aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsencrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
-rw-r--r--fs/cifs/cifsencrypt.c110
1 files changed, 89 insertions, 21 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 5a0ee7f2af06..259991bd2112 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -52,19 +52,29 @@ static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
52 52
53 rc = crypto_shash_init(&server->secmech.sdescmd5->shash); 53 rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
54 if (rc) { 54 if (rc) {
55 cERROR(1, "%s: Oould not init md5\n", __func__); 55 cERROR(1, "%s: Could not init md5\n", __func__);
56 return rc; 56 return rc;
57 } 57 }
58 58
59 crypto_shash_update(&server->secmech.sdescmd5->shash, 59 rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
60 server->session_key.response, server->session_key.len); 60 server->session_key.response, server->session_key.len);
61 if (rc) {
62 cERROR(1, "%s: Could not update with response\n", __func__);
63 return rc;
64 }
61 65
62 crypto_shash_update(&server->secmech.sdescmd5->shash, 66 rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
63 cifs_pdu->Protocol, be32_to_cpu(cifs_pdu->smb_buf_length)); 67 cifs_pdu->Protocol, be32_to_cpu(cifs_pdu->smb_buf_length));
68 if (rc) {
69 cERROR(1, "%s: Could not update with payload\n", __func__);
70 return rc;
71 }
64 72
65 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); 73 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature);
74 if (rc)
75 cERROR(1, "%s: Could not generate md5 hash\n", __func__);
66 76
67 return 0; 77 return rc;
68} 78}
69 79
70/* must be called with server->srv_mutex held */ 80/* must be called with server->srv_mutex held */
@@ -112,12 +122,16 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
112 122
113 rc = crypto_shash_init(&server->secmech.sdescmd5->shash); 123 rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
114 if (rc) { 124 if (rc) {
115 cERROR(1, "%s: Oould not init md5\n", __func__); 125 cERROR(1, "%s: Could not init md5\n", __func__);
116 return rc; 126 return rc;
117 } 127 }
118 128
119 crypto_shash_update(&server->secmech.sdescmd5->shash, 129 rc = crypto_shash_update(&server->secmech.sdescmd5->shash,
120 server->session_key.response, server->session_key.len); 130 server->session_key.response, server->session_key.len);
131 if (rc) {
132 cERROR(1, "%s: Could not update with response\n", __func__);
133 return rc;
134 }
121 135
122 for (i = 0; i < n_vec; i++) { 136 for (i = 0; i < n_vec; i++) {
123 if (iov[i].iov_len == 0) 137 if (iov[i].iov_len == 0)
@@ -131,14 +145,24 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
131 if (i == 0) { 145 if (i == 0) {
132 if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ 146 if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
133 break; /* nothing to sign or corrupt header */ 147 break; /* nothing to sign or corrupt header */
148 rc =
134 crypto_shash_update(&server->secmech.sdescmd5->shash, 149 crypto_shash_update(&server->secmech.sdescmd5->shash,
135 iov[i].iov_base + 4, iov[i].iov_len - 4); 150 iov[i].iov_base + 4, iov[i].iov_len - 4);
136 } else 151 } else {
152 rc =
137 crypto_shash_update(&server->secmech.sdescmd5->shash, 153 crypto_shash_update(&server->secmech.sdescmd5->shash,
138 iov[i].iov_base, iov[i].iov_len); 154 iov[i].iov_base, iov[i].iov_len);
155 }
156 if (rc) {
157 cERROR(1, "%s: Could not update with payload\n",
158 __func__);
159 return rc;
160 }
139 } 161 }
140 162
141 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature); 163 rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature);
164 if (rc)
165 cERROR(1, "%s: Could not generate md5 hash\n", __func__);
142 166
143 return rc; 167 return rc;
144} 168}
@@ -463,8 +487,12 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
463 /* calculate md4 hash of password */ 487 /* calculate md4 hash of password */
464 E_md4hash(ses->password, nt_hash); 488 E_md4hash(ses->password, nt_hash);
465 489
466 crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash, 490 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, nt_hash,
467 CIFS_NTHASH_SIZE); 491 CIFS_NTHASH_SIZE);
492 if (rc) {
493 cERROR(1, "%s: Could not set NT Hash as a key", __func__);
494 return rc;
495 }
468 496
469 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 497 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
470 if (rc) { 498 if (rc) {
@@ -478,13 +506,18 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
478 if (user == NULL) { 506 if (user == NULL) {
479 cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n"); 507 cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
480 rc = -ENOMEM; 508 rc = -ENOMEM;
481 goto calc_exit_2; 509 return rc;
482 } 510 }
483 len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp); 511 len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp);
484 UniStrupr(user); 512 UniStrupr(user);
485 513
486 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 514 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
487 (char *)user, 2 * len); 515 (char *)user, 2 * len);
516 kfree(user);
517 if (rc) {
518 cERROR(1, "%s: Could not update with user\n", __func__);
519 return rc;
520 }
488 521
489 /* convert ses->domainName to unicode and uppercase */ 522 /* convert ses->domainName to unicode and uppercase */
490 if (ses->domainName) { 523 if (ses->domainName) {
@@ -494,13 +527,19 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
494 if (domain == NULL) { 527 if (domain == NULL) {
495 cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure"); 528 cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure");
496 rc = -ENOMEM; 529 rc = -ENOMEM;
497 goto calc_exit_1; 530 return rc;
498 } 531 }
499 len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len, 532 len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len,
500 nls_cp); 533 nls_cp);
534 rc =
501 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 535 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
502 (char *)domain, 2 * len); 536 (char *)domain, 2 * len);
503 kfree(domain); 537 kfree(domain);
538 if (rc) {
539 cERROR(1, "%s: Could not update with domain\n",
540 __func__);
541 return rc;
542 }
504 } else if (ses->serverName) { 543 } else if (ses->serverName) {
505 len = strlen(ses->serverName); 544 len = strlen(ses->serverName);
506 545
@@ -508,21 +547,26 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
508 if (server == NULL) { 547 if (server == NULL) {
509 cERROR(1, "calc_ntlmv2_hash: server mem alloc failure"); 548 cERROR(1, "calc_ntlmv2_hash: server mem alloc failure");
510 rc = -ENOMEM; 549 rc = -ENOMEM;
511 goto calc_exit_1; 550 return rc;
512 } 551 }
513 len = cifs_strtoUCS((__le16 *)server, ses->serverName, len, 552 len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,
514 nls_cp); 553 nls_cp);
554 rc =
515 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 555 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
516 (char *)server, 2 * len); 556 (char *)server, 2 * len);
517 kfree(server); 557 kfree(server);
558 if (rc) {
559 cERROR(1, "%s: Could not update with server\n",
560 __func__);
561 return rc;
562 }
518 } 563 }
519 564
520 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 565 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
521 ntlmv2_hash); 566 ntlmv2_hash);
567 if (rc)
568 cERROR(1, "%s: Could not generate md5 hash\n", __func__);
522 569
523calc_exit_1:
524 kfree(user);
525calc_exit_2:
526 return rc; 570 return rc;
527} 571}
528 572
@@ -537,8 +581,12 @@ CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash)
537 return -1; 581 return -1;
538 } 582 }
539 583
540 crypto_shash_setkey(ses->server->secmech.hmacmd5, 584 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
541 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); 585 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
586 if (rc) {
587 cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__);
588 return rc;
589 }
542 590
543 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 591 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
544 if (rc) { 592 if (rc) {
@@ -552,11 +600,17 @@ CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash)
552 else 600 else
553 memcpy(ses->auth_key.response + offset, 601 memcpy(ses->auth_key.response + offset,
554 ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); 602 ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
555 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 603 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
556 ses->auth_key.response + offset, ses->auth_key.len - offset); 604 ses->auth_key.response + offset, ses->auth_key.len - offset);
605 if (rc) {
606 cERROR(1, "%s: Could not update with response\n", __func__);
607 return rc;
608 }
557 609
558 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 610 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
559 ses->auth_key.response + CIFS_SESS_KEY_SIZE); 611 ses->auth_key.response + CIFS_SESS_KEY_SIZE);
612 if (rc)
613 cERROR(1, "%s: Could not generate md5 hash\n", __func__);
560 614
561 return rc; 615 return rc;
562} 616}
@@ -626,8 +680,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
626 } 680 }
627 681
628 /* now calculate the session key for NTLMv2 */ 682 /* now calculate the session key for NTLMv2 */
629 crypto_shash_setkey(ses->server->secmech.hmacmd5, 683 rc = crypto_shash_setkey(ses->server->secmech.hmacmd5,
630 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); 684 ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
685 if (rc) {
686 cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__);
687 goto setup_ntlmv2_rsp_ret;
688 }
631 689
632 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash); 690 rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
633 if (rc) { 691 if (rc) {
@@ -635,12 +693,18 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
635 goto setup_ntlmv2_rsp_ret; 693 goto setup_ntlmv2_rsp_ret;
636 } 694 }
637 695
638 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 696 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
639 ses->auth_key.response + CIFS_SESS_KEY_SIZE, 697 ses->auth_key.response + CIFS_SESS_KEY_SIZE,
640 CIFS_HMAC_MD5_HASH_SIZE); 698 CIFS_HMAC_MD5_HASH_SIZE);
699 if (rc) {
700 cERROR(1, "%s: Could not update with response\n", __func__);
701 goto setup_ntlmv2_rsp_ret;
702 }
641 703
642 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, 704 rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
643 ses->auth_key.response); 705 ses->auth_key.response);
706 if (rc)
707 cERROR(1, "%s: Could not generate md5 hash\n", __func__);
644 708
645setup_ntlmv2_rsp_ret: 709setup_ntlmv2_rsp_ret:
646 kfree(tiblob); 710 kfree(tiblob);
@@ -668,8 +732,12 @@ calc_seckey(struct cifs_ses *ses)
668 732
669 desc.tfm = tfm_arc4; 733 desc.tfm = tfm_arc4;
670 734
671 crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response, 735 rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response,
672 CIFS_SESS_KEY_SIZE); 736 CIFS_SESS_KEY_SIZE);
737 if (rc) {
738 cERROR(1, "%s: Could not set response as a key", __func__);
739 return rc;
740 }
673 741
674 sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); 742 sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
675 sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); 743 sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
@@ -688,7 +756,7 @@ calc_seckey(struct cifs_ses *ses)
688 756
689 crypto_free_blkcipher(tfm_arc4); 757 crypto_free_blkcipher(tfm_arc4);
690 758
691 return 0; 759 return rc;
692} 760}
693 761
694void 762void
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-18 07:04:01 -0500