xref: /titanic_41/usr/src/lib/libsmbfs/smb/signing.c (revision 0bc07884d74faf3093bc1ed2c66a29745a0d5604) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * Signing support, using libmd
29  */
30 
31 #include <errno.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <strings.h>
36 
37 #include <sys/types.h>
38 #include <sys/md5.h>
39 
40 #include <netsmb/mchain.h>
41 #include <netsmb/smb.h>
42 #include <netsmb/smb_lib.h>
43 
44 #include "private.h"
45 
46 #define	SMBSIGOFF	14	/* SMB signature offset */
47 #define	SMBSIGLEN	8	/* SMB signature length */
48 
49 /*
50  * Set this to a small number to debug sequence numbers
51  * that seem to get out of step.
52  */
53 #ifdef DEBUG
54 int nsmb_signing_fudge = 4;
55 #endif
56 
57 /*
58  * Compute MD5 digest of packet data, using the stored MAC key.
59  *
60  * See similar code in the driver:
61  *	uts/common/fs/smbclnt/netsmb/smb_signing.c
62  * and on the server side:
63  *	uts/common/fs/smbsrv/smb_signing.c
64  */
65 static int
66 smb_compute_MAC(struct smb_ctx *ctx, mbuf_t *m,
67 	uint32_t seqno, uchar_t *signature)
68 {
69 	MD5_CTX md5;
70 	uchar_t digest[MD5_DIGEST_LENGTH];
71 
72 	/*
73 	 * This union is a little bit of trickery to:
74 	 * (1) get the sequence number int aligned, and
75 	 * (2) reduce the number of digest calls, at the
76 	 * cost of a copying 32 bytes instead of 8.
77 	 * Both sides of this union are 2+32 bytes.
78 	 */
79 	union {
80 		struct {
81 			uint8_t skip[2]; /* not used - just alignment */
82 			uint8_t raw[SMB_HDRLEN];  /* header length (32) */
83 		} r;
84 		struct {
85 			uint8_t skip[2]; /* not used - just alignment */
86 			uint8_t hdr[SMBSIGOFF]; /* sig. offset (14) */
87 			uint32_t sig[2]; /* MAC signature, aligned! */
88 			uint16_t ids[5]; /* pad, Tid, Pid, Uid, Mid */
89 		} s;
90 	} smbhdr;
91 
92 	if (m->m_len < SMB_HDRLEN)
93 		return (EIO);
94 	if (ctx->ct_mackey == NULL)
95 		return (EINVAL);
96 
97 	/*
98 	 * Make an aligned copy of the SMB header
99 	 * and fill in the sequence number.
100 	 */
101 	bcopy(m->m_data, smbhdr.r.raw, SMB_HDRLEN);
102 	smbhdr.s.sig[0] = htolel(seqno);
103 	smbhdr.s.sig[1] = 0;
104 
105 	/*
106 	 * Compute the MAC: MD5(concat(Key, message))
107 	 */
108 	MD5Init(&md5);
109 
110 	/* Digest the MAC Key */
111 	MD5Update(&md5, ctx->ct_mackey, ctx->ct_mackeylen);
112 
113 	/* Digest the (copied) SMB header */
114 	MD5Update(&md5, smbhdr.r.raw, SMB_HDRLEN);
115 
116 	/* Digest the rest of the first mbuf */
117 	if (m->m_len > SMB_HDRLEN) {
118 		MD5Update(&md5, m->m_data + SMB_HDRLEN,
119 		    m->m_len - SMB_HDRLEN);
120 	}
121 	m = m->m_next;
122 
123 	/* Digest rest of the SMB message. */
124 	while (m) {
125 		MD5Update(&md5, m->m_data, m->m_len);
126 		m = m->m_next;
127 	}
128 
129 	/* Final */
130 	MD5Final(digest, &md5);
131 
132 	/*
133 	 * Finally, store the signature.
134 	 * (first 8 bytes of the digest)
135 	 */
136 	if (signature)
137 		bcopy(digest, signature, SMBSIGLEN);
138 
139 	return (0);
140 }
141 
142 /*
143  * Sign a request with HMAC-MD5.
144  */
145 void
146 smb_rq_sign(struct smb_rq *rqp)
147 {
148 	struct smb_ctx *ctx = rqp->rq_ctx;
149 	mbuf_t *m = rqp->rq_rq.mb_top;
150 	uint8_t *sigloc;
151 	int err;
152 
153 	/*
154 	 * Our mblk allocation ensures this,
155 	 * but just in case...
156 	 */
157 	if (m->m_len < SMB_HDRLEN)
158 		return;
159 	sigloc = (uchar_t *)m->m_data + SMBSIGOFF;
160 
161 	if (ctx->ct_mackey == NULL) {
162 		/*
163 		 * Signing is required, but we have no key yet
164 		 * fill in with the magic fake signing value.
165 		 * This happens with SPNEGO, NTLMSSP, ...
166 		 */
167 		bcopy("BSRSPLY", sigloc, 8);
168 		return;
169 	}
170 
171 	/*
172 	 * This will compute the MAC and store it
173 	 * directly into the message at sigloc.
174 	 */
175 	rqp->rq_seqno = ctx->ct_mac_seqno;
176 	ctx->ct_mac_seqno += 2;
177 	err = smb_compute_MAC(ctx, m, rqp->rq_seqno, sigloc);
178 	if (err) {
179 		DPRINT("compute MAC, err %d", err);
180 		bzero(sigloc, SMBSIGLEN);
181 	}
182 }
183 
184 /*
185  * Verify reply signature.
186  */
187 int
188 smb_rq_verify(struct smb_rq *rqp)
189 {
190 	struct smb_ctx *ctx = rqp->rq_ctx;
191 	mbuf_t *m = rqp->rq_rp.mb_top;
192 	uint8_t sigbuf[SMBSIGLEN];
193 	uint8_t *sigloc;
194 	uint32_t rseqno;
195 	int err, fudge;
196 
197 	/*
198 	 * Note ct_mackey and ct_mackeylen gets initialized by
199 	 * smb_smb_ssnsetup.  It's normal to have a null MAC key
200 	 * during extended security session setup.
201 	 */
202 	if (ctx->ct_mackey == NULL)
203 		return (0);
204 
205 	/*
206 	 * Let caller deal with empty reply or short messages by
207 	 * returning zero.  Caller will fail later, in parsing.
208 	 */
209 	if (m == NULL) {
210 		DPRINT("empty reply");
211 		return (0);
212 	}
213 	if (m->m_len < SMB_HDRLEN) {
214 		DPRINT("short reply");
215 		return (0);
216 	}
217 
218 	sigloc = (uchar_t *)m->m_data + SMBSIGOFF;
219 	rseqno = rqp->rq_seqno + 1;
220 
221 	DPRINT("rq_rseqno = 0x%x", rseqno);
222 
223 	err = smb_compute_MAC(ctx, m, rseqno, sigbuf);
224 	if (err) {
225 		DPRINT("compute MAC, err %d", err);
226 		/*
227 		 * If we can't compute a MAC, then there's
228 		 * no point trying other seqno values.
229 		 */
230 		return (EBADRPC);
231 	}
232 
233 	/*
234 	 * Compare the computed signature with the
235 	 * one found in the message (at sigloc)
236 	 */
237 	if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0)
238 		return (0);
239 
240 	DPRINT("BAD signature, MID=0x%x", rqp->rq_mid);
241 
242 #ifdef DEBUG
243 	/*
244 	 * For diag purposes, we check whether the client/server idea
245 	 * of the sequence # has gotten a bit out of sync.
246 	 */
247 	for (fudge = 1; fudge <= nsmb_signing_fudge; fudge++) {
248 		(void) smb_compute_MAC(ctx, m, rseqno + fudge, sigbuf);
249 		if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0)
250 			break;
251 		(void) smb_compute_MAC(ctx, m, rseqno - fudge, sigbuf);
252 		if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0) {
253 			fudge = -fudge;
254 			break;
255 		}
256 	}
257 	if (fudge <= nsmb_signing_fudge) {
258 		DPRINT("rseqno=%d, but %d would have worked",
259 		    rseqno, rseqno + fudge);
260 	}
261 #endif
262 	return (EBADRPC);
263 }
264