/// <summary>Performs MAC signature verification.</summary> /// <remarks> /// Performs MAC signature verification. This calculates the signature /// of the SMB and compares it to the signature field on the SMB itself. /// </remarks> /// <param name="data">The data.</param> /// <param name="offset">The starting offset at which the SMB header begins.</param> /// <param name="length">The length of the SMB data starting at offset.</param> internal virtual bool Verify(byte[] data, int offset, ServerMessageBlock response ) { Update(_macSigningKey, 0, _macSigningKey.Length); int index = offset; Update(data, index, SmbConstants.SignatureOffset); index += SmbConstants.SignatureOffset; byte[] sequence = new byte[8]; ServerMessageBlock.WriteInt4(response.SignSeq, sequence, 0); Update(sequence, 0, sequence.Length); index += 8; if (response.Command == ServerMessageBlock.SmbComReadAndx) { SmbComReadAndXResponse raxr = (SmbComReadAndXResponse)response; int length = response.Length - raxr.DataLength; Update(data, index, length - SmbConstants.SignatureOffset - 8); Update(raxr.B, raxr.Off, raxr.DataLength); } else { Update(data, index, response.Length - SmbConstants.SignatureOffset - 8); } byte[] signature = Digest(); for (int i = 0; i < 8; i++) { if (signature[i] != data[offset + SmbConstants.SignatureOffset + i]) { if (Log.Level >= 2) { Log.WriteLine("signature verification failure"); Hexdump.ToHexdump(Log, signature, 0, 8); Hexdump.ToHexdump(Log, data, offset + SmbConstants.SignatureOffset, 8); } return(response.VerifyFailed = true); } } return(response.VerifyFailed = false); }
/// <summary>Performs MAC signing of the SMB.</summary> /// <remarks> /// Performs MAC signing of the SMB. This is done as follows. /// The signature field of the SMB is overwritted with the sequence number; /// The MD5 digest of the MAC signing key + the entire SMB is taken; /// The first 8 bytes of this are placed in the signature field. /// </remarks> /// <param name="data">The data.</param> /// <param name="offset">The starting offset at which the SMB header begins.</param> /// <param name="length">The length of the SMB data starting at offset.</param> internal virtual void Sign(byte[] data, int offset, int length, ServerMessageBlock request, ServerMessageBlock response) { request.SignSeq = _signSequence; if (response != null) { response.SignSeq = _signSequence + 1; response.VerifyFailed = false; } try { Update(_macSigningKey, 0, _macSigningKey.Length); int index = offset + SmbConstants.SignatureOffset; for (int i = 0; i < 8; i++) { data[index + i] = 0; } ServerMessageBlock.WriteInt4(_signSequence, data, index); Update(data, offset, length); Array.Copy(Digest(), 0, data, index, 8); if (_bypass) { _bypass = false; Array.Copy(Runtime.GetBytesForString("BSRSPYL "), 0, data, index, 8); } } catch (Exception ex) { if (Log.Level > 0) { Runtime.PrintStackTrace(ex, Log); } } finally { _signSequence += 2; } }