2 Unix SMB/CIFS implementation.
4 Copyright (C) Jeremy Allison 2003.
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
6 Copyright (C) Stefan Metzmacher 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "../lib/crypto/md5.h"
25 /* Used by the SMB signing functions. */
27 struct smb_signing_state
{
28 /* is signing localy allowed */
31 /* is signing localy mandatory */
34 /* is signing negotiated by the peer */
37 /* send BSRSPYL signatures */
40 bool active
; /* Have I ever seen a validly signed packet? */
42 /* mac_key.length > 0 means signing is started */
45 /* the next expected seqnum */
49 void *(*alloc_fn
)(TALLOC_CTX
*mem_ctx
, size_t len
);
50 void (*free_fn
)(TALLOC_CTX
*mem_ctx
, void *ptr
);
53 static void smb_signing_reset_info(struct smb_signing_state
*si
)
60 si
->free_fn(si
->mem_ctx
, si
->mac_key
.data
);
62 talloc_free(si
->mac_key
.data
);
64 si
->mac_key
.data
= NULL
;
65 si
->mac_key
.length
= 0;
68 struct smb_signing_state
*smb_signing_init_ex(TALLOC_CTX
*mem_ctx
,
71 void *(*alloc_fn
)(TALLOC_CTX
*, size_t),
72 void (*free_fn
)(TALLOC_CTX
*, void *))
74 struct smb_signing_state
*si
;
77 void *p
= alloc_fn(mem_ctx
, sizeof(struct smb_signing_state
));
81 memset(p
, 0, sizeof(struct smb_signing_state
));
82 si
= (struct smb_signing_state
*)p
;
83 si
->mem_ctx
= mem_ctx
;
84 si
->alloc_fn
= alloc_fn
;
85 si
->free_fn
= free_fn
;
87 si
= talloc_zero(mem_ctx
, struct smb_signing_state
);
97 si
->allowed
= allowed
;
98 si
->mandatory
= mandatory
;
103 struct smb_signing_state
*smb_signing_init(TALLOC_CTX
*mem_ctx
,
107 return smb_signing_init_ex(mem_ctx
, allowed
, mandatory
, NULL
, NULL
);
110 static bool smb_signing_good(struct smb_signing_state
*si
,
111 bool good
, uint32_t seq
)
120 if (!si
->mandatory
&& !si
->active
) {
121 /* Non-mandatory signing - just turn off if this is the first bad packet.. */
122 DEBUG(5, ("smb_signing_good: signing negotiated but not required and peer\n"
123 "isn't sending correct signatures. Turning off.\n"));
124 smb_signing_reset_info(si
);
128 /* Mandatory signing or bad packet after signing started - fail and disconnect. */
129 DEBUG(0, ("smb_signing_good: BAD SIG: seq %u\n", (unsigned int)seq
));
133 static void smb_signing_md5(const DATA_BLOB
*mac_key
,
134 const uint8_t *buf
, uint32_t seq_number
,
135 uint8_t calc_md5_mac
[16])
137 const size_t offset_end_of_sig
= (smb_ss_field
+ 8);
138 uint8_t sequence_buf
[8];
139 struct MD5Context md5_ctx
;
142 * Firstly put the sequence number into the first 4 bytes.
143 * and zero out the next 4 bytes.
145 * We do this here, to avoid modifying the packet.
148 DEBUG(10,("smb_signing_md5: sequence number %u\n", seq_number
));
150 SIVAL(sequence_buf
, 0, seq_number
);
151 SIVAL(sequence_buf
, 4, 0);
153 /* Calculate the 16 byte MAC - but don't alter the data in the
156 This makes for a bit of fussing about, but it's not too bad.
160 /* intialise with the key */
161 MD5Update(&md5_ctx
, mac_key
->data
, mac_key
->length
);
163 /* copy in the first bit of the SMB header */
164 MD5Update(&md5_ctx
, buf
+ 4, smb_ss_field
- 4);
166 /* copy in the sequence number, instead of the signature */
167 MD5Update(&md5_ctx
, sequence_buf
, sizeof(sequence_buf
));
169 /* copy in the rest of the packet in, skipping the signature */
170 MD5Update(&md5_ctx
, buf
+ offset_end_of_sig
,
171 smb_len(buf
) - (offset_end_of_sig
- 4));
173 /* calculate the MD5 sig */
174 MD5Final(calc_md5_mac
, &md5_ctx
);
177 uint32_t smb_signing_next_seqnum(struct smb_signing_state
*si
, bool oneway
)
181 if (si
->mac_key
.length
== 0) {
195 void smb_signing_cancel_reply(struct smb_signing_state
*si
, bool oneway
)
197 if (si
->mac_key
.length
== 0) {
208 void smb_signing_sign_pdu(struct smb_signing_state
*si
,
209 uint8_t *outbuf
, uint32_t seqnum
)
211 uint8_t calc_md5_mac
[16];
214 if (si
->mac_key
.length
== 0) {
220 /* JRA Paranioa test - we should be able to get rid of this... */
221 if (smb_len(outbuf
) < (smb_ss_field
+ 8 - 4)) {
222 DEBUG(1,("smb_signing_sign_pdu: Logic error. "
223 "Can't check signature on short packet! smb_len = %u\n",
228 /* mark the packet as signed - BEFORE we sign it...*/
229 flags2
= SVAL(outbuf
,smb_flg2
);
230 flags2
|= FLAGS2_SMB_SECURITY_SIGNATURES
;
231 SSVAL(outbuf
, smb_flg2
, flags2
);
234 /* I wonder what BSRSPYL stands for - but this is what MS
236 memcpy(calc_md5_mac
, "BSRSPYL ", 8);
238 smb_signing_md5(&si
->mac_key
, outbuf
,
239 seqnum
, calc_md5_mac
);
242 DEBUG(10, ("smb_signing_sign_pdu: sent SMB signature of\n"));
243 dump_data(10, calc_md5_mac
, 8);
245 memcpy(&outbuf
[smb_ss_field
], calc_md5_mac
, 8);
247 /* outbuf[smb_ss_field+2]=0;
248 Uncomment this to test if the remote server actually verifies signatures...*/
251 bool smb_signing_check_pdu(struct smb_signing_state
*si
,
252 const uint8_t *inbuf
, uint32_t seqnum
)
255 uint8_t calc_md5_mac
[16];
256 const uint8_t *reply_sent_mac
;
258 if (si
->mac_key
.length
== 0) {
262 if (smb_len(inbuf
) < (smb_ss_field
+ 8 - 4)) {
263 DEBUG(1,("smb_signing_check_pdu: Can't check signature "
264 "on short packet! smb_len = %u\n",
269 smb_signing_md5(&si
->mac_key
, inbuf
,
270 seqnum
, calc_md5_mac
);
272 reply_sent_mac
= &inbuf
[smb_ss_field
];
273 good
= (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0);
277 const int sign_range
= 5;
279 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: wanted SMB signature of\n"));
280 dump_data(5, calc_md5_mac
, 8);
282 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: got SMB signature of\n"));
283 dump_data(5, reply_sent_mac
, 8);
285 for (i
= -sign_range
; i
< sign_range
; i
++) {
286 smb_signing_md5(&si
->mac_key
, inbuf
,
287 seqnum
+i
, calc_md5_mac
);
288 if (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0) {
289 DEBUG(0,("smb_signing_check_pdu: "
290 "out of seq. seq num %u matches. "
291 "We were expecting seq %u\n",
292 (unsigned int)seqnum
+i
,
293 (unsigned int)seqnum
));
298 DEBUG(10, ("smb_signing_check_pdu: seq %u: "
299 "got good SMB signature of\n",
300 (unsigned int)seqnum
));
301 dump_data(10, reply_sent_mac
, 8);
304 return smb_signing_good(si
, good
, seqnum
);
307 bool smb_signing_set_bsrspyl(struct smb_signing_state
*si
)
309 if (!si
->negotiated
) {
322 bool smb_signing_activate(struct smb_signing_state
*si
,
323 const DATA_BLOB user_session_key
,
324 const DATA_BLOB response
)
329 if (!user_session_key
.length
) {
333 if (!si
->negotiated
) {
341 if (si
->mac_key
.length
> 0) {
345 smb_signing_reset_info(si
);
347 len
= response
.length
+ user_session_key
.length
;
349 si
->mac_key
.data
= (uint8_t *)si
->alloc_fn(si
->mem_ctx
, len
);
350 if (si
->mac_key
.data
== NULL
) {
354 si
->mac_key
.data
= (uint8_t *)talloc_size(si
, len
);
355 if (si
->mac_key
.data
== NULL
) {
359 si
->mac_key
.length
= len
;
362 memcpy(&si
->mac_key
.data
[ofs
], user_session_key
.data
, user_session_key
.length
);
364 DEBUG(10, ("smb_signing_activate: user_session_key\n"));
365 dump_data(10, user_session_key
.data
, user_session_key
.length
);
367 if (response
.length
) {
368 ofs
= user_session_key
.length
;
369 memcpy(&si
->mac_key
.data
[ofs
], response
.data
, response
.length
);
370 DEBUG(10, ("smb_signing_activate: response_data\n"));
371 dump_data(10, response
.data
, response
.length
);
373 DEBUG(10, ("smb_signing_activate: NULL response_data\n"));
376 dump_data_pw("smb_signing_activate: mac key is:\n",
377 si
->mac_key
.data
, si
->mac_key
.length
);
379 /* Initialise the sequence number */
385 bool smb_signing_is_active(struct smb_signing_state
*si
)
390 bool smb_signing_is_allowed(struct smb_signing_state
*si
)
395 bool smb_signing_is_mandatory(struct smb_signing_state
*si
)
397 return si
->mandatory
;
400 bool smb_signing_set_negotiated(struct smb_signing_state
*si
)
406 si
->negotiated
= true;
411 bool smb_signing_is_negotiated(struct smb_signing_state
*si
)
413 return si
->negotiated
;