source4/libcli/raw/smb_signing.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB Signing Code
   4    Copyright (C) Jeremy Allison 2002.
   5    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   6    Copyright (C) James J Myers <myersjj@samba.org> 2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smb.h"
  24 #include "libcli/raw/libcliraw.h"
  25 #include "libcli/raw/raw_proto.h"
  26 #include "../lib/crypto/crypto.h"
  27 #include "param/param.h"
  28
  29 /***********************************************************
  30  SMB signing - Common code before we set a new signing implementation
  31 ************************************************************/
  32 bool set_smb_signing_common(struct smb_signing_context *sign_info)
  33 {
  34         if (sign_info->doing_signing) {
  35                 DEBUG(5, ("SMB Signing already in progress, so we don't start it again\n"));
  36                 return false;
  37         }
  38
  39         if (!sign_info->allow_smb_signing) {
  40                 DEBUG(5, ("SMB Signing has been locally disabled\n"));
  41                 return false;
  42         }
  43
  44         return true;
  45 }
  46
  47 /***********************************************************
  48  SMB signing - Common code before we set a new signing implementation
  49 ************************************************************/
  50 static bool smbcli_set_smb_signing_common(struct smbcli_transport *transport)
  51 {
  52         if (!set_smb_signing_common(&transport->negotiate.sign_info)) {
  53                 return false;
  54         }
  55
  56         if (!(transport->negotiate.sec_mode &
  57               (NEGOTIATE_SECURITY_SIGNATURES_REQUIRED|NEGOTIATE_SECURITY_SIGNATURES_ENABLED))) {
  58                 DEBUG(5, ("SMB Signing is not negotiated by the peer\n"));
  59                 return false;
  60         }
  61
  62         /* These calls are INCOMPATIBLE with SMB signing */
  63         transport->negotiate.readbraw_supported = false;
  64         transport->negotiate.writebraw_supported = false;
  65
  66         return true;
  67 }
  68
  69 void mark_packet_signed(struct smb_request_buffer *out)
  70 {
  71         uint16_t flags2;
  72         flags2 = SVAL(out->hdr, HDR_FLG2);
  73         flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
  74         SSVAL(out->hdr, HDR_FLG2, flags2);
  75 }
  76
  77 bool signing_good(struct smb_signing_context *sign_info,
  78                          unsigned int seq, bool good)
  79 {
  80         if (good) {
  81                 if (!sign_info->doing_signing) {
  82                         DEBUG(5, ("Seen valid packet, so turning signing on\n"));
  83                         sign_info->doing_signing = true;
  84                 }
  85                 if (!sign_info->seen_valid) {
  86                         DEBUG(5, ("Seen valid packet, so marking signing as 'seen valid'\n"));
  87                         sign_info->seen_valid = true;
  88                 }
  89         } else {
  90                 if (!sign_info->seen_valid) {
  91                         /* If we have never seen a good packet, just turn it off */
  92                         DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
  93                                   "isn't sending correct signatures. Turning off.\n"));
  94                         smbcli_set_signing_off(sign_info);
  95                         return true;
  96                 } else {
  97                         /* bad packet after signing started - fail and disconnect. */
  98                         DEBUG(0, ("signing_good: BAD SIG: seq %u\n", seq));
  99                         return false;
 100                 }
 101         }
 102         return true;
 103 }
 104
 105 void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key, unsigned int seq_num)
 106 {
 107         uint8_t calc_md5_mac[16];
 108         struct MD5Context md5_ctx;
 109
 110         /*
 111          * Firstly put the sequence number into the first 4 bytes.
 112          * and zero out the next 4 bytes.
 113          */
 114         SIVAL(out->hdr, HDR_SS_FIELD, seq_num);
 115         SIVAL(out->hdr, HDR_SS_FIELD + 4, 0);
 116
 117         /* mark the packet as signed - BEFORE we sign it...*/
 118         mark_packet_signed(out);
 119
 120         /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 121         MD5Init(&md5_ctx);
 122         MD5Update(&md5_ctx, mac_key->data, mac_key->length);
 123         MD5Update(&md5_ctx,
 124                   out->buffer + NBT_HDR_SIZE,
 125                   out->size - NBT_HDR_SIZE);
 126         MD5Final(calc_md5_mac, &md5_ctx);
 127
 128         memcpy(&out->hdr[HDR_SS_FIELD], calc_md5_mac, 8);
 129
 130         DEBUG(5, ("sign_outgoing_message: SENT SIG (seq: %d): sent SMB signature of\n",
 131                   seq_num));
 132         dump_data(5, calc_md5_mac, 8);
 133 /*      req->out.hdr[HDR_SS_FIELD+2]=0;
 134         Uncomment this to test if the remote server actually verifies signitures...*/
 135 }
 136
 137 bool check_signed_incoming_message(struct smb_request_buffer *in, DATA_BLOB *mac_key, uint_t seq_num)
 138 {
 139         bool good;
 140         uint8_t calc_md5_mac[16];
 141         uint8_t *server_sent_mac;
 142         uint8_t sequence_buf[8];
 143         struct MD5Context md5_ctx;
 144         const size_t offset_end_of_sig = (HDR_SS_FIELD + 8);
 145         int i;
 146         const int sign_range = 0;
 147
 148         /* room enough for the signature? */
 149         if (in->size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) {
 150                 return false;
 151         }
 152
 153         if (!mac_key->length) {
 154                 /* NO key yet */
 155                 return false;
 156         }
 157
 158         /* its quite bogus to be guessing sequence numbers, but very useful
 159            when debugging signing implementations */
 160         for (i = 0-sign_range; i <= 0+sign_range; i++) {
 161                 /*
 162                  * Firstly put the sequence number into the first 4 bytes.
 163                  * and zero out the next 4 bytes.
 164                  */
 165                 SIVAL(sequence_buf, 0, seq_num + i);
 166                 SIVAL(sequence_buf, 4, 0);
 167
 168                 /* get a copy of the server-sent mac */
 169                 server_sent_mac = &in->hdr[HDR_SS_FIELD];
 170
 171                 /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 172                 MD5Init(&md5_ctx);
 173                 MD5Update(&md5_ctx, mac_key->data,
 174                           mac_key->length);
 175                 MD5Update(&md5_ctx, in->hdr, HDR_SS_FIELD);
 176                 MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf));
 177
 178                 MD5Update(&md5_ctx, in->hdr + offset_end_of_sig,
 179                           in->size - NBT_HDR_SIZE - (offset_end_of_sig));
 180                 MD5Final(calc_md5_mac, &md5_ctx);
 181
 182                 good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
 183
 184                 if (i == 0) {
 185                         if (!good) {
 186                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
 187                                 dump_data(5, calc_md5_mac, 8);
 188
 189                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 190                                 dump_data(5, server_sent_mac, 8);
 191                         } else {
 192                                 DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 193                                 dump_data(5, server_sent_mac, 8);
 194                         }
 195                 }
 196
 197                 if (good) break;
 198         }
 199
 200         if (good && i != 0) {
 201                 DEBUG(0,("SIGNING OFFSET %d (should be %d)\n", i, seq_num));
 202         }
 203
 204         return good;
 205 }
 206
 207 static void smbcli_req_allocate_seq_num(struct smbcli_request *req)
 208 {
 209         req->seq_num = req->transport->negotiate.sign_info.next_seq_num;
 210
 211         /* some requests (eg. NTcancel) are one way, and the sequence number
 212            should be increased by 1 not 2 */
 213         if (req->sign_single_increment) {
 214                 req->transport->negotiate.sign_info.next_seq_num += 1;
 215         } else {
 216                 req->transport->negotiate.sign_info.next_seq_num += 2;
 217         }
 218 }
 219
 220 /***********************************************************
 221  SMB signing - Simple implementation - calculate a MAC to send.
 222 ************************************************************/
 223 void smbcli_request_calculate_sign_mac(struct smbcli_request *req)
 224 {
 225 #if 0
 226         /* enable this when packet signing is preventing you working out why valgrind
 227            says that data is uninitialised */
 228         file_save("pkt.dat", req->out.buffer, req->out.size);
 229 #endif
 230
 231         switch (req->transport->negotiate.sign_info.signing_state) {
 232         case SMB_SIGNING_ENGINE_OFF:
 233                 break;
 234
 235         case SMB_SIGNING_ENGINE_BSRSPYL:
 236                 /* mark the packet as signed - BEFORE we sign it...*/
 237                 mark_packet_signed(&req->out);
 238
 239                 /* I wonder what BSRSPYL stands for - but this is what MS
 240                    actually sends! */
 241                 memcpy((req->out.hdr + HDR_SS_FIELD), "BSRSPYL ", 8);
 242                 break;
 243
 244         case SMB_SIGNING_ENGINE_ON:
 245
 246                 smbcli_req_allocate_seq_num(req);
 247                 sign_outgoing_message(&req->out,
 248                                       &req->transport->negotiate.sign_info.mac_key,
 249                                       req->seq_num);
 250                 break;
 251         }
 252         return;
 253 }
 254
 255
 256 /**
 257  SMB signing - NULL implementation
 258
 259  @note Used as an initialisation only - it will not correctly
 260        shut down a real signing mechanism
 261 */
 262 bool smbcli_set_signing_off(struct smb_signing_context *sign_info)
 263 {
 264         DEBUG(5, ("Shutdown SMB signing\n"));
 265         sign_info->doing_signing = false;
 266         data_blob_free(&sign_info->mac_key);
 267         sign_info->signing_state = SMB_SIGNING_ENGINE_OFF;
 268         return true;
 269 }
 270
 271 /**
 272  SMB signing - TEMP implementation - setup the MAC key.
 273
 274 */
 275 bool smbcli_temp_set_signing(struct smbcli_transport *transport)
 276 {
 277         if (!smbcli_set_smb_signing_common(transport)) {
 278                 return false;
 279         }
 280         DEBUG(5, ("BSRSPYL SMB signing enabled\n"));
 281         smbcli_set_signing_off(&transport->negotiate.sign_info);
 282
 283         transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
 284         transport->negotiate.sign_info.signing_state = SMB_SIGNING_ENGINE_BSRSPYL;
 285
 286         return true;
 287 }
 288
 289 /***********************************************************
 290  SMB signing - Simple implementation - check a MAC sent by server.
 291 ************************************************************/
 292 /**
 293  * Check a packet supplied by the server.
 294  * @return false if we had an established signing connection
 295  *         which had a back checksum, true otherwise
 296  */
 297 bool smbcli_request_check_sign_mac(struct smbcli_request *req)
 298 {
 299         bool good;
 300
 301         if (!req->transport->negotiate.sign_info.doing_signing &&
 302             req->sign_caller_checks) {
 303                 return true;
 304         }
 305
 306         req->sign_caller_checks = false;
 307
 308         switch (req->transport->negotiate.sign_info.signing_state)
 309         {
 310         case SMB_SIGNING_ENGINE_OFF:
 311                 return true;
 312         case SMB_SIGNING_ENGINE_BSRSPYL:
 313                 return true;
 314
 315         case SMB_SIGNING_ENGINE_ON:
 316         {
 317                 if (req->in.size < (HDR_SS_FIELD + 8)) {
 318                         return false;
 319                 } else {
 320                         good = check_signed_incoming_message(&req->in,
 321                                                              &req->transport->negotiate.sign_info.mac_key,
 322                                                              req->seq_num+1);
 323
 324                         return signing_good(&req->transport->negotiate.sign_info,
 325                                             req->seq_num+1, good);
 326                 }
 327         }
 328         }
 329         return false;
 330 }
 331
 332
 333 /***********************************************************
 334  SMB signing - Simple implementation - setup the MAC key.
 335 ************************************************************/
 336 bool smbcli_simple_set_signing(TALLOC_CTX *mem_ctx,
 337                                struct smb_signing_context *sign_info,
 338                                const DATA_BLOB *user_session_key,
 339                                const DATA_BLOB *response)
 340 {
 341         if (sign_info->mandatory_signing) {
 342                 DEBUG(5, ("Mandatory SMB signing enabled!\n"));
 343         }
 344
 345         DEBUG(5, ("SMB signing enabled!\n"));
 346
 347         if (response && response->length) {
 348                 sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, response->length + user_session_key->length);
 349         } else {
 350                 sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, user_session_key->length);
 351         }
 352
 353         memcpy(&sign_info->mac_key.data[0], user_session_key->data, user_session_key->length);
 354
 355         if (response && response->length) {
 356                 memcpy(&sign_info->mac_key.data[user_session_key->length],response->data, response->length);
 357         }
 358
 359         dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length);
 360
 361         sign_info->signing_state = SMB_SIGNING_ENGINE_ON;
 362         sign_info->next_seq_num = 2;
 363
 364         return true;
 365 }
 366
 367
 368 /***********************************************************
 369  SMB signing - Simple implementation - setup the MAC key.
 370 ************************************************************/
 371 bool smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
 372                                          const DATA_BLOB user_session_key,
 373                                          const DATA_BLOB response)
 374 {
 375         if (!smbcli_set_smb_signing_common(transport)) {
 376                 return false;
 377         }
 378
 379         return smbcli_simple_set_signing(transport,
 380                                          &transport->negotiate.sign_info,
 381                                          &user_session_key,
 382                                          &response);
 383 }
 384
 385
 386 bool smbcli_init_signing(struct smbcli_transport *transport)
 387 {
 388         transport->negotiate.sign_info.next_seq_num = 0;
 389         transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
 390         if (!smbcli_set_signing_off(&transport->negotiate.sign_info)) {
 391                 return false;
 392         }
 393
 394         switch (transport->options.signing) {
 395         case SMB_SIGNING_OFF:
 396                 transport->negotiate.sign_info.allow_smb_signing = false;
 397                 break;
 398         case SMB_SIGNING_SUPPORTED:
 399         case SMB_SIGNING_AUTO:
 400                 transport->negotiate.sign_info.allow_smb_signing = true;
 401                 break;
 402         case SMB_SIGNING_REQUIRED:
 403                 transport->negotiate.sign_info.allow_smb_signing = true;
 404                 transport->negotiate.sign_info.mandatory_signing = true;
 405                 break;
 406         }
 407         return true;
 408 }