1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/kernel.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
22 #include <linux/fips.h>
23 #include <crypto/des.h>
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../smbfs_common/arc4.h"
35 * Fixed format data defining GSS header and fixed string
36 * "not_defined_in_RFC4178@please_ignore".
37 * So sec blob data in neg phase could be generated statically.
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
54 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
67 void ksmbd_copy_gss_neg_header(void *buf)
69 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 * ksmbd_gen_sess_key() - function to generate session key
74 * @sess: session of connection
75 * @hash: source hash value to be used for find session key
76 * @hmac: source hmac value to be used for finding session key
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
82 struct ksmbd_crypto_ctx *ctx;
85 ctx = ksmbd_crypto_ctx_find_hmacmd5();
87 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
91 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
93 CIFS_HMAC_MD5_HASH_SIZE);
95 ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
99 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
101 ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
105 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
107 SMB2_NTLMV2_SESSKEY_SIZE);
109 ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
115 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
120 ksmbd_release_crypto_ctx(ctx);
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 char *ntlmv2_hash, char *dname)
127 int ret, len, conv_len;
128 wchar_t *domain = NULL;
129 __le16 *uniname = NULL;
130 struct ksmbd_crypto_ctx *ctx;
132 ctx = ksmbd_crypto_ctx_find_hmacmd5();
134 ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
138 ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 user_passkey(sess->user),
142 ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
146 ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
148 ksmbd_debug(AUTH, "could not init hmacmd5\n");
152 /* convert user_name to unicode */
153 len = strlen(user_name(sess->user));
154 uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
162 if (conv_len < 0 || conv_len > len) {
168 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
170 UNICODE_LEN(conv_len));
172 ksmbd_debug(AUTH, "Could not update with user\n");
176 /* Convert domain name or conn name to unicode and uppercase */
178 domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
184 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
186 if (conv_len < 0 || conv_len > len) {
191 ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
193 UNICODE_LEN(conv_len));
195 ksmbd_debug(AUTH, "Could not update with domain\n");
199 ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
201 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
205 ksmbd_release_crypto_ctx(ctx);
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211 * @sess: session of connection
212 * @ntlmv2: NTLMv2 challenge response
213 * @blen: NTLMv2 blob length
214 * @domain_name: domain name
216 * Return: 0 on success, error number on error
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
222 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 struct ksmbd_crypto_ctx *ctx;
225 char *construct = NULL;
228 ctx = ksmbd_crypto_ctx_find_hmacmd5();
230 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
234 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
236 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
240 rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
242 CIFS_HMAC_MD5_HASH_SIZE);
244 ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
248 rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
250 ksmbd_debug(AUTH, "Could not init hmacmd5\n");
254 len = CIFS_CRYPTO_KEY_SIZE + blen;
255 construct = kzalloc(len, GFP_KERNEL);
261 memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
264 rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
266 ksmbd_debug(AUTH, "Could not update with response\n");
270 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
272 ksmbd_debug(AUTH, "Could not generate md5 hash\n");
276 rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
278 ksmbd_debug(AUTH, "Could not generate sess key\n");
282 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
285 ksmbd_release_crypto_ctx(ctx);
291 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
293 * @authblob: authenticate blob source pointer
295 * @sess: session of connection
297 * Return: 0 on success, error number on error
299 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
300 int blob_len, struct ksmbd_conn *conn,
301 struct ksmbd_session *sess)
304 unsigned int nt_off, dn_off;
305 unsigned short nt_len, dn_len;
308 if (blob_len < sizeof(struct authenticate_message)) {
309 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
314 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
315 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
316 authblob->Signature);
320 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
321 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
322 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
323 dn_len = le16_to_cpu(authblob->DomainName.Length);
325 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
326 nt_len < CIFS_ENCPWD_SIZE)
329 /* TODO : use domain name that imported from configuration file */
330 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
331 dn_len, true, conn->local_nls);
332 if (IS_ERR(domain_name))
333 return PTR_ERR(domain_name);
335 /* process NTLMv2 authentication */
336 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
338 ret = ksmbd_auth_ntlmv2(conn, sess,
339 (struct ntlmv2_resp *)((char *)authblob + nt_off),
340 nt_len - CIFS_ENCPWD_SIZE,
341 domain_name, conn->ntlmssp.cryptkey);
344 /* The recovered secondary session key */
345 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
346 struct arc4_ctx *ctx_arc4;
347 unsigned int sess_key_off, sess_key_len;
349 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
350 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
352 if (blob_len < (u64)sess_key_off + sess_key_len)
355 ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
359 cifs_arc4_setkey(ctx_arc4, sess->sess_key,
360 SMB2_NTLMV2_SESSKEY_SIZE);
361 cifs_arc4_crypt(ctx_arc4, sess->sess_key,
362 (char *)authblob + sess_key_off, sess_key_len);
363 kfree_sensitive(ctx_arc4);
370 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
372 * @negblob: negotiate blob source pointer
373 * @rsp: response header pointer to be updated
374 * @sess: session of connection
377 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
378 int blob_len, struct ksmbd_conn *conn)
380 if (blob_len < sizeof(struct negotiate_message)) {
381 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
386 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
387 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
392 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
397 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
399 * @chgblob: challenge blob source pointer to initialize
400 * @rsp: response header pointer to be updated
401 * @sess: session of connection
405 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
406 struct ksmbd_conn *conn)
408 struct target_info *tinfo;
411 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
412 int len, uni_len, conv_len;
413 int cflags = conn->ntlmssp.client_flags;
415 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
416 chgblob->MessageType = NtLmChallenge;
418 flags = NTLMSSP_NEGOTIATE_UNICODE |
419 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
420 NTLMSSP_NEGOTIATE_TARGET_INFO;
422 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
423 flags |= NTLMSSP_NEGOTIATE_SIGN;
424 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
425 NTLMSSP_NEGOTIATE_56);
428 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
429 flags |= NTLMSSP_NEGOTIATE_SEAL;
431 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
432 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
434 if (cflags & NTLMSSP_REQUEST_TARGET)
435 flags |= NTLMSSP_REQUEST_TARGET;
437 if (conn->use_spnego &&
438 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
439 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
441 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
442 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
444 chgblob->NegotiateFlags = cpu_to_le32(flags);
445 len = strlen(ksmbd_netbios_name());
446 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
450 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
452 if (conv_len < 0 || conv_len > len) {
457 uni_len = UNICODE_LEN(conv_len);
459 blob_off = sizeof(struct challenge_message);
460 blob_len = blob_off + uni_len;
462 chgblob->TargetName.Length = cpu_to_le16(uni_len);
463 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
464 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
466 /* Initialize random conn challenge */
467 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
468 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
469 CIFS_CRYPTO_KEY_SIZE);
471 /* Add Target Information to security buffer */
472 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
474 target_name = (__u8 *)chgblob + blob_off;
475 memcpy(target_name, name, uni_len);
476 tinfo = (struct target_info *)(target_name + uni_len);
478 chgblob->TargetInfoArray.Length = 0;
479 /* Add target info list for NetBIOS/DNS settings */
480 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
481 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
482 tinfo->Type = cpu_to_le16(type);
483 tinfo->Length = cpu_to_le16(uni_len);
484 memcpy(tinfo->Content, name, uni_len);
485 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
486 target_info_len += 4 + uni_len;
489 /* Add terminator subblock */
492 target_info_len += 4;
494 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
495 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
496 blob_len += target_info_len;
498 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
502 #ifdef CONFIG_SMB_SERVER_KERBEROS5
503 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
504 int in_len, char *out_blob, int *out_len)
506 struct ksmbd_spnego_authen_response *resp;
507 struct ksmbd_user *user = NULL;
510 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
512 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
516 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
517 ksmbd_debug(AUTH, "krb5 authentication failure\n");
522 if (*out_len <= resp->spnego_blob_len) {
523 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
524 *out_len, resp->spnego_blob_len);
529 if (resp->session_key_len > sizeof(sess->sess_key)) {
530 ksmbd_debug(AUTH, "session key is too long\n");
535 user = ksmbd_alloc_user(&resp->login_response);
537 ksmbd_debug(AUTH, "login failure\n");
543 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
544 memcpy(out_blob, resp->payload + resp->session_key_len,
545 resp->spnego_blob_len);
546 *out_len = resp->spnego_blob_len;
553 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
554 int in_len, char *out_blob, int *out_len)
561 * ksmbd_sign_smb2_pdu() - function to generate packet signing
564 * @iov: buffer iov array
565 * @n_vec: number of iovecs
566 * @sig: signature value generated for client request packet
569 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
570 int n_vec, char *sig)
572 struct ksmbd_crypto_ctx *ctx;
575 ctx = ksmbd_crypto_ctx_find_hmacsha256();
577 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
581 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
583 SMB2_NTLMV2_SESSKEY_SIZE);
587 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
589 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
593 for (i = 0; i < n_vec; i++) {
594 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
598 ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
603 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
605 ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
607 ksmbd_release_crypto_ctx(ctx);
612 * ksmbd_sign_smb3_pdu() - function to generate packet signing
615 * @iov: buffer iov array
616 * @n_vec: number of iovecs
617 * @sig: signature value generated for client request packet
620 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
621 int n_vec, char *sig)
623 struct ksmbd_crypto_ctx *ctx;
626 ctx = ksmbd_crypto_ctx_find_cmacaes();
628 ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
632 rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
638 rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
640 ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
644 for (i = 0; i < n_vec; i++) {
645 rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
649 ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
654 rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
656 ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
658 ksmbd_release_crypto_ctx(ctx);
668 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
669 struct kvec label, struct kvec context, __u8 *key,
670 unsigned int key_size)
672 unsigned char zero = 0x0;
673 __u8 i[4] = {0, 0, 0, 1};
674 __u8 L128[4] = {0, 0, 0, 128};
675 __u8 L256[4] = {0, 0, 1, 0};
677 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
678 unsigned char *hashptr = prfhash;
679 struct ksmbd_crypto_ctx *ctx;
681 memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
682 memset(key, 0x0, key_size);
684 ctx = ksmbd_crypto_ctx_find_hmacsha256();
686 ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
690 rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
692 SMB2_NTLMV2_SESSKEY_SIZE);
694 goto smb3signkey_ret;
696 rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
698 ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
699 goto smb3signkey_ret;
702 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
704 ksmbd_debug(AUTH, "could not update with n\n");
705 goto smb3signkey_ret;
708 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
712 ksmbd_debug(AUTH, "could not update with label\n");
713 goto smb3signkey_ret;
716 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
718 ksmbd_debug(AUTH, "could not update with zero\n");
719 goto smb3signkey_ret;
722 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
726 ksmbd_debug(AUTH, "could not update with context\n");
727 goto smb3signkey_ret;
730 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
731 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
732 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
733 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
735 rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
737 ksmbd_debug(AUTH, "could not update with L\n");
738 goto smb3signkey_ret;
741 rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
743 ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
745 goto smb3signkey_ret;
748 memcpy(key, hashptr, key_size);
751 ksmbd_release_crypto_ctx(ctx);
755 static int generate_smb3signingkey(struct ksmbd_session *sess,
756 struct ksmbd_conn *conn,
757 const struct derivation *signing)
760 struct channel *chann;
763 chann = lookup_chann_list(sess, conn);
767 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
768 key = chann->smb3signingkey;
770 key = sess->smb3signingkey;
772 rc = generate_key(conn, sess, signing->label, signing->context, key,
777 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
778 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
780 ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
781 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
782 ksmbd_debug(AUTH, "Session Key %*ph\n",
783 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
784 ksmbd_debug(AUTH, "Signing Key %*ph\n",
785 SMB3_SIGN_KEY_SIZE, key);
789 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
790 struct ksmbd_conn *conn)
794 d.label.iov_base = "SMB2AESCMAC";
795 d.label.iov_len = 12;
796 d.context.iov_base = "SmbSign";
797 d.context.iov_len = 8;
798 d.binding = conn->binding;
800 return generate_smb3signingkey(sess, conn, &d);
803 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
804 struct ksmbd_conn *conn)
808 d.label.iov_base = "SMBSigningKey";
809 d.label.iov_len = 14;
811 struct preauth_session *preauth_sess;
813 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
816 d.context.iov_base = preauth_sess->Preauth_HashValue;
818 d.context.iov_base = sess->Preauth_HashValue;
820 d.context.iov_len = 64;
821 d.binding = conn->binding;
823 return generate_smb3signingkey(sess, conn, &d);
826 struct derivation_twin {
827 struct derivation encryption;
828 struct derivation decryption;
831 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
832 struct ksmbd_session *sess,
833 const struct derivation_twin *ptwin)
837 rc = generate_key(conn, sess, ptwin->encryption.label,
838 ptwin->encryption.context, sess->smb3encryptionkey,
839 SMB3_ENC_DEC_KEY_SIZE);
843 rc = generate_key(conn, sess, ptwin->decryption.label,
844 ptwin->decryption.context,
845 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
849 ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
850 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
851 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
852 ksmbd_debug(AUTH, "Session Key %*ph\n",
853 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
854 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
855 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
856 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
857 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
858 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
859 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
861 ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
862 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
863 ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
864 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
869 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
870 struct ksmbd_session *sess)
872 struct derivation_twin twin;
873 struct derivation *d;
875 d = &twin.encryption;
876 d->label.iov_base = "SMB2AESCCM";
877 d->label.iov_len = 11;
878 d->context.iov_base = "ServerOut";
879 d->context.iov_len = 10;
881 d = &twin.decryption;
882 d->label.iov_base = "SMB2AESCCM";
883 d->label.iov_len = 11;
884 d->context.iov_base = "ServerIn ";
885 d->context.iov_len = 10;
887 return generate_smb3encryptionkey(conn, sess, &twin);
890 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
891 struct ksmbd_session *sess)
893 struct derivation_twin twin;
894 struct derivation *d;
896 d = &twin.encryption;
897 d->label.iov_base = "SMBS2CCipherKey";
898 d->label.iov_len = 16;
899 d->context.iov_base = sess->Preauth_HashValue;
900 d->context.iov_len = 64;
902 d = &twin.decryption;
903 d->label.iov_base = "SMBC2SCipherKey";
904 d->label.iov_len = 16;
905 d->context.iov_base = sess->Preauth_HashValue;
906 d->context.iov_len = 64;
908 return generate_smb3encryptionkey(conn, sess, &twin);
911 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
915 struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
916 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
917 int msg_size = get_rfc1002_len(buf);
918 struct ksmbd_crypto_ctx *ctx = NULL;
920 if (conn->preauth_info->Preauth_HashId !=
921 SMB2_PREAUTH_INTEGRITY_SHA512)
924 ctx = ksmbd_crypto_ctx_find_sha512();
926 ksmbd_debug(AUTH, "could not alloc sha512\n");
930 rc = crypto_shash_init(CRYPTO_SHA512(ctx));
932 ksmbd_debug(AUTH, "could not init shashn");
936 rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
938 ksmbd_debug(AUTH, "could not update with n\n");
942 rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
944 ksmbd_debug(AUTH, "could not update with n\n");
948 rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
950 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
954 ksmbd_release_crypto_ctx(ctx);
958 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
962 struct ksmbd_crypto_ctx *ctx = NULL;
964 ctx = ksmbd_crypto_ctx_find_sha256();
966 ksmbd_debug(AUTH, "could not alloc sha256\n");
970 rc = crypto_shash_init(CRYPTO_SHA256(ctx));
972 ksmbd_debug(AUTH, "could not init shashn");
976 rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
978 ksmbd_debug(AUTH, "could not update with n\n");
982 rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
984 ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
988 ksmbd_release_crypto_ctx(ctx);
992 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
995 struct ksmbd_session *sess;
1001 sess = ksmbd_session_lookup_all(work->conn, ses_id);
1005 ses_enc_key = enc ? sess->smb3encryptionkey :
1006 sess->smb3decryptionkey;
1007 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1012 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1013 unsigned int buflen)
1017 if (is_vmalloc_addr(buf))
1018 addr = vmalloc_to_page(buf);
1020 addr = virt_to_page(buf);
1021 sg_set_page(sg, addr, buflen, offset_in_page(buf));
1024 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1027 struct scatterlist *sg;
1028 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1029 int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1034 for (i = 0; i < nvec - 1; i++) {
1035 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1037 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1038 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1039 PAGE_SIZE - 1) >> PAGE_SHIFT) -
1040 (kaddr >> PAGE_SHIFT);
1044 total_entries += nr_entries[i];
1047 /* Add two entries for transform header and signature */
1050 sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1054 sg_init_table(sg, total_entries);
1055 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1056 for (i = 0; i < nvec - 1; i++) {
1057 void *data = iov[i + 1].iov_base;
1058 int len = iov[i + 1].iov_len;
1060 if (is_vmalloc_addr(data)) {
1061 int j, offset = offset_in_page(data);
1063 for (j = 0; j < nr_entries[i]; j++) {
1064 unsigned int bytes = PAGE_SIZE - offset;
1072 sg_set_page(&sg[sg_idx++],
1073 vmalloc_to_page(data), bytes,
1074 offset_in_page(data));
1081 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1082 offset_in_page(data));
1085 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1089 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1090 unsigned int nvec, int enc)
1092 struct ksmbd_conn *conn = work->conn;
1093 struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1094 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1096 struct scatterlist *sg;
1097 u8 sign[SMB2_SIGNATURE_SIZE] = {};
1098 u8 key[SMB3_ENC_DEC_KEY_SIZE];
1099 struct aead_request *req;
1101 unsigned int iv_len;
1102 struct crypto_aead *tfm;
1103 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1104 struct ksmbd_crypto_ctx *ctx;
1106 rc = ksmbd_get_encryption_key(work,
1107 le64_to_cpu(tr_hdr->SessionId),
1111 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1115 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1116 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1117 ctx = ksmbd_crypto_ctx_find_gcm();
1119 ctx = ksmbd_crypto_ctx_find_ccm();
1121 pr_err("crypto alloc failed\n");
1125 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1126 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1127 tfm = CRYPTO_GCM(ctx);
1129 tfm = CRYPTO_CCM(ctx);
1131 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1132 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1133 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1135 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1137 pr_err("Failed to set aead key %d\n", rc);
1141 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1143 pr_err("Failed to set authsize %d\n", rc);
1147 req = aead_request_alloc(tfm, GFP_KERNEL);
1154 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1155 crypt_len += SMB2_SIGNATURE_SIZE;
1158 sg = ksmbd_init_sg(iov, nvec, sign);
1160 pr_err("Failed to init sg\n");
1165 iv_len = crypto_aead_ivsize(tfm);
1166 iv = kzalloc(iv_len, GFP_KERNEL);
1172 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1173 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1174 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1177 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1180 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1181 aead_request_set_ad(req, assoc_data_len);
1182 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1185 rc = crypto_aead_encrypt(req);
1187 rc = crypto_aead_decrypt(req);
1192 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1201 ksmbd_release_crypto_ctx(ctx);