xref: /openbmc/linux/fs/smb/server/auth.c (revision 8d7071af)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *   Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
5  */
6 
7 #include <linux/kernel.h>
8 #include <linux/fs.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
18 
19 #include "auth.h"
20 #include "glob.h"
21 
22 #include <linux/fips.h>
23 #include <crypto/des.h>
24 
25 #include "server.h"
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../common/arc4.h"
33 
34 /*
35  * Fixed format data defining GSS header and fixed string
36  * "not_defined_in_RFC4178@please_ignore".
37  * So sec blob data in neg phase could be generated statically.
38  */
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 	0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 	0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 	0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 	0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 	0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 	0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 	0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 	0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 	0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 	0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 	0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 	0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
53 #else
54 	0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 	0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 	0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 	0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 	0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 	0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 	0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 	0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 	0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
63 	0x72, 0x65
64 #endif
65 };
66 
67 void ksmbd_copy_gss_neg_header(void *buf)
68 {
69 	memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
70 }
71 
72 /**
73  * ksmbd_gen_sess_key() - function to generate session key
74  * @sess:	session of connection
75  * @hash:	source hash value to be used for find session key
76  * @hmac:	source hmac value to be used for finding session key
77  *
78  */
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
80 			      char *hmac)
81 {
82 	struct ksmbd_crypto_ctx *ctx;
83 	int rc;
84 
85 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
86 	if (!ctx) {
87 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
88 		return -ENOMEM;
89 	}
90 
91 	rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
92 				 hash,
93 				 CIFS_HMAC_MD5_HASH_SIZE);
94 	if (rc) {
95 		ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
96 		goto out;
97 	}
98 
99 	rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
100 	if (rc) {
101 		ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
102 		goto out;
103 	}
104 
105 	rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
106 				 hmac,
107 				 SMB2_NTLMV2_SESSKEY_SIZE);
108 	if (rc) {
109 		ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
110 		goto out;
111 	}
112 
113 	rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
114 	if (rc) {
115 		ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
116 		goto out;
117 	}
118 
119 out:
120 	ksmbd_release_crypto_ctx(ctx);
121 	return rc;
122 }
123 
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 			    char *ntlmv2_hash, char *dname)
126 {
127 	int ret, len, conv_len;
128 	wchar_t *domain = NULL;
129 	__le16 *uniname = NULL;
130 	struct ksmbd_crypto_ctx *ctx;
131 
132 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
133 	if (!ctx) {
134 		ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
135 		return -ENOMEM;
136 	}
137 
138 	ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 				  user_passkey(sess->user),
140 				  CIFS_ENCPWD_SIZE);
141 	if (ret) {
142 		ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
143 		goto out;
144 	}
145 
146 	ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
147 	if (ret) {
148 		ksmbd_debug(AUTH, "could not init hmacmd5\n");
149 		goto out;
150 	}
151 
152 	/* convert user_name to unicode */
153 	len = strlen(user_name(sess->user));
154 	uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
155 	if (!uniname) {
156 		ret = -ENOMEM;
157 		goto out;
158 	}
159 
160 	conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
161 				  conn->local_nls);
162 	if (conv_len < 0 || conv_len > len) {
163 		ret = -EINVAL;
164 		goto out;
165 	}
166 	UniStrupr(uniname);
167 
168 	ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
169 				  (char *)uniname,
170 				  UNICODE_LEN(conv_len));
171 	if (ret) {
172 		ksmbd_debug(AUTH, "Could not update with user\n");
173 		goto out;
174 	}
175 
176 	/* Convert domain name or conn name to unicode and uppercase */
177 	len = strlen(dname);
178 	domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
179 	if (!domain) {
180 		ret = -ENOMEM;
181 		goto out;
182 	}
183 
184 	conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
185 				  conn->local_nls);
186 	if (conv_len < 0 || conv_len > len) {
187 		ret = -EINVAL;
188 		goto out;
189 	}
190 
191 	ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
192 				  (char *)domain,
193 				  UNICODE_LEN(conv_len));
194 	if (ret) {
195 		ksmbd_debug(AUTH, "Could not update with domain\n");
196 		goto out;
197 	}
198 
199 	ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
200 	if (ret)
201 		ksmbd_debug(AUTH, "Could not generate md5 hash\n");
202 out:
203 	kfree(uniname);
204 	kfree(domain);
205 	ksmbd_release_crypto_ctx(ctx);
206 	return ret;
207 }
208 
209 /**
210  * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211  * @sess:	session of connection
212  * @ntlmv2:		NTLMv2 challenge response
213  * @blen:		NTLMv2 blob length
214  * @domain_name:	domain name
215  *
216  * Return:	0 on success, error number on error
217  */
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
220 		      char *cryptkey)
221 {
222 	char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 	char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 	struct ksmbd_crypto_ctx *ctx = NULL;
225 	char *construct = NULL;
226 	int rc, len;
227 
228 	rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
229 	if (rc) {
230 		ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
231 		goto out;
232 	}
233 
234 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
235 	if (!ctx) {
236 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
237 		return -ENOMEM;
238 	}
239 
240 	rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
241 				 ntlmv2_hash,
242 				 CIFS_HMAC_MD5_HASH_SIZE);
243 	if (rc) {
244 		ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
245 		goto out;
246 	}
247 
248 	rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
249 	if (rc) {
250 		ksmbd_debug(AUTH, "Could not init hmacmd5\n");
251 		goto out;
252 	}
253 
254 	len = CIFS_CRYPTO_KEY_SIZE + blen;
255 	construct = kzalloc(len, GFP_KERNEL);
256 	if (!construct) {
257 		rc = -ENOMEM;
258 		goto out;
259 	}
260 
261 	memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 	memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
263 
264 	rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
265 	if (rc) {
266 		ksmbd_debug(AUTH, "Could not update with response\n");
267 		goto out;
268 	}
269 
270 	rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
271 	if (rc) {
272 		ksmbd_debug(AUTH, "Could not generate md5 hash\n");
273 		goto out;
274 	}
275 	ksmbd_release_crypto_ctx(ctx);
276 	ctx = NULL;
277 
278 	rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
279 	if (rc) {
280 		ksmbd_debug(AUTH, "Could not generate sess key\n");
281 		goto out;
282 	}
283 
284 	if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
285 		rc = -EINVAL;
286 out:
287 	if (ctx)
288 		ksmbd_release_crypto_ctx(ctx);
289 	kfree(construct);
290 	return rc;
291 }
292 
293 /**
294  * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
295  * authenticate blob
296  * @authblob:	authenticate blob source pointer
297  * @usr:	user details
298  * @sess:	session of connection
299  *
300  * Return:	0 on success, error number on error
301  */
302 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
303 				   int blob_len, struct ksmbd_conn *conn,
304 				   struct ksmbd_session *sess)
305 {
306 	char *domain_name;
307 	unsigned int nt_off, dn_off;
308 	unsigned short nt_len, dn_len;
309 	int ret;
310 
311 	if (blob_len < sizeof(struct authenticate_message)) {
312 		ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
313 			    blob_len);
314 		return -EINVAL;
315 	}
316 
317 	if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
318 		ksmbd_debug(AUTH, "blob signature incorrect %s\n",
319 			    authblob->Signature);
320 		return -EINVAL;
321 	}
322 
323 	nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
324 	nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
325 	dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
326 	dn_len = le16_to_cpu(authblob->DomainName.Length);
327 
328 	if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
329 	    nt_len < CIFS_ENCPWD_SIZE)
330 		return -EINVAL;
331 
332 	/* TODO : use domain name that imported from configuration file */
333 	domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
334 					     dn_len, true, conn->local_nls);
335 	if (IS_ERR(domain_name))
336 		return PTR_ERR(domain_name);
337 
338 	/* process NTLMv2 authentication */
339 	ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
340 		    domain_name);
341 	ret = ksmbd_auth_ntlmv2(conn, sess,
342 				(struct ntlmv2_resp *)((char *)authblob + nt_off),
343 				nt_len - CIFS_ENCPWD_SIZE,
344 				domain_name, conn->ntlmssp.cryptkey);
345 	kfree(domain_name);
346 
347 	/* The recovered secondary session key */
348 	if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
349 		struct arc4_ctx *ctx_arc4;
350 		unsigned int sess_key_off, sess_key_len;
351 
352 		sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
353 		sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
354 
355 		if (blob_len < (u64)sess_key_off + sess_key_len)
356 			return -EINVAL;
357 
358 		ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
359 		if (!ctx_arc4)
360 			return -ENOMEM;
361 
362 		cifs_arc4_setkey(ctx_arc4, sess->sess_key,
363 				 SMB2_NTLMV2_SESSKEY_SIZE);
364 		cifs_arc4_crypt(ctx_arc4, sess->sess_key,
365 				(char *)authblob + sess_key_off, sess_key_len);
366 		kfree_sensitive(ctx_arc4);
367 	}
368 
369 	return ret;
370 }
371 
372 /**
373  * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
374  * negotiate blob
375  * @negblob: negotiate blob source pointer
376  * @rsp:     response header pointer to be updated
377  * @sess:    session of connection
378  *
379  */
380 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
381 				  int blob_len, struct ksmbd_conn *conn)
382 {
383 	if (blob_len < sizeof(struct negotiate_message)) {
384 		ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
385 			    blob_len);
386 		return -EINVAL;
387 	}
388 
389 	if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
390 		ksmbd_debug(AUTH, "blob signature incorrect %s\n",
391 			    negblob->Signature);
392 		return -EINVAL;
393 	}
394 
395 	conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
396 	return 0;
397 }
398 
399 /**
400  * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
401  * challenge blob
402  * @chgblob: challenge blob source pointer to initialize
403  * @rsp:     response header pointer to be updated
404  * @sess:    session of connection
405  *
406  */
407 unsigned int
408 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
409 				   struct ksmbd_conn *conn)
410 {
411 	struct target_info *tinfo;
412 	wchar_t *name;
413 	__u8 *target_name;
414 	unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
415 	int len, uni_len, conv_len;
416 	int cflags = conn->ntlmssp.client_flags;
417 
418 	memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
419 	chgblob->MessageType = NtLmChallenge;
420 
421 	flags = NTLMSSP_NEGOTIATE_UNICODE |
422 		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
423 		NTLMSSP_NEGOTIATE_TARGET_INFO;
424 
425 	if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
426 		flags |= NTLMSSP_NEGOTIATE_SIGN;
427 		flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
428 				   NTLMSSP_NEGOTIATE_56);
429 	}
430 
431 	if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
432 		flags |= NTLMSSP_NEGOTIATE_SEAL;
433 
434 	if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
435 		flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
436 
437 	if (cflags & NTLMSSP_REQUEST_TARGET)
438 		flags |= NTLMSSP_REQUEST_TARGET;
439 
440 	if (conn->use_spnego &&
441 	    (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
442 		flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
443 
444 	if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
445 		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
446 
447 	chgblob->NegotiateFlags = cpu_to_le32(flags);
448 	len = strlen(ksmbd_netbios_name());
449 	name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
450 	if (!name)
451 		return -ENOMEM;
452 
453 	conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
454 				  conn->local_nls);
455 	if (conv_len < 0 || conv_len > len) {
456 		kfree(name);
457 		return -EINVAL;
458 	}
459 
460 	uni_len = UNICODE_LEN(conv_len);
461 
462 	blob_off = sizeof(struct challenge_message);
463 	blob_len = blob_off + uni_len;
464 
465 	chgblob->TargetName.Length = cpu_to_le16(uni_len);
466 	chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
467 	chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
468 
469 	/* Initialize random conn challenge */
470 	get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
471 	memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
472 	       CIFS_CRYPTO_KEY_SIZE);
473 
474 	/* Add Target Information to security buffer */
475 	chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
476 
477 	target_name = (__u8 *)chgblob + blob_off;
478 	memcpy(target_name, name, uni_len);
479 	tinfo = (struct target_info *)(target_name + uni_len);
480 
481 	chgblob->TargetInfoArray.Length = 0;
482 	/* Add target info list for NetBIOS/DNS settings */
483 	for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
484 	     type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
485 		tinfo->Type = cpu_to_le16(type);
486 		tinfo->Length = cpu_to_le16(uni_len);
487 		memcpy(tinfo->Content, name, uni_len);
488 		tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
489 		target_info_len += 4 + uni_len;
490 	}
491 
492 	/* Add terminator subblock */
493 	tinfo->Type = 0;
494 	tinfo->Length = 0;
495 	target_info_len += 4;
496 
497 	chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
498 	chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
499 	blob_len += target_info_len;
500 	kfree(name);
501 	ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
502 	return blob_len;
503 }
504 
505 #ifdef CONFIG_SMB_SERVER_KERBEROS5
506 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
507 			    int in_len, char *out_blob, int *out_len)
508 {
509 	struct ksmbd_spnego_authen_response *resp;
510 	struct ksmbd_user *user = NULL;
511 	int retval;
512 
513 	resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
514 	if (!resp) {
515 		ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
516 		return -EINVAL;
517 	}
518 
519 	if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
520 		ksmbd_debug(AUTH, "krb5 authentication failure\n");
521 		retval = -EPERM;
522 		goto out;
523 	}
524 
525 	if (*out_len <= resp->spnego_blob_len) {
526 		ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
527 			    *out_len, resp->spnego_blob_len);
528 		retval = -EINVAL;
529 		goto out;
530 	}
531 
532 	if (resp->session_key_len > sizeof(sess->sess_key)) {
533 		ksmbd_debug(AUTH, "session key is too long\n");
534 		retval = -EINVAL;
535 		goto out;
536 	}
537 
538 	user = ksmbd_alloc_user(&resp->login_response);
539 	if (!user) {
540 		ksmbd_debug(AUTH, "login failure\n");
541 		retval = -ENOMEM;
542 		goto out;
543 	}
544 	sess->user = user;
545 
546 	memcpy(sess->sess_key, resp->payload, resp->session_key_len);
547 	memcpy(out_blob, resp->payload + resp->session_key_len,
548 	       resp->spnego_blob_len);
549 	*out_len = resp->spnego_blob_len;
550 	retval = 0;
551 out:
552 	kvfree(resp);
553 	return retval;
554 }
555 #else
556 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
557 			    int in_len, char *out_blob, int *out_len)
558 {
559 	return -EOPNOTSUPP;
560 }
561 #endif
562 
563 /**
564  * ksmbd_sign_smb2_pdu() - function to generate packet signing
565  * @conn:	connection
566  * @key:	signing key
567  * @iov:        buffer iov array
568  * @n_vec:	number of iovecs
569  * @sig:	signature value generated for client request packet
570  *
571  */
572 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
573 			int n_vec, char *sig)
574 {
575 	struct ksmbd_crypto_ctx *ctx;
576 	int rc, i;
577 
578 	ctx = ksmbd_crypto_ctx_find_hmacsha256();
579 	if (!ctx) {
580 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
581 		return -ENOMEM;
582 	}
583 
584 	rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
585 				 key,
586 				 SMB2_NTLMV2_SESSKEY_SIZE);
587 	if (rc)
588 		goto out;
589 
590 	rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
591 	if (rc) {
592 		ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
593 		goto out;
594 	}
595 
596 	for (i = 0; i < n_vec; i++) {
597 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
598 					 iov[i].iov_base,
599 					 iov[i].iov_len);
600 		if (rc) {
601 			ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
602 			goto out;
603 		}
604 	}
605 
606 	rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
607 	if (rc)
608 		ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
609 out:
610 	ksmbd_release_crypto_ctx(ctx);
611 	return rc;
612 }
613 
614 /**
615  * ksmbd_sign_smb3_pdu() - function to generate packet signing
616  * @conn:	connection
617  * @key:	signing key
618  * @iov:        buffer iov array
619  * @n_vec:	number of iovecs
620  * @sig:	signature value generated for client request packet
621  *
622  */
623 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
624 			int n_vec, char *sig)
625 {
626 	struct ksmbd_crypto_ctx *ctx;
627 	int rc, i;
628 
629 	ctx = ksmbd_crypto_ctx_find_cmacaes();
630 	if (!ctx) {
631 		ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
632 		return -ENOMEM;
633 	}
634 
635 	rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
636 				 key,
637 				 SMB2_CMACAES_SIZE);
638 	if (rc)
639 		goto out;
640 
641 	rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
642 	if (rc) {
643 		ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
644 		goto out;
645 	}
646 
647 	for (i = 0; i < n_vec; i++) {
648 		rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
649 					 iov[i].iov_base,
650 					 iov[i].iov_len);
651 		if (rc) {
652 			ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
653 			goto out;
654 		}
655 	}
656 
657 	rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
658 	if (rc)
659 		ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
660 out:
661 	ksmbd_release_crypto_ctx(ctx);
662 	return rc;
663 }
664 
665 struct derivation {
666 	struct kvec label;
667 	struct kvec context;
668 	bool binding;
669 };
670 
671 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
672 			struct kvec label, struct kvec context, __u8 *key,
673 			unsigned int key_size)
674 {
675 	unsigned char zero = 0x0;
676 	__u8 i[4] = {0, 0, 0, 1};
677 	__u8 L128[4] = {0, 0, 0, 128};
678 	__u8 L256[4] = {0, 0, 1, 0};
679 	int rc;
680 	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
681 	unsigned char *hashptr = prfhash;
682 	struct ksmbd_crypto_ctx *ctx;
683 
684 	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
685 	memset(key, 0x0, key_size);
686 
687 	ctx = ksmbd_crypto_ctx_find_hmacsha256();
688 	if (!ctx) {
689 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
690 		return -ENOMEM;
691 	}
692 
693 	rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
694 				 sess->sess_key,
695 				 SMB2_NTLMV2_SESSKEY_SIZE);
696 	if (rc)
697 		goto smb3signkey_ret;
698 
699 	rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
700 	if (rc) {
701 		ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
702 		goto smb3signkey_ret;
703 	}
704 
705 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
706 	if (rc) {
707 		ksmbd_debug(AUTH, "could not update with n\n");
708 		goto smb3signkey_ret;
709 	}
710 
711 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
712 				 label.iov_base,
713 				 label.iov_len);
714 	if (rc) {
715 		ksmbd_debug(AUTH, "could not update with label\n");
716 		goto smb3signkey_ret;
717 	}
718 
719 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
720 	if (rc) {
721 		ksmbd_debug(AUTH, "could not update with zero\n");
722 		goto smb3signkey_ret;
723 	}
724 
725 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
726 				 context.iov_base,
727 				 context.iov_len);
728 	if (rc) {
729 		ksmbd_debug(AUTH, "could not update with context\n");
730 		goto smb3signkey_ret;
731 	}
732 
733 	if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
734 	    (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
735 	     conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
736 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
737 	else
738 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
739 	if (rc) {
740 		ksmbd_debug(AUTH, "could not update with L\n");
741 		goto smb3signkey_ret;
742 	}
743 
744 	rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
745 	if (rc) {
746 		ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
747 			    rc);
748 		goto smb3signkey_ret;
749 	}
750 
751 	memcpy(key, hashptr, key_size);
752 
753 smb3signkey_ret:
754 	ksmbd_release_crypto_ctx(ctx);
755 	return rc;
756 }
757 
758 static int generate_smb3signingkey(struct ksmbd_session *sess,
759 				   struct ksmbd_conn *conn,
760 				   const struct derivation *signing)
761 {
762 	int rc;
763 	struct channel *chann;
764 	char *key;
765 
766 	chann = lookup_chann_list(sess, conn);
767 	if (!chann)
768 		return 0;
769 
770 	if (conn->dialect >= SMB30_PROT_ID && signing->binding)
771 		key = chann->smb3signingkey;
772 	else
773 		key = sess->smb3signingkey;
774 
775 	rc = generate_key(conn, sess, signing->label, signing->context, key,
776 			  SMB3_SIGN_KEY_SIZE);
777 	if (rc)
778 		return rc;
779 
780 	if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
781 		memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
782 
783 	ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
784 	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
785 	ksmbd_debug(AUTH, "Session Key   %*ph\n",
786 		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
787 	ksmbd_debug(AUTH, "Signing Key   %*ph\n",
788 		    SMB3_SIGN_KEY_SIZE, key);
789 	return 0;
790 }
791 
792 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
793 			       struct ksmbd_conn *conn)
794 {
795 	struct derivation d;
796 
797 	d.label.iov_base = "SMB2AESCMAC";
798 	d.label.iov_len = 12;
799 	d.context.iov_base = "SmbSign";
800 	d.context.iov_len = 8;
801 	d.binding = conn->binding;
802 
803 	return generate_smb3signingkey(sess, conn, &d);
804 }
805 
806 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
807 				struct ksmbd_conn *conn)
808 {
809 	struct derivation d;
810 
811 	d.label.iov_base = "SMBSigningKey";
812 	d.label.iov_len = 14;
813 	if (conn->binding) {
814 		struct preauth_session *preauth_sess;
815 
816 		preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
817 		if (!preauth_sess)
818 			return -ENOENT;
819 		d.context.iov_base = preauth_sess->Preauth_HashValue;
820 	} else {
821 		d.context.iov_base = sess->Preauth_HashValue;
822 	}
823 	d.context.iov_len = 64;
824 	d.binding = conn->binding;
825 
826 	return generate_smb3signingkey(sess, conn, &d);
827 }
828 
829 struct derivation_twin {
830 	struct derivation encryption;
831 	struct derivation decryption;
832 };
833 
834 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
835 				      struct ksmbd_session *sess,
836 				      const struct derivation_twin *ptwin)
837 {
838 	int rc;
839 
840 	rc = generate_key(conn, sess, ptwin->encryption.label,
841 			  ptwin->encryption.context, sess->smb3encryptionkey,
842 			  SMB3_ENC_DEC_KEY_SIZE);
843 	if (rc)
844 		return rc;
845 
846 	rc = generate_key(conn, sess, ptwin->decryption.label,
847 			  ptwin->decryption.context,
848 			  sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
849 	if (rc)
850 		return rc;
851 
852 	ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
853 	ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);
854 	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
855 	ksmbd_debug(AUTH, "Session Key   %*ph\n",
856 		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
857 	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
858 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
859 		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
860 			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
861 		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
862 			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
863 	} else {
864 		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
865 			    SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
866 		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
867 			    SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
868 	}
869 	return 0;
870 }
871 
872 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
873 				  struct ksmbd_session *sess)
874 {
875 	struct derivation_twin twin;
876 	struct derivation *d;
877 
878 	d = &twin.encryption;
879 	d->label.iov_base = "SMB2AESCCM";
880 	d->label.iov_len = 11;
881 	d->context.iov_base = "ServerOut";
882 	d->context.iov_len = 10;
883 
884 	d = &twin.decryption;
885 	d->label.iov_base = "SMB2AESCCM";
886 	d->label.iov_len = 11;
887 	d->context.iov_base = "ServerIn ";
888 	d->context.iov_len = 10;
889 
890 	return generate_smb3encryptionkey(conn, sess, &twin);
891 }
892 
893 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
894 				   struct ksmbd_session *sess)
895 {
896 	struct derivation_twin twin;
897 	struct derivation *d;
898 
899 	d = &twin.encryption;
900 	d->label.iov_base = "SMBS2CCipherKey";
901 	d->label.iov_len = 16;
902 	d->context.iov_base = sess->Preauth_HashValue;
903 	d->context.iov_len = 64;
904 
905 	d = &twin.decryption;
906 	d->label.iov_base = "SMBC2SCipherKey";
907 	d->label.iov_len = 16;
908 	d->context.iov_base = sess->Preauth_HashValue;
909 	d->context.iov_len = 64;
910 
911 	return generate_smb3encryptionkey(conn, sess, &twin);
912 }
913 
914 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
915 				     __u8 *pi_hash)
916 {
917 	int rc;
918 	struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
919 	char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
920 	int msg_size = get_rfc1002_len(buf);
921 	struct ksmbd_crypto_ctx *ctx = NULL;
922 
923 	if (conn->preauth_info->Preauth_HashId !=
924 	    SMB2_PREAUTH_INTEGRITY_SHA512)
925 		return -EINVAL;
926 
927 	ctx = ksmbd_crypto_ctx_find_sha512();
928 	if (!ctx) {
929 		ksmbd_debug(AUTH, "could not alloc sha512\n");
930 		return -ENOMEM;
931 	}
932 
933 	rc = crypto_shash_init(CRYPTO_SHA512(ctx));
934 	if (rc) {
935 		ksmbd_debug(AUTH, "could not init shashn");
936 		goto out;
937 	}
938 
939 	rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
940 	if (rc) {
941 		ksmbd_debug(AUTH, "could not update with n\n");
942 		goto out;
943 	}
944 
945 	rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
946 	if (rc) {
947 		ksmbd_debug(AUTH, "could not update with n\n");
948 		goto out;
949 	}
950 
951 	rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
952 	if (rc) {
953 		ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
954 		goto out;
955 	}
956 out:
957 	ksmbd_release_crypto_ctx(ctx);
958 	return rc;
959 }
960 
961 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
962 		      __u8 *pi_hash)
963 {
964 	int rc;
965 	struct ksmbd_crypto_ctx *ctx = NULL;
966 
967 	ctx = ksmbd_crypto_ctx_find_sha256();
968 	if (!ctx) {
969 		ksmbd_debug(AUTH, "could not alloc sha256\n");
970 		return -ENOMEM;
971 	}
972 
973 	rc = crypto_shash_init(CRYPTO_SHA256(ctx));
974 	if (rc) {
975 		ksmbd_debug(AUTH, "could not init shashn");
976 		goto out;
977 	}
978 
979 	rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
980 	if (rc) {
981 		ksmbd_debug(AUTH, "could not update with n\n");
982 		goto out;
983 	}
984 
985 	rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
986 	if (rc) {
987 		ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
988 		goto out;
989 	}
990 out:
991 	ksmbd_release_crypto_ctx(ctx);
992 	return rc;
993 }
994 
995 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
996 				    int enc, u8 *key)
997 {
998 	struct ksmbd_session *sess;
999 	u8 *ses_enc_key;
1000 
1001 	if (enc)
1002 		sess = work->sess;
1003 	else
1004 		sess = ksmbd_session_lookup_all(work->conn, ses_id);
1005 	if (!sess)
1006 		return -EINVAL;
1007 
1008 	ses_enc_key = enc ? sess->smb3encryptionkey :
1009 		sess->smb3decryptionkey;
1010 	memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1011 
1012 	return 0;
1013 }
1014 
1015 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1016 				   unsigned int buflen)
1017 {
1018 	void *addr;
1019 
1020 	if (is_vmalloc_addr(buf))
1021 		addr = vmalloc_to_page(buf);
1022 	else
1023 		addr = virt_to_page(buf);
1024 	sg_set_page(sg, addr, buflen, offset_in_page(buf));
1025 }
1026 
1027 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1028 					 u8 *sign)
1029 {
1030 	struct scatterlist *sg;
1031 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1032 	int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
1033 
1034 	if (!nvec)
1035 		return NULL;
1036 
1037 	for (i = 0; i < nvec - 1; i++) {
1038 		unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1039 
1040 		if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1041 			nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1042 					PAGE_SIZE - 1) >> PAGE_SHIFT) -
1043 				(kaddr >> PAGE_SHIFT);
1044 		} else {
1045 			nr_entries[i]++;
1046 		}
1047 		total_entries += nr_entries[i];
1048 	}
1049 
1050 	/* Add two entries for transform header and signature */
1051 	total_entries += 2;
1052 
1053 	sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1054 	if (!sg)
1055 		return NULL;
1056 
1057 	sg_init_table(sg, total_entries);
1058 	smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1059 	for (i = 0; i < nvec - 1; i++) {
1060 		void *data = iov[i + 1].iov_base;
1061 		int len = iov[i + 1].iov_len;
1062 
1063 		if (is_vmalloc_addr(data)) {
1064 			int j, offset = offset_in_page(data);
1065 
1066 			for (j = 0; j < nr_entries[i]; j++) {
1067 				unsigned int bytes = PAGE_SIZE - offset;
1068 
1069 				if (!len)
1070 					break;
1071 
1072 				if (bytes > len)
1073 					bytes = len;
1074 
1075 				sg_set_page(&sg[sg_idx++],
1076 					    vmalloc_to_page(data), bytes,
1077 					    offset_in_page(data));
1078 
1079 				data += bytes;
1080 				len -= bytes;
1081 				offset = 0;
1082 			}
1083 		} else {
1084 			sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1085 				    offset_in_page(data));
1086 		}
1087 	}
1088 	smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1089 	return sg;
1090 }
1091 
1092 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1093 			unsigned int nvec, int enc)
1094 {
1095 	struct ksmbd_conn *conn = work->conn;
1096 	struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1097 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1098 	int rc;
1099 	struct scatterlist *sg;
1100 	u8 sign[SMB2_SIGNATURE_SIZE] = {};
1101 	u8 key[SMB3_ENC_DEC_KEY_SIZE];
1102 	struct aead_request *req;
1103 	char *iv;
1104 	unsigned int iv_len;
1105 	struct crypto_aead *tfm;
1106 	unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1107 	struct ksmbd_crypto_ctx *ctx;
1108 
1109 	rc = ksmbd_get_encryption_key(work,
1110 				      le64_to_cpu(tr_hdr->SessionId),
1111 				      enc,
1112 				      key);
1113 	if (rc) {
1114 		pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1115 		return rc;
1116 	}
1117 
1118 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1119 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1120 		ctx = ksmbd_crypto_ctx_find_gcm();
1121 	else
1122 		ctx = ksmbd_crypto_ctx_find_ccm();
1123 	if (!ctx) {
1124 		pr_err("crypto alloc failed\n");
1125 		return -ENOMEM;
1126 	}
1127 
1128 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1129 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1130 		tfm = CRYPTO_GCM(ctx);
1131 	else
1132 		tfm = CRYPTO_CCM(ctx);
1133 
1134 	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1135 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1136 		rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1137 	else
1138 		rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1139 	if (rc) {
1140 		pr_err("Failed to set aead key %d\n", rc);
1141 		goto free_ctx;
1142 	}
1143 
1144 	rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1145 	if (rc) {
1146 		pr_err("Failed to set authsize %d\n", rc);
1147 		goto free_ctx;
1148 	}
1149 
1150 	req = aead_request_alloc(tfm, GFP_KERNEL);
1151 	if (!req) {
1152 		rc = -ENOMEM;
1153 		goto free_ctx;
1154 	}
1155 
1156 	if (!enc) {
1157 		memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1158 		crypt_len += SMB2_SIGNATURE_SIZE;
1159 	}
1160 
1161 	sg = ksmbd_init_sg(iov, nvec, sign);
1162 	if (!sg) {
1163 		pr_err("Failed to init sg\n");
1164 		rc = -ENOMEM;
1165 		goto free_req;
1166 	}
1167 
1168 	iv_len = crypto_aead_ivsize(tfm);
1169 	iv = kzalloc(iv_len, GFP_KERNEL);
1170 	if (!iv) {
1171 		rc = -ENOMEM;
1172 		goto free_sg;
1173 	}
1174 
1175 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1176 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1177 		memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1178 	} else {
1179 		iv[0] = 3;
1180 		memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1181 	}
1182 
1183 	aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1184 	aead_request_set_ad(req, assoc_data_len);
1185 	aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1186 
1187 	if (enc)
1188 		rc = crypto_aead_encrypt(req);
1189 	else
1190 		rc = crypto_aead_decrypt(req);
1191 	if (rc)
1192 		goto free_iv;
1193 
1194 	if (enc)
1195 		memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1196 
1197 free_iv:
1198 	kfree(iv);
1199 free_sg:
1200 	kfree(sg);
1201 free_req:
1202 	kfree(req);
1203 free_ctx:
1204 	ksmbd_release_crypto_ctx(ctx);
1205 	return rc;
1206 }
1207