diff options
| author | Andreas Schneider <asn@samba.org> | 2019-08-23 09:12:21 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-08 14:12:44 +0000 |
| commit | 4a24d9499757dea377b4e3d8beb7f2c10fd5c5d0 (patch) | |
| tree | 1915547a73dc6e94e21fdcf2ed53f59063bf265c | |
| parent | 70fdd4821aa811f90944bee17cc85e3ae9302279 (diff) | |
| download | samba-4a24d9499757dea377b4e3d8beb7f2c10fd5c5d0.tar.gz | |
libcli:smb: Use gnutls_aead_cipher_decryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 8 14:12:44 UTC 2019 on sn-devel-184
| -rw-r--r-- | libcli/smb/smb2_signing.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index ac0f6f4d29f..166ab9d83ff 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -588,13 +588,12 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, { uint8_t *tf; uint16_t flags; - int i; size_t a_total; ssize_t m_total; uint32_t msg_size = 0; uint32_t iv_size = 0; uint32_t key_size = 0; - uint32_t tag_size = 0; + size_t tag_size = 0; uint8_t _key[16] = {0}; gnutls_cipher_algorithm_t algo = 0; gnutls_datum_t key; @@ -680,12 +679,37 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, } } +#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 + { + giovec_t auth_iov[1]; + + auth_iov[0] = (giovec_t) { + .iov_base = tf + SMB2_TF_NONCE, + .iov_len = a_total, + }; + + rc = gnutls_aead_cipher_decryptv2(decryption_key->cipher_hnd, + iv.data, + iv.size, + auth_iov, + 1, + &vector[1], + count - 1, + tf + SMB2_TF_SIGNATURE, + tag_size); + if (rc < 0) { + status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); + goto out; + } + } +#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */ { size_t ctext_size = m_total + tag_size; uint8_t *ctext = NULL; size_t ptext_size = m_total; uint8_t *ptext = NULL; size_t len = 0; + int i; /* GnuTLS doesn't have a iovec API for decryption yet */ @@ -751,6 +775,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, TALLOC_FREE(ptext); TALLOC_FREE(ctext); } +#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */ DBG_INFO("Decrypted SMB2 message\n"); |