1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Signing support, using libmd 29 */ 30 31 #include <errno.h> 32 #include <stdio.h> 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <strings.h> 36 37 #include <sys/types.h> 38 #include <sys/md5.h> 39 40 #include <netsmb/mchain.h> 41 #include <netsmb/smb.h> 42 #include <netsmb/smb_lib.h> 43 44 #include "private.h" 45 46 #define SMBSIGOFF 14 /* SMB signature offset */ 47 #define SMBSIGLEN 8 /* SMB signature length */ 48 49 /* 50 * Set this to a small number to debug sequence numbers 51 * that seem to get out of step. 52 */ 53 #ifdef DEBUG 54 int nsmb_signing_fudge = 4; 55 #endif 56 57 /* 58 * Compute MD5 digest of packet data, using the stored MAC key. 59 * 60 * See similar code in the driver: 61 * uts/common/fs/smbclnt/netsmb/smb_signing.c 62 * and on the server side: 63 * uts/common/fs/smbsrv/smb_signing.c 64 */ 65 static int 66 smb_compute_MAC(struct smb_ctx *ctx, mbuf_t *m, 67 uint32_t seqno, uchar_t *signature) 68 { 69 MD5_CTX md5; 70 uchar_t digest[MD5_DIGEST_LENGTH]; 71 72 /* 73 * This union is a little bit of trickery to: 74 * (1) get the sequence number int aligned, and 75 * (2) reduce the number of digest calls, at the 76 * cost of a copying 32 bytes instead of 8. 77 * Both sides of this union are 2+32 bytes. 78 */ 79 union { 80 struct { 81 uint8_t skip[2]; /* not used - just alignment */ 82 uint8_t raw[SMB_HDRLEN]; /* header length (32) */ 83 } r; 84 struct { 85 uint8_t skip[2]; /* not used - just alignment */ 86 uint8_t hdr[SMBSIGOFF]; /* sig. offset (14) */ 87 uint32_t sig[2]; /* MAC signature, aligned! */ 88 uint16_t ids[5]; /* pad, Tid, Pid, Uid, Mid */ 89 } s; 90 } smbhdr; 91 92 if (m->m_len < SMB_HDRLEN) 93 return (EIO); 94 if (ctx->ct_mackey == NULL) 95 return (EINVAL); 96 97 /* 98 * Make an aligned copy of the SMB header 99 * and fill in the sequence number. 100 */ 101 bcopy(m->m_data, smbhdr.r.raw, SMB_HDRLEN); 102 smbhdr.s.sig[0] = htolel(seqno); 103 smbhdr.s.sig[1] = 0; 104 105 /* 106 * Compute the MAC: MD5(concat(Key, message)) 107 */ 108 MD5Init(&md5); 109 110 /* Digest the MAC Key */ 111 MD5Update(&md5, ctx->ct_mackey, ctx->ct_mackeylen); 112 113 /* Digest the (copied) SMB header */ 114 MD5Update(&md5, smbhdr.r.raw, SMB_HDRLEN); 115 116 /* Digest the rest of the first mbuf */ 117 if (m->m_len > SMB_HDRLEN) { 118 MD5Update(&md5, m->m_data + SMB_HDRLEN, 119 m->m_len - SMB_HDRLEN); 120 } 121 m = m->m_next; 122 123 /* Digest rest of the SMB message. */ 124 while (m) { 125 MD5Update(&md5, m->m_data, m->m_len); 126 m = m->m_next; 127 } 128 129 /* Final */ 130 MD5Final(digest, &md5); 131 132 /* 133 * Finally, store the signature. 134 * (first 8 bytes of the digest) 135 */ 136 if (signature) 137 bcopy(digest, signature, SMBSIGLEN); 138 139 return (0); 140 } 141 142 /* 143 * Sign a request with HMAC-MD5. 144 */ 145 int 146 smb_rq_sign(struct smb_rq *rqp) 147 { 148 struct smb_ctx *ctx = rqp->rq_ctx; 149 mbuf_t *m = rqp->rq_rq.mb_top; 150 uint8_t *sigloc; 151 int err; 152 153 /* 154 * Our mblk allocation ensures this, 155 * but just in case... 156 */ 157 if (m->m_len < SMB_HDRLEN) 158 return (EIO); 159 sigloc = (uchar_t *)m->m_data + SMBSIGOFF; 160 161 if (ctx->ct_mackey == NULL) { 162 /* 163 * Signing is required, but we have no key yet 164 * fill in with the magic fake signing value. 165 * This happens with SPNEGO, NTLMSSP, ... 166 */ 167 bcopy("BSRSPLY", sigloc, 8); 168 return (0); 169 } 170 171 /* 172 * This will compute the MAC and store it 173 * directly into the message at sigloc. 174 */ 175 rqp->rq_seqno = ctx->ct_mac_seqno; 176 ctx->ct_mac_seqno += 2; 177 err = smb_compute_MAC(ctx, m, rqp->rq_seqno, sigloc); 178 if (err) { 179 DPRINT("compute MAC, err %d", err); 180 bzero(sigloc, SMBSIGLEN); 181 return (ENOTSUP); 182 } 183 return (0); 184 } 185 186 /* 187 * Verify reply signature. 188 */ 189 int 190 smb_rq_verify(struct smb_rq *rqp) 191 { 192 struct smb_ctx *ctx = rqp->rq_ctx; 193 mbuf_t *m = rqp->rq_rp.mb_top; 194 uint8_t sigbuf[SMBSIGLEN]; 195 uint8_t *sigloc; 196 uint32_t rseqno; 197 int err, fudge; 198 199 /* 200 * Note ct_mackey and ct_mackeylen gets initialized by 201 * smb_smb_ssnsetup. It's normal to have a null MAC key 202 * during extended security session setup. 203 */ 204 if (ctx->ct_mackey == NULL) 205 return (0); 206 207 /* 208 * Let caller deal with empty reply or short messages by 209 * returning zero. Caller will fail later, in parsing. 210 */ 211 if (m == NULL) { 212 DPRINT("empty reply"); 213 return (0); 214 } 215 if (m->m_len < SMB_HDRLEN) { 216 DPRINT("short reply"); 217 return (0); 218 } 219 220 sigloc = (uchar_t *)m->m_data + SMBSIGOFF; 221 rseqno = rqp->rq_seqno + 1; 222 223 DPRINT("rq_rseqno = 0x%x", rseqno); 224 225 err = smb_compute_MAC(ctx, m, rseqno, sigbuf); 226 if (err) { 227 DPRINT("compute MAC, err %d", err); 228 /* 229 * If we can't compute a MAC, then there's 230 * no point trying other seqno values. 231 */ 232 return (EBADRPC); 233 } 234 235 /* 236 * Compare the computed signature with the 237 * one found in the message (at sigloc) 238 */ 239 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0) 240 return (0); 241 242 DPRINT("BAD signature, MID=0x%x", rqp->rq_mid); 243 244 #ifdef DEBUG 245 /* 246 * For diag purposes, we check whether the client/server idea 247 * of the sequence # has gotten a bit out of sync. 248 */ 249 for (fudge = 1; fudge <= nsmb_signing_fudge; fudge++) { 250 smb_compute_MAC(ctx, m, rseqno + fudge, sigbuf); 251 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0) 252 break; 253 smb_compute_MAC(ctx, m, rseqno - fudge, sigbuf); 254 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0) { 255 fudge = -fudge; 256 break; 257 } 258 } 259 if (fudge <= nsmb_signing_fudge) { 260 DPRINT("rseqno=%d, but %d would have worked", 261 rseqno, rseqno + fudge); 262 } 263 #endif 264 return (EBADRPC); 265 } 266