diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-07-06 15:36:26 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-09-12 23:07:37 +0000 |
commit | b27a67af0216811d330d8a4c52390cf4fc04b5fd (patch) | |
tree | 2f170408ebba1d1f13e70d12ea989a249c4d15fc /lib/crypto | |
parent | 121e439e24a9c03ae900ffca1ae1dda8e059008c (diff) | |
download | samba-b27a67af0216811d330d8a4c52390cf4fc04b5fd.tar.gz |
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/py_crypto.c | 65 | ||||
-rw-r--r-- | lib/crypto/wscript | 2 |
2 files changed, 66 insertions, 1 deletions
diff --git a/lib/crypto/py_crypto.c b/lib/crypto/py_crypto.c index ad18d3ada0f..6753d3d8e9c 100644 --- a/lib/crypto/py_crypto.c +++ b/lib/crypto/py_crypto.c @@ -25,6 +25,7 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> #include "lib/crypto/gnutls_helpers.h" +#include "libcli/auth/libcli_auth.h" static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args) { @@ -100,13 +101,77 @@ static PyObject *py_crypto_set_strict_mode(PyObject *module) Py_RETURN_NONE; } +static PyObject *py_crypto_des_crypt_blob_16(PyObject *self, PyObject *args) +{ + PyObject *py_data = NULL; + uint8_t *data = NULL; + Py_ssize_t data_size; + + PyObject *py_key = NULL; + uint8_t *key = NULL; + Py_ssize_t key_size; + + uint8_t result[16]; + + bool ok; + int ret; + + ok = PyArg_ParseTuple(args, "SS", + &py_data, &py_key); + if (!ok) { + return NULL; + } + + ret = PyBytes_AsStringAndSize(py_data, + (char **)&data, + &data_size); + if (ret != 0) { + return NULL; + } + + ret = PyBytes_AsStringAndSize(py_key, + (char **)&key, + &key_size); + if (ret != 0) { + return NULL; + } + + if (data_size != 16) { + return PyErr_Format(PyExc_ValueError, + "Expected data size of 16 bytes; got %zd", + data_size); + } + + if (key_size != 14) { + return PyErr_Format(PyExc_ValueError, + "Expected key size of 14 bytes; got %zd", + key_size); + } + + ret = des_crypt112_16(result, data, key, + SAMBA_GNUTLS_ENCRYPT); + if (ret != 0) { + return PyErr_Format(PyExc_RuntimeError, + "des_crypt112_16() failed: %d", + ret); + } + + return PyBytes_FromStringAndSize((const char *)result, + sizeof(result)); +} + static const char py_crypto_arcfour_crypt_blob_doc[] = "arcfour_crypt_blob(data, key)\n" "Encrypt the data with RC4 algorithm using the key"; +static const char py_crypto_des_crypt_blob_16_doc[] = "des_crypt_blob_16(data, key) -> bytes\n" + "Encrypt the 16-byte data with DES using " + "the 14-byte key"; + static PyMethodDef py_crypto_methods[] = { { "arcfour_crypt_blob", (PyCFunction)py_crypto_arcfour_crypt_blob, METH_VARARGS, py_crypto_arcfour_crypt_blob_doc }, { "set_relax_mode", (PyCFunction)py_crypto_set_relax_mode, METH_NOARGS, "Set fips to relax mode" }, { "set_strict_mode", (PyCFunction)py_crypto_set_strict_mode, METH_NOARGS, "Set fips to strict mode" }, + { "des_crypt_blob_16", (PyCFunction)py_crypto_des_crypt_blob_16, METH_VARARGS, py_crypto_des_crypt_blob_16_doc }, {0}, }; diff --git a/lib/crypto/wscript b/lib/crypto/wscript index 78927437e37..acf5cb8e731 100644 --- a/lib/crypto/wscript +++ b/lib/crypto/wscript @@ -81,7 +81,7 @@ def build(bld): bld.SAMBA_PYTHON('python_crypto', source='py_crypto.c', - deps='gnutls talloc', + deps='gnutls talloc LIBCLI_AUTH', realname='samba/crypto.so') bld.SAMBA_BINARY('test_gnutls_aead_aes_256_cbc_hmac_sha512', |