2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A/*
2N/A * SMB MAC Signing support.
2N/A */
2N/A
2N/A#include <strings.h>
2N/A#include <security/cryptoki.h>
2N/A#include <security/pkcs11.h>
2N/A
2N/A#include <smbsrv/libsmb.h>
2N/A#include <smb/smb.h>
2N/A
2N/A/*
2N/A * smb_mac_init
2N/A *
2N/A * Calculates the MAC key using the specified user session
2N/A * key (NTLM or NTLMv2).
2N/A *
2N/A * Returns SMBAUTH_SUCCESS if key generation was successful,
2N/A * SMBAUTH_FAILURE if not.
2N/A */
2N/Aint
2N/Asmb_mac_init(smb_sign_ctx_t *sign_ctx, smb_auth_info_t *auth)
2N/A{
2N/A unsigned char S16[SMBAUTH_SESSION_KEY_SZ];
2N/A
2N/A if (smb_auth_gen_session_key(auth, S16) != SMBAUTH_SUCCESS)
2N/A return (SMBAUTH_FAILURE);
2N/A bcopy(S16, sign_ctx->ssc_mackey, SMBAUTH_SESSION_KEY_SZ);
2N/A bcopy(auth->cs, &(sign_ctx->ssc_mackey[SMBAUTH_SESSION_KEY_SZ]),
2N/A auth->cs_len);
2N/A sign_ctx->ssc_keylen = SMBAUTH_SESSION_KEY_SZ + auth->cs_len;
2N/A return (SMBAUTH_SUCCESS);
2N/A}
2N/A
2N/A/*
2N/A * smb_mac_calc
2N/A *
2N/A * Calculates MAC signature for the given buffer and returns
2N/A * it in the mac_sign parameter.
2N/A *
2N/A * The MAC signature is calculated as follows:
2N/A *
2N/A * data = concat(MAC_Key, MAC_Key_Len, SMB_Msg, SMB_Msg_Len);
2N/A * hash = MD5(data);
2N/A * MAC = head(hash, 8);
2N/A *
2N/A * The tricky part is that a sequence number should be used
2N/A * in calculation instead of the signature field in the
2N/A * SMB header.
2N/A *
2N/A * Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
2N/A * SMBAUTH_FAILURE if not.
2N/A */
2N/Aint
2N/Asmb_mac_calc(smb_sign_ctx_t *sign_ctx, const unsigned char *buf,
2N/A size_t buf_len, unsigned char *mac_sign)
2N/A{
2N/A CK_RV rv;
2N/A CK_MECHANISM mechanism;
2N/A CK_SESSION_HANDLE hSession;
2N/A unsigned long diglen = MD_DIGEST_LEN;
2N/A int rc = SMBAUTH_FAILURE;
2N/A
2N/A int offset_end_of_sig = (SMB_SIG_OFFS + SMB_SIG_SIZE);
2N/A unsigned char seq_buf[SMB_SIG_SIZE];
2N/A unsigned char mac[16];
2N/A
2N/A /*
2N/A * put seq_num into the first 4 bytes and
2N/A * zero out the next 4 bytes
2N/A */
2N/A bcopy(&sign_ctx->ssc_seqnum, seq_buf, 4);
2N/A bzero(seq_buf + 4, 4);
2N/A
2N/A mechanism.mechanism = CKM_MD5;
2N/A mechanism.pParameter = 0;
2N/A mechanism.ulParameterLen = 0;
2N/A
2N/A rv = SUNW_C_GetMechSession(mechanism.mechanism, &hSession);
2N/A if (rv != CKR_OK)
2N/A return (SMBAUTH_FAILURE);
2N/A
2N/A /* Initialize the digest operation in the session */
2N/A rv = C_DigestInit(hSession, &mechanism);
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A /* init with the MAC key */
2N/A rv = C_DigestUpdate(hSession, sign_ctx->ssc_mackey,
2N/A sign_ctx->ssc_keylen);
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A /* copy in SMB packet info till signature field */
2N/A rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)buf, SMB_SIG_OFFS);
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A /* copy in the seq_buf instead of the signature */
2N/A rv = C_DigestUpdate(hSession, seq_buf, sizeof (seq_buf));
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A /* copy in the rest of the packet, skipping the signature */
2N/A rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)buf + offset_end_of_sig,
2N/A buf_len - offset_end_of_sig);
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A rv = C_DigestFinal(hSession, mac, &diglen);
2N/A if (rv != CKR_OK)
2N/A goto smbmacdone;
2N/A
2N/A bcopy(mac, mac_sign, SMB_SIG_SIZE);
2N/A rc = SMBAUTH_SUCCESS;
2N/A
2N/Asmbmacdone:
2N/A (void) C_CloseSession(hSession);
2N/A return (rc);
2N/A}
2N/A
2N/A/*
2N/A * smb_mac_chk
2N/A *
2N/A * Calculates MAC signature for the given buffer
2N/A * and compares it to the signature in the given context.
2N/A * Return 1 if the signature are match, otherwise, return (0);
2N/A */
2N/Aint
2N/Asmb_mac_chk(smb_sign_ctx_t *sign_ctx,
2N/A const unsigned char *buf, size_t buf_len)
2N/A{
2N/A unsigned char mac_sign[SMB_SIG_SIZE];
2N/A
2N/A /* calculate mac signature */
2N/A if (smb_mac_calc(sign_ctx, buf, buf_len, mac_sign) != SMBAUTH_SUCCESS)
2N/A return (0);
2N/A
2N/A /* compare the signatures */
2N/A if (memcmp(sign_ctx->ssc_sign, mac_sign, SMB_SIG_SIZE) == 0)
2N/A return (1);
2N/A
2N/A return (0);
2N/A}
2N/A
2N/A/*
2N/A * smb_mac_sign
2N/A *
2N/A * Calculates MAC signature for the given buffer,
2N/A * and write it to the buffer's signature field.
2N/A *
2N/A * Returns SMBAUTH_SUCCESS if cryptology framework use was successful,
2N/A * SMBAUTH_FAILURE if not.
2N/A */
2N/Aint
2N/Asmb_mac_sign(smb_sign_ctx_t *sign_ctx, unsigned char *buf, size_t buf_len)
2N/A{
2N/A unsigned char mac_sign[SMB_SIG_SIZE];
2N/A
2N/A /* calculate mac signature */
2N/A if (smb_mac_calc(sign_ctx, buf, buf_len, mac_sign) != SMBAUTH_SUCCESS)
2N/A return (SMBAUTH_FAILURE);
2N/A
2N/A /* put mac signature in the header's signature field */
2N/A (void) memcpy(buf + SMB_SIG_OFFS, mac_sign, SMB_SIG_SIZE);
2N/A return (SMBAUTH_SUCCESS);
2N/A}
2N/A
2N/Avoid
2N/Asmb_mac_inc_seqnum(smb_sign_ctx_t *sign_ctx)
2N/A{
2N/A sign_ctx->ssc_seqnum++;
2N/A}
2N/A
2N/Avoid
2N/Asmb_mac_dec_seqnum(smb_sign_ctx_t *sign_ctx)
2N/A{
2N/A sign_ctx->ssc_seqnum--;
2N/A}