[linux-2.6-block.git] / fs / cifs / smbencrypt.c

/*
   Unix SMB/Netbios implementation.
   Version 1.9.
   SMB parameters and setup
   Copyright (C) Andrew Tridgell 1992-2000
   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
   Modified by Jeremy Allison 1995.
   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   Modified by Steve French (sfrench@us.ibm.com) 2002-2003

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include <linux/crypto.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/string.h>
#include <linux/kernel.h>
#include <linux/random.h>
#include "cifs_fs_sb.h"
#include "cifs_unicode.h"
#include "cifspdu.h"
#include "cifsglob.h"
#include "cifs_debug.h"
#include "cifsproto.h"

#ifndef false
#define false 0
#endif
#ifndef true
#define true 1
#endif

/* following came from the other byteorder.h to avoid include conflicts */
#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))

static void
str_to_key(unsigned char *str, unsigned char *key)
{
	int i;

	key[0] = str[0] >> 1;
	key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
	key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
	key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
	key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
	key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
	key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
	key[7] = str[6] & 0x7F;
	for (i = 0; i < 8; i++)
		key[i] = (key[i] << 1);
}

static int
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{
	unsigned char key2[8];
	struct crypto_cipher *tfm_des;

	str_to_key(key, key2);

	tfm_des = crypto_alloc_cipher("des", 0, 0);
	if (IS_ERR(tfm_des)) {
		cifs_dbg(VFS, "could not allocate des crypto API\n");
		return PTR_ERR(tfm_des);
	}

	crypto_cipher_setkey(tfm_des, key2, 8);
	crypto_cipher_encrypt_one(tfm_des, out, in);
	crypto_free_cipher(tfm_des);

	return 0;
}

static int
E_P16(unsigned char *p14, unsigned char *p16)
{
	int rc;
	unsigned char sp8[8] =
	    { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };

	rc = smbhash(p16, sp8, p14);
	if (rc)
		return rc;
	rc = smbhash(p16 + 8, sp8, p14 + 7);
	return rc;
}

static int
E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
{
	int rc;

	rc = smbhash(p24, c8, p21);
	if (rc)
		return rc;
	rc = smbhash(p24 + 8, c8, p21 + 7);
	if (rc)
		return rc;
	rc = smbhash(p24 + 16, c8, p21 + 14);
	return rc;
}

/* produce a md4 message digest from data of length n bytes */
int
mdfour(unsigned char *md4_hash, unsigned char *link_str, int link_len)
{
	int rc;
	struct crypto_shash *md4 = NULL;
	struct sdesc *sdescmd4 = NULL;

	rc = cifs_alloc_hash("md4", &md4, &sdescmd4);
	if (rc)
		goto mdfour_err;

	rc = crypto_shash_init(&sdescmd4->shash);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__);
		goto mdfour_err;
	}
	rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len);
	if (rc) {
		cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__);
		goto mdfour_err;
	}
	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
	if (rc)
		cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__);

mdfour_err:
	cifs_free_hash(&md4, &sdescmd4);
	return rc;
}

/*
   This implements the X/Open SMB password encryption
   It takes a password, a 8 byte "crypt key" and puts 24 bytes of
   encrypted password into p24 */
/* Note that password must be uppercased and null terminated */
int
SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
{
	int rc;
	unsigned char p14[14], p16[16], p21[21];

	memset(p14, '\0', 14);
	memset(p16, '\0', 16);
	memset(p21, '\0', 21);

	memcpy(p14, passwd, 14);
	rc = E_P16(p14, p16);
	if (rc)
		return rc;

	memcpy(p21, p16, 16);
	rc = E_P24(p21, c8, p24);

	return rc;
}

/*
 * Creates the MD4 Hash of the users password in NT UNICODE.
 */

int
E_md4hash(const unsigned char *passwd, unsigned char *p16,
	const struct nls_table *codepage)
{
	int rc;
	int len;
	__le16 wpwd[129];

	/* Password cannot be longer than 128 characters */
	if (passwd) /* Password must be converted to NT unicode */
		len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
	else {
		len = 0;
		*wpwd = 0; /* Ensure string is null terminated */
	}

	rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
	memzero_explicit(wpwd, sizeof(wpwd));

	return rc;
}

/* Does the NT MD4 hash then des encryption. */
int
SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24,
		const struct nls_table *codepage)
{
	int rc;
	unsigned char p16[16], p21[21];

	memset(p16, '\0', 16);
	memset(p21, '\0', 21);

	rc = E_md4hash(passwd, p16, codepage);
	if (rc) {
		cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
			 __func__, rc);
		return rc;
	}
	memcpy(p21, p16, 16);
	rc = E_P24(p21, c8, p24);
	return rc;
}
Commit	Line	Data
790fe579	1	/*
1da177e4 LT	2	Unix SMB/Netbios implementation.
	3	Version 1.9.
	4	SMB parameters and setup
	5	Copyright (C) Andrew Tridgell 1992-2000
	6	Copyright (C) Luke Kenneth Casson Leighton 1996-2000
	7	Modified by Jeremy Allison 1995.
	8	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
	9	Modified by Steve French (sfrench@us.ibm.com) 2002-2003
50c2f753	10
1da177e4 LT	11	This program is free software; you can redistribute it and/or modify
	12	it under the terms of the GNU General Public License as published by
	13	the Free Software Foundation; either version 2 of the License, or
	14	(at your option) any later version.
50c2f753	15
1da177e4 LT	16	This program is distributed in the hope that it will be useful,
	17	but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	GNU General Public License for more details.
50c2f753	20
1da177e4 LT	21	You should have received a copy of the GNU General Public License
	22	along with this program; if not, write to the Free Software
	23	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	24	*/
	25
06deeec7	26	#include <linux/crypto.h>
1da177e4	27	#include <linux/module.h>
5a0e3ad6	28	#include <linux/slab.h>
1da177e4 LT	29	#include <linux/fs.h>
	30	#include <linux/string.h>
	31	#include <linux/kernel.h>
	32	#include <linux/random.h>
2baa2682	33	#include "cifs_fs_sb.h"
1da177e4 LT	34	#include "cifs_unicode.h"
1da177e4 LT	35	#include "cifspdu.h"
3979877e	36	#include "cifsglob.h"
1da177e4	37	#include "cifs_debug.h"
ee2c9258	38	#include "cifsproto.h"
1da177e4	39
4b18f2a9 SF	40	#ifndef false
4b18f2a9 SF	41	#define false 0
1da177e4	42	#endif
4b18f2a9 SF	43	#ifndef true
4b18f2a9 SF	44	#define true 1
1da177e4 LT	45	#endif
	46
	47	/* following came from the other byteorder.h to avoid include conflicts */
	48	#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
	49	#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
	50	#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))
	51
43988d76 SF	52	static void
	53	str_to_key(unsigned char str, unsigned char key)
	54	{
	55	int i;
	56
	57	key[0] = str[0] >> 1;
	58	key[1] = ((str[0] & 0x01) << 6) \| (str[1] >> 2);
	59	key[2] = ((str[1] & 0x03) << 5) \| (str[2] >> 3);
	60	key[3] = ((str[2] & 0x07) << 4) \| (str[3] >> 4);
	61	key[4] = ((str[3] & 0x0F) << 3) \| (str[4] >> 5);
	62	key[5] = ((str[4] & 0x1F) << 2) \| (str[5] >> 6);
	63	key[6] = ((str[5] & 0x3F) << 1) \| (str[6] >> 7);
	64	key[7] = str[6] & 0x7F;
	65	for (i = 0; i < 8; i++)
	66	key[i] = (key[i] << 1);
	67	}
	68
	69	static int
	70	smbhash(unsigned char out, const unsigned char in, unsigned char *key)
	71	{
43988d76	72	unsigned char key2[8];
06deeec7	73	struct crypto_cipher *tfm_des;
43988d76 SF	74
	75	str_to_key(key, key2);
	76
06deeec7	77	tfm_des = crypto_alloc_cipher("des", 0, 0);
43988d76	78	if (IS_ERR(tfm_des)) {
9651ddba	79	cifs_dbg(VFS, "could not allocate des crypto API\n");
06deeec7	80	return PTR_ERR(tfm_des);
9651ddba	81	}
43988d76	82
06deeec7 AL	83	crypto_cipher_setkey(tfm_des, key2, 8);
	84	crypto_cipher_encrypt_one(tfm_des, out, in);
	85	crypto_free_cipher(tfm_des);
9651ddba	86
06deeec7	87	return 0;
43988d76 SF	88	}
	89
	90	static int
	91	E_P16(unsigned char p14, unsigned char p16)
	92	{
	93	int rc;
	94	unsigned char sp8[8] =
	95	{ 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
	96
	97	rc = smbhash(p16, sp8, p14);
	98	if (rc)
	99	return rc;
	100	rc = smbhash(p16 + 8, sp8, p14 + 7);
	101	return rc;
	102	}
	103
	104	static int
	105	E_P24(unsigned char p21, const unsigned char c8, unsigned char *p24)
	106	{
	107	int rc;
	108
	109	rc = smbhash(p24, c8, p21);
	110	if (rc)
	111	return rc;
	112	rc = smbhash(p24 + 8, c8, p21 + 7);
	113	if (rc)
	114	return rc;
	115	rc = smbhash(p24 + 16, c8, p21 + 14);
	116	return rc;
	117	}
	118
ee2c9258 SP	119	/* produce a md4 message digest from data of length n bytes */
	120	int
	121	mdfour(unsigned char md4_hash, unsigned char link_str, int link_len)
	122	{
	123	int rc;
82fb82be AA	124	struct crypto_shash *md4 = NULL;
	125	struct sdesc *sdescmd4 = NULL;
	126
	127	rc = cifs_alloc_hash("md4", &md4, &sdescmd4);
	128	if (rc)
ee2c9258	129	goto mdfour_err;
ee2c9258 SP	130
	131	rc = crypto_shash_init(&sdescmd4->shash);
	132	if (rc) {
f96637be	133	cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__);
ee2c9258 SP	134	goto mdfour_err;
ee2c9258 SP	135	}
14cae324 SP	136	rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len);
14cae324 SP	137	if (rc) {
f96637be	138	cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__);
14cae324 SP	139	goto mdfour_err;
14cae324 SP	140	}
ee2c9258	141	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
14cae324	142	if (rc)
f96637be	143	cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__);
1da177e4	144
ee2c9258	145	mdfour_err:
82fb82be	146	cifs_free_hash(&md4, &sdescmd4);
ee2c9258 SP	147	return rc;
	148	}
	149
1da177e4 LT	150	/*
1da177e4 LT	151	This implements the X/Open SMB password encryption
790fe579	152	It takes a password, a 8 byte "crypt key" and puts 24 bytes of
1da177e4 LT	153	encrypted password into p24 */
1da177e4 LT	154	/* Note that password must be uppercased and null terminated */
43988d76	155	int
4e53a3fb	156	SMBencrypt(unsigned char passwd, const unsigned char c8, unsigned char *p24)
1da177e4	157	{
43988d76 SF	158	int rc;
43988d76 SF	159	unsigned char p14[14], p16[16], p21[21];
1da177e4	160
1da177e4	161	memset(p14, '\0', 14);
43988d76 SF	162	memset(p16, '\0', 16);
43988d76 SF	163	memset(p21, '\0', 21);
1da177e4	164
43988d76 SF	165	memcpy(p14, passwd, 14);
	166	rc = E_P16(p14, p16);
	167	if (rc)
	168	return rc;
1da177e4	169
43988d76 SF	170	memcpy(p21, p16, 16);
43988d76 SF	171	rc = E_P24(p21, c8, p24);
50c2f753	172
43988d76	173	return rc;
1da177e4 LT	174	}
1da177e4 LT	175
790fe579	176	/*
1da177e4 LT	177	* Creates the MD4 Hash of the users password in NT UNICODE.
	178	*/
	179
ee2c9258	180	int
9ef5992e SP	181	E_md4hash(const unsigned char passwd, unsigned char p16,
9ef5992e SP	182	const struct nls_table *codepage)
1da177e4	183	{
ee2c9258	184	int rc;
1da177e4	185	int len;
9c32c63b	186	__le16 wpwd[129];
1da177e4 LT	187
1da177e4 LT	188	/* Password cannot be longer than 128 characters */
9ef5992e	189	if (passwd) /* Password must be converted to NT unicode */
acbbb76a	190	len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
9ef5992e	191	else {
1da177e4	192	len = 0;
9ef5992e SP	193	wpwd = 0; / Ensure string is null terminated */
9ef5992e SP	194	}
1da177e4	195
9c32c63b	196	rc = mdfour(p16, (unsigned char ) wpwd, len sizeof(__le16));
f99dbfa4	197	memzero_explicit(wpwd, sizeof(wpwd));
ee2c9258 SP	198
ee2c9258 SP	199	return rc;
1da177e4 LT	200	}
1da177e4 LT	201
1da177e4	202	/* Does the NT MD4 hash then des encryption. */
ee2c9258	203	int
9ef5992e SP	204	SMBNTencrypt(unsigned char passwd, unsigned char c8, unsigned char *p24,
9ef5992e SP	205	const struct nls_table *codepage)
1da177e4	206	{
ee2c9258	207	int rc;
43988d76	208	unsigned char p16[16], p21[21];
1da177e4	209
43988d76	210	memset(p16, '\0', 16);
1da177e4 LT	211	memset(p21, '\0', 21);
1da177e4 LT	212
9ef5992e	213	rc = E_md4hash(passwd, p16, codepage);
ee2c9258	214	if (rc) {
f96637be JP	215	cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
f96637be JP	216	__func__, rc);
ee2c9258 SP	217	return rc;
ee2c9258 SP	218	}
43988d76 SF	219	memcpy(p21, p16, 16);
43988d76 SF	220	rc = E_P24(p21, c8, p24);
ee2c9258	221	return rc;
1da177e4	222	}