smbencrypt.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250
  1. /*
  2. Unix SMB/Netbios implementation.
  3. Version 1.9.
  4. SMB parameters and setup
  5. Copyright (C) Andrew Tridgell 1992-2000
  6. Copyright (C) Luke Kenneth Casson Leighton 1996-2000
  7. Modified by Jeremy Allison 1995.
  8. Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
  9. Modified by Steve French (sfrench@us.ibm.com) 2002-2003
  10. This program is free software; you can redistribute it and/or modify
  11. it under the terms of the GNU General Public License as published by
  12. the Free Software Foundation; either version 2 of the License, or
  13. (at your option) any later version.
  14. This program is distributed in the hope that it will be useful,
  15. but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. GNU General Public License for more details.
  18. You should have received a copy of the GNU General Public License
  19. along with this program; if not, write to the Free Software
  20. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21. */
  22. #include <linux/module.h>
  23. #include <linux/slab.h>
  24. #include <linux/fs.h>
  25. #include <linux/string.h>
  26. #include <linux/kernel.h>
  27. #include <linux/random.h>
  28. #include "cifs_fs_sb.h"
  29. #include "cifs_unicode.h"
  30. #include "cifspdu.h"
  31. #include "cifsglob.h"
  32. #include "cifs_debug.h"
  33. #include "cifsproto.h"
  34. #ifndef false
  35. #define false 0
  36. #endif
  37. #ifndef true
  38. #define true 1
  39. #endif
  40. /* following came from the other byteorder.h to avoid include conflicts */
  41. #define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
  42. #define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
  43. #define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))
  44. static void
  45. str_to_key(unsigned char *str, unsigned char *key)
  46. {
  47. int i;
  48. key[0] = str[0] >> 1;
  49. key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
  50. key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
  51. key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
  52. key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
  53. key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
  54. key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
  55. key[7] = str[6] & 0x7F;
  56. for (i = 0; i < 8; i++)
  57. key[i] = (key[i] << 1);
  58. }
  59. static int
  60. smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
  61. {
  62. int rc;
  63. unsigned char key2[8];
  64. struct crypto_blkcipher *tfm_des;
  65. struct scatterlist sgin, sgout;
  66. struct blkcipher_desc desc;
  67. str_to_key(key, key2);
  68. tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
  69. if (IS_ERR(tfm_des)) {
  70. rc = PTR_ERR(tfm_des);
  71. cifs_dbg(VFS, "could not allocate des crypto API\n");
  72. goto smbhash_err;
  73. }
  74. desc.tfm = tfm_des;
  75. crypto_blkcipher_setkey(tfm_des, key2, 8);
  76. sg_init_one(&sgin, in, 8);
  77. sg_init_one(&sgout, out, 8);
  78. rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, 8);
  79. if (rc)
  80. cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);
  81. crypto_free_blkcipher(tfm_des);
  82. smbhash_err:
  83. return rc;
  84. }
  85. static int
  86. E_P16(unsigned char *p14, unsigned char *p16)
  87. {
  88. int rc;
  89. unsigned char sp8[8] =
  90. { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
  91. rc = smbhash(p16, sp8, p14);
  92. if (rc)
  93. return rc;
  94. rc = smbhash(p16 + 8, sp8, p14 + 7);
  95. return rc;
  96. }
  97. static int
  98. E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
  99. {
  100. int rc;
  101. rc = smbhash(p24, c8, p21);
  102. if (rc)
  103. return rc;
  104. rc = smbhash(p24 + 8, c8, p21 + 7);
  105. if (rc)
  106. return rc;
  107. rc = smbhash(p24 + 16, c8, p21 + 14);
  108. return rc;
  109. }
  110. /* produce a md4 message digest from data of length n bytes */
  111. int
  112. mdfour(unsigned char *md4_hash, unsigned char *link_str, int link_len)
  113. {
  114. int rc;
  115. unsigned int size;
  116. struct crypto_shash *md4;
  117. struct sdesc *sdescmd4;
  118. md4 = crypto_alloc_shash("md4", 0, 0);
  119. if (IS_ERR(md4)) {
  120. rc = PTR_ERR(md4);
  121. cifs_dbg(VFS, "%s: Crypto md4 allocation error %d\n",
  122. __func__, rc);
  123. return rc;
  124. }
  125. size = sizeof(struct shash_desc) + crypto_shash_descsize(md4);
  126. sdescmd4 = kmalloc(size, GFP_KERNEL);
  127. if (!sdescmd4) {
  128. rc = -ENOMEM;
  129. goto mdfour_err;
  130. }
  131. sdescmd4->shash.tfm = md4;
  132. sdescmd4->shash.flags = 0x0;
  133. rc = crypto_shash_init(&sdescmd4->shash);
  134. if (rc) {
  135. cifs_dbg(VFS, "%s: Could not init md4 shash\n", __func__);
  136. goto mdfour_err;
  137. }
  138. rc = crypto_shash_update(&sdescmd4->shash, link_str, link_len);
  139. if (rc) {
  140. cifs_dbg(VFS, "%s: Could not update with link_str\n", __func__);
  141. goto mdfour_err;
  142. }
  143. rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
  144. if (rc)
  145. cifs_dbg(VFS, "%s: Could not generate md4 hash\n", __func__);
  146. mdfour_err:
  147. crypto_free_shash(md4);
  148. kfree(sdescmd4);
  149. return rc;
  150. }
  151. /*
  152. This implements the X/Open SMB password encryption
  153. It takes a password, a 8 byte "crypt key" and puts 24 bytes of
  154. encrypted password into p24 */
  155. /* Note that password must be uppercased and null terminated */
  156. int
  157. SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
  158. {
  159. int rc;
  160. unsigned char p14[14], p16[16], p21[21];
  161. memset(p14, '\0', 14);
  162. memset(p16, '\0', 16);
  163. memset(p21, '\0', 21);
  164. memcpy(p14, passwd, 14);
  165. rc = E_P16(p14, p16);
  166. if (rc)
  167. return rc;
  168. memcpy(p21, p16, 16);
  169. rc = E_P24(p21, c8, p24);
  170. return rc;
  171. }
  172. /*
  173. * Creates the MD4 Hash of the users password in NT UNICODE.
  174. */
  175. int
  176. E_md4hash(const unsigned char *passwd, unsigned char *p16,
  177. const struct nls_table *codepage)
  178. {
  179. int rc;
  180. int len;
  181. __le16 wpwd[129];
  182. /* Password cannot be longer than 128 characters */
  183. if (passwd) /* Password must be converted to NT unicode */
  184. len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
  185. else {
  186. len = 0;
  187. *wpwd = 0; /* Ensure string is null terminated */
  188. }
  189. rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
  190. memzero_explicit(wpwd, sizeof(wpwd));
  191. return rc;
  192. }
  193. /* Does the NT MD4 hash then des encryption. */
  194. int
  195. SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24,
  196. const struct nls_table *codepage)
  197. {
  198. int rc;
  199. unsigned char p16[16], p21[21];
  200. memset(p16, '\0', 16);
  201. memset(p21, '\0', 21);
  202. rc = E_md4hash(passwd, p16, codepage);
  203. if (rc) {
  204. cifs_dbg(FYI, "%s Can't generate NT hash, error: %d\n",
  205. __func__, rc);
  206. return rc;
  207. }
  208. memcpy(p21, p16, 16);
  209. rc = E_P24(p21, c8, p24);
  210. return rc;
  211. }