diff options
| author | Stefan Metzmacher <metze@samba.org> | 2014-10-13 09:53:12 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2014-10-16 19:30:04 +0200 |
| commit | 778ff0c65c5a9260e8a8b3ff152411b4751992a7 (patch) | |
| tree | da425eb1b7b2f9877c428adaadf9536ce5433dc6 /libcli/smb | |
| parent | 03bf8fe4fc78b9f0c7093835a776728089387884 (diff) | |
| download | samba-778ff0c65c5a9260e8a8b3ff152411b4751992a7.tar.gz | |
libcli/smb: support SMB2_ENCRYPTION_AES128_GCM in smb2_signing_[de|en]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'libcli/smb')
| -rw-r--r-- | libcli/smb/smb2_signing.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index b445e7053f0..489e18bbd11 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -220,6 +220,7 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, size_t m_total = 0; union { struct aes_ccm_128_context ccm; + struct aes_gcm_128_context gcm; } c; uint8_t key[AES_BLOCK_SIZE]; @@ -270,6 +271,22 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, aes_ccm_128_digest(&c.ccm, sig); break; + case SMB2_ENCRYPTION_AES128_GCM: + aes_gcm_128_init(&c.gcm, key, tf + SMB2_TF_NONCE); + memset(tf + SMB2_TF_NONCE + AES_GCM_128_IV_SIZE, 0, + 16 - AES_GCM_128_IV_SIZE); + aes_gcm_128_updateA(&c.gcm, tf + SMB2_TF_NONCE, a_total); + for (i=1; i < count; i++) { + aes_gcm_128_crypt(&c.gcm, + (uint8_t *)vector[i].iov_base, + vector[i].iov_len); + aes_gcm_128_updateC(&c.gcm, + (const uint8_t *)vector[i].iov_base, + vector[i].iov_len); + } + aes_gcm_128_digest(&c.gcm, sig); + break; + default: ZERO_STRUCT(key); return NT_STATUS_INVALID_PARAMETER; @@ -298,6 +315,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, uint32_t msg_size = 0; union { struct aes_ccm_128_context ccm; + struct aes_gcm_128_context gcm; } c; uint8_t key[AES_BLOCK_SIZE]; @@ -354,6 +372,20 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, aes_ccm_128_digest(&c.ccm, sig); break; + case SMB2_ENCRYPTION_AES128_GCM: + aes_gcm_128_init(&c.gcm, key, tf + SMB2_TF_NONCE); + aes_gcm_128_updateA(&c.gcm, tf + SMB2_TF_NONCE, a_total); + for (i=1; i < count; i++) { + aes_gcm_128_updateC(&c.gcm, + (const uint8_t *)vector[i].iov_base, + vector[i].iov_len); + aes_gcm_128_crypt(&c.gcm, + (uint8_t *)vector[i].iov_base, + vector[i].iov_len); + } + aes_gcm_128_digest(&c.gcm, sig); + break; + default: ZERO_STRUCT(key); return NT_STATUS_INVALID_PARAMETER; |