diff options
author | Andreas Schneider <asn@samba.org> | 2019-03-13 19:34:23 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-04-30 23:18:28 +0000 |
commit | dcf37228e1d920f753d4cf72204ce7ca6b1fa6e1 (patch) | |
tree | 80d112f310599c773b89af92372cdec6213541e5 /libcli | |
parent | 3f252816ad80ca356d80dbc90ecfdaa4ed9b5942 (diff) | |
download | samba-dcf37228e1d920f753d4cf72204ce7ca6b1fa6e1.tar.gz |
libcli:smb: Use smb2_signing_key for smb2_signing_sign_pdu()
This caches the gnutls hmac handle in the struct so we only allocate it
once.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/smb/smb2_signing.c | 32 | ||||
-rw-r--r-- | libcli/smb/smb2_signing.h | 2 | ||||
-rw-r--r-- | libcli/smb/smbXcli_base.c | 4 |
3 files changed, 20 insertions, 18 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 72c98d6a610..38169b50f62 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -50,7 +50,7 @@ bool smb2_signing_key_valid(const struct smb2_signing_key *key) return true; } -NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key, +NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key, enum protocol_types protocol, struct iovec *vector, int count) @@ -79,9 +79,9 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key, return NT_STATUS_OK; } - if (signing_key.length == 0) { - DEBUG(2,("Wrong session key length %u for SMB2 signing\n", - (unsigned)signing_key.length)); + if (!smb2_signing_key_valid(signing_key)) { + DBG_WARNING("Wrong session key length %zu for SMB2 signing\n", + signing_key->blob.length); return NT_STATUS_ACCESS_DENIED; } @@ -93,7 +93,9 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key, struct aes_cmac_128_context ctx; uint8_t key[AES_BLOCK_SIZE] = {0}; - memcpy(key, signing_key.data, MIN(signing_key.length, 16)); + memcpy(key, + signing_key->blob.data, + MIN(signing_key->blob.length, 16)); aes_cmac_128_init(&ctx, key); for (i=0; i < count; i++) { @@ -105,28 +107,28 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key, ZERO_ARRAY(key); } else { - gnutls_hmac_hd_t hmac_hnd = NULL; uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)]; int rc; - rc = gnutls_hmac_init(&hmac_hnd, - GNUTLS_MAC_SHA256, - signing_key.data, - MIN(signing_key.length, 16)); - if (rc < 0) { - return NT_STATUS_NO_MEMORY; + if (signing_key->hmac_hnd == NULL) { + rc = gnutls_hmac_init(&signing_key->hmac_hnd, + GNUTLS_MAC_SHA256, + signing_key->blob.data, + MIN(signing_key->blob.length, 16)); + if (rc < 0) { + return NT_STATUS_NO_MEMORY; + } } for (i = 0; i < count; i++) { - rc = gnutls_hmac(hmac_hnd, + rc = gnutls_hmac(signing_key->hmac_hnd, vector[i].iov_base, vector[i].iov_len); if (rc < 0) { - gnutls_hmac_deinit(hmac_hnd, NULL); return NT_STATUS_NO_MEMORY; } } - gnutls_hmac_deinit(hmac_hnd, digest); + gnutls_hmac_output(signing_key->hmac_hnd, digest); memcpy(res, digest, sizeof(res)); } DEBUG(5,("signed SMB2 message\n")); diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h index 73621daf90e..7bc0a0263eb 100644 --- a/libcli/smb/smb2_signing.h +++ b/libcli/smb/smb2_signing.h @@ -35,7 +35,7 @@ int smb2_signing_key_destructor(struct smb2_signing_key *key); bool smb2_signing_key_valid(const struct smb2_signing_key *key); -NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key, +NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key, enum protocol_types protocol, struct iovec *vector, int count); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 7261609c967..ebc293ea4a8 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3190,7 +3190,7 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, uint16_t charge; uint16_t credits; uint64_t mid; - const struct smb2_signing_key *signing_key = NULL; + struct smb2_signing_key *signing_key = NULL; if (!tevent_req_is_in_progress(reqs[i])) { return NT_STATUS_INTERNAL_ERROR; @@ -3323,7 +3323,7 @@ skip_credits: if (signing_key != NULL) { NTSTATUS status; - status = smb2_signing_sign_pdu(signing_key->blob, + status = smb2_signing_sign_pdu(signing_key, state->session->conn->protocol, &iov[hdr_iov], num_iov - hdr_iov); if (!NT_STATUS_IS_OK(status)) { |