r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for correct...
[kai/samba.git] / source / auth / ntlmssp / ntlmssp_sign.c
1 /* 
2  *  Unix SMB/CIFS implementation.
3  *  Version 3.0
4  *  NTLMSSP Signing routines
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-2001
6  *  Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2005
7  *  
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *  
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *  
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software Foundation,
20  *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21  */
22
23 #include "includes.h"
24 #include "auth/auth.h"
25 #include "auth/ntlmssp/ntlmssp.h"
26 #include "auth/ntlmssp/msrpc_parse.h"
27 #include "lib/crypto/crypto.h"
28
29 #define CLI_SIGN "session key to client-to-server signing key magic constant"
30 #define CLI_SEAL "session key to client-to-server sealing key magic constant"
31 #define SRV_SIGN "session key to server-to-client signing key magic constant"
32 #define SRV_SEAL "session key to server-to-client sealing key magic constant"
33
34 /**
35  * Some notes on the NTLM2 code:
36  *
37  * NTLM2 is a AEAD system.  This means that the data encrypted is not
38  * all the data that is signed.  In DCE-RPC case, the headers of the
39  * DCE-RPC packets are also signed.  This prevents some of the
40  * fun-and-games one might have by changing them.
41  *
42  */
43
44 static void calc_ntlmv2_key(TALLOC_CTX *mem_ctx, 
45                             DATA_BLOB *subkey,
46                             DATA_BLOB session_key, 
47                             const char *constant)
48 {
49         struct MD5Context ctx3;
50         *subkey = data_blob_talloc(mem_ctx, NULL, 16);
51         MD5Init(&ctx3);
52         MD5Update(&ctx3, session_key.data, session_key.length);
53         MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
54         MD5Final(subkey->data, &ctx3);
55 }
56
57 enum ntlmssp_direction {
58         NTLMSSP_SEND,
59         NTLMSSP_RECEIVE
60 };
61
62 static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
63                                               TALLOC_CTX *sig_mem_ctx, 
64                                               const uint8_t *data, size_t length, 
65                                               const uint8_t *whole_pdu, size_t pdu_length, 
66                                               enum ntlmssp_direction direction,
67                                               DATA_BLOB *sig, BOOL encrypt_sig)
68 {
69         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
70
71                 HMACMD5Context ctx;
72                 uint8_t digest[16];
73                 uint8_t seq_num[4];
74
75                 *sig = data_blob_talloc(sig_mem_ctx, NULL, NTLMSSP_SIG_SIZE);
76                 if (!sig->data) {
77                         return NT_STATUS_NO_MEMORY;
78                 }
79                         
80                 switch (direction) {
81                 case NTLMSSP_SEND:
82                         SIVAL(seq_num, 0, gensec_ntlmssp_state->crypt.ntlm2.send_seq_num);
83                         gensec_ntlmssp_state->crypt.ntlm2.send_seq_num++;
84                         hmac_md5_init_limK_to_64(gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.data, 
85                                                  gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.length, &ctx);
86                         break;
87                 case NTLMSSP_RECEIVE:
88                         SIVAL(seq_num, 0, gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num);
89                         gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num++;
90                         hmac_md5_init_limK_to_64(gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.data, 
91                                                  gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.length, &ctx);
92                         break;
93                 }
94                 hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
95                 hmac_md5_update(whole_pdu, pdu_length, &ctx);
96                 hmac_md5_final(digest, &ctx);
97
98                 if (encrypt_sig && gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
99                         switch (direction) {
100                         case NTLMSSP_SEND:
101                                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, digest, 8);
102                                 break;
103                         case NTLMSSP_RECEIVE:
104                                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, digest, 8);
105                                 break;
106                         }
107                 }
108
109                 SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION);
110                 memcpy(sig->data + 4, digest, 8);
111                 memcpy(sig->data + 12, seq_num, 4);
112
113         } else {
114                 uint32_t crc;
115                 crc = crc32_calc_buffer(data, length);
116                 if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->crypt.ntlm.seq_num)) {
117                         return NT_STATUS_NO_MEMORY;
118                 }
119                 gensec_ntlmssp_state->crypt.ntlm.seq_num++;
120
121                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
122         }
123         dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length);
124         return NT_STATUS_OK;
125 }
126
127 /* TODO: make this non-public */
128 _PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, 
129                                     TALLOC_CTX *sig_mem_ctx, 
130                                     const uint8_t *data, size_t length, 
131                                     const uint8_t *whole_pdu, size_t pdu_length, 
132                                     DATA_BLOB *sig)
133 {
134         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
135
136         return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
137                                              data, length, 
138                                              whole_pdu, pdu_length, 
139                                              NTLMSSP_SEND, sig, True);
140 }
141
142 /**
143  * Check the signature of an incoming packet 
144  *
145  */
146
147 NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, 
148                                      TALLOC_CTX *sig_mem_ctx, 
149                                      const uint8_t *data, size_t length, 
150                                      const uint8_t *whole_pdu, size_t pdu_length, 
151                                      const DATA_BLOB *sig)
152 {
153         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
154
155         DATA_BLOB local_sig;
156         NTSTATUS nt_status;
157
158         if (!gensec_ntlmssp_state->session_key.length) {
159                 DEBUG(3, ("NO session key, cannot check packet signature\n"));
160                 return NT_STATUS_NO_USER_SESSION_KEY;
161         }
162
163         if (sig->length < 8) {
164                 DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
165                           (unsigned long)sig->length));
166         }
167
168         nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
169                                                   data, length, 
170                                                   whole_pdu, pdu_length, 
171                                                   NTLMSSP_RECEIVE, &local_sig, True);
172         
173         if (!NT_STATUS_IS_OK(nt_status)) {
174                 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
175                 return nt_status;
176         }
177
178         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
179                 if (local_sig.length != sig->length ||
180                     memcmp(local_sig.data, 
181                            sig->data, sig->length) != 0) {
182                         DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n"));
183                         dump_data(5, local_sig.data, local_sig.length);
184                         
185                         DEBUG(5, ("BAD SIG: got signature of\n"));
186                         dump_data(5, sig->data, sig->length);
187                         
188                         DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature!\n"));
189                         return NT_STATUS_ACCESS_DENIED;
190                 }
191         } else {
192                 if (local_sig.length != sig->length ||
193                     memcmp(local_sig.data + 8, 
194                            sig->data + 8, sig->length - 8) != 0) {
195                         DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n"));
196                         dump_data(5, local_sig.data, local_sig.length);
197                         
198                         DEBUG(5, ("BAD SIG: got signature of\n"));
199                         dump_data(5, sig->data, sig->length);
200                         
201                         DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature!\n"));
202                         return NT_STATUS_ACCESS_DENIED;
203                 }
204         }
205         dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
206
207         return NT_STATUS_OK;
208 }
209
210
211 /**
212  * Seal data with the NTLMSSP algorithm
213  *
214  */
215
216 NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, 
217                                     TALLOC_CTX *sig_mem_ctx, 
218                                     uint8_t *data, size_t length, 
219                                     const uint8_t *whole_pdu, size_t pdu_length, 
220                                     DATA_BLOB *sig)
221 {
222         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
223         NTSTATUS nt_status;
224         if (!gensec_ntlmssp_state->session_key.length) {
225                 DEBUG(3, ("NO session key, cannot seal packet\n"));
226                 return NT_STATUS_NO_USER_SESSION_KEY;
227         }
228
229         DEBUG(10,("ntlmssp_seal_data: seal\n"));
230         dump_data_pw("ntlmssp clear data\n", data, length);
231         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
232                 /* The order of these two operations matters - we must first seal the packet,
233                    then seal the sequence number - this is becouse the send_seal_hash is not
234                    constant, but is is rather updated with each iteration */
235                 nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
236                                                           data, length, 
237                                                           whole_pdu, pdu_length, 
238                                                           NTLMSSP_SEND, sig, False);
239                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length);
240                 if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
241                         arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8);
242                 }
243         } else {
244                 uint32_t crc;
245                 crc = crc32_calc_buffer(data, length);
246                 if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->crypt.ntlm.seq_num)) {
247                         return NT_STATUS_NO_MEMORY;
248                 }
249
250                 /* The order of these two operations matters - we must
251                    first seal the packet, then seal the sequence
252                    number - this is becouse the ntlmssp_hash is not
253                    constant, but is is rather updated with each
254                    iteration */
255
256                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
257                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
258                 /* increment counter on send */
259                 gensec_ntlmssp_state->crypt.ntlm.seq_num++;
260                 nt_status = NT_STATUS_OK;
261         }
262         dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
263         dump_data_pw("ntlmssp sealed data\n", data, length);
264
265
266         return nt_status;
267 }
268
269 /**
270  * Unseal data with the NTLMSSP algorithm
271  *
272  */
273
274 /*
275   wrappers for the ntlmssp_*() functions
276 */
277 NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, 
278                                       TALLOC_CTX *sig_mem_ctx, 
279                                       uint8_t *data, size_t length, 
280                                       const uint8_t *whole_pdu, size_t pdu_length, 
281                                       const DATA_BLOB *sig)
282 {
283         struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
284         if (!gensec_ntlmssp_state->session_key.length) {
285                 DEBUG(3, ("NO session key, cannot unseal packet\n"));
286                 return NT_STATUS_NO_USER_SESSION_KEY;
287         }
288
289         dump_data_pw("ntlmssp sealed data\n", data, length);
290         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
291                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, data, length);
292         } else {
293                 arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
294         }
295         dump_data_pw("ntlmssp clear data\n", data, length);
296         return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
297 }
298
299 /**
300    Initialise the state for NTLMSSP signing.
301 */
302 /* TODO: make this non-public */
303 _PUBLIC_ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
304 {
305         TALLOC_CTX *mem_ctx = talloc_new(gensec_ntlmssp_state);
306
307         if (!mem_ctx) {
308                 return NT_STATUS_NO_MEMORY;
309         }
310
311         DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
312         debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
313
314         if (gensec_ntlmssp_state->session_key.length < 8) {
315                 talloc_free(mem_ctx);
316                 DEBUG(3, ("NO session key, cannot intialise signing\n"));
317                 return NT_STATUS_NO_USER_SESSION_KEY;
318         }
319
320         if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
321         {
322                 DATA_BLOB weak_session_key = gensec_ntlmssp_state->session_key;
323                 const char *send_sign_const;
324                 const char *send_seal_const;
325                 const char *recv_sign_const;
326                 const char *recv_seal_const;
327
328                 DATA_BLOB send_seal_key;
329                 DATA_BLOB recv_seal_key;
330
331                 switch (gensec_ntlmssp_state->role) {
332                 case NTLMSSP_CLIENT:
333                         send_sign_const = CLI_SIGN;
334                         send_seal_const = CLI_SEAL;
335                         recv_sign_const = SRV_SIGN;
336                         recv_seal_const = SRV_SEAL;
337                         break;
338                 case NTLMSSP_SERVER:
339                         send_sign_const = SRV_SIGN;
340                         send_seal_const = SRV_SEAL;
341                         recv_sign_const = CLI_SIGN;
342                         recv_seal_const = CLI_SEAL;
343                         break;
344                 default:
345                         talloc_free(mem_ctx);
346                         return NT_STATUS_INTERNAL_ERROR;
347                 }
348                 
349                 gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
350                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state);
351                 gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
352                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state);
353
354                 /**
355                    Weaken NTLMSSP keys to cope with down-level
356                    clients, servers and export restrictions.
357                    
358                    We probably should have some parameters to control
359                    this, once we get NTLM2 working.
360                 */
361
362                 /* Key weakening was not performed on the master key
363                  * for NTLM2 (in ntlmssp_weaken_keys()), but must be
364                  * done on the encryption subkeys only.  That is why
365                  * we don't have this code for the ntlmv1 case.
366                  */
367
368                 if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
369                         
370                 } else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
371                         weak_session_key.length = 7;
372                 } else { /* forty bits */
373                         weak_session_key.length = 5;
374                 }
375                 dump_data_pw("NTLMSSP weakend master key:\n",
376                              weak_session_key.data, 
377                              weak_session_key.length);
378
379                 /* SEND: sign key */
380                 calc_ntlmv2_key(gensec_ntlmssp_state, 
381                                 &gensec_ntlmssp_state->crypt.ntlm2.send_sign_key, 
382                                 gensec_ntlmssp_state->session_key, send_sign_const);
383                 dump_data_pw("NTLMSSP send sign key:\n",
384                              gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.data, 
385                              gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.length);
386                 
387                 /* SEND: seal ARCFOUR pad */
388                 calc_ntlmv2_key(mem_ctx, 
389                                 &send_seal_key, 
390                                 weak_session_key, send_seal_const);
391                 dump_data_pw("NTLMSSP send seal key:\n",
392                              send_seal_key.data, 
393                              send_seal_key.length);
394                 arcfour_init(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, 
395                              &send_seal_key);
396                 dump_data_pw("NTLMSSP send sesl hash:\n", 
397                              gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state->sbox, 
398                              sizeof(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state->sbox));
399
400                 /* RECV: sign key */
401                 calc_ntlmv2_key(gensec_ntlmssp_state, 
402                                 &gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key, 
403                                 gensec_ntlmssp_state->session_key, recv_sign_const);
404                 dump_data_pw("NTLMSSP recv sign key:\n",
405                              gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.data, 
406                              gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.length);
407
408                 /* RECV: seal ARCFOUR pad */
409                 calc_ntlmv2_key(mem_ctx, 
410                                 &recv_seal_key, 
411                                 weak_session_key, recv_seal_const);
412                 dump_data_pw("NTLMSSP recv seal key:\n",
413                              recv_seal_key.data, 
414                              recv_seal_key.length);
415                 arcfour_init(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, 
416                              &recv_seal_key);
417                 dump_data_pw("NTLMSSP receive seal hash:\n", 
418                              gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state->sbox, 
419                              sizeof(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state->sbox));
420
421                 gensec_ntlmssp_state->crypt.ntlm2.send_seq_num = 0;
422                 gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num = 0;
423
424         } else {
425                 DATA_BLOB weak_session_key = ntlmssp_weakend_key(gensec_ntlmssp_state, mem_ctx);
426                 DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
427
428                 gensec_ntlmssp_state->crypt.ntlm.arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
429                 NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm.arcfour_state);
430
431                 arcfour_init(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, 
432                              &weak_session_key);
433                 dump_data_pw("NTLMSSP hash:\n", gensec_ntlmssp_state->crypt.ntlm.arcfour_state->sbox,
434                              sizeof(gensec_ntlmssp_state->crypt.ntlm.arcfour_state->sbox));
435
436                 gensec_ntlmssp_state->crypt.ntlm.seq_num = 0;
437         }
438
439         talloc_free(mem_ctx);
440         return NT_STATUS_OK;
441 }
442
443 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
444 {
445         return NTLMSSP_SIG_SIZE;
446 }
447
448 NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, 
449                              TALLOC_CTX *sig_mem_ctx, 
450                              const DATA_BLOB *in, 
451                              DATA_BLOB *out)
452 {
453         DATA_BLOB sig;
454         NTSTATUS nt_status;
455
456         if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
457
458                 *out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
459                 memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
460                 
461                 nt_status = gensec_ntlmssp_seal_packet(gensec_security, sig_mem_ctx, 
462                                                        out->data + NTLMSSP_SIG_SIZE, 
463                                                        out->length - NTLMSSP_SIG_SIZE, 
464                                                        out->data + NTLMSSP_SIG_SIZE, 
465                                                        out->length - NTLMSSP_SIG_SIZE, 
466                                                        &sig);
467                 
468                 if (NT_STATUS_IS_OK(nt_status)) {
469                         memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
470                 }
471                 return nt_status;
472
473         } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
474
475                 *out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
476                 memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
477
478                 nt_status = gensec_ntlmssp_sign_packet(gensec_security, sig_mem_ctx, 
479                                                        out->data + NTLMSSP_SIG_SIZE, 
480                                                        out->length - NTLMSSP_SIG_SIZE, 
481                                                        out->data + NTLMSSP_SIG_SIZE, 
482                                                        out->length - NTLMSSP_SIG_SIZE, 
483                                                        &sig);
484
485                 if (NT_STATUS_IS_OK(nt_status)) {
486                         memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
487                 }
488                 return nt_status;
489
490         } else {
491                 *out = *in;
492                 return NT_STATUS_OK;
493         }
494 }
495
496
497 NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, 
498                                TALLOC_CTX *sig_mem_ctx, 
499                                const DATA_BLOB *in, 
500                                DATA_BLOB *out)
501 {
502         DATA_BLOB sig;
503
504         if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
505                 if (in->length < NTLMSSP_SIG_SIZE) {
506                         return NT_STATUS_INVALID_PARAMETER;
507                 }
508                 sig.data = in->data;
509                 sig.length = NTLMSSP_SIG_SIZE;
510
511                 *out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
512                 
513                 return gensec_ntlmssp_unseal_packet(gensec_security, sig_mem_ctx, 
514                                                     out->data, out->length, 
515                                                     out->data, out->length, 
516                                                     &sig);
517                                                   
518         } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
519                 if (in->length < NTLMSSP_SIG_SIZE) {
520                         return NT_STATUS_INVALID_PARAMETER;
521                 }
522                 sig.data = in->data;
523                 sig.length = NTLMSSP_SIG_SIZE;
524
525                 *out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
526                 
527                 return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, 
528                                                    out->data, out->length, 
529                                                    out->data, out->length, 
530                                                    &sig);
531         } else {
532                 *out = *in;
533                 return NT_STATUS_OK;
534         }
535 }
536