with payload\n",
				78	__func__);
				79	kunmap(rqst->rq_pages[i]);
				80	return rc;
				81	}
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	82
				83	kunmap(rqst->rq_pages[i]);
				84	}
				85
				86	rc = crypto_shash_final(shash, signature);
				87	if (rc)
				88	cifs_dbg(VFS, "%s: Could not generate hash\n", __func__);
				89
				90	return rc;
				91	}
				92
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	93	/*
				94	* Calculate and return the CIFS signature based on the mac key and SMB PDU.
				95	* The 16 byte signature must be allocated by the caller. Note we only use the
				96	* 1st eight bytes and that the smb header signature field on input contains
				97	* the sequence number before this function is called. Also, this function
				98	* should be called with the server->srv_mutex held.
				99	*/
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	100	static int cifs_calc_signature(struct smb_rqst *rqst,
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	101	struct TCP_Server_Info server, char signature)
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	102	{
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	103	int rc;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	104
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	105	if (!rqst->rq_iov \|\| !signature \|\| !server)
Steve French	e9917a0	2006-03-31 21:22:00 +0000	[diff] [blame]	106	return -EINVAL;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	107
Aurelien Aptel	82fb82b	2018-02-16 19:19:27 +0100	[diff] [blame]	108	rc = cifs_alloc_hash("md5", &server->secmech.md5,
				109	&server->secmech.sdescmd5);
				110	if (rc)
				111	return -1;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	112
				113	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
				114	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	115	cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	116	return rc;
				117	}
				118
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	119	rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	120	server->session_key.response, server->session_key.len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	121	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	122	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	123	return rc;
				124	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	125
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	126	return __cifs_calc_signature(rqst, server, signature,
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	127	&server->secmech.sdescmd5->shash);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	128	}
				129
Jeff Layton	a0f8b4f	2011-01-07 11:30:28 -0500	[diff] [blame]	130	/* must be called with server->srv_mutex held */
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	131	int cifs_sign_rqst(struct smb_rqst rqst, struct TCP_Server_Info server,
Steve French	63d2583	2007-11-05 21:46:10 +0000	[diff] [blame]	132	__u32 *pexpected_response_sequence_number)
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	133	{
				134	int rc = 0;
				135	char smb_signature[20];
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	136	struct smb_hdr cifs_pdu = (struct smb_hdr )rqst->rq_iov[0].iov_base;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	137
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	138	if (rqst->rq_iov[0].iov_len != 4 \|\|
				139	rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
				140	return -EIO;
				141
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	142	if ((cifs_pdu == NULL) \|\| (server == NULL))
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	143	return -EINVAL;
				144
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	145	if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) \|\|
				146	server->tcpStatus == CifsNeedNegotiate)
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	147	return rc;
				148
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	149	if (!server->session_estab) {
Jeff Layton	b4dacbc	2011-10-11 06:41:32 -0400	[diff] [blame]	150	memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	151	return rc;
				152	}
				153
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	154	cifs_pdu->Signature.Sequence.SequenceNumber =
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	155	cpu_to_le32(server->sequence_number);
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	156	cifs_pdu->Signature.Sequence.Reserved = 0;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	157
Jeff Layton	0124cc4	2013-04-03 11:55:03 -0400	[diff] [blame]	158	*pexpected_response_sequence_number = ++server->sequence_number;
				159	++server->sequence_number;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	160
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	161	rc = cifs_calc_signature(rqst, server, smb_signature);
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	162	if (rc)
				163	memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
				164	else
				165	memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	166
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	167	return rc;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	168	}
				169
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	170	int cifs_sign_smbv(struct kvec iov, int n_vec, struct TCP_Server_Info server,
				171	__u32 *pexpected_response_sequence)
				172	{
				173	struct smb_rqst rqst = { .rq_iov = iov,
				174	.rq_nvec = n_vec };
				175
				176	return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
				177	}
				178
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	179	/* must be called with server->srv_mutex held */
				180	int cifs_sign_smb(struct smb_hdr cifs_pdu, struct TCP_Server_Info server,
				181	__u32 *pexpected_response_sequence_number)
				182	{
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	183	struct kvec iov[2];
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	184
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	185	iov[0].iov_base = cifs_pdu;
				186	iov[0].iov_len = 4;
				187	iov[1].iov_base = (char *)cifs_pdu + 4;
				188	iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length);
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	189
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	190	return cifs_sign_smbv(iov, 2, server,
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	191	pexpected_response_sequence_number);
				192	}
				193
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	194	int cifs_verify_signature(struct smb_rqst *rqst,
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	195	struct TCP_Server_Info *server,
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	196	__u32 expected_sequence_number)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	197	{
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	198	unsigned int rc;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	199	char server_response_sig[8];
				200	char what_we_think_sig_should_be[20];
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	201	struct smb_hdr cifs_pdu = (struct smb_hdr )rqst->rq_iov[0].iov_base;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	202
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	203	if (rqst->rq_iov[0].iov_len != 4 \|\|
				204	rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
				205	return -EIO;
				206
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	207	if (cifs_pdu == NULL \|\| server == NULL)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	208	return -EINVAL;
				209
Jeff Layton	9c4843e	2011-06-06 15:40:23 -0400	[diff] [blame]	210	if (!server->session_estab)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	211	return 0;
				212
				213	if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) {
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	214	struct smb_com_lock_req *pSMB =
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	215	(struct smb_com_lock_req *)cifs_pdu;
Colin Ian King	5890255	2018-11-03 15:59:44 +0000	[diff] [blame]	216	if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	217	return 0;
				218	}
				219
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	220	/* BB what if signatures are supposed to be on for session but
				221	server does not send one? BB */
				222
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	223	/* Do not need to verify session setups with signature "BSRSPYL " */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	224	if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	225	cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
				226	cifs_pdu->Command);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	227
				228	/* save off the origiginal signature so we can modify the smb and check
				229	its signature against what the server sent */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	230	memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	231
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	232	cifs_pdu->Signature.Sequence.SequenceNumber =
				233	cpu_to_le32(expected_sequence_number);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	234	cifs_pdu->Signature.Sequence.Reserved = 0;
				235
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	236	mutex_lock(&server->srv_mutex);
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	237	rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	238	mutex_unlock(&server->srv_mutex);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	239
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	240	if (rc)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	241	return rc;
				242
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	243	/* cifs_dump_mem("what we think it should be: ",
				244	what_we_think_sig_should_be, 16); */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	245
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	246	if (memcmp(server_response_sig, what_we_think_sig_should_be, 8))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	247	return -EACCES;
				248	else
				249	return 0;
				250
				251	}
				252
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	253	/* Build a proper attribute value/target info pairs blob.
				254	* Fill in netbios and dns domain name and workstation name
				255	* and client time (total five av pairs and + one end of fields indicator.
				256	* Allocate domain name which gets freed when session struct is deallocated.
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	257	*/
				258	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	259	build_avpair_blob(struct cifs_ses ses, const struct nls_table nls_cp)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	260	{
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	261	unsigned int dlen;
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	262	unsigned int size = 2 * sizeof(struct ntlmssp2_name);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	263	char *defdmname = "WORKGROUP";
				264	unsigned char *blobptr;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	265	struct ntlmssp2_name *attrptr;
				266
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	267	if (!ses->domainName) {
				268	ses->domainName = kstrdup(defdmname, GFP_KERNEL);
				269	if (!ses->domainName)
				270	return -ENOMEM;
				271	}
				272
				273	dlen = strlen(ses->domainName);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	274
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	275	/*
				276	* The length of this blob is two times the size of a
				277	* structure (av pair) which holds name/size
				278	* ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
				279	* unicode length of a netbios domain name
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	280	*/
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	281	ses->auth_key.len = size + 2 * dlen;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	282	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
				283	if (!ses->auth_key.response) {
				284	ses->auth_key.len = 0;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	285	return -ENOMEM;
				286	}
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	287
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	288	blobptr = ses->auth_key.response;
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	289	attrptr = (struct ntlmssp2_name *) blobptr;
				290
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	291	/*
				292	* As defined in MS-NTLM 3.3.2, just this av pair field
				293	* is sufficient as part of the temp
				294	*/
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	295	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
				296	attrptr->length = cpu_to_le16(2 * dlen);
				297	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	298	cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	299
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	300	return 0;
				301	}
				302
				303	/* Server has provided av pairs/target info in the type 2 challenge
				304	* packet and we have plucked it and stored within smb session.
				305	* We parse that blob here to find netbios domain name to be used
				306	* as part of ntlmv2 authentication (in Target String), if not already
				307	* specified on the command line.
				308	* If this function returns without any error but without fetching
				309	* domain name, authentication may fail against some server but
				310	* may not fail against other (those who are not very particular
				311	* about target string i.e. for some, just user name might suffice.
				312	*/
				313	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	314	find_domain_name(struct cifs_ses ses, const struct nls_table nls_cp)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	315	{
				316	unsigned int attrsize;
				317	unsigned int type;
				318	unsigned int onesize = sizeof(struct ntlmssp2_name);
				319	unsigned char *blobptr;
				320	unsigned char *blobend;
				321	struct ntlmssp2_name *attrptr;
				322
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	323	if (!ses->auth_key.len \|\| !ses->auth_key.response)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	324	return 0;
				325
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	326	blobptr = ses->auth_key.response;
				327	blobend = blobptr + ses->auth_key.len;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	328
				329	while (blobptr + onesize < blobend) {
				330	attrptr = (struct ntlmssp2_name *) blobptr;
				331	type = le16_to_cpu(attrptr->type);
				332	if (type == NTLMSSP_AV_EOL)
				333	break;
				334	blobptr += 2; /* advance attr type */
				335	attrsize = le16_to_cpu(attrptr->length);
				336	blobptr += 2; /* advance attr size */
				337	if (blobptr + attrsize > blobend)
				338	break;
				339	if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {
Chen Gang	057d633	2013-07-19 09:01:36 +0800	[diff] [blame]	340	if (!attrsize \|\| attrsize >= CIFS_MAX_DOMAINNAME_LEN)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	341	break;
				342	if (!ses->domainName) {
				343	ses->domainName =
				344	kmalloc(attrsize + 1, GFP_KERNEL);
				345	if (!ses->domainName)
				346	return -ENOMEM;
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	347	cifs_from_utf16(ses->domainName,
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	348	(__le16 *)blobptr, attrsize, attrsize,
Steve French	b693855	2014-09-25 13:20:05 -0500	[diff] [blame]	349	nls_cp, NO_MAP_UNI_RSVD);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	350	break;
				351	}
				352	}
				353	blobptr += attrsize; /* advance attr value */
				354	}
				355
				356	return 0;
				357	}
				358
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	359	/* Server has provided av pairs/target info in the type 2 challenge
				360	* packet and we have plucked it and stored within smb session.
				361	* We parse that blob here to find the server given timestamp
				362	* as part of ntlmv2 authentication (or local current time as
				363	* default in case of failure)
				364	*/
				365	static __le64
				366	find_timestamp(struct cifs_ses *ses)
				367	{
				368	unsigned int attrsize;
				369	unsigned int type;
				370	unsigned int onesize = sizeof(struct ntlmssp2_name);
				371	unsigned char *blobptr;
				372	unsigned char *blobend;
				373	struct ntlmssp2_name *attrptr;
Arnd Bergmann	9539020	2018-06-19 17:27:58 +0200	[diff] [blame]	374	struct timespec64 ts;
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	375
				376	if (!ses->auth_key.len \|\| !ses->auth_key.response)
				377	return 0;
				378
				379	blobptr = ses->auth_key.response;
				380	blobend = blobptr + ses->auth_key.len;
				381
				382	while (blobptr + onesize < blobend) {
				383	attrptr = (struct ntlmssp2_name *) blobptr;
				384	type = le16_to_cpu(attrptr->type);
				385	if (type == NTLMSSP_AV_EOL)
				386	break;
				387	blobptr += 2; /* advance attr type */
				388	attrsize = le16_to_cpu(attrptr->length);
				389	blobptr += 2; /* advance attr size */
				390	if (blobptr + attrsize > blobend)
				391	break;
				392	if (type == NTLMSSP_AV_TIMESTAMP) {
				393	if (attrsize == sizeof(u64))
				394	return ((__le64 )blobptr);
				395	}
				396	blobptr += attrsize; /* advance attr value */
				397	}
				398
Arnd Bergmann	9539020	2018-06-19 17:27:58 +0200	[diff] [blame]	399	ktime_get_real_ts64(&ts);
Deepa Dinamani	e37fea5	2017-05-08 15:59:16 -0700	[diff] [blame]	400	return cpu_to_le64(cifs_UnixTimeToNT(ts));
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	401	}
				402
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	403	static int calc_ntlmv2_hash(struct cifs_ses ses, char ntlmv2_hash,
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	404	const struct nls_table *nls_cp)
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	405	{
				406	int rc = 0;
				407	int len;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	408	char nt_hash[CIFS_NTHASH_SIZE];
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	409	__le16 *user;
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	410	wchar_t *domain;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	411	wchar_t *server;
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	412
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	413	if (!ses->server->secmech.sdeschmacmd5) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	414	cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	415	return -1;
				416	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	417
				418	/* calculate md4 hash of password */
Shirish Pargaonkar	9ef5992	2011-10-20 13:21:59 -0500	[diff] [blame]	419	E_md4hash(ses->password, nt_hash, nls_cp);
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	420
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	421	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	422	CIFS_NTHASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	423	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	424	cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	425	return rc;
				426	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	427
				428	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				429	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	430	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	431	return rc;
				432	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	433
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	434	/* convert ses->user_name to unicode */
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	435	len = ses->user_name ? strlen(ses->user_name) : 0;
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	436	user = kmalloc(2 + (len * 2), GFP_KERNEL);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	437	if (user == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	438	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	439	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	440	}
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	441
				442	if (len) {
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	443	len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp);
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	444	UniStrupr(user);
				445	} else {
				446	memset(user, '\0', 2);
				447	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	448
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	449	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	450	(char )user, 2 len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	451	kfree(user);
				452	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	453	cifs_dbg(VFS, "%s: Could not update with user\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	454	return rc;
				455	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	456
				457	/* convert ses->domainName to unicode and uppercase */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	458	if (ses->domainName) {
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	459	len = strlen(ses->domainName);
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	460
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	461	domain = kmalloc(2 + (len * 2), GFP_KERNEL);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	462	if (domain == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	463	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	464	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	465	}
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	466	len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len,
				467	nls_cp);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	468	rc =
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	469	crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
				470	(char )domain, 2 len);
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	471	kfree(domain);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	472	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	473	cifs_dbg(VFS, "%s: Could not update with domain\n",
				474	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	475	return rc;
				476	}
Steve French	8b7a454	2015-03-30 16:58:17 -0500	[diff] [blame]	477	} else {
Steve French	b438fcf	2021-02-20 19:24:11 -0600	[diff] [blame]	478	/* We use ses->ip_addr if no domain name available */
				479	len = strlen(ses->ip_addr);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	480
				481	server = kmalloc(2 + (len * 2), GFP_KERNEL);
				482	if (server == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	483	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	484	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	485	}
Steve French	b438fcf	2021-02-20 19:24:11 -0600	[diff] [blame]	486	len = cifs_strtoUTF16((__le16 *)server, ses->ip_addr, len,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	487	nls_cp);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	488	rc =
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	489	crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
				490	(char )server, 2 len);
				491	kfree(server);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	492	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	493	cifs_dbg(VFS, "%s: Could not update with server\n",
				494	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	495	return rc;
				496	}
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	497	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	498
				499	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	500	ntlmv2_hash);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	501	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	502	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	503
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	504	return rc;
				505	}
				506
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	507	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	508	CalcNTLMv2_response(const struct cifs_ses ses, char ntlmv2_hash)
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	509	{
				510	int rc;
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	511	struct ntlmv2_resp ntlmv2 = (struct ntlmv2_resp )
				512	(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
				513	unsigned int hash_len;
				514
				515	/* The MD5 hash starts at challenge_key.key */
				516	hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE +
				517	offsetof(struct ntlmv2_resp, challenge.key[0]));
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	518
				519	if (!ses->server->secmech.sdeschmacmd5) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	520	cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	521	return -1;
				522	}
				523
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	524	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	525	ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	526	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	527	cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
				528	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	529	return rc;
				530	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	531
				532	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				533	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	534	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	535	return rc;
				536	}
				537
Jeff Layton	3f61822	2013-06-12 19:52:14 -0500	[diff] [blame]	538	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED)
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	539	memcpy(ntlmv2->challenge.key,
				540	ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
Shirish Pargaonkar	d3ba50b	2010-10-27 15:20:36 -0500	[diff] [blame]	541	else
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	542	memcpy(ntlmv2->challenge.key,
				543	ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	544	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	545	ntlmv2->challenge.key, hash_len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	546	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	547	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	548	return rc;
				549	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	550
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	551	/* Note that the MD5 digest over writes anon.challenge_key.key */
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	552	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	553	ntlmv2->ntlmv2_hash);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	554	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	555	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	556
				557	return rc;
				558	}
				559
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	560	int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	561	setup_ntlmv2_rsp(struct cifs_ses ses, const struct nls_table nls_cp)
Steve French	9fbc590	2010-08-20 20:42:26 +0000	[diff] [blame]	562	{
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	563	int rc;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	564	int baselen;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	565	unsigned int tilen;
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	566	struct ntlmv2_resp *ntlmv2;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	567	char ntlmv2_hash[16];
				568	unsigned char tiblob = NULL; / target info blob */
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	569	__le64 rsp_timestamp;
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	570
Ronnie Sahlberg	24e0a1e	2020-12-10 00:06:02 -0600	[diff] [blame]	571	if (nls_cp == NULL) {
				572	cifs_dbg(VFS, "%s called with nls_cp==NULL\n", __func__);
				573	return -EINVAL;
				574	}
				575
Jeff Layton	3f61822	2013-06-12 19:52:14 -0500	[diff] [blame]	576	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	577	if (!ses->domainName) {
Germano Percossi	3956644	2016-12-15 12:31:18 +0530	[diff] [blame]	578	if (ses->domainAuto) {
				579	rc = find_domain_name(ses, nls_cp);
				580	if (rc) {
				581	cifs_dbg(VFS, "error %d finding domain name\n",
				582	rc);
				583	goto setup_ntlmv2_rsp_ret;
				584	}
				585	} else {
				586	ses->domainName = kstrdup("", GFP_KERNEL);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	587	}
				588	}
				589	} else {
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	590	rc = build_avpair_blob(ses, nls_cp);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	591	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	592	cifs_dbg(VFS, "error %d building av pair blob\n", rc);
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	593	goto setup_ntlmv2_rsp_ret;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	594	}
				595	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	596
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	597	/* Must be within 5 minutes of the server (or in range +/-2h
				598	* in case of Mac OS X), so simply carry over server timestamp
				599	* (as Windows 7 does)
				600	*/
				601	rsp_timestamp = find_timestamp(ses);
				602
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	603	baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	604	tilen = ses->auth_key.len;
				605	tiblob = ses->auth_key.response;
				606
				607	ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL);
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	608	if (!ses->auth_key.response) {
Anton Protopopov	4b550af	2016-02-10 12:50:21 -0500	[diff] [blame]	609	rc = -ENOMEM;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	610	ses->auth_key.len = 0;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	611	goto setup_ntlmv2_rsp_ret;
				612	}
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	613	ses->auth_key.len += baselen;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	614
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	615	ntlmv2 = (struct ntlmv2_resp *)
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	616	(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	617	ntlmv2->blob_signature = cpu_to_le32(0x00000101);
				618	ntlmv2->reserved = 0;
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	619	ntlmv2->time = rsp_timestamp;
				620
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	621	get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
				622	ntlmv2->reserved2 = 0;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	623
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	624	memcpy(ses->auth_key.response + baselen, tiblob, tilen);
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	625
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	626	mutex_lock(&ses->server->srv_mutex);
				627
Aurelien Aptel	82fb82b	2018-02-16 19:19:27 +0100	[diff] [blame]	628	rc = cifs_alloc_hash("hmac(md5)",
				629	&ses->server->secmech.hmacmd5,
				630	&ses->server->secmech.sdeschmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	631	if (rc) {
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	632	goto unlock;
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	633	}
				634
Shirish Pargaonkar	f7c5445a	2010-10-26 18:10:24 -0500	[diff] [blame]	635	/* calculate ntlmv2_hash */
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	636	rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	637	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	638	cifs_dbg(VFS, "Could not get v2 hash rc %d\n", rc);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	639	goto unlock;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	640	}
Shirish Pargaonkar	f7c5445a	2010-10-26 18:10:24 -0500	[diff] [blame]	641
				642	/* calculate first part of the client response (CR1) */
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	643	rc = CalcNTLMv2_response(ses, ntlmv2_hash);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	644	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	645	cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	646	goto unlock;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	647	}
Steve French	b609f06	2007-07-09 07:55:14 +0000	[diff] [blame]	648
Shirish Pargaonkar	5d0d288	2010-10-13 18:15:00 -0500	[diff] [blame]	649	/* now calculate the session key for NTLMv2 */
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	650	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	651	ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	652	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	653	cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
				654	__func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	655	goto unlock;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	656	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	657
				658	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				659	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	660	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	661	goto unlock;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	662	}
				663
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	664	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	665	ntlmv2->ntlmv2_hash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	666	CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	667	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	668	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	669	goto unlock;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	670	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	671
				672	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
				673	ses->auth_key.response);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	674	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	675	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	676
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	677	unlock:
				678	mutex_unlock(&ses->server->srv_mutex);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	679	setup_ntlmv2_rsp_ret:
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	680	kfree(tiblob);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	681
				682	return rc;
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	683	}
				684
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	685	int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	686	calc_seckey(struct cifs_ses *ses)
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	687	{
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	688	unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
				689	struct arc4_ctx *ctx_arc4;
Sachin Prabhu	5f4b556	2016-10-17 16:40:22 -0400	[diff] [blame]	690
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	691	if (fips_enabled)
				692	return -ENODEV;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	693
				694	get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
				695
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	696	ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
				697	if (!ctx_arc4) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	698	cifs_dbg(VFS, "Could not allocate arc4 context\n");
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	699	return -ENOMEM;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	700	}
				701
Ronnie Sahlberg	71c0286	2021-08-19 20:34:59 +1000	[diff] [blame^]	702	cifs_arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
				703	cifs_arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
				704	CIFS_CPHTXT_SIZE);
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	705
				706	/* make secondary_key/nonce as session key */
				707	memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
				708	/* and make len as that of session key only */
				709	ses->auth_key.len = CIFS_SESS_KEY_SIZE;
				710
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	711	memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
Waiman Long	453431a	2020-08-06 23:18:13 -0700	[diff] [blame]	712	kfree_sensitive(ctx_arc4);
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	713	return 0;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	714	}
				715
				716	void
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	717	cifs_crypto_secmech_release(struct TCP_Server_Info *server)
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	718	{
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	719	if (server->secmech.cmacaes) {
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	720	crypto_free_shash(server->secmech.cmacaes);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	721	server->secmech.cmacaes = NULL;
				722	}
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	723
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	724	if (server->secmech.hmacsha256) {
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	725	crypto_free_shash(server->secmech.hmacsha256);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	726	server->secmech.hmacsha256 = NULL;
				727	}
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	728
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	729	if (server->secmech.md5) {
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	730	crypto_free_shash(server->secmech.md5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	731	server->secmech.md5 = NULL;
				732	}
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	733
Gustavo A. R. Silva	70e8065	2018-02-19 11:11:13 -0600	[diff] [blame]	734	if (server->secmech.sha512) {
Aurelien Aptel	5fcd7f3	2018-02-16 19:19:28 +0100	[diff] [blame]	735	crypto_free_shash(server->secmech.sha512);
				736	server->secmech.sha512 = NULL;
				737	}
				738
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	739	if (server->secmech.hmacmd5) {
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	740	crypto_free_shash(server->secmech.hmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	741	server->secmech.hmacmd5 = NULL;
				742	}
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	743
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	744	if (server->secmech.ccmaesencrypt) {
				745	crypto_free_aead(server->secmech.ccmaesencrypt);
				746	server->secmech.ccmaesencrypt = NULL;
				747	}
				748
				749	if (server->secmech.ccmaesdecrypt) {
				750	crypto_free_aead(server->secmech.ccmaesdecrypt);
				751	server->secmech.ccmaesdecrypt = NULL;
				752	}
				753
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	754	kfree(server->secmech.sdesccmacaes);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	755	server->secmech.sdesccmacaes = NULL;
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	756	kfree(server->secmech.sdeschmacsha256);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	757	server->secmech.sdeschmacsha256 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	758	kfree(server->secmech.sdeschmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	759	server->secmech.sdeschmacmd5 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	760	kfree(server->secmech.sdescmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	761	server->secmech.sdescmd5 = NULL;
Aurelien Aptel	5fcd7f3	2018-02-16 19:19:28 +0100	[diff] [blame]	762	kfree(server->secmech.sdescsha512);
				763	server->secmech.sdescsha512 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	764	}