diff options
author | Andreas Schneider <asn@samba.org> | 2019-03-18 15:13:08 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-08-21 09:57:30 +0000 |
commit | a96728586150768957b88a0714b15f13ee9f81af (patch) | |
tree | e1a3e69a5b889297d11e94321a091a475766a681 /libcli/auth/credentials.c | |
parent | ded5aad21b54b8783f7390fb2eca483d3861eeff (diff) | |
download | samba-a96728586150768957b88a0714b15f13ee9f81af.tar.gz |
libcli:auth: Use GnuTLS AES128 CFB for netlogon_creds_aes_decrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth/credentials.c')
-rw-r--r-- | libcli/auth/credentials.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 87f8820238e..cfeab6efdcd 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -22,10 +22,13 @@ #include "includes.h" #include "system/time.h" -#include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "../libcli/security/dom_sid.h" +#ifndef HAVE_GNUTLS_AES_CFB8 +#include "lib/crypto/aes.h" +#endif + #include "lib/crypto/gnutls_helpers.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> @@ -345,12 +348,48 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds */ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len) { +#ifdef HAVE_GNUTLS_AES_CFB8 + gnutls_cipher_hd_t cipher_hnd = NULL; + gnutls_datum_t key = { + .data = creds->session_key, + .size = sizeof(creds->session_key), + }; + uint32_t iv_size = + gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8); + uint8_t _iv[iv_size]; + gnutls_datum_t iv = { + .data = _iv, + .size = iv_size, + }; + int rc; + + ZERO_ARRAY(_iv); + + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_AES_128_CFB8, + &key, + &iv); + if (rc < 0) { + DBG_ERR("ERROR: gnutls_cipher_init: %s\n", + gnutls_strerror(rc)); + return; + } + + rc = gnutls_cipher_decrypt(cipher_hnd, data, len); + gnutls_cipher_deinit(cipher_hnd); + if (rc < 0) { + DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n", + gnutls_strerror(rc)); + return; + } +#else /* NOT HAVE_GNUTLS_AES_CFB8 */ AES_KEY key; uint8_t iv[AES_BLOCK_SIZE] = {0}; AES_set_encrypt_key(creds->session_key, 128, &key); aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT); +#endif /* HAVE_GNUTLS_AES_CFB8 */ } /***************************************************************** |