[CIFS] Fix ntlmv2 auth with ntlmssp

	tristate "CIFS support (advanced network filesystem, SMBFS successor)"

	depends on INET

	select NLS

	select CRYPTO_MD5

	select CRYPTO_ARC4

	help

	  This is the client VFS module for the Common Internet File System

	  (CIFS) protocol which is the successor to the Server Message Block

				if (compare_oid(oid, oidlen, MSKRB5_OID,

						MSKRB5_OID_LEN))

					server->sec_mskerberos = true;

				else if (compare_oid(oid, oidlen, KRB5U2U_OID,

				if (compare_oid(oid, oidlen, KRB5U2U_OID,

						     KRB5U2U_OID_LEN))

					server->sec_kerberosu2u = true;

				else if (compare_oid(oid, oidlen, KRB5_OID,

				if (compare_oid(oid, oidlen, KRB5_OID,

						     KRB5_OID_LEN))

					server->sec_kerberos = true;

				else if (compare_oid(oid, oidlen, NTLMSSP_OID,

				if (compare_oid(oid, oidlen, NTLMSSP_OID,

						     NTLMSSP_OID_LEN))

					server->sec_ntlmssp = true;

#include "md5.h"

#include "cifs_unicode.h"

#include "cifsproto.h"

#include "ntlmssp.h"

#include <linux/ctype.h>

#include <linux/random.h>

		       unsigned char *p24);

static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,

				    const struct mac_key *key, char *signature)

			struct TCP_Server_Info *server, char *signature)

{

	struct	MD5Context context;

	int rc = 0;

	struct {

		struct shash_desc shash;

		char ctx[crypto_shash_descsize(server->ntlmssp.md5)];

	} sdesc;

	if ((cifs_pdu == NULL) || (signature == NULL) || (key == NULL))

	if (cifs_pdu == NULL || server == NULL || signature == NULL)

		return -EINVAL;

	cifs_MD5_init(&context);

	cifs_MD5_update(&context, (char *)&key->data, key->len);

	cifs_MD5_update(&context, cifs_pdu->Protocol, cifs_pdu->smb_buf_length);

	sdesc.shash.tfm = server->ntlmssp.md5;

	sdesc.shash.flags = 0x0;

	rc = crypto_shash_init(&sdesc.shash);

	if (rc) {

		cERROR(1, "could not initialize master crypto API hmacmd5\n");

		return rc;

	}

	if (server->secType == RawNTLMSSP)

		crypto_shash_update(&sdesc.shash,

			server->session_key.data.ntlmv2.key,

			CIFS_NTLMV2_SESSKEY_SIZE);

	else

		crypto_shash_update(&sdesc.shash,

			(char *)&server->session_key.data,

			server->session_key.len);

	crypto_shash_update(&sdesc.shash,

			cifs_pdu->Protocol, cifs_pdu->smb_buf_length);

	rc = crypto_shash_final(&sdesc.shash, signature);

	cifs_MD5_final(signature, &context);

	return 0;

}

int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,

		  __u32 *pexpected_response_sequence_number)

{

	server->sequence_number++;

	spin_unlock(&GlobalMid_Lock);

	rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key,

				      smb_signature);

	rc = cifs_calculate_signature(cifs_pdu, server, smb_signature);

	if (rc)

		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);

	else

}

static int cifs_calc_signature2(const struct kvec *iov, int n_vec,

				const struct mac_key *key, char *signature)

			struct TCP_Server_Info *server, char *signature)

{

	struct  MD5Context context;

	int i;

	int rc = 0;

	struct {

		struct shash_desc shash;

		char ctx[crypto_shash_descsize(server->ntlmssp.md5)];

	} sdesc;

	if ((iov == NULL) || (signature == NULL) || (key == NULL))

	if (iov == NULL || server == NULL || signature == NULL)

		return -EINVAL;

	cifs_MD5_init(&context);

	cifs_MD5_update(&context, (char *)&key->data, key->len);

	sdesc.shash.tfm = server->ntlmssp.md5;

	sdesc.shash.flags = 0x0;

	rc = crypto_shash_init(&sdesc.shash);

	if (rc) {

		cERROR(1, "could not initialize master crypto API hmacmd5\n");

		return rc;

	}

	if (server->secType == RawNTLMSSP)

		crypto_shash_update(&sdesc.shash,

			server->session_key.data.ntlmv2.key,

			CIFS_NTLMV2_SESSKEY_SIZE);

	else

		crypto_shash_update(&sdesc.shash,

			(char *)&server->session_key.data,

			server->session_key.len);

	for (i = 0; i < n_vec; i++) {

		if (iov[i].iov_len == 0)

			continue;

		if (i == 0) {

			if (iov[0].iov_len <= 8) /* cmd field at offset 9 */

				break; /* nothing to sign or corrupt header */

			cifs_MD5_update(&context, iov[0].iov_base+4,

				  iov[0].iov_len-4);

			crypto_shash_update(&sdesc.shash,

				iov[i].iov_base + 4, iov[i].iov_len - 4);

		} else

			cifs_MD5_update(&context, iov[i].iov_base, iov[i].iov_len);

			crypto_shash_update(&sdesc.shash,

				iov[i].iov_base, iov[i].iov_len);

	}

	cifs_MD5_final(signature, &context);

	rc = crypto_shash_final(&sdesc.shash, signature);

	return 0;

}

int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,

		   __u32 *pexpected_response_sequence_number)

{

	server->sequence_number++;

	spin_unlock(&GlobalMid_Lock);

	rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key,

				      smb_signature);

	rc = cifs_calc_signature2(iov, n_vec, server, smb_signature);

	if (rc)

		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);

	else

}

int cifs_verify_signature(struct smb_hdr *cifs_pdu,

			  const struct mac_key *mac_key,

			  struct TCP_Server_Info *server,

			  __u32 expected_sequence_number)

{

	unsigned int rc;

	int rc;

	char server_response_sig[8];

	char what_we_think_sig_should_be[20];

	if ((cifs_pdu == NULL) || (mac_key == NULL))

	if (cifs_pdu == NULL || server == NULL)

		return -EINVAL;

	if (cifs_pdu->Command == SMB_COM_NEGOTIATE)

					cpu_to_le32(expected_sequence_number);

	cifs_pdu->Signature.Sequence.Reserved = 0;

	rc = cifs_calculate_signature(cifs_pdu, mac_key,

	rc = cifs_calculate_signature(cifs_pdu, server,

		what_we_think_sig_should_be);

	if (rc)

}

/* We fill in key by putting in 40 byte array which was allocated by caller */

int cifs_calculate_mac_key(struct mac_key *key, const char *rn,

int cifs_calculate_session_key(struct session_key *key, const char *rn,

			   const char *password)

{

	char temp_key[16];

	return 0;

}

int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *ses,

			       const struct nls_table *nls_info)

{

	char temp_hash[16];

	struct HMACMD5Context ctx;

	char *ucase_buf;

	__le16 *unicode_buf;

	unsigned int i, user_name_len, dom_name_len;

	if (ses == NULL)

		return -EINVAL;

	E_md4hash(ses->password, temp_hash);

	hmac_md5_init_limK_to_64(temp_hash, 16, &ctx);

	user_name_len = strlen(ses->userName);

	if (user_name_len > MAX_USERNAME_SIZE)

		return -EINVAL;

	if (ses->domainName == NULL)

		return -EINVAL; /* BB should we use CIFS_LINUX_DOM */

	dom_name_len = strlen(ses->domainName);

	if (dom_name_len > MAX_USERNAME_SIZE)

		return -EINVAL;

	ucase_buf = kmalloc((MAX_USERNAME_SIZE+1), GFP_KERNEL);

	if (ucase_buf == NULL)

		return -ENOMEM;

	unicode_buf = kmalloc((MAX_USERNAME_SIZE+1)*4, GFP_KERNEL);

	if (unicode_buf == NULL) {

		kfree(ucase_buf);

		return -ENOMEM;

	}

	for (i = 0; i < user_name_len; i++)

		ucase_buf[i] = nls_info->charset2upper[(int)ses->userName[i]];

	ucase_buf[i] = 0;

	user_name_len = cifs_strtoUCS(unicode_buf, ucase_buf,

				      MAX_USERNAME_SIZE*2, nls_info);

	unicode_buf[user_name_len] = 0;

	user_name_len++;

	for (i = 0; i < dom_name_len; i++)

		ucase_buf[i] = nls_info->charset2upper[(int)ses->domainName[i]];

	ucase_buf[i] = 0;

	dom_name_len = cifs_strtoUCS(unicode_buf+user_name_len, ucase_buf,

				     MAX_USERNAME_SIZE*2, nls_info);

	unicode_buf[user_name_len + dom_name_len] = 0;

	hmac_md5_update((const unsigned char *) unicode_buf,

		(user_name_len+dom_name_len)*2, &ctx);

	hmac_md5_final(ses->server->ntlmv2_hash, &ctx);

	kfree(ucase_buf);

	kfree(unicode_buf);

	return 0;

}

#ifdef CONFIG_CIFS_WEAK_PW_HASH

void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,

			char *lnm_session_key)

{

	int rc = 0;

	int len;

	char nt_hash[16];

	struct HMACMD5Context *pctxt;

	char nt_hash[CIFS_NTHASH_SIZE];

	wchar_t *user;

	wchar_t *domain;

	pctxt = kmalloc(sizeof(struct HMACMD5Context), GFP_KERNEL);

	if (pctxt == NULL)

		return -ENOMEM;

	wchar_t *server;

	struct {

		struct shash_desc shash;

		char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];

	} sdesc;

	/* calculate md4 hash of password */

	E_md4hash(ses->password, nt_hash);

	/* convert Domainname to unicode and uppercase */

	hmac_md5_init_limK_to_64(nt_hash, 16, pctxt);

	sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;

	sdesc.shash.flags = 0x0;

	crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash,

				CIFS_NTHASH_SIZE);

	rc = crypto_shash_init(&sdesc.shash);

	if (rc) {

		cERROR(1, "could not initialize master crypto API hmacmd5\n");

		return rc;

	}

	/* convert ses->userName to unicode and uppercase */

	len = strlen(ses->userName);

		goto calc_exit_2;

	len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);

	UniStrupr(user);

	hmac_md5_update((char *)user, 2*len, pctxt);

	crypto_shash_update(&sdesc.shash, (char *)user, 2 * len);

	/* convert ses->domainName to unicode and uppercase */

	if (ses->domainName) {

		   Maybe converting the domain name earlier makes sense */

		/* UniStrupr(domain); */

		hmac_md5_update((char *)domain, 2*len, pctxt);

		crypto_shash_update(&sdesc.shash, (char *)domain, 2 * len);

		kfree(domain);

	} else if (ses->serverName) {

		len = strlen(ses->serverName);

		server = kmalloc(2 + (len * 2), GFP_KERNEL);

		if (server == NULL)

			goto calc_exit_1;

		len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,

					nls_cp);

		/* the following line was removed since it didn't work well

		   with lower cased domain name that passed as an option.

		   Maybe converting the domain name earlier makes sense */

		/* UniStrupr(domain); */

		crypto_shash_update(&sdesc.shash, (char *)server, 2 * len);

		kfree(server);

	}

calc_exit_1:

	kfree(user);

calc_exit_2:

	/* BB FIXME what about bytes 24 through 40 of the signing key?

	   compare with the NTLM example */

	hmac_md5_final(ses->server->ntlmv2_hash, pctxt);

	rc = crypto_shash_final(&sdesc.shash, ses->server->ntlmv2_hash);

	kfree(pctxt);

	return rc;

}

void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,

		      const struct nls_table *nls_cp)

static int

find_domain_name(struct cifsSesInfo *ses)

{

	int rc = 0;

	unsigned int attrsize;

	unsigned int type;

	unsigned char *blobptr;

	struct ntlmssp2_name *attrptr;

	if (ses->server->tiblob) {

		blobptr = ses->server->tiblob;

		attrptr = (struct ntlmssp2_name *) blobptr;

		while ((type = attrptr->type) != 0) {

			blobptr += 2; /* advance attr type */

			attrsize = attrptr->length;

			blobptr += 2; /* advance attr size */

			if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {

				if (!ses->domainName) {

					ses->domainName =

						kmalloc(attrptr->length + 1,

								GFP_KERNEL);

					if (!ses->domainName)

							return -ENOMEM;

					cifs_from_ucs2(ses->domainName,

						(__le16 *)blobptr,

						attrptr->length,

						attrptr->length,

						load_nls_default(), false);

				}

			}

			blobptr += attrsize; /* advance attr  value */

			attrptr = (struct ntlmssp2_name *) blobptr;

		}

	} else {

		ses->server->tilen = 2 * sizeof(struct ntlmssp2_name);

		ses->server->tiblob = kmalloc(ses->server->tilen, GFP_KERNEL);

		if (!ses->server->tiblob) {

			ses->server->tilen = 0;

			cERROR(1, "Challenge target info allocation failure");

			return -ENOMEM;

		}

		memset(ses->server->tiblob, 0x0, ses->server->tilen);

		attrptr = (struct ntlmssp2_name *) ses->server->tiblob;

		attrptr->type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE);

	}

	return rc;

}

static int

CalcNTLMv2_response(const struct TCP_Server_Info *server,

			 char *v2_session_response)

{

	int rc;

	struct {

		struct shash_desc shash;

		char ctx[crypto_shash_descsize(server->ntlmssp.hmacmd5)];

	} sdesc;

	sdesc.shash.tfm = server->ntlmssp.hmacmd5;

	sdesc.shash.flags = 0x0;

	crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash,

		CIFS_HMAC_MD5_HASH_SIZE);

	rc = crypto_shash_init(&sdesc.shash);

	if (rc) {

		cERROR(1, "could not initialize master crypto API hmacmd5\n");

		return rc;

	}

	memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,

		server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE);

	crypto_shash_update(&sdesc.shash,

		v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,

		sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE);

	if (server->tilen)

		crypto_shash_update(&sdesc.shash,

					server->tiblob, server->tilen);

	rc = crypto_shash_final(&sdesc.shash, v2_session_response);

	return rc;

}

int

setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,

		      const struct nls_table *nls_cp)

{

	int rc = 0;

	struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf;

	struct HMACMD5Context context;

	struct {

		struct shash_desc shash;

		char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];

	} sdesc;

	buf->blob_signature = cpu_to_le32(0x00000101);

	buf->reserved = 0;

	buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));

	get_random_bytes(&buf->client_chal, sizeof(buf->client_chal));

	buf->reserved2 = 0;

	buf->names[0].type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE);

	buf->names[0].length = 0;

	buf->names[1].type = 0;

	buf->names[1].length = 0;

	if (!ses->domainName) {

		rc = find_domain_name(ses);

		if (rc) {

			cERROR(1, "could not get domain/server name rc %d", rc);

			return rc;

		}

	}

	/* calculate buf->ntlmv2_hash */

	rc = calc_ntlmv2_hash(ses, nls_cp);

	if (rc)

	if (rc) {

		cERROR(1, "could not get v2 hash rc %d", rc);

	CalcNTLMv2_response(ses, resp_buf);

		return rc;

	}

	rc = CalcNTLMv2_response(ses->server, resp_buf);

	if (rc) {

		cERROR(1, "could not get v2 hash rc %d", rc);

		return rc;

	}

	crypto_shash_setkey(ses->server->ntlmssp.hmacmd5,

			ses->server->ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);

	sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;

	sdesc.shash.flags = 0x0;

	rc = crypto_shash_init(&sdesc.shash);

	if (rc) {

		cERROR(1, "could not initialize master crypto API hmacmd5\n");

		return rc;

	}

	/* now calculate the MAC key for NTLMv2 */

	hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context);

	hmac_md5_update(resp_buf, 16, &context);

	hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context);

	crypto_shash_update(&sdesc.shash, resp_buf, CIFS_HMAC_MD5_HASH_SIZE);

	memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf,

	rc = crypto_shash_final(&sdesc.shash,

		ses->server->session_key.data.ntlmv2.key);

	memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,

			sizeof(struct ntlmv2_resp));

	ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp);

	ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp);

	return rc;

}

void CalcNTLMv2_response(const struct cifsSesInfo *ses,

			 char *v2_session_response)

int

calc_seckey(struct TCP_Server_Info *server)

{

	struct HMACMD5Context context;

	/* rest of v2 struct already generated */

	memcpy(v2_session_response + 8, ses->server->cryptKey, 8);

	hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context);

	int rc;

	unsigned char sec_key[CIFS_NTLMV2_SESSKEY_SIZE];

	struct crypto_blkcipher *tfm_arc4;

	struct scatterlist sgin, sgout;

	struct blkcipher_desc desc;

	get_random_bytes(sec_key, CIFS_NTLMV2_SESSKEY_SIZE);

	tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)",

						0, CRYPTO_ALG_ASYNC);

	if (!tfm_arc4 || IS_ERR(tfm_arc4)) {

		cERROR(1, "could not allocate " "master crypto API arc4\n");

		return 1;

	}

	crypto_blkcipher_setkey(tfm_arc4,

		server->session_key.data.ntlmv2.key, CIFS_CPHTXT_SIZE);

	sg_init_one(&sgin, sec_key, CIFS_CPHTXT_SIZE);

	sg_init_one(&sgout, server->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE);

	rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE);

	hmac_md5_update(v2_session_response+8,

			sizeof(struct ntlmv2_resp) - 8, &context);

	if (!rc)

		memcpy(server->session_key.data.ntlmv2.key,

				sec_key, CIFS_NTLMV2_SESSKEY_SIZE);

	hmac_md5_final(v2_session_response, &context);

/*	cifs_dump_mem("v2_sess_rsp: ", v2_session_response, 32); */

	crypto_free_blkcipher(tfm_arc4);

	return 0;

}

void

cifs_crypto_shash_release(struct TCP_Server_Info *server)

{

	if (server->ntlmssp.md5)

		crypto_free_shash(server->ntlmssp.md5);

	if (server->ntlmssp.hmacmd5)

		crypto_free_shash(server->ntlmssp.hmacmd5);

}

int

cifs_crypto_shash_allocate(struct TCP_Server_Info *server)

{

	server->ntlmssp.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);

	if (!server->ntlmssp.hmacmd5 ||

			IS_ERR(server->ntlmssp.hmacmd5)) {

		cERROR(1, "could not allocate master crypto API hmacmd5\n");

		return 1;

	}

	server->ntlmssp.md5 = crypto_alloc_shash("md5", 0, 0);

	if (!server->ntlmssp.md5 || IS_ERR(server->ntlmssp.md5)) {

		crypto_free_shash(server->ntlmssp.hmacmd5);

		cERROR(1, "could not allocate master crypto API md5\n");

		return 1;

	}

	return 0;

}