smb_mac.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* SMB MAC Signing support.
*/
#include <strings.h>
#include <security/cryptoki.h>
/*
* smb_mac_init
*
* Calculates the MAC key using the specified user session
* key (NTLM or NTLMv2).
*
* Returns SMBAUTH_SUCCESS if key generation was successful,
* SMBAUTH_FAILURE if not.
*/
int
{
unsigned char S16[SMBAUTH_SESSION_KEY_SZ];
return (SMBAUTH_FAILURE);
return (SMBAUTH_SUCCESS);
}
/*
* smb_mac_calc
*
* Calculates MAC signature for the given buffer and returns
* it in the mac_sign parameter.
*
* The MAC signature is calculated as follows:
*
* data = concat(MAC_Key, MAC_Key_Len, SMB_Msg, SMB_Msg_Len);
* hash = MD5(data);
* MAC = head(hash, 8);
*
* The tricky part is that a sequence number should be used
* in calculation instead of the signature field in the
* SMB header.
*
* Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
* SMBAUTH_FAILURE if not.
*/
int
{
unsigned long diglen = MD_DIGEST_LEN;
int rc = SMBAUTH_FAILURE;
unsigned char seq_buf[SMB_SIG_SIZE];
unsigned char mac[16];
/*
* put seq_num into the first 4 bytes and
* zero out the next 4 bytes
*/
mechanism.pParameter = 0;
mechanism.ulParameterLen = 0;
return (SMBAUTH_FAILURE);
/* Initialize the digest operation in the session */
goto smbmacdone;
/* init with the MAC key */
goto smbmacdone;
/* copy in SMB packet info till signature field */
goto smbmacdone;
/* copy in the seq_buf instead of the signature */
goto smbmacdone;
/* copy in the rest of the packet, skipping the signature */
goto smbmacdone;
goto smbmacdone;
(void) C_CloseSession(hSession);
return (rc);
}
/*
* smb_mac_chk
*
* Calculates MAC signature for the given buffer
* and compares it to the signature in the given context.
* Return 1 if the signature are match, otherwise, return (0);
*/
int
{
unsigned char mac_sign[SMB_SIG_SIZE];
/* calculate mac signature */
return (0);
/* compare the signatures */
return (1);
return (0);
}
/*
* smb_mac_sign
*
* Calculates MAC signature for the given buffer,
* and write it to the buffer's signature field.
*
* Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
* SMBAUTH_FAILURE if not.
*/
int
{
unsigned char mac_sign[SMB_SIG_SIZE];
/* calculate mac signature */
return (SMBAUTH_FAILURE);
/* put mac signature in the header's signature field */
return (SMBAUTH_SUCCESS);
}
void
{
sign_ctx->ssc_seqnum++;
}
void
{
sign_ctx->ssc_seqnum--;
}