1/* 2 * fs/cifs/cifsencrypt.c 3 * 4 * Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP 5 * for more detailed information 6 * 7 * Copyright (C) International Business Machines Corp., 2005,2013 8 * Author(s): Steve French (sfrench@us.ibm.com) 9 * 10 * This library is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU Lesser General Public License as published 12 * by the Free Software Foundation; either version 2.1 of the License, or 13 * (at your option) any later version. 14 * 15 * This library is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 18 * the GNU Lesser General Public License for more details. 19 * 20 * You should have received a copy of the GNU Lesser General Public License 21 * along with this library; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 */ 24 25#include <linux/fs.h> 26#include <linux/slab.h> 27#include "cifspdu.h" 28#include "cifsglob.h" 29#include "cifs_debug.h" 30#include "cifs_unicode.h" 31#include "cifsproto.h" 32#include "ntlmssp.h" 33#include <linux/ctype.h> 34#include <linux/random.h> 35#include <linux/highmem.h> 36 37static int 38cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server) 39{ 40 int rc; 41 unsigned int size; 42 43 if (server->secmech.sdescmd5 != NULL) 44 return 0; /* already allocated */ 45 46 server->secmech.md5 = crypto_alloc_shash("md5", 0, 0); 47 if (IS_ERR(server->secmech.md5)) { 48 cifs_dbg(VFS, "could not allocate crypto md5\n"); 49 rc = PTR_ERR(server->secmech.md5); 50 server->secmech.md5 = NULL; 51 return rc; 52 } 53 54 size = sizeof(struct shash_desc) + 55 crypto_shash_descsize(server->secmech.md5); 56 server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL); 57 if (!server->secmech.sdescmd5) { 58 crypto_free_shash(server->secmech.md5); 59 server->secmech.md5 = NULL; 60 return -ENOMEM; 61 } 62 server->secmech.sdescmd5->shash.tfm = server->secmech.md5; 63 server->secmech.sdescmd5->shash.flags = 0x0; 64 65 return 0; 66} 67 68/* 69 * Calculate and return the CIFS signature based on the mac key and SMB PDU. 70 * The 16 byte signature must be allocated by the caller. Note we only use the 71 * 1st eight bytes and that the smb header signature field on input contains 72 * the sequence number before this function is called. Also, this function 73 * should be called with the server->srv_mutex held. 74 */ 75static int cifs_calc_signature(struct smb_rqst *rqst, 76 struct TCP_Server_Info *server, char *signature) 77{ 78 int i; 79 int rc; 80 struct kvec *iov = rqst->rq_iov; 81 int n_vec = rqst->rq_nvec; 82 83 if (iov == NULL || signature == NULL || server == NULL) 84 return -EINVAL; 85 86 if (!server->secmech.sdescmd5) { 87 rc = cifs_crypto_shash_md5_allocate(server); 88 if (rc) { 89 cifs_dbg(VFS, "%s: Can't alloc md5 crypto\n", __func__); 90 return -1; 91 } 92 } 93 94 rc = crypto_shash_init(&server->secmech.sdescmd5->shash); 95 if (rc) { 96 cifs_dbg(VFS, "%s: Could not init md5\n", __func__); 97 return rc; 98 } 99 100 rc = crypto_shash_update(&server->secmech.sdescmd5->shash, 101 server->session_key.response, server->session_key.len); 102 if (rc) { 103 cifs_dbg(VFS, "%s: Could not update with response\n", __func__); 104 return rc; 105 } 106 107 for (i = 0; i < n_vec; i++) { 108 if (iov[i].iov_len == 0) 109 continue; 110 if (iov[i].iov_base == NULL) { 111 cifs_dbg(VFS, "null iovec entry\n"); 112 return -EIO; 113 } 114 /* The first entry includes a length field (which does not get 115 signed that occupies the first 4 bytes before the header */ 116 if (i == 0) { 117 if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ 118 break; /* nothing to sign or corrupt header */ 119 rc = 120 crypto_shash_update(&server->secmech.sdescmd5->shash, 121 iov[i].iov_base + 4, iov[i].iov_len - 4); 122 } else { 123 rc = 124 crypto_shash_update(&server->secmech.sdescmd5->shash, 125 iov[i].iov_base, iov[i].iov_len); 126 } 127 if (rc) { 128 cifs_dbg(VFS, "%s: Could not update with payload\n", 129 __func__); 130 return rc; 131 } 132 } 133 134 /* now hash over the rq_pages array */ 135 for (i = 0; i < rqst->rq_npages; i++) { 136 struct kvec p_iov; 137 138 cifs_rqst_page_to_kvec(rqst, i, &p_iov); 139 crypto_shash_update(&server->secmech.sdescmd5->shash, 140 p_iov.iov_base, p_iov.iov_len); 141 kunmap(rqst->rq_pages[i]); 142 } 143 144 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); 145 if (rc) 146 cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); 147 148 return rc; 149} 150 151/* must be called with server->srv_mutex held */ 152int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server, 153 __u32 *pexpected_response_sequence_number) 154{ 155 int rc = 0; 156 char smb_signature[20]; 157 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 158 159 if ((cifs_pdu == NULL) || (server == NULL)) 160 return -EINVAL; 161 162 if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || 163 server->tcpStatus == CifsNeedNegotiate) 164 return rc; 165 166 if (!server->session_estab) { 167 memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); 168 return rc; 169 } 170 171 cifs_pdu->Signature.Sequence.SequenceNumber = 172 cpu_to_le32(server->sequence_number); 173 cifs_pdu->Signature.Sequence.Reserved = 0; 174 175 *pexpected_response_sequence_number = ++server->sequence_number; 176 ++server->sequence_number; 177 178 rc = cifs_calc_signature(rqst, server, smb_signature); 179 if (rc) 180 memset(cifs_pdu->Signature.SecuritySignature, 0, 8); 181 else 182 memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); 183 184 return rc; 185} 186 187int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, 188 __u32 *pexpected_response_sequence) 189{ 190 struct smb_rqst rqst = { .rq_iov = iov, 191 .rq_nvec = n_vec }; 192 193 return cifs_sign_rqst(&rqst, server, pexpected_response_sequence); 194} 195 196/* must be called with server->srv_mutex held */ 197int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, 198 __u32 *pexpected_response_sequence_number) 199{ 200 struct kvec iov; 201 202 iov.iov_base = cifs_pdu; 203 iov.iov_len = be32_to_cpu(cifs_pdu->smb_buf_length) + 4; 204 205 return cifs_sign_smbv(&iov, 1, server, 206 pexpected_response_sequence_number); 207} 208 209int cifs_verify_signature(struct smb_rqst *rqst, 210 struct TCP_Server_Info *server, 211 __u32 expected_sequence_number) 212{ 213 unsigned int rc; 214 char server_response_sig[8]; 215 char what_we_think_sig_should_be[20]; 216 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 217 218 if (cifs_pdu == NULL || server == NULL) 219 return -EINVAL; 220 221 if (!server->session_estab) 222 return 0; 223 224 if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) { 225 struct smb_com_lock_req *pSMB = 226 (struct smb_com_lock_req *)cifs_pdu; 227 if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE) 228 return 0; 229 } 230 231 /* BB what if signatures are supposed to be on for session but 232 server does not send one? BB */ 233 234 /* Do not need to verify session setups with signature "BSRSPYL " */ 235 if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0) 236 cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", 237 cifs_pdu->Command); 238 239 /* save off the origiginal signature so we can modify the smb and check 240 its signature against what the server sent */ 241 memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8); 242 243 cifs_pdu->Signature.Sequence.SequenceNumber = 244 cpu_to_le32(expected_sequence_number); 245 cifs_pdu->Signature.Sequence.Reserved = 0; 246 247 mutex_lock(&server->srv_mutex); 248 rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be); 249 mutex_unlock(&server->srv_mutex); 250 251 if (rc) 252 return rc; 253 254/* cifs_dump_mem("what we think it should be: ", 255 what_we_think_sig_should_be, 16); */ 256 257 if (memcmp(server_response_sig, what_we_think_sig_should_be, 8)) 258 return -EACCES; 259 else 260 return 0; 261 262} 263 264/* first calculate 24 bytes ntlm response and then 16 byte session key */ 265int setup_ntlm_response(struct cifs_ses *ses, const struct nls_table *nls_cp) 266{ 267 int rc = 0; 268 unsigned int temp_len = CIFS_SESS_KEY_SIZE + CIFS_AUTH_RESP_SIZE; 269 char temp_key[CIFS_SESS_KEY_SIZE]; 270 271 if (!ses) 272 return -EINVAL; 273 274 ses->auth_key.response = kmalloc(temp_len, GFP_KERNEL); 275 if (!ses->auth_key.response) 276 return -ENOMEM; 277 278 ses->auth_key.len = temp_len; 279 280 rc = SMBNTencrypt(ses->password, ses->server->cryptkey, 281 ses->auth_key.response + CIFS_SESS_KEY_SIZE, nls_cp); 282 if (rc) { 283 cifs_dbg(FYI, "%s Can't generate NTLM response, error: %d\n", 284 __func__, rc); 285 return rc; 286 } 287 288 rc = E_md4hash(ses->password, temp_key, nls_cp); 289 if (rc) { 290 cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n", 291 __func__, rc); 292 return rc; 293 } 294 295 rc = mdfour(ses->auth_key.response, temp_key, CIFS_SESS_KEY_SIZE); 296 if (rc) 297 cifs_dbg(FYI, "%s Can't generate NTLM session key, error: %d\n", 298 __func__, rc); 299 300 return rc; 301} 302 303#ifdef CONFIG_CIFS_WEAK_PW_HASH 304int calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, 305 char *lnm_session_key) 306{ 307 int i; 308 int rc; 309 char password_with_pad[CIFS_ENCPWD_SIZE]; 310 311 memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); 312 if (password) 313 strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); 314 315 if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) { 316 memcpy(lnm_session_key, password_with_pad, 317 CIFS_ENCPWD_SIZE); 318 return 0; 319 } 320 321 /* calculate old style session key */ 322 /* calling toupper is less broken than repeatedly 323 calling nls_toupper would be since that will never 324 work for UTF8, but neither handles multibyte code pages 325 but the only alternative would be converting to UCS-16 (Unicode) 326 (using a routine something like UniStrupr) then 327 uppercasing and then converting back from Unicode - which 328 would only worth doing it if we knew it were utf8. Basically 329 utf8 and other multibyte codepages each need their own strupper 330 function since a byte at a time will ont work. */ 331 332 for (i = 0; i < CIFS_ENCPWD_SIZE; i++) 333 password_with_pad[i] = toupper(password_with_pad[i]); 334 335 rc = SMBencrypt(password_with_pad, cryptkey, lnm_session_key); 336 337 return rc; 338} 339#endif /* CIFS_WEAK_PW_HASH */ 340 341/* Build a proper attribute value/target info pairs blob. 342 * Fill in netbios and dns domain name and workstation name 343 * and client time (total five av pairs and + one end of fields indicator. 344 * Allocate domain name which gets freed when session struct is deallocated. 345 */ 346static int 347build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) 348{ 349 unsigned int dlen; 350 unsigned int size = 2 * sizeof(struct ntlmssp2_name); 351 char *defdmname = "WORKGROUP"; 352 unsigned char *blobptr; 353 struct ntlmssp2_name *attrptr; 354 355 if (!ses->domainName) { 356 ses->domainName = kstrdup(defdmname, GFP_KERNEL); 357 if (!ses->domainName) 358 return -ENOMEM; 359 } 360 361 dlen = strlen(ses->domainName); 362 363 /* 364 * The length of this blob is two times the size of a 365 * structure (av pair) which holds name/size 366 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + 367 * unicode length of a netbios domain name 368 */ 369 ses->auth_key.len = size + 2 * dlen; 370 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); 371 if (!ses->auth_key.response) { 372 ses->auth_key.len = 0; 373 return -ENOMEM; 374 } 375 376 blobptr = ses->auth_key.response; 377 attrptr = (struct ntlmssp2_name *) blobptr; 378 379 /* 380 * As defined in MS-NTLM 3.3.2, just this av pair field 381 * is sufficient as part of the temp 382 */ 383 attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME); 384 attrptr->length = cpu_to_le16(2 * dlen); 385 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 386 cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp); 387 388 return 0; 389} 390 391/* Server has provided av pairs/target info in the type 2 challenge 392 * packet and we have plucked it and stored within smb session. 393 * We parse that blob here to find netbios domain name to be used 394 * as part of ntlmv2 authentication (in Target String), if not already 395 * specified on the command line. 396 * If this function returns without any error but without fetching 397 * domain name, authentication may fail against some server but 398 * may not fail against other (those who are not very particular 399 * about target string i.e. for some, just user name might suffice. 400 */ 401static int 402find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) 403{ 404 unsigned int attrsize; 405 unsigned int type; 406 unsigned int onesize = sizeof(struct ntlmssp2_name); 407 unsigned char *blobptr; 408 unsigned char *blobend; 409 struct ntlmssp2_name *attrptr; 410 411 if (!ses->auth_key.len || !ses->auth_key.response) 412 return 0; 413 414 blobptr = ses->auth_key.response; 415 blobend = blobptr + ses->auth_key.len; 416 417 while (blobptr + onesize < blobend) { 418 attrptr = (struct ntlmssp2_name *) blobptr; 419 type = le16_to_cpu(attrptr->type); 420 if (type == NTLMSSP_AV_EOL) 421 break; 422 blobptr += 2; /* advance attr type */ 423 attrsize = le16_to_cpu(attrptr->length); 424 blobptr += 2; /* advance attr size */ 425 if (blobptr + attrsize > blobend) 426 break; 427 if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { 428 if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN) 429 break; 430 if (!ses->domainName) { 431 ses->domainName = 432 kmalloc(attrsize + 1, GFP_KERNEL); 433 if (!ses->domainName) 434 return -ENOMEM; 435 cifs_from_utf16(ses->domainName, 436 (__le16 *)blobptr, attrsize, attrsize, 437 nls_cp, NO_MAP_UNI_RSVD); 438 break; 439 } 440 } 441 blobptr += attrsize; /* advance attr value */ 442 } 443 444 return 0; 445} 446 447/* Server has provided av pairs/target info in the type 2 challenge 448 * packet and we have plucked it and stored within smb session. 449 * We parse that blob here to find the server given timestamp 450 * as part of ntlmv2 authentication (or local current time as 451 * default in case of failure) 452 */ 453static __le64 454find_timestamp(struct cifs_ses *ses) 455{ 456 unsigned int attrsize; 457 unsigned int type; 458 unsigned int onesize = sizeof(struct ntlmssp2_name); 459 unsigned char *blobptr; 460 unsigned char *blobend; 461 struct ntlmssp2_name *attrptr; 462 463 if (!ses->auth_key.len || !ses->auth_key.response) 464 return 0; 465 466 blobptr = ses->auth_key.response; 467 blobend = blobptr + ses->auth_key.len; 468 469 while (blobptr + onesize < blobend) { 470 attrptr = (struct ntlmssp2_name *) blobptr; 471 type = le16_to_cpu(attrptr->type); 472 if (type == NTLMSSP_AV_EOL) 473 break; 474 blobptr += 2; /* advance attr type */ 475 attrsize = le16_to_cpu(attrptr->length); 476 blobptr += 2; /* advance attr size */ 477 if (blobptr + attrsize > blobend) 478 break; 479 if (type == NTLMSSP_AV_TIMESTAMP) { 480 if (attrsize == sizeof(u64)) 481 return *((__le64 *)blobptr); 482 } 483 blobptr += attrsize; /* advance attr value */ 484 } 485 486 return cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); 487} 488 489static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash, 490 const struct nls_table *nls_cp) 491{ 492 int rc = 0; 493 int len; 494 char nt_hash[CIFS_NTHASH_SIZE]; 495 __le16 *user; 496 wchar_t *domain; 497 wchar_t *server; 498 499 if (!ses->server->secmech.sdeschmacmd5) { 500 cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); 501 return -1; 502 } 503 504 /* calculate md4 hash of password */ 505 E_md4hash(ses->password, nt_hash, nls_cp); 506 507 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash, 508 CIFS_NTHASH_SIZE); 509 if (rc) { 510 cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__); 511 return rc; 512 } 513 514 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 515 if (rc) { 516 cifs_dbg(VFS, "%s: could not init hmacmd5\n", __func__); 517 return rc; 518 } 519 520 /* convert ses->user_name to unicode */ 521 len = ses->user_name ? strlen(ses->user_name) : 0; 522 user = kmalloc(2 + (len * 2), GFP_KERNEL); 523 if (user == NULL) { 524 rc = -ENOMEM; 525 return rc; 526 } 527 528 if (len) { 529 len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp); 530 UniStrupr(user); 531 } else { 532 memset(user, '\0', 2); 533 } 534 535 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 536 (char *)user, 2 * len); 537 kfree(user); 538 if (rc) { 539 cifs_dbg(VFS, "%s: Could not update with user\n", __func__); 540 return rc; 541 } 542 543 /* convert ses->domainName to unicode and uppercase */ 544 if (ses->domainName) { 545 len = strlen(ses->domainName); 546 547 domain = kmalloc(2 + (len * 2), GFP_KERNEL); 548 if (domain == NULL) { 549 rc = -ENOMEM; 550 return rc; 551 } 552 len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len, 553 nls_cp); 554 rc = 555 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 556 (char *)domain, 2 * len); 557 kfree(domain); 558 if (rc) { 559 cifs_dbg(VFS, "%s: Could not update with domain\n", 560 __func__); 561 return rc; 562 } 563 } else { 564 /* We use ses->serverName if no domain name available */ 565 len = strlen(ses->serverName); 566 567 server = kmalloc(2 + (len * 2), GFP_KERNEL); 568 if (server == NULL) { 569 rc = -ENOMEM; 570 return rc; 571 } 572 len = cifs_strtoUTF16((__le16 *)server, ses->serverName, len, 573 nls_cp); 574 rc = 575 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 576 (char *)server, 2 * len); 577 kfree(server); 578 if (rc) { 579 cifs_dbg(VFS, "%s: Could not update with server\n", 580 __func__); 581 return rc; 582 } 583 } 584 585 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 586 ntlmv2_hash); 587 if (rc) 588 cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); 589 590 return rc; 591} 592 593static int 594CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) 595{ 596 int rc; 597 struct ntlmv2_resp *ntlmv2 = (struct ntlmv2_resp *) 598 (ses->auth_key.response + CIFS_SESS_KEY_SIZE); 599 unsigned int hash_len; 600 601 /* The MD5 hash starts at challenge_key.key */ 602 hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE + 603 offsetof(struct ntlmv2_resp, challenge.key[0])); 604 605 if (!ses->server->secmech.sdeschmacmd5) { 606 cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); 607 return -1; 608 } 609 610 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, 611 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); 612 if (rc) { 613 cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", 614 __func__); 615 return rc; 616 } 617 618 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 619 if (rc) { 620 cifs_dbg(VFS, "%s: could not init hmacmd5\n", __func__); 621 return rc; 622 } 623 624 if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) 625 memcpy(ntlmv2->challenge.key, 626 ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); 627 else 628 memcpy(ntlmv2->challenge.key, 629 ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); 630 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 631 ntlmv2->challenge.key, hash_len); 632 if (rc) { 633 cifs_dbg(VFS, "%s: Could not update with response\n", __func__); 634 return rc; 635 } 636 637 /* Note that the MD5 digest over writes anon.challenge_key.key */ 638 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 639 ntlmv2->ntlmv2_hash); 640 if (rc) 641 cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); 642 643 return rc; 644} 645 646static int crypto_hmacmd5_alloc(struct TCP_Server_Info *server) 647{ 648 int rc; 649 unsigned int size; 650 651 /* check if already allocated */ 652 if (server->secmech.sdeschmacmd5) 653 return 0; 654 655 server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0); 656 if (IS_ERR(server->secmech.hmacmd5)) { 657 cifs_dbg(VFS, "could not allocate crypto hmacmd5\n"); 658 rc = PTR_ERR(server->secmech.hmacmd5); 659 server->secmech.hmacmd5 = NULL; 660 return rc; 661 } 662 663 size = sizeof(struct shash_desc) + 664 crypto_shash_descsize(server->secmech.hmacmd5); 665 server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL); 666 if (!server->secmech.sdeschmacmd5) { 667 crypto_free_shash(server->secmech.hmacmd5); 668 server->secmech.hmacmd5 = NULL; 669 return -ENOMEM; 670 } 671 server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5; 672 server->secmech.sdeschmacmd5->shash.flags = 0x0; 673 674 return 0; 675} 676 677int 678setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) 679{ 680 int rc; 681 int baselen; 682 unsigned int tilen; 683 struct ntlmv2_resp *ntlmv2; 684 char ntlmv2_hash[16]; 685 unsigned char *tiblob = NULL; /* target info blob */ 686 __le64 rsp_timestamp; 687 688 if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) { 689 if (!ses->domainName) { 690 rc = find_domain_name(ses, nls_cp); 691 if (rc) { 692 cifs_dbg(VFS, "error %d finding domain name\n", 693 rc); 694 goto setup_ntlmv2_rsp_ret; 695 } 696 } 697 } else { 698 rc = build_avpair_blob(ses, nls_cp); 699 if (rc) { 700 cifs_dbg(VFS, "error %d building av pair blob\n", rc); 701 goto setup_ntlmv2_rsp_ret; 702 } 703 } 704 705 /* Must be within 5 minutes of the server (or in range +/-2h 706 * in case of Mac OS X), so simply carry over server timestamp 707 * (as Windows 7 does) 708 */ 709 rsp_timestamp = find_timestamp(ses); 710 711 baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp); 712 tilen = ses->auth_key.len; 713 tiblob = ses->auth_key.response; 714 715 ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL); 716 if (!ses->auth_key.response) { 717 rc = -ENOMEM; 718 ses->auth_key.len = 0; 719 goto setup_ntlmv2_rsp_ret; 720 } 721 ses->auth_key.len += baselen; 722 723 ntlmv2 = (struct ntlmv2_resp *) 724 (ses->auth_key.response + CIFS_SESS_KEY_SIZE); 725 ntlmv2->blob_signature = cpu_to_le32(0x00000101); 726 ntlmv2->reserved = 0; 727 ntlmv2->time = rsp_timestamp; 728 729 get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal)); 730 ntlmv2->reserved2 = 0; 731 732 memcpy(ses->auth_key.response + baselen, tiblob, tilen); 733 734 rc = crypto_hmacmd5_alloc(ses->server); 735 if (rc) { 736 cifs_dbg(VFS, "could not crypto alloc hmacmd5 rc %d\n", rc); 737 goto setup_ntlmv2_rsp_ret; 738 } 739 740 /* calculate ntlmv2_hash */ 741 rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp); 742 if (rc) { 743 cifs_dbg(VFS, "could not get v2 hash rc %d\n", rc); 744 goto setup_ntlmv2_rsp_ret; 745 } 746 747 /* calculate first part of the client response (CR1) */ 748 rc = CalcNTLMv2_response(ses, ntlmv2_hash); 749 if (rc) { 750 cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc); 751 goto setup_ntlmv2_rsp_ret; 752 } 753 754 /* now calculate the session key for NTLMv2 */ 755 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, 756 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); 757 if (rc) { 758 cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", 759 __func__); 760 goto setup_ntlmv2_rsp_ret; 761 } 762 763 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 764 if (rc) { 765 cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__); 766 goto setup_ntlmv2_rsp_ret; 767 } 768 769 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 770 ntlmv2->ntlmv2_hash, 771 CIFS_HMAC_MD5_HASH_SIZE); 772 if (rc) { 773 cifs_dbg(VFS, "%s: Could not update with response\n", __func__); 774 goto setup_ntlmv2_rsp_ret; 775 } 776 777 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 778 ses->auth_key.response); 779 if (rc) 780 cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); 781 782setup_ntlmv2_rsp_ret: 783 kfree(tiblob); 784 785 return rc; 786} 787 788int 789calc_seckey(struct cifs_ses *ses) 790{ 791 int rc; 792 struct crypto_blkcipher *tfm_arc4; 793 struct scatterlist sgin, sgout; 794 struct blkcipher_desc desc; 795 unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */ 796 797 get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE); 798 799 tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); 800 if (IS_ERR(tfm_arc4)) { 801 rc = PTR_ERR(tfm_arc4); 802 cifs_dbg(VFS, "could not allocate crypto API arc4\n"); 803 return rc; 804 } 805 806 desc.tfm = tfm_arc4; 807 808 rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response, 809 CIFS_SESS_KEY_SIZE); 810 if (rc) { 811 cifs_dbg(VFS, "%s: Could not set response as a key\n", 812 __func__); 813 return rc; 814 } 815 816 sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); 817 sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); 818 819 rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE); 820 if (rc) { 821 cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc); 822 crypto_free_blkcipher(tfm_arc4); 823 return rc; 824 } 825 826 /* make secondary_key/nonce as session key */ 827 memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE); 828 /* and make len as that of session key only */ 829 ses->auth_key.len = CIFS_SESS_KEY_SIZE; 830 831 crypto_free_blkcipher(tfm_arc4); 832 833 return rc; 834} 835 836void 837cifs_crypto_shash_release(struct TCP_Server_Info *server) 838{ 839 if (server->secmech.cmacaes) { 840 crypto_free_shash(server->secmech.cmacaes); 841 server->secmech.cmacaes = NULL; 842 } 843 844 if (server->secmech.hmacsha256) { 845 crypto_free_shash(server->secmech.hmacsha256); 846 server->secmech.hmacsha256 = NULL; 847 } 848 849 if (server->secmech.md5) { 850 crypto_free_shash(server->secmech.md5); 851 server->secmech.md5 = NULL; 852 } 853 854 if (server->secmech.hmacmd5) { 855 crypto_free_shash(server->secmech.hmacmd5); 856 server->secmech.hmacmd5 = NULL; 857 } 858 859 kfree(server->secmech.sdesccmacaes); 860 server->secmech.sdesccmacaes = NULL; 861 kfree(server->secmech.sdeschmacsha256); 862 server->secmech.sdeschmacsha256 = NULL; 863 kfree(server->secmech.sdeschmacmd5); 864 server->secmech.sdeschmacmd5 = NULL; 865 kfree(server->secmech.sdescmd5); 866 server->secmech.sdescmd5 = NULL; 867} 868