search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r5555: current with 3.0 tree as of r5548; getting ready for 3.0.12pre1
[Samba.git] / source / libsmb / ntlmssp_sign.c
blobb8105970762f4ce2617f3189879c48fa638204aa
1 /*
2 * Unix SMB/CIFS implementation.
3 * Version 3.0
4 * NTLMSSP Signing routines
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-2001
6 * Copyright (C) Andrew Bartlett 2003
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software Foundation,
20 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 */
22
23 #include "includes.h"
24
25 #define CLI_SIGN "session key to client-to-server signing key magic constant"
26 #define CLI_SEAL "session key to client-to-server sealing key magic constant"
27 #define SRV_SIGN "session key to server-to-client signing key magic constant"
28 #define SRV_SEAL "session key to server-to-client sealing key magic constant"
29
30 static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
31 {
32 unsigned char index_i = hash[256];
33 unsigned char index_j = hash[257];
34 int ind;
35
36 for (ind = 0; ind < len; ind++)
37 {
38 unsigned char tc;
39 unsigned char t;
40
41 index_i++;
42 index_j += hash[index_i];
43
44 tc = hash[index_i];
45 hash[index_i] = hash[index_j];
46 hash[index_j] = tc;
47
48 t = hash[index_i] + hash[index_j];
49 data[ind] = data[ind] ^ hash[t];
50 }
51
52 hash[256] = index_i;
53 hash[257] = index_j;
54 }
55
56 static void calc_hash(unsigned char hash[258], unsigned char *k2, int k2l)
57 {
58 unsigned char j = 0;
59 int ind;
60
61 for (ind = 0; ind < 256; ind++)
62 {
63 hash[ind] = (unsigned char)ind;
64 }
65
66 for (ind = 0; ind < 256; ind++)
67 {
68 unsigned char tc;
69
70 j += (hash[ind] + k2[ind%k2l]);
71
72 tc = hash[ind];
73 hash[ind] = hash[j];
74 hash[j] = tc;
75 }
76
77 hash[256] = 0;
78 hash[257] = 0;
79 }
80
81 static void calc_ntlmv2_hash(unsigned char hash[258], unsigned char digest[16],
82 DATA_BLOB session_key,
83 const char *constant)
84 {
85 struct MD5Context ctx3;
86
87 /* NOTE: This code is currently complate fantasy - it's
88 got more in common with reality than the previous code
89 (the LM session key is not the right thing to use) but
90 it still needs work */
91
92 MD5Init(&ctx3);
93 MD5Update(&ctx3, session_key.data, session_key.length);
94 MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant)+1);
95 MD5Final(digest, &ctx3);
96
97 calc_hash(hash, digest, 16);
98 }
99
100 enum ntlmssp_direction {
101 NTLMSSP_SEND,
102 NTLMSSP_RECEIVE
103 };
104
105 static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
106 const uchar *data, size_t length,
107 enum ntlmssp_direction direction,
108 DATA_BLOB *sig)
109 {
110 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
111 HMACMD5Context ctx;
112 uchar seq_num[4];
113 uchar digest[16];
114 SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
115
116 hmac_md5_init_limK_to_64((const unsigned char *)(ntlmssp_state->send_sign_const), 16, &ctx);
117 hmac_md5_update(seq_num, 4, &ctx);
118 hmac_md5_update(data, length, &ctx);
119 hmac_md5_final(digest, &ctx);
120
121 if (!msrpc_gen(sig, "dBd", NTLMSSP_SIGN_VERSION, digest, 8 /* only copy first 8 bytes */
122 , ntlmssp_state->ntlmssp_seq_num)) {
123 return NT_STATUS_NO_MEMORY;
124 }
125
126 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
127 switch (direction) {
128 case NTLMSSP_SEND:
129 NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash, sig->data+4, sig->length-4);
130 break;
131 case NTLMSSP_RECEIVE:
132 NTLMSSPcalc_ap(ntlmssp_state->recv_sign_hash, sig->data+4, sig->length-4);
133 break;
134 }
135 }
136 } else {
137 uint32 crc;
138 crc = crc32_calc_buffer((const char *)data, length);
139 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
140 return NT_STATUS_NO_MEMORY;
141 }
142
143 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
144 sizeof(ntlmssp_state->ntlmssp_hash));
145 NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
146 }
147 return NT_STATUS_OK;
148 }
149
150 NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
151 const uchar *data, size_t length,
152 DATA_BLOB *sig)
153 {
154 NTSTATUS nt_status;
155 if (!ntlmssp_state->session_key.length) {
156 DEBUG(3, ("NO session key, cannot check sign packet\n"));
157 return NT_STATUS_NO_USER_SESSION_KEY;
158 }
159
160 nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
161
162 /* increment counter on send */
163 ntlmssp_state->ntlmssp_seq_num++;
164 return nt_status;
165 }
166
167 /**
168 * Check the signature of an incoming packet
169 * @note caller *must* check that the signature is the size it expects
170 *
171 */
172
173 NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
174 const uchar *data, size_t length,
175 const DATA_BLOB *sig)
176 {
177 DATA_BLOB local_sig;
178 NTSTATUS nt_status;
179
180 if (!ntlmssp_state->session_key.length) {
181 DEBUG(3, ("NO session key, cannot check packet signature\n"));
182 return NT_STATUS_NO_USER_SESSION_KEY;
183 }
184
185 if (sig->length < 8) {
186 DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n",
187 (unsigned long)sig->length));
188 }
189
190 nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data,
191 length, NTLMSSP_RECEIVE, &local_sig);
192
193 if (!NT_STATUS_IS_OK(nt_status)) {
194 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
195 return nt_status;
196 }
197
198 if (memcmp(sig->data+sig->length - 8, local_sig.data+local_sig.length - 8, 8) != 0) {
199 DEBUG(5, ("BAD SIG: wanted signature of\n"));
200 dump_data(5, (const char *)local_sig.data, local_sig.length);
201
202 DEBUG(5, ("BAD SIG: got signature of\n"));
203 dump_data(5, (const char *)(sig->data), sig->length);
204
205 DEBUG(0, ("NTLMSSP packet check failed due to invalid signature!\n"));
206 return NT_STATUS_ACCESS_DENIED;
207 }
208
209 /* increment counter on recieive */
210 ntlmssp_state->ntlmssp_seq_num++;
211
212 return NT_STATUS_OK;
213 }
214
215
216 /**
217 * Seal data with the NTLMSSP algorithm
218 *
219 */
220
221 NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
222 uchar *data, size_t length,
223 DATA_BLOB *sig)
224 {
225 if (!ntlmssp_state->session_key.length) {
226 DEBUG(3, ("NO session key, cannot seal packet\n"));
227 return NT_STATUS_NO_USER_SESSION_KEY;
228 }
229
230 DEBUG(10,("ntlmssp_seal_data: seal\n"));
231 dump_data_pw("ntlmssp clear data\n", data, length);
232 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
233 HMACMD5Context ctx;
234 char seq_num[4];
235 uchar digest[16];
236 SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
237
238 hmac_md5_init_limK_to_64((const unsigned char *)(ntlmssp_state->send_sign_const), 16, &ctx);
239 hmac_md5_update((const unsigned char *)seq_num, 4, &ctx);
240 hmac_md5_update(data, length, &ctx);
241 hmac_md5_final(digest, &ctx);
242
243 if (!msrpc_gen(sig, "dBd", NTLMSSP_SIGN_VERSION, digest, 8 /* only copy first 8 bytes */
244 , ntlmssp_state->ntlmssp_seq_num)) {
245 return NT_STATUS_NO_MEMORY;
246 }
247
248 dump_data_pw("ntlmssp client sealing hash:\n",
249 ntlmssp_state->send_seal_hash,
250 sizeof(ntlmssp_state->send_seal_hash));
251 NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, data, length);
252 dump_data_pw("ntlmssp client signing hash:\n",
253 ntlmssp_state->send_sign_hash,
254 sizeof(ntlmssp_state->send_sign_hash));
255 NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash, sig->data+4, sig->length-4);
256 } else {
257 uint32 crc;
258 crc = crc32_calc_buffer((const char *)data, length);
259 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
260 return NT_STATUS_NO_MEMORY;
261 }
262
263 /* The order of these two operations matters - we must first seal the packet,
264 then seal the sequence number - this is becouse the ntlmssp_hash is not
265 constant, but is is rather updated with each iteration */
266
267 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
268 sizeof(ntlmssp_state->ntlmssp_hash));
269 NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length);
270
271 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
272 sizeof(ntlmssp_state->ntlmssp_hash));
273 NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
274 }
275 dump_data_pw("ntlmssp sealed data\n", data, length);
276
277 /* increment counter on send */
278 ntlmssp_state->ntlmssp_seq_num++;
279
280 return NT_STATUS_OK;
281 }
282
283 /**
284 * Unseal data with the NTLMSSP algorithm
285 *
286 */
287
288 NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
289 uchar *data, size_t length,
290 DATA_BLOB *sig)
291 {
292 if (!ntlmssp_state->session_key.length) {
293 DEBUG(3, ("NO session key, cannot unseal packet\n"));
294 return NT_STATUS_NO_USER_SESSION_KEY;
295 }
296
297 DEBUG(10,("ntlmssp__unseal_data: seal\n"));
298 dump_data_pw("ntlmssp sealed data\n", data, length);
299 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
300 NTLMSSPcalc_ap(ntlmssp_state->recv_seal_hash, data, length);
301 } else {
302 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
303 sizeof(ntlmssp_state->ntlmssp_hash));
304 NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length);
305 }
306 dump_data_pw("ntlmssp clear data\n", data, length);
307
308 return ntlmssp_check_packet(ntlmssp_state, data, length, sig);
309 }
310
311 /**
312 Initialise the state for NTLMSSP signing.
313 */
314 NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
315 {
316 unsigned char p24[24];
317 ZERO_STRUCT(p24);
318
319 DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
320 debug_ntlmssp_flags(ntlmssp_state->neg_flags);
321
322 if (!ntlmssp_state->session_key.length) {
323 DEBUG(3, ("NO session key, cannot intialise signing\n"));
324 return NT_STATUS_NO_USER_SESSION_KEY;
325 }
326
327 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
328 {
329 const char *send_sign_const;
330 const char *send_seal_const;
331 const char *recv_sign_const;
332 const char *recv_seal_const;
333
334 switch (ntlmssp_state->role) {
335 case NTLMSSP_CLIENT:
336 send_sign_const = CLI_SIGN;
337 send_seal_const = CLI_SEAL;
338 recv_sign_const = SRV_SIGN;
339 recv_seal_const = SRV_SEAL;
340 break;
341 case NTLMSSP_SERVER:
342 send_sign_const = SRV_SIGN;
343 send_seal_const = SRV_SEAL;
344 recv_sign_const = CLI_SIGN;
345 recv_seal_const = CLI_SEAL;
346 break;
347 default:
348 send_sign_const = "unknown role";
349 send_seal_const = "unknown role";
350 recv_sign_const = "unknown role";
351 recv_seal_const = "unknown role";
352 break;
353 }
354
355 calc_ntlmv2_hash(ntlmssp_state->send_sign_hash,
356 ntlmssp_state->send_sign_const,
357 ntlmssp_state->session_key, send_sign_const);
358 dump_data_pw("NTLMSSP send sign hash:\n",
359 ntlmssp_state->send_sign_hash,
360 sizeof(ntlmssp_state->send_sign_hash));
361
362 calc_ntlmv2_hash(ntlmssp_state->send_seal_hash,
363 ntlmssp_state->send_seal_const,
364 ntlmssp_state->session_key, send_seal_const);
365 dump_data_pw("NTLMSSP send sesl hash:\n",
366 ntlmssp_state->send_seal_hash,
367 sizeof(ntlmssp_state->send_seal_hash));
368
369 calc_ntlmv2_hash(ntlmssp_state->recv_sign_hash,
370 ntlmssp_state->recv_sign_const,
371 ntlmssp_state->session_key, recv_sign_const);
372 dump_data_pw("NTLMSSP receive sign hash:\n",
373 ntlmssp_state->recv_sign_hash,
374 sizeof(ntlmssp_state->recv_sign_hash));
375
376 calc_ntlmv2_hash(ntlmssp_state->recv_seal_hash,
377 ntlmssp_state->recv_seal_const,
378 ntlmssp_state->session_key, recv_seal_const);
379 dump_data_pw("NTLMSSP receive seal hash:\n",
380 ntlmssp_state->recv_sign_hash,
381 sizeof(ntlmssp_state->recv_sign_hash));
382
383 }
384 else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
385 if (!ntlmssp_state->session_key.data || ntlmssp_state->session_key.length < 8) {
386 /* can't sign or check signatures yet */
387 DEBUG(5, ("NTLMSSP Sign/Seal - cannot use LM KEY yet\n"));
388 return NT_STATUS_UNSUCCESSFUL;
389 }
390
391 DEBUG(5, ("NTLMSSP Sign/Seal - using LM KEY\n"));
392
393 calc_hash(ntlmssp_state->ntlmssp_hash, ntlmssp_state->session_key.data, 8);
394 dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash,
395 sizeof(ntlmssp_state->ntlmssp_hash));
396 } else {
397 if (!ntlmssp_state->session_key.data || ntlmssp_state->session_key.length < 16) {
398 /* can't sign or check signatures yet */
399 DEBUG(5, ("NTLMSSP Sign/Seal - cannot use NT KEY yet\n"));
400 return NT_STATUS_UNSUCCESSFUL;
401 }
402
403 DEBUG(5, ("NTLMSSP Sign/Seal - using NT KEY\n"));
404
405 calc_hash(ntlmssp_state->ntlmssp_hash, ntlmssp_state->session_key.data, 16);
406 dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash,
407 sizeof(ntlmssp_state->ntlmssp_hash));
408 }
409
410 ntlmssp_state->ntlmssp_seq_num = 0;
411
412 return NT_STATUS_OK;
413 }
Samba GIT mirror