Further work on NTLMSSP-based SMB signing. Current status is that I cannnot

get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.

So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree.  It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).

This includes the mysical 'NTLM2' code - I have no idea if it actually works.

(I couldn't get TNG to use it for its pipes either).

Andrew Bartlett
(This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)

1 files changed, 208 insertions, 0 deletions

diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
new file mode 100644
index 0000000000..f51d532319
--- /dev/null
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -0,0 +1,208 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Version 3.0
+ *  NTLMSSP Signing routines
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2001
+ *  Copyright (C) Andrew Bartlett 2003
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software Foundation,
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include "includes.h"
+
+#define CLI_SIGN "session key to client-to-server signing key magic constant"
+#define CLI_SEAL "session key to client-to-server sealing key magic constant"
+#define SRV_SIGN "session key to server-to-client signing key magic constant"
+#define SRV_SEAL "session key to server-to-client sealing key magic constant"
+
+static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
+{
+    unsigned char index_i = hash[256];
+    unsigned char index_j = hash[257];
+    int ind;
+
+    for (ind = 0; ind < len; ind++)
+    {
+        unsigned char tc;
+        unsigned char t;
+
+        index_i++;
+        index_j += hash[index_i];
+
+        tc = hash[index_i];
+        hash[index_i] = hash[index_j];
+        hash[index_j] = tc;
+
+        t = hash[index_i] + hash[index_j];
+        data[ind] = data[ind] ^ hash[t];
+    }
+
+    hash[256] = index_i;
+    hash[257] = index_j;
+}
+
+static void calc_hash(unsigned char *hash, const char *k2, int k2l)
+{
+	unsigned char j = 0;
+	int ind;
+
+	for (ind = 0; ind < 256; ind++)
+	{
+		hash[ind] = (unsigned char)ind;
+	}
+
+	for (ind = 0; ind < 256; ind++)
+	{
+		unsigned char tc;
+
+		j += (hash[ind] + k2[ind%k2l]);
+
+		tc = hash[ind];
+		hash[ind] = hash[j];
+		hash[j] = tc;
+	}
+
+	hash[256] = 0;
+	hash[257] = 0;
+}
+
+static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
+			     const char encrypted_response[16], 
+			     const char *constant)
+{
+	struct MD5Context ctx3;
+
+	MD5Init(&ctx3);
+	MD5Update(&ctx3, encrypted_response, 5);
+	MD5Update(&ctx3, constant, strlen(constant));
+	MD5Final(digest, &ctx3);
+
+	calc_hash(hash, digest, 16);
+}
+
+static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					      const uchar *data, size_t length, 
+					      DATA_BLOB *sig) 
+{
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		HMACMD5Context ctx;
+		char seq_num[4];
+		uchar digest[16];
+		SIVAL(seq_num, 0, &ntlmssp_state->ntlmssp_seq_num);
+
+		hmac_md5_init_limK_to_64(ntlmssp_state->cli_sign_const, 16, &ctx);
+		hmac_md5_update(seq_num, 4, &ctx);
+		hmac_md5_update(data, length, &ctx);
+		hmac_md5_final(digest, &ctx);
+
+		if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	       
+		NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash,  sig->data, sig->length);
+	} else {
+		uint32 crc;
+		crc = crc32_calc_buffer(data, length);
+		if (!msrpc_gen(sig, "ddd", 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data, sig->length);
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					   const uchar *data, size_t length, 
+					   DATA_BLOB *sig) 
+{
+	ntlmssp_state->ntlmssp_seq_num++;
+	return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+}
+
+/**
+ * Check the signature of an incoming packet 
+ * @note caller *must* check that the signature is the size it expects 
+ *
+ */
+
+NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					   const uchar *data, size_t length, 
+					   const DATA_BLOB *sig) 
+{
+	DATA_BLOB local_sig;
+	NTSTATUS nt_status;
+
+	if (sig->length < 8) {
+		DEBUG(0, ("NTLMSSP packet check failed due to short signiture (%u bytes)!\n", 
+			  sig->length));
+	}
+
+	nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data, 
+						  length, &local_sig);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+	
+	if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
+		return NT_STATUS_OK;
+	} else {
+		DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+}
+
+/**
+   Initialise the state for NTLMSSP signing.
+*/
+NTSTATUS ntlmssp_client_sign_init(NTLMSSP_CLIENT_STATE *ntlmssp_state)
+{
+	unsigned char p24[24];
+	unsigned char lm_hash[16];
+
+	if (!ntlmssp_state->lm_resp.data) {
+		/* can't sign or check signitures yet */ 
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+			    
+	E_deshash(ntlmssp_state->password, lm_hash);
+		
+	NTLMSSPOWFencrypt(lm_hash, ntlmssp_state->lm_resp.data, p24);
+	
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+	{
+		calc_ntlmv2_hash(ntlmssp_state->cli_sign_hash, ntlmssp_state->cli_sign_const, p24, CLI_SIGN);
+		calc_ntlmv2_hash(ntlmssp_state->cli_seal_hash, ntlmssp_state->cli_seal_const, p24, CLI_SEAL);
+		calc_ntlmv2_hash(ntlmssp_state->srv_sign_hash, ntlmssp_state->srv_sign_const, p24, SRV_SIGN);
+		calc_ntlmv2_hash(ntlmssp_state->srv_seal_hash, ntlmssp_state->srv_seal_const, p24, SRV_SEAL);
+	}
+	else
+	{
+		char k2[8];
+		memcpy(k2, p24, 5);
+		k2[5] = 0xe5;
+		k2[6] = 0x38;
+		k2[7] = 0xb0;
+		
+		calc_hash(ntlmssp_state->ntlmssp_hash, k2, 8);
+	}
+
+	ntlmssp_state->ntlmssp_seq_num = 0;
+
+	ZERO_STRUCT(lm_hash);
+	return NT_STATUS_OK;
+}