1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * Signing support, using libmd
29 */
30
31 #include <errno.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <strings.h>
36
37 #include <sys/types.h>
38 #include <sys/md5.h>
39
40 #include <netsmb/mchain.h>
41 #include <netsmb/smb.h>
42 #include <netsmb/smb_lib.h>
43
44 #include "private.h"
45
46 #define SMBSIGOFF 14 /* SMB signature offset */
47 #define SMBSIGLEN 8 /* SMB signature length */
48
49 /*
50 * Set this to a small number to debug sequence numbers
51 * that seem to get out of step.
52 */
53 #ifdef DEBUG
54 int nsmb_signing_fudge = 4;
55 #endif
56
57 /*
58 * Compute MD5 digest of packet data, using the stored MAC key.
59 *
60 * See similar code in the driver:
61 * uts/common/fs/smbclnt/netsmb/smb_signing.c
62 * and on the server side:
63 * uts/common/fs/smbsrv/smb_signing.c
64 */
65 static int
66 smb_compute_MAC(struct smb_ctx *ctx, mbuf_t *m,
67 uint32_t seqno, uchar_t *signature)
68 {
69 MD5_CTX md5;
70 uchar_t digest[MD5_DIGEST_LENGTH];
71
72 /*
73 * This union is a little bit of trickery to:
74 * (1) get the sequence number int aligned, and
75 * (2) reduce the number of digest calls, at the
76 * cost of a copying 32 bytes instead of 8.
77 * Both sides of this union are 2+32 bytes.
78 */
79 union {
80 struct {
81 uint8_t skip[2]; /* not used - just alignment */
82 uint8_t raw[SMB_HDRLEN]; /* header length (32) */
83 } r;
84 struct {
85 uint8_t skip[2]; /* not used - just alignment */
86 uint8_t hdr[SMBSIGOFF]; /* sig. offset (14) */
87 uint32_t sig[2]; /* MAC signature, aligned! */
88 uint16_t ids[5]; /* pad, Tid, Pid, Uid, Mid */
89 } s;
90 } smbhdr;
91
92 if (m->m_len < SMB_HDRLEN)
93 return (EIO);
94 if (ctx->ct_mackey == NULL)
95 return (EINVAL);
96
97 /*
98 * Make an aligned copy of the SMB header
99 * and fill in the sequence number.
100 */
101 bcopy(m->m_data, smbhdr.r.raw, SMB_HDRLEN);
102 smbhdr.s.sig[0] = htolel(seqno);
103 smbhdr.s.sig[1] = 0;
104
105 /*
106 * Compute the MAC: MD5(concat(Key, message))
107 */
108 MD5Init(&md5);
109
110 /* Digest the MAC Key */
111 MD5Update(&md5, ctx->ct_mackey, ctx->ct_mackeylen);
112
113 /* Digest the (copied) SMB header */
114 MD5Update(&md5, smbhdr.r.raw, SMB_HDRLEN);
115
116 /* Digest the rest of the first mbuf */
117 if (m->m_len > SMB_HDRLEN) {
118 MD5Update(&md5, m->m_data + SMB_HDRLEN,
119 m->m_len - SMB_HDRLEN);
120 }
121 m = m->m_next;
122
123 /* Digest rest of the SMB message. */
124 while (m) {
125 MD5Update(&md5, m->m_data, m->m_len);
126 m = m->m_next;
127 }
128
129 /* Final */
130 MD5Final(digest, &md5);
131
132 /*
133 * Finally, store the signature.
134 * (first 8 bytes of the digest)
135 */
136 if (signature)
137 bcopy(digest, signature, SMBSIGLEN);
138
139 return (0);
140 }
141
142 /*
143 * Sign a request with HMAC-MD5.
144 */
145 void
146 smb_rq_sign(struct smb_rq *rqp)
147 {
148 struct smb_ctx *ctx = rqp->rq_ctx;
149 mbuf_t *m = rqp->rq_rq.mb_top;
150 uint8_t *sigloc;
151 int err;
152
153 /*
154 * Our mblk allocation ensures this,
155 * but just in case...
156 */
157 if (m->m_len < SMB_HDRLEN)
158 return;
159 sigloc = (uchar_t *)m->m_data + SMBSIGOFF;
160
161 if (ctx->ct_mackey == NULL) {
162 /*
163 * Signing is required, but we have no key yet
164 * fill in with the magic fake signing value.
165 * This happens with SPNEGO, NTLMSSP, ...
166 */
167 bcopy("BSRSPLY", sigloc, 8);
168 return;
169 }
170
171 /*
172 * This will compute the MAC and store it
173 * directly into the message at sigloc.
174 */
175 rqp->rq_seqno = ctx->ct_mac_seqno;
176 ctx->ct_mac_seqno += 2;
177 err = smb_compute_MAC(ctx, m, rqp->rq_seqno, sigloc);
178 if (err) {
179 DPRINT("compute MAC, err %d", err);
180 bzero(sigloc, SMBSIGLEN);
181 }
182 }
183
184 /*
185 * Verify reply signature.
186 */
187 int
188 smb_rq_verify(struct smb_rq *rqp)
189 {
190 struct smb_ctx *ctx = rqp->rq_ctx;
191 mbuf_t *m = rqp->rq_rp.mb_top;
192 uint8_t sigbuf[SMBSIGLEN];
193 uint8_t *sigloc;
194 uint32_t rseqno;
195 int err, fudge;
196
197 /*
198 * Note ct_mackey and ct_mackeylen gets initialized by
199 * smb_smb_ssnsetup. It's normal to have a null MAC key
200 * during extended security session setup.
201 */
202 if (ctx->ct_mackey == NULL)
203 return (0);
204
205 /*
206 * Let caller deal with empty reply or short messages by
207 * returning zero. Caller will fail later, in parsing.
208 */
209 if (m == NULL) {
210 DPRINT("empty reply");
211 return (0);
212 }
213 if (m->m_len < SMB_HDRLEN) {
214 DPRINT("short reply");
215 return (0);
216 }
217
218 sigloc = (uchar_t *)m->m_data + SMBSIGOFF;
219 rseqno = rqp->rq_seqno + 1;
220
221 DPRINT("rq_rseqno = 0x%x", rseqno);
222
223 err = smb_compute_MAC(ctx, m, rseqno, sigbuf);
224 if (err) {
225 DPRINT("compute MAC, err %d", err);
226 /*
227 * If we can't compute a MAC, then there's
228 * no point trying other seqno values.
229 */
230 return (EBADRPC);
231 }
232
233 /*
234 * Compare the computed signature with the
235 * one found in the message (at sigloc)
236 */
237 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0)
238 return (0);
239
240 DPRINT("BAD signature, MID=0x%x", rqp->rq_mid);
241
242 #ifdef DEBUG
243 /*
244 * For diag purposes, we check whether the client/server idea
245 * of the sequence # has gotten a bit out of sync.
246 */
247 for (fudge = 1; fudge <= nsmb_signing_fudge; fudge++) {
248 (void) smb_compute_MAC(ctx, m, rseqno + fudge, sigbuf);
249 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0)
250 break;
251 (void) smb_compute_MAC(ctx, m, rseqno - fudge, sigbuf);
252 if (bcmp(sigbuf, sigloc, SMBSIGLEN) == 0) {
253 fudge = -fudge;
254 break;
255 }
256 }
257 if (fudge <= nsmb_signing_fudge) {
258 DPRINT("rseqno=%d, but %d would have worked",
259 rseqno, rseqno + fudge);
260 }
261 #endif
262 return (EBADRPC);
263 }