[linux-2.6-block.git] / fs / cifs / smbencrypt.c

/*
   Unix SMB/Netbios implementation.
   Version 1.9.
   SMB parameters and setup
   Copyright (C) Andrew Tridgell 1992-2000
   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
   Modified by Jeremy Allison 1995.
   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   Modified by Steve French (sfrench@us.ibm.com) 2002-2003

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include <linux/module.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/string.h>
#include <linux/kernel.h>
#include <linux/random.h>
#include "cifs_fs_sb.h"
#include "cifs_unicode.h"
#include "cifspdu.h"
#include "cifsglob.h"
#include "cifs_debug.h"
#include "cifsproto.h"

#ifndef false
#define false 0
#endif
#ifndef true
#define true 1
#endif

/* following came from the other byteorder.h to avoid include conflicts */
#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))

static void
str_to_key(unsigned char *str, unsigned char *key)
{
	int i;

	key[0] = str[0] >> 1;
	key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
	key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
	key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
	key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
	key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
	key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
	key[7] = str[6] & 0x7F;
	for (i = 0; i < 8; i++)
		key[i] = (key[i] << 1);
}

static int
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{
	int rc;
	unsigned char key2[8];
	struct crypto_blkcipher *tfm_des;
	struct scatterlist sgin, sgout;
	struct blkcipher_desc desc;

	str_to_key(key, key2);

	tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm_des)) {
		rc = PTR_ERR(tfm_des);
		cifs_dbg(VFS, "could not allocate des crypto API\n");
		goto smbhash_err;
	}

	desc.tfm = tfm_des;

	crypto_blkcipher_setkey(tfm_des, key2, 8);

	sg_init_one(&sgin, in, 8);
	sg_init_one(&sgout, out, 8);

	rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, 8);
	if (rc)
		cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);

	crypto_free_blkcipher(tfm_des);
smbhash_err:
	return rc;
}

static int
E_P16(unsigned char *p14, unsigned char *p16)
{
	int rc;
	unsigned char sp8[8] =
	    { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };

	rc = smbhash(p16, sp8, p14);
	if (rc)
		return rc;
	rc = smbhash(p16 + 8, sp8, p14 + 7);
	return rc;
}

static int
E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
{
	int rc;

	rc = smbhash(p24, c8, p21);
	if (rc)
		return rc;
	rc = smbhash(p24 + 8, c8, p21 + 7);
	if (rc)
		return rc;
	rc = smbhash(p24 + 16, c8, p21 + 14);
	return rc;
}

/* produce a md4 message digest from data of length n bytes */
int
mdfour(unsigned char *md4_hash, unsigned char *link_str, int link_len)
{
	int rc;
	unsigned int size;
	struct crypto_shash *md4;
	struct sdesc *sdescmd4;

	md4 = crypto_alloc_shash("md4", 0, 0);
	if (IS_ERR(md4)) {
		rc = PTR_ERR(md4);
		cifs_dbg(VFS, "%s: Crypto md4 allocation error %d\n",
			 __func__, rc);
		return rc;
	}
	size = sizeof(struct shash_desc) + crypto_shash_descsize(md4);
	sdescmd4 = kmalloc(size, GFP_KERNEL);
	if (!sdescmd4) {
		rc = -ENOMEM;
		goto mdfour_err;
	}
	sdescmd4->shash.tfm = md4;
	sdescmd4->shash.flags = 0x0;

	rc = crypto_shash_init(&sdescmd4->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__);
		goto mdfour_err;
	}
	rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__);
		goto mdfour_err;
	}
	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
	if (rc)
		cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__);

mdfour_err:
	crypto_free_shash(md4);
	kfree(sdescmd4);

	return rc;
}

/*
   This implements the X/Open SMB password encryption
   It takes a password, a 8 byte "crypt key" and puts 24 bytes of
   encrypted password into p24 */
/* Note that password must be uppercased and null terminated */
int
SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
{
	int rc;
	unsigned char p14[14], p16[16], p21[21];

	memset(p14, '\0', 14);
	memset(p16, '\0', 16);
	memset(p21, '\0', 21);

	memcpy(p14, passwd, 14);
	rc = E_P16(p14, p16);
	if (rc)
		return rc;

	memcpy(p21, p16, 16);
	rc = E_P24(p21, c8, p24);

	return rc;
}

/*
 * Creates the MD4 Hash of the users password in NT UNICODE.
 */

int
E_md4hash(const unsigned char *passwd, unsigned char *p16,
	const struct nls_table *codepage)
{
	int rc;
	int len;
	__le16 wpwd[129];

	/* Password cannot be longer than 128 characters */
	if (passwd) /* Password must be converted to NT unicode */
		len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
	else {
		len = 0;
		*wpwd = 0; /* Ensure string is null terminated */
	}

	rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
	memset(wpwd, 0, 129 * sizeof(__le16));

	return rc;
}

/* Does the NT MD4 hash then des encryption. */
int
SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24,
		const struct nls_table *codepage)
{
	int rc;
	unsigned char p16[16], p21[21];

	memset(p16, '\0', 16);
	memset(p21, '\0', 21);

	rc = E_md4hash(passwd, p16, codepage);
	if (rc) {
		cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
			 __func__, rc);
		return rc;
	}
	memcpy(p21, p16, 16);
	rc = E_P24(p21, c8, p24);
	return rc;
}
Commit	Line	Data
790fe579	1	/*
1da177e4 LT	2	Unix SMB/Netbios implementation.
	3	Version 1.9.
	4	SMB parameters and setup
	5	Copyright (C) Andrew Tridgell 1992-2000
	6	Copyright (C) Luke Kenneth Casson Leighton 1996-2000
	7	Modified by Jeremy Allison 1995.
	8	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
	9	Modified by Steve French (sfrench@us.ibm.com) 2002-2003
50c2f753	10
1da177e4 LT	11	This program is free software; you can redistribute it and/or modify
	12	it under the terms of the GNU General Public License as published by
	13	the Free Software Foundation; either version 2 of the License, or
	14	(at your option) any later version.
50c2f753	15
1da177e4 LT	16	This program is distributed in the hope that it will be useful,
	17	but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	GNU General Public License for more details.
50c2f753	20
1da177e4 LT	21	You should have received a copy of the GNU General Public License
	22	along with this program; if not, write to the Free Software
	23	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	24	*/
	25
	26	#include <linux/module.h>
5a0e3ad6	27	#include <linux/slab.h>
1da177e4 LT	28	#include <linux/fs.h>
	29	#include <linux/string.h>
	30	#include <linux/kernel.h>
	31	#include <linux/random.h>
2baa2682	32	#include "cifs_fs_sb.h"
1da177e4 LT	33	#include "cifs_unicode.h"
1da177e4 LT	34	#include "cifspdu.h"
3979877e	35	#include "cifsglob.h"
1da177e4	36	#include "cifs_debug.h"
ee2c9258	37	#include "cifsproto.h"
1da177e4	38
4b18f2a9 SF	39	#ifndef false
4b18f2a9 SF	40	#define false 0
1da177e4	41	#endif
4b18f2a9 SF	42	#ifndef true
4b18f2a9 SF	43	#define true 1
1da177e4 LT	44	#endif
	45
	46	/* following came from the other byteorder.h to avoid include conflicts */
	47	#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
	48	#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
	49	#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))
	50
43988d76 SF	51	static void
	52	str_to_key(unsigned char str, unsigned char key)
	53	{
	54	int i;
	55
	56	key[0] = str[0] >> 1;
	57	key[1] = ((str[0] & 0x01) << 6) \| (str[1] >> 2);
	58	key[2] = ((str[1] & 0x03) << 5) \| (str[2] >> 3);
	59	key[3] = ((str[2] & 0x07) << 4) \| (str[3] >> 4);
	60	key[4] = ((str[3] & 0x0F) << 3) \| (str[4] >> 5);
	61	key[5] = ((str[4] & 0x1F) << 2) \| (str[5] >> 6);
	62	key[6] = ((str[5] & 0x3F) << 1) \| (str[6] >> 7);
	63	key[7] = str[6] & 0x7F;
	64	for (i = 0; i < 8; i++)
	65	key[i] = (key[i] << 1);
	66	}
	67
	68	static int
	69	smbhash(unsigned char out, const unsigned char in, unsigned char *key)
	70	{
	71	int rc;
	72	unsigned char key2[8];
	73	struct crypto_blkcipher *tfm_des;
	74	struct scatterlist sgin, sgout;
	75	struct blkcipher_desc desc;
	76
	77	str_to_key(key, key2);
	78
	79	tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
	80	if (IS_ERR(tfm_des)) {
	81	rc = PTR_ERR(tfm_des);
f96637be	82	cifs_dbg(VFS, "could not allocate des crypto API\n");
43988d76 SF	83	goto smbhash_err;
	84	}
	85
	86	desc.tfm = tfm_des;
	87
	88	crypto_blkcipher_setkey(tfm_des, key2, 8);
	89
	90	sg_init_one(&sgin, in, 8);
	91	sg_init_one(&sgout, out, 8);
	92
	93	rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, 8);
e4fb0edb	94	if (rc)
f96637be	95	cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);
43988d76	96
e4fb0edb	97	crypto_free_blkcipher(tfm_des);
43988d76 SF	98	smbhash_err:
	99	return rc;
	100	}
	101
	102	static int
	103	E_P16(unsigned char p14, unsigned char p16)
	104	{
	105	int rc;
	106	unsigned char sp8[8] =
	107	{ 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
	108
	109	rc = smbhash(p16, sp8, p14);
	110	if (rc)
	111	return rc;
	112	rc = smbhash(p16 + 8, sp8, p14 + 7);
	113	return rc;
	114	}
	115
	116	static int
	117	E_P24(unsigned char p21, const unsigned char c8, unsigned char *p24)
	118	{
	119	int rc;
	120
	121	rc = smbhash(p24, c8, p21);
	122	if (rc)
	123	return rc;
	124	rc = smbhash(p24 + 8, c8, p21 + 7);
	125	if (rc)
	126	return rc;
	127	rc = smbhash(p24 + 16, c8, p21 + 14);
	128	return rc;
	129	}
	130
ee2c9258 SP	131	/* produce a md4 message digest from data of length n bytes */
	132	int
	133	mdfour(unsigned char md4_hash, unsigned char link_str, int link_len)
	134	{
	135	int rc;
	136	unsigned int size;
	137	struct crypto_shash *md4;
	138	struct sdesc *sdescmd4;
	139
	140	md4 = crypto_alloc_shash("md4", 0, 0);
	141	if (IS_ERR(md4)) {
ffeb414a	142	rc = PTR_ERR(md4);
f96637be JP	143	cifs_dbg(VFS, "%s: Crypto md4 allocation error %d\n",
f96637be JP	144	__func__, rc);
ffeb414a	145	return rc;
ee2c9258 SP	146	}
	147	size = sizeof(struct shash_desc) + crypto_shash_descsize(md4);
	148	sdescmd4 = kmalloc(size, GFP_KERNEL);
	149	if (!sdescmd4) {
	150	rc = -ENOMEM;
ee2c9258 SP	151	goto mdfour_err;
	152	}
	153	sdescmd4->shash.tfm = md4;
	154	sdescmd4->shash.flags = 0x0;
	155
	156	rc = crypto_shash_init(&sdescmd4->shash);
	157	if (rc) {
f96637be	158	cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__);
ee2c9258 SP	159	goto mdfour_err;
ee2c9258 SP	160	}
14cae324 SP	161	rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len);
14cae324 SP	162	if (rc) {
f96637be	163	cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__);
14cae324 SP	164	goto mdfour_err;
14cae324 SP	165	}
ee2c9258	166	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
14cae324	167	if (rc)
f96637be	168	cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__);
1da177e4	169
ee2c9258 SP	170	mdfour_err:
	171	crypto_free_shash(md4);
	172	kfree(sdescmd4);
	173
	174	return rc;
	175	}
	176
1da177e4 LT	177	/*
1da177e4 LT	178	This implements the X/Open SMB password encryption
790fe579	179	It takes a password, a 8 byte "crypt key" and puts 24 bytes of
1da177e4 LT	180	encrypted password into p24 */
1da177e4 LT	181	/* Note that password must be uppercased and null terminated */
43988d76	182	int
4e53a3fb	183	SMBencrypt(unsigned char passwd, const unsigned char c8, unsigned char *p24)
1da177e4	184	{
43988d76 SF	185	int rc;
43988d76 SF	186	unsigned char p14[14], p16[16], p21[21];
1da177e4	187
1da177e4	188	memset(p14, '\0', 14);
43988d76 SF	189	memset(p16, '\0', 16);
43988d76 SF	190	memset(p21, '\0', 21);
1da177e4	191
43988d76 SF	192	memcpy(p14, passwd, 14);
	193	rc = E_P16(p14, p16);
	194	if (rc)
	195	return rc;
1da177e4	196
43988d76 SF	197	memcpy(p21, p16, 16);
43988d76 SF	198	rc = E_P24(p21, c8, p24);
50c2f753	199
43988d76	200	return rc;
1da177e4 LT	201	}
1da177e4 LT	202
790fe579	203	/*
1da177e4 LT	204	* Creates the MD4 Hash of the users password in NT UNICODE.
	205	*/
	206
ee2c9258	207	int
9ef5992e SP	208	E_md4hash(const unsigned char passwd, unsigned char p16,
9ef5992e SP	209	const struct nls_table *codepage)
1da177e4	210	{
ee2c9258	211	int rc;
1da177e4	212	int len;
9c32c63b	213	__le16 wpwd[129];
1da177e4 LT	214
1da177e4 LT	215	/* Password cannot be longer than 128 characters */
9ef5992e	216	if (passwd) /* Password must be converted to NT unicode */
acbbb76a	217	len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
9ef5992e	218	else {
1da177e4	219	len = 0;
9ef5992e SP	220	wpwd = 0; / Ensure string is null terminated */
9ef5992e SP	221	}
1da177e4	222
9c32c63b SF	223	rc = mdfour(p16, (unsigned char ) wpwd, len sizeof(__le16));
9c32c63b SF	224	memset(wpwd, 0, 129 * sizeof(__le16));
ee2c9258 SP	225
ee2c9258 SP	226	return rc;
1da177e4 LT	227	}
1da177e4 LT	228
1da177e4	229	/* Does the NT MD4 hash then des encryption. */
ee2c9258	230	int
9ef5992e SP	231	SMBNTencrypt(unsigned char passwd, unsigned char c8, unsigned char *p24,
9ef5992e SP	232	const struct nls_table *codepage)
1da177e4	233	{
ee2c9258	234	int rc;
43988d76	235	unsigned char p16[16], p21[21];
1da177e4	236
43988d76	237	memset(p16, '\0', 16);
1da177e4 LT	238	memset(p21, '\0', 21);
1da177e4 LT	239
9ef5992e	240	rc = E_md4hash(passwd, p16, codepage);
ee2c9258	241	if (rc) {
f96637be JP	242	cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
f96637be JP	243	__func__, rc);
ee2c9258 SP	244	return rc;
ee2c9258 SP	245	}
43988d76 SF	246	memcpy(p21, p16, 16);
43988d76 SF	247	rc = E_P24(p21, c8, p24);
ee2c9258	248	return rc;
1da177e4	249	}