diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-05-28 15:20:54 +0200 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2015-05-29 19:50:25 +0200 |
commit | 477ecfbdaf73a8a2b7af31938c14b84242336460 (patch) | |
tree | 5565372b06582e3d1976c58507361bf77670f807 /libcli/smb/smb2_constants.h | |
parent | 3073a2ee7e7e430631ec1516da4db2b311aea900 (diff) | |
download | samba-477ecfbdaf73a8a2b7af31938c14b84242336460.tar.gz |
libcli/smb: In CCM and GCM mode we can't reuse nonces
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Diffstat (limited to 'libcli/smb/smb2_constants.h')
-rw-r--r-- | libcli/smb/smb2_constants.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h index 2bda4e9c6b5..f6edf6ba109 100644 --- a/libcli/smb/smb2_constants.h +++ b/libcli/smb/smb2_constants.h @@ -138,6 +138,11 @@ /* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */ #define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect >= 0x224 */ #define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect >= 0x310 */ +#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\ + ((nonce_len_bytes) >= 16) ? UINT64_MAX : \ + ((nonce_len_bytes) <= 8) ? 0 : \ + (((uint64_t)1 << (((nonce_len_bytes) - 8)*8)) - 1) \ + )) /* SMB2 session (request) flags */ #define SMB2_SESSION_FLAG_BINDING 0x01 |