From 971754c0ed8613b1897041bc5e5b67d1e3b68abe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 27 Oct 2004 17:40:41 +0000 Subject: [PATCH] r3295: Fix for SMB signing with 56-bit DES session keys. From Nalin Dahyabhai . Jeremy. (This used to be commit afed78f359a15809b2d9b7566e16ade294944fa9) --- source4/libcli/raw/smb_signing.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index 9ba385e0627..e1d7b071f29 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -102,6 +102,8 @@ void sign_outgoing_message(struct request_buffer *out, DATA_BLOB *mac_key, uint_ { uint8_t calc_md5_mac[16]; struct MD5Context md5_ctx; + unsigned char key_buf[16]; + /* * Firstly put the sequence number into the first 4 bytes. * and zero out the next 4 bytes. @@ -114,8 +116,15 @@ void sign_outgoing_message(struct request_buffer *out, DATA_BLOB *mac_key, uint_ /* Calculate the 16 byte MAC and place first 8 bytes into the field. */ MD5Init(&md5_ctx); - MD5Update(&md5_ctx, mac_key->data, - mac_key->length); + + /* NB. When making and verifying SMB signatures, Windows apparently + zero-pads the key to 128 bits if it isn't long enough. + From Nalin Dahyabhai */ + MD5Update(&md5_ctx, mac_key->data, mac_key->length); + if (mac_key->length < sizeof(key_buf)) { + memset(key_buf, 0, sizeof(key_buf)); + MD5Update(&md5_ctx, key_buf, sizeof(key_buf) - mac_key->length); + } MD5Update(&md5_ctx, out->buffer + NBT_HDR_SIZE, out->size - NBT_HDR_SIZE);