2 Unix SMB/CIFS implementation.
4 Copyright (C) Jeremy Allison 2003.
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
6 Copyright (C) Stefan Metzmacher 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "../lib/crypto/md5.h"
24 #include "smb_signing.h"
26 /* Used by the SMB signing functions. */
28 struct smb_signing_state
{
29 /* is signing localy allowed */
32 /* is signing localy desired */
35 /* is signing localy mandatory */
38 /* is signing negotiated by the peer */
41 bool active
; /* Have I ever seen a validly signed packet? */
43 /* mac_key.length > 0 means signing is started */
46 /* the next expected seqnum */
50 void *(*alloc_fn
)(TALLOC_CTX
*mem_ctx
, size_t len
);
51 void (*free_fn
)(TALLOC_CTX
*mem_ctx
, void *ptr
);
54 static void smb_signing_reset_info(struct smb_signing_state
*si
)
60 si
->free_fn(si
->mem_ctx
, si
->mac_key
.data
);
62 talloc_free(si
->mac_key
.data
);
64 si
->mac_key
.data
= NULL
;
65 si
->mac_key
.length
= 0;
68 struct smb_signing_state
*smb_signing_init_ex(TALLOC_CTX
*mem_ctx
,
72 void *(*alloc_fn
)(TALLOC_CTX
*, size_t),
73 void (*free_fn
)(TALLOC_CTX
*, void *))
75 struct smb_signing_state
*si
;
78 void *p
= alloc_fn(mem_ctx
, sizeof(struct smb_signing_state
));
82 memset(p
, 0, sizeof(struct smb_signing_state
));
83 si
= (struct smb_signing_state
*)p
;
84 si
->mem_ctx
= mem_ctx
;
85 si
->alloc_fn
= alloc_fn
;
86 si
->free_fn
= free_fn
;
88 si
= talloc_zero(mem_ctx
, struct smb_signing_state
);
102 si
->allowed
= allowed
;
103 si
->desired
= desired
;
104 si
->mandatory
= mandatory
;
109 struct smb_signing_state
*smb_signing_init(TALLOC_CTX
*mem_ctx
,
114 return smb_signing_init_ex(mem_ctx
, allowed
, desired
, mandatory
,
118 static bool smb_signing_good(struct smb_signing_state
*si
,
119 bool good
, uint32_t seq
)
128 if (!si
->mandatory
&& !si
->active
) {
129 /* Non-mandatory signing - just turn off if this is the first bad packet.. */
130 DEBUG(5, ("smb_signing_good: signing negotiated but not required and peer\n"
131 "isn't sending correct signatures. Turning off.\n"));
132 smb_signing_reset_info(si
);
136 /* Mandatory signing or bad packet after signing started - fail and disconnect. */
137 DEBUG(0, ("smb_signing_good: BAD SIG: seq %u\n", (unsigned int)seq
));
141 static void smb_signing_md5(const DATA_BLOB
*mac_key
,
142 const uint8_t *buf
, uint32_t seq_number
,
143 uint8_t calc_md5_mac
[16])
145 const size_t offset_end_of_sig
= (NBT_HDR_SIZE
+ HDR_SS_FIELD
+ 8);
146 uint8_t sequence_buf
[8];
147 struct MD5Context md5_ctx
;
150 * Firstly put the sequence number into the first 4 bytes.
151 * and zero out the next 4 bytes.
153 * We do this here, to avoid modifying the packet.
156 DEBUG(10,("smb_signing_md5: sequence number %u\n", seq_number
));
158 SIVAL(sequence_buf
, 0, seq_number
);
159 SIVAL(sequence_buf
, 4, 0);
161 /* Calculate the 16 byte MAC - but don't alter the data in the
164 This makes for a bit of fussing about, but it's not too bad.
168 /* intialise with the key */
169 MD5Update(&md5_ctx
, mac_key
->data
, mac_key
->length
);
171 /* copy in the first bit of the SMB header */
172 MD5Update(&md5_ctx
, buf
+ NBT_HDR_SIZE
, HDR_SS_FIELD
);
174 /* copy in the sequence number, instead of the signature */
175 MD5Update(&md5_ctx
, sequence_buf
, sizeof(sequence_buf
));
177 /* copy in the rest of the packet in, skipping the signature */
178 MD5Update(&md5_ctx
, buf
+ offset_end_of_sig
,
179 smb_len_nbt(buf
) - (offset_end_of_sig
- 4));
181 /* calculate the MD5 sig */
182 MD5Final(calc_md5_mac
, &md5_ctx
);
185 uint32_t smb_signing_next_seqnum(struct smb_signing_state
*si
, bool oneway
)
189 if (si
->mac_key
.length
== 0) {
203 void smb_signing_cancel_reply(struct smb_signing_state
*si
, bool oneway
)
205 if (si
->mac_key
.length
== 0) {
216 void smb_signing_sign_pdu(struct smb_signing_state
*si
,
217 uint8_t *outbuf
, uint32_t seqnum
)
219 uint8_t calc_md5_mac
[16];
223 if (si
->mac_key
.length
== 0) {
224 if (!si
->negotiated
) {
229 /* JRA Paranioa test - we should be able to get rid of this... */
230 if (smb_len_nbt(outbuf
) < (HDR_SS_FIELD
+ 8)) {
231 DEBUG(1,("smb_signing_sign_pdu: Logic error. "
232 "Can't check signature on short packet! smb_len = %u\n",
233 smb_len_nbt(outbuf
)));
237 com
= SVAL(outbuf
,smb_com
);
238 flags
= SVAL(outbuf
,smb_flg
);
240 if (!(flags
& FLAG_REPLY
)) {
241 uint16_t flags2
= SVAL(outbuf
,smb_flg2
);
243 * If this is a request, specify what is
244 * supported or required by the client
246 if (si
->negotiated
&& si
->desired
) {
247 flags2
|= FLAGS2_SMB_SECURITY_SIGNATURES
;
249 if (si
->negotiated
&& si
->mandatory
) {
250 flags2
|= FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
;
252 SSVAL(outbuf
, smb_flg2
, flags2
);
255 if (si
->mac_key
.length
== 0) {
256 /* I wonder what BSRSPYL stands for - but this is what MS
258 if (com
== SMBsesssetupX
) {
259 memcpy(calc_md5_mac
, "BSRSPYL ", 8);
261 memset(calc_md5_mac
, 0, 8);
264 smb_signing_md5(&si
->mac_key
, outbuf
,
265 seqnum
, calc_md5_mac
);
268 DEBUG(10, ("smb_signing_sign_pdu: sent SMB signature of\n"));
269 dump_data(10, calc_md5_mac
, 8);
271 memcpy(&outbuf
[NBT_HDR_SIZE
+HDR_SS_FIELD
], calc_md5_mac
, 8);
273 /* outbuf[NBT_HDR_SIZE+HDR_SS_FIELD+2]=0;
274 Uncomment this to test if the remote server actually verifies signatures...*/
277 bool smb_signing_check_pdu(struct smb_signing_state
*si
,
278 const uint8_t *inbuf
, uint32_t seqnum
)
281 uint8_t calc_md5_mac
[16];
282 const uint8_t *reply_sent_mac
;
284 if (si
->mac_key
.length
== 0) {
288 if (smb_len_nbt(inbuf
) < (HDR_SS_FIELD
+ 8)) {
289 DEBUG(1,("smb_signing_check_pdu: Can't check signature "
290 "on short packet! smb_len = %u\n",
291 smb_len_nbt(inbuf
)));
295 smb_signing_md5(&si
->mac_key
, inbuf
,
296 seqnum
, calc_md5_mac
);
298 reply_sent_mac
= &inbuf
[NBT_HDR_SIZE
+HDR_SS_FIELD
];
299 good
= (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0);
303 const int sign_range
= 5;
305 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: wanted SMB signature of\n"));
306 dump_data(5, calc_md5_mac
, 8);
308 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: got SMB signature of\n"));
309 dump_data(5, reply_sent_mac
, 8);
311 for (i
= -sign_range
; i
< sign_range
; i
++) {
312 smb_signing_md5(&si
->mac_key
, inbuf
,
313 seqnum
+i
, calc_md5_mac
);
314 if (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0) {
315 DEBUG(0,("smb_signing_check_pdu: "
316 "out of seq. seq num %u matches. "
317 "We were expecting seq %u\n",
318 (unsigned int)seqnum
+i
,
319 (unsigned int)seqnum
));
324 DEBUG(10, ("smb_signing_check_pdu: seq %u: "
325 "got good SMB signature of\n",
326 (unsigned int)seqnum
));
327 dump_data(10, reply_sent_mac
, 8);
330 return smb_signing_good(si
, good
, seqnum
);
333 bool smb_signing_activate(struct smb_signing_state
*si
,
334 const DATA_BLOB user_session_key
,
335 const DATA_BLOB response
)
340 if (!user_session_key
.length
) {
344 if (!si
->negotiated
) {
352 if (si
->mac_key
.length
> 0) {
356 smb_signing_reset_info(si
);
358 len
= response
.length
+ user_session_key
.length
;
360 si
->mac_key
.data
= (uint8_t *)si
->alloc_fn(si
->mem_ctx
, len
);
361 if (si
->mac_key
.data
== NULL
) {
365 si
->mac_key
.data
= (uint8_t *)talloc_size(si
, len
);
366 if (si
->mac_key
.data
== NULL
) {
370 si
->mac_key
.length
= len
;
373 memcpy(&si
->mac_key
.data
[ofs
], user_session_key
.data
, user_session_key
.length
);
375 DEBUG(10, ("smb_signing_activate: user_session_key\n"));
376 dump_data(10, user_session_key
.data
, user_session_key
.length
);
378 if (response
.length
) {
379 ofs
= user_session_key
.length
;
380 memcpy(&si
->mac_key
.data
[ofs
], response
.data
, response
.length
);
381 DEBUG(10, ("smb_signing_activate: response_data\n"));
382 dump_data(10, response
.data
, response
.length
);
384 DEBUG(10, ("smb_signing_activate: NULL response_data\n"));
387 dump_data_pw("smb_signing_activate: mac key is:\n",
388 si
->mac_key
.data
, si
->mac_key
.length
);
390 /* Initialise the sequence number */
396 bool smb_signing_is_active(struct smb_signing_state
*si
)
401 bool smb_signing_is_allowed(struct smb_signing_state
*si
)
406 bool smb_signing_is_mandatory(struct smb_signing_state
*si
)
408 return si
->mandatory
;
411 bool smb_signing_set_negotiated(struct smb_signing_state
*si
,
412 bool allowed
, bool mandatory
)
418 if (!si
->allowed
&& mandatory
) {
422 if (si
->mandatory
&& !allowed
) {
427 si
->negotiated
= true;
432 si
->negotiated
= true;
437 si
->negotiated
= false;
441 if (si
->desired
&& allowed
) {
442 si
->negotiated
= true;
446 si
->negotiated
= false;
450 bool smb_signing_is_negotiated(struct smb_signing_state
*si
)
452 return si
->negotiated
;