1*5331Samw /*
2*5331Samw * CDDL HEADER START
3*5331Samw *
4*5331Samw * The contents of this file are subject to the terms of the
5*5331Samw * Common Development and Distribution License (the "License").
6*5331Samw * You may not use this file except in compliance with the License.
7*5331Samw *
8*5331Samw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*5331Samw * or http://www.opensolaris.org/os/licensing.
10*5331Samw * See the License for the specific language governing permissions
11*5331Samw * and limitations under the License.
12*5331Samw *
13*5331Samw * When distributing Covered Code, include this CDDL HEADER in each
14*5331Samw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*5331Samw * If applicable, add the following below this CDDL HEADER, with the
16*5331Samw * fields enclosed by brackets "[]" replaced with your own identifying
17*5331Samw * information: Portions Copyright [yyyy] [name of copyright owner]
18*5331Samw *
19*5331Samw * CDDL HEADER END
20*5331Samw */
21*5331Samw /*
22*5331Samw * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23*5331Samw * Use is subject to license terms.
24*5331Samw */
25*5331Samw
26*5331Samw #pragma ident "%Z%%M% %I% %E% SMI"
27*5331Samw
28*5331Samw /*
29*5331Samw * SMB MAC Signing support.
30*5331Samw */
31*5331Samw
32*5331Samw #include <strings.h>
33*5331Samw #include <security/cryptoki.h>
34*5331Samw #include <security/pkcs11.h>
35*5331Samw
36*5331Samw #include <smbsrv/libsmb.h>
37*5331Samw
38*5331Samw #include <smbsrv/smb.h>
39*5331Samw
40*5331Samw /*
41*5331Samw * smb_mac_init
42*5331Samw *
43*5331Samw * Calculates the MAC key using the specified user session
44*5331Samw * key (NTLM or NTLMv2).
45*5331Samw *
46*5331Samw * Returns SMBAUTH_SUCCESS if key generation was successful,
47*5331Samw * SMBAUTH_FAILURE if not.
48*5331Samw */
49*5331Samw int
smb_mac_init(smb_sign_ctx_t * sign_ctx,smb_auth_info_t * auth)50*5331Samw smb_mac_init(smb_sign_ctx_t *sign_ctx, smb_auth_info_t *auth)
51*5331Samw {
52*5331Samw unsigned char S16[SMBAUTH_SESSION_KEY_SZ];
53*5331Samw
54*5331Samw if (smb_auth_gen_session_key(auth, S16) != SMBAUTH_SUCCESS)
55*5331Samw return (SMBAUTH_FAILURE);
56*5331Samw bcopy(S16, sign_ctx->ssc_mackey, SMBAUTH_SESSION_KEY_SZ);
57*5331Samw bcopy(auth->cs, &(sign_ctx->ssc_mackey[SMBAUTH_SESSION_KEY_SZ]),
58*5331Samw auth->cs_len);
59*5331Samw sign_ctx->ssc_keylen = SMBAUTH_SESSION_KEY_SZ + auth->cs_len;
60*5331Samw return (SMBAUTH_SUCCESS);
61*5331Samw }
62*5331Samw
63*5331Samw /*
64*5331Samw * smb_mac_calc
65*5331Samw *
66*5331Samw * Calculates MAC signature for the given buffer and returns
67*5331Samw * it in the mac_sign parameter.
68*5331Samw *
69*5331Samw * The MAC signature is calculated as follows:
70*5331Samw *
71*5331Samw * data = concat(MAC_Key, MAC_Key_Len, SMB_Msg, SMB_Msg_Len);
72*5331Samw * hash = MD5(data);
73*5331Samw * MAC = head(hash, 8);
74*5331Samw *
75*5331Samw * The tricky part is that a sequence number should be used
76*5331Samw * in calculation instead of the signature field in the
77*5331Samw * SMB header.
78*5331Samw *
79*5331Samw * Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
80*5331Samw * SMBAUTH_FAILURE if not.
81*5331Samw */
82*5331Samw int
smb_mac_calc(smb_sign_ctx_t * sign_ctx,const unsigned char * buf,size_t buf_len,unsigned char * mac_sign)83*5331Samw smb_mac_calc(smb_sign_ctx_t *sign_ctx, const unsigned char *buf,
84*5331Samw size_t buf_len, unsigned char *mac_sign)
85*5331Samw {
86*5331Samw CK_RV rv;
87*5331Samw CK_MECHANISM mechanism;
88*5331Samw CK_SESSION_HANDLE hSession;
89*5331Samw unsigned long diglen = MD_DIGEST_LEN;
90*5331Samw int rc = SMBAUTH_FAILURE;
91*5331Samw
92*5331Samw int offset_end_of_sig = (SMB_SIG_OFFS + SMB_SIG_SIZE);
93*5331Samw unsigned char seq_buf[SMB_SIG_SIZE];
94*5331Samw unsigned char mac[16];
95*5331Samw
96*5331Samw /*
97*5331Samw * put seq_num into the first 4 bytes and
98*5331Samw * zero out the next 4 bytes
99*5331Samw */
100*5331Samw bcopy(&sign_ctx->ssc_seqnum, seq_buf, 4);
101*5331Samw bzero(seq_buf + 4, 4);
102*5331Samw
103*5331Samw mechanism.mechanism = CKM_MD5;
104*5331Samw mechanism.pParameter = 0;
105*5331Samw mechanism.ulParameterLen = 0;
106*5331Samw
107*5331Samw rv = SUNW_C_GetMechSession(mechanism.mechanism, &hSession);
108*5331Samw if (rv != CKR_OK)
109*5331Samw return (SMBAUTH_FAILURE);
110*5331Samw
111*5331Samw /* Initialize the digest operation in the session */
112*5331Samw rv = C_DigestInit(hSession, &mechanism);
113*5331Samw if (rv != CKR_OK)
114*5331Samw goto smbmacdone;
115*5331Samw
116*5331Samw /* init with the MAC key */
117*5331Samw rv = C_DigestUpdate(hSession, sign_ctx->ssc_mackey,
118*5331Samw sign_ctx->ssc_keylen);
119*5331Samw if (rv != CKR_OK)
120*5331Samw goto smbmacdone;
121*5331Samw
122*5331Samw /* copy in SMB packet info till signature field */
123*5331Samw rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)buf, SMB_SIG_OFFS);
124*5331Samw if (rv != CKR_OK)
125*5331Samw goto smbmacdone;
126*5331Samw
127*5331Samw /* copy in the seq_buf instead of the signature */
128*5331Samw rv = C_DigestUpdate(hSession, seq_buf, sizeof (seq_buf));
129*5331Samw if (rv != CKR_OK)
130*5331Samw goto smbmacdone;
131*5331Samw
132*5331Samw /* copy in the rest of the packet, skipping the signature */
133*5331Samw rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)buf + offset_end_of_sig,
134*5331Samw buf_len - offset_end_of_sig);
135*5331Samw if (rv != CKR_OK)
136*5331Samw goto smbmacdone;
137*5331Samw
138*5331Samw rv = C_DigestFinal(hSession, mac, &diglen);
139*5331Samw if (rv != CKR_OK)
140*5331Samw goto smbmacdone;
141*5331Samw
142*5331Samw bcopy(mac, mac_sign, SMB_SIG_SIZE);
143*5331Samw rc = SMBAUTH_SUCCESS;
144*5331Samw
145*5331Samw smbmacdone:
146*5331Samw (void) C_CloseSession(hSession);
147*5331Samw return (rc);
148*5331Samw }
149*5331Samw
150*5331Samw /*
151*5331Samw * smb_mac_chk
152*5331Samw *
153*5331Samw * Calculates MAC signature for the given buffer
154*5331Samw * and compares it to the signature in the given context.
155*5331Samw * Return 1 if the signature are match, otherwise, return (0);
156*5331Samw */
157*5331Samw int
smb_mac_chk(smb_sign_ctx_t * sign_ctx,const unsigned char * buf,size_t buf_len)158*5331Samw smb_mac_chk(smb_sign_ctx_t *sign_ctx,
159*5331Samw const unsigned char *buf, size_t buf_len)
160*5331Samw {
161*5331Samw unsigned char mac_sign[SMB_SIG_SIZE];
162*5331Samw
163*5331Samw /* calculate mac signature */
164*5331Samw if (smb_mac_calc(sign_ctx, buf, buf_len, mac_sign) != SMBAUTH_SUCCESS)
165*5331Samw return (0);
166*5331Samw
167*5331Samw /* compare the signatures */
168*5331Samw if (memcmp(sign_ctx->ssc_sign, mac_sign, SMB_SIG_SIZE) == 0)
169*5331Samw return (1);
170*5331Samw
171*5331Samw return (0);
172*5331Samw }
173*5331Samw
174*5331Samw /*
175*5331Samw * smb_mac_sign
176*5331Samw *
177*5331Samw * Calculates MAC signature for the given buffer,
178*5331Samw * and write it to the buffer's signature field.
179*5331Samw *
180*5331Samw * Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
181*5331Samw * SMBAUTH_FAILURE if not.
182*5331Samw */
183*5331Samw int
smb_mac_sign(smb_sign_ctx_t * sign_ctx,unsigned char * buf,size_t buf_len)184*5331Samw smb_mac_sign(smb_sign_ctx_t *sign_ctx, unsigned char *buf, size_t buf_len)
185*5331Samw {
186*5331Samw unsigned char mac_sign[SMB_SIG_SIZE];
187*5331Samw
188*5331Samw /* calculate mac signature */
189*5331Samw if (smb_mac_calc(sign_ctx, buf, buf_len, mac_sign) != SMBAUTH_SUCCESS)
190*5331Samw return (SMBAUTH_FAILURE);
191*5331Samw
192*5331Samw /* put mac signature in the header's signature field */
193*5331Samw (void) memcpy(buf + SMB_SIG_OFFS, mac_sign, SMB_SIG_SIZE);
194*5331Samw return (SMBAUTH_SUCCESS);
195*5331Samw }
196*5331Samw
197*5331Samw void
smb_mac_inc_seqnum(smb_sign_ctx_t * sign_ctx)198*5331Samw smb_mac_inc_seqnum(smb_sign_ctx_t *sign_ctx)
199*5331Samw {
200*5331Samw sign_ctx->ssc_seqnum++;
201*5331Samw }
202*5331Samw
203*5331Samw void
smb_mac_dec_seqnum(smb_sign_ctx_t * sign_ctx)204*5331Samw smb_mac_dec_seqnum(smb_sign_ctx_t *sign_ctx)
205*5331Samw {
206*5331Samw sign_ctx->ssc_seqnum--;
207*5331Samw }
208