From 0ed0a669566a0fe2f3a0357e35080346b550fb1d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Aug 2011 01:42:09 +0200 Subject: libcli/smb: move smb2_signing.c to the toplevel metze --- source3/smbd/globals.h | 7 --- source3/smbd/smb2_signing.c | 136 -------------------------------------------- 2 files changed, 143 deletions(-) delete mode 100644 source3/smbd/smb2_signing.c (limited to 'source3/smbd') diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 35c44eebb5..2e59d9bc5f 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -133,13 +133,6 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn); void smbd_lock_socket(struct smbd_server_connection *sconn); void smbd_unlock_socket(struct smbd_server_connection *sconn); -NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key, - struct iovec *vector, - int count); -NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key, - const struct iovec *vector, - int count); - NTSTATUS smbd_do_locking(struct smb_request *req, files_struct *fsp, uint8_t type, diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c deleted file mode 100644 index 1c0dd5ef68..0000000000 --- a/source3/smbd/smb2_signing.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB2 signing - - Copyright (C) Stefan Metzmacher 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "smbd/smbd.h" -#include "smbd/globals.h" -#include "../libcli/smb/smb_common.h" -#include "../lib/crypto/crypto.h" - -NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key, - struct iovec *vector, - int count) -{ - uint8_t *hdr; - uint64_t session_id; - struct HMACSHA256Context m; - uint8_t res[SHA256_DIGEST_LENGTH]; - int i; - - if (count < 2) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (vector[0].iov_len != SMB2_HDR_BODY) { - return NT_STATUS_INVALID_PARAMETER; - } - - hdr = (uint8_t *)vector[0].iov_base; - - session_id = BVAL(hdr, SMB2_HDR_SESSION_ID); - if (session_id == 0) { - /* - * do not sign messages with a zero session_id. - * See MS-SMB2 3.2.4.1.1 - */ - return NT_STATUS_OK; - } - - if (session_key.length == 0) { - DEBUG(2,("Wrong session key length %u for SMB2 signing\n", - (unsigned)session_key.length)); - return NT_STATUS_ACCESS_DENIED; - } - - memset(hdr + SMB2_HDR_SIGNATURE, 0, 16); - - SIVAL(hdr, SMB2_HDR_FLAGS, IVAL(hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED); - - ZERO_STRUCT(m); - hmac_sha256_init(session_key.data, MIN(session_key.length, 16), &m); - for (i=0; i < count; i++) { - hmac_sha256_update((const uint8_t *)vector[i].iov_base, - vector[i].iov_len, &m); - } - hmac_sha256_final(res, &m); - DEBUG(5,("signed SMB2 message\n")); - - memcpy(hdr + SMB2_HDR_SIGNATURE, res, 16); - - return NT_STATUS_OK; -} - -NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key, - const struct iovec *vector, - int count) -{ - const uint8_t *hdr; - const uint8_t *sig; - uint64_t session_id; - struct HMACSHA256Context m; - uint8_t res[SHA256_DIGEST_LENGTH]; - static const uint8_t zero_sig[16] = { 0, }; - int i; - - if (count < 2) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (vector[0].iov_len != SMB2_HDR_BODY) { - return NT_STATUS_INVALID_PARAMETER; - } - - hdr = (const uint8_t *)vector[0].iov_base; - - session_id = BVAL(hdr, SMB2_HDR_SESSION_ID); - if (session_id == 0) { - /* - * do not sign messages with a zero session_id. - * See MS-SMB2 3.2.4.1.1 - */ - return NT_STATUS_OK; - } - - if (session_key.length == 0) { - /* we don't have the session key yet */ - return NT_STATUS_OK; - } - - sig = hdr+SMB2_HDR_SIGNATURE; - - ZERO_STRUCT(m); - hmac_sha256_init(session_key.data, MIN(session_key.length, 16), &m); - hmac_sha256_update(hdr, SMB2_HDR_SIGNATURE, &m); - hmac_sha256_update(zero_sig, 16, &m); - for (i=1; i < count; i++) { - hmac_sha256_update((const uint8_t *)vector[i].iov_base, - vector[i].iov_len, &m); - } - hmac_sha256_final(res, &m); - - if (memcmp(res, sig, 16) != 0) { - DEBUG(0,("Bad SMB2 signature for message\n")); - dump_data(0, sig, 16); - dump_data(0, res, 16); - return NT_STATUS_ACCESS_DENIED; - } - - return NT_STATUS_OK; -} -- cgit