]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * fs/cifs/cifsencrypt.c | |
3 | * | |
12b3b8ff | 4 | * Copyright (C) International Business Machines Corp., 2005,2006 |
1da177e4 LT |
5 | * Author(s): Steve French (sfrench@us.ibm.com) |
6 | * | |
7 | * This library is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU Lesser General Public License as published | |
9 | * by the Free Software Foundation; either version 2.1 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
15 | * the GNU Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public License | |
18 | * along with this library; if not, write to the Free Software | |
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
20 | */ | |
21 | ||
22 | #include <linux/fs.h> | |
5a0e3ad6 | 23 | #include <linux/slab.h> |
1da177e4 | 24 | #include "cifspdu.h" |
ffdd6e4d | 25 | #include "cifsglob.h" |
1da177e4 LT |
26 | #include "cifs_debug.h" |
27 | #include "md5.h" | |
28 | #include "cifs_unicode.h" | |
29 | #include "cifsproto.h" | |
9fbc5908 | 30 | #include "ntlmssp.h" |
7c7b25bc | 31 | #include <linux/ctype.h> |
6d027cfd | 32 | #include <linux/random.h> |
1da177e4 | 33 | |
ffdd6e4d | 34 | /* Calculate and return the CIFS signature based on the mac key and SMB PDU */ |
1da177e4 LT |
35 | /* the 16 byte signature must be allocated by the caller */ |
36 | /* Note we only use the 1st eight bytes */ | |
ffdd6e4d | 37 | /* Note that the smb header signature field on input contains the |
1da177e4 LT |
38 | sequence number before this function is called */ |
39 | ||
40 | extern void mdfour(unsigned char *out, unsigned char *in, int n); | |
41 | extern void E_md4hash(const unsigned char *passwd, unsigned char *p16); | |
4e53a3fb | 42 | extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8, |
ffdd6e4d | 43 | unsigned char *p24); |
50c2f753 | 44 | |
ffdd6e4d | 45 | static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, |
9fbc5908 | 46 | struct TCP_Server_Info *server, char *signature) |
1da177e4 | 47 | { |
2d20ca83 | 48 | int rc; |
1da177e4 | 49 | |
9fbc5908 | 50 | if (cifs_pdu == NULL || server == NULL || signature == NULL) |
1da177e4 LT |
51 | return -EINVAL; |
52 | ||
2d20ca83 | 53 | if (!server->ntlmssp.sdescmd5) { |
54 | cERROR(1, | |
55 | "cifs_calculate_signature: can't generate signature\n"); | |
56 | return -1; | |
57 | } | |
9fbc5908 | 58 | |
2d20ca83 | 59 | rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash); |
9fbc5908 | 60 | if (rc) { |
2d20ca83 | 61 | cERROR(1, "cifs_calculate_signature: oould not init md5\n"); |
9fbc5908 SF |
62 | return rc; |
63 | } | |
64 | ||
65 | if (server->secType == RawNTLMSSP) | |
2d20ca83 | 66 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 SF |
67 | server->session_key.data.ntlmv2.key, |
68 | CIFS_NTLMV2_SESSKEY_SIZE); | |
69 | else | |
2d20ca83 | 70 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 SF |
71 | (char *)&server->session_key.data, |
72 | server->session_key.len); | |
73 | ||
2d20ca83 | 74 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 SF |
75 | cifs_pdu->Protocol, cifs_pdu->smb_buf_length); |
76 | ||
2d20ca83 | 77 | rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature); |
b609f06a | 78 | |
2d20ca83 | 79 | return rc; |
1da177e4 LT |
80 | } |
81 | ||
9fbc5908 | 82 | |
ffdd6e4d SF |
83 | int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, |
84 | __u32 *pexpected_response_sequence_number) | |
1da177e4 LT |
85 | { |
86 | int rc = 0; | |
87 | char smb_signature[20]; | |
88 | ||
ffdd6e4d | 89 | if ((cifs_pdu == NULL) || (server == NULL)) |
1da177e4 LT |
90 | return -EINVAL; |
91 | ||
ffdd6e4d | 92 | if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0) |
1da177e4 LT |
93 | return rc; |
94 | ||
95 | spin_lock(&GlobalMid_Lock); | |
50c2f753 SF |
96 | cifs_pdu->Signature.Sequence.SequenceNumber = |
97 | cpu_to_le32(server->sequence_number); | |
1da177e4 | 98 | cifs_pdu->Signature.Sequence.Reserved = 0; |
50c2f753 | 99 | |
ad009ac9 SF |
100 | *pexpected_response_sequence_number = server->sequence_number++; |
101 | server->sequence_number++; | |
1da177e4 LT |
102 | spin_unlock(&GlobalMid_Lock); |
103 | ||
9fbc5908 | 104 | rc = cifs_calculate_signature(cifs_pdu, server, smb_signature); |
ffdd6e4d | 105 | if (rc) |
1da177e4 LT |
106 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
107 | else | |
108 | memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); | |
109 | ||
110 | return rc; | |
111 | } | |
112 | ||
ffdd6e4d | 113 | static int cifs_calc_signature2(const struct kvec *iov, int n_vec, |
9fbc5908 | 114 | struct TCP_Server_Info *server, char *signature) |
84afc29b | 115 | { |
e9917a00 | 116 | int i; |
2d20ca83 | 117 | int rc; |
84afc29b | 118 | |
9fbc5908 | 119 | if (iov == NULL || server == NULL || signature == NULL) |
e9917a00 | 120 | return -EINVAL; |
84afc29b | 121 | |
2d20ca83 | 122 | if (!server->ntlmssp.sdescmd5) { |
123 | cERROR(1, "cifs_calc_signature2: can't generate signature\n"); | |
124 | return -1; | |
125 | } | |
9fbc5908 | 126 | |
2d20ca83 | 127 | rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash); |
9fbc5908 | 128 | if (rc) { |
2d20ca83 | 129 | cERROR(1, "cifs_calc_signature2: oould not init md5\n"); |
9fbc5908 SF |
130 | return rc; |
131 | } | |
132 | ||
133 | if (server->secType == RawNTLMSSP) | |
2d20ca83 | 134 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 SF |
135 | server->session_key.data.ntlmv2.key, |
136 | CIFS_NTLMV2_SESSKEY_SIZE); | |
137 | else | |
2d20ca83 | 138 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 SF |
139 | (char *)&server->session_key.data, |
140 | server->session_key.len); | |
141 | ||
50c2f753 | 142 | for (i = 0; i < n_vec; i++) { |
745542e2 JL |
143 | if (iov[i].iov_len == 0) |
144 | continue; | |
ffdd6e4d | 145 | if (iov[i].iov_base == NULL) { |
2d20ca83 | 146 | cERROR(1, "cifs_calc_signature2: null iovec entry"); |
e9917a00 | 147 | return -EIO; |
745542e2 | 148 | } |
ffdd6e4d | 149 | /* The first entry includes a length field (which does not get |
e9917a00 | 150 | signed that occupies the first 4 bytes before the header */ |
ffdd6e4d | 151 | if (i == 0) { |
63d2583f | 152 | if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ |
e9917a00 | 153 | break; /* nothing to sign or corrupt header */ |
2d20ca83 | 154 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 | 155 | iov[i].iov_base + 4, iov[i].iov_len - 4); |
e9917a00 | 156 | } else |
2d20ca83 | 157 | crypto_shash_update(&server->ntlmssp.sdescmd5->shash, |
9fbc5908 | 158 | iov[i].iov_base, iov[i].iov_len); |
e9917a00 | 159 | } |
84afc29b | 160 | |
2d20ca83 | 161 | rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature); |
84afc29b | 162 | |
2d20ca83 | 163 | return rc; |
84afc29b SF |
164 | } |
165 | ||
ffdd6e4d | 166 | int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, |
63d2583f | 167 | __u32 *pexpected_response_sequence_number) |
84afc29b SF |
168 | { |
169 | int rc = 0; | |
170 | char smb_signature[20]; | |
ffdd6e4d | 171 | struct smb_hdr *cifs_pdu = iov[0].iov_base; |
84afc29b | 172 | |
ffdd6e4d | 173 | if ((cifs_pdu == NULL) || (server == NULL)) |
84afc29b SF |
174 | return -EINVAL; |
175 | ||
ffdd6e4d | 176 | if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0) |
84afc29b SF |
177 | return rc; |
178 | ||
ffdd6e4d SF |
179 | spin_lock(&GlobalMid_Lock); |
180 | cifs_pdu->Signature.Sequence.SequenceNumber = | |
84afc29b | 181 | cpu_to_le32(server->sequence_number); |
ffdd6e4d | 182 | cifs_pdu->Signature.Sequence.Reserved = 0; |
84afc29b | 183 | |
ffdd6e4d SF |
184 | *pexpected_response_sequence_number = server->sequence_number++; |
185 | server->sequence_number++; | |
186 | spin_unlock(&GlobalMid_Lock); | |
84afc29b | 187 | |
9fbc5908 | 188 | rc = cifs_calc_signature2(iov, n_vec, server, smb_signature); |
ffdd6e4d SF |
189 | if (rc) |
190 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); | |
191 | else | |
192 | memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8); | |
84afc29b | 193 | |
ffdd6e4d | 194 | return rc; |
84afc29b SF |
195 | } |
196 | ||
b609f06a | 197 | int cifs_verify_signature(struct smb_hdr *cifs_pdu, |
9fbc5908 | 198 | struct TCP_Server_Info *server, |
ffdd6e4d | 199 | __u32 expected_sequence_number) |
1da177e4 | 200 | { |
9fbc5908 | 201 | int rc; |
1da177e4 LT |
202 | char server_response_sig[8]; |
203 | char what_we_think_sig_should_be[20]; | |
204 | ||
9fbc5908 | 205 | if (cifs_pdu == NULL || server == NULL) |
1da177e4 LT |
206 | return -EINVAL; |
207 | ||
208 | if (cifs_pdu->Command == SMB_COM_NEGOTIATE) | |
209 | return 0; | |
210 | ||
211 | if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) { | |
50c2f753 | 212 | struct smb_com_lock_req *pSMB = |
ffdd6e4d SF |
213 | (struct smb_com_lock_req *)cifs_pdu; |
214 | if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE) | |
1da177e4 LT |
215 | return 0; |
216 | } | |
217 | ||
50c2f753 SF |
218 | /* BB what if signatures are supposed to be on for session but |
219 | server does not send one? BB */ | |
220 | ||
1da177e4 | 221 | /* Do not need to verify session setups with signature "BSRSPYL " */ |
50c2f753 | 222 | if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0) |
b6b38f70 JP |
223 | cFYI(1, "dummy signature received for smb command 0x%x", |
224 | cifs_pdu->Command); | |
1da177e4 LT |
225 | |
226 | /* save off the origiginal signature so we can modify the smb and check | |
227 | its signature against what the server sent */ | |
50c2f753 | 228 | memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8); |
1da177e4 | 229 | |
50c2f753 SF |
230 | cifs_pdu->Signature.Sequence.SequenceNumber = |
231 | cpu_to_le32(expected_sequence_number); | |
1da177e4 LT |
232 | cifs_pdu->Signature.Sequence.Reserved = 0; |
233 | ||
9fbc5908 | 234 | rc = cifs_calculate_signature(cifs_pdu, server, |
1da177e4 LT |
235 | what_we_think_sig_should_be); |
236 | ||
50c2f753 | 237 | if (rc) |
1da177e4 LT |
238 | return rc; |
239 | ||
50c2f753 SF |
240 | /* cifs_dump_mem("what we think it should be: ", |
241 | what_we_think_sig_should_be, 16); */ | |
1da177e4 | 242 | |
50c2f753 | 243 | if (memcmp(server_response_sig, what_we_think_sig_should_be, 8)) |
1da177e4 LT |
244 | return -EACCES; |
245 | else | |
246 | return 0; | |
247 | ||
248 | } | |
249 | ||
250 | /* We fill in key by putting in 40 byte array which was allocated by caller */ | |
9fbc5908 | 251 | int cifs_calculate_session_key(struct session_key *key, const char *rn, |
b609f06a | 252 | const char *password) |
1da177e4 LT |
253 | { |
254 | char temp_key[16]; | |
255 | if ((key == NULL) || (rn == NULL)) | |
256 | return -EINVAL; | |
257 | ||
258 | E_md4hash(password, temp_key); | |
b609f06a SF |
259 | mdfour(key->data.ntlm, temp_key, 16); |
260 | memcpy(key->data.ntlm+16, rn, CIFS_SESS_KEY_SIZE); | |
261 | key->len = 40; | |
1da177e4 LT |
262 | return 0; |
263 | } | |
264 | ||
7c7b25bc | 265 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
4e53a3fb JL |
266 | void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, |
267 | char *lnm_session_key) | |
7c7b25bc SF |
268 | { |
269 | int i; | |
270 | char password_with_pad[CIFS_ENCPWD_SIZE]; | |
271 | ||
272 | memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); | |
4e53a3fb JL |
273 | if (password) |
274 | strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE); | |
275 | ||
04912d6a | 276 | if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) { |
4e53a3fb JL |
277 | memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE); |
278 | memcpy(lnm_session_key, password_with_pad, | |
279 | CIFS_ENCPWD_SIZE); | |
280 | return; | |
281 | } | |
bdc4bf6e | 282 | |
7c7b25bc SF |
283 | /* calculate old style session key */ |
284 | /* calling toupper is less broken than repeatedly | |
285 | calling nls_toupper would be since that will never | |
286 | work for UTF8, but neither handles multibyte code pages | |
287 | but the only alternative would be converting to UCS-16 (Unicode) | |
288 | (using a routine something like UniStrupr) then | |
289 | uppercasing and then converting back from Unicode - which | |
290 | would only worth doing it if we knew it were utf8. Basically | |
291 | utf8 and other multibyte codepages each need their own strupper | |
292 | function since a byte at a time will ont work. */ | |
293 | ||
ef571cad | 294 | for (i = 0; i < CIFS_ENCPWD_SIZE; i++) |
7c7b25bc | 295 | password_with_pad[i] = toupper(password_with_pad[i]); |
7c7b25bc | 296 | |
4e53a3fb JL |
297 | SMBencrypt(password_with_pad, cryptkey, lnm_session_key); |
298 | ||
7c7b25bc SF |
299 | /* clear password before we return/free memory */ |
300 | memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); | |
301 | } | |
302 | #endif /* CIFS_WEAK_PW_HASH */ | |
303 | ||
50c2f753 SF |
304 | static int calc_ntlmv2_hash(struct cifsSesInfo *ses, |
305 | const struct nls_table *nls_cp) | |
a8ee0344 SF |
306 | { |
307 | int rc = 0; | |
308 | int len; | |
9fbc5908 | 309 | char nt_hash[CIFS_NTHASH_SIZE]; |
50c2f753 SF |
310 | wchar_t *user; |
311 | wchar_t *domain; | |
9fbc5908 | 312 | wchar_t *server; |
2d20ca83 | 313 | |
314 | if (!ses->server->ntlmssp.sdeschmacmd5) { | |
315 | cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n"); | |
316 | return -1; | |
317 | } | |
a8ee0344 SF |
318 | |
319 | /* calculate md4 hash of password */ | |
320 | E_md4hash(ses->password, nt_hash); | |
321 | ||
9fbc5908 SF |
322 | crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash, |
323 | CIFS_NTHASH_SIZE); | |
324 | ||
2d20ca83 | 325 | rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash); |
9fbc5908 | 326 | if (rc) { |
2d20ca83 | 327 | cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5\n"); |
9fbc5908 SF |
328 | return rc; |
329 | } | |
a8ee0344 SF |
330 | |
331 | /* convert ses->userName to unicode and uppercase */ | |
1717ffc5 SF |
332 | len = strlen(ses->userName); |
333 | user = kmalloc(2 + (len * 2), GFP_KERNEL); | |
2d20ca83 | 334 | if (user == NULL) { |
335 | cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n"); | |
336 | rc = -ENOMEM; | |
1717ffc5 | 337 | goto calc_exit_2; |
2d20ca83 | 338 | } |
8f2376ad | 339 | len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp); |
1717ffc5 | 340 | UniStrupr(user); |
9fbc5908 | 341 | |
2d20ca83 | 342 | crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash, |
343 | (char *)user, 2 * len); | |
a8ee0344 SF |
344 | |
345 | /* convert ses->domainName to unicode and uppercase */ | |
50c2f753 | 346 | if (ses->domainName) { |
1717ffc5 | 347 | len = strlen(ses->domainName); |
a8ee0344 | 348 | |
50c2f753 | 349 | domain = kmalloc(2 + (len * 2), GFP_KERNEL); |
2d20ca83 | 350 | if (domain == NULL) { |
351 | cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure"); | |
352 | rc = -ENOMEM; | |
1717ffc5 | 353 | goto calc_exit_1; |
2d20ca83 | 354 | } |
8f2376ad CG |
355 | len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len, |
356 | nls_cp); | |
b609f06a SF |
357 | /* the following line was removed since it didn't work well |
358 | with lower cased domain name that passed as an option. | |
359 | Maybe converting the domain name earlier makes sense */ | |
360 | /* UniStrupr(domain); */ | |
a8ee0344 | 361 | |
2d20ca83 | 362 | crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash, |
363 | (char *)domain, 2 * len); | |
50c2f753 | 364 | |
1717ffc5 | 365 | kfree(domain); |
9fbc5908 SF |
366 | } else if (ses->serverName) { |
367 | len = strlen(ses->serverName); | |
368 | ||
369 | server = kmalloc(2 + (len * 2), GFP_KERNEL); | |
2d20ca83 | 370 | if (server == NULL) { |
371 | cERROR(1, "calc_ntlmv2_hash: server mem alloc failure"); | |
372 | rc = -ENOMEM; | |
9fbc5908 | 373 | goto calc_exit_1; |
2d20ca83 | 374 | } |
9fbc5908 SF |
375 | len = cifs_strtoUCS((__le16 *)server, ses->serverName, len, |
376 | nls_cp); | |
377 | /* the following line was removed since it didn't work well | |
378 | with lower cased domain name that passed as an option. | |
379 | Maybe converting the domain name earlier makes sense */ | |
380 | /* UniStrupr(domain); */ | |
381 | ||
2d20ca83 | 382 | crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash, |
383 | (char *)server, 2 * len); | |
9fbc5908 SF |
384 | |
385 | kfree(server); | |
1717ffc5 | 386 | } |
2d20ca83 | 387 | |
388 | rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash, | |
389 | ses->server->ntlmv2_hash); | |
390 | ||
1717ffc5 SF |
391 | calc_exit_1: |
392 | kfree(user); | |
393 | calc_exit_2: | |
50c2f753 | 394 | /* BB FIXME what about bytes 24 through 40 of the signing key? |
1717ffc5 | 395 | compare with the NTLM example */ |
a8ee0344 SF |
396 | |
397 | return rc; | |
398 | } | |
399 | ||
9fbc5908 SF |
400 | static int |
401 | find_domain_name(struct cifsSesInfo *ses) | |
402 | { | |
403 | int rc = 0; | |
404 | unsigned int attrsize; | |
405 | unsigned int type; | |
406 | unsigned char *blobptr; | |
407 | struct ntlmssp2_name *attrptr; | |
408 | ||
409 | if (ses->server->tiblob) { | |
410 | blobptr = ses->server->tiblob; | |
411 | attrptr = (struct ntlmssp2_name *) blobptr; | |
412 | ||
413 | while ((type = attrptr->type) != 0) { | |
414 | blobptr += 2; /* advance attr type */ | |
415 | attrsize = attrptr->length; | |
416 | blobptr += 2; /* advance attr size */ | |
417 | if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { | |
418 | if (!ses->domainName) { | |
419 | ses->domainName = | |
420 | kmalloc(attrptr->length + 1, | |
421 | GFP_KERNEL); | |
422 | if (!ses->domainName) | |
423 | return -ENOMEM; | |
424 | cifs_from_ucs2(ses->domainName, | |
425 | (__le16 *)blobptr, | |
426 | attrptr->length, | |
427 | attrptr->length, | |
428 | load_nls_default(), false); | |
429 | } | |
430 | } | |
431 | blobptr += attrsize; /* advance attr value */ | |
432 | attrptr = (struct ntlmssp2_name *) blobptr; | |
433 | } | |
434 | } else { | |
435 | ses->server->tilen = 2 * sizeof(struct ntlmssp2_name); | |
436 | ses->server->tiblob = kmalloc(ses->server->tilen, GFP_KERNEL); | |
437 | if (!ses->server->tiblob) { | |
438 | ses->server->tilen = 0; | |
439 | cERROR(1, "Challenge target info allocation failure"); | |
440 | return -ENOMEM; | |
441 | } | |
442 | memset(ses->server->tiblob, 0x0, ses->server->tilen); | |
443 | attrptr = (struct ntlmssp2_name *) ses->server->tiblob; | |
444 | attrptr->type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE); | |
445 | } | |
446 | ||
447 | return rc; | |
448 | } | |
449 | ||
450 | static int | |
451 | CalcNTLMv2_response(const struct TCP_Server_Info *server, | |
452 | char *v2_session_response) | |
6d027cfd | 453 | { |
a8ee0344 | 454 | int rc; |
9fbc5908 | 455 | |
2d20ca83 | 456 | if (!server->ntlmssp.sdeschmacmd5) { |
457 | cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n"); | |
458 | return -1; | |
459 | } | |
9fbc5908 SF |
460 | |
461 | crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash, | |
462 | CIFS_HMAC_MD5_HASH_SIZE); | |
463 | ||
2d20ca83 | 464 | rc = crypto_shash_init(&server->ntlmssp.sdeschmacmd5->shash); |
9fbc5908 | 465 | if (rc) { |
2d20ca83 | 466 | cERROR(1, "CalcNTLMv2_response: could not init hmacmd5"); |
9fbc5908 SF |
467 | return rc; |
468 | } | |
469 | ||
470 | memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE, | |
471 | server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE); | |
2d20ca83 | 472 | crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash, |
9fbc5908 SF |
473 | v2_session_response + CIFS_SERVER_CHALLENGE_SIZE, |
474 | sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE); | |
475 | ||
476 | if (server->tilen) | |
2d20ca83 | 477 | crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash, |
9fbc5908 SF |
478 | server->tiblob, server->tilen); |
479 | ||
2d20ca83 | 480 | rc = crypto_shash_final(&server->ntlmssp.sdeschmacmd5->shash, |
481 | v2_session_response); | |
9fbc5908 SF |
482 | |
483 | return rc; | |
484 | } | |
485 | ||
486 | int | |
487 | setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, | |
488 | const struct nls_table *nls_cp) | |
489 | { | |
490 | int rc = 0; | |
50c2f753 | 491 | struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf; |
6d027cfd SF |
492 | |
493 | buf->blob_signature = cpu_to_le32(0x00000101); | |
494 | buf->reserved = 0; | |
495 | buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); | |
1717ffc5 | 496 | get_random_bytes(&buf->client_chal, sizeof(buf->client_chal)); |
6d027cfd | 497 | buf->reserved2 = 0; |
9fbc5908 SF |
498 | |
499 | if (!ses->domainName) { | |
500 | rc = find_domain_name(ses); | |
501 | if (rc) { | |
502 | cERROR(1, "could not get domain/server name rc %d", rc); | |
503 | return rc; | |
504 | } | |
505 | } | |
a8ee0344 | 506 | |
6d027cfd | 507 | /* calculate buf->ntlmv2_hash */ |
1717ffc5 | 508 | rc = calc_ntlmv2_hash(ses, nls_cp); |
9fbc5908 SF |
509 | if (rc) { |
510 | cERROR(1, "could not get v2 hash rc %d", rc); | |
511 | return rc; | |
512 | } | |
513 | rc = CalcNTLMv2_response(ses->server, resp_buf); | |
514 | if (rc) { | |
b6b38f70 | 515 | cERROR(1, "could not get v2 hash rc %d", rc); |
9fbc5908 SF |
516 | return rc; |
517 | } | |
518 | ||
2d20ca83 | 519 | if (!ses->server->ntlmssp.sdeschmacmd5) { |
520 | cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n"); | |
521 | return -1; | |
522 | } | |
523 | ||
9fbc5908 SF |
524 | crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, |
525 | ses->server->ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); | |
526 | ||
2d20ca83 | 527 | rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash); |
9fbc5908 | 528 | if (rc) { |
2d20ca83 | 529 | cERROR(1, "setup_ntlmv2_rsp: could not init hmacmd5\n"); |
9fbc5908 SF |
530 | return rc; |
531 | } | |
532 | ||
2d20ca83 | 533 | crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash, |
534 | resp_buf, CIFS_HMAC_MD5_HASH_SIZE); | |
b609f06a | 535 | |
2d20ca83 | 536 | rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash, |
9fbc5908 | 537 | ses->server->session_key.data.ntlmv2.key); |
b609f06a | 538 | |
9fbc5908 SF |
539 | memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf, |
540 | sizeof(struct ntlmv2_resp)); | |
541 | ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp); | |
542 | ||
543 | return rc; | |
6d027cfd SF |
544 | } |
545 | ||
9fbc5908 SF |
546 | int |
547 | calc_seckey(struct TCP_Server_Info *server) | |
1da177e4 | 548 | { |
9fbc5908 SF |
549 | int rc; |
550 | unsigned char sec_key[CIFS_NTLMV2_SESSKEY_SIZE]; | |
551 | struct crypto_blkcipher *tfm_arc4; | |
552 | struct scatterlist sgin, sgout; | |
553 | struct blkcipher_desc desc; | |
554 | ||
555 | get_random_bytes(sec_key, CIFS_NTLMV2_SESSKEY_SIZE); | |
556 | ||
557 | tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", | |
558 | 0, CRYPTO_ALG_ASYNC); | |
559 | if (!tfm_arc4 || IS_ERR(tfm_arc4)) { | |
560 | cERROR(1, "could not allocate " "master crypto API arc4\n"); | |
561 | return 1; | |
562 | } | |
563 | ||
3ec6bbcd SP |
564 | desc.tfm = tfm_arc4; |
565 | ||
9fbc5908 SF |
566 | crypto_blkcipher_setkey(tfm_arc4, |
567 | server->session_key.data.ntlmv2.key, CIFS_CPHTXT_SIZE); | |
568 | sg_init_one(&sgin, sec_key, CIFS_CPHTXT_SIZE); | |
569 | sg_init_one(&sgout, server->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE); | |
570 | rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE); | |
571 | ||
572 | if (!rc) | |
573 | memcpy(server->session_key.data.ntlmv2.key, | |
574 | sec_key, CIFS_NTLMV2_SESSKEY_SIZE); | |
1da177e4 | 575 | |
9fbc5908 | 576 | crypto_free_blkcipher(tfm_arc4); |
1da177e4 | 577 | |
9fbc5908 SF |
578 | return 0; |
579 | } | |
580 | ||
581 | void | |
582 | cifs_crypto_shash_release(struct TCP_Server_Info *server) | |
583 | { | |
584 | if (server->ntlmssp.md5) | |
585 | crypto_free_shash(server->ntlmssp.md5); | |
586 | ||
587 | if (server->ntlmssp.hmacmd5) | |
588 | crypto_free_shash(server->ntlmssp.hmacmd5); | |
2d20ca83 | 589 | |
590 | kfree(server->ntlmssp.sdeschmacmd5); | |
591 | ||
592 | kfree(server->ntlmssp.sdescmd5); | |
9fbc5908 SF |
593 | } |
594 | ||
595 | int | |
596 | cifs_crypto_shash_allocate(struct TCP_Server_Info *server) | |
597 | { | |
2d20ca83 | 598 | int rc; |
599 | unsigned int size; | |
600 | ||
9fbc5908 SF |
601 | server->ntlmssp.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0); |
602 | if (!server->ntlmssp.hmacmd5 || | |
603 | IS_ERR(server->ntlmssp.hmacmd5)) { | |
2d20ca83 | 604 | cERROR(1, "could not allocate crypto hmacmd5\n"); |
9fbc5908 SF |
605 | return 1; |
606 | } | |
607 | ||
608 | server->ntlmssp.md5 = crypto_alloc_shash("md5", 0, 0); | |
609 | if (!server->ntlmssp.md5 || IS_ERR(server->ntlmssp.md5)) { | |
2d20ca83 | 610 | cERROR(1, "could not allocate crypto md5\n"); |
611 | rc = 1; | |
612 | goto cifs_crypto_shash_allocate_ret1; | |
9fbc5908 SF |
613 | } |
614 | ||
2d20ca83 | 615 | size = sizeof(struct shash_desc) + |
616 | crypto_shash_descsize(server->ntlmssp.hmacmd5); | |
617 | server->ntlmssp.sdeschmacmd5 = kmalloc(size, GFP_KERNEL); | |
618 | if (!server->ntlmssp.sdeschmacmd5) { | |
619 | cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5\n"); | |
620 | rc = -ENOMEM; | |
621 | goto cifs_crypto_shash_allocate_ret2; | |
622 | } | |
623 | server->ntlmssp.sdeschmacmd5->shash.tfm = server->ntlmssp.hmacmd5; | |
624 | server->ntlmssp.sdeschmacmd5->shash.flags = 0x0; | |
625 | ||
626 | ||
627 | size = sizeof(struct shash_desc) + | |
628 | crypto_shash_descsize(server->ntlmssp.md5); | |
629 | server->ntlmssp.sdescmd5 = kmalloc(size, GFP_KERNEL); | |
630 | if (!server->ntlmssp.sdescmd5) { | |
631 | cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5\n"); | |
632 | rc = -ENOMEM; | |
633 | goto cifs_crypto_shash_allocate_ret3; | |
634 | } | |
635 | server->ntlmssp.sdescmd5->shash.tfm = server->ntlmssp.md5; | |
636 | server->ntlmssp.sdescmd5->shash.flags = 0x0; | |
637 | ||
9fbc5908 | 638 | return 0; |
2d20ca83 | 639 | |
640 | cifs_crypto_shash_allocate_ret3: | |
641 | kfree(server->ntlmssp.sdeschmacmd5); | |
642 | ||
643 | cifs_crypto_shash_allocate_ret2: | |
644 | crypto_free_shash(server->ntlmssp.md5); | |
645 | ||
646 | cifs_crypto_shash_allocate_ret1: | |
647 | crypto_free_shash(server->ntlmssp.hmacmd5); | |
648 | ||
649 | return rc; | |
1da177e4 | 650 | } |