2 Unix SMB/CIFS implementation.
4 Copyright (C) Jeremy Allison 2003.
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
6 Copyright (C) Stefan Metzmacher 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "../lib/crypto/md5.h"
24 #include "smb_common.h"
25 #include "smb_signing.h"
27 /* Used by the SMB signing functions. */
29 struct smb_signing_state
{
30 /* is signing localy allowed */
33 /* is signing localy desired */
36 /* is signing localy mandatory */
39 /* is signing negotiated by the peer */
42 bool active
; /* Have I ever seen a validly signed packet? */
44 /* mac_key.length > 0 means signing is started */
47 /* the next expected seqnum */
51 void *(*alloc_fn
)(TALLOC_CTX
*mem_ctx
, size_t len
);
52 void (*free_fn
)(TALLOC_CTX
*mem_ctx
, void *ptr
);
55 static void smb_signing_reset_info(struct smb_signing_state
*si
)
61 si
->free_fn(si
->mem_ctx
, si
->mac_key
.data
);
63 talloc_free(si
->mac_key
.data
);
65 si
->mac_key
.data
= NULL
;
66 si
->mac_key
.length
= 0;
69 struct smb_signing_state
*smb_signing_init_ex(TALLOC_CTX
*mem_ctx
,
73 void *(*alloc_fn
)(TALLOC_CTX
*, size_t),
74 void (*free_fn
)(TALLOC_CTX
*, void *))
76 struct smb_signing_state
*si
;
79 void *p
= alloc_fn(mem_ctx
, sizeof(struct smb_signing_state
));
83 memset(p
, 0, sizeof(struct smb_signing_state
));
84 si
= (struct smb_signing_state
*)p
;
85 si
->mem_ctx
= mem_ctx
;
86 si
->alloc_fn
= alloc_fn
;
87 si
->free_fn
= free_fn
;
89 si
= talloc_zero(mem_ctx
, struct smb_signing_state
);
103 si
->allowed
= allowed
;
104 si
->desired
= desired
;
105 si
->mandatory
= mandatory
;
110 struct smb_signing_state
*smb_signing_init(TALLOC_CTX
*mem_ctx
,
115 return smb_signing_init_ex(mem_ctx
, allowed
, desired
, mandatory
,
119 static bool smb_signing_good(struct smb_signing_state
*si
,
120 bool good
, uint32_t seq
)
129 if (!si
->mandatory
&& !si
->active
) {
130 /* Non-mandatory signing - just turn off if this is the first bad packet.. */
131 DEBUG(5, ("smb_signing_good: signing negotiated but not required and peer\n"
132 "isn't sending correct signatures. Turning off.\n"));
133 smb_signing_reset_info(si
);
137 /* Mandatory signing or bad packet after signing started - fail and disconnect. */
138 DEBUG(0, ("smb_signing_good: BAD SIG: seq %u\n", (unsigned int)seq
));
142 static void smb_signing_md5(const DATA_BLOB
*mac_key
,
143 const uint8_t *buf
, uint32_t seq_number
,
144 uint8_t calc_md5_mac
[16])
146 const size_t offset_end_of_sig
= (NBT_HDR_SIZE
+ HDR_SS_FIELD
+ 8);
147 uint8_t sequence_buf
[8];
148 struct MD5Context md5_ctx
;
151 * Firstly put the sequence number into the first 4 bytes.
152 * and zero out the next 4 bytes.
154 * We do this here, to avoid modifying the packet.
157 DEBUG(10,("smb_signing_md5: sequence number %u\n", seq_number
));
159 SIVAL(sequence_buf
, 0, seq_number
);
160 SIVAL(sequence_buf
, 4, 0);
162 /* Calculate the 16 byte MAC - but don't alter the data in the
165 This makes for a bit of fussing about, but it's not too bad.
169 /* intialise with the key */
170 MD5Update(&md5_ctx
, mac_key
->data
, mac_key
->length
);
172 /* copy in the first bit of the SMB header */
173 MD5Update(&md5_ctx
, buf
+ NBT_HDR_SIZE
, HDR_SS_FIELD
);
175 /* copy in the sequence number, instead of the signature */
176 MD5Update(&md5_ctx
, sequence_buf
, sizeof(sequence_buf
));
178 /* copy in the rest of the packet in, skipping the signature */
179 MD5Update(&md5_ctx
, buf
+ offset_end_of_sig
,
180 smb_len_nbt(buf
) - (offset_end_of_sig
- 4));
182 /* calculate the MD5 sig */
183 MD5Final(calc_md5_mac
, &md5_ctx
);
186 uint32_t smb_signing_next_seqnum(struct smb_signing_state
*si
, bool oneway
)
190 if (si
->mac_key
.length
== 0) {
204 void smb_signing_cancel_reply(struct smb_signing_state
*si
, bool oneway
)
206 if (si
->mac_key
.length
== 0) {
217 void smb_signing_sign_pdu(struct smb_signing_state
*si
,
218 uint8_t *outbuf
, uint32_t seqnum
)
220 uint8_t calc_md5_mac
[16];
224 if (si
->mac_key
.length
== 0) {
225 if (!si
->negotiated
) {
230 /* JRA Paranioa test - we should be able to get rid of this... */
231 if (smb_len_nbt(outbuf
) < (HDR_SS_FIELD
+ 8)) {
232 DEBUG(1,("smb_signing_sign_pdu: Logic error. "
233 "Can't check signature on short packet! smb_len = %u\n",
234 smb_len_nbt(outbuf
)));
238 com
= SVAL(outbuf
,NBT_HDR_SIZE
+HDR_COM
);
239 flags
= SVAL(outbuf
,NBT_HDR_SIZE
+HDR_FLG
);
241 if (!(flags
& FLAG_REPLY
)) {
242 uint16_t flags2
= SVAL(outbuf
,NBT_HDR_SIZE
+HDR_FLG2
);
244 * If this is a request, specify what is
245 * supported or required by the client
247 if (si
->negotiated
&& si
->desired
) {
248 flags2
|= FLAGS2_SMB_SECURITY_SIGNATURES
;
250 if (si
->negotiated
&& si
->mandatory
) {
251 flags2
|= FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
;
253 SSVAL(outbuf
, NBT_HDR_SIZE
+HDR_FLG2
, flags2
);
256 if (si
->mac_key
.length
== 0) {
257 /* I wonder what BSRSPYL stands for - but this is what MS
259 if (com
== SMBsesssetupX
) {
260 memcpy(calc_md5_mac
, "BSRSPYL ", 8);
262 memset(calc_md5_mac
, 0, 8);
265 smb_signing_md5(&si
->mac_key
, outbuf
,
266 seqnum
, calc_md5_mac
);
269 DEBUG(10, ("smb_signing_sign_pdu: sent SMB signature of\n"));
270 dump_data(10, calc_md5_mac
, 8);
272 memcpy(&outbuf
[NBT_HDR_SIZE
+HDR_SS_FIELD
], calc_md5_mac
, 8);
274 /* outbuf[NBT_HDR_SIZE+HDR_SS_FIELD+2]=0;
275 Uncomment this to test if the remote server actually verifies signatures...*/
278 bool smb_signing_check_pdu(struct smb_signing_state
*si
,
279 const uint8_t *inbuf
, uint32_t seqnum
)
282 uint8_t calc_md5_mac
[16];
283 const uint8_t *reply_sent_mac
;
285 if (si
->mac_key
.length
== 0) {
289 if (smb_len_nbt(inbuf
) < (HDR_SS_FIELD
+ 8)) {
290 DEBUG(1,("smb_signing_check_pdu: Can't check signature "
291 "on short packet! smb_len = %u\n",
292 smb_len_nbt(inbuf
)));
296 smb_signing_md5(&si
->mac_key
, inbuf
,
297 seqnum
, calc_md5_mac
);
299 reply_sent_mac
= &inbuf
[NBT_HDR_SIZE
+HDR_SS_FIELD
];
300 good
= (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0);
304 const int sign_range
= 5;
306 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: wanted SMB signature of\n"));
307 dump_data(5, calc_md5_mac
, 8);
309 DEBUG(5, ("smb_signing_check_pdu: BAD SIG: got SMB signature of\n"));
310 dump_data(5, reply_sent_mac
, 8);
312 for (i
= -sign_range
; i
< sign_range
; i
++) {
313 smb_signing_md5(&si
->mac_key
, inbuf
,
314 seqnum
+i
, calc_md5_mac
);
315 if (memcmp(reply_sent_mac
, calc_md5_mac
, 8) == 0) {
316 DEBUG(0,("smb_signing_check_pdu: "
317 "out of seq. seq num %u matches. "
318 "We were expecting seq %u\n",
319 (unsigned int)seqnum
+i
,
320 (unsigned int)seqnum
));
325 DEBUG(10, ("smb_signing_check_pdu: seq %u: "
326 "got good SMB signature of\n",
327 (unsigned int)seqnum
));
328 dump_data(10, reply_sent_mac
, 8);
331 return smb_signing_good(si
, good
, seqnum
);
334 bool smb_signing_activate(struct smb_signing_state
*si
,
335 const DATA_BLOB user_session_key
,
336 const DATA_BLOB response
)
341 if (!user_session_key
.length
) {
345 if (!si
->negotiated
) {
353 if (si
->mac_key
.length
> 0) {
357 smb_signing_reset_info(si
);
359 len
= response
.length
+ user_session_key
.length
;
361 si
->mac_key
.data
= (uint8_t *)si
->alloc_fn(si
->mem_ctx
, len
);
362 if (si
->mac_key
.data
== NULL
) {
366 si
->mac_key
.data
= (uint8_t *)talloc_size(si
, len
);
367 if (si
->mac_key
.data
== NULL
) {
371 si
->mac_key
.length
= len
;
374 memcpy(&si
->mac_key
.data
[ofs
], user_session_key
.data
, user_session_key
.length
);
376 DEBUG(10, ("smb_signing_activate: user_session_key\n"));
377 dump_data(10, user_session_key
.data
, user_session_key
.length
);
379 if (response
.length
) {
380 ofs
= user_session_key
.length
;
381 memcpy(&si
->mac_key
.data
[ofs
], response
.data
, response
.length
);
382 DEBUG(10, ("smb_signing_activate: response_data\n"));
383 dump_data(10, response
.data
, response
.length
);
385 DEBUG(10, ("smb_signing_activate: NULL response_data\n"));
388 dump_data_pw("smb_signing_activate: mac key is:\n",
389 si
->mac_key
.data
, si
->mac_key
.length
);
391 /* Initialise the sequence number */
397 bool smb_signing_is_active(struct smb_signing_state
*si
)
402 bool smb_signing_is_allowed(struct smb_signing_state
*si
)
407 bool smb_signing_is_mandatory(struct smb_signing_state
*si
)
409 return si
->mandatory
;
412 bool smb_signing_set_negotiated(struct smb_signing_state
*si
,
413 bool allowed
, bool mandatory
)
419 if (!si
->allowed
&& mandatory
) {
423 if (si
->mandatory
&& !allowed
) {
428 si
->negotiated
= true;
433 si
->negotiated
= true;
438 si
->negotiated
= false;
442 if (si
->desired
&& allowed
) {
443 si
->negotiated
= true;
447 si
->negotiated
= false;
451 bool smb_signing_is_negotiated(struct smb_signing_state
*si
)
453 return si
->negotiated
;