| 1 | /* |
| 2 | * fs/cifs/cifsencrypt.c |
| 3 | * |
| 4 | * Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP |
| 5 | * for more detailed information |
| 6 | * |
| 7 | * Copyright (C) International Business Machines Corp., 2005,2013 |
| 8 | * Author(s): Steve French (sfrench@us.ibm.com) |
| 9 | * |
| 10 | * This library is free software; you can redistribute it and/or modify |
| 11 | * it under the terms of the GNU Lesser General Public License as published |
| 12 | * by the Free Software Foundation; either version 2.1 of the License, or |
| 13 | * (at your option) any later version. |
| 14 | * |
| 15 | * This library is distributed in the hope that it will be useful, |
| 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| 18 | * the GNU Lesser General Public License for more details. |
| 19 | * |
| 20 | * You should have received a copy of the GNU Lesser General Public License |
| 21 | * along with this library; if not, write to the Free Software |
| 22 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 23 | */ |
| 24 | |
| 25 | #include <linux/fs.h> |
| 26 | #include <linux/slab.h> |
| 27 | #include "cifspdu.h" |
| 28 | #include "cifsglob.h" |
| 29 | #include "cifs_debug.h" |
| 30 | #include "cifs_unicode.h" |
| 31 | #include "cifsproto.h" |
| 32 | #include "ntlmssp.h" |
| 33 | #include <linux/ctype.h> |
| 34 | #include <linux/random.h> |
| 35 | #include <linux/highmem.h> |
| 36 | |
| 37 | static int |
| 38 | cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server) |
| 39 | { |
| 40 | int rc; |
| 41 | unsigned int size; |
| 42 | |
| 43 | if (server->secmech.sdescmd5 != NULL) |
| 44 | return 0; /* already allocated */ |
| 45 | |
| 46 | server->secmech.md5 = crypto_alloc_shash("md5", 0, 0); |
| 47 | if (IS_ERR(server->secmech.md5)) { |
| 48 | cifs_dbg(VFS, "could not allocate crypto md5\n"); |
| 49 | rc = PTR_ERR(server->secmech.md5); |
| 50 | server->secmech.md5 = NULL; |
| 51 | return rc; |
| 52 | } |
| 53 | |
| 54 | size = sizeof(struct shash_desc) + |
| 55 | crypto_shash_descsize(server->secmech.md5); |
| 56 | server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL); |
| 57 | if (!server->secmech.sdescmd5) { |
| 58 | crypto_free_shash(server->secmech.md5); |
| 59 | server->secmech.md5 = NULL; |
| 60 | return -ENOMEM; |
| 61 | } |
| 62 | server->secmech.sdescmd5->shash.tfm = server->secmech.md5; |
| 63 | server->secmech.sdescmd5->shash.flags = 0x0; |
| 64 | |
| 65 | return 0; |
| 66 | } |
| 67 | |
| 68 | /* |
| 69 | * Calculate and return the CIFS signature based on the mac key and SMB PDU. |
| 70 | * The 16 byte signature must be allocated by the caller. Note we only use the |
| 71 | * 1st eight bytes and that the smb header signature field on input contains |
| 72 | * the sequence number before this function is called. Also, this function |
| 73 | * should be called with the server->srv_mutex held. |
| 74 | */ |
| 75 | static int cifs_calc_signature(struct smb_rqst *rqst, |
| 76 | struct TCP_Server_Info *server, char *signature) |
| 77 | { |
| 78 | int i; |
| 79 | int rc; |
| 80 | struct kvec *iov = rqst->rq_iov; |
| 81 | int n_vec = rqst->rq_nvec; |
| 82 | |
| 83 | if (iov == NULL || signature == NULL || server == NULL) |
| 84 | return -EINVAL; |
| 85 | |
| 86 | if (!server->secmech.sdescmd5) { |
| 87 | rc = cifs_crypto_shash_md5_allocate(server); |
| 88 | if (rc) { |
| 89 | cifs_dbg(VFS, "%s: Can't alloc md5 crypto\n", __func__); |
| 90 | return -1; |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | rc = crypto_shash_init(&server->secmech.sdescmd5->shash); |
| 95 | if (rc) { |
| 96 | cifs_dbg(VFS, "%s: Could not init md5\n", __func__); |
| 97 | return rc; |
| 98 | } |
| 99 | |
| 100 | rc = crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 101 | server->session_key.response, server->session_key.len); |
| 102 | if (rc) { |
| 103 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |
| 104 | return rc; |
| 105 | } |
| 106 | |
| 107 | for (i = 0; i < n_vec; i++) { |
| 108 | if (iov[i].iov_len == 0) |
| 109 | continue; |
| 110 | if (iov[i].iov_base == NULL) { |
| 111 | cifs_dbg(VFS, "null iovec entry\n"); |
| 112 | return -EIO; |
| 113 | } |
| 114 | /* The first entry includes a length field (which does not get |
| 115 | signed that occupies the first 4 bytes before the header */ |
| 116 | if (i == 0) { |
| 117 | if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ |
| 118 | break; /* nothing to sign or corrupt header */ |
| 119 | rc = |
| 120 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 121 | iov[i].iov_base + 4, iov[i].iov_len - 4); |
| 122 | } else { |
| 123 | rc = |
| 124 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 125 | iov[i].iov_base, iov[i].iov_len); |
| 126 | } |
| 127 | if (rc) { |
| 128 | cifs_dbg(VFS, "%s: Could not update with payload\n", |
| 129 | __func__); |
| 130 | return rc; |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | /* now hash over the rq_pages array */ |
| 135 | for (i = 0; i < rqst->rq_npages; i++) { |
| 136 | struct kvec p_iov; |
| 137 | |
| 138 | cifs_rqst_page_to_kvec(rqst, i, &p_iov); |
| 139 | crypto_shash_update(&server->secmech.sdescmd5->shash, |
| 140 | p_iov.iov_base, p_iov.iov_len); |
| 141 | kunmap(rqst->rq_pages[i]); |
| 142 | } |
| 143 | |
| 144 | rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); |
| 145 | if (rc) |
| 146 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); |
| 147 | |
| 148 | return rc; |
| 149 | } |
| 150 | |
| 151 | /* must be called with server->srv_mutex held */ |
| 152 | int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server, |
| 153 | __u32 *pexpected_response_sequence_number) |
| 154 | { |
| 155 | int rc = 0; |
| 156 | char smb_signature[20]; |
| 157 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; |
| 158 | |
| 159 | if ((cifs_pdu == NULL) || (server == NULL)) |
| 160 | return -EINVAL; |
| 161 | |
| 162 | if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || |
| 163 | server->tcpStatus == CifsNeedNegotiate) |
| 164 | return rc; |
| 165 | |
| 166 | if (!server->session_estab) { |
| 167 | memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); |
| 168 | return rc; |
| 169 | } |
| 170 | |
| 171 | cifs_pdu->Signature.Sequence.SequenceNumber = |
| 172 | cpu_to_le32(server->sequence_number); |
| 173 | cifs_pdu->Signature.Sequence.Reserved = 0; |
| 174 | |
| 175 | *pexpected_response_sequence_number = ++server->sequence_number; |
| 176 | ++server->sequence_number; |
| 177 | |
| 178 | rc = cifs_calc_signature(rqst, server, smb_signature); |
| 179 | if (rc) |
| 180 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
| 181 | else |
| 182 | memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); |
| 183 | |
| 184 | return rc; |
| 185 | } |
| 186 | |
| 187 | int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, |
| 188 | __u32 *pexpected_response_sequence) |
| 189 | { |
| 190 | struct smb_rqst rqst = { .rq_iov = iov, |
| 191 | .rq_nvec = n_vec }; |
| 192 | |
| 193 | return cifs_sign_rqst(&rqst, server, pexpected_response_sequence); |
| 194 | } |
| 195 | |
| 196 | /* must be called with server->srv_mutex held */ |
| 197 | int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, |
| 198 | __u32 *pexpected_response_sequence_number) |
| 199 | { |
| 200 | struct kvec iov; |
| 201 | |
| 202 | iov.iov_base = cifs_pdu; |
| 203 | iov.iov_len = be32_to_cpu(cifs_pdu->smb_buf_length) + 4; |
| 204 | |
| 205 | return cifs_sign_smbv(&iov, 1, server, |
| 206 | pexpected_response_sequence_number); |
| 207 | } |
| 208 | |
| 209 | int cifs_verify_signature(struct smb_rqst *rqst, |
| 210 | struct TCP_Server_Info *server, |
| 211 | __u32 expected_sequence_number) |
| 212 | { |
| 213 | unsigned int rc; |
| 214 | char server_response_sig[8]; |
| 215 | char what_we_think_sig_should_be[20]; |
| 216 | struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; |
| 217 | |
| 218 | if (cifs_pdu == NULL || server == NULL) |
| 219 | return -EINVAL; |
| 220 | |
| 221 | if (!server->session_estab) |
| 222 | return 0; |
| 223 | |
| 224 | if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) { |
| 225 | struct smb_com_lock_req *pSMB = |
| 226 | (struct smb_com_lock_req *)cifs_pdu; |
| 227 | if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE) |
| 228 | return 0; |
| 229 | } |
| 230 | |
| 231 | /* BB what if signatures are supposed to be on for session but |
| 232 | server does not send one? BB */ |
| 233 | |
| 234 | /* Do not need to verify session setups with signature "BSRSPYL " */ |
| 235 | if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0) |
| 236 | cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", |
| 237 | cifs_pdu->Command); |
| 238 | |
| 239 | /* save off the origiginal signature so we can modify the smb and check |
| 240 | its signature against what the server sent */ |
| 241 | memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8); |
| 242 | |
| 243 | cifs_pdu->Signature.Sequence.SequenceNumber = |
| 244 | cpu_to_le32(expected_sequence_number); |
| 245 | cifs_pdu->Signature.Sequence.Reserved = 0; |
| 246 | |
| 247 | mutex_lock(&server->srv_mutex); |
| 248 | rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be); |
| 249 | mutex_unlock(&server->srv_mutex); |
| 250 | |
| 251 | if (rc) |
| 252 | return rc; |
| 253 | |
| 254 | /* cifs_dump_mem("what we think it should be: ", |
| 255 | what_we_think_sig_should_be, 16); */ |
| 256 | |
| 257 | if (memcmp(server_response_sig, what_we_think_sig_should_be, 8)) |
| 258 | return -EACCES; |
| 259 | else |
| 260 | return 0; |
| 261 | |
| 262 | } |
| 263 | |
| 264 | /* first calculate 24 bytes ntlm response and then 16 byte session key */ |
| 265 | int setup_ntlm_response(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 266 | { |
| 267 | int rc = 0; |
| 268 | unsigned int temp_len = CIFS_SESS_KEY_SIZE + CIFS_AUTH_RESP_SIZE; |
| 269 | char temp_key[CIFS_SESS_KEY_SIZE]; |
| 270 | |
| 271 | if (!ses) |
| 272 | return -EINVAL; |
| 273 | |
| 274 | ses->auth_key.response = kmalloc(temp_len, GFP_KERNEL); |
| 275 | if (!ses->auth_key.response) |
| 276 | return -ENOMEM; |
| 277 | |
| 278 | ses->auth_key.len = temp_len; |
| 279 | |
| 280 | rc = SMBNTencrypt(ses->password, ses->server->cryptkey, |
| 281 | ses->auth_key.response + CIFS_SESS_KEY_SIZE, nls_cp); |
| 282 | if (rc) { |
| 283 | cifs_dbg(FYI, "%s Can't generate NTLM response, error: %d\n", |
| 284 | __func__, rc); |
| 285 | return rc; |
| 286 | } |
| 287 | |
| 288 | rc = E_md4hash(ses->password, temp_key, nls_cp); |
| 289 | if (rc) { |
| 290 | cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n", |
| 291 | __func__, rc); |
| 292 | return rc; |
| 293 | } |
| 294 | |
| 295 | rc = mdfour(ses->auth_key.response, temp_key, CIFS_SESS_KEY_SIZE); |
| 296 | if (rc) |
| 297 | cifs_dbg(FYI, "%s Can't generate NTLM session key, error: %d\n", |
| 298 | __func__, rc); |
| 299 | |
| 300 | return rc; |
| 301 | } |
| 302 | |
| 303 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 304 | int calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, |
| 305 | char *lnm_session_key) |
| 306 | { |
| 307 | int i; |
| 308 | int rc; |
| 309 | char password_with_pad[CIFS_ENCPWD_SIZE]; |
| 310 | |
| 311 | memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); |
| 312 | if (password) |
| 313 | strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); |
| 314 | |
| 315 | if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) { |
| 316 | memcpy(lnm_session_key, password_with_pad, |
| 317 | CIFS_ENCPWD_SIZE); |
| 318 | return 0; |
| 319 | } |
| 320 | |
| 321 | /* calculate old style session key */ |
| 322 | /* calling toupper is less broken than repeatedly |
| 323 | calling nls_toupper would be since that will never |
| 324 | work for UTF8, but neither handles multibyte code pages |
| 325 | but the only alternative would be converting to UCS-16 (Unicode) |
| 326 | (using a routine something like UniStrupr) then |
| 327 | uppercasing and then converting back from Unicode - which |
| 328 | would only worth doing it if we knew it were utf8. Basically |
| 329 | utf8 and other multibyte codepages each need their own strupper |
| 330 | function since a byte at a time will ont work. */ |
| 331 | |
| 332 | for (i = 0; i < CIFS_ENCPWD_SIZE; i++) |
| 333 | password_with_pad[i] = toupper(password_with_pad[i]); |
| 334 | |
| 335 | rc = SMBencrypt(password_with_pad, cryptkey, lnm_session_key); |
| 336 | |
| 337 | return rc; |
| 338 | } |
| 339 | #endif /* CIFS_WEAK_PW_HASH */ |
| 340 | |
| 341 | /* Build a proper attribute value/target info pairs blob. |
| 342 | * Fill in netbios and dns domain name and workstation name |
| 343 | * and client time (total five av pairs and + one end of fields indicator. |
| 344 | * Allocate domain name which gets freed when session struct is deallocated. |
| 345 | */ |
| 346 | static int |
| 347 | build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 348 | { |
| 349 | unsigned int dlen; |
| 350 | unsigned int size = 2 * sizeof(struct ntlmssp2_name); |
| 351 | char *defdmname = "WORKGROUP"; |
| 352 | unsigned char *blobptr; |
| 353 | struct ntlmssp2_name *attrptr; |
| 354 | |
| 355 | if (!ses->domainName) { |
| 356 | ses->domainName = kstrdup(defdmname, GFP_KERNEL); |
| 357 | if (!ses->domainName) |
| 358 | return -ENOMEM; |
| 359 | } |
| 360 | |
| 361 | dlen = strlen(ses->domainName); |
| 362 | |
| 363 | /* |
| 364 | * The length of this blob is two times the size of a |
| 365 | * structure (av pair) which holds name/size |
| 366 | * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + |
| 367 | * unicode length of a netbios domain name |
| 368 | */ |
| 369 | ses->auth_key.len = size + 2 * dlen; |
| 370 | ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); |
| 371 | if (!ses->auth_key.response) { |
| 372 | ses->auth_key.len = 0; |
| 373 | return -ENOMEM; |
| 374 | } |
| 375 | |
| 376 | blobptr = ses->auth_key.response; |
| 377 | attrptr = (struct ntlmssp2_name *) blobptr; |
| 378 | |
| 379 | /* |
| 380 | * As defined in MS-NTLM 3.3.2, just this av pair field |
| 381 | * is sufficient as part of the temp |
| 382 | */ |
| 383 | attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME); |
| 384 | attrptr->length = cpu_to_le16(2 * dlen); |
| 385 | blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); |
| 386 | cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp); |
| 387 | |
| 388 | return 0; |
| 389 | } |
| 390 | |
| 391 | /* Server has provided av pairs/target info in the type 2 challenge |
| 392 | * packet and we have plucked it and stored within smb session. |
| 393 | * We parse that blob here to find netbios domain name to be used |
| 394 | * as part of ntlmv2 authentication (in Target String), if not already |
| 395 | * specified on the command line. |
| 396 | * If this function returns without any error but without fetching |
| 397 | * domain name, authentication may fail against some server but |
| 398 | * may not fail against other (those who are not very particular |
| 399 | * about target string i.e. for some, just user name might suffice. |
| 400 | */ |
| 401 | static int |
| 402 | find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 403 | { |
| 404 | unsigned int attrsize; |
| 405 | unsigned int type; |
| 406 | unsigned int onesize = sizeof(struct ntlmssp2_name); |
| 407 | unsigned char *blobptr; |
| 408 | unsigned char *blobend; |
| 409 | struct ntlmssp2_name *attrptr; |
| 410 | |
| 411 | if (!ses->auth_key.len || !ses->auth_key.response) |
| 412 | return 0; |
| 413 | |
| 414 | blobptr = ses->auth_key.response; |
| 415 | blobend = blobptr + ses->auth_key.len; |
| 416 | |
| 417 | while (blobptr + onesize < blobend) { |
| 418 | attrptr = (struct ntlmssp2_name *) blobptr; |
| 419 | type = le16_to_cpu(attrptr->type); |
| 420 | if (type == NTLMSSP_AV_EOL) |
| 421 | break; |
| 422 | blobptr += 2; /* advance attr type */ |
| 423 | attrsize = le16_to_cpu(attrptr->length); |
| 424 | blobptr += 2; /* advance attr size */ |
| 425 | if (blobptr + attrsize > blobend) |
| 426 | break; |
| 427 | if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { |
| 428 | if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN) |
| 429 | break; |
| 430 | if (!ses->domainName) { |
| 431 | ses->domainName = |
| 432 | kmalloc(attrsize + 1, GFP_KERNEL); |
| 433 | if (!ses->domainName) |
| 434 | return -ENOMEM; |
| 435 | cifs_from_utf16(ses->domainName, |
| 436 | (__le16 *)blobptr, attrsize, attrsize, |
| 437 | nls_cp, NO_MAP_UNI_RSVD); |
| 438 | break; |
| 439 | } |
| 440 | } |
| 441 | blobptr += attrsize; /* advance attr value */ |
| 442 | } |
| 443 | |
| 444 | return 0; |
| 445 | } |
| 446 | |
| 447 | static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash, |
| 448 | const struct nls_table *nls_cp) |
| 449 | { |
| 450 | int rc = 0; |
| 451 | int len; |
| 452 | char nt_hash[CIFS_NTHASH_SIZE]; |
| 453 | __le16 *user; |
| 454 | wchar_t *domain; |
| 455 | wchar_t *server; |
| 456 | |
| 457 | if (!ses->server->secmech.sdeschmacmd5) { |
| 458 | cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); |
| 459 | return -1; |
| 460 | } |
| 461 | |
| 462 | /* calculate md4 hash of password */ |
| 463 | E_md4hash(ses->password, nt_hash, nls_cp); |
| 464 | |
| 465 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash, |
| 466 | CIFS_NTHASH_SIZE); |
| 467 | if (rc) { |
| 468 | cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__); |
| 469 | return rc; |
| 470 | } |
| 471 | |
| 472 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 473 | if (rc) { |
| 474 | cifs_dbg(VFS, "%s: could not init hmacmd5\n", __func__); |
| 475 | return rc; |
| 476 | } |
| 477 | |
| 478 | /* convert ses->user_name to unicode */ |
| 479 | len = ses->user_name ? strlen(ses->user_name) : 0; |
| 480 | user = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 481 | if (user == NULL) { |
| 482 | rc = -ENOMEM; |
| 483 | return rc; |
| 484 | } |
| 485 | |
| 486 | if (len) { |
| 487 | len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp); |
| 488 | UniStrupr(user); |
| 489 | } else { |
| 490 | memset(user, '\0', 2); |
| 491 | } |
| 492 | |
| 493 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 494 | (char *)user, 2 * len); |
| 495 | kfree(user); |
| 496 | if (rc) { |
| 497 | cifs_dbg(VFS, "%s: Could not update with user\n", __func__); |
| 498 | return rc; |
| 499 | } |
| 500 | |
| 501 | /* convert ses->domainName to unicode and uppercase */ |
| 502 | if (ses->domainName) { |
| 503 | len = strlen(ses->domainName); |
| 504 | |
| 505 | domain = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 506 | if (domain == NULL) { |
| 507 | rc = -ENOMEM; |
| 508 | return rc; |
| 509 | } |
| 510 | len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len, |
| 511 | nls_cp); |
| 512 | rc = |
| 513 | crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 514 | (char *)domain, 2 * len); |
| 515 | kfree(domain); |
| 516 | if (rc) { |
| 517 | cifs_dbg(VFS, "%s: Could not update with domain\n", |
| 518 | __func__); |
| 519 | return rc; |
| 520 | } |
| 521 | } else { |
| 522 | /* We use ses->serverName if no domain name available */ |
| 523 | len = strlen(ses->serverName); |
| 524 | |
| 525 | server = kmalloc(2 + (len * 2), GFP_KERNEL); |
| 526 | if (server == NULL) { |
| 527 | rc = -ENOMEM; |
| 528 | return rc; |
| 529 | } |
| 530 | len = cifs_strtoUTF16((__le16 *)server, ses->serverName, len, |
| 531 | nls_cp); |
| 532 | rc = |
| 533 | crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 534 | (char *)server, 2 * len); |
| 535 | kfree(server); |
| 536 | if (rc) { |
| 537 | cifs_dbg(VFS, "%s: Could not update with server\n", |
| 538 | __func__); |
| 539 | return rc; |
| 540 | } |
| 541 | } |
| 542 | |
| 543 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 544 | ntlmv2_hash); |
| 545 | if (rc) |
| 546 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); |
| 547 | |
| 548 | return rc; |
| 549 | } |
| 550 | |
| 551 | static int |
| 552 | CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) |
| 553 | { |
| 554 | int rc; |
| 555 | struct ntlmv2_resp *ntlmv2 = (struct ntlmv2_resp *) |
| 556 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
| 557 | unsigned int hash_len; |
| 558 | |
| 559 | /* The MD5 hash starts at challenge_key.key */ |
| 560 | hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE + |
| 561 | offsetof(struct ntlmv2_resp, challenge.key[0])); |
| 562 | |
| 563 | if (!ses->server->secmech.sdeschmacmd5) { |
| 564 | cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); |
| 565 | return -1; |
| 566 | } |
| 567 | |
| 568 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, |
| 569 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); |
| 570 | if (rc) { |
| 571 | cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", |
| 572 | __func__); |
| 573 | return rc; |
| 574 | } |
| 575 | |
| 576 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 577 | if (rc) { |
| 578 | cifs_dbg(VFS, "%s: could not init hmacmd5\n", __func__); |
| 579 | return rc; |
| 580 | } |
| 581 | |
| 582 | if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) |
| 583 | memcpy(ntlmv2->challenge.key, |
| 584 | ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 585 | else |
| 586 | memcpy(ntlmv2->challenge.key, |
| 587 | ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 588 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 589 | ntlmv2->challenge.key, hash_len); |
| 590 | if (rc) { |
| 591 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |
| 592 | return rc; |
| 593 | } |
| 594 | |
| 595 | /* Note that the MD5 digest over writes anon.challenge_key.key */ |
| 596 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 597 | ntlmv2->ntlmv2_hash); |
| 598 | if (rc) |
| 599 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); |
| 600 | |
| 601 | return rc; |
| 602 | } |
| 603 | |
| 604 | static int crypto_hmacmd5_alloc(struct TCP_Server_Info *server) |
| 605 | { |
| 606 | int rc; |
| 607 | unsigned int size; |
| 608 | |
| 609 | /* check if already allocated */ |
| 610 | if (server->secmech.sdeschmacmd5) |
| 611 | return 0; |
| 612 | |
| 613 | server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0); |
| 614 | if (IS_ERR(server->secmech.hmacmd5)) { |
| 615 | cifs_dbg(VFS, "could not allocate crypto hmacmd5\n"); |
| 616 | rc = PTR_ERR(server->secmech.hmacmd5); |
| 617 | server->secmech.hmacmd5 = NULL; |
| 618 | return rc; |
| 619 | } |
| 620 | |
| 621 | size = sizeof(struct shash_desc) + |
| 622 | crypto_shash_descsize(server->secmech.hmacmd5); |
| 623 | server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL); |
| 624 | if (!server->secmech.sdeschmacmd5) { |
| 625 | crypto_free_shash(server->secmech.hmacmd5); |
| 626 | server->secmech.hmacmd5 = NULL; |
| 627 | return -ENOMEM; |
| 628 | } |
| 629 | server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5; |
| 630 | server->secmech.sdeschmacmd5->shash.flags = 0x0; |
| 631 | |
| 632 | return 0; |
| 633 | } |
| 634 | |
| 635 | int |
| 636 | setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) |
| 637 | { |
| 638 | int rc; |
| 639 | int baselen; |
| 640 | unsigned int tilen; |
| 641 | struct ntlmv2_resp *ntlmv2; |
| 642 | char ntlmv2_hash[16]; |
| 643 | unsigned char *tiblob = NULL; /* target info blob */ |
| 644 | |
| 645 | if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) { |
| 646 | if (!ses->domainName) { |
| 647 | rc = find_domain_name(ses, nls_cp); |
| 648 | if (rc) { |
| 649 | cifs_dbg(VFS, "error %d finding domain name\n", |
| 650 | rc); |
| 651 | goto setup_ntlmv2_rsp_ret; |
| 652 | } |
| 653 | } |
| 654 | } else { |
| 655 | rc = build_avpair_blob(ses, nls_cp); |
| 656 | if (rc) { |
| 657 | cifs_dbg(VFS, "error %d building av pair blob\n", rc); |
| 658 | goto setup_ntlmv2_rsp_ret; |
| 659 | } |
| 660 | } |
| 661 | |
| 662 | baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp); |
| 663 | tilen = ses->auth_key.len; |
| 664 | tiblob = ses->auth_key.response; |
| 665 | |
| 666 | ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL); |
| 667 | if (!ses->auth_key.response) { |
| 668 | rc = ENOMEM; |
| 669 | ses->auth_key.len = 0; |
| 670 | goto setup_ntlmv2_rsp_ret; |
| 671 | } |
| 672 | ses->auth_key.len += baselen; |
| 673 | |
| 674 | ntlmv2 = (struct ntlmv2_resp *) |
| 675 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
| 676 | ntlmv2->blob_signature = cpu_to_le32(0x00000101); |
| 677 | ntlmv2->reserved = 0; |
| 678 | /* Must be within 5 minutes of the server */ |
| 679 | ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); |
| 680 | get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal)); |
| 681 | ntlmv2->reserved2 = 0; |
| 682 | |
| 683 | memcpy(ses->auth_key.response + baselen, tiblob, tilen); |
| 684 | |
| 685 | rc = crypto_hmacmd5_alloc(ses->server); |
| 686 | if (rc) { |
| 687 | cifs_dbg(VFS, "could not crypto alloc hmacmd5 rc %d\n", rc); |
| 688 | goto setup_ntlmv2_rsp_ret; |
| 689 | } |
| 690 | |
| 691 | /* calculate ntlmv2_hash */ |
| 692 | rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp); |
| 693 | if (rc) { |
| 694 | cifs_dbg(VFS, "could not get v2 hash rc %d\n", rc); |
| 695 | goto setup_ntlmv2_rsp_ret; |
| 696 | } |
| 697 | |
| 698 | /* calculate first part of the client response (CR1) */ |
| 699 | rc = CalcNTLMv2_response(ses, ntlmv2_hash); |
| 700 | if (rc) { |
| 701 | cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc); |
| 702 | goto setup_ntlmv2_rsp_ret; |
| 703 | } |
| 704 | |
| 705 | /* now calculate the session key for NTLMv2 */ |
| 706 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, |
| 707 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); |
| 708 | if (rc) { |
| 709 | cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", |
| 710 | __func__); |
| 711 | goto setup_ntlmv2_rsp_ret; |
| 712 | } |
| 713 | |
| 714 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); |
| 715 | if (rc) { |
| 716 | cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__); |
| 717 | goto setup_ntlmv2_rsp_ret; |
| 718 | } |
| 719 | |
| 720 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 721 | ntlmv2->ntlmv2_hash, |
| 722 | CIFS_HMAC_MD5_HASH_SIZE); |
| 723 | if (rc) { |
| 724 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |
| 725 | goto setup_ntlmv2_rsp_ret; |
| 726 | } |
| 727 | |
| 728 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 729 | ses->auth_key.response); |
| 730 | if (rc) |
| 731 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); |
| 732 | |
| 733 | setup_ntlmv2_rsp_ret: |
| 734 | kfree(tiblob); |
| 735 | |
| 736 | return rc; |
| 737 | } |
| 738 | |
| 739 | int |
| 740 | calc_seckey(struct cifs_ses *ses) |
| 741 | { |
| 742 | int rc; |
| 743 | struct crypto_blkcipher *tfm_arc4; |
| 744 | struct scatterlist sgin, sgout; |
| 745 | struct blkcipher_desc desc; |
| 746 | unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */ |
| 747 | |
| 748 | get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE); |
| 749 | |
| 750 | tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); |
| 751 | if (IS_ERR(tfm_arc4)) { |
| 752 | rc = PTR_ERR(tfm_arc4); |
| 753 | cifs_dbg(VFS, "could not allocate crypto API arc4\n"); |
| 754 | return rc; |
| 755 | } |
| 756 | |
| 757 | desc.tfm = tfm_arc4; |
| 758 | |
| 759 | rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response, |
| 760 | CIFS_SESS_KEY_SIZE); |
| 761 | if (rc) { |
| 762 | cifs_dbg(VFS, "%s: Could not set response as a key\n", |
| 763 | __func__); |
| 764 | return rc; |
| 765 | } |
| 766 | |
| 767 | sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); |
| 768 | sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); |
| 769 | |
| 770 | rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE); |
| 771 | if (rc) { |
| 772 | cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc); |
| 773 | crypto_free_blkcipher(tfm_arc4); |
| 774 | return rc; |
| 775 | } |
| 776 | |
| 777 | /* make secondary_key/nonce as session key */ |
| 778 | memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE); |
| 779 | /* and make len as that of session key only */ |
| 780 | ses->auth_key.len = CIFS_SESS_KEY_SIZE; |
| 781 | |
| 782 | crypto_free_blkcipher(tfm_arc4); |
| 783 | |
| 784 | return rc; |
| 785 | } |
| 786 | |
| 787 | void |
| 788 | cifs_crypto_shash_release(struct TCP_Server_Info *server) |
| 789 | { |
| 790 | if (server->secmech.cmacaes) { |
| 791 | crypto_free_shash(server->secmech.cmacaes); |
| 792 | server->secmech.cmacaes = NULL; |
| 793 | } |
| 794 | |
| 795 | if (server->secmech.hmacsha256) { |
| 796 | crypto_free_shash(server->secmech.hmacsha256); |
| 797 | server->secmech.hmacsha256 = NULL; |
| 798 | } |
| 799 | |
| 800 | if (server->secmech.md5) { |
| 801 | crypto_free_shash(server->secmech.md5); |
| 802 | server->secmech.md5 = NULL; |
| 803 | } |
| 804 | |
| 805 | if (server->secmech.hmacmd5) { |
| 806 | crypto_free_shash(server->secmech.hmacmd5); |
| 807 | server->secmech.hmacmd5 = NULL; |
| 808 | } |
| 809 | |
| 810 | kfree(server->secmech.sdesccmacaes); |
| 811 | server->secmech.sdesccmacaes = NULL; |
| 812 | kfree(server->secmech.sdeschmacsha256); |
| 813 | server->secmech.sdeschmacsha256 = NULL; |
| 814 | kfree(server->secmech.sdeschmacmd5); |
| 815 | server->secmech.sdeschmacmd5 = NULL; |
| 816 | kfree(server->secmech.sdescmd5); |
| 817 | server->secmech.sdescmd5 = NULL; |
| 818 | } |