diff options
author | Andreas Schneider <asn@samba.org> | 2018-11-06 17:07:24 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:23 +0000 |
commit | 4e6a277242a0acf2936d62f2d7d024d6c5ac08ef (patch) | |
tree | e3c1f5ec02bf483ddb32145e8fa26baafeb1b670 | |
parent | a4abcf3ded1670c05d0310f84989338023512dee (diff) | |
download | samba-4e6a277242a0acf2936d62f2d7d024d6c5ac08ef.tar.gz |
s4:torture: Use GnuTLS MD5 in samr password tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/torture/rpc/samr.c | 68 |
1 files changed, 48 insertions, 20 deletions
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index cb4778ecd79..b9afce460c1 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -48,6 +48,18 @@ #define TEST_MACHINENAME "samrtestmach$" #define TEST_DOMAINNAME "samrtestdom$" +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + +/* Those macros are only available in GnuTLS >= 3.6.4 */ +#ifndef GNUTLS_FIPS140_SET_LAX_MODE +#define GNUTLS_FIPS140_SET_LAX_MODE() +#endif + +#ifndef GNUTLS_FIPS140_SET_STRICT_MODE +#define GNUTLS_FIPS140_SET_STRICT_MODE() +#endif + enum torture_samr_choice { TORTURE_SAMR_PASSWORDS, TORTURE_SAMR_PASSWORDS_PWDLASTSET, @@ -766,7 +778,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; @@ -800,10 +812,14 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key); memcpy(&u.info26.password.data[516], confounder, 16); @@ -857,7 +873,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -893,10 +909,14 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16); @@ -1147,7 +1167,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -1258,10 +1278,14 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); switch (level) { case 18: @@ -2631,7 +2655,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); uint8_t confounder[16]; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; bool ret = true; struct lsa_String server, account; @@ -2674,10 +2698,14 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16); |