Linux Audio

Check our new training course

Loading...
Note: File does not exist in v6.13.7.
  1// SPDX-License-Identifier: LGPL-2.1
  2/*
  3 *
  4 *   Encryption and hashing operations relating to NTLM, NTLMv2.  See MS-NLMP
  5 *   for more detailed information
  6 *
  7 *   Copyright (C) International Business Machines  Corp., 2005,2013
  8 *   Author(s): Steve French (sfrench@us.ibm.com)
  9 *
 10 */
 11
 12#include <linux/fs.h>
 13#include <linux/slab.h>
 14#include "cifspdu.h"
 15#include "cifsglob.h"
 16#include "cifs_debug.h"
 17#include "cifs_unicode.h"
 18#include "cifsproto.h"
 19#include "ntlmssp.h"
 20#include <linux/ctype.h>
 21#include <linux/random.h>
 22#include <linux/highmem.h>
 23#include <linux/fips.h>
 24#include "../smbfs_common/arc4.h"
 25#include <crypto/aead.h>
 26
 27int __cifs_calc_signature(struct smb_rqst *rqst,
 28			struct TCP_Server_Info *server, char *signature,
 29			struct shash_desc *shash)
 30{
 31	int i;
 32	int rc;
 33	struct kvec *iov = rqst->rq_iov;
 34	int n_vec = rqst->rq_nvec;
 35
 36	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
 37	if (!is_smb1(server)) {
 38		if (iov[0].iov_len <= 4)
 39			return -EIO;
 40		i = 0;
 41	} else {
 42		if (n_vec < 2 || iov[0].iov_len != 4)
 43			return -EIO;
 44		i = 1; /* skip rfc1002 length */
 45	}
 46
 47	for (; i < n_vec; i++) {
 48		if (iov[i].iov_len == 0)
 49			continue;
 50		if (iov[i].iov_base == NULL) {
 51			cifs_dbg(VFS, "null iovec entry\n");
 52			return -EIO;
 53		}
 54
 55		rc = crypto_shash_update(shash,
 56					 iov[i].iov_base, iov[i].iov_len);
 57		if (rc) {
 58			cifs_dbg(VFS, "%s: Could not update with payload\n",
 59				 __func__);
 60			return rc;
 61		}
 62	}
 63
 64	/* now hash over the rq_pages array */
 65	for (i = 0; i < rqst->rq_npages; i++) {
 66		void *kaddr;
 67		unsigned int len, offset;
 68
 69		rqst_page_get_length(rqst, i, &len, &offset);
 70
 71		kaddr = (char *) kmap(rqst->rq_pages[i]) + offset;
 72
 73		rc = crypto_shash_update(shash, kaddr, len);
 74		if (rc) {
 75			cifs_dbg(VFS, "%s: Could not update with payload\n",
 76				 __func__);
 77			kunmap(rqst->rq_pages[i]);
 78			return rc;
 79		}
 80
 81		kunmap(rqst->rq_pages[i]);
 82	}
 83
 84	rc = crypto_shash_final(shash, signature);
 85	if (rc)
 86		cifs_dbg(VFS, "%s: Could not generate hash\n", __func__);
 87
 88	return rc;
 89}
 90
 91/*
 92 * Calculate and return the CIFS signature based on the mac key and SMB PDU.
 93 * The 16 byte signature must be allocated by the caller. Note we only use the
 94 * 1st eight bytes and that the smb header signature field on input contains
 95 * the sequence number before this function is called. Also, this function
 96 * should be called with the server->srv_mutex held.
 97 */
 98static int cifs_calc_signature(struct smb_rqst *rqst,
 99			struct TCP_Server_Info *server, char *signature)
100{
101	int rc;
102
103	if (!rqst->rq_iov || !signature || !server)
104		return -EINVAL;
105
106	rc = cifs_alloc_hash("md5", &server->secmech.md5);
107	if (rc)
108		return -1;
109
110	rc = crypto_shash_init(server->secmech.md5);
111	if (rc) {
112		cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
113		return rc;
114	}
115
116	rc = crypto_shash_update(server->secmech.md5,
117		server->session_key.response, server->session_key.len);
118	if (rc) {
119		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
120		return rc;
121	}
122
123	return __cifs_calc_signature(rqst, server, signature, server->secmech.md5);
124}
125
126/* must be called with server->srv_mutex held */
127int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server,
128		   __u32 *pexpected_response_sequence_number)
129{
130	int rc = 0;
131	char smb_signature[20];
132	struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
133
134	if (rqst->rq_iov[0].iov_len != 4 ||
135	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
136		return -EIO;
137
138	if ((cifs_pdu == NULL) || (server == NULL))
139		return -EINVAL;
140
141	spin_lock(&server->srv_lock);
142	if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
143	    server->tcpStatus == CifsNeedNegotiate) {
144		spin_unlock(&server->srv_lock);
145		return rc;
146	}
147	spin_unlock(&server->srv_lock);
148
149	if (!server->session_estab) {
150		memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
151		return rc;
152	}
153
154	cifs_pdu->Signature.Sequence.SequenceNumber =
155				cpu_to_le32(server->sequence_number);
156	cifs_pdu->Signature.Sequence.Reserved = 0;
157
158	*pexpected_response_sequence_number = ++server->sequence_number;
159	++server->sequence_number;
160
161	rc = cifs_calc_signature(rqst, server, smb_signature);
162	if (rc)
163		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
164	else
165		memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);
166
167	return rc;
168}
169
170int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
171		   __u32 *pexpected_response_sequence)
172{
173	struct smb_rqst rqst = { .rq_iov = iov,
174				 .rq_nvec = n_vec };
175
176	return cifs_sign_rqst(&rqst, server, pexpected_response_sequence);
177}
178
179/* must be called with server->srv_mutex held */
180int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
181		  __u32 *pexpected_response_sequence_number)
182{
183	struct kvec iov[2];
184
185	iov[0].iov_base = cifs_pdu;
186	iov[0].iov_len = 4;
187	iov[1].iov_base = (char *)cifs_pdu + 4;
188	iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length);
189
190	return cifs_sign_smbv(iov, 2, server,
191			      pexpected_response_sequence_number);
192}
193
194int cifs_verify_signature(struct smb_rqst *rqst,
195			  struct TCP_Server_Info *server,
196			  __u32 expected_sequence_number)
197{
198	unsigned int rc;
199	char server_response_sig[8];
200	char what_we_think_sig_should_be[20];
201	struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
202
203	if (rqst->rq_iov[0].iov_len != 4 ||
204	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
205		return -EIO;
206
207	if (cifs_pdu == NULL || server == NULL)
208		return -EINVAL;
209
210	if (!server->session_estab)
211		return 0;
212
213	if (cifs_pdu->Command == SMB_COM_LOCKING_ANDX) {
214		struct smb_com_lock_req *pSMB =
215			(struct smb_com_lock_req *)cifs_pdu;
216		if (pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)
217			return 0;
218	}
219
220	/* BB what if signatures are supposed to be on for session but
221	   server does not send one? BB */
222
223	/* Do not need to verify session setups with signature "BSRSPYL "  */
224	if (memcmp(cifs_pdu->Signature.SecuritySignature, "BSRSPYL ", 8) == 0)
225		cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
226			 cifs_pdu->Command);
227
228	/* save off the origiginal signature so we can modify the smb and check
229		its signature against what the server sent */
230	memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8);
231
232	cifs_pdu->Signature.Sequence.SequenceNumber =
233					cpu_to_le32(expected_sequence_number);
234	cifs_pdu->Signature.Sequence.Reserved = 0;
235
236	cifs_server_lock(server);
237	rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
238	cifs_server_unlock(server);
239
240	if (rc)
241		return rc;
242
243/*	cifs_dump_mem("what we think it should be: ",
244		      what_we_think_sig_should_be, 16); */
245
246	if (memcmp(server_response_sig, what_we_think_sig_should_be, 8))
247		return -EACCES;
248	else
249		return 0;
250
251}
252
253/* Build a proper attribute value/target info pairs blob.
254 * Fill in netbios and dns domain name and workstation name
255 * and client time (total five av pairs and + one end of fields indicator.
256 * Allocate domain name which gets freed when session struct is deallocated.
257 */
258static int
259build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
260{
261	unsigned int dlen;
262	unsigned int size = 2 * sizeof(struct ntlmssp2_name);
263	char *defdmname = "WORKGROUP";
264	unsigned char *blobptr;
265	struct ntlmssp2_name *attrptr;
266
267	if (!ses->domainName) {
268		ses->domainName = kstrdup(defdmname, GFP_KERNEL);
269		if (!ses->domainName)
270			return -ENOMEM;
271	}
272
273	dlen = strlen(ses->domainName);
274
275	/*
276	 * The length of this blob is two times the size of a
277	 * structure (av pair) which holds name/size
278	 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
279	 * unicode length of a netbios domain name
280	 */
281	kfree_sensitive(ses->auth_key.response);
282	ses->auth_key.len = size + 2 * dlen;
283	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
284	if (!ses->auth_key.response) {
285		ses->auth_key.len = 0;
286		return -ENOMEM;
287	}
288
289	blobptr = ses->auth_key.response;
290	attrptr = (struct ntlmssp2_name *) blobptr;
291
292	/*
293	 * As defined in MS-NTLM 3.3.2, just this av pair field
294	 * is sufficient as part of the temp
295	 */
296	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
297	attrptr->length = cpu_to_le16(2 * dlen);
298	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
299	cifs_strtoUTF16((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
300
301	return 0;
302}
303
304/* Server has provided av pairs/target info in the type 2 challenge
305 * packet and we have plucked it and stored within smb session.
306 * We parse that blob here to find netbios domain name to be used
307 * as part of ntlmv2 authentication (in Target String), if not already
308 * specified on the command line.
309 * If this function returns without any error but without fetching
310 * domain name, authentication may fail against some server but
311 * may not fail against other (those who are not very particular
312 * about target string i.e. for some, just user name might suffice.
313 */
314static int
315find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp)
316{
317	unsigned int attrsize;
318	unsigned int type;
319	unsigned int onesize = sizeof(struct ntlmssp2_name);
320	unsigned char *blobptr;
321	unsigned char *blobend;
322	struct ntlmssp2_name *attrptr;
323
324	if (!ses->auth_key.len || !ses->auth_key.response)
325		return 0;
326
327	blobptr = ses->auth_key.response;
328	blobend = blobptr + ses->auth_key.len;
329
330	while (blobptr + onesize < blobend) {
331		attrptr = (struct ntlmssp2_name *) blobptr;
332		type = le16_to_cpu(attrptr->type);
333		if (type == NTLMSSP_AV_EOL)
334			break;
335		blobptr += 2; /* advance attr type */
336		attrsize = le16_to_cpu(attrptr->length);
337		blobptr += 2; /* advance attr size */
338		if (blobptr + attrsize > blobend)
339			break;
340		if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {
341			if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN)
342				break;
343			if (!ses->domainName) {
344				ses->domainName =
345					kmalloc(attrsize + 1, GFP_KERNEL);
346				if (!ses->domainName)
347						return -ENOMEM;
348				cifs_from_utf16(ses->domainName,
349					(__le16 *)blobptr, attrsize, attrsize,
350					nls_cp, NO_MAP_UNI_RSVD);
351				break;
352			}
353		}
354		blobptr += attrsize; /* advance attr  value */
355	}
356
357	return 0;
358}
359
360/* Server has provided av pairs/target info in the type 2 challenge
361 * packet and we have plucked it and stored within smb session.
362 * We parse that blob here to find the server given timestamp
363 * as part of ntlmv2 authentication (or local current time as
364 * default in case of failure)
365 */
366static __le64
367find_timestamp(struct cifs_ses *ses)
368{
369	unsigned int attrsize;
370	unsigned int type;
371	unsigned int onesize = sizeof(struct ntlmssp2_name);
372	unsigned char *blobptr;
373	unsigned char *blobend;
374	struct ntlmssp2_name *attrptr;
375	struct timespec64 ts;
376
377	if (!ses->auth_key.len || !ses->auth_key.response)
378		return 0;
379
380	blobptr = ses->auth_key.response;
381	blobend = blobptr + ses->auth_key.len;
382
383	while (blobptr + onesize < blobend) {
384		attrptr = (struct ntlmssp2_name *) blobptr;
385		type = le16_to_cpu(attrptr->type);
386		if (type == NTLMSSP_AV_EOL)
387			break;
388		blobptr += 2; /* advance attr type */
389		attrsize = le16_to_cpu(attrptr->length);
390		blobptr += 2; /* advance attr size */
391		if (blobptr + attrsize > blobend)
392			break;
393		if (type == NTLMSSP_AV_TIMESTAMP) {
394			if (attrsize == sizeof(u64))
395				return *((__le64 *)blobptr);
396		}
397		blobptr += attrsize; /* advance attr value */
398	}
399
400	ktime_get_real_ts64(&ts);
401	return cpu_to_le64(cifs_UnixTimeToNT(ts));
402}
403
404static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
405			    const struct nls_table *nls_cp)
406{
407	int rc = 0;
408	int len;
409	char nt_hash[CIFS_NTHASH_SIZE];
410	__le16 *user;
411	wchar_t *domain;
412	wchar_t *server;
413
414	if (!ses->server->secmech.hmacmd5) {
415		cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
416		return -1;
417	}
418
419	/* calculate md4 hash of password */
420	E_md4hash(ses->password, nt_hash, nls_cp);
421
422	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5->tfm, nt_hash,
423				CIFS_NTHASH_SIZE);
424	if (rc) {
425		cifs_dbg(VFS, "%s: Could not set NT Hash as a key\n", __func__);
426		return rc;
427	}
428
429	rc = crypto_shash_init(ses->server->secmech.hmacmd5);
430	if (rc) {
431		cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
432		return rc;
433	}
434
435	/* convert ses->user_name to unicode */
436	len = ses->user_name ? strlen(ses->user_name) : 0;
437	user = kmalloc(2 + (len * 2), GFP_KERNEL);
438	if (user == NULL) {
439		rc = -ENOMEM;
440		return rc;
441	}
442
443	if (len) {
444		len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp);
445		UniStrupr(user);
446	} else {
447		memset(user, '\0', 2);
448	}
449
450	rc = crypto_shash_update(ses->server->secmech.hmacmd5,
451				(char *)user, 2 * len);
452	kfree(user);
453	if (rc) {
454		cifs_dbg(VFS, "%s: Could not update with user\n", __func__);
455		return rc;
456	}
457
458	/* convert ses->domainName to unicode and uppercase */
459	if (ses->domainName) {
460		len = strlen(ses->domainName);
461
462		domain = kmalloc(2 + (len * 2), GFP_KERNEL);
463		if (domain == NULL) {
464			rc = -ENOMEM;
465			return rc;
466		}
467		len = cifs_strtoUTF16((__le16 *)domain, ses->domainName, len,
468				      nls_cp);
469		rc =
470		crypto_shash_update(ses->server->secmech.hmacmd5,
471					(char *)domain, 2 * len);
472		kfree(domain);
473		if (rc) {
474			cifs_dbg(VFS, "%s: Could not update with domain\n",
475				 __func__);
476			return rc;
477		}
478	} else {
479		/* We use ses->ip_addr if no domain name available */
480		len = strlen(ses->ip_addr);
481
482		server = kmalloc(2 + (len * 2), GFP_KERNEL);
483		if (server == NULL) {
484			rc = -ENOMEM;
485			return rc;
486		}
487		len = cifs_strtoUTF16((__le16 *)server, ses->ip_addr, len,
488					nls_cp);
489		rc =
490		crypto_shash_update(ses->server->secmech.hmacmd5,
491					(char *)server, 2 * len);
492		kfree(server);
493		if (rc) {
494			cifs_dbg(VFS, "%s: Could not update with server\n",
495				 __func__);
496			return rc;
497		}
498	}
499
500	rc = crypto_shash_final(ses->server->secmech.hmacmd5,
501					ntlmv2_hash);
502	if (rc)
503		cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
504
505	return rc;
506}
507
508static int
509CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash)
510{
511	int rc;
512	struct ntlmv2_resp *ntlmv2 = (struct ntlmv2_resp *)
513	    (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
514	unsigned int hash_len;
515
516	/* The MD5 hash starts at challenge_key.key */
517	hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE +
518		offsetof(struct ntlmv2_resp, challenge.key[0]));
519
520	if (!ses->server->secmech.hmacmd5) {
521		cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__);
522		return -1;
523	}
524
525	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5->tfm,
526				 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
527	if (rc) {
528		cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
529			 __func__);
530		return rc;
531	}
532
533	rc = crypto_shash_init(ses->server->secmech.hmacmd5);
534	if (rc) {
535		cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
536		return rc;
537	}
538
539	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED)
540		memcpy(ntlmv2->challenge.key,
541		       ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
542	else
543		memcpy(ntlmv2->challenge.key,
544		       ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
545	rc = crypto_shash_update(ses->server->secmech.hmacmd5,
546				 ntlmv2->challenge.key, hash_len);
547	if (rc) {
548		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
549		return rc;
550	}
551
552	/* Note that the MD5 digest over writes anon.challenge_key.key */
553	rc = crypto_shash_final(ses->server->secmech.hmacmd5,
554				ntlmv2->ntlmv2_hash);
555	if (rc)
556		cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
557
558	return rc;
559}
560
561int
562setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
563{
564	int rc;
565	int baselen;
566	unsigned int tilen;
567	struct ntlmv2_resp *ntlmv2;
568	char ntlmv2_hash[16];
569	unsigned char *tiblob = NULL; /* target info blob */
570	__le64 rsp_timestamp;
571
572	if (nls_cp == NULL) {
573		cifs_dbg(VFS, "%s called with nls_cp==NULL\n", __func__);
574		return -EINVAL;
575	}
576
577	if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
578		if (!ses->domainName) {
579			if (ses->domainAuto) {
580				rc = find_domain_name(ses, nls_cp);
581				if (rc) {
582					cifs_dbg(VFS, "error %d finding domain name\n",
583						 rc);
584					goto setup_ntlmv2_rsp_ret;
585				}
586			} else {
587				ses->domainName = kstrdup("", GFP_KERNEL);
588			}
589		}
590	} else {
591		rc = build_avpair_blob(ses, nls_cp);
592		if (rc) {
593			cifs_dbg(VFS, "error %d building av pair blob\n", rc);
594			goto setup_ntlmv2_rsp_ret;
595		}
596	}
597
598	/* Must be within 5 minutes of the server (or in range +/-2h
599	 * in case of Mac OS X), so simply carry over server timestamp
600	 * (as Windows 7 does)
601	 */
602	rsp_timestamp = find_timestamp(ses);
603
604	baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
605	tilen = ses->auth_key.len;
606	tiblob = ses->auth_key.response;
607
608	ses->auth_key.response = kmalloc(baselen + tilen, GFP_KERNEL);
609	if (!ses->auth_key.response) {
610		rc = -ENOMEM;
611		ses->auth_key.len = 0;
612		goto setup_ntlmv2_rsp_ret;
613	}
614	ses->auth_key.len += baselen;
615
616	ntlmv2 = (struct ntlmv2_resp *)
617			(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
618	ntlmv2->blob_signature = cpu_to_le32(0x00000101);
619	ntlmv2->reserved = 0;
620	ntlmv2->time = rsp_timestamp;
621
622	get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
623	ntlmv2->reserved2 = 0;
624
625	memcpy(ses->auth_key.response + baselen, tiblob, tilen);
626
627	cifs_server_lock(ses->server);
628
629	rc = cifs_alloc_hash("hmac(md5)", &ses->server->secmech.hmacmd5);
630	if (rc) {
631		goto unlock;
632	}
633
634	/* calculate ntlmv2_hash */
635	rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
636	if (rc) {
637		cifs_dbg(VFS, "Could not get v2 hash rc %d\n", rc);
638		goto unlock;
639	}
640
641	/* calculate first part of the client response (CR1) */
642	rc = CalcNTLMv2_response(ses, ntlmv2_hash);
643	if (rc) {
644		cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc);
645		goto unlock;
646	}
647
648	/* now calculate the session key for NTLMv2 */
649	rc = crypto_shash_setkey(ses->server->secmech.hmacmd5->tfm,
650		ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
651	if (rc) {
652		cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
653			 __func__);
654		goto unlock;
655	}
656
657	rc = crypto_shash_init(ses->server->secmech.hmacmd5);
658	if (rc) {
659		cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
660		goto unlock;
661	}
662
663	rc = crypto_shash_update(ses->server->secmech.hmacmd5,
664		ntlmv2->ntlmv2_hash,
665		CIFS_HMAC_MD5_HASH_SIZE);
666	if (rc) {
667		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
668		goto unlock;
669	}
670
671	rc = crypto_shash_final(ses->server->secmech.hmacmd5,
672		ses->auth_key.response);
673	if (rc)
674		cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
675
676unlock:
677	cifs_server_unlock(ses->server);
678setup_ntlmv2_rsp_ret:
679	kfree_sensitive(tiblob);
680
681	return rc;
682}
683
684int
685calc_seckey(struct cifs_ses *ses)
686{
687	unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
688	struct arc4_ctx *ctx_arc4;
689
690	if (fips_enabled)
691		return -ENODEV;
692
693	get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
694
695	ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
696	if (!ctx_arc4) {
697		cifs_dbg(VFS, "Could not allocate arc4 context\n");
698		return -ENOMEM;
699	}
700
701	cifs_arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
702	cifs_arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
703			CIFS_CPHTXT_SIZE);
704
705	/* make secondary_key/nonce as session key */
706	memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
707	/* and make len as that of session key only */
708	ses->auth_key.len = CIFS_SESS_KEY_SIZE;
709
710	memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
711	kfree_sensitive(ctx_arc4);
712	return 0;
713}
714
715void
716cifs_crypto_secmech_release(struct TCP_Server_Info *server)
717{
718	cifs_free_hash(&server->secmech.aes_cmac);
719	cifs_free_hash(&server->secmech.hmacsha256);
720	cifs_free_hash(&server->secmech.md5);
721	cifs_free_hash(&server->secmech.sha512);
722	cifs_free_hash(&server->secmech.hmacmd5);
723
724	if (server->secmech.enc) {
725		crypto_free_aead(server->secmech.enc);
726		server->secmech.enc = NULL;
727	}
728
729	if (server->secmech.dec) {
730		crypto_free_aead(server->secmech.dec);
731		server->secmech.dec = NULL;
732	}
733}