xref: /openbmc/linux/fs/smb/server/auth.c (revision ded1ffea)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *   Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
5  */
6 
7 #include <linux/kernel.h>
8 #include <linux/fs.h>
9 #include <linux/uaccess.h>
10 #include <linux/backing-dev.h>
11 #include <linux/writeback.h>
12 #include <linux/uio.h>
13 #include <linux/xattr.h>
14 #include <crypto/hash.h>
15 #include <crypto/aead.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
18 
19 #include "auth.h"
20 #include "glob.h"
21 
22 #include <linux/fips.h>
23 #include <crypto/des.h>
24 
25 #include "server.h"
26 #include "smb_common.h"
27 #include "connection.h"
28 #include "mgmt/user_session.h"
29 #include "mgmt/user_config.h"
30 #include "crypto_ctx.h"
31 #include "transport_ipc.h"
32 #include "../common/arc4.h"
33 
34 /*
35  * Fixed format data defining GSS header and fixed string
36  * "not_defined_in_RFC4178@please_ignore".
37  * So sec blob data in neg phase could be generated statically.
38  */
39 static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = {
40 #ifdef CONFIG_SMB_SERVER_KERBEROS5
41 	0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
42 	0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24,
43 	0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
44 	0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a,
45 	0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02,
46 	0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
47 	0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28,
48 	0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f,
49 	0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f,
50 	0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31,
51 	0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73,
52 	0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65
53 #else
54 	0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05,
55 	0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e,
56 	0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
57 	0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a,
58 	0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f,
59 	0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65,
60 	0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43,
61 	0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65,
62 	0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f,
63 	0x72, 0x65
64 #endif
65 };
66 
67 void ksmbd_copy_gss_neg_header(void *buf)
68 {
69 	memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
70 }
71 
72 /**
73  * ksmbd_gen_sess_key() - function to generate session key
74  * @sess:	session of connection
75  * @hash:	source hash value to be used for find session key
76  * @hmac:	source hmac value to be used for finding session key
77  *
78  */
79 static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash,
80 			      char *hmac)
81 {
82 	struct ksmbd_crypto_ctx *ctx;
83 	int rc;
84 
85 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
86 	if (!ctx) {
87 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
88 		return -ENOMEM;
89 	}
90 
91 	rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
92 				 hash,
93 				 CIFS_HMAC_MD5_HASH_SIZE);
94 	if (rc) {
95 		ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc);
96 		goto out;
97 	}
98 
99 	rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
100 	if (rc) {
101 		ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc);
102 		goto out;
103 	}
104 
105 	rc = crypto_shash_update(CRYPTO_HMACMD5(ctx),
106 				 hmac,
107 				 SMB2_NTLMV2_SESSKEY_SIZE);
108 	if (rc) {
109 		ksmbd_debug(AUTH, "Could not update with response error %d\n", rc);
110 		goto out;
111 	}
112 
113 	rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key);
114 	if (rc) {
115 		ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc);
116 		goto out;
117 	}
118 
119 out:
120 	ksmbd_release_crypto_ctx(ctx);
121 	return rc;
122 }
123 
124 static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,
125 			    char *ntlmv2_hash, char *dname)
126 {
127 	int ret, len, conv_len;
128 	wchar_t *domain = NULL;
129 	__le16 *uniname = NULL;
130 	struct ksmbd_crypto_ctx *ctx;
131 
132 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
133 	if (!ctx) {
134 		ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n");
135 		return -ENOMEM;
136 	}
137 
138 	ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
139 				  user_passkey(sess->user),
140 				  CIFS_ENCPWD_SIZE);
141 	if (ret) {
142 		ksmbd_debug(AUTH, "Could not set NT Hash as a key\n");
143 		goto out;
144 	}
145 
146 	ret = crypto_shash_init(CRYPTO_HMACMD5(ctx));
147 	if (ret) {
148 		ksmbd_debug(AUTH, "could not init hmacmd5\n");
149 		goto out;
150 	}
151 
152 	/* convert user_name to unicode */
153 	len = strlen(user_name(sess->user));
154 	uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
155 	if (!uniname) {
156 		ret = -ENOMEM;
157 		goto out;
158 	}
159 
160 	conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,
161 				  conn->local_nls);
162 	if (conv_len < 0 || conv_len > len) {
163 		ret = -EINVAL;
164 		goto out;
165 	}
166 	UniStrupr(uniname);
167 
168 	ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
169 				  (char *)uniname,
170 				  UNICODE_LEN(conv_len));
171 	if (ret) {
172 		ksmbd_debug(AUTH, "Could not update with user\n");
173 		goto out;
174 	}
175 
176 	/* Convert domain name or conn name to unicode and uppercase */
177 	len = strlen(dname);
178 	domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
179 	if (!domain) {
180 		ret = -ENOMEM;
181 		goto out;
182 	}
183 
184 	conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,
185 				  conn->local_nls);
186 	if (conv_len < 0 || conv_len > len) {
187 		ret = -EINVAL;
188 		goto out;
189 	}
190 
191 	ret = crypto_shash_update(CRYPTO_HMACMD5(ctx),
192 				  (char *)domain,
193 				  UNICODE_LEN(conv_len));
194 	if (ret) {
195 		ksmbd_debug(AUTH, "Could not update with domain\n");
196 		goto out;
197 	}
198 
199 	ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash);
200 	if (ret)
201 		ksmbd_debug(AUTH, "Could not generate md5 hash\n");
202 out:
203 	kfree(uniname);
204 	kfree(domain);
205 	ksmbd_release_crypto_ctx(ctx);
206 	return ret;
207 }
208 
209 /**
210  * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
211  * @sess:	session of connection
212  * @ntlmv2:		NTLMv2 challenge response
213  * @blen:		NTLMv2 blob length
214  * @domain_name:	domain name
215  *
216  * Return:	0 on success, error number on error
217  */
218 int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,
219 		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,
220 		      char *cryptkey)
221 {
222 	char ntlmv2_hash[CIFS_ENCPWD_SIZE];
223 	char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];
224 	struct ksmbd_crypto_ctx *ctx = NULL;
225 	char *construct = NULL;
226 	int rc, len;
227 
228 	rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);
229 	if (rc) {
230 		ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);
231 		goto out;
232 	}
233 
234 	ctx = ksmbd_crypto_ctx_find_hmacmd5();
235 	if (!ctx) {
236 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
237 		return -ENOMEM;
238 	}
239 
240 	rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx),
241 				 ntlmv2_hash,
242 				 CIFS_HMAC_MD5_HASH_SIZE);
243 	if (rc) {
244 		ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n");
245 		goto out;
246 	}
247 
248 	rc = crypto_shash_init(CRYPTO_HMACMD5(ctx));
249 	if (rc) {
250 		ksmbd_debug(AUTH, "Could not init hmacmd5\n");
251 		goto out;
252 	}
253 
254 	len = CIFS_CRYPTO_KEY_SIZE + blen;
255 	construct = kzalloc(len, GFP_KERNEL);
256 	if (!construct) {
257 		rc = -ENOMEM;
258 		goto out;
259 	}
260 
261 	memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE);
262 	memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);
263 
264 	rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len);
265 	if (rc) {
266 		ksmbd_debug(AUTH, "Could not update with response\n");
267 		goto out;
268 	}
269 
270 	rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp);
271 	if (rc) {
272 		ksmbd_debug(AUTH, "Could not generate md5 hash\n");
273 		goto out;
274 	}
275 	ksmbd_release_crypto_ctx(ctx);
276 	ctx = NULL;
277 
278 	rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp);
279 	if (rc) {
280 		ksmbd_debug(AUTH, "Could not generate sess key\n");
281 		goto out;
282 	}
283 
284 	if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
285 		rc = -EINVAL;
286 out:
287 	if (ctx)
288 		ksmbd_release_crypto_ctx(ctx);
289 	kfree(construct);
290 	return rc;
291 }
292 
293 /**
294  * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
295  * authenticate blob
296  * @authblob:	authenticate blob source pointer
297  * @usr:	user details
298  * @sess:	session of connection
299  *
300  * Return:	0 on success, error number on error
301  */
302 int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
303 				   int blob_len, struct ksmbd_conn *conn,
304 				   struct ksmbd_session *sess)
305 {
306 	char *domain_name;
307 	unsigned int nt_off, dn_off;
308 	unsigned short nt_len, dn_len;
309 	int ret;
310 
311 	if (blob_len < sizeof(struct authenticate_message)) {
312 		ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
313 			    blob_len);
314 		return -EINVAL;
315 	}
316 
317 	if (memcmp(authblob->Signature, "NTLMSSP", 8)) {
318 		ksmbd_debug(AUTH, "blob signature incorrect %s\n",
319 			    authblob->Signature);
320 		return -EINVAL;
321 	}
322 
323 	nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
324 	nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
325 	dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
326 	dn_len = le16_to_cpu(authblob->DomainName.Length);
327 
328 	if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
329 	    nt_len < CIFS_ENCPWD_SIZE)
330 		return -EINVAL;
331 
332 	/* TODO : use domain name that imported from configuration file */
333 	domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off,
334 					     dn_len, true, conn->local_nls);
335 	if (IS_ERR(domain_name))
336 		return PTR_ERR(domain_name);
337 
338 	/* process NTLMv2 authentication */
339 	ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",
340 		    domain_name);
341 	ret = ksmbd_auth_ntlmv2(conn, sess,
342 				(struct ntlmv2_resp *)((char *)authblob + nt_off),
343 				nt_len - CIFS_ENCPWD_SIZE,
344 				domain_name, conn->ntlmssp.cryptkey);
345 	kfree(domain_name);
346 
347 	/* The recovered secondary session key */
348 	if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
349 		struct arc4_ctx *ctx_arc4;
350 		unsigned int sess_key_off, sess_key_len;
351 
352 		sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
353 		sess_key_len = le16_to_cpu(authblob->SessionKey.Length);
354 
355 		if (blob_len < (u64)sess_key_off + sess_key_len)
356 			return -EINVAL;
357 
358 		if (sess_key_len > CIFS_KEY_SIZE)
359 			return -EINVAL;
360 
361 		ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
362 		if (!ctx_arc4)
363 			return -ENOMEM;
364 
365 		cifs_arc4_setkey(ctx_arc4, sess->sess_key,
366 				 SMB2_NTLMV2_SESSKEY_SIZE);
367 		cifs_arc4_crypt(ctx_arc4, sess->sess_key,
368 				(char *)authblob + sess_key_off, sess_key_len);
369 		kfree_sensitive(ctx_arc4);
370 	}
371 
372 	return ret;
373 }
374 
375 /**
376  * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct
377  * negotiate blob
378  * @negblob: negotiate blob source pointer
379  * @rsp:     response header pointer to be updated
380  * @sess:    session of connection
381  *
382  */
383 int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob,
384 				  int blob_len, struct ksmbd_conn *conn)
385 {
386 	if (blob_len < sizeof(struct negotiate_message)) {
387 		ksmbd_debug(AUTH, "negotiate blob len %d too small\n",
388 			    blob_len);
389 		return -EINVAL;
390 	}
391 
392 	if (memcmp(negblob->Signature, "NTLMSSP", 8)) {
393 		ksmbd_debug(AUTH, "blob signature incorrect %s\n",
394 			    negblob->Signature);
395 		return -EINVAL;
396 	}
397 
398 	conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags);
399 	return 0;
400 }
401 
402 /**
403  * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct
404  * challenge blob
405  * @chgblob: challenge blob source pointer to initialize
406  * @rsp:     response header pointer to be updated
407  * @sess:    session of connection
408  *
409  */
410 unsigned int
411 ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
412 				   struct ksmbd_conn *conn)
413 {
414 	struct target_info *tinfo;
415 	wchar_t *name;
416 	__u8 *target_name;
417 	unsigned int flags, blob_off, blob_len, type, target_info_len = 0;
418 	int len, uni_len, conv_len;
419 	int cflags = conn->ntlmssp.client_flags;
420 
421 	memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);
422 	chgblob->MessageType = NtLmChallenge;
423 
424 	flags = NTLMSSP_NEGOTIATE_UNICODE |
425 		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER |
426 		NTLMSSP_NEGOTIATE_TARGET_INFO;
427 
428 	if (cflags & NTLMSSP_NEGOTIATE_SIGN) {
429 		flags |= NTLMSSP_NEGOTIATE_SIGN;
430 		flags |= cflags & (NTLMSSP_NEGOTIATE_128 |
431 				   NTLMSSP_NEGOTIATE_56);
432 	}
433 
434 	if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
435 		flags |= NTLMSSP_NEGOTIATE_SEAL;
436 
437 	if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
438 		flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
439 
440 	if (cflags & NTLMSSP_REQUEST_TARGET)
441 		flags |= NTLMSSP_REQUEST_TARGET;
442 
443 	if (conn->use_spnego &&
444 	    (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
445 		flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;
446 
447 	if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
448 		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
449 
450 	chgblob->NegotiateFlags = cpu_to_le32(flags);
451 	len = strlen(ksmbd_netbios_name());
452 	name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
453 	if (!name)
454 		return -ENOMEM;
455 
456 	conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len,
457 				  conn->local_nls);
458 	if (conv_len < 0 || conv_len > len) {
459 		kfree(name);
460 		return -EINVAL;
461 	}
462 
463 	uni_len = UNICODE_LEN(conv_len);
464 
465 	blob_off = sizeof(struct challenge_message);
466 	blob_len = blob_off + uni_len;
467 
468 	chgblob->TargetName.Length = cpu_to_le16(uni_len);
469 	chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len);
470 	chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);
471 
472 	/* Initialize random conn challenge */
473 	get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64));
474 	memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey,
475 	       CIFS_CRYPTO_KEY_SIZE);
476 
477 	/* Add Target Information to security buffer */
478 	chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);
479 
480 	target_name = (__u8 *)chgblob + blob_off;
481 	memcpy(target_name, name, uni_len);
482 	tinfo = (struct target_info *)(target_name + uni_len);
483 
484 	chgblob->TargetInfoArray.Length = 0;
485 	/* Add target info list for NetBIOS/DNS settings */
486 	for (type = NTLMSSP_AV_NB_COMPUTER_NAME;
487 	     type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) {
488 		tinfo->Type = cpu_to_le16(type);
489 		tinfo->Length = cpu_to_le16(uni_len);
490 		memcpy(tinfo->Content, name, uni_len);
491 		tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len);
492 		target_info_len += 4 + uni_len;
493 	}
494 
495 	/* Add terminator subblock */
496 	tinfo->Type = 0;
497 	tinfo->Length = 0;
498 	target_info_len += 4;
499 
500 	chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len);
501 	chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len);
502 	blob_len += target_info_len;
503 	kfree(name);
504 	ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len);
505 	return blob_len;
506 }
507 
508 #ifdef CONFIG_SMB_SERVER_KERBEROS5
509 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
510 			    int in_len, char *out_blob, int *out_len)
511 {
512 	struct ksmbd_spnego_authen_response *resp;
513 	struct ksmbd_user *user = NULL;
514 	int retval;
515 
516 	resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len);
517 	if (!resp) {
518 		ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n");
519 		return -EINVAL;
520 	}
521 
522 	if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) {
523 		ksmbd_debug(AUTH, "krb5 authentication failure\n");
524 		retval = -EPERM;
525 		goto out;
526 	}
527 
528 	if (*out_len <= resp->spnego_blob_len) {
529 		ksmbd_debug(AUTH, "buf len %d, but blob len %d\n",
530 			    *out_len, resp->spnego_blob_len);
531 		retval = -EINVAL;
532 		goto out;
533 	}
534 
535 	if (resp->session_key_len > sizeof(sess->sess_key)) {
536 		ksmbd_debug(AUTH, "session key is too long\n");
537 		retval = -EINVAL;
538 		goto out;
539 	}
540 
541 	user = ksmbd_alloc_user(&resp->login_response);
542 	if (!user) {
543 		ksmbd_debug(AUTH, "login failure\n");
544 		retval = -ENOMEM;
545 		goto out;
546 	}
547 	sess->user = user;
548 
549 	memcpy(sess->sess_key, resp->payload, resp->session_key_len);
550 	memcpy(out_blob, resp->payload + resp->session_key_len,
551 	       resp->spnego_blob_len);
552 	*out_len = resp->spnego_blob_len;
553 	retval = 0;
554 out:
555 	kvfree(resp);
556 	return retval;
557 }
558 #else
559 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,
560 			    int in_len, char *out_blob, int *out_len)
561 {
562 	return -EOPNOTSUPP;
563 }
564 #endif
565 
566 /**
567  * ksmbd_sign_smb2_pdu() - function to generate packet signing
568  * @conn:	connection
569  * @key:	signing key
570  * @iov:        buffer iov array
571  * @n_vec:	number of iovecs
572  * @sig:	signature value generated for client request packet
573  *
574  */
575 int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
576 			int n_vec, char *sig)
577 {
578 	struct ksmbd_crypto_ctx *ctx;
579 	int rc, i;
580 
581 	ctx = ksmbd_crypto_ctx_find_hmacsha256();
582 	if (!ctx) {
583 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
584 		return -ENOMEM;
585 	}
586 
587 	rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
588 				 key,
589 				 SMB2_NTLMV2_SESSKEY_SIZE);
590 	if (rc)
591 		goto out;
592 
593 	rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
594 	if (rc) {
595 		ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
596 		goto out;
597 	}
598 
599 	for (i = 0; i < n_vec; i++) {
600 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
601 					 iov[i].iov_base,
602 					 iov[i].iov_len);
603 		if (rc) {
604 			ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc);
605 			goto out;
606 		}
607 	}
608 
609 	rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig);
610 	if (rc)
611 		ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc);
612 out:
613 	ksmbd_release_crypto_ctx(ctx);
614 	return rc;
615 }
616 
617 /**
618  * ksmbd_sign_smb3_pdu() - function to generate packet signing
619  * @conn:	connection
620  * @key:	signing key
621  * @iov:        buffer iov array
622  * @n_vec:	number of iovecs
623  * @sig:	signature value generated for client request packet
624  *
625  */
626 int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov,
627 			int n_vec, char *sig)
628 {
629 	struct ksmbd_crypto_ctx *ctx;
630 	int rc, i;
631 
632 	ctx = ksmbd_crypto_ctx_find_cmacaes();
633 	if (!ctx) {
634 		ksmbd_debug(AUTH, "could not crypto alloc cmac\n");
635 		return -ENOMEM;
636 	}
637 
638 	rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx),
639 				 key,
640 				 SMB2_CMACAES_SIZE);
641 	if (rc)
642 		goto out;
643 
644 	rc = crypto_shash_init(CRYPTO_CMACAES(ctx));
645 	if (rc) {
646 		ksmbd_debug(AUTH, "cmaces init error %d\n", rc);
647 		goto out;
648 	}
649 
650 	for (i = 0; i < n_vec; i++) {
651 		rc = crypto_shash_update(CRYPTO_CMACAES(ctx),
652 					 iov[i].iov_base,
653 					 iov[i].iov_len);
654 		if (rc) {
655 			ksmbd_debug(AUTH, "cmaces update error %d\n", rc);
656 			goto out;
657 		}
658 	}
659 
660 	rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig);
661 	if (rc)
662 		ksmbd_debug(AUTH, "cmaces generation error %d\n", rc);
663 out:
664 	ksmbd_release_crypto_ctx(ctx);
665 	return rc;
666 }
667 
668 struct derivation {
669 	struct kvec label;
670 	struct kvec context;
671 	bool binding;
672 };
673 
674 static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
675 			struct kvec label, struct kvec context, __u8 *key,
676 			unsigned int key_size)
677 {
678 	unsigned char zero = 0x0;
679 	__u8 i[4] = {0, 0, 0, 1};
680 	__u8 L128[4] = {0, 0, 0, 128};
681 	__u8 L256[4] = {0, 0, 1, 0};
682 	int rc;
683 	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
684 	unsigned char *hashptr = prfhash;
685 	struct ksmbd_crypto_ctx *ctx;
686 
687 	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
688 	memset(key, 0x0, key_size);
689 
690 	ctx = ksmbd_crypto_ctx_find_hmacsha256();
691 	if (!ctx) {
692 		ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n");
693 		return -ENOMEM;
694 	}
695 
696 	rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx),
697 				 sess->sess_key,
698 				 SMB2_NTLMV2_SESSKEY_SIZE);
699 	if (rc)
700 		goto smb3signkey_ret;
701 
702 	rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx));
703 	if (rc) {
704 		ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc);
705 		goto smb3signkey_ret;
706 	}
707 
708 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4);
709 	if (rc) {
710 		ksmbd_debug(AUTH, "could not update with n\n");
711 		goto smb3signkey_ret;
712 	}
713 
714 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
715 				 label.iov_base,
716 				 label.iov_len);
717 	if (rc) {
718 		ksmbd_debug(AUTH, "could not update with label\n");
719 		goto smb3signkey_ret;
720 	}
721 
722 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1);
723 	if (rc) {
724 		ksmbd_debug(AUTH, "could not update with zero\n");
725 		goto smb3signkey_ret;
726 	}
727 
728 	rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx),
729 				 context.iov_base,
730 				 context.iov_len);
731 	if (rc) {
732 		ksmbd_debug(AUTH, "could not update with context\n");
733 		goto smb3signkey_ret;
734 	}
735 
736 	if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
737 	    (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
738 	     conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
739 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
740 	else
741 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);
742 	if (rc) {
743 		ksmbd_debug(AUTH, "could not update with L\n");
744 		goto smb3signkey_ret;
745 	}
746 
747 	rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr);
748 	if (rc) {
749 		ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n",
750 			    rc);
751 		goto smb3signkey_ret;
752 	}
753 
754 	memcpy(key, hashptr, key_size);
755 
756 smb3signkey_ret:
757 	ksmbd_release_crypto_ctx(ctx);
758 	return rc;
759 }
760 
761 static int generate_smb3signingkey(struct ksmbd_session *sess,
762 				   struct ksmbd_conn *conn,
763 				   const struct derivation *signing)
764 {
765 	int rc;
766 	struct channel *chann;
767 	char *key;
768 
769 	chann = lookup_chann_list(sess, conn);
770 	if (!chann)
771 		return 0;
772 
773 	if (conn->dialect >= SMB30_PROT_ID && signing->binding)
774 		key = chann->smb3signingkey;
775 	else
776 		key = sess->smb3signingkey;
777 
778 	rc = generate_key(conn, sess, signing->label, signing->context, key,
779 			  SMB3_SIGN_KEY_SIZE);
780 	if (rc)
781 		return rc;
782 
783 	if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
784 		memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
785 
786 	ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
787 	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
788 	ksmbd_debug(AUTH, "Session Key   %*ph\n",
789 		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
790 	ksmbd_debug(AUTH, "Signing Key   %*ph\n",
791 		    SMB3_SIGN_KEY_SIZE, key);
792 	return 0;
793 }
794 
795 int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
796 			       struct ksmbd_conn *conn)
797 {
798 	struct derivation d;
799 
800 	d.label.iov_base = "SMB2AESCMAC";
801 	d.label.iov_len = 12;
802 	d.context.iov_base = "SmbSign";
803 	d.context.iov_len = 8;
804 	d.binding = conn->binding;
805 
806 	return generate_smb3signingkey(sess, conn, &d);
807 }
808 
809 int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
810 				struct ksmbd_conn *conn)
811 {
812 	struct derivation d;
813 
814 	d.label.iov_base = "SMBSigningKey";
815 	d.label.iov_len = 14;
816 	if (conn->binding) {
817 		struct preauth_session *preauth_sess;
818 
819 		preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
820 		if (!preauth_sess)
821 			return -ENOENT;
822 		d.context.iov_base = preauth_sess->Preauth_HashValue;
823 	} else {
824 		d.context.iov_base = sess->Preauth_HashValue;
825 	}
826 	d.context.iov_len = 64;
827 	d.binding = conn->binding;
828 
829 	return generate_smb3signingkey(sess, conn, &d);
830 }
831 
832 struct derivation_twin {
833 	struct derivation encryption;
834 	struct derivation decryption;
835 };
836 
837 static int generate_smb3encryptionkey(struct ksmbd_conn *conn,
838 				      struct ksmbd_session *sess,
839 				      const struct derivation_twin *ptwin)
840 {
841 	int rc;
842 
843 	rc = generate_key(conn, sess, ptwin->encryption.label,
844 			  ptwin->encryption.context, sess->smb3encryptionkey,
845 			  SMB3_ENC_DEC_KEY_SIZE);
846 	if (rc)
847 		return rc;
848 
849 	rc = generate_key(conn, sess, ptwin->decryption.label,
850 			  ptwin->decryption.context,
851 			  sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
852 	if (rc)
853 		return rc;
854 
855 	ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
856 	ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);
857 	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
858 	ksmbd_debug(AUTH, "Session Key   %*ph\n",
859 		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
860 	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
861 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
862 		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
863 			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
864 		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
865 			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
866 	} else {
867 		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
868 			    SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
869 		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
870 			    SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
871 	}
872 	return 0;
873 }
874 
875 int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
876 				  struct ksmbd_session *sess)
877 {
878 	struct derivation_twin twin;
879 	struct derivation *d;
880 
881 	d = &twin.encryption;
882 	d->label.iov_base = "SMB2AESCCM";
883 	d->label.iov_len = 11;
884 	d->context.iov_base = "ServerOut";
885 	d->context.iov_len = 10;
886 
887 	d = &twin.decryption;
888 	d->label.iov_base = "SMB2AESCCM";
889 	d->label.iov_len = 11;
890 	d->context.iov_base = "ServerIn ";
891 	d->context.iov_len = 10;
892 
893 	return generate_smb3encryptionkey(conn, sess, &twin);
894 }
895 
896 int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,
897 				   struct ksmbd_session *sess)
898 {
899 	struct derivation_twin twin;
900 	struct derivation *d;
901 
902 	d = &twin.encryption;
903 	d->label.iov_base = "SMBS2CCipherKey";
904 	d->label.iov_len = 16;
905 	d->context.iov_base = sess->Preauth_HashValue;
906 	d->context.iov_len = 64;
907 
908 	d = &twin.decryption;
909 	d->label.iov_base = "SMBC2SCipherKey";
910 	d->label.iov_len = 16;
911 	d->context.iov_base = sess->Preauth_HashValue;
912 	d->context.iov_len = 64;
913 
914 	return generate_smb3encryptionkey(conn, sess, &twin);
915 }
916 
917 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,
918 				     __u8 *pi_hash)
919 {
920 	int rc;
921 	struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);
922 	char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;
923 	int msg_size = get_rfc1002_len(buf);
924 	struct ksmbd_crypto_ctx *ctx = NULL;
925 
926 	if (conn->preauth_info->Preauth_HashId !=
927 	    SMB2_PREAUTH_INTEGRITY_SHA512)
928 		return -EINVAL;
929 
930 	ctx = ksmbd_crypto_ctx_find_sha512();
931 	if (!ctx) {
932 		ksmbd_debug(AUTH, "could not alloc sha512\n");
933 		return -ENOMEM;
934 	}
935 
936 	rc = crypto_shash_init(CRYPTO_SHA512(ctx));
937 	if (rc) {
938 		ksmbd_debug(AUTH, "could not init shashn");
939 		goto out;
940 	}
941 
942 	rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64);
943 	if (rc) {
944 		ksmbd_debug(AUTH, "could not update with n\n");
945 		goto out;
946 	}
947 
948 	rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size);
949 	if (rc) {
950 		ksmbd_debug(AUTH, "could not update with n\n");
951 		goto out;
952 	}
953 
954 	rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash);
955 	if (rc) {
956 		ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
957 		goto out;
958 	}
959 out:
960 	ksmbd_release_crypto_ctx(ctx);
961 	return rc;
962 }
963 
964 int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,
965 		      __u8 *pi_hash)
966 {
967 	int rc;
968 	struct ksmbd_crypto_ctx *ctx = NULL;
969 
970 	ctx = ksmbd_crypto_ctx_find_sha256();
971 	if (!ctx) {
972 		ksmbd_debug(AUTH, "could not alloc sha256\n");
973 		return -ENOMEM;
974 	}
975 
976 	rc = crypto_shash_init(CRYPTO_SHA256(ctx));
977 	if (rc) {
978 		ksmbd_debug(AUTH, "could not init shashn");
979 		goto out;
980 	}
981 
982 	rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len);
983 	if (rc) {
984 		ksmbd_debug(AUTH, "could not update with n\n");
985 		goto out;
986 	}
987 
988 	rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash);
989 	if (rc) {
990 		ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc);
991 		goto out;
992 	}
993 out:
994 	ksmbd_release_crypto_ctx(ctx);
995 	return rc;
996 }
997 
998 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id,
999 				    int enc, u8 *key)
1000 {
1001 	struct ksmbd_session *sess;
1002 	u8 *ses_enc_key;
1003 
1004 	if (enc)
1005 		sess = work->sess;
1006 	else
1007 		sess = ksmbd_session_lookup_all(work->conn, ses_id);
1008 	if (!sess)
1009 		return -EINVAL;
1010 
1011 	ses_enc_key = enc ? sess->smb3encryptionkey :
1012 		sess->smb3decryptionkey;
1013 	memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
1014 
1015 	return 0;
1016 }
1017 
1018 static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
1019 				   unsigned int buflen)
1020 {
1021 	void *addr;
1022 
1023 	if (is_vmalloc_addr(buf))
1024 		addr = vmalloc_to_page(buf);
1025 	else
1026 		addr = virt_to_page(buf);
1027 	sg_set_page(sg, addr, buflen, offset_in_page(buf));
1028 }
1029 
1030 static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
1031 					 u8 *sign)
1032 {
1033 	struct scatterlist *sg;
1034 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1035 	int i, *nr_entries, total_entries = 0, sg_idx = 0;
1036 
1037 	if (!nvec)
1038 		return NULL;
1039 
1040 	nr_entries = kcalloc(nvec, sizeof(int), GFP_KERNEL);
1041 	if (!nr_entries)
1042 		return NULL;
1043 
1044 	for (i = 0; i < nvec - 1; i++) {
1045 		unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
1046 
1047 		if (is_vmalloc_addr(iov[i + 1].iov_base)) {
1048 			nr_entries[i] = ((kaddr + iov[i + 1].iov_len +
1049 					PAGE_SIZE - 1) >> PAGE_SHIFT) -
1050 				(kaddr >> PAGE_SHIFT);
1051 		} else {
1052 			nr_entries[i]++;
1053 		}
1054 		total_entries += nr_entries[i];
1055 	}
1056 
1057 	/* Add two entries for transform header and signature */
1058 	total_entries += 2;
1059 
1060 	sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL);
1061 	if (!sg) {
1062 		kfree(nr_entries);
1063 		return NULL;
1064 	}
1065 
1066 	sg_init_table(sg, total_entries);
1067 	smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len);
1068 	for (i = 0; i < nvec - 1; i++) {
1069 		void *data = iov[i + 1].iov_base;
1070 		int len = iov[i + 1].iov_len;
1071 
1072 		if (is_vmalloc_addr(data)) {
1073 			int j, offset = offset_in_page(data);
1074 
1075 			for (j = 0; j < nr_entries[i]; j++) {
1076 				unsigned int bytes = PAGE_SIZE - offset;
1077 
1078 				if (!len)
1079 					break;
1080 
1081 				if (bytes > len)
1082 					bytes = len;
1083 
1084 				sg_set_page(&sg[sg_idx++],
1085 					    vmalloc_to_page(data), bytes,
1086 					    offset_in_page(data));
1087 
1088 				data += bytes;
1089 				len -= bytes;
1090 				offset = 0;
1091 			}
1092 		} else {
1093 			sg_set_page(&sg[sg_idx++], virt_to_page(data), len,
1094 				    offset_in_page(data));
1095 		}
1096 	}
1097 	smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE);
1098 	kfree(nr_entries);
1099 	return sg;
1100 }
1101 
1102 int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov,
1103 			unsigned int nvec, int enc)
1104 {
1105 	struct ksmbd_conn *conn = work->conn;
1106 	struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);
1107 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
1108 	int rc;
1109 	struct scatterlist *sg;
1110 	u8 sign[SMB2_SIGNATURE_SIZE] = {};
1111 	u8 key[SMB3_ENC_DEC_KEY_SIZE];
1112 	struct aead_request *req;
1113 	char *iv;
1114 	unsigned int iv_len;
1115 	struct crypto_aead *tfm;
1116 	unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
1117 	struct ksmbd_crypto_ctx *ctx;
1118 
1119 	rc = ksmbd_get_encryption_key(work,
1120 				      le64_to_cpu(tr_hdr->SessionId),
1121 				      enc,
1122 				      key);
1123 	if (rc) {
1124 		pr_err("Could not get %scryption key\n", enc ? "en" : "de");
1125 		return rc;
1126 	}
1127 
1128 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1129 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1130 		ctx = ksmbd_crypto_ctx_find_gcm();
1131 	else
1132 		ctx = ksmbd_crypto_ctx_find_ccm();
1133 	if (!ctx) {
1134 		pr_err("crypto alloc failed\n");
1135 		return -ENOMEM;
1136 	}
1137 
1138 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1139 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1140 		tfm = CRYPTO_GCM(ctx);
1141 	else
1142 		tfm = CRYPTO_CCM(ctx);
1143 
1144 	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
1145 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
1146 		rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
1147 	else
1148 		rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE);
1149 	if (rc) {
1150 		pr_err("Failed to set aead key %d\n", rc);
1151 		goto free_ctx;
1152 	}
1153 
1154 	rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE);
1155 	if (rc) {
1156 		pr_err("Failed to set authsize %d\n", rc);
1157 		goto free_ctx;
1158 	}
1159 
1160 	req = aead_request_alloc(tfm, GFP_KERNEL);
1161 	if (!req) {
1162 		rc = -ENOMEM;
1163 		goto free_ctx;
1164 	}
1165 
1166 	if (!enc) {
1167 		memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE);
1168 		crypt_len += SMB2_SIGNATURE_SIZE;
1169 	}
1170 
1171 	sg = ksmbd_init_sg(iov, nvec, sign);
1172 	if (!sg) {
1173 		pr_err("Failed to init sg\n");
1174 		rc = -ENOMEM;
1175 		goto free_req;
1176 	}
1177 
1178 	iv_len = crypto_aead_ivsize(tfm);
1179 	iv = kzalloc(iv_len, GFP_KERNEL);
1180 	if (!iv) {
1181 		rc = -ENOMEM;
1182 		goto free_sg;
1183 	}
1184 
1185 	if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
1186 	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
1187 		memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
1188 	} else {
1189 		iv[0] = 3;
1190 		memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
1191 	}
1192 
1193 	aead_request_set_crypt(req, sg, sg, crypt_len, iv);
1194 	aead_request_set_ad(req, assoc_data_len);
1195 	aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1196 
1197 	if (enc)
1198 		rc = crypto_aead_encrypt(req);
1199 	else
1200 		rc = crypto_aead_decrypt(req);
1201 	if (rc)
1202 		goto free_iv;
1203 
1204 	if (enc)
1205 		memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
1206 
1207 free_iv:
1208 	kfree(iv);
1209 free_sg:
1210 	kfree(sg);
1211 free_req:
1212 	kfree(req);
1213 free_ctx:
1214 	ksmbd_release_crypto_ctx(ctx);
1215 	return rc;
1216 }
1217