return True;
}
-/*******************************************************************
- Create a digest over the entire packet (including the data), and
- MD5 it with the session key.
- ********************************************************************/
-
-static void schannel_digest(struct schannel_auth_struct *a,
- enum dcerpc_AuthLevel auth_level,
- struct NL_AUTH_SIGNATURE *verf,
- char *data, size_t data_len,
- uchar digest_final[16])
-{
- uchar whole_packet_digest[16];
- uchar zeros[4];
- struct MD5Context ctx3;
- uint8_t sig[8];
-
- ZERO_STRUCT(zeros);
- ZERO_STRUCT(sig);
-
- SSVAL(sig,0,verf->SignatureAlgorithm);
- SSVAL(sig,2,verf->SealAlgorithm);
- SSVAL(sig,4,verf->Pad);
- SSVAL(sig,6,verf->Flags);
-
- /* verfiy the signature on the packet by MD5 over various bits */
- MD5Init(&ctx3);
- /* use our sequence number, which ensures the packet is not
- out of order */
- MD5Update(&ctx3, zeros, sizeof(zeros));
- MD5Update(&ctx3, sig, 8);
- if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
- }
- MD5Update(&ctx3, (const unsigned char *)data, data_len);
- MD5Final(whole_packet_digest, &ctx3);
- dump_data_pw("whole_packet_digest:\n", whole_packet_digest, sizeof(whole_packet_digest));
-
- /* MD5 this result and the session key, to prove that
- only a valid client could had produced this */
- hmac_md5(a->sess_key, whole_packet_digest, sizeof(whole_packet_digest), digest_final);
-}
-
-/*******************************************************************
- Calculate the key with which to encode the data payload
- ********************************************************************/
-
-static void schannel_get_sealing_key(struct schannel_auth_struct *a,
- struct NL_AUTH_SIGNATURE *verf,
- uchar sealing_key[16])
-{
- uchar zeros[4];
- uchar digest2[16];
- uchar sess_kf0[16];
- int i;
-
- ZERO_STRUCT(zeros);
-
- for (i = 0; i < sizeof(sess_kf0); i++) {
- sess_kf0[i] = a->sess_key[i] ^ 0xf0;
- }
-
- dump_data_pw("sess_kf0:\n", sess_kf0, sizeof(sess_kf0));
-
- /* MD5 of sess_kf0 and 4 zero bytes */
- hmac_md5(sess_kf0, zeros, 0x4, digest2);
- dump_data_pw("digest2:\n", digest2, sizeof(digest2));
-
- /* MD5 of the above result, plus 8 bytes of sequence number */
- hmac_md5(digest2, verf->SequenceNumber, sizeof(verf->SequenceNumber), sealing_key);
- dump_data_pw("sealing_key:\n", sealing_key, 16);
-}
-
-/*******************************************************************
- Encode or Decode the sequence number (which is symmetric)
- ********************************************************************/
-
-static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
- struct NL_AUTH_SIGNATURE *verf)
-{
- uchar zeros[4];
- uchar sequence_key[16];
- uchar digest1[16];
-
- ZERO_STRUCT(zeros);
-
- hmac_md5(a->sess_key, zeros, sizeof(zeros), digest1);
- dump_data_pw("(sequence key) digest1:\n", digest1, sizeof(digest1));
-
- hmac_md5(digest1, verf->Checksum, 8, sequence_key);
-
- dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key));
-
- dump_data_pw("seq_num (before):\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
- arcfour_crypt(verf->SequenceNumber, sequence_key, 8);
- dump_data_pw("seq_num (after):\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
-}
-
-/*******************************************************************
- Encode a blob of data using the schannel alogrithm, also produceing
- a checksum over the original data. We currently only support
- signing and sealing togeather - the signing-only code is close, but not
- quite compatible with what MS does.
- ********************************************************************/
-
-void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
- enum schannel_direction direction,
- struct NL_AUTH_SIGNATURE *verf,
- char *data, size_t data_len)
-{
- uchar digest_final[16];
- uchar confounder[8];
- uchar seq_num[8];
- static const uchar nullbytes[8] = { 0, };
-
- DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
-
- /* fill the 'confounder' with random data */
- generate_random_buffer(confounder, sizeof(confounder));
-
- dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
-
- RSIVAL(seq_num, 0, a->seq_num);
-
- switch (direction) {
- case SENDER_IS_INITIATOR:
- SIVAL(seq_num, 4, 0x80);
- break;
- case SENDER_IS_ACCEPTOR:
- SIVAL(seq_num, 4, 0x0);
- break;
- }
-
- dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
-
- if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- verf->SealAlgorithm = NL_SEAL_RC4;
- } else {
- verf->SealAlgorithm = NL_SEAL_NONE;
- }
-
- verf->SignatureAlgorithm = NL_SIGN_HMAC_MD5;
- verf->Pad = 0xffff;
- verf->Flags = 0x0000;
-
- memcpy(verf->SequenceNumber, seq_num, sizeof(verf->SequenceNumber));
- memcpy(verf->Checksum, nullbytes, sizeof(verf->Checksum));
- memcpy(verf->Confounder, confounder, sizeof(verf->Confounder));
-
- /* produce a digest of the packet to prove it's legit (before we seal it) */
- schannel_digest(a, auth_level, verf, data, data_len, digest_final);
- memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
-
- if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- uchar sealing_key[16];
-
- /* get the key to encode the data with */
- schannel_get_sealing_key(a, verf, sealing_key);
-
- /* encode the verification data */
- dump_data_pw("verf->Confounder:\n", verf->Confounder, sizeof(verf->Confounder));
- arcfour_crypt(verf->Confounder, sealing_key, 8);
-
- dump_data_pw("verf->Confounder_enc:\n", verf->Confounder, sizeof(verf->Confounder));
-
- /* encode the packet payload */
- dump_data_pw("data:\n", (const unsigned char *)data, data_len);
- arcfour_crypt((unsigned char *)data, sealing_key, data_len);
- dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len);
- }
-
- /* encode the sequence number (key based on packet digest) */
- /* needs to be done after the sealing, as the original version
- is used in the sealing stuff... */
- schannel_deal_with_seq_num(a, verf);
-
- return;
-}
-
-/*******************************************************************
- Decode a blob of data using the schannel alogrithm, also verifiying
- a checksum over the original data. We currently can verify signed messages,
- as well as decode sealed messages
- ********************************************************************/
-
-bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
- enum schannel_direction direction,
- struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
-{
- uchar digest_final[16];
-
- static const uchar schannel_seal_sig[8] = SCHANNEL_SEAL_SIGNATURE;
- static const uchar schannel_sign_sig[8] = SCHANNEL_SIGN_SIGNATURE;
- const uchar *schannel_sig = NULL;
-
- uchar seq_num[8];
-
- DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
-
- if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- schannel_sig = schannel_seal_sig;
- } else {
- schannel_sig = schannel_sign_sig;
- }
-
- /* Create the expected sequence number for comparison */
- RSIVAL(seq_num, 0, a->seq_num);
-
- switch (direction) {
- case SENDER_IS_INITIATOR:
- SIVAL(seq_num, 4, 0x80);
- break;
- case SENDER_IS_ACCEPTOR:
- SIVAL(seq_num, 4, 0x0);
- break;
- }
-
- DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
- dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key));
-
- dump_data_pw("seq_num:\n", seq_num, sizeof(seq_num));
-
- /* extract the sequence number (key based on supplied packet digest) */
- /* needs to be done before the sealing, as the original version
- is used in the sealing stuff... */
- schannel_deal_with_seq_num(a, verf);
-
- if (memcmp(verf->SequenceNumber, seq_num, sizeof(seq_num))) {
- /* don't even bother with the below if the sequence number is out */
- /* The sequence number is MD5'ed with a key based on the whole-packet
- digest, as supplied by the client. We check that it's a valid
- checksum after the decode, below
- */
- DEBUG(2, ("schannel_decode: FAILED: packet sequence number:\n"));
- dump_data(2, verf->SequenceNumber, sizeof(verf->SequenceNumber));
- DEBUG(2, ("should be:\n"));
- dump_data(2, seq_num, sizeof(seq_num));
-
- return False;
- }
-
- if (memcmp(&verf->SignatureAlgorithm, &schannel_sig[0], 2) ||
- memcmp(&verf->SealAlgorithm, &schannel_sig[2], 2) ||
- memcmp(&verf->Pad, &schannel_sig[4], 2) ||
- memcmp(&verf->Flags, &schannel_sig[6], 2)) {
- /* Validate that the other end sent the expected header */
- DEBUG(2, ("schannel_decode: FAILED: packet header:\n"));
- dump_data(2, (const uint8_t *)verf, sizeof(schannel_sig));
- DEBUG(2, ("should be:\n"));
- dump_data(2, schannel_sig, sizeof(schannel_sig));
- return False;
- }
-
- if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- uchar sealing_key[16];
-
- /* get the key to extract the data with */
- schannel_get_sealing_key(a, verf, sealing_key);
-
- /* extract the verification data */
- dump_data_pw("verf->Confounder:\n", verf->Confounder,
- sizeof(verf->Confounder));
- arcfour_crypt(verf->Confounder, sealing_key, 8);
-
- dump_data_pw("verf->Confounder_dec:\n", verf->Confounder,
- sizeof(verf->Confounder));
-
- /* extract the packet payload */
- dump_data_pw("data :\n", (const unsigned char *)data, data_len);
- arcfour_crypt((unsigned char *)data, sealing_key, data_len);
- dump_data_pw("datadec:\n", (const unsigned char *)data, data_len);
- }
-
- /* digest includes 'data' after unsealing */
- schannel_digest(a, auth_level, verf, data, data_len, digest_final);
-
- dump_data_pw("Calculated digest:\n", digest_final,
- sizeof(digest_final));
- dump_data_pw("verf->Checksum:\n", verf->Checksum,
- sizeof(verf->Checksum));
-
- /* compare - if the client got the same result as us, then
- it must know the session key */
- return (memcmp(digest_final, verf->Checksum,
- sizeof(verf->Checksum)) == 0);
-}
-
/*******************************************************************
creates a new prs_struct containing a DATA_BLOB
********************************************************************/
git.samba.org / samba.git / commitdiff