r6736: Revert metze's -r 6734, as metze and I made the same changes at the
[samba.git] / source / auth / ntlmssp / ntlmssp_sign.c
1 /* 
2  *  Unix SMB/CIFS implementation.
3  *  Version 3.0
4  *  NTLMSSP Signing routines
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-2001
6  *  Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2005
7  *  
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *  
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *  
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software Foundation,
20  *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21  */
22
23 #include "includes.h"
24 #include "auth/auth.h"
25 #include "auth/ntlmssp/ntlmssp.h"
26 #include "lib/crypto/crypto.h"
27
28 #define CLI_SIGN "session key to client-to-server signing key magic constant"
29 #define CLI_SEAL "session key to client-to-server sealing key magic constant"
30 #define SRV_SIGN "session key to server-to-client signing key magic constant"
31 #define SRV_SEAL "session key to server-to-client sealing key magic constant"
32
33 /**
34  * Some notes on then NTLM2 code:
35  *
36  * NTLM2 is a AEAD system.  This means that the data encrypted is not
37  * all the data that is signed.  In DCE-RPC case, the headers of the
38  * DCE-RPC packets are also signed.  This prevents some of the
39  * fun-and-games one might have by changing them.
40  *
41  */
42
43 static void calc_ntlmv2_key(TALLOC_CTX *mem_ctx, 
44                             DATA_BLOB *subkey,
45                             DATA_BLOB session_key, 
46                             const char *constant)
47 {
48         struct MD5Context ctx3;
49         *subkey = data_blob_talloc(mem_ctx, NULL, 16);
50         MD5Init(&ctx3);
51         MD5Update(&ctx3, session_key.data, session_key.length);
52         MD5Update(&ctx3, constant, strlen(constant)+1);
53         MD5Final(subkey->data, &ctx3);
54 }
55
56 enum ntlmssp_direction {
57         NTLMSSP_SEND,
58         NTLMSSP_RECEIVE
59 };
60
61 static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
62                                               TALLOC_CTX *sig_mem_ctx, 
63                                               const uint8_t *data, size_t length, 
64                                               const uint8_t *whole_pdu, size_t pdu_length, 
65                                               enum ntlmssp_direction direction,
66                                               DATA_BLOB *sig, BOOL encrypt_sig)
67 {
68         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
69
70                 HMACMD5Context ctx;
71                 uint8_t digest[16];
72                 uint8_t seq_num[4];
73
74                 *sig = data_blob_talloc(sig_mem_ctx, NULL, NTLMSSP_SIG_SIZE);
75                 if (!sig->data) {
76                         return NT_STATUS_NO_MEMORY;
77                 }
78                         
79                 switch (direction) {
80                 case NTLMSSP_SEND:
81                         SIVAL(seq_num, 0, gensec_ntlmssp_state->ntlm2.send_seq_num);
82                         gensec_ntlmssp_state->ntlm2.send_seq_num++;
83                         hmac_md5_init_limK_to_64(gensec_ntlmssp_state->ntlm2.send_sign_key.data, 
84                                                  gensec_ntlmssp_state->ntlm2.send_sign_key.length, &ctx);
85                         break;
86                 case NTLMSSP_RECEIVE:
87                         SIVAL(seq_num, 0, gensec_ntlmssp_state->ntlm2.recv_seq_num);
88                         gensec_ntlmssp_state->ntlm2.recv_seq_num++;
89                         hmac_md5_init_limK_to_64(gensec_ntlmssp_state->ntlm2.recv_sign_key.data, 
90                                                  gensec_ntlmssp_state->ntlm2.recv_sign_key.length, &ctx);
91                         break;
92                 }
93                 hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
94                 hmac_md5_update(whole_pdu, pdu_length, &ctx);
95                 hmac_md5_final(digest, &ctx);
96
97                 if (encrypt_sig && gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
98                         switch (direction) {
99                         case NTLMSSP_SEND:
100                                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state, digest, 8);
101                                 break;
102                         case NTLMSSP_RECEIVE:
103                                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state, digest, 8);
104                                 break;
105                         }
106                 }
107
108                 SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION);
109                 memcpy(sig->data + 4, digest, 8);
110                 memcpy(sig->data + 12, seq_num, 4);
111
112         } else {
113                 uint32_t crc;
114                 crc = crc32_calc_buffer(data, length);
115                 if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->ntlm.seq_num)) {
116                         return NT_STATUS_NO_MEMORY;
117                 }
118                 gensec_ntlmssp_state->ntlm.seq_num++;
119
120                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm.arcfour_state, sig->data+4, sig->length-4);
121         }
122         dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length);
123         return NT_STATUS_OK;
124 }
125
126 NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, 
127                                     TALLOC_CTX *sig_mem_ctx, 
128                                     const uint8_t *data, size_t length, 
129                                     const uint8_t *whole_pdu, size_t pdu_length, 
130                                     DATA_BLOB *sig)
131 {
132         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
133
134         if (!gensec_ntlmssp_state->session_key.length) {
135                 DEBUG(3, ("NO session key, cannot check sign packet\n"));
136                 return NT_STATUS_NO_USER_SESSION_KEY;
137         }
138         
139         if (!gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
140                 DEBUG(3, ("NTLMSSP Signing not negotiated - cannot sign packet!\n"));
141                 return NT_STATUS_INVALID_PARAMETER;
142         }
143         
144         return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
145                                              data, length, 
146                                              whole_pdu, pdu_length, 
147                                              NTLMSSP_SEND, sig, True);
148 }
149
150 /**
151  * Check the signature of an incoming packet 
152  *
153  */
154
155 NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, 
156                                      TALLOC_CTX *sig_mem_ctx, 
157                                      const uint8_t *data, size_t length, 
158                                      const uint8_t *whole_pdu, size_t pdu_length, 
159                                      const DATA_BLOB *sig)
160 {
161         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
162
163         DATA_BLOB local_sig;
164         NTSTATUS nt_status;
165
166         if (!gensec_ntlmssp_state->session_key.length) {
167                 DEBUG(3, ("NO session key, cannot check packet signature\n"));
168                 return NT_STATUS_NO_USER_SESSION_KEY;
169         }
170
171         if (sig->length < 8) {
172                 DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
173                           (unsigned long)sig->length));
174         }
175
176         nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
177                                                   data, length, 
178                                                   whole_pdu, pdu_length, 
179                                                   NTLMSSP_RECEIVE, &local_sig, True);
180         
181         if (!NT_STATUS_IS_OK(nt_status)) {
182                 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
183                 return nt_status;
184         }
185
186         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
187                 if (local_sig.length != sig->length ||
188                     memcmp(local_sig.data, 
189                            sig->data, sig->length) != 0) {
190                         DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n"));
191                         dump_data(5, local_sig.data, local_sig.length);
192                         
193                         DEBUG(5, ("BAD SIG: got signature of\n"));
194                         dump_data(5, sig->data, sig->length);
195                         
196                         DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature!\n"));
197                         return NT_STATUS_ACCESS_DENIED;
198                 }
199         } else {
200                 if (local_sig.length != sig->length ||
201                     memcmp(local_sig.data + 8, 
202                            sig->data + 8, sig->length - 8) != 0) {
203                         DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n"));
204                         dump_data(5, local_sig.data, local_sig.length);
205                         
206                         DEBUG(5, ("BAD SIG: got signature of\n"));
207                         dump_data(5, sig->data, sig->length);
208                         
209                         DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature!\n"));
210                         return NT_STATUS_ACCESS_DENIED;
211                 }
212         }
213         dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
214
215         return NT_STATUS_OK;
216 }
217
218
219 /**
220  * Seal data with the NTLMSSP algorithm
221  *
222  */
223
224 NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, 
225                                     TALLOC_CTX *sig_mem_ctx, 
226                                     uint8_t *data, size_t length, 
227                                     const uint8_t *whole_pdu, size_t pdu_length, 
228                                     DATA_BLOB *sig)
229 {
230         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
231         NTSTATUS nt_status;
232         if (!gensec_ntlmssp_state->session_key.length) {
233                 DEBUG(3, ("NO session key, cannot seal packet\n"));
234                 return NT_STATUS_NO_USER_SESSION_KEY;
235         }
236
237         if (!gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
238                 DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
239                 return NT_STATUS_INVALID_PARAMETER;
240         }
241
242         DEBUG(10,("ntlmssp_seal_data: seal\n"));
243         dump_data_pw("ntlmssp clear data\n", data, length);
244         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
245                 /* The order of these two operations matters - we must first seal the packet,
246                    then seal the sequence number - this is becouse the send_seal_hash is not
247                    constant, but is is rather updated with each iteration */
248                 nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
249                                                           data, length, 
250                                                           whole_pdu, pdu_length, 
251                                                           NTLMSSP_SEND, sig, False);
252                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state, data, length);
253                 if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
254                         arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state, sig->data+4, 8);
255                 }
256         } else {
257                 uint32_t crc;
258                 crc = crc32_calc_buffer(data, length);
259                 if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->ntlm.seq_num)) {
260                         return NT_STATUS_NO_MEMORY;
261                 }
262
263                 /* The order of these two operations matters - we must
264                    first seal the packet, then seal the sequence
265                    number - this is becouse the ntlmssp_hash is not
266                    constant, but is is rather updated with each
267                    iteration */
268
269                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm.arcfour_state, data, length);
270                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm.arcfour_state, sig->data+4, sig->length-4);
271                 /* increment counter on send */
272                 gensec_ntlmssp_state->ntlm.seq_num++;
273                 nt_status = NT_STATUS_OK;
274         }
275         dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
276         dump_data_pw("ntlmssp sealed data\n", data, length);
277
278
279         return nt_status;
280 }
281
282 /**
283  * Unseal data with the NTLMSSP algorithm
284  *
285  */
286
287 /*
288   wrappers for the ntlmssp_*() functions
289 */
290 NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, 
291                                       TALLOC_CTX *sig_mem_ctx, 
292                                       uint8_t *data, size_t length, 
293                                       const uint8_t *whole_pdu, size_t pdu_length, 
294                                       const DATA_BLOB *sig)
295 {
296         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
297         DATA_BLOB local_sig;
298         NTSTATUS nt_status;
299         if (!gensec_ntlmssp_state->session_key.length) {
300                 DEBUG(3, ("NO session key, cannot unseal packet\n"));
301                 return NT_STATUS_NO_USER_SESSION_KEY;
302         }
303
304         dump_data_pw("ntlmssp sealed data\n", data, length);
305         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
306                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state, data, length);
307
308                 nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
309                                                           data, length, 
310                                                           whole_pdu, pdu_length, 
311                                                           NTLMSSP_RECEIVE, &local_sig, True);
312                 if (!NT_STATUS_IS_OK(nt_status)) {
313                         return nt_status;
314                 }
315
316                 if (local_sig.length != sig->length ||
317                     memcmp(local_sig.data, 
318                            sig->data, sig->length) != 0) {
319                         DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n"));
320                         dump_data(5, local_sig.data, local_sig.length);
321                         
322                         DEBUG(5, ("BAD SIG: got signature of\n"));
323                         dump_data(5, sig->data, sig->length);
324                         
325                         DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature!\n"));
326                         return NT_STATUS_ACCESS_DENIED;
327                 }
328
329                 dump_data_pw("ntlmssp clear data\n", data, length);
330                 return NT_STATUS_OK;
331         } else {
332                 arcfour_crypt_sbox(gensec_ntlmssp_state->ntlm.arcfour_state, data, length);
333                 dump_data_pw("ntlmssp clear data\n", data, length);
334                 return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
335         }
336 }
337
338 /**
339    Initialise the state for NTLMSSP signing.
340 */
341 NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
342 {
343         uint8_t p24[24];
344         ZERO_STRUCT(p24);
345
346         DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
347         debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
348
349         if (!gensec_ntlmssp_state->session_key.length) {
350                 DEBUG(3, ("NO session key, cannot intialise signing\n"));
351                 return NT_STATUS_NO_USER_SESSION_KEY;
352         }
353
354         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
355         {
356                 DATA_BLOB weak_session_key = gensec_ntlmssp_state->session_key;
357                 const char *send_sign_const;
358                 const char *send_seal_const;
359                 const char *recv_sign_const;
360                 const char *recv_seal_const;
361
362                 DATA_BLOB send_seal_key;
363                 DATA_BLOB recv_seal_key;
364
365                 switch (gensec_ntlmssp_state->role) {
366                 case NTLMSSP_CLIENT:
367                         send_sign_const = CLI_SIGN;
368                         send_seal_const = CLI_SEAL;
369                         recv_sign_const = SRV_SIGN;
370                         recv_seal_const = SRV_SEAL;
371                         break;
372                 case NTLMSSP_SERVER:
373                         send_sign_const = SRV_SIGN;
374                         send_seal_const = SRV_SEAL;
375                         recv_sign_const = CLI_SIGN;
376                         recv_seal_const = CLI_SEAL;
377                         break;
378                 default:
379                         return NT_STATUS_INTERNAL_ERROR;
380                 }
381                 
382                 gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
383                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state);
384                 gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
385                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state);
386
387                 /**
388                    Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
389                    
390                    We probably should have some parameters to control this, once we get NTLM2 working.
391                 */
392
393
394                 if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
395                         
396                 } else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
397                         weak_session_key.length = 6;
398                 } else { /* forty bits */
399                         weak_session_key.length = 5;
400                 }
401                 dump_data_pw("NTLMSSP weakend master key:\n",
402                              weak_session_key.data, 
403                              weak_session_key.length);
404
405                 /* SEND */
406                 calc_ntlmv2_key(gensec_ntlmssp_state, 
407                                 &gensec_ntlmssp_state->ntlm2.send_sign_key, 
408                                 gensec_ntlmssp_state->session_key, send_sign_const);
409                 dump_data_pw("NTLMSSP send sign key:\n",
410                              gensec_ntlmssp_state->ntlm2.send_sign_key.data, 
411                              gensec_ntlmssp_state->ntlm2.send_sign_key.length);
412                 
413                 calc_ntlmv2_key(gensec_ntlmssp_state, 
414                                 &send_seal_key, 
415                                 weak_session_key, send_seal_const);
416                 dump_data_pw("NTLMSSP send seal key:\n",
417                              send_seal_key.data, 
418                              send_seal_key.length);
419
420                 arcfour_init(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state, 
421                              &send_seal_key);
422
423                 dump_data_pw("NTLMSSP send sesl hash:\n", 
424                              gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state->sbox, 
425                              sizeof(gensec_ntlmssp_state->ntlm2.send_seal_arcfour_state->sbox));
426
427                 /* RECV */
428                 calc_ntlmv2_key(gensec_ntlmssp_state, 
429                                 &gensec_ntlmssp_state->ntlm2.recv_sign_key, 
430                                 gensec_ntlmssp_state->session_key, recv_sign_const);
431                 dump_data_pw("NTLMSSP recv sign key:\n",
432                              gensec_ntlmssp_state->ntlm2.recv_sign_key.data, 
433                              gensec_ntlmssp_state->ntlm2.recv_sign_key.length);
434
435                 calc_ntlmv2_key(gensec_ntlmssp_state, 
436                                 &recv_seal_key, 
437                                 weak_session_key, recv_seal_const);
438                 dump_data_pw("NTLMSSP recv seal key:\n",
439                              recv_seal_key.data, 
440                              recv_seal_key.length);
441                 arcfour_init(gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state, 
442                              &recv_seal_key);
443
444                 dump_data_pw("NTLMSSP receive seal hash:\n", 
445                              gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state->sbox, 
446                              sizeof(gensec_ntlmssp_state->ntlm2.recv_seal_arcfour_state->sbox));
447
448                 gensec_ntlmssp_state->ntlm2.send_seq_num = 0;
449                 gensec_ntlmssp_state->ntlm2.recv_seq_num = 0;
450
451         } else {
452                 DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
453
454                 gensec_ntlmssp_state->ntlm.arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
455                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->ntlm.arcfour_state);
456
457                 arcfour_init(gensec_ntlmssp_state->ntlm.arcfour_state, 
458                              &gensec_ntlmssp_state->session_key);
459                 dump_data_pw("NTLMSSP hash:\n", gensec_ntlmssp_state->ntlm.arcfour_state->sbox,
460                              sizeof(gensec_ntlmssp_state->ntlm.arcfour_state->sbox));
461
462                 gensec_ntlmssp_state->ntlm.seq_num = 0;
463         }
464
465         return NT_STATUS_OK;
466 }
467
468 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security) 
469 {
470         return NTLMSSP_SIG_SIZE;
471 }
472
473 NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, 
474                              TALLOC_CTX *sig_mem_ctx, 
475                              const DATA_BLOB *in, 
476                              DATA_BLOB *out)
477 {
478         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
479         DATA_BLOB sig;
480         NTSTATUS nt_status;
481
482         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
483
484                 *out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
485                 memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
486
487                 nt_status = gensec_ntlmssp_seal_packet(gensec_security, sig_mem_ctx, 
488                                                        out->data + NTLMSSP_SIG_SIZE, 
489                                                        out->length - NTLMSSP_SIG_SIZE, 
490                                                        out->data + NTLMSSP_SIG_SIZE, 
491                                                        out->length - NTLMSSP_SIG_SIZE, 
492                                                        &sig);
493
494                 if (NT_STATUS_IS_OK(nt_status)) {
495                         memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
496                 }
497                 return nt_status;
498
499         } else if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) 
500                    || (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
501
502                 *out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
503                 memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
504
505                 nt_status = gensec_ntlmssp_sign_packet(gensec_security, sig_mem_ctx, 
506                                                 out->data + NTLMSSP_SIG_SIZE, 
507                                                 out->length - NTLMSSP_SIG_SIZE, 
508                                                 out->data + NTLMSSP_SIG_SIZE, 
509                                                 out->length - NTLMSSP_SIG_SIZE, 
510                                                 &sig);
511
512                 if (NT_STATUS_IS_OK(nt_status)) {
513                         memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
514                 }
515                 return nt_status;
516
517         } else {
518                 *out = *in;
519                 return NT_STATUS_OK;
520         }
521 }
522
523
524 NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, 
525                                TALLOC_CTX *sig_mem_ctx, 
526                                const DATA_BLOB *in, 
527                                DATA_BLOB *out)
528 {
529         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
530         DATA_BLOB sig;
531
532         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
533                 if (in->length < NTLMSSP_SIG_SIZE) {
534                         return NT_STATUS_INVALID_PARAMETER;
535                 }
536                 sig.data = in->data;
537                 sig.length = NTLMSSP_SIG_SIZE;
538
539                 *out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
540                 
541                 return gensec_ntlmssp_unseal_packet(gensec_security, sig_mem_ctx, 
542                                                     out->data, out->length, 
543                                                     out->data, out->length, 
544                                                     &sig);
545                                                   
546         } else if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) 
547                    || (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
548                 if (in->length < NTLMSSP_SIG_SIZE) {
549                         return NT_STATUS_INVALID_PARAMETER;
550                 }
551                 sig.data = in->data;
552                 sig.length = NTLMSSP_SIG_SIZE;
553
554                 *out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
555                 
556                 return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, 
557                                             out->data, out->length, 
558                                             out->data, out->length, 
559                                             &sig);
560         } else {
561                 *out = *in;
562                 return NT_STATUS_OK;
563         }
564 }
565