1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/kernel.h>
8 #include <linux/fs.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/aead.h>
15 #include <crypto/aes-cbc-macs.h>
16 #include <crypto/md5.h>
17 #include <crypto/sha2.h>
18 #include <crypto/utils.h>
19 #include <linux/random.h>
20 #include <linux/scatterlist.h>
21
22 #include "auth.h"
23 #include "glob.h"
24
25 #include <linux/fips.h>
26 #include <crypto/arc4.h>
27 #include <crypto/des.h>
28
29 #include "server.h"
30 #include "smb_common.h"
31 #include "connection.h"
32 #include "mgmt/user_session.h"
33 #include "mgmt/user_config.h"
34 #include "crypto_ctx.h"
35 #include "transport_ipc.h"
36
37 /*
38 * Fixed format data defining GSS header and fixed string
39 * "not_defined_in_RFC4178@please_ignore".
40 * So sec blob data in neg phase could be generated statically.
41 */
42 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
43 #ifdef CONFIG_SMB_SERVER_KERBEROS5
44 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
45 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
46 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
47 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
48 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
49 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
50 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
51 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
52 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
53 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
54 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
55 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
56 #else
57 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
58 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
59 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
60 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
61 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
62 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
63 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
64 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
65 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
66 0x72, 0x65
67 #endif
68 };
69
ksmbd_copy_gss_neg_header(void * buf)70 void ksmbd_copy_gss_neg_header(void *buf)
71 {
72 memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
73 }
74
calc_ntlmv2_hash(struct ksmbd_conn * conn,struct ksmbd_session * sess,char * ntlmv2_hash,char * dname)75 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
76 char *ntlmv2_hash, char *dname)
77 {
78 int ret, len, conv_len;
79 wchar_t *domain = NULL;
80 __le16 *uniname = NULL;
81 struct hmac_md5_ctx ctx;
82
83 hmac_md5_init_usingrawkey(&ctx, user_passkey(sess->user),
84 CIFS_ENCPWD_SIZE);
85
86 /* convert user_name to unicode */
87 len = strlen(user_name(sess->user));
88 uniname = kzalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
89 if (!uniname) {
90 ret = -ENOMEM;
91 goto out;
92 }
93
94 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
95 conn->local_nls);
96 if (conv_len < 0 || conv_len > len) {
97 ret = -EINVAL;
98 goto out;
99 }
100 UniStrupr(uniname);
101
102 hmac_md5_update(&ctx, (const u8 *)uniname, UNICODE_LEN(conv_len));
103
104 /* Convert domain name or conn name to unicode and uppercase */
105 len = strlen(dname);
106 domain = kzalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
107 if (!domain) {
108 ret = -ENOMEM;
109 goto out;
110 }
111
112 conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
113 conn->local_nls);
114 if (conv_len < 0 || conv_len > len) {
115 ret = -EINVAL;
116 goto out;
117 }
118
119 hmac_md5_update(&ctx, (const u8 *)domain, UNICODE_LEN(conv_len));
120 hmac_md5_final(&ctx, ntlmv2_hash);
121 ret = 0;
122 out:
123 kfree(uniname);
124 kfree(domain);
125 return ret;
126 }
127
128 /**
129 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
130 * @conn: connection
131 * @sess: session of connection
132 * @ntlmv2: NTLMv2 challenge response
133 * @blen: NTLMv2 blob length
134 * @domain_name: domain name
135 * @cryptkey: session crypto key
136 *
137 * Return: 0 on success, error number on error
138 */
ksmbd_auth_ntlmv2(struct ksmbd_conn * conn,struct ksmbd_session * sess,struct ntlmv2_resp * ntlmv2,int blen,char * domain_name,char * cryptkey)139 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
140 struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
141 char *cryptkey)
142 {
143 char ntlmv2_hash[CIFS_ENCPWD_SIZE];
144 char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
145 struct hmac_md5_ctx ctx;
146 int rc;
147
148 if (fips_enabled) {
149 ksmbd_debug(AUTH, "NTLMv2 support is disabled due to FIPS\n");
150 return -EOPNOTSUPP;
151 }
152
153 rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
154 if (rc) {
155 ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
156 return rc;
157 }
158
159 hmac_md5_init_usingrawkey(&ctx, ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
160 hmac_md5_update(&ctx, cryptkey, CIFS_CRYPTO_KEY_SIZE);
161 hmac_md5_update(&ctx, (const u8 *)&ntlmv2->blob_signature, blen);
162 hmac_md5_final(&ctx, ntlmv2_rsp);
163
164 /* Generate the session key */
165 hmac_md5_usingrawkey(ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE,
166 ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE,
167 sess->sess_key);
168
169 if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp,
170 CIFS_HMAC_MD5_HASH_SIZE))
171 return -EINVAL;
172 return 0;
173 }
174
175 /**
176 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
177 * authenticate blob
178 * @authblob: authenticate blob source pointer
179 * @blob_len: length of the @authblob message
180 * @conn: connection
181 * @sess: session of connection
182 *
183 * Return: 0 on success, error number on error
184 */
ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message * authblob,int blob_len,struct ksmbd_conn * conn,struct ksmbd_session * sess)185 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
186 int blob_len, struct ksmbd_conn *conn,
187 struct ksmbd_session *sess)
188 {
189 char *domain_name;
190 unsigned int nt_off, dn_off;
191 unsigned short nt_len, dn_len;
192 int ret;
193
194 if (blob_len < sizeof(struct authenticate_message)) {
195 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
196 blob_len);
197 return -EINVAL;
198 }
199
200 if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
201 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
202 authblob->Signature);
203 return -EINVAL;
204 }
205
206 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
207 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
208 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
209 dn_len = le16_to_cpu(authblob->DomainName.Length);
210
211 if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
212 nt_len < CIFS_ENCPWD_SIZE)
213 return -EINVAL;
214
215 /* TODO : use domain name that imported from configuration file */
216 domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
217 dn_len, true, conn->local_nls);
218 if (IS_ERR(domain_name))
219 return PTR_ERR(domain_name);
220
221 /* process NTLMv2 authentication */
222 ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
223 domain_name);
224 ret = ksmbd_auth_ntlmv2(conn, sess,
225 (struct ntlmv2_resp *)((char *)authblob + nt_off),
226 nt_len - CIFS_ENCPWD_SIZE,
227 domain_name, conn->ntlmssp.cryptkey);
228 kfree(domain_name);
229
230 /* The recovered secondary session key */
231 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
232 struct arc4_ctx *ctx_arc4;
233 unsigned int sess_key_off, sess_key_len;
234
235 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
236 sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
237
238 if (blob_len < (u64)sess_key_off + sess_key_len)
239 return -EINVAL;
240
241 if (sess_key_len > CIFS_KEY_SIZE)
242 return -EINVAL;
243
244 ctx_arc4 = kmalloc_obj(*ctx_arc4, KSMBD_DEFAULT_GFP);
245 if (!ctx_arc4)
246 return -ENOMEM;
247
248 arc4_setkey(ctx_arc4, sess->sess_key, SMB2_NTLMV2_SESSKEY_SIZE);
249 arc4_crypt(ctx_arc4, sess->sess_key,
250 (char *)authblob + sess_key_off, sess_key_len);
251 kfree_sensitive(ctx_arc4);
252 }
253
254 return ret;
255 }
256
257 /**
258 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
259 * negotiate blob
260 * @negblob: negotiate blob source pointer
261 * @blob_len: length of the @authblob message
262 * @conn: connection
263 *
264 */
ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message * negblob,int blob_len,struct ksmbd_conn * conn)265 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
266 int blob_len, struct ksmbd_conn *conn)
267 {
268 if (blob_len < sizeof(struct negotiate_message)) {
269 ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
270 blob_len);
271 return -EINVAL;
272 }
273
274 if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
275 ksmbd_debug(AUTH, "blob signature incorrect %s\n",
276 negblob->Signature);
277 return -EINVAL;
278 }
279
280 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
281 return 0;
282 }
283
284 /**
285 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
286 * challenge blob
287 * @chgblob: challenge blob source pointer to initialize
288 * @conn: connection
289 *
290 */
291 unsigned int
ksmbd_build_ntlmssp_challenge_blob(struct challenge_message * chgblob,struct ksmbd_conn * conn)292 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
293 struct ksmbd_conn *conn)
294 {
295 struct target_info *tinfo;
296 wchar_t *name;
297 __u8 *target_name;
298 unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
299 int len, uni_len, conv_len;
300 int cflags = conn->ntlmssp.client_flags;
301
302 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
303 chgblob->MessageType = NtLmChallenge;
304
305 flags = NTLMSSP_NEGOTIATE_UNICODE |
306 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
307 NTLMSSP_NEGOTIATE_TARGET_INFO;
308
309 if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
310 flags |= NTLMSSP_NEGOTIATE_SIGN;
311 flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
312 NTLMSSP_NEGOTIATE_56);
313 }
314
315 if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
316 flags |= NTLMSSP_NEGOTIATE_SEAL;
317
318 if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
319 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
320
321 if (cflags & NTLMSSP_REQUEST_TARGET)
322 flags |= NTLMSSP_REQUEST_TARGET;
323
324 if (conn->use_spnego &&
325 (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
326 flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
327
328 if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
329 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
330
331 chgblob->NegotiateFlags = cpu_to_le32(flags);
332 len = strlen(ksmbd_netbios_name());
333 name = kmalloc(2 + UNICODE_LEN(len), KSMBD_DEFAULT_GFP);
334 if (!name)
335 return -ENOMEM;
336
337 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
338 conn->local_nls);
339 if (conv_len < 0 || conv_len > len) {
340 kfree(name);
341 return -EINVAL;
342 }
343
344 uni_len = UNICODE_LEN(conv_len);
345
346 blob_off = sizeof(struct challenge_message);
347 blob_len = blob_off + uni_len;
348
349 chgblob->TargetName.Length = cpu_to_le16(uni_len);
350 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
351 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
352
353 /* Initialize random conn challenge */
354 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
355 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
356 CIFS_CRYPTO_KEY_SIZE);
357
358 /* Add Target Information to security buffer */
359 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
360
361 target_name = (__u8 *)chgblob + blob_off;
362 memcpy(target_name, name, uni_len);
363 tinfo = (struct target_info *)(target_name + uni_len);
364
365 chgblob->TargetInfoArray.Length = 0;
366 /* Add target info list for NetBIOS/DNS settings */
367 for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
368 type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
369 tinfo->Type = cpu_to_le16(type);
370 tinfo->Length = cpu_to_le16(uni_len);
371 memcpy(tinfo->Content, name, uni_len);
372 tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
373 target_info_len += 4 + uni_len;
374 }
375
376 /* Add terminator subblock */
377 tinfo->Type = 0;
378 tinfo->Length = 0;
379 target_info_len += 4;
380
381 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
382 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
383 blob_len += target_info_len;
384 kfree(name);
385 ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
386 return blob_len;
387 }
388
389 #ifdef CONFIG_SMB_SERVER_KERBEROS5
ksmbd_krb5_authenticate(struct ksmbd_session * sess,char * in_blob,int in_len,char * out_blob,int * out_len)390 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
391 int in_len, char *out_blob, int *out_len)
392 {
393 struct ksmbd_spnego_authen_response *resp;
394 struct ksmbd_login_response_ext *resp_ext = NULL;
395 struct ksmbd_user *user = NULL;
396 int retval;
397
398 resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
399 if (!resp) {
400 ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
401 return -EINVAL;
402 }
403
404 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
405 ksmbd_debug(AUTH, "krb5 authentication failure\n");
406 retval = -EPERM;
407 goto out;
408 }
409
410 if (*out_len <= resp->spnego_blob_len) {
411 ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
412 *out_len, resp->spnego_blob_len);
413 retval = -EINVAL;
414 goto out;
415 }
416
417 if (resp->session_key_len > sizeof(sess->sess_key)) {
418 ksmbd_debug(AUTH, "session key is too long\n");
419 retval = -EINVAL;
420 goto out;
421 }
422
423 if (resp->login_response.status & KSMBD_USER_FLAG_EXTENSION)
424 resp_ext = ksmbd_ipc_login_request_ext(resp->login_response.account);
425
426 user = ksmbd_alloc_user(&resp->login_response, resp_ext);
427 if (!user) {
428 ksmbd_debug(AUTH, "login failure\n");
429 retval = -ENOMEM;
430 goto out;
431 }
432
433 if (!sess->user) {
434 /* First successful authentication */
435 sess->user = user;
436 } else {
437 if (!ksmbd_compare_user(sess->user, user)) {
438 ksmbd_debug(AUTH, "different user tried to reuse session\n");
439 retval = -EPERM;
440 ksmbd_free_user(user);
441 goto out;
442 }
443 ksmbd_free_user(user);
444 }
445
446 memcpy(sess->sess_key, resp->payload, resp->session_key_len);
447 memcpy(out_blob, resp->payload + resp->session_key_len,
448 resp->spnego_blob_len);
449 *out_len = resp->spnego_blob_len;
450 retval = 0;
451 out:
452 kvfree(resp);
453 return retval;
454 }
455 #else
ksmbd_krb5_authenticate(struct ksmbd_session * sess,char * in_blob,int in_len,char * out_blob,int * out_len)456 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
457 int in_len, char *out_blob, int *out_len)
458 {
459 return -EOPNOTSUPP;
460 }
461 #endif
462
463 /**
464 * ksmbd_sign_smb2_pdu() - function to generate packet signing
465 * @conn: connection
466 * @key: signing key
467 * @iov: buffer iov array
468 * @n_vec: number of iovecs
469 * @sig: signature value generated for client request packet
470 *
471 */
ksmbd_sign_smb2_pdu(struct ksmbd_conn * conn,char * key,struct kvec * iov,int n_vec,char * sig)472 void ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
473 int n_vec, char *sig)
474 {
475 struct hmac_sha256_ctx ctx;
476 int i;
477
478 hmac_sha256_init_usingrawkey(&ctx, key, SMB2_NTLMV2_SESSKEY_SIZE);
479 for (i = 0; i < n_vec; i++)
480 hmac_sha256_update(&ctx, iov[i].iov_base, iov[i].iov_len);
481 hmac_sha256_final(&ctx, sig);
482 }
483
484 /**
485 * ksmbd_sign_smb3_pdu() - function to generate packet signing
486 * @conn: connection
487 * @key: signing key
488 * @iov: buffer iov array
489 * @n_vec: number of iovecs
490 * @sig: signature value generated for client request packet
491 *
492 */
ksmbd_sign_smb3_pdu(struct ksmbd_conn * conn,char * key,struct kvec * iov,int n_vec,char * sig)493 void ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
494 int n_vec, char *sig)
495 {
496 struct aes_cmac_key cmac_key;
497 struct aes_cmac_ctx cmac_ctx;
498 int i;
499
500 /* This cannot fail, since we always pass a valid key length. */
501 static_assert(SMB2_CMACAES_SIZE == AES_KEYSIZE_128);
502 aes_cmac_preparekey(&cmac_key, key, SMB2_CMACAES_SIZE);
503
504 aes_cmac_init(&cmac_ctx, &cmac_key);
505 for (i = 0; i < n_vec; i++)
506 aes_cmac_update(&cmac_ctx, iov[i].iov_base, iov[i].iov_len);
507 aes_cmac_final(&cmac_ctx, sig);
508 }
509
510 struct derivation {
511 struct kvec label;
512 struct kvec context;
513 bool binding;
514 };
515
generate_key(struct ksmbd_conn * conn,struct ksmbd_session * sess,struct kvec label,struct kvec context,__u8 * key,unsigned int key_size)516 static void generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
517 struct kvec label, struct kvec context, __u8 *key,
518 unsigned int key_size)
519 {
520 unsigned char zero = 0x0;
521 __u8 i[4] = {0, 0, 0, 1};
522 __u8 L128[4] = {0, 0, 0, 128};
523 __u8 L256[4] = {0, 0, 1, 0};
524 unsigned char prfhash[SMB2_HMACSHA256_SIZE];
525 struct hmac_sha256_ctx ctx;
526
527 hmac_sha256_init_usingrawkey(&ctx, sess->sess_key,
528 SMB2_NTLMV2_SESSKEY_SIZE);
529 hmac_sha256_update(&ctx, i, 4);
530 hmac_sha256_update(&ctx, label.iov_base, label.iov_len);
531 hmac_sha256_update(&ctx, &zero, 1);
532 hmac_sha256_update(&ctx, context.iov_base, context.iov_len);
533
534 if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
535 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
536 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
537 hmac_sha256_update(&ctx, L256, 4);
538 else
539 hmac_sha256_update(&ctx, L128, 4);
540
541 hmac_sha256_final(&ctx, prfhash);
542 memcpy(key, prfhash, key_size);
543 }
544
generate_smb3signingkey(struct ksmbd_session * sess,struct ksmbd_conn * conn,const struct derivation * signing)545 static int generate_smb3signingkey(struct ksmbd_session *sess,
546 struct ksmbd_conn *conn,
547 const struct derivation *signing)
548 {
549 struct channel *chann;
550 char *key;
551
552 chann = lookup_chann_list(sess, conn);
553 if (!chann)
554 return 0;
555
556 if (conn->dialect >= SMB30_PROT_ID && signing->binding)
557 key = chann->smb3signingkey;
558 else
559 key = sess->smb3signingkey;
560
561 generate_key(conn, sess, signing->label, signing->context, key,
562 SMB3_SIGN_KEY_SIZE);
563
564 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
565 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
566
567 ksmbd_debug(AUTH, "generated SMB3 signing key\n");
568 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
569 return 0;
570 }
571
ksmbd_gen_smb30_signingkey(struct ksmbd_session * sess,struct ksmbd_conn * conn)572 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
573 struct ksmbd_conn *conn)
574 {
575 struct derivation d;
576
577 d.label.iov_base = "SMB2AESCMAC";
578 d.label.iov_len = 12;
579 d.context.iov_base = "SmbSign";
580 d.context.iov_len = 8;
581 d.binding = conn->binding;
582
583 return generate_smb3signingkey(sess, conn, &d);
584 }
585
ksmbd_gen_smb311_signingkey(struct ksmbd_session * sess,struct ksmbd_conn * conn)586 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
587 struct ksmbd_conn *conn)
588 {
589 struct derivation d;
590
591 d.label.iov_base = "SMBSigningKey";
592 d.label.iov_len = 14;
593 if (conn->binding) {
594 struct preauth_session *preauth_sess;
595
596 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
597 if (!preauth_sess)
598 return -ENOENT;
599 d.context.iov_base = preauth_sess->Preauth_HashValue;
600 } else {
601 d.context.iov_base = sess->Preauth_HashValue;
602 }
603 d.context.iov_len = 64;
604 d.binding = conn->binding;
605
606 return generate_smb3signingkey(sess, conn, &d);
607 }
608
609 struct derivation_twin {
610 struct derivation encryption;
611 struct derivation decryption;
612 };
613
generate_smb3encryptionkey(struct ksmbd_conn * conn,struct ksmbd_session * sess,const struct derivation_twin * ptwin)614 static void generate_smb3encryptionkey(struct ksmbd_conn *conn,
615 struct ksmbd_session *sess,
616 const struct derivation_twin *ptwin)
617 {
618 generate_key(conn, sess, ptwin->encryption.label,
619 ptwin->encryption.context, sess->smb3encryptionkey,
620 SMB3_ENC_DEC_KEY_SIZE);
621
622 generate_key(conn, sess, ptwin->decryption.label,
623 ptwin->decryption.context,
624 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
625
626 ksmbd_debug(AUTH, "generated SMB3 encryption/decryption keys\n");
627 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
628 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
629 }
630
ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn * conn,struct ksmbd_session * sess)631 void ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
632 struct ksmbd_session *sess)
633 {
634 struct derivation_twin twin;
635 struct derivation *d;
636
637 d = &twin.encryption;
638 d->label.iov_base = "SMB2AESCCM";
639 d->label.iov_len = 11;
640 d->context.iov_base = "ServerOut";
641 d->context.iov_len = 10;
642
643 d = &twin.decryption;
644 d->label.iov_base = "SMB2AESCCM";
645 d->label.iov_len = 11;
646 d->context.iov_base = "ServerIn ";
647 d->context.iov_len = 10;
648
649 generate_smb3encryptionkey(conn, sess, &twin);
650 }
651
ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn * conn,struct ksmbd_session * sess)652 void ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
653 struct ksmbd_session *sess)
654 {
655 struct derivation_twin twin;
656 struct derivation *d;
657
658 d = &twin.encryption;
659 d->label.iov_base = "SMBS2CCipherKey";
660 d->label.iov_len = 16;
661 d->context.iov_base = sess->Preauth_HashValue;
662 d->context.iov_len = 64;
663
664 d = &twin.decryption;
665 d->label.iov_base = "SMBC2SCipherKey";
666 d->label.iov_len = 16;
667 d->context.iov_base = sess->Preauth_HashValue;
668 d->context.iov_len = 64;
669
670 generate_smb3encryptionkey(conn, sess, &twin);
671 }
672
ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn * conn,char * buf,__u8 * pi_hash)673 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
674 __u8 *pi_hash)
675 {
676 struct smb2_hdr *rcv_hdr = smb_get_msg(buf);
677 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
678 int msg_size = get_rfc1002_len(buf);
679 struct sha512_ctx sha_ctx;
680
681 if (conn->preauth_info->Preauth_HashId !=
682 SMB2_PREAUTH_INTEGRITY_SHA512)
683 return -EINVAL;
684
685 sha512_init(&sha_ctx);
686 sha512_update(&sha_ctx, pi_hash, 64);
687 sha512_update(&sha_ctx, all_bytes_msg, msg_size);
688 sha512_final(&sha_ctx, pi_hash);
689 return 0;
690 }
691
ksmbd_get_encryption_key(struct ksmbd_work * work,__u64 ses_id,int enc,u8 * key)692 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
693 int enc, u8 *key)
694 {
695 struct ksmbd_session *sess;
696 u8 *ses_enc_key;
697
698 if (enc)
699 sess = work->sess;
700 else
701 sess = ksmbd_session_lookup_all(work->conn, ses_id);
702 if (!sess)
703 return -EINVAL;
704
705 ses_enc_key = enc ? sess->smb3encryptionkey :
706 sess->smb3decryptionkey;
707 memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
708 if (!enc)
709 ksmbd_user_session_put(sess);
710
711 return 0;
712 }
713
smb2_sg_set_buf(struct scatterlist * sg,const void * buf,unsigned int buflen)714 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
715 unsigned int buflen)
716 {
717 void *addr;
718
719 if (is_vmalloc_addr(buf))
720 addr = vmalloc_to_page(buf);
721 else
722 addr = virt_to_page(buf);
723 sg_set_page(sg, addr, buflen, offset_in_page(buf));
724 }
725
ksmbd_init_sg(struct kvec * iov,unsigned int nvec,u8 * sign)726 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
727 u8 *sign)
728 {
729 struct scatterlist *sg;
730 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
731 int i, *nr_entries, total_entries = 0, sg_idx = 0;
732
733 if (!nvec)
734 return NULL;
735
736 nr_entries = kzalloc_objs(int, nvec, KSMBD_DEFAULT_GFP);
737 if (!nr_entries)
738 return NULL;
739
740 for (i = 0; i < nvec - 1; i++) {
741 unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
742
743 if (is_vmalloc_addr(iov[i + 1].iov_base)) {
744 nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
745 PAGE_SIZE - 1) >> PAGE_SHIFT) -
746 (kaddr >> PAGE_SHIFT);
747 } else {
748 nr_entries[i]++;
749 }
750 total_entries += nr_entries[i];
751 }
752
753 /* Add two entries for transform header and signature */
754 total_entries += 2;
755
756 sg = kmalloc_objs(struct scatterlist, total_entries, KSMBD_DEFAULT_GFP);
757 if (!sg) {
758 kfree(nr_entries);
759 return NULL;
760 }
761
762 sg_init_table(sg, total_entries);
763 smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
764 for (i = 0; i < nvec - 1; i++) {
765 void *data = iov[i + 1].iov_base;
766 int len = iov[i + 1].iov_len;
767
768 if (is_vmalloc_addr(data)) {
769 int j, offset = offset_in_page(data);
770
771 for (j = 0; j < nr_entries[i]; j++) {
772 unsigned int bytes = PAGE_SIZE - offset;
773
774 if (!len)
775 break;
776
777 if (bytes > len)
778 bytes = len;
779
780 sg_set_page(&sg[sg_idx++],
781 vmalloc_to_page(data), bytes,
782 offset_in_page(data));
783
784 data += bytes;
785 len -= bytes;
786 offset = 0;
787 }
788 } else {
789 sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
790 offset_in_page(data));
791 }
792 }
793 smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
794 kfree(nr_entries);
795 return sg;
796 }
797
ksmbd_crypt_message(struct ksmbd_work * work,struct kvec * iov,unsigned int nvec,int enc)798 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
799 unsigned int nvec, int enc)
800 {
801 struct ksmbd_conn *conn = work->conn;
802 struct smb2_transform_hdr *tr_hdr = smb_get_msg(iov[0].iov_base);
803 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
804 int rc;
805 DECLARE_CRYPTO_WAIT(wait);
806 struct scatterlist *sg;
807 u8 sign[SMB2_SIGNATURE_SIZE] = {};
808 u8 key[SMB3_ENC_DEC_KEY_SIZE];
809 struct aead_request *req;
810 char *iv;
811 unsigned int iv_len;
812 struct crypto_aead *tfm;
813 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
814 struct ksmbd_crypto_ctx *ctx;
815
816 rc = ksmbd_get_encryption_key(work,
817 le64_to_cpu(tr_hdr->SessionId),
818 enc,
819 key);
820 if (rc) {
821 pr_err("Could not get %scryption key\n", enc ? "en" : "de");
822 return rc;
823 }
824
825 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
826 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
827 ctx = ksmbd_crypto_ctx_find_gcm();
828 else
829 ctx = ksmbd_crypto_ctx_find_ccm();
830 if (!ctx) {
831 pr_err("crypto alloc failed\n");
832 return -ENOMEM;
833 }
834
835 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
836 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
837 tfm = CRYPTO_GCM(ctx);
838 else
839 tfm = CRYPTO_CCM(ctx);
840
841 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
842 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
843 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
844 else
845 rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
846 if (rc) {
847 pr_err("Failed to set aead key %d\n", rc);
848 goto free_ctx;
849 }
850
851 rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
852 if (rc) {
853 pr_err("Failed to set authsize %d\n", rc);
854 goto free_ctx;
855 }
856
857 req = aead_request_alloc(tfm, KSMBD_DEFAULT_GFP);
858 if (!req) {
859 rc = -ENOMEM;
860 goto free_ctx;
861 }
862
863 if (!enc) {
864 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
865 crypt_len += SMB2_SIGNATURE_SIZE;
866 }
867
868 sg = ksmbd_init_sg(iov, nvec, sign);
869 if (!sg) {
870 pr_err("Failed to init sg\n");
871 rc = -ENOMEM;
872 goto free_req;
873 }
874
875 iv_len = crypto_aead_ivsize(tfm);
876 iv = kzalloc(iv_len, KSMBD_DEFAULT_GFP);
877 if (!iv) {
878 rc = -ENOMEM;
879 goto free_sg;
880 }
881
882 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
883 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
884 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
885 } else {
886 iv[0] = 3;
887 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
888 }
889
890 aead_request_set_crypt(req, sg, sg, crypt_len, iv);
891 aead_request_set_ad(req, assoc_data_len);
892 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
893 CRYPTO_TFM_REQ_MAY_SLEEP,
894 crypto_req_done, &wait);
895
896 rc = crypto_wait_req(enc ? crypto_aead_encrypt(req) :
897 crypto_aead_decrypt(req), &wait);
898 if (rc)
899 goto free_iv;
900
901 if (enc)
902 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
903
904 free_iv:
905 kfree(iv);
906 free_sg:
907 kfree(sg);
908 free_req:
909 aead_request_free(req);
910 free_ctx:
911 ksmbd_release_crypto_ctx(ctx);
912 return rc;
913 }
914