/// <summary>Performs MAC signature verification.</summary>
/// <remarks>
/// Performs MAC signature verification. This calculates the signature
/// of the SMB and compares it to the signature field on the SMB itself.
/// </remarks>
/// <param name="data">The data.</param>
/// <param name="offset">The starting offset at which the SMB header begins.</param>
/// <param name="length">The length of the SMB data starting at offset.</param>
internal virtual bool Verify(byte[] data, int offset, ServerMessageBlock response
)
{
Update(_macSigningKey, 0, _macSigningKey.Length);
int index = offset;
Update(data, index, SmbConstants.SignatureOffset);
index += SmbConstants.SignatureOffset;
byte[] sequence = new byte[8];
ServerMessageBlock.WriteInt4(response.SignSeq, sequence, 0);
Update(sequence, 0, sequence.Length);
index += 8;
if (response.Command == ServerMessageBlock.SmbComReadAndx)
{
SmbComReadAndXResponse raxr = (SmbComReadAndXResponse)response;
int length = response.Length - raxr.DataLength;
Update(data, index, length - SmbConstants.SignatureOffset - 8);
Update(raxr.B, raxr.Off, raxr.DataLength);
}
else
{
Update(data, index, response.Length - SmbConstants.SignatureOffset - 8);
}
byte[] signature = Digest();
for (int i = 0; i < 8; i++)
{
if (signature[i] != data[offset + SmbConstants.SignatureOffset + i])
{
if (Log.Level >= 2)
{
Log.WriteLine("signature verification failure");
Hexdump.ToHexdump(Log, signature, 0, 8);
Hexdump.ToHexdump(Log, data, offset + SmbConstants.SignatureOffset, 8);
}
return(response.VerifyFailed = true);
}
}
return(response.VerifyFailed = false);
}
/// <summary>Performs MAC signing of the SMB.</summary>
/// <remarks>
/// Performs MAC signing of the SMB. This is done as follows.
/// The signature field of the SMB is overwritted with the sequence number;
/// The MD5 digest of the MAC signing key + the entire SMB is taken;
/// The first 8 bytes of this are placed in the signature field.
/// </remarks>
/// <param name="data">The data.</param>
/// <param name="offset">The starting offset at which the SMB header begins.</param>
/// <param name="length">The length of the SMB data starting at offset.</param>
internal virtual void Sign(byte[] data, int offset, int length, ServerMessageBlock
request, ServerMessageBlock response)
{
request.SignSeq = _signSequence;
if (response != null)
{
response.SignSeq = _signSequence + 1;
response.VerifyFailed = false;
}
try
{
Update(_macSigningKey, 0, _macSigningKey.Length);
int index = offset + SmbConstants.SignatureOffset;
for (int i = 0; i < 8; i++)
{
data[index + i] = 0;
}
ServerMessageBlock.WriteInt4(_signSequence, data, index);
Update(data, offset, length);
Array.Copy(Digest(), 0, data, index, 8);
if (_bypass)
{
_bypass = false;
Array.Copy(Runtime.GetBytesForString("BSRSPYL "), 0, data, index,
8);
}
}
catch (Exception ex)
{
if (Log.Level > 0)
{
Runtime.PrintStackTrace(ex, Log);
}
}
finally
{
_signSequence += 2;
}
}