diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-06-27 16:45:33 +1200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-27 12:54:23 +0000 |
| commit | ad4505624e07f7a31c27a92c3867d343f2d9e9c3 (patch) | |
| tree | 9cd75e96a1260af5a7d130ab837ba249a2e09c79 /lib/crypto | |
| parent | d5856b993e8ddd83f36097a5aba0026aa8e9d2ca (diff) | |
| download | samba-ad4505624e07f7a31c27a92c3867d343f2d9e9c3.tar.gz | |
lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()
This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib/crypto')
| -rw-r--r-- | lib/crypto/gnutls_arcfour_confounded_md5.c | 36 | ||||
| -rw-r--r-- | lib/crypto/gnutls_helpers.h | 8 | ||||
| -rw-r--r-- | lib/crypto/wscript_build | 2 |
3 files changed, 35 insertions, 11 deletions
diff --git a/lib/crypto/gnutls_arcfour_confounded_md5.c b/lib/crypto/gnutls_arcfour_confounded_md5.c index 27fede2656e..b99e611df75 100644 --- a/lib/crypto/gnutls_arcfour_confounded_md5.c +++ b/lib/crypto/gnutls_arcfour_confounded_md5.c @@ -36,19 +36,22 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> #include "gnutls_helpers.h" -#include "arcfour.h" #include "lib/util/memory.h" int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, const DATA_BLOB *key_input2, - DATA_BLOB *data) + DATA_BLOB *data, + enum samba_gnutls_direction encrypt) { int rc; gnutls_hash_hd_t hash_hnd = NULL; uint8_t confounded_key[16]; - DATA_BLOB confounded_key_as_blob - = data_blob_const(confounded_key, - sizeof(confounded_key)); + gnutls_cipher_hd_t cipher_hnd = NULL; + gnutls_datum_t confounded_key_datum = { + .data = confounded_key, + .size = sizeof(confounded_key), + }; + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); if (rc < 0) { return rc; @@ -64,12 +67,27 @@ int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, return rc; } - gnutls_hash_deinit(hash_hnd, confounded_key_as_blob.data); + gnutls_hash_deinit(hash_hnd, confounded_key); - arcfour_crypt_blob(data->data, data->length, - &confounded_key_as_blob); + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &confounded_key_datum, + NULL); + if (rc < 0) { + return rc; + } + if (encrypt == SAMBA_GNUTLS_ENCRYPT) { + rc = gnutls_cipher_encrypt(cipher_hnd, + data->data, + data->length); + } else { + rc = gnutls_cipher_decrypt(cipher_hnd, + data->data, + data->length); + } + gnutls_cipher_deinit(cipher_hnd); ZERO_ARRAY(confounded_key); - return 0; + return rc; } diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h index fedbb5307e0..b8288c25649 100644 --- a/lib/crypto/gnutls_helpers.h +++ b/lib/crypto/gnutls_helpers.h @@ -37,8 +37,14 @@ WERROR _gnutls_error_to_werror(int gnutls_rc, _gnutls_error_to_werror(gnutls_rc, blocked_werr, \ __FUNCTION__, __location__) +enum samba_gnutls_direction { + SAMBA_GNUTLS_ENCRYPT, + SAMBA_GNUTLS_DECRYPT +}; + int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, const DATA_BLOB *key_input2, - DATA_BLOB *data); + DATA_BLOB *data, + enum samba_gnutls_direction encrypt); #endif /* _GNUTLS_HELPERS_H */ diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build index a263d08f638..2ad8dfe2cd0 100644 --- a/lib/crypto/wscript_build +++ b/lib/crypto/wscript_build @@ -10,7 +10,7 @@ bld.SAMBA_SUBSYSTEM('GNUTLS_HELPERS', gnutls_error.c gnutls_arcfour_confounded_md5.c ''', - deps='gnutls samba-errors LIBCRYPTO'); + deps='gnutls samba-errors'); bld.SAMBA_SUBSYSTEM('LIBCRYPTO', source='''md4.c arcfour.c |