Blame - fs/cifs/cifsencrypt.c - SHIFTPHONES/mainline/linux

blob: 0912d8bbbac14aa5419b6d7c91f4272ba258a09e [file] [log] [blame]

Steve French	929be90	2021-06-18 00:31:49 -0500	[diff] [blame]	1	// SPDX-License-Identifier: LGPL-2.1
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	2	/*
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	3	*
Steve French	8b7a454	2015-03-30 16:58:17 -0500	[diff] [blame]	4	* Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP
				5	* for more detailed information
				6	*
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	7	* Copyright (C) International Business Machines Corp., 2005,2013
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	8	* Author(s): Steve French (sfrench@us.ibm.com)
				9	*
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	10	*/
				11
				12	#include <linux/fs.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	13	#include <linux/slab.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	14	#include "cifspdu.h"
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	15	#include "cifsglob.h"
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	16	#include "cifs_debug.h"
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	17	#include "cifs_unicode.h"
				18	#include "cifsproto.h"
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	19	#include "ntlmssp.h"
Steve French	7c7b25b	2006-06-01 19:20:10 +0000	[diff] [blame]	20	#include <linux/ctype.h>
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	21	#include <linux/random.h>
Jeff Layton	fb308a6	2012-09-18 16:20:35 -0700	[diff] [blame]	22	#include <linux/highmem.h>
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	23	#include <linux/fips.h>
Steve French	23e91d8	2021-09-08 23:59:26 -0500	[diff] [blame]	24	#include "../smbfs_common/arc4.h"
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	25	#include <crypto/aead.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	26
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	27	int __cifs_calc_signature(struct smb_rqst *rqst,
				28	struct TCP_Server_Info server, char signature,
				29	struct shash_desc *shash)
				30	{
				31	int i;
				32	int rc;
				33	struct kvec *iov = rqst->rq_iov;
				34	int n_vec = rqst->rq_nvec;
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	35	int is_smb2 = server->vals->header_preamble_size == 0;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	36
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	37	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
				38	if (is_smb2) {
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	39	if (iov[0].iov_len <= 4)
				40	return -EIO;
				41	i = 0;
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	42	} else {
				43	if (n_vec < 2 \|\| iov[0].iov_len != 4)
				44	return -EIO;
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	45	i = 1; /* skip rfc1002 length */
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	46	}
				47
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	48	for (; i < n_vec; i++) {
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	49	if (iov[i].iov_len == 0)
				50	continue;
				51	if (iov[i].iov_base == NULL) {
				52	cifs_dbg(VFS, "null iovec entry\n");
				53	return -EIO;
				54	}
Paulo Alcantara	83ffdea	2018-06-15 15:58:00 -0300	[diff] [blame]	55
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	56	rc = crypto_shash_update(shash,
				57	iov[i].iov_base, iov[i].iov_len);
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	58	if (rc) {
				59	cifs_dbg(VFS, "%s: Could not update with payload\n",
				60	__func__);
				61	return rc;
				62	}
				63	}
				64
				65	/* now hash over the rq_pages array */
				66	for (i = 0; i < rqst->rq_npages; i++) {
Long Li	4c0d2a5	2018-05-30 12:48:03 -0700	[diff] [blame]	67	void *kaddr;
				68	unsigned int len, offset;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	69
Long Li	4c0d2a5	2018-05-30 12:48:03 -0700	[diff] [blame]	70	rqst_page_get_length(rqst, i, &len, &offset);
				71
				72	kaddr = (char *) kmap(rqst->rq_pages[i]) + offset;
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	73
Paulo Alcantara	a12d0c5	2018-06-23 14:52:25 -0300	[diff] [blame]	74	rc = crypto_shash_update(shash, kaddr, len);
				75	if (rc) {
				76	cifs_dbg(VFS, "%s: Could not update with payload\n",
				77	__func__);
				78	kunmap(rqst->rq_pages[i]);
				79	return rc;
				80	}
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	81
				82	kunmap(rqst->rq_pages[i]);
				83	}
				84
				85	rc = crypto_shash_final(shash, signature);
				86	if (rc)
				87	cifs_dbg(VFS, "%s: Could not generate hash\n", __func__);
				88
				89	return rc;
				90	}
				91
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	92	/*
				93	* Calculate and return the CIFS signature based on the mac key and SMB PDU.
				94	* The 16 byte signature must be allocated by the caller. Note we only use the
				95	* 1st eight bytes and that the smb header signature field on input contains
				96	* the sequence number before this function is called. Also, this function
				97	* should be called with the server->srv_mutex held.
				98	*/
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	99	static int cifs_calc_signature(struct smb_rqst *rqst,
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	100	struct TCP_Server_Info server, char signature)
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	101	{
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	102	int rc;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	103
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	104	if (!rqst->rq_iov \|\| !signature \|\| !server)
Steve French	e9917a0	2006-03-31 21:22:00 +0000	[diff] [blame]	105	return -EINVAL;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	106
Aurelien Aptel	82fb82b	2018-02-16 19:19:27 +0100	[diff] [blame]	107	rc = cifs_alloc_hash("md5", &server->secmech.md5,
				108	&server->secmech.sdescmd5);
				109	if (rc)
				110	return -1;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	111
				112	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
				113	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	114	cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	115	return rc;
				116	}
				117
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	118	rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	119	server->session_key.response, server->session_key.len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	120	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	121	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	122	return rc;
				123	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	124
Ronnie Sahlberg	c713c87	2018-06-12 08:00:58 +1000	[diff] [blame]	125	return __cifs_calc_signature(rqst, server, signature,
Al Viro	16c568e	2015-11-12 22:46:49 -0500	[diff] [blame]	126	&server->secmech.sdescmd5->shash);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	127	}
				128
Jeff Layton	a0f8b4f	2011-01-07 11:30:28 -0500	[diff] [blame]	129	/* must be called with server->srv_mutex held */
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	130	int cifs_sign_rqst(struct smb_rqst rqst, struct TCP_Server_Info server,
Steve French	63d2583	2007-11-05 21:46:10 +0000	[diff] [blame]	131	__u32 *pexpected_response_sequence_number)
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	132	{
				133	int rc = 0;
				134	char smb_signature[20];
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	135	struct smb_hdr cifs_pdu = (struct smb_hdr )rqst->rq_iov[0].iov_base;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	136
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	137	if (rqst->rq_iov[0].iov_len != 4 \|\|
				138	rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
				139	return -EIO;
				140
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	141	if ((cifs_pdu == NULL) \|\| (server == NULL))
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	142	return -EINVAL;
				143
Shyam Prasad N	080dc5e	2021-07-19 17:05:53 +0000	[diff] [blame]	144	spin_lock(&cifs_tcp_ses_lock);
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	145	if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) \|\|
Shyam Prasad N	080dc5e	2021-07-19 17:05:53 +0000	[diff] [blame]	146	server->tcpStatus == CifsNeedNegotiate) {
				147	spin_unlock(&cifs_tcp_ses_lock);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	148	return rc;
Shyam Prasad N	080dc5e	2021-07-19 17:05:53 +0000	[diff] [blame]	149	}
				150	spin_unlock(&cifs_tcp_ses_lock);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	151
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	152	if (!server->session_estab) {
Jeff Layton	b4dacbc	2011-10-11 06:41:32 -0400	[diff] [blame]	153	memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
Jeff Layton	998d6fc	2011-07-26 12:21:17 -0400	[diff] [blame]	154	return rc;
				155	}
				156
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	157	cifs_pdu->Signature.Sequence.SequenceNumber =
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	158	cpu_to_le32(server->sequence_number);
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	159	cifs_pdu->Signature.Sequence.Reserved = 0;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	160
Jeff Layton	0124cc4	2013-04-03 11:55:03 -0400	[diff] [blame]	161	*pexpected_response_sequence_number = ++server->sequence_number;
				162	++server->sequence_number;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	163
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	164	rc = cifs_calc_signature(rqst, server, smb_signature);
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	165	if (rc)
				166	memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
				167	else
				168	memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	169
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	170	return rc;
Steve French	84afc29	2005-12-02 13:32:45 -0800	[diff] [blame]	171	}
				172
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	173	int cifs_sign_smbv(struct kvec iov, int n_vec, struct TCP_Server_Info server,
				174	__u32 *pexpected_response_sequence)
				175	{
				176	struct smb_rqst rqst = { .rq_iov = iov,
				177	.rq_nvec = n_vec };
				178
				179	return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
				180	}
				181
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	182	/* must be called with server->srv_mutex held */
				183	int cifs_sign_smb(struct smb_hdr cifs_pdu, struct TCP_Server_Info server,
				184	__u32 *pexpected_response_sequence_number)
				185	{
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	186	struct kvec iov[2];
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	187
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	188	iov[0].iov_base = cifs_pdu;
				189	iov[0].iov_len = 4;
				190	iov[1].iov_base = (char *)cifs_pdu + 4;
				191	iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length);
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	192
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	193	return cifs_sign_smbv(iov, 2, server,
Jeff Layton	826a95e	2011-10-11 06:41:32 -0400	[diff] [blame]	194	pexpected_response_sequence_number);
				195	}
				196
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	197	int cifs_verify_signature(struct smb_rqst *rqst,
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	198	struct TCP_Server_Info *server,
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	199	__u32 expected_sequence_number)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	200	{
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	201	unsigned int rc;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	202	char server_response_sig[8];
				203	char what_we_think_sig_should_be[20];
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	204	struct smb_hdr cifs_pdu = (struct smb_hdr )rqst->rq_iov[0].iov_base;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	205
Pavel Shilovsky	738f9de	2016-11-23 15:14:57 -0800	[diff] [blame]	206	if (rqst->rq_iov[0].iov_len != 4 \|\|
				207	rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
				208	return -EIO;
				209
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	210	if (cifs_pdu == NULL \|\| server == NULL)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	211	return -EINVAL;
				212
Jeff Layton	9c4843e	2011-06-06 15:40:23 -0400	[diff] [blame]	213	if (!server->session_estab)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	214	return 0;
				215
				216	if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) {
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	217	struct smb_com_lock_req *pSMB =
Steve French	ffdd6e4	2007-06-24 21:15:44 +0000	[diff] [blame]	218	(struct smb_com_lock_req *)cifs_pdu;
Colin Ian King	5890255	2018-11-03 15:59:44 +0000	[diff] [blame]	219	if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	220	return 0;
				221	}
				222
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	223	/* BB what if signatures are supposed to be on for session but
				224	server does not send one? BB */
				225
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	226	/* Do not need to verify session setups with signature "BSRSPYL " */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	227	if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	228	cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
				229	cifs_pdu->Command);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	230
				231	/* save off the origiginal signature so we can modify the smb and check
				232	its signature against what the server sent */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	233	memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	234
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	235	cifs_pdu->Signature.Sequence.SequenceNumber =
				236	cpu_to_le32(expected_sequence_number);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	237	cifs_pdu->Signature.Sequence.Reserved = 0;
				238
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	239	mutex_lock(&server->srv_mutex);
Jeff Layton	bf5ea0e	2012-09-18 16:20:34 -0700	[diff] [blame]	240	rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
Jeff Layton	157c249	2011-04-02 07:34:30 -0400	[diff] [blame]	241	mutex_unlock(&server->srv_mutex);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	242
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	243	if (rc)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	244	return rc;
				245
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	246	/* cifs_dump_mem("what we think it should be: ",
				247	what_we_think_sig_should_be, 16); */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	248
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	249	if (memcmp(server_response_sig, what_we_think_sig_should_be, 8))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	250	return -EACCES;
				251	else
				252	return 0;
				253
				254	}
				255
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	256	/* Build a proper attribute value/target info pairs blob.
				257	* Fill in netbios and dns domain name and workstation name
				258	* and client time (total five av pairs and + one end of fields indicator.
				259	* Allocate domain name which gets freed when session struct is deallocated.
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	260	*/
				261	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	262	build_avpair_blob(struct cifs_ses ses, const struct nls_table nls_cp)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	263	{
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	264	unsigned int dlen;
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	265	unsigned int size = 2 * sizeof(struct ntlmssp2_name);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	266	char *defdmname = "WORKGROUP";
				267	unsigned char *blobptr;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	268	struct ntlmssp2_name *attrptr;
				269
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	270	if (!ses->domainName) {
				271	ses->domainName = kstrdup(defdmname, GFP_KERNEL);
				272	if (!ses->domainName)
				273	return -ENOMEM;
				274	}
				275
				276	dlen = strlen(ses->domainName);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	277
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	278	/*
				279	* The length of this blob is two times the size of a
				280	* structure (av pair) which holds name/size
				281	* ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
				282	* unicode length of a netbios domain name
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	283	*/
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	284	ses->auth_key.len = size + 2 * dlen;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	285	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
				286	if (!ses->auth_key.response) {
				287	ses->auth_key.len = 0;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	288	return -ENOMEM;
				289	}
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	290
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	291	blobptr = ses->auth_key.response;
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	292	attrptr = (struct ntlmssp2_name *) blobptr;
				293
Shirish Pargaonkar	cfbd6f8	2011-08-24 23:05:46 -0500	[diff] [blame]	294	/*
				295	* As defined in MS-NTLM 3.3.2, just this av pair field
				296	* is sufficient as part of the temp
				297	*/
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	298	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
				299	attrptr->length = cpu_to_le16(2 * dlen);
				300	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	301	cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	302
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	303	return 0;
				304	}
				305
				306	/* Server has provided av pairs/target info in the type 2 challenge
				307	* packet and we have plucked it and stored within smb session.
				308	* We parse that blob here to find netbios domain name to be used
				309	* as part of ntlmv2 authentication (in Target String), if not already
				310	* specified on the command line.
				311	* If this function returns without any error but without fetching
				312	* domain name, authentication may fail against some server but
				313	* may not fail against other (those who are not very particular
				314	* about target string i.e. for some, just user name might suffice.
				315	*/
				316	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	317	find_domain_name(struct cifs_ses ses, const struct nls_table nls_cp)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	318	{
				319	unsigned int attrsize;
				320	unsigned int type;
				321	unsigned int onesize = sizeof(struct ntlmssp2_name);
				322	unsigned char *blobptr;
				323	unsigned char *blobend;
				324	struct ntlmssp2_name *attrptr;
				325
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	326	if (!ses->auth_key.len \|\| !ses->auth_key.response)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	327	return 0;
				328
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	329	blobptr = ses->auth_key.response;
				330	blobend = blobptr + ses->auth_key.len;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	331
				332	while (blobptr + onesize < blobend) {
				333	attrptr = (struct ntlmssp2_name *) blobptr;
				334	type = le16_to_cpu(attrptr->type);
				335	if (type == NTLMSSP_AV_EOL)
				336	break;
				337	blobptr += 2; /* advance attr type */
				338	attrsize = le16_to_cpu(attrptr->length);
				339	blobptr += 2; /* advance attr size */
				340	if (blobptr + attrsize > blobend)
				341	break;
				342	if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {
Chen Gang	057d633	2013-07-19 09:01:36 +0800	[diff] [blame]	343	if (!attrsize \|\| attrsize >= CIFS_MAX_DOMAINNAME_LEN)
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	344	break;
				345	if (!ses->domainName) {
				346	ses->domainName =
				347	kmalloc(attrsize + 1, GFP_KERNEL);
				348	if (!ses->domainName)
				349	return -ENOMEM;
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	350	cifs_from_utf16(ses->domainName,
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	351	(__le16 *)blobptr, attrsize, attrsize,
Steve French	b693855	2014-09-25 13:20:05 -0500	[diff] [blame]	352	nls_cp, NO_MAP_UNI_RSVD);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	353	break;
				354	}
				355	}
				356	blobptr += attrsize; /* advance attr value */
				357	}
				358
				359	return 0;
				360	}
				361
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	362	/* Server has provided av pairs/target info in the type 2 challenge
				363	* packet and we have plucked it and stored within smb session.
				364	* We parse that blob here to find the server given timestamp
				365	* as part of ntlmv2 authentication (or local current time as
				366	* default in case of failure)
				367	*/
				368	static __le64
				369	find_timestamp(struct cifs_ses *ses)
				370	{
				371	unsigned int attrsize;
				372	unsigned int type;
				373	unsigned int onesize = sizeof(struct ntlmssp2_name);
				374	unsigned char *blobptr;
				375	unsigned char *blobend;
				376	struct ntlmssp2_name *attrptr;
Arnd Bergmann	9539020	2018-06-19 17:27:58 +0200	[diff] [blame]	377	struct timespec64 ts;
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	378
				379	if (!ses->auth_key.len \|\| !ses->auth_key.response)
				380	return 0;
				381
				382	blobptr = ses->auth_key.response;
				383	blobend = blobptr + ses->auth_key.len;
				384
				385	while (blobptr + onesize < blobend) {
				386	attrptr = (struct ntlmssp2_name *) blobptr;
				387	type = le16_to_cpu(attrptr->type);
				388	if (type == NTLMSSP_AV_EOL)
				389	break;
				390	blobptr += 2; /* advance attr type */
				391	attrsize = le16_to_cpu(attrptr->length);
				392	blobptr += 2; /* advance attr size */
				393	if (blobptr + attrsize > blobend)
				394	break;
				395	if (type == NTLMSSP_AV_TIMESTAMP) {
				396	if (attrsize == sizeof(u64))
				397	return ((__le64 )blobptr);
				398	}
				399	blobptr += attrsize; /* advance attr value */
				400	}
				401
Arnd Bergmann	9539020	2018-06-19 17:27:58 +0200	[diff] [blame]	402	ktime_get_real_ts64(&ts);
Deepa Dinamani	e37fea5	2017-05-08 15:59:16 -0700	[diff] [blame]	403	return cpu_to_le64(cifs_UnixTimeToNT(ts));
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	404	}
				405
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	406	static int calc_ntlmv2_hash(struct cifs_ses ses, char ntlmv2_hash,
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	407	const struct nls_table *nls_cp)
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	408	{
				409	int rc = 0;
				410	int len;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	411	char nt_hash[CIFS_NTHASH_SIZE];
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	412	__le16 *user;
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	413	wchar_t *domain;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	414	wchar_t *server;
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	415
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	416	if (!ses->server->secmech.sdeschmacmd5) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	417	cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	418	return -1;
				419	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	420
				421	/* calculate md4 hash of password */
Shirish Pargaonkar	9ef5992	2011-10-20 13:21:59 -0500	[diff] [blame]	422	E_md4hash(ses->password, nt_hash, nls_cp);
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	423
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	424	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	425	CIFS_NTHASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	426	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	427	cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	428	return rc;
				429	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	430
				431	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				432	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	433	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	434	return rc;
				435	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	436
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	437	/* convert ses->user_name to unicode */
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	438	len = ses->user_name ? strlen(ses->user_name) : 0;
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	439	user = kmalloc(2 + (len * 2), GFP_KERNEL);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	440	if (user == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	441	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	442	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	443	}
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	444
				445	if (len) {
Steve French	fdf96a9	2013-06-25 14:03:16 -0500	[diff] [blame]	446	len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp);
Jeff Layton	04febab	2012-01-17 16:09:15 -0500	[diff] [blame]	447	UniStrupr(user);
				448	} else {
				449	memset(user, '\0', 2);
				450	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	451
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	452	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	453	(char )user, 2 len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	454	kfree(user);
				455	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	456	cifs_dbg(VFS, "%s: Could not update with user\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	457	return rc;
				458	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	459
				460	/* convert ses->domainName to unicode and uppercase */
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	461	if (ses->domainName) {
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	462	len = strlen(ses->domainName);
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	463
Steve French	50c2f75	2007-07-13 00:33:32 +0000	[diff] [blame]	464	domain = kmalloc(2 + (len * 2), GFP_KERNEL);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	465	if (domain == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	466	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	467	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	468	}
Steve French	acbbb76	2012-01-18 22:32:33 -0600	[diff] [blame]	469	len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len,
				470	nls_cp);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	471	rc =
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	472	crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
				473	(char )domain, 2 len);
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	474	kfree(domain);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	475	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	476	cifs_dbg(VFS, "%s: Could not update with domain\n",
				477	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	478	return rc;
				479	}
Steve French	8b7a454	2015-03-30 16:58:17 -0500	[diff] [blame]	480	} else {
Steve French	b438fcf	2021-02-20 19:24:11 -0600	[diff] [blame]	481	/* We use ses->ip_addr if no domain name available */
				482	len = strlen(ses->ip_addr);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	483
				484	server = kmalloc(2 + (len * 2), GFP_KERNEL);
				485	if (server == NULL) {
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	486	rc = -ENOMEM;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	487	return rc;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	488	}
Steve French	b438fcf	2021-02-20 19:24:11 -0600	[diff] [blame]	489	len = cifs_strtoUTF16((__le16 *)server, ses->ip_addr, len,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	490	nls_cp);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	491	rc =
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	492	crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
				493	(char )server, 2 len);
				494	kfree(server);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	495	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	496	cifs_dbg(VFS, "%s: Could not update with server\n",
				497	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	498	return rc;
				499	}
Steve French	1717ffc	2006-06-08 05:41:32 +0000	[diff] [blame]	500	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	501
				502	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	503	ntlmv2_hash);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	504	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	505	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	506
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	507	return rc;
				508	}
				509
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	510	static int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	511	CalcNTLMv2_response(const struct cifs_ses ses, char ntlmv2_hash)
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	512	{
				513	int rc;
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	514	struct ntlmv2_resp ntlmv2 = (struct ntlmv2_resp )
				515	(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
				516	unsigned int hash_len;
				517
				518	/* The MD5 hash starts at challenge_key.key */
				519	hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE +
				520	offsetof(struct ntlmv2_resp, challenge.key[0]));
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	521
				522	if (!ses->server->secmech.sdeschmacmd5) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	523	cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	524	return -1;
				525	}
				526
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	527	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	528	ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	529	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	530	cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
				531	__func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	532	return rc;
				533	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	534
				535	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				536	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	537	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	538	return rc;
				539	}
				540
Jeff Layton	3f61822	2013-06-12 19:52:14 -0500	[diff] [blame]	541	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED)
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	542	memcpy(ntlmv2->challenge.key,
				543	ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
Shirish Pargaonkar	d3ba50b	2010-10-27 15:20:36 -0500	[diff] [blame]	544	else
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	545	memcpy(ntlmv2->challenge.key,
				546	ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	547	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	548	ntlmv2->challenge.key, hash_len);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	549	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	550	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	551	return rc;
				552	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	553
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	554	/* Note that the MD5 digest over writes anon.challenge_key.key */
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	555	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	556	ntlmv2->ntlmv2_hash);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	557	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	558	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	559
				560	return rc;
				561	}
				562
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	563	int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	564	setup_ntlmv2_rsp(struct cifs_ses ses, const struct nls_table nls_cp)
Steve French	9fbc590	2010-08-20 20:42:26 +0000	[diff] [blame]	565	{
Steve French	c8e56f1	2010-09-08 21:10:58 +0000	[diff] [blame]	566	int rc;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	567	int baselen;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	568	unsigned int tilen;
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	569	struct ntlmv2_resp *ntlmv2;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	570	char ntlmv2_hash[16];
				571	unsigned char tiblob = NULL; / target info blob */
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	572	__le64 rsp_timestamp;
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	573
Ronnie Sahlberg	24e0a1e	2020-12-10 00:06:02 -0600	[diff] [blame]	574	if (nls_cp == NULL) {
				575	cifs_dbg(VFS, "%s called with nls_cp==NULL\n", __func__);
				576	return -EINVAL;
				577	}
				578
Jeff Layton	3f61822	2013-06-12 19:52:14 -0500	[diff] [blame]	579	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	580	if (!ses->domainName) {
Germano Percossi	3956644	2016-12-15 12:31:18 +0530	[diff] [blame]	581	if (ses->domainAuto) {
				582	rc = find_domain_name(ses, nls_cp);
				583	if (rc) {
				584	cifs_dbg(VFS, "error %d finding domain name\n",
				585	rc);
				586	goto setup_ntlmv2_rsp_ret;
				587	}
				588	} else {
				589	ses->domainName = kstrdup("", GFP_KERNEL);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	590	}
				591	}
				592	} else {
Shirish Pargaonkar	9daa42e	2010-10-10 13:21:05 -0500	[diff] [blame]	593	rc = build_avpair_blob(ses, nls_cp);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	594	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	595	cifs_dbg(VFS, "error %d building av pair blob\n", rc);
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	596	goto setup_ntlmv2_rsp_ret;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	597	}
				598	}
Steve French	a8ee034	2006-06-05 23:34:19 +0000	[diff] [blame]	599
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	600	/* Must be within 5 minutes of the server (or in range +/-2h
				601	* in case of Mac OS X), so simply carry over server timestamp
				602	* (as Windows 7 does)
				603	*/
				604	rsp_timestamp = find_timestamp(ses);
				605
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	606	baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	607	tilen = ses->auth_key.len;
				608	tiblob = ses->auth_key.response;
				609
				610	ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL);
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	611	if (!ses->auth_key.response) {
Anton Protopopov	4b550af	2016-02-10 12:50:21 -0500	[diff] [blame]	612	rc = -ENOMEM;
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	613	ses->auth_key.len = 0;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	614	goto setup_ntlmv2_rsp_ret;
				615	}
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	616	ses->auth_key.len += baselen;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	617
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	618	ntlmv2 = (struct ntlmv2_resp *)
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	619	(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	620	ntlmv2->blob_signature = cpu_to_le32(0x00000101);
				621	ntlmv2->reserved = 0;
Peter Seiderer	98ce94c	2015-09-17 21:40:12 +0200	[diff] [blame]	622	ntlmv2->time = rsp_timestamp;
				623
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	624	get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
				625	ntlmv2->reserved2 = 0;
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	626
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	627	memcpy(ses->auth_key.response + baselen, tiblob, tilen);
Shirish Pargaonkar	21e7339	2010-10-21 06:42:55 -0500	[diff] [blame]	628
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	629	mutex_lock(&ses->server->srv_mutex);
				630
Aurelien Aptel	82fb82b	2018-02-16 19:19:27 +0100	[diff] [blame]	631	rc = cifs_alloc_hash("hmac(md5)",
				632	&ses->server->secmech.hmacmd5,
				633	&ses->server->secmech.sdeschmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	634	if (rc) {
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	635	goto unlock;
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	636	}
				637
Shirish Pargaonkar	f7c5445a	2010-10-26 18:10:24 -0500	[diff] [blame]	638	/* calculate ntlmv2_hash */
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	639	rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	640	if (rc) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	641	cifs_dbg(VFS, "Could not get v2 hash rc %d\n", rc);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	642	goto unlock;
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	643	}
Shirish Pargaonkar	f7c5445a	2010-10-26 18:10:24 -0500	[diff] [blame]	644
				645	/* calculate first part of the client response (CR1) */
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	646	rc = CalcNTLMv2_response(ses, ntlmv2_hash);
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	647	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	648	cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	649	goto unlock;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	650	}
Steve French	b609f06	2007-07-09 07:55:14 +0000	[diff] [blame]	651
Shirish Pargaonkar	5d0d288	2010-10-13 18:15:00 -0500	[diff] [blame]	652	/* now calculate the session key for NTLMv2 */
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	653	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	654	ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	655	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	656	cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
				657	__func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	658	goto unlock;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	659	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	660
				661	rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
				662	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	663	cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	664	goto unlock;
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	665	}
				666
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	667	rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
Tim Gardner	2c957dd	2013-11-07 16:40:57 -0700	[diff] [blame]	668	ntlmv2->ntlmv2_hash,
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	669	CIFS_HMAC_MD5_HASH_SIZE);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	670	if (rc) {
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	671	cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	672	goto unlock;
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	673	}
Shirish Pargaonkar	307fbd3	2010-10-21 14:25:17 -0500	[diff] [blame]	674
				675	rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
				676	ses->auth_key.response);
Shirish Pargaonkar	14cae32	2011-06-20 16:14:03 -0500	[diff] [blame]	677	if (rc)
Joe Perches	f96637b	2013-05-04 22:12:25 -0500	[diff] [blame]	678	cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	679
Rabin Vincent	bd975d1	2016-07-19 09:26:21 +0200	[diff] [blame]	680	unlock:
				681	mutex_unlock(&ses->server->srv_mutex);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	682	setup_ntlmv2_rsp_ret:
Shirish Pargaonkar	d3686d5	2010-10-28 09:53:07 -0500	[diff] [blame]	683	kfree(tiblob);
Shirish Pargaonkar	2b149f1	2010-09-18 22:02:18 -0500	[diff] [blame]	684
				685	return rc;
Steve French	6d027cf	2006-06-05 16:26:05 +0000	[diff] [blame]	686	}
				687
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	688	int
Steve French	96daf2b	2011-05-27 04:34:02 +0000	[diff] [blame]	689	calc_seckey(struct cifs_ses *ses)
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	690	{
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	691	unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
				692	struct arc4_ctx *ctx_arc4;
Sachin Prabhu	5f4b556	2016-10-17 16:40:22 -0400	[diff] [blame]	693
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	694	if (fips_enabled)
				695	return -ENODEV;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	696
				697	get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
				698
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	699	ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
				700	if (!ctx_arc4) {
Joe Perches	a0a3036	2020-04-14 22:42:53 -0700	[diff] [blame]	701	cifs_dbg(VFS, "Could not allocate arc4 context\n");
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	702	return -ENOMEM;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	703	}
				704
Ronnie Sahlberg	71c0286	2021-08-19 20:34:59 +1000	[diff] [blame]	705	cifs_arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
				706	cifs_arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
				707	CIFS_CPHTXT_SIZE);
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	708
				709	/* make secondary_key/nonce as session key */
				710	memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
				711	/* and make len as that of session key only */
				712	ses->auth_key.len = CIFS_SESS_KEY_SIZE;
				713
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	714	memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
Waiman Long	453431a	2020-08-06 23:18:13 -0700	[diff] [blame]	715	kfree_sensitive(ctx_arc4);
Ard Biesheuvel	97a5fee	2019-06-12 18:19:59 +0200	[diff] [blame]	716	return 0;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	717	}
				718
				719	void
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	720	cifs_crypto_secmech_release(struct TCP_Server_Info *server)
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	721	{
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	722	if (server->secmech.cmacaes) {
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	723	crypto_free_shash(server->secmech.cmacaes);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	724	server->secmech.cmacaes = NULL;
				725	}
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	726
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	727	if (server->secmech.hmacsha256) {
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	728	crypto_free_shash(server->secmech.hmacsha256);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	729	server->secmech.hmacsha256 = NULL;
				730	}
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	731
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	732	if (server->secmech.md5) {
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	733	crypto_free_shash(server->secmech.md5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	734	server->secmech.md5 = NULL;
				735	}
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	736
Gustavo A. R. Silva	70e8065	2018-02-19 11:11:13 -0600	[diff] [blame]	737	if (server->secmech.sha512) {
Aurelien Aptel	5fcd7f3	2018-02-16 19:19:28 +0100	[diff] [blame]	738	crypto_free_shash(server->secmech.sha512);
				739	server->secmech.sha512 = NULL;
				740	}
				741
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	742	if (server->secmech.hmacmd5) {
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	743	crypto_free_shash(server->secmech.hmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	744	server->secmech.hmacmd5 = NULL;
				745	}
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	746
Pavel Shilovsky	026e93d	2016-11-03 16:47:37 -0700	[diff] [blame]	747	if (server->secmech.ccmaesencrypt) {
				748	crypto_free_aead(server->secmech.ccmaesencrypt);
				749	server->secmech.ccmaesencrypt = NULL;
				750	}
				751
				752	if (server->secmech.ccmaesdecrypt) {
				753	crypto_free_aead(server->secmech.ccmaesdecrypt);
				754	server->secmech.ccmaesdecrypt = NULL;
				755	}
				756
Steve French	429b46f	2013-06-26 23:45:05 -0500	[diff] [blame]	757	kfree(server->secmech.sdesccmacaes);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	758	server->secmech.sdesccmacaes = NULL;
Pavel Shilovsky	3c1bf7e	2012-09-18 16:20:30 -0700	[diff] [blame]	759	kfree(server->secmech.sdeschmacsha256);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	760	server->secmech.sdeschmacsha256 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	761	kfree(server->secmech.sdeschmacmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	762	server->secmech.sdeschmacmd5 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	763	kfree(server->secmech.sdescmd5);
Steve French	95dc8dd	2013-07-04 10:35:21 -0500	[diff] [blame]	764	server->secmech.sdescmd5 = NULL;
Aurelien Aptel	5fcd7f3	2018-02-16 19:19:28 +0100	[diff] [blame]	765	kfree(server->secmech.sdescsha512);
				766	server->secmech.sdescsha512 = NULL;
Shirish Pargaonkar	d2b9152	2010-10-21 14:25:08 -0500	[diff] [blame]	767	}