[deliverable/linux.git] / fs / cifs / smbencrypt.c

/*
   Unix SMB/Netbios implementation.
   Version 1.9.
   SMB parameters and setup
   Copyright (C) Andrew Tridgell 1992-2000
   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
   Modified by Jeremy Allison 1995.
   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   Modified by Steve French (sfrench@us.ibm.com) 2002-2003

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include <linux/module.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/string.h>
#include <linux/kernel.h>
#include <linux/random.h>
#include "cifs_unicode.h"
#include "cifspdu.h"
#include "cifsglob.h"
#include "cifs_debug.h"
#include "cifsproto.h"

#ifndef false
#define false 0
#endif
#ifndef true
#define true 1
#endif

/* following came from the other byteorder.h to avoid include conflicts */
#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))

/* produce a md4 message digest from data of length n bytes */
int
mdfour(unsigned char *md4_hash, unsigned char *link_str, int link_len)
{
	int rc;
	unsigned int size;
	struct crypto_shash *md4;
	struct sdesc *sdescmd4;

	md4 = crypto_alloc_shash("md4", 0, 0);
	if (IS_ERR(md4)) {
		rc = PTR_ERR(md4);
		cERROR(1, "%s: Crypto md4 allocation error %d\n", __func__, rc);
		return rc;
	}
	size = sizeof(struct shash_desc) + crypto_shash_descsize(md4);
	sdescmd4 = kmalloc(size, GFP_KERNEL);
	if (!sdescmd4) {
		rc = -ENOMEM;
		cERROR(1, "%s: Memory allocation failure\n", __func__);
		goto mdfour_err;
	}
	sdescmd4->shash.tfm = md4;
	sdescmd4->shash.flags = 0x0;

	rc = crypto_shash_init(&sdescmd4->shash);
	if (rc) {
		cERROR(1, "%s: Could not init md4 shash\n", __func__);
		goto mdfour_err;
	}
	crypto_shash_update(&sdescmd4->shash, link_str, link_len);
	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);

mdfour_err:
	crypto_free_shash(md4);
	kfree(sdescmd4);

	return rc;
}

/* Does the des encryption from the NT or LM MD4 hash. */
static void
SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
	      unsigned char p24[24])
{
	unsigned char p21[21];

	memset(p21, '\0', 21);

	memcpy(p21, passwd, 16);
	E_P24(p21, c8, p24);
}

/*
   This implements the X/Open SMB password encryption
   It takes a password, a 8 byte "crypt key" and puts 24 bytes of
   encrypted password into p24 */
/* Note that password must be uppercased and null terminated */
void
SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
{
	unsigned char p14[15], p21[21];

	memset(p21, '\0', 21);
	memset(p14, '\0', 14);
	strncpy((char *) p14, (char *) passwd, 14);

/*	strupper((char *)p14); *//* BB at least uppercase the easy range */
	E_P16(p14, p21);

	SMBOWFencrypt(p21, c8, p24);

	memset(p14, 0, 15);
	memset(p21, 0, 21);
}

/* Routines for Windows NT MD4 Hash functions. */
static int
_my_wcslen(__u16 *str)
{
	int len = 0;
	while (*str++ != 0)
		len++;
	return len;
}

/*
 * Convert a string into an NT UNICODE string.
 * Note that regardless of processor type
 * this must be in intel (little-endian)
 * format.
 */

static int
_my_mbstowcs(__u16 *dst, const unsigned char *src, int len)
{	/* BB not a very good conversion routine - change/fix */
	int i;
	__u16 val;

	for (i = 0; i < len; i++) {
		val = *src;
		SSVAL(dst, 0, val);
		dst++;
		src++;
		if (val == 0)
			break;
	}
	return i;
}

/*
 * Creates the MD4 Hash of the users password in NT UNICODE.
 */

int
E_md4hash(const unsigned char *passwd, unsigned char *p16)
{
	int rc;
	int len;
	__u16 wpwd[129];

	/* Password cannot be longer than 128 characters */
	if (passwd) {
		len = strlen((char *) passwd);
		if (len > 128)
			len = 128;

		/* Password must be converted to NT unicode */
		_my_mbstowcs(wpwd, passwd, len);
	} else
		len = 0;

	wpwd[len] = 0;	/* Ensure string is null terminated */
	/* Calculate length in bytes */
	len = _my_wcslen(wpwd) * sizeof(__u16);

	rc = mdfour(p16, (unsigned char *) wpwd, len);
	memset(wpwd, 0, 129 * 2);

	return rc;
}

#if 0 /* currently unused */
/* Does both the NT and LM owfs of a user's password */
static void
nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
{
	char passwd[514];

	memset(passwd, '\0', 514);
	if (strlen(pwd) < 513)
		strcpy(passwd, pwd);
	else
		memcpy(passwd, pwd, 512);
	/* Calculate the MD4 hash (NT compatible) of the password */
	memset(nt_p16, '\0', 16);
	E_md4hash(passwd, nt_p16);

	/* Mangle the passwords into Lanman format */
	passwd[14] = '\0';
/*	strupper(passwd); */

	/* Calculate the SMB (lanman) hash functions of the password */

	memset(p16, '\0', 16);
	E_P16((unsigned char *) passwd, (unsigned char *) p16);

	/* clear out local copy of user's password (just being paranoid). */
	memset(passwd, '\0', sizeof(passwd));
}
#endif

/* Does the NTLMv2 owfs of a user's password */
#if 0  /* function not needed yet - but will be soon */
static void
ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
		const char *domain_n, unsigned char kr_buf[16],
		const struct nls_table *nls_codepage)
{
	wchar_t *user_u;
	wchar_t *dom_u;
	int user_l, domain_l;
	struct HMACMD5Context ctx;

	/* might as well do one alloc to hold both (user_u and dom_u) */
	user_u = kmalloc(2048 * sizeof(wchar_t), GFP_KERNEL);
	if (user_u == NULL)
		return;
	dom_u = user_u + 1024;

	/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2,
			STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
	   push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2,
			STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */

	/* BB user and domain may need to be uppercased */
	user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
	domain_l = cifs_strtoUCS(dom_u, domain_n, 511, nls_codepage);

	user_l++;		/* trailing null */
	domain_l++;

	hmac_md5_init_limK_to_64(owf, 16, &ctx);
	hmac_md5_update((const unsigned char *) user_u, user_l * 2, &ctx);
	hmac_md5_update((const unsigned char *) dom_u, domain_l * 2, &ctx);
	hmac_md5_final(kr_buf, &ctx);

	kfree(user_u);
}
#endif

/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
#if 0 /* currently unused */
static void
NTLMSSPOWFencrypt(unsigned char passwd[8],
		  unsigned char *ntlmchalresp, unsigned char p24[24])
{
	unsigned char p21[21];

	memset(p21, '\0', 21);
	memcpy(p21, passwd, 8);
	memset(p21 + 8, 0xbd, 8);

	E_P24(p21, ntlmchalresp, p24);
}
#endif

/* Does the NT MD4 hash then des encryption. */
int
SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
{
	int rc;
	unsigned char p21[21];

	memset(p21, '\0', 21);

	rc = E_md4hash(passwd, p21);
	if (rc) {
		cFYI(1, "%s Can't generate NT hash, error: %d", __func__, rc);
		return rc;
	}
	SMBOWFencrypt(p21, c8, p24);
	return rc;
}


/* Does the md5 encryption from the NT hash for NTLMv2. */
/* These routines will be needed later */
#if 0
static void
SMBOWFencrypt_ntv2(const unsigned char kr[16],
		   const struct data_blob *srv_chal,
		   const struct data_blob *cli_chal, unsigned char resp_buf[16])
{
	struct HMACMD5Context ctx;

	hmac_md5_init_limK_to_64(kr, 16, &ctx);
	hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
	hmac_md5_update(cli_chal->data, cli_chal->length, &ctx);
	hmac_md5_final(resp_buf, &ctx);
}

static void
SMBsesskeygen_ntv2(const unsigned char kr[16],
		   const unsigned char *nt_resp, __u8 sess_key[16])
{
	struct HMACMD5Context ctx;

	hmac_md5_init_limK_to_64(kr, 16, &ctx);
	hmac_md5_update(nt_resp, 16, &ctx);
	hmac_md5_final((unsigned char *) sess_key, &ctx);
}

static void
SMBsesskeygen_ntv1(const unsigned char kr[16],
		   const unsigned char *nt_resp, __u8 sess_key[16])
{
	mdfour((unsigned char *) sess_key, (unsigned char *) kr, 16);
}
#endif
Commit	Line	Data
790fe579	1	/*
1da177e4 LT	2	Unix SMB/Netbios implementation.
	3	Version 1.9.
	4	SMB parameters and setup
	5	Copyright (C) Andrew Tridgell 1992-2000
	6	Copyright (C) Luke Kenneth Casson Leighton 1996-2000
	7	Modified by Jeremy Allison 1995.
	8	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
	9	Modified by Steve French (sfrench@us.ibm.com) 2002-2003
50c2f753	10
1da177e4 LT	11	This program is free software; you can redistribute it and/or modify
	12	it under the terms of the GNU General Public License as published by
	13	the Free Software Foundation; either version 2 of the License, or
	14	(at your option) any later version.
50c2f753	15
1da177e4 LT	16	This program is distributed in the hope that it will be useful,
	17	but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	GNU General Public License for more details.
50c2f753	20
1da177e4 LT	21	You should have received a copy of the GNU General Public License
	22	along with this program; if not, write to the Free Software
	23	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	24	*/
	25
	26	#include <linux/module.h>
5a0e3ad6	27	#include <linux/slab.h>
1da177e4 LT	28	#include <linux/fs.h>
	29	#include <linux/string.h>
	30	#include <linux/kernel.h>
	31	#include <linux/random.h>
	32	#include "cifs_unicode.h"
	33	#include "cifspdu.h"
3979877e	34	#include "cifsglob.h"
1da177e4	35	#include "cifs_debug.h"
ee2c9258	36	#include "cifsproto.h"
1da177e4	37
4b18f2a9 SF	38	#ifndef false
4b18f2a9 SF	39	#define false 0
1da177e4	40	#endif
4b18f2a9 SF	41	#ifndef true
4b18f2a9 SF	42	#define true 1
1da177e4 LT	43	#endif
	44
	45	/* following came from the other byteorder.h to avoid include conflicts */
	46	#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
	47	#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
	48	#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((__u16)(val)))
	49
ee2c9258 SP	50	/* produce a md4 message digest from data of length n bytes */
	51	int
	52	mdfour(unsigned char md4_hash, unsigned char link_str, int link_len)
	53	{
	54	int rc;
	55	unsigned int size;
	56	struct crypto_shash *md4;
	57	struct sdesc *sdescmd4;
	58
	59	md4 = crypto_alloc_shash("md4", 0, 0);
	60	if (IS_ERR(md4)) {
ffeb414a	61	rc = PTR_ERR(md4);
ee2c9258	62	cERROR(1, "%s: Crypto md4 allocation error %d\n", __func__, rc);
ffeb414a	63	return rc;
ee2c9258 SP	64	}
	65	size = sizeof(struct shash_desc) + crypto_shash_descsize(md4);
	66	sdescmd4 = kmalloc(size, GFP_KERNEL);
	67	if (!sdescmd4) {
	68	rc = -ENOMEM;
	69	cERROR(1, "%s: Memory allocation failure\n", __func__);
	70	goto mdfour_err;
	71	}
	72	sdescmd4->shash.tfm = md4;
	73	sdescmd4->shash.flags = 0x0;
	74
	75	rc = crypto_shash_init(&sdescmd4->shash);
	76	if (rc) {
	77	cERROR(1, "%s: Could not init md4 shash\n", __func__);
	78	goto mdfour_err;
	79	}
	80	crypto_shash_update(&sdescmd4->shash, link_str, link_len);
	81	rc = crypto_shash_final(&sdescmd4->shash, md4_hash);
1da177e4	82
ee2c9258 SP	83	mdfour_err:
	84	crypto_free_shash(md4);
	85	kfree(sdescmd4);
	86
	87	return rc;
	88	}
	89
	90	/* Does the des encryption from the NT or LM MD4 hash. */
	91	static void
	92	SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
	93	unsigned char p24[24])
	94	{
	95	unsigned char p21[21];
	96
	97	memset(p21, '\0', 21);
	98
	99	memcpy(p21, passwd, 16);
	100	E_P24(p21, c8, p24);
	101	}
1da177e4 LT	102
	103	/*
	104	This implements the X/Open SMB password encryption
790fe579	105	It takes a password, a 8 byte "crypt key" and puts 24 bytes of
1da177e4 LT	106	encrypted password into p24 */
	107	/* Note that password must be uppercased and null terminated */
	108	void
4e53a3fb	109	SMBencrypt(unsigned char passwd, const unsigned char c8, unsigned char *p24)
1da177e4 LT	110	{
	111	unsigned char p14[15], p21[21];
	112
	113	memset(p21, '\0', 21);
	114	memset(p14, '\0', 14);
	115	strncpy((char ) p14, (char ) passwd, 14);
	116
	117	/* strupper((char )p14); //* BB at least uppercase the easy range */
	118	E_P16(p14, p21);
	119
	120	SMBOWFencrypt(p21, c8, p24);
50c2f753	121
790fe579 SF	122	memset(p14, 0, 15);
790fe579 SF	123	memset(p21, 0, 21);
1da177e4 LT	124	}
	125
	126	/* Routines for Windows NT MD4 Hash functions. */
	127	static int
63d2583f	128	_my_wcslen(__u16 *str)
1da177e4 LT	129	{
	130	int len = 0;
	131	while (*str++ != 0)
	132	len++;
	133	return len;
	134	}
	135
	136	/*
	137	* Convert a string into an NT UNICODE string.
790fe579	138	* Note that regardless of processor type
1da177e4 LT	139	* this must be in intel (little-endian)
	140	* format.
	141	*/
	142
	143	static int
63d2583f	144	_my_mbstowcs(__u16 dst, const unsigned char src, int len)
790fe579	145	{ /* BB not a very good conversion routine - change/fix */
1da177e4 LT	146	int i;
	147	__u16 val;
	148
	149	for (i = 0; i < len; i++) {
	150	val = *src;
	151	SSVAL(dst, 0, val);
	152	dst++;
	153	src++;
	154	if (val == 0)
	155	break;
	156	}
	157	return i;
	158	}
	159
790fe579	160	/*
1da177e4 LT	161	* Creates the MD4 Hash of the users password in NT UNICODE.
	162	*/
	163
ee2c9258	164	int
1da177e4 LT	165	E_md4hash(const unsigned char passwd, unsigned char p16)
1da177e4 LT	166	{
ee2c9258	167	int rc;
1da177e4 LT	168	int len;
	169	__u16 wpwd[129];
	170
	171	/* Password cannot be longer than 128 characters */
790fe579	172	if (passwd) {
1da177e4	173	len = strlen((char *) passwd);
63d2583f	174	if (len > 128)
1da177e4	175	len = 128;
63d2583f	176
1da177e4 LT	177	/* Password must be converted to NT unicode */
	178	_my_mbstowcs(wpwd, passwd, len);
	179	} else
	180	len = 0;
	181
	182	wpwd[len] = 0; /* Ensure string is null terminated */
	183	/* Calculate length in bytes */
630f3f0c	184	len = _my_wcslen(wpwd) * sizeof(__u16);
1da177e4	185
ee2c9258	186	rc = mdfour(p16, (unsigned char *) wpwd, len);
790fe579	187	memset(wpwd, 0, 129 * 2);
ee2c9258 SP	188
ee2c9258 SP	189	return rc;
1da177e4 LT	190	}
1da177e4 LT	191
e10847ed	192	#if 0 /* currently unused */
1da177e4	193	/* Does both the NT and LM owfs of a user's password */
2cd646a2	194	static void
1da177e4 LT	195	nt_lm_owf_gen(char *pwd, unsigned char nt_p16[16], unsigned char p16[16])
	196	{
	197	char passwd[514];
	198
	199	memset(passwd, '\0', 514);
	200	if (strlen(pwd) < 513)
	201	strcpy(passwd, pwd);
	202	else
	203	memcpy(passwd, pwd, 512);
	204	/* Calculate the MD4 hash (NT compatible) of the password */
	205	memset(nt_p16, '\0', 16);
	206	E_md4hash(passwd, nt_p16);
	207
	208	/* Mangle the passwords into Lanman format */
	209	passwd[14] = '\0';
	210	/* strupper(passwd); */
	211
	212	/* Calculate the SMB (lanman) hash functions of the password */
	213
	214	memset(p16, '\0', 16);
	215	E_P16((unsigned char ) passwd, (unsigned char ) p16);
	216
	217	/* clear out local copy of user's password (just being paranoid). */
630f3f0c	218	memset(passwd, '\0', sizeof(passwd));
1da177e4	219	}
e10847ed	220	#endif
1da177e4 LT	221
	222	/* Does the NTLMv2 owfs of a user's password */
	223	#if 0 /* function not needed yet - but will be soon */
	224	static void
	225	ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
	226	const char *domain_n, unsigned char kr_buf[16],
	227	const struct nls_table *nls_codepage)
	228	{
50c2f753 SF	229	wchar_t *user_u;
50c2f753 SF	230	wchar_t *dom_u;
1da177e4 LT	231	int user_l, domain_l;
	232	struct HMACMD5Context ctx;
	233
	234	/* might as well do one alloc to hold both (user_u and dom_u) */
790fe579 SF	235	user_u = kmalloc(2048 * sizeof(wchar_t), GFP_KERNEL);
790fe579 SF	236	if (user_u == NULL)
1da177e4 LT	237	return;
1da177e4 LT	238	dom_u = user_u + 1024;
50c2f753	239
63d2583f SF	240	/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2,
	241	STR_UNICODE\|STR_NOALIGN\|STR_TERMINATE\|STR_UPPER);
	242	push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2,
	243	STR_UNICODE\|STR_NOALIGN\|STR_TERMINATE\|STR_UPPER); */
1da177e4 LT	244
	245	/* BB user and domain may need to be uppercased */
	246	user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
	247	domain_l = cifs_strtoUCS(dom_u, domain_n, 511, nls_codepage);
	248
	249	user_l++; /* trailing null */
	250	domain_l++;
	251
	252	hmac_md5_init_limK_to_64(owf, 16, &ctx);
	253	hmac_md5_update((const unsigned char ) user_u, user_l 2, &ctx);
	254	hmac_md5_update((const unsigned char ) dom_u, domain_l 2, &ctx);
	255	hmac_md5_final(kr_buf, &ctx);
	256
	257	kfree(user_u);
	258	}
790fe579	259	#endif
1da177e4	260
1da177e4	261	/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
e10847ed	262	#if 0 /* currently unused */
2cd646a2	263	static void
1da177e4 LT	264	NTLMSSPOWFencrypt(unsigned char passwd[8],
	265	unsigned char *ntlmchalresp, unsigned char p24[24])
	266	{
	267	unsigned char p21[21];
	268
	269	memset(p21, '\0', 21);
	270	memcpy(p21, passwd, 8);
	271	memset(p21 + 8, 0xbd, 8);
	272
	273	E_P24(p21, ntlmchalresp, p24);
	274	}
e10847ed	275	#endif
1da177e4 LT	276
1da177e4 LT	277	/* Does the NT MD4 hash then des encryption. */
ee2c9258	278	int
1da177e4 LT	279	SMBNTencrypt(unsigned char passwd, unsigned char c8, unsigned char *p24)
1da177e4 LT	280	{
ee2c9258	281	int rc;
1da177e4 LT	282	unsigned char p21[21];
	283
	284	memset(p21, '\0', 21);
	285
ee2c9258 SP	286	rc = E_md4hash(passwd, p21);
	287	if (rc) {
	288	cFYI(1, "%s Can't generate NT hash, error: %d", __func__, rc);
	289	return rc;
	290	}
1da177e4	291	SMBOWFencrypt(p21, c8, p24);
ee2c9258	292	return rc;
1da177e4 LT	293	}
	294
	295
	296	/* Does the md5 encryption from the NT hash for NTLMv2. */
	297	/* These routines will be needed later */
	298	#if 0
	299	static void
	300	SMBOWFencrypt_ntv2(const unsigned char kr[16],
790fe579 SF	301	const struct data_blob *srv_chal,
790fe579 SF	302	const struct data_blob *cli_chal, unsigned char resp_buf[16])
1da177e4	303	{
790fe579	304	struct HMACMD5Context ctx;
1da177e4	305
790fe579 SF	306	hmac_md5_init_limK_to_64(kr, 16, &ctx);
	307	hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
	308	hmac_md5_update(cli_chal->data, cli_chal->length, &ctx);
	309	hmac_md5_final(resp_buf, &ctx);
1da177e4 LT	310	}
	311
	312	static void
	313	SMBsesskeygen_ntv2(const unsigned char kr[16],
	314	const unsigned char *nt_resp, __u8 sess_key[16])
	315	{
	316	struct HMACMD5Context ctx;
	317
	318	hmac_md5_init_limK_to_64(kr, 16, &ctx);
	319	hmac_md5_update(nt_resp, 16, &ctx);
	320	hmac_md5_final((unsigned char *) sess_key, &ctx);
	321	}
	322
	323	static void
	324	SMBsesskeygen_ntv1(const unsigned char kr[16],
	325	const unsigned char *nt_resp, __u8 sess_key[16])
	326	{
	327	mdfour((unsigned char ) sess_key, (unsigned char ) kr, 16);
	328	}
	329	#endif