diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-06-27 15:05:49 +1200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-27 12:54:23 +0000 |
commit | 31bac316daa1b5bbf70d62950cebee655b3c1d95 (patch) | |
tree | 0328fd25b67f8178be351b754f7d9647c89b18c7 /lib/crypto | |
parent | 52c87fa16512c040066dbfd8d1811a1d28851850 (diff) | |
download | samba-31bac316daa1b5bbf70d62950cebee655b3c1d95.tar.gz |
lib/crypto: Add GnuTLS helper function samba_gnutls_arcfour_confounded_md5()
This will avoid duplicated code as we convert arcfour_crypt_blob() into
direct GnuTLS calls
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/gnutls_arcfour_confounded_md5.c | 75 | ||||
-rw-r--r-- | lib/crypto/gnutls_helpers.h | 5 | ||||
-rw-r--r-- | lib/crypto/wscript_build | 7 |
3 files changed, 85 insertions, 2 deletions
diff --git a/lib/crypto/gnutls_arcfour_confounded_md5.c b/lib/crypto/gnutls_arcfour_confounded_md5.c new file mode 100644 index 00000000000..27fede2656e --- /dev/null +++ b/lib/crypto/gnutls_arcfour_confounded_md5.c @@ -0,0 +1,75 @@ +/* + Unix SMB/CIFS implementation. + Wrapper for gnutls hash and encryption functions + + Copyright (C) Stefan Metzmacher <metze@samba.org> 2007 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019 + Copyright (c) Andreas Schneider <asn@samba.org> 2019 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +*/ + +/* + * This (arcfour over data with a key combined from two imputs, one + * the key another the confounder), is a common pattern in pre-AES + * windows cryptography + * + * Some protocols put the confounder first, others second so both + * parameters are named key_input here. + * + */ + +#include "includes.h" +#include "lib/util/data_blob.h" +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> +#include "gnutls_helpers.h" +#include "arcfour.h" +#include "lib/util/memory.h" + +int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, + const DATA_BLOB *key_input2, + DATA_BLOB *data) +{ + int rc; + gnutls_hash_hd_t hash_hnd = NULL; + uint8_t confounded_key[16]; + DATA_BLOB confounded_key_as_blob + = data_blob_const(confounded_key, + sizeof(confounded_key)); + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + return rc; + } + rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return rc; + } + rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return rc; + } + + gnutls_hash_deinit(hash_hnd, confounded_key_as_blob.data); + + arcfour_crypt_blob(data->data, data->length, + &confounded_key_as_blob); + + ZERO_ARRAY(confounded_key); + + return 0; +} diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h index e1a17168297..fedbb5307e0 100644 --- a/lib/crypto/gnutls_helpers.h +++ b/lib/crypto/gnutls_helpers.h @@ -36,4 +36,9 @@ WERROR _gnutls_error_to_werror(int gnutls_rc, #define gnutls_error_to_werror(gnutls_rc, blocked_werr) \ _gnutls_error_to_werror(gnutls_rc, blocked_werr, \ __FUNCTION__, __location__) + +int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, + const DATA_BLOB *key_input2, + DATA_BLOB *data); + #endif /* _GNUTLS_HELPERS_H */ diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build index e482bbfd487..a263d08f638 100644 --- a/lib/crypto/wscript_build +++ b/lib/crypto/wscript_build @@ -6,8 +6,11 @@ if bld.CONFIG_SET("HAVE_AESNI_INTEL"): extra_deps += ' aesni-intel' bld.SAMBA_SUBSYSTEM('GNUTLS_HELPERS', - source='gnutls_error.c', - deps='gnutls samba-errors'); + source=''' + gnutls_error.c + gnutls_arcfour_confounded_md5.c + ''', + deps='gnutls samba-errors LIBCRYPTO'); bld.SAMBA_SUBSYSTEM('LIBCRYPTO', source='''md4.c arcfour.c |