Lines Matching +full:user +full:- +full:challenge
1 // SPDX-License-Identifier: GPL-2.0-or-later
10 #include <linux/backing-dev.h>
73 * ksmbd_gen_sess_key() - function to generate session key
88 return -ENOMEM; in ksmbd_gen_sess_key()
113 rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key); in ksmbd_gen_sess_key()
135 return -ENOMEM; in calc_ntlmv2_hash()
139 user_passkey(sess->user), in calc_ntlmv2_hash()
153 len = strlen(user_name(sess->user)); in calc_ntlmv2_hash()
156 ret = -ENOMEM; in calc_ntlmv2_hash()
160 conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len, in calc_ntlmv2_hash()
161 conn->local_nls); in calc_ntlmv2_hash()
163 ret = -EINVAL; in calc_ntlmv2_hash()
172 ksmbd_debug(AUTH, "Could not update with user\n"); in calc_ntlmv2_hash()
180 ret = -ENOMEM; in calc_ntlmv2_hash()
185 conn->local_nls); in calc_ntlmv2_hash()
187 ret = -EINVAL; in calc_ntlmv2_hash()
210 * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
213 * @ntlmv2: NTLMv2 challenge response
239 return -ENOMEM; in ksmbd_auth_ntlmv2()
259 rc = -ENOMEM; in ksmbd_auth_ntlmv2()
264 memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen); in ksmbd_auth_ntlmv2()
286 if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0) in ksmbd_auth_ntlmv2()
287 rc = -EINVAL; in ksmbd_auth_ntlmv2()
296 * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
317 return -EINVAL; in ksmbd_decode_ntlmssp_auth_blob()
320 if (memcmp(authblob->Signature, "NTLMSSP", 8)) { in ksmbd_decode_ntlmssp_auth_blob()
322 authblob->Signature); in ksmbd_decode_ntlmssp_auth_blob()
323 return -EINVAL; in ksmbd_decode_ntlmssp_auth_blob()
326 nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset); in ksmbd_decode_ntlmssp_auth_blob()
327 nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length); in ksmbd_decode_ntlmssp_auth_blob()
328 dn_off = le32_to_cpu(authblob->DomainName.BufferOffset); in ksmbd_decode_ntlmssp_auth_blob()
329 dn_len = le16_to_cpu(authblob->DomainName.Length); in ksmbd_decode_ntlmssp_auth_blob()
333 return -EINVAL; in ksmbd_decode_ntlmssp_auth_blob()
337 dn_len, true, conn->local_nls); in ksmbd_decode_ntlmssp_auth_blob()
346 nt_len - CIFS_ENCPWD_SIZE, in ksmbd_decode_ntlmssp_auth_blob()
347 domain_name, conn->ntlmssp.cryptkey); in ksmbd_decode_ntlmssp_auth_blob()
351 if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) { in ksmbd_decode_ntlmssp_auth_blob()
355 sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset); in ksmbd_decode_ntlmssp_auth_blob()
356 sess_key_len = le16_to_cpu(authblob->SessionKey.Length); in ksmbd_decode_ntlmssp_auth_blob()
359 return -EINVAL; in ksmbd_decode_ntlmssp_auth_blob()
362 return -EINVAL; in ksmbd_decode_ntlmssp_auth_blob()
366 return -ENOMEM; in ksmbd_decode_ntlmssp_auth_blob()
368 cifs_arc4_setkey(ctx_arc4, sess->sess_key, in ksmbd_decode_ntlmssp_auth_blob()
370 cifs_arc4_crypt(ctx_arc4, sess->sess_key, in ksmbd_decode_ntlmssp_auth_blob()
379 * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
392 return -EINVAL; in ksmbd_decode_ntlmssp_neg_blob()
395 if (memcmp(negblob->Signature, "NTLMSSP", 8)) { in ksmbd_decode_ntlmssp_neg_blob()
397 negblob->Signature); in ksmbd_decode_ntlmssp_neg_blob()
398 return -EINVAL; in ksmbd_decode_ntlmssp_neg_blob()
401 conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); in ksmbd_decode_ntlmssp_neg_blob()
406 * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
407 * challenge blob
408 * @chgblob: challenge blob source pointer to initialize
421 int cflags = conn->ntlmssp.client_flags; in ksmbd_build_ntlmssp_challenge_blob()
423 memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); in ksmbd_build_ntlmssp_challenge_blob()
424 chgblob->MessageType = NtLmChallenge; in ksmbd_build_ntlmssp_challenge_blob()
445 if (conn->use_spnego && in ksmbd_build_ntlmssp_challenge_blob()
452 chgblob->NegotiateFlags = cpu_to_le32(flags); in ksmbd_build_ntlmssp_challenge_blob()
456 return -ENOMEM; in ksmbd_build_ntlmssp_challenge_blob()
459 conn->local_nls); in ksmbd_build_ntlmssp_challenge_blob()
462 return -EINVAL; in ksmbd_build_ntlmssp_challenge_blob()
470 chgblob->TargetName.Length = cpu_to_le16(uni_len); in ksmbd_build_ntlmssp_challenge_blob()
471 chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len); in ksmbd_build_ntlmssp_challenge_blob()
472 chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off); in ksmbd_build_ntlmssp_challenge_blob()
474 /* Initialize random conn challenge */ in ksmbd_build_ntlmssp_challenge_blob()
475 get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64)); in ksmbd_build_ntlmssp_challenge_blob()
476 memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey, in ksmbd_build_ntlmssp_challenge_blob()
480 chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len); in ksmbd_build_ntlmssp_challenge_blob()
486 chgblob->TargetInfoArray.Length = 0; in ksmbd_build_ntlmssp_challenge_blob()
490 tinfo->Type = cpu_to_le16(type); in ksmbd_build_ntlmssp_challenge_blob()
491 tinfo->Length = cpu_to_le16(uni_len); in ksmbd_build_ntlmssp_challenge_blob()
492 memcpy(tinfo->Content, name, uni_len); in ksmbd_build_ntlmssp_challenge_blob()
498 tinfo->Type = 0; in ksmbd_build_ntlmssp_challenge_blob()
499 tinfo->Length = 0; in ksmbd_build_ntlmssp_challenge_blob()
502 chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len); in ksmbd_build_ntlmssp_challenge_blob()
503 chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len); in ksmbd_build_ntlmssp_challenge_blob()
515 struct ksmbd_user *user = NULL; in ksmbd_krb5_authenticate() local
521 return -EINVAL; in ksmbd_krb5_authenticate()
524 if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) { in ksmbd_krb5_authenticate()
526 retval = -EPERM; in ksmbd_krb5_authenticate()
530 if (*out_len <= resp->spnego_blob_len) { in ksmbd_krb5_authenticate()
532 *out_len, resp->spnego_blob_len); in ksmbd_krb5_authenticate()
533 retval = -EINVAL; in ksmbd_krb5_authenticate()
537 if (resp->session_key_len > sizeof(sess->sess_key)) { in ksmbd_krb5_authenticate()
539 retval = -EINVAL; in ksmbd_krb5_authenticate()
543 user = ksmbd_alloc_user(&resp->login_response); in ksmbd_krb5_authenticate()
544 if (!user) { in ksmbd_krb5_authenticate()
546 retval = -ENOMEM; in ksmbd_krb5_authenticate()
549 sess->user = user; in ksmbd_krb5_authenticate()
551 memcpy(sess->sess_key, resp->payload, resp->session_key_len); in ksmbd_krb5_authenticate()
552 memcpy(out_blob, resp->payload + resp->session_key_len, in ksmbd_krb5_authenticate()
553 resp->spnego_blob_len); in ksmbd_krb5_authenticate()
554 *out_len = resp->spnego_blob_len; in ksmbd_krb5_authenticate()
564 return -EOPNOTSUPP; in ksmbd_krb5_authenticate()
569 * ksmbd_sign_smb2_pdu() - function to generate packet signing
586 return -ENOMEM; in ksmbd_sign_smb2_pdu()
620 * ksmbd_sign_smb3_pdu() - function to generate packet signing
637 return -ENOMEM; in ksmbd_sign_smb3_pdu()
695 return -ENOMEM; in generate_key()
699 sess->sess_key, in generate_key()
739 (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || in generate_key()
740 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) in generate_key()
775 if (conn->dialect >= SMB30_PROT_ID && signing->binding) in generate_smb3signingkey()
776 key = chann->smb3signingkey; in generate_smb3signingkey()
778 key = sess->smb3signingkey; in generate_smb3signingkey()
780 rc = generate_key(conn, sess, signing->label, signing->context, key, in generate_smb3signingkey()
785 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding)) in generate_smb3signingkey()
786 memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE); in generate_smb3signingkey()
789 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); in generate_smb3signingkey()
791 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); in generate_smb3signingkey()
806 d.binding = conn->binding; in ksmbd_gen_smb30_signingkey()
818 if (conn->binding) { in ksmbd_gen_smb311_signingkey()
821 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id); in ksmbd_gen_smb311_signingkey()
823 return -ENOENT; in ksmbd_gen_smb311_signingkey()
824 d.context.iov_base = preauth_sess->Preauth_HashValue; in ksmbd_gen_smb311_signingkey()
826 d.context.iov_base = sess->Preauth_HashValue; in ksmbd_gen_smb311_signingkey()
829 d.binding = conn->binding; in ksmbd_gen_smb311_signingkey()
845 rc = generate_key(conn, sess, ptwin->encryption.label, in generate_smb3encryptionkey()
846 ptwin->encryption.context, sess->smb3encryptionkey, in generate_smb3encryptionkey()
851 rc = generate_key(conn, sess, ptwin->decryption.label, in generate_smb3encryptionkey()
852 ptwin->decryption.context, in generate_smb3encryptionkey()
853 sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE); in generate_smb3encryptionkey()
858 ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type); in generate_smb3encryptionkey()
859 ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); in generate_smb3encryptionkey()
861 SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); in generate_smb3encryptionkey()
862 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || in generate_smb3encryptionkey()
863 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { in generate_smb3encryptionkey()
865 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey); in generate_smb3encryptionkey()
867 SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey); in generate_smb3encryptionkey()
870 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey); in generate_smb3encryptionkey()
872 SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey); in generate_smb3encryptionkey()
884 d->label.iov_base = "SMB2AESCCM"; in ksmbd_gen_smb30_encryptionkey()
885 d->label.iov_len = 11; in ksmbd_gen_smb30_encryptionkey()
886 d->context.iov_base = "ServerOut"; in ksmbd_gen_smb30_encryptionkey()
887 d->context.iov_len = 10; in ksmbd_gen_smb30_encryptionkey()
890 d->label.iov_base = "SMB2AESCCM"; in ksmbd_gen_smb30_encryptionkey()
891 d->label.iov_len = 11; in ksmbd_gen_smb30_encryptionkey()
892 d->context.iov_base = "ServerIn "; in ksmbd_gen_smb30_encryptionkey()
893 d->context.iov_len = 10; in ksmbd_gen_smb30_encryptionkey()
905 d->label.iov_base = "SMBS2CCipherKey"; in ksmbd_gen_smb311_encryptionkey()
906 d->label.iov_len = 16; in ksmbd_gen_smb311_encryptionkey()
907 d->context.iov_base = sess->Preauth_HashValue; in ksmbd_gen_smb311_encryptionkey()
908 d->context.iov_len = 64; in ksmbd_gen_smb311_encryptionkey()
911 d->label.iov_base = "SMBC2SCipherKey"; in ksmbd_gen_smb311_encryptionkey()
912 d->label.iov_len = 16; in ksmbd_gen_smb311_encryptionkey()
913 d->context.iov_base = sess->Preauth_HashValue; in ksmbd_gen_smb311_encryptionkey()
914 d->context.iov_len = 64; in ksmbd_gen_smb311_encryptionkey()
924 char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId; in ksmbd_gen_preauth_integrity_hash()
928 if (conn->preauth_info->Preauth_HashId != in ksmbd_gen_preauth_integrity_hash()
930 return -EINVAL; in ksmbd_gen_preauth_integrity_hash()
935 return -ENOMEM; in ksmbd_gen_preauth_integrity_hash()
975 return -ENOMEM; in ksmbd_gen_sd_hash()
1007 sess = work->sess; in ksmbd_get_encryption_key()
1009 sess = ksmbd_session_lookup_all(work->conn, ses_id); in ksmbd_get_encryption_key()
1011 return -EINVAL; in ksmbd_get_encryption_key()
1013 ses_enc_key = enc ? sess->smb3encryptionkey : in ksmbd_get_encryption_key()
1014 sess->smb3decryptionkey; in ksmbd_get_encryption_key()
1038 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20; in ksmbd_init_sg()
1048 for (i = 0; i < nvec - 1; i++) { in ksmbd_init_sg()
1053 PAGE_SIZE - 1) >> PAGE_SHIFT) - in ksmbd_init_sg()
1072 for (i = 0; i < nvec - 1; i++) { in ksmbd_init_sg()
1080 unsigned int bytes = PAGE_SIZE - offset; in ksmbd_init_sg()
1093 len -= bytes; in ksmbd_init_sg()
1109 struct ksmbd_conn *conn = work->conn; in ksmbd_crypt_message()
1111 unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20; in ksmbd_crypt_message()
1120 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); in ksmbd_crypt_message()
1124 le64_to_cpu(tr_hdr->SessionId), in ksmbd_crypt_message()
1132 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || in ksmbd_crypt_message()
1133 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) in ksmbd_crypt_message()
1139 return -ENOMEM; in ksmbd_crypt_message()
1142 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || in ksmbd_crypt_message()
1143 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) in ksmbd_crypt_message()
1148 if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || in ksmbd_crypt_message()
1149 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) in ksmbd_crypt_message()
1166 rc = -ENOMEM; in ksmbd_crypt_message()
1171 memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE); in ksmbd_crypt_message()
1178 rc = -ENOMEM; in ksmbd_crypt_message()
1185 rc = -ENOMEM; in ksmbd_crypt_message()
1189 if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || in ksmbd_crypt_message()
1190 conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { in ksmbd_crypt_message()
1191 memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE); in ksmbd_crypt_message()
1194 memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE); in ksmbd_crypt_message()
1209 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); in ksmbd_crypt_message()