diff options
author | Andreas Schneider <asn@samba.org> | 2018-10-11 14:51:18 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-04-30 23:18:28 +0000 |
commit | c04571d47cc4ab94bba74c397afb05c7b25ba5e5 (patch) | |
tree | 616d76150ee98d5e674dc395955455ed904f5d3c /auth | |
parent | 015e4d2dc2776d7d56edd51a1b9cad510f24e537 (diff) | |
download | samba-c04571d47cc4ab94bba74c397afb05c7b25ba5e5.tar.gz |
auth:gensec: Use GnuTLS SHA256 HMAC for schannel
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/schannel.c | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 441801bac47..eea83d302ee 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -36,6 +36,9 @@ #include "lib/crypto/crypto.h" #include "libds/common/roles.h" +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -223,11 +226,16 @@ static void netsec_do_sign(struct schannel_state *state, uint8_t *checksum) { if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - struct HMACSHA256Context ctx; - - hmac_sha256_init(state->creds->session_key, - sizeof(state->creds->session_key), - &ctx); + gnutls_hmac_hd_t hmac_hnd = NULL; + int rc; + + rc = gnutls_hmac_init(&hmac_hnd, + GNUTLS_MAC_SHA256, + state->creds->session_key, + sizeof(state->creds->session_key)); + if (rc < 0) { + return; + } if (confounder) { SSVAL(header, 0, NL_SIGN_HMAC_SHA256); @@ -235,20 +243,36 @@ static void netsec_do_sign(struct schannel_state *state, SSVAL(header, 4, 0xFFFF); SSVAL(header, 6, 0x0000); - hmac_sha256_update(header, 8, &ctx); - hmac_sha256_update(confounder, 8, &ctx); + rc = gnutls_hmac(hmac_hnd, header, 8); + if (rc < 0) { + gnutls_hmac_deinit(hmac_hnd, NULL); + return; + } + rc = gnutls_hmac(hmac_hnd, confounder, 8); + if (rc < 0) { + gnutls_hmac_deinit(hmac_hnd, NULL); + return; + } } else { SSVAL(header, 0, NL_SIGN_HMAC_SHA256); SSVAL(header, 2, NL_SEAL_NONE); SSVAL(header, 4, 0xFFFF); SSVAL(header, 6, 0x0000); - hmac_sha256_update(header, 8, &ctx); + rc = gnutls_hmac(hmac_hnd, header, 8); + if (rc < 0) { + gnutls_hmac_deinit(hmac_hnd, NULL); + return; + } } - hmac_sha256_update(data, length, &ctx); + rc = gnutls_hmac(hmac_hnd, data, length); + if (rc < 0) { + gnutls_hmac_deinit(hmac_hnd, NULL); + return; + } - hmac_sha256_final(checksum, &ctx); + gnutls_hmac_deinit(hmac_hnd, checksum); } else { uint8_t packet_digest[16]; static const uint8_t zeros[4]; |