diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-11-08 15:40:01 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-10 00:30:30 +0000 |
commit | a5548af018643f2e78c482e33ef0e6073db149e4 (patch) | |
tree | 324edb9765f2874367e3c9a706504ebaa7653546 /libcli | |
parent | 2eef12904f2c08257394a2ee869960f7c2e09112 (diff) | |
download | samba-a5548af018643f2e78c482e33ef0e6073db149e4.tar.gz |
smbdes: convert E_P24() and SMBOWFencrypt to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/ntlm_check.c | 6 | ||||
-rw-r--r-- | libcli/auth/proto.h | 10 | ||||
-rw-r--r-- | libcli/auth/smbdes.c | 18 | ||||
-rw-r--r-- | libcli/auth/smbencrypt.c | 28 | ||||
-rw-r--r-- | libcli/auth/tests/test_gnutls.c | 8 |
5 files changed, 49 insertions, 21 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 5058add3811..9f779f85fa1 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -36,6 +36,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, { /* Finish the encryption of part_passwd. */ uint8_t p24[24]; + int rc; if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); @@ -55,7 +56,10 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, return false; } - SMBOWFencrypt(part_passwd, sec_blob->data, p24); + rc = SMBOWFencrypt(part_passwd, sec_blob->data, p24); + if (rc != 0) { + return false; + } #if DEBUG_PASSWORD DEBUG(100,("Part password (P16) was |\n")); diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 212b46bb0e8..5209d6766e4 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -99,7 +99,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */ -void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]); +int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]); bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]); /** @@ -129,9 +129,9 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, uint8_t kr_buf[16]); -void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); -void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24); -void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24); +int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); +int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24); +int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24); NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16], const DATA_BLOB *srv_chal, const DATA_BLOB *smbcli_chal, @@ -224,7 +224,7 @@ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], enum samba_gnutls_direction encrypt); int E_P16(const uint8_t *p14,uint8_t *p16); -void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24); +int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24); void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out); void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]); void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw); diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c index 46fd5849f5b..4e3499f9d26 100644 --- a/libcli/auth/smbdes.c +++ b/libcli/auth/smbdes.c @@ -374,11 +374,21 @@ int E_P16(const uint8_t *p14,uint8_t *p16) return des_crypt56_gnutls(p16+8, sp8, p14+7, SAMBA_GNUTLS_ENCRYPT); } -void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24) +int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24) { - des_crypt56(p24, c8, p21, 1); - des_crypt56(p24+8, c8, p21+7, 1); - des_crypt56(p24+16, c8, p21+14, 1); + int ret; + + ret = des_crypt56_gnutls(p24, c8, p21, SAMBA_GNUTLS_ENCRYPT); + if (ret != 0) { + return ret; + } + + ret = des_crypt56_gnutls(p24+8, c8, p21+7, SAMBA_GNUTLS_ENCRYPT); + if (ret != 0) { + return ret; + } + + return des_crypt56_gnutls(p24+16, c8, p21+14, SAMBA_GNUTLS_ENCRYPT); } void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out) diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index f2f446eda97..337e89ef559 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -32,14 +32,15 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> -void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]) +int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]) { uint8_t p21[21]; + int rc; memset(p21,'\0',21); memcpy(p21, lm_hash, 16); - SMBOWFencrypt(p21, c8, p24); + rc = SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100,("SMBencrypt_hash: lm#, challenge, response\n")); @@ -47,6 +48,8 @@ void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[2 dump_data(100, c8, 8); dump_data(100, p24, 24); #endif + + return rc; } /* @@ -61,9 +64,13 @@ bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]) { bool ret; uint8_t lm_hash[16]; + int rc; ret = E_deshash(passwd, lm_hash); - SMBencrypt_hash(lm_hash, c8, p24); + rc = SMBencrypt_hash(lm_hash, c8, p24); + if (rc != 0) { + ret = false; + } return ret; } @@ -266,25 +273,26 @@ out: } /* Does the des encryption from the NT or LM MD4 hash. */ -void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]) +int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]) { uint8_t p21[21]; ZERO_STRUCT(p21); memcpy(p21, passwd, 16); - E_P24(p21, c8, p24); + return E_P24(p21, c8, p24); } /* Does the des encryption. */ -void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24) +int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24) { uint8_t p21[21]; + int rc; memset(p21,'\0',21); memcpy(p21, nt_hash, 16); - SMBOWFencrypt(p21, c8, p24); + rc = SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n")); @@ -292,15 +300,17 @@ void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p2 dump_data(100, c8, 8); dump_data(100, p24, 24); #endif + + return rc; } /* Does the NT MD4 hash then des encryption. Plaintext version of the above. */ -void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24) +int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24) { uint8_t nt_hash[16]; E_md4hash(passwd, nt_hash); - SMBNTencrypt_hash(nt_hash, c8, p24); + return SMBNTencrypt_hash(nt_hash, c8, p24); } diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c index a6e8fd5b352..9fafe2a767b 100644 --- a/libcli/auth/tests/test_gnutls.c +++ b/libcli/auth/tests/test_gnutls.c @@ -298,8 +298,10 @@ static void torture_gnutls_E_P24(void **state) }; uint8_t crypt[24]; + int rc; - E_P24(key, c8, crypt); + rc = E_P24(key, c8, crypt); + assert_int_equal(rc, 0); assert_memory_equal(crypt, crypt_expected, 24); } @@ -319,8 +321,10 @@ static void torture_gnutls_SMBOWFencrypt(void **state) }; uint8_t crypt[24]; + int rc; - SMBOWFencrypt(password, c8, crypt); + rc = SMBOWFencrypt(password, c8, crypt); + assert_int_equal(rc, 0); assert_memory_equal(crypt, crypt_expected, 24); } |