libcli/smb: In CCM and GCM mode we can't reuse nonces

Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure, so make sure the server drops the connection if that ever happens. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-05-28 15:20:54 +0200
committer: Simo Sorce <idra@samba.org> 2015-05-29 19:50:25 +0200
commit: 477ecfbdaf73a8a2b7af31938c14b84242336460 (patch)
tree: 5565372b06582e3d1976c58507361bf77670f807 /libcli/smb/smb2_constants.h
parent: 3073a2ee7e7e430631ec1516da4db2b311aea900 (diff)
download: samba-477ecfbdaf73a8a2b7af31938c14b84242336460.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 2bda4e9c6b5..f6edf6ba109 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -138,6 +138,11 @@
 /* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */
 #define SMB2_ENCRYPTION_AES128_CCM         0x0001 /* only in dialect >= 0x224 */
 #define SMB2_ENCRYPTION_AES128_GCM         0x0002 /* only in dialect >= 0x310 */
+#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\
+	((nonce_len_bytes) >= 16) ? UINT64_MAX : \
+	((nonce_len_bytes) <= 8) ? 0 : \
+	(((uint64_t)1 << (((nonce_len_bytes) - 8)*8)) - 1) \
+	))
 
 /* SMB2 session (request) flags */
 #define SMB2_SESSION_FLAG_BINDING       0x01
author	Stefan Metzmacher <metze@samba.org>	2015-05-28 15:20:54 +0200
committer	Simo Sorce <idra@samba.org>	2015-05-29 19:50:25 +0200
commit	477ecfbdaf73a8a2b7af31938c14b84242336460 (patch)
tree	5565372b06582e3d1976c58507361bf77670f807 /libcli/smb/smb2_constants.h
parent	3073a2ee7e7e430631ec1516da4db2b311aea900 (diff)
download	samba-477ecfbdaf73a8a2b7af31938c14b84242336460.tar.gz