diff options
author | Andreas Schneider <asn@samba.org> | 2018-10-29 18:16:09 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:21 +0000 |
commit | f7d952398bdf536362b56548929ee45e4bb759e8 (patch) | |
tree | c70f54a3ade9da1e02b9a6d45b0a2290a43b6a25 /libcli | |
parent | a6eeb49b391b1318a5167ec9e5011654ff377632 (diff) | |
download | samba-f7d952398bdf536362b56548929ee45e4bb759e8.tar.gz |
libcli:smb: Use GnuTLS MD5 and HMAC MD5 in smb_signing_md5()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/smb/smb_signing.c | 62 |
1 files changed, 40 insertions, 22 deletions
diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c index bb4aa6dd13c..0ffd1095b6b 100644 --- a/libcli/smb/smb_signing.c +++ b/libcli/smb/smb_signing.c @@ -24,6 +24,9 @@ #include "smb_common.h" #include "smb_signing.h" +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + /* Used by the SMB signing functions. */ struct smb_signing_state { @@ -146,7 +149,8 @@ static void smb_signing_md5(const DATA_BLOB *mac_key, { const size_t offset_end_of_sig = (HDR_SS_FIELD + 8); uint8_t sequence_buf[8]; - MD5_CTX md5_ctx; + gnutls_hash_hd_t hash_hnd = NULL; + int rc; /* * Firstly put the sequence number into the first 4 bytes. @@ -160,28 +164,42 @@ static void smb_signing_md5(const DATA_BLOB *mac_key, SIVAL(sequence_buf, 0, seq_number); SIVAL(sequence_buf, 4, 0); - /* Calculate the 16 byte MAC - but don't alter the data in the - incoming packet. - - This makes for a bit of fussing about, but it's not too bad. - */ - MD5Init(&md5_ctx); - - /* initialise with the key */ - MD5Update(&md5_ctx, mac_key->data, mac_key->length); - - /* copy in the first bit of the SMB header */ - MD5Update(&md5_ctx, hdr, HDR_SS_FIELD); - - /* copy in the sequence number, instead of the signature */ - MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf)); - - /* copy in the rest of the packet in, skipping the signature */ - MD5Update(&md5_ctx, hdr + offset_end_of_sig, - len - (offset_end_of_sig)); + /* + * Calculate the 16 byte MAC - but don't alter the data in the + * incoming packet. + * + * This makes for a bit of fussing about, but it's not too bad. + */ + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + return; + } + /* Initialise with the key. */ + rc = gnutls_hash(hash_hnd, mac_key->data, mac_key->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return; + } + /* Copy in the first bit of the SMB header. */ + rc = gnutls_hash(hash_hnd, hdr, HDR_SS_FIELD); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return; + } + /* Copy in the sequence number, instead of the signature. */ + rc = gnutls_hash(hash_hnd, sequence_buf, sizeof(sequence_buf)); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return; + } + /* Copy in the rest of the packet in, skipping the signature. */ + rc = gnutls_hash(hash_hnd, hdr + offset_end_of_sig, len - offset_end_of_sig); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return; + } - /* calculate the MD5 sig */ - MD5Final(calc_md5_mac, &md5_ctx); + gnutls_hash_deinit(hash_hnd, calc_md5_mac); } uint32_t smb_signing_next_seqnum(struct smb_signing_state *si, bool oneway) |