libcli:smb: Return NSTATUS for smb2_signing_check_pdu()

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Andreas Schneider <asn@samba.org> 2019-06-11 12:03:33 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-06-24 06:11:16 +0000
commit: d61601d44f67da9cf671dbef6f2f8d9afa0700b7 (patch)
tree: d3c653a36d6255c6f2c7c19636e05408444446ba /libcli
parent: 1f4bd1c36591ebe337952e56265f5c829b5f96a3 (diff)
download: samba-d61601d44f67da9cf671dbef6f2f8d9afa0700b7.tar.gz
3 files changed, 59 insertions, 36 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 62b53ccbe48..240a939b422 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -24,6 +24,7 @@
 #include "../lib/crypto/crypto.h"
 #include "lib/util/iov_buf.h"
 
+#include "libcli/util/gnutls_error.h"
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
@@ -241,10 +242,10 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
 	return NT_STATUS_OK;
 }
 
-void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
-			 const uint8_t *Label, size_t Label_len,
-			 const uint8_t *Context, size_t Context_len,
-			 uint8_t KO[16])
+NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
+			     const uint8_t *Label, size_t Label_len,
+			     const uint8_t *Context, size_t Context_len,
+			     uint8_t KO[16])
 {
 	gnutls_hmac_hd_t hmac_hnd = NULL;
 	uint8_t buf[4];
@@ -263,36 +264,41 @@ void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
 			      GNUTLS_MAC_SHA256,
 			      KI,
 			      KI_len);
-	if (rc != 0) {
-		return;
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 
 	RSIVAL(buf, 0, i);
 	rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
 	if (rc < 0) {
-		gnutls_hmac_deinit(hmac_hnd, NULL);
-		return;
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 	rc = gnutls_hmac(hmac_hnd, Label, Label_len);
 	if (rc < 0) {
 		gnutls_hmac_deinit(hmac_hnd, NULL);
-		return;
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 	rc = gnutls_hmac(hmac_hnd, &zero, 1);
 	if (rc < 0) {
 		gnutls_hmac_deinit(hmac_hnd, NULL);
-		return;
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 	rc = gnutls_hmac(hmac_hnd, Context, Context_len);
 	if (rc < 0) {
 		gnutls_hmac_deinit(hmac_hnd, NULL);
-		return;
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 	RSIVAL(buf, 0, L);
 	rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
 	if (rc < 0) {
 		gnutls_hmac_deinit(hmac_hnd, NULL);
-		return;
+		return gnutls_error_to_ntstatus(rc,
+						NT_STATUS_HMAC_NOT_SUPPORTED);
 	}
 
 	gnutls_hmac_deinit(hmac_hnd, digest);
@@ -300,6 +306,8 @@ void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
 	memcpy(KO, digest, 16);
 
 	ZERO_ARRAY(digest);
+
+	return NT_STATUS_OK;
 }
 
 NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
index 646567c9d75..6e1682955c9 100644
--- a/libcli/smb/smb2_signing.h
+++ b/libcli/smb/smb2_signing.h
@@ -45,10 +45,10 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
 				const struct iovec *vector,
 				int count);
 
-void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
-			 const uint8_t *Label, size_t Label_len,
-			 const uint8_t *Context, size_t Context_len,
-			 uint8_t KO[16]);
+NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
+			     const uint8_t *Label, size_t Label_len,
+			     const uint8_t *Context, size_t Context_len,
+			     uint8_t KO[16]);
 
 NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
 				  uint16_t cipher_id,
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1af550d9cdd..40e9e721fb1 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -6096,10 +6096,13 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	if (conn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.signing;
 
-		smb2_key_derivation(session_key, sizeof(session_key),
-				    d->label.data, d->label.length,
-				    d->context.data, d->context.length,
-				    session->smb2->signing_key->blob.data);
+		status = smb2_key_derivation(session_key, sizeof(session_key),
+					     d->label.data, d->label.length,
+					     d->context.data, d->context.length,
+					     session->smb2->signing_key->blob.data);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	session->smb2->encryption_key =
@@ -6113,10 +6116,13 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	if (conn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.encryption;
 
-		smb2_key_derivation(session_key, sizeof(session_key),
-				    d->label.data, d->label.length,
-				    d->context.data, d->context.length,
-				    session->smb2->encryption_key.data);
+		status = smb2_key_derivation(session_key, sizeof(session_key),
+					     d->label.data, d->label.length,
+					     d->context.data, d->context.length,
+					     session->smb2->encryption_key.data);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	session->smb2->decryption_key =
@@ -6130,10 +6136,13 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	if (conn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.decryption;
 
-		smb2_key_derivation(session_key, sizeof(session_key),
-				    d->label.data, d->label.length,
-				    d->context.data, d->context.length,
-				    session->smb2->decryption_key.data);
+		status = smb2_key_derivation(session_key, sizeof(session_key),
+					     d->label.data, d->label.length,
+					     d->context.data, d->context.length,
+					     session->smb2->decryption_key.data);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	session->smb2->application_key =
@@ -6147,10 +6156,13 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	if (conn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.application;
 
-		smb2_key_derivation(session_key, sizeof(session_key),
-				    d->label.data, d->label.length,
-				    d->context.data, d->context.length,
-				    session->smb2->application_key.data);
+		status = smb2_key_derivation(session_key, sizeof(session_key),
+					     d->label.data, d->label.length,
+					     d->context.data, d->context.length,
+					     session->smb2->application_key.data);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 	ZERO_STRUCT(session_key);
 
@@ -6348,10 +6360,13 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
 	if (conn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.signing;
 
-		smb2_key_derivation(channel_key, sizeof(channel_key),
-				    d->label.data, d->label.length,
-				    d->context.data, d->context.length,
-				    session->smb2_channel.signing_key->blob.data);
+		status = smb2_key_derivation(channel_key, sizeof(channel_key),
+					     d->label.data, d->label.length,
+					     d->context.data, d->context.length,
+					     session->smb2_channel.signing_key->blob.data);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 	ZERO_STRUCT(channel_key);
author	Andreas Schneider <asn@samba.org>	2019-06-11 12:03:33 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-06-24 06:11:16 +0000
commit	d61601d44f67da9cf671dbef6f2f8d9afa0700b7 (patch)
tree	d3c653a36d6255c6f2c7c19636e05408444446ba /libcli
parent	1f4bd1c36591ebe337952e56265f5c829b5f96a3 (diff)
download	samba-d61601d44f67da9cf671dbef6f2f8d9afa0700b7.tar.gz