source/libcli/raw/smb_signing.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB Signing Code
   4    Copyright (C) Jeremy Allison 2002.
   5    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   6    Copyright (C) James J Myers <myersjj@samba.org> 2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "libcli/raw/libcliraw.h"
  25 #include "lib/crypto/crypto.h"
  26
  27 /***********************************************************
  28  SMB signing - Common code before we set a new signing implementation
  29 ************************************************************/
  30 BOOL set_smb_signing_common(struct smb_signing_context *sign_info)
  31 {
  32         if (sign_info->doing_signing) {
  33                 DEBUG(5, ("SMB Signing already in progress, so we don't start it again\n"));
  34                 return False;
  35         }
  36
  37         if (!sign_info->allow_smb_signing) {
  38                 DEBUG(5, ("SMB Signing has been locally disabled\n"));
  39                 return False;
  40         }
  41
  42         return True;
  43 }
  44
  45 /***********************************************************
  46  SMB signing - Common code before we set a new signing implementation
  47 ************************************************************/
  48 static BOOL smbcli_set_smb_signing_common(struct smbcli_transport *transport)
  49 {
  50         if (!set_smb_signing_common(&transport->negotiate.sign_info)) {
  51                 return False;
  52         }
  53
  54         if (!(transport->negotiate.sec_mode &
  55               (NEGOTIATE_SECURITY_SIGNATURES_REQUIRED|NEGOTIATE_SECURITY_SIGNATURES_ENABLED))) {
  56                 DEBUG(5, ("SMB Signing is not negotiated by the peer\n"));
  57                 return False;
  58         }
  59
  60         /* These calls are INCOMPATIBLE with SMB signing */
  61         transport->negotiate.readbraw_supported = False;
  62         transport->negotiate.writebraw_supported = False;
  63
  64         return True;
  65 }
  66
  67 void mark_packet_signed(struct request_buffer *out)
  68 {
  69         uint16_t flags2;
  70         flags2 = SVAL(out->hdr, HDR_FLG2);
  71         flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
  72         SSVAL(out->hdr, HDR_FLG2, flags2);
  73 }
  74
  75 BOOL signing_good(struct smb_signing_context *sign_info,
  76                          unsigned int seq, BOOL good)
  77 {
  78         if (good) {
  79                 if (!sign_info->doing_signing) {
  80                         DEBUG(5, ("Seen valid packet, so turning signing on\n"));
  81                         sign_info->doing_signing = True;
  82                 }
  83                 if (!sign_info->seen_valid) {
  84                         DEBUG(5, ("Seen valid packet, so marking signing as 'seen valid'\n"));
  85                         sign_info->seen_valid = True;
  86                 }
  87         } else {
  88                 if (!sign_info->seen_valid) {
  89                         /* If we have never seen a good packet, just turn it off */
  90                         DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
  91                                   "isn't sending correct signatures. Turning off.\n"));
  92                         smbcli_set_signing_off(sign_info);
  93                         return True;
  94                 } else {
  95                         /* bad packet after signing started - fail and disconnect. */
  96                         DEBUG(0, ("signing_good: BAD SIG: seq %u\n", seq));
  97                         return False;
  98                 }
  99         }
 100         return True;
 101 }
 102
 103 void sign_outgoing_message(struct request_buffer *out, DATA_BLOB *mac_key, uint_t seq_num)
 104 {
 105         uint8_t calc_md5_mac[16];
 106         struct MD5Context md5_ctx;
 107         unsigned char key_buf[16];
 108
 109         /*
 110          * Firstly put the sequence number into the first 4 bytes.
 111          * and zero out the next 4 bytes.
 112          */
 113         SIVAL(out->hdr, HDR_SS_FIELD, seq_num);
 114         SIVAL(out->hdr, HDR_SS_FIELD + 4, 0);
 115
 116         /* mark the packet as signed - BEFORE we sign it...*/
 117         mark_packet_signed(out);
 118
 119         /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 120         MD5Init(&md5_ctx);
 121
 122         /* NB. When making and verifying SMB signatures, Windows apparently
 123                 zero-pads the key to 128 bits if it isn't long enough.
 124                 From Nalin Dahyabhai <nalin@redhat.com> */
 125         MD5Update(&md5_ctx, mac_key->data, mac_key->length);
 126         if (mac_key->length < sizeof(key_buf)) {
 127                 memset(key_buf, 0, sizeof(key_buf));
 128                 MD5Update(&md5_ctx, key_buf, sizeof(key_buf) - mac_key->length);
 129         }
 130         MD5Update(&md5_ctx,
 131                   out->buffer + NBT_HDR_SIZE,
 132                   out->size - NBT_HDR_SIZE);
 133         MD5Final(calc_md5_mac, &md5_ctx);
 134
 135         memcpy(&out->hdr[HDR_SS_FIELD], calc_md5_mac, 8);
 136
 137         DEBUG(5, ("sign_outgoing_message: SENT SIG (seq: %d): sent SMB signature of\n",
 138                   seq_num));
 139         dump_data(5, calc_md5_mac, 8);
 140 /*      req->out.hdr[HDR_SS_FIELD+2]=0;
 141         Uncomment this to test if the remote server actually verifies signitures...*/
 142 }
 143
 144 BOOL check_signed_incoming_message(struct request_buffer *in, DATA_BLOB *mac_key, uint_t seq_num)
 145 {
 146         BOOL good;
 147         uint8_t calc_md5_mac[16];
 148         uint8_t *server_sent_mac;
 149         uint8_t sequence_buf[8];
 150         struct MD5Context md5_ctx;
 151         const size_t offset_end_of_sig = (HDR_SS_FIELD + 8);
 152         int i;
 153         const int sign_range = 0;
 154
 155         /* room enough for the signature? */
 156         if (in->size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) {
 157                 return False;
 158         }
 159
 160         if (!mac_key->length) {
 161                 /* NO key yet */
 162                 return False;
 163         }
 164
 165         /* its quite bogus to be guessing sequence numbers, but very useful
 166            when debugging signing implementations */
 167         for (i = 0-sign_range; i <= 0+sign_range; i++) {
 168                 /*
 169                  * Firstly put the sequence number into the first 4 bytes.
 170                  * and zero out the next 4 bytes.
 171                  */
 172                 SIVAL(sequence_buf, 0, seq_num + i);
 173                 SIVAL(sequence_buf, 4, 0);
 174
 175                 /* get a copy of the server-sent mac */
 176                 server_sent_mac = &in->hdr[HDR_SS_FIELD];
 177
 178                 /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 179                 MD5Init(&md5_ctx);
 180                 MD5Update(&md5_ctx, mac_key->data,
 181                           mac_key->length);
 182                 MD5Update(&md5_ctx, in->hdr, HDR_SS_FIELD);
 183                 MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf));
 184
 185                 MD5Update(&md5_ctx, in->hdr + offset_end_of_sig,
 186                           in->size - NBT_HDR_SIZE - (offset_end_of_sig));
 187                 MD5Final(calc_md5_mac, &md5_ctx);
 188
 189                 good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
 190
 191                 if (i == 0) {
 192                         if (!good) {
 193                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
 194                                 dump_data(5, calc_md5_mac, 8);
 195
 196                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 197                                 dump_data(5, server_sent_mac, 8);
 198                         } else {
 199                                 DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 200                                 dump_data(5, server_sent_mac, 8);
 201                         }
 202                 }
 203
 204                 if (good) break;
 205         }
 206
 207         if (good && i != 0) {
 208                 DEBUG(0,("SIGNING OFFSET %d (should be %d)\n", i, seq_num));
 209         }
 210
 211         return good;
 212 }
 213
 214 static void smbcli_req_allocate_seq_num(struct smbcli_request *req)
 215 {
 216         req->seq_num = req->transport->negotiate.sign_info.next_seq_num;
 217
 218         /* some requests (eg. NTcancel) are one way, and the sequence number
 219            should be increased by 1 not 2 */
 220         if (req->sign_single_increment) {
 221                 req->transport->negotiate.sign_info.next_seq_num += 1;
 222         } else {
 223                 req->transport->negotiate.sign_info.next_seq_num += 2;
 224         }
 225 }
 226
 227 /***********************************************************
 228  SMB signing - Simple implementation - calculate a MAC to send.
 229 ************************************************************/
 230 void smbcli_request_calculate_sign_mac(struct smbcli_request *req)
 231 {
 232 #if 0
 233         /* enable this when packet signing is preventing you working out why valgrind
 234            says that data is uninitialised */
 235         file_save("pkt.dat", req->out.buffer, req->out.size);
 236 #endif
 237
 238         switch (req->transport->negotiate.sign_info.signing_state) {
 239         case SMB_SIGNING_ENGINE_OFF:
 240                 break;
 241
 242         case SMB_SIGNING_ENGINE_BSRSPYL:
 243                 /* mark the packet as signed - BEFORE we sign it...*/
 244                 mark_packet_signed(&req->out);
 245
 246                 /* I wonder what BSRSPYL stands for - but this is what MS
 247                    actually sends! */
 248                 memcpy((req->out.hdr + HDR_SS_FIELD), "BSRSPYL ", 8);
 249                 break;
 250
 251         case SMB_SIGNING_ENGINE_ON:
 252
 253                 smbcli_req_allocate_seq_num(req);
 254                 sign_outgoing_message(&req->out,
 255                                       &req->transport->negotiate.sign_info.mac_key,
 256                                       req->seq_num);
 257                 break;
 258         }
 259         return;
 260 }
 261
 262
 263 /**
 264  SMB signing - NULL implementation
 265
 266  @note Used as an initialisation only - it will not correctly
 267        shut down a real signing mechanism
 268 */
 269 BOOL smbcli_set_signing_off(struct smb_signing_context *sign_info)
 270 {
 271         DEBUG(5, ("Shutdown SMB signing\n"));
 272         sign_info->doing_signing = False;
 273         sign_info->next_seq_num = 0;
 274         data_blob_free(&sign_info->mac_key);
 275         sign_info->signing_state = SMB_SIGNING_ENGINE_OFF;
 276         return True;
 277 }
 278
 279 /**
 280  SMB signing - TEMP implementation - setup the MAC key.
 281
 282 */
 283 BOOL smbcli_temp_set_signing(struct smbcli_transport *transport)
 284 {
 285         if (!smbcli_set_smb_signing_common(transport)) {
 286                 return False;
 287         }
 288         DEBUG(5, ("BSRSPYL SMB signing enabled\n"));
 289         smbcli_set_signing_off(&transport->negotiate.sign_info);
 290
 291         transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
 292         transport->negotiate.sign_info.signing_state = SMB_SIGNING_ENGINE_BSRSPYL;
 293
 294         return True;
 295 }
 296
 297 /***********************************************************
 298  SMB signing - Simple implementation - check a MAC sent by server.
 299 ************************************************************/
 300 /**
 301  * Check a packet supplied by the server.
 302  * @return False if we had an established signing connection
 303  *         which had a back checksum, True otherwise
 304  */
 305 BOOL smbcli_request_check_sign_mac(struct smbcli_request *req)
 306 {
 307         BOOL good;
 308
 309         switch (req->transport->negotiate.sign_info.signing_state)
 310         {
 311         case SMB_SIGNING_ENGINE_OFF:
 312                 return True;
 313         case SMB_SIGNING_ENGINE_BSRSPYL:
 314         case SMB_SIGNING_ENGINE_ON:
 315         {
 316                 if (req->in.size < (HDR_SS_FIELD + 8)) {
 317                         return False;
 318                 } else {
 319                         good = check_signed_incoming_message(&req->in,
 320                                                              &req->transport->negotiate.sign_info.mac_key,
 321                                                              req->seq_num+1);
 322
 323                         return signing_good(&req->transport->negotiate.sign_info,
 324                                             req->seq_num+1, good);
 325                 }
 326         }
 327         }
 328         return False;
 329 }
 330
 331
 332 /***********************************************************
 333  SMB signing - Simple implementation - setup the MAC key.
 334 ************************************************************/
 335 BOOL smbcli_simple_set_signing(TALLOC_CTX *mem_ctx,
 336                                struct smb_signing_context *sign_info,
 337                                const DATA_BLOB *user_session_key,
 338                                const DATA_BLOB *response)
 339 {
 340         if (sign_info->mandatory_signing) {
 341                 DEBUG(5, ("Mandatory SMB signing enabled!\n"));
 342         }
 343
 344         DEBUG(5, ("SMB signing enabled!\n"));
 345
 346         if (response && response->length) {
 347                 sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, response->length + user_session_key->length);
 348         } else {
 349                 sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, user_session_key->length);
 350         }
 351
 352         memcpy(&sign_info->mac_key.data[0], user_session_key->data, user_session_key->length);
 353
 354         if (response && response->length) {
 355                 memcpy(&sign_info->mac_key.data[user_session_key->length],response->data, response->length);
 356         }
 357
 358         dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length);
 359
 360         /* Initialise the sequence number */
 361         sign_info->next_seq_num = 0;
 362
 363         sign_info->signing_state = SMB_SIGNING_ENGINE_ON;
 364
 365         return True;
 366 }
 367
 368
 369 /***********************************************************
 370  SMB signing - Simple implementation - setup the MAC key.
 371 ************************************************************/
 372 BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
 373                                          const DATA_BLOB user_session_key,
 374                                          const DATA_BLOB response)
 375 {
 376         if (!smbcli_set_smb_signing_common(transport)) {
 377                 return False;
 378         }
 379
 380         return smbcli_simple_set_signing(transport,
 381                                          &transport->negotiate.sign_info,
 382                                          &user_session_key,
 383                                          &response);
 384 }
 385
 386
 387 BOOL smbcli_init_signing(struct smbcli_transport *transport)
 388 {
 389         transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
 390         if (!smbcli_set_signing_off(&transport->negotiate.sign_info)) {
 391                 return False;
 392         }
 393
 394         switch (lp_client_signing()) {
 395         case SMB_SIGNING_OFF:
 396                 transport->negotiate.sign_info.allow_smb_signing = False;
 397                 break;
 398         case SMB_SIGNING_SUPPORTED:
 399         case SMB_SIGNING_AUTO:
 400                 transport->negotiate.sign_info.allow_smb_signing = True;
 401                 break;
 402         case SMB_SIGNING_REQUIRED:
 403                 transport->negotiate.sign_info.allow_smb_signing = True;
 404                 transport->negotiate.sign_info.mandatory_signing = True;
 405                 break;
 406         }
 407         return True;
 408 }