The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netsmb/smb_crypt.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2000-2001, Boris Popov
    3  * All rights reserved.
    4  *
    5  * Copyright (c) 2003, 2004 Tim J. Robbins.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. All advertising materials mentioning features or use of this software
   17  *    must display the following acknowledgement:
   18  *    This product includes software developed by Boris Popov.
   19  * 4. Neither the name of the author nor the names of any co-contributors
   20  *    may be used to endorse or promote products derived from this software
   21  *    without specific prior written permission.
   22  *
   23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   33  * SUCH DAMAGE.
   34  */
   35 
   36 #include <sys/cdefs.h>
   37 __FBSDID("$FreeBSD: src/sys/netsmb/smb_crypt.c,v 1.7.2.1 2005/01/31 23:26:44 imp Exp $");
   38 
   39 #include <sys/param.h>
   40 #include <sys/malloc.h>
   41 #include <sys/kernel.h>
   42 #include <sys/systm.h>
   43 #include <sys/conf.h>
   44 #include <sys/proc.h>
   45 #include <sys/fcntl.h>
   46 #include <sys/socket.h>
   47 #include <sys/socketvar.h>
   48 #include <sys/sysctl.h>
   49 #include <sys/endian.h>
   50 #include <sys/mbuf.h>
   51 #include <sys/mchain.h>
   52 #include <sys/md4.h>
   53 #include <sys/md5.h>
   54 #include <sys/iconv.h>
   55 
   56 #include <netsmb/smb.h>
   57 #include <netsmb/smb_conn.h>
   58 #include <netsmb/smb_subr.h>
   59 #include <netsmb/smb_rq.h>
   60 #include <netsmb/smb_dev.h>
   61 
   62 #include "opt_netsmb.h"
   63 
   64 #ifdef NETSMBCRYPTO
   65 
   66 #include <crypto/des/des.h>
   67 
   68 static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
   69 
   70 
   71 static void
   72 smb_E(const u_char *key, u_char *data, u_char *dest)
   73 {
   74         des_key_schedule *ksp;
   75         u_char kk[8];
   76 
   77         kk[0] = key[0] & 0xfe;
   78         kk[1] = key[0] << 7 | (key[1] >> 1 & 0xfe);
   79         kk[2] = key[1] << 6 | (key[2] >> 2 & 0xfe);
   80         kk[3] = key[2] << 5 | (key[3] >> 3 & 0xfe);
   81         kk[4] = key[3] << 4 | (key[4] >> 4 & 0xfe);
   82         kk[5] = key[4] << 3 | (key[5] >> 5 & 0xfe);
   83         kk[6] = key[5] << 2 | (key[6] >> 6 & 0xfe);
   84         kk[7] = key[6] << 1;
   85         ksp = malloc(sizeof(des_key_schedule), M_SMBTEMP, M_WAITOK);
   86         des_set_key((des_cblock *)kk, *ksp);
   87         des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1);
   88         free(ksp, M_SMBTEMP);
   89 }
   90 #endif
   91 
   92 
   93 int
   94 smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
   95 {
   96 #ifdef NETSMBCRYPTO
   97         u_char *p, *P14, *S21;
   98 
   99         p = malloc(14 + 21, M_SMBTEMP, M_WAITOK);
  100         bzero(p, 14 + 21);
  101         P14 = p;
  102         S21 = p + 14;
  103         bcopy(apwd, P14, min(14, strlen(apwd)));
  104         /*
  105          * S21 = concat(Ex(P14, N8), zeros(5));
  106          */
  107         smb_E(P14, N8, S21);
  108         smb_E(P14 + 7, N8, S21 + 8);
  109 
  110         smb_E(S21, C8, RN);
  111         smb_E(S21 + 7, C8, RN + 8);
  112         smb_E(S21 + 14, C8, RN + 16);
  113         free(p, M_SMBTEMP);
  114         return 0;
  115 #else
  116         SMBERROR("password encryption is not available\n");
  117         bzero(RN, 24);
  118         return EAUTH;
  119 #endif
  120 }
  121 
  122 int
  123 smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
  124 {
  125 #ifdef NETSMBCRYPTO
  126         u_char S21[21];
  127         u_int16_t *unipwd;
  128         MD4_CTX *ctxp;
  129         int len;
  130 
  131         len = strlen(apwd);
  132         unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK);
  133         /*
  134          * S21 = concat(MD4(U(apwd)), zeros(5));
  135          */
  136         smb_strtouni(unipwd, apwd);
  137         ctxp = malloc(sizeof(MD4_CTX), M_SMBTEMP, M_WAITOK);
  138         MD4Init(ctxp);
  139         MD4Update(ctxp, (u_char*)unipwd, len * sizeof(u_int16_t));
  140         free(unipwd, M_SMBTEMP);
  141         bzero(S21, 21);
  142         MD4Final(S21, ctxp);
  143         free(ctxp, M_SMBTEMP);
  144 
  145         smb_E(S21, C8, RN);
  146         smb_E(S21 + 7, C8, RN + 8);
  147         smb_E(S21 + 14, C8, RN + 16);
  148         return 0;
  149 #else
  150         SMBERROR("password encryption is not available\n");
  151         bzero(RN, 24);
  152         return EAUTH;
  153 #endif
  154 }
  155 
  156 /*
  157  * Calculate message authentication code (MAC) key for virtual circuit.
  158  */
  159 int
  160 smb_calcmackey(struct smb_vc *vcp)
  161 {
  162 #ifdef NETSMBCRYPTO
  163         const char *pwd;
  164         u_int16_t *unipwd;
  165         int len;
  166         MD4_CTX md4;
  167         u_char S16[16], S21[21];
  168 
  169         KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE,
  170             ("signatures not enabled"));
  171 
  172         if (vcp->vc_mackey != NULL) {
  173                 free(vcp->vc_mackey, M_SMBTEMP);
  174                 vcp->vc_mackey = NULL;
  175                 vcp->vc_mackeylen = 0;
  176                 vcp->vc_seqno = 0;
  177         }
  178 
  179         /*
  180          * The partial MAC key is the concatenation of the 16 byte session
  181          * key and the 24 byte challenge response.
  182          */
  183         vcp->vc_mackeylen = 16 + 24;
  184         vcp->vc_mackey = malloc(vcp->vc_mackeylen, M_SMBTEMP, M_WAITOK);
  185 
  186         /*
  187          * Calculate session key:
  188          *      MD4(MD4(U(PN)))
  189          */
  190         pwd = smb_vc_getpass(vcp);
  191         len = strlen(pwd);
  192         unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK);
  193         smb_strtouni(unipwd, pwd);
  194         MD4Init(&md4);
  195         MD4Update(&md4, (u_char *)unipwd, len * sizeof(u_int16_t));
  196         MD4Final(S16, &md4);
  197         MD4Init(&md4);
  198         MD4Update(&md4, S16, 16);
  199         MD4Final(vcp->vc_mackey, &md4);
  200         free(unipwd, M_SMBTEMP);
  201 
  202         /*
  203          * Calculate response to challenge:
  204          *      Ex(concat(MD4(U(pass)), zeros(5)), C8)
  205          */
  206         bzero(S21, 21);
  207         bcopy(S16, S21, 16);
  208         smb_E(S21, vcp->vc_ch, vcp->vc_mackey + 16);
  209         smb_E(S21 + 7, vcp->vc_ch, vcp->vc_mackey + 24);
  210         smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32);
  211 
  212         return (0);
  213 #else
  214         panic("smb_calcmackey: encryption not available");
  215         return (0);
  216 #endif  /* NETSMBCRYPTO */
  217 }
  218 
  219 /*
  220  * Sign request with MAC.
  221  */
  222 int
  223 smb_rq_sign(struct smb_rq *rqp)
  224 {
  225 #ifdef NETSMBCRYPTO
  226         struct smb_vc *vcp = rqp->sr_vc;
  227         struct mbchain *mbp;
  228         struct mbuf *mb;
  229         MD5_CTX md5;
  230         u_char digest[16];
  231 
  232         KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE,
  233             ("signatures not enabled"));
  234 
  235         if (vcp->vc_mackey == NULL)
  236                 /* XXX Should assert that cmd == SMB_COM_NEGOTIATE. */
  237                 return (0);
  238 
  239         /*
  240          * This is a bit of a kludge. If the request is non-TRANSACTION,
  241          * or it is the first request of a transaction, give it the next
  242          * sequence number, and expect the reply to have the sequence number
  243          * following that one. Otherwise, it is a secondary request in
  244          * a transaction, and it gets the same sequence numbers as the
  245          * primary request.
  246          */
  247         if (rqp->sr_t2 == NULL ||
  248             (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0) {
  249                 rqp->sr_seqno = vcp->vc_seqno++;
  250                 rqp->sr_rseqno = vcp->vc_seqno++;
  251         } else {
  252                 /*
  253                  * Sequence numbers are already in the struct because
  254                  * smb_t2_request_int() uses the same one for all the
  255                  * requests in the transaction.
  256                  * (At least we hope so.)
  257                  */
  258                 KASSERT(rqp->sr_t2 == NULL ||
  259                     (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0 ||
  260                     rqp->sr_t2->t2_rq == rqp,
  261                     ("sec t2 rq not using same smb_rq"));
  262         }
  263 
  264         /* Initialize sec. signature field to sequence number + zeros. */
  265         *(u_int32_t *)rqp->sr_rqsig = htole32(rqp->sr_seqno);
  266         *(u_int32_t *)(rqp->sr_rqsig + 4) = 0;
  267 
  268         /*
  269          * Compute HMAC-MD5 of packet data, keyed by MAC key.
  270          * Store the first 8 bytes in the sec. signature field.
  271          */
  272         smb_rq_getrequest(rqp, &mbp);
  273         MD5Init(&md5);
  274         MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen);
  275         for (mb = mbp->mb_top; mb != NULL; mb = mb->m_next)
  276                 MD5Update(&md5, mtod(mb, void *), mb->m_len);
  277         MD5Final(digest, &md5);
  278         bcopy(digest, rqp->sr_rqsig, 8);
  279 
  280         return (0);
  281 #else
  282         panic("smb_rq_sign: encryption not available");
  283         return (0);
  284 #endif  /* NETSMBCRYPTO */
  285 }
  286 
  287 /*
  288  * Verify reply signature.
  289  */
  290 int
  291 smb_rq_verify(struct smb_rq *rqp)
  292 {
  293 #ifdef NETSMBCRYPTO
  294         struct smb_vc *vcp = rqp->sr_vc;
  295         struct mdchain *mdp;
  296         u_char sigbuf[8];
  297         MD5_CTX md5;
  298         u_char digest[16];
  299         struct mbuf *mb;
  300 
  301         KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE,
  302             ("signatures not enabled"));
  303 
  304         if (vcp->vc_mackey == NULL)
  305                 /* XXX Should check that this is a SMB_COM_NEGOTIATE reply. */
  306                 return (0);
  307 
  308         /*
  309          * Compute HMAC-MD5 of packet data, keyed by MAC key.
  310          * We play games to pretend the security signature field
  311          * contains their sequence number, to avoid modifying
  312          * the packet itself.
  313          */
  314         smb_rq_getreply(rqp, &mdp);
  315         mb = mdp->md_top;
  316         KASSERT(mb->m_len >= SMB_HDRLEN, ("forgot to m_pullup"));
  317         MD5Init(&md5);
  318         MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen);
  319         MD5Update(&md5, mtod(mb, void *), 14);
  320         *(u_int32_t *)sigbuf = htole32(rqp->sr_rseqno);
  321         *(u_int32_t *)(sigbuf + 4) = 0;
  322         MD5Update(&md5, sigbuf, 8);
  323         MD5Update(&md5, mtod(mb, u_char *) + 22, mb->m_len - 22);
  324         for (mb = mb->m_next; mb != NULL; mb = mb->m_next)
  325                 MD5Update(&md5, mtod(mb, void *), mb->m_len);
  326         MD5Final(digest, &md5);
  327 
  328         /*
  329          * Now verify the signature.
  330          */
  331         if (bcmp(mtod(mdp->md_top, u_char *) + 14, digest, 8) != 0)
  332                 return (EAUTH);
  333 
  334         return (0);
  335 #else
  336         panic("smb_rq_verify: encryption not available");
  337         return (0);
  338 #endif  /* NETSMBCRYPTO */
  339 }

Cache object: a1ee26ee1f260267791a9139d8feeebb


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.