Module: RubySMB::Signing

Included in:
Client, RubySMB::Server::ServerClient
Defined in:
lib/ruby_smb/signing.rb

Overview

Contains the methods for handling packet signing

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#session_keyString

Returns:

  • (String) 


7
8
9
 
# File 'lib/ruby_smb/signing.rb', line 7

def session_key
  @session_key
end

Instance Method Details

#smb1_sign(packet) ⇒ RubySMB::GenericPacket

Take an SMB1 packet and sign it.

Parameters:

Returns:



13
14
15
16
17
18
19
20
21
22
 
# File 'lib/ruby_smb/signing.rb', line 13

def smb1_sign(packet)
  # Pack the Sequence counter into a int64le
  packed_sequence_counter = [sequence_counter].pack('Q<')
  packet.smb_header.security_features = packed_sequence_counter
  signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
  packet.smb_header.security_features = signature
  @sequence_counter += 1

  packet
end

#smb2_sign(packet) ⇒ RubySMB::GenericPacket

Take an SMB2 packet and sign it.

Parameters:

Returns:



28
29
30
31
32
33
34
35
 
# File 'lib/ruby_smb/signing.rb', line 28

def smb2_sign(packet)
  packet.smb2_header.flags.signed = 1
  packet.smb2_header.signature = "\x00" * 16
  hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), session_key, packet.to_binary_s)
  packet.smb2_header.signature = hmac[0, 16]

  packet
end

#smb3_sign(packet) ⇒ RubySMB::GenericPacket

Take an SMB3 packet and sign it.

Parameters:

Returns:



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/ruby_smb/signing.rb', line 41

def smb3_sign(packet)
  case @dialect
  when '0x0300', '0x0302'
    signing_key = Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
  when '0x0311'
    signing_key = Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
  else
    raise Error::SigningError.new("Dialect #{@dialect.inspect} is incompatible with SMBv3 signing")
  end

  packet.smb2_header.flags.signed = 1
  packet.smb2_header.signature = "\x00" * 16
  hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
  packet.smb2_header.signature = hmac[0, 16]

  packet
end