dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()

We already rely on gnutls in order to implement SSL/TLS, so using that
to speed up crypto like aes gcm 128 is fine, but as we already have
code for that algorithm, we should use that instead of adding a new
dependency to libnettle.

Some (I guess newer versions) of gnutls use nettle internally, so
we may end up using that code, but we should not have a direct dependency.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13276

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 07844a9a13506b4ca9181cfde05d9e4170208f88)

5 files changed, 111 insertions, 245 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index 226f62f641e..34c44c7bd9f 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -27,8 +27,8 @@
  * to protect the key.
  *
  * Data is encrypted with AES 128 GCM. The encryption uses gnutls where
- * available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
- * used.
+ * available and if it supports AES 128 GCM AEAD modes, otherwise the
+ * samba internal implementation is used.
  *
  */
 
@@ -40,17 +40,15 @@
 #include "dsdb/samdb/ldb_modules/util.h"
 
 #ifdef TEST_ENCRYPTED_SECRETS
-	#ifdef HAVE_NETTLE_AES_GCM
-		#define BUILD_WITH_NETTLE_AES_GCM
-	#endif
+	#define BUILD_WITH_SAMBA_AES_GCM
 	#ifdef HAVE_GNUTLS_AEAD
 		#define BUILD_WITH_GNUTLS_AEAD
 	#endif
 #else
 	#ifdef HAVE_GNUTLS_AEAD
 		#define BUILD_WITH_GNUTLS_AEAD
-	#elif defined  HAVE_NETTLE_AES_GCM
-		#define BUILD_WITH_NETTLE_AES_GCM
+	#else
+		#define BUILD_WITH_SAMBA_AES_GCM
 	#endif
 #endif
 
@@ -59,9 +57,9 @@
 	#include <gnutls/crypto.h>
 #endif /* BUILD_WITH_GNUTLS_AEAD */
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
-	#include <nettle/gcm.h>
-#endif /* BUILD_WITH_NETTLE_AES_GCM */
+#ifdef BUILD_WITH_SAMBA_AES_GCM
+	#include "lib/crypto/crypto.h"
+#endif /* BUILD_WITH_SAMBA_AES_GCM */
 
 static const char * const secret_attributes[] = {DSDB_SECRET_ATTRIBUTES};
 static const size_t num_secret_attributes = ARRAY_SIZE(secret_attributes);
@@ -72,85 +70,6 @@ static const size_t num_secret_attributes = ARRAY_SIZE(secret_attributes);
 #define SECRETS_KEY_FILE "encrypted_secrets.key"
 
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
-/*
- * Details of a nettle encryption algorithm
- */
-
-#ifndef AES128_KEY_SIZE
-	#define AES128_KEY_SIZE 16
-	#define NETTLE_SIZE_TYPE unsigned
-#else
-	#define NETTLE_SIZE_TYPE size_t
-#endif
-#ifndef GCM_DIGEST_SIZE
-	#define GCM_DIGEST_SIZE 16
-#endif
-struct nettle_details {
-	size_t context_size;	/* Size of the nettle encryption context */
-	size_t block_size;	/* Cipher block size */
-	size_t key_size;	/* Size of the key */
-	size_t iv_size;		/* Size of the initialisation routine */
-	size_t tag_size;	/* Size of the aead tag */
-	/*
-	 * Function to load the encryption key into the context
-	 */
-	void (*set_key)(struct gcm_aes_ctx *,
-			NETTLE_SIZE_TYPE,
-			const uint8_t *);
-	/*
-	 * Function to load the initialisation vector into the context
-	 */
-	void (*set_iv)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, const uint8_t *);
-	/*
-	 * Function to encrypt data
-	 */
-	void (*encrypt)
-		(struct gcm_aes_ctx *,
-		 NETTLE_SIZE_TYPE,
-		 uint8_t *,
-		 const uint8_t *);
-	/*
-	 * Function to decrypt data
-	 */
-	void (*decrypt)
-		(struct gcm_aes_ctx *,
-		 NETTLE_SIZE_TYPE,
-		 uint8_t *,
-		 const uint8_t *);
-	/*
-	 * Function to add extra authentication data to the context.
-	 */
-	void (*update)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, const uint8_t *);
-	/*
-	 * Function returning the authentication tag data
-	 */
-	void (*digest)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, uint8_t *);
-};
-
-/*
- * Configuration of the supported nettle algorithms
- */
-static struct nettle_details nettle_algorithms[] = {
-	/* Algorithms are numbered from 1, so element 0 is empty */
-	{},
-	/* AES-GCM 128 */
-	{
-		.context_size	= sizeof(struct gcm_aes_ctx),
-		.block_size	= GCM_BLOCK_SIZE,
-		.key_size	= AES128_KEY_SIZE,
-		.iv_size	= GCM_IV_SIZE,
-		.tag_size	= GCM_DIGEST_SIZE,
-		.set_key	= gcm_aes_set_key,
-		.set_iv		= gcm_aes_set_iv,
-		.encrypt	= gcm_aes_encrypt,
-		.decrypt	= gcm_aes_decrypt,
-		.update		= gcm_aes_update,
-		.digest		= gcm_aes_digest,
-	}
-};
-#endif /* BUILD_WITH_NETTLE_AES_GCM*/
-
 struct es_data {
 	/*
 	 * Should secret attributes be encrypted and decrypted?
@@ -379,6 +298,7 @@ static bool should_encrypt(const struct ldb_message_element *el)
  *
  * @return Size rounded up to the nearest multiple of block_size
  */
+#ifdef BUILD_WITH_GNUTLS_AEAD
 static size_t round_to_block_size(size_t block_size, size_t size)
 {
 	if ((size % block_size) == 0) {
@@ -387,6 +307,7 @@ static size_t round_to_block_size(size_t block_size, size_t size)
 		return ((int)(size/block_size) + 1) * block_size;
 	}
 }
+#endif /* BUILD_WITH_GNUTLS_AEAD */
 
 /*
  * @brief Create an new EncryptedSecret owned by the supplied talloc context.
@@ -453,11 +374,11 @@ static DATA_BLOB makePlainText(TALLOC_CTX *ctx,
 	return pt;
 }
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
+#ifdef BUILD_WITH_SAMBA_AES_GCM
 /*
  * @brief Encrypt an ldb value using an aead algorithm.
  *
- * This function uses lib nettle directly to perform the encryption. However
+ * This function uses the samba internal implementation to perform the encryption. However
  * the encrypted data and tag are stored in a manner compatible with gnutls,
  * so the gnutls aead functions can be used to decrypt and verify the data.
  *
@@ -472,22 +393,19 @@ static DATA_BLOB makePlainText(TALLOC_CTX *ctx,
  *
  * @return The encrypted ldb_val, or data_blob_null if there was an error.
  */
-static struct ldb_val nettle_encrypt_aead(int *err,
-					  TALLOC_CTX *ctx,
-					  struct ldb_context *ldb,
-					  const struct ldb_val val,
-					  const struct es_data *data)
+static struct ldb_val samba_encrypt_aead(int *err,
+					 TALLOC_CTX *ctx,
+					 struct ldb_context *ldb,
+					 const struct ldb_val val,
+					 const struct es_data *data)
 {
+	struct aes_gcm_128_context cctx;
 	struct EncryptedSecret *es = NULL;
 	DATA_BLOB pt = data_blob_null;
-	const struct nettle_details *ntl = NULL;
-	void *ntl_ctx = NULL;
 	struct ldb_val enc = data_blob_null;
 	DATA_BLOB key_blob = data_blob_null;
 	int rc;
-
 	TALLOC_CTX *frame = talloc_stackframe();
-	ntl = &nettle_algorithms[SECRET_ENCRYPTION_ALGORITHM];
 
 	es = makeEncryptedSecret(ldb, frame);
 	if (es == NULL) {
@@ -499,73 +417,61 @@ static struct ldb_val nettle_encrypt_aead(int *err,
 		goto error_exit;
 	}
 
-	ntl_ctx = talloc_zero_size(frame,  ntl->context_size);
-	if (ntl_ctx == NULL) {
-		ldb_set_errstring(ldb,
-			          "Out of memory allocating nettle "
-				  "encryption context\n");
-		goto error_exit;
-	}
-
 	/*
 	 * Set the encryption key
 	 */
 	key_blob = get_key(data);
-	if (key_blob.length != ntl->key_size) {
+	if (key_blob.length != AES_BLOCK_SIZE) {
 		ldb_asprintf_errstring(ldb,
 				       "Invalid EncryptedSecrets key size, "
-				       "expected %zu bytes and is %zu bytes\n",
-				       ntl->key_size,
+				       "expected %u bytes and is %zu bytes\n",
+				       AES_BLOCK_SIZE,
 				       key_blob.length);
 		goto error_exit;
 	}
-	ntl->set_key(ntl_ctx, key_blob.length, key_blob.data);
 
 	/*
 	 * Set the initialisation vector
 	 */
 	{
-		uint8_t *iv = talloc_zero_size(frame, ntl->iv_size);
+		uint8_t *iv = talloc_zero_size(frame, AES_GCM_128_IV_SIZE);
 		if (iv == NULL) {
 			ldb_set_errstring(ldb,
 					  "Out of memory allocating iv\n");
 			goto error_exit;
 		}
 
-		generate_random_buffer(iv, ntl->iv_size);
+		generate_random_buffer(iv, AES_GCM_128_IV_SIZE);
 
-		es->iv.length = ntl->iv_size;
+		es->iv.length = AES_GCM_128_IV_SIZE;
 		es->iv.data   = iv;
-		ntl->set_iv(ntl_ctx, es->iv.length, es->iv.data);
 	}
 
 	/*
-	 * Set the extra authentication data
-	 */
-	ntl->update(ntl_ctx,
-		    sizeof(struct EncryptedSecretHeader),
-		    (uint8_t *)&es->header);
-
-	/*
 	 * Encrypt the value, and append the GCM digest to the encrypted
 	 * data so that it can be decrypted and validated by the
 	 * gnutls aead decryption routines.
 	 */
 	{
-		const unsigned tag_size = ntl->tag_size;
-		const size_t ed_size = round_to_block_size(
-			ntl->block_size,
-			sizeof(struct PlaintextSecret) + val.length);
-		const size_t en_size = ed_size + tag_size;
-		uint8_t *ct = talloc_zero_size(frame, en_size);
-
-		ntl->encrypt(ntl_ctx, pt.length, ct, pt.data);
-		ntl->digest(ntl_ctx, tag_size, &ct[pt.length]);
+		uint8_t *ct = talloc_zero_size(frame, pt.length + AES_BLOCK_SIZE);
+		if (ct == NULL) {
+			ldb_oom(ldb);
+			goto error_exit;
+		}
 
-		es->encrypted.length = pt.length + tag_size;
+		memcpy(ct, pt.data, pt.length);
+		es->encrypted.length = pt.length + AES_BLOCK_SIZE;
 		es->encrypted.data   = ct;
 	}
 
+	aes_gcm_128_init(&cctx, key_blob.data, es->iv.data);
+	aes_gcm_128_updateA(&cctx,
+		    (uint8_t *)&es->header,
+		    sizeof(struct EncryptedSecretHeader));
+	aes_gcm_128_crypt(&cctx, es->encrypted.data, pt.length);
+	aes_gcm_128_updateC(&cctx, es->encrypted.data, pt.length);
+	aes_gcm_128_digest(&cctx, &es->encrypted.data[pt.length]);
+
 	rc = ndr_push_struct_blob(&enc,
 				  ctx,
 				  es,
@@ -589,7 +495,7 @@ error_exit:
  * @brief Decrypt data encrypted using an aead algorithm.
  *
  * Decrypt the data in ed and insert it into ev. The data was encrypted
- * with one of the nettle aead compatable algorithms.
+ * with the samba aes gcm implementation.
  *
  * @param err  Pointer to an error code, set to:
  *             LDB_SUCESS               If the value was successfully decrypted
@@ -603,53 +509,53 @@ error_exit:
  *
  * @return ev is updated with the unencrypted data.
  */
-static void nettle_decrypt_aead(int *err,
-				TALLOC_CTX *ctx,
-				struct ldb_context *ldb,
-				struct EncryptedSecret *es,
-				struct PlaintextSecret *ps,
-				const struct es_data *data)
+static void samba_decrypt_aead(int *err,
+			       TALLOC_CTX *ctx,
+			       struct ldb_context *ldb,
+			       struct EncryptedSecret *es,
+			       struct PlaintextSecret *ps,
+			       const struct es_data *data)
 {
-
-	const struct nettle_details *ntl =
-		&nettle_algorithms[es->header.algorithm];
-	const unsigned tag_size = ntl->tag_size;
-	void *ntl_ctx = NULL;
+	struct aes_gcm_128_context cctx;
 	DATA_BLOB pt = data_blob_null;
 	DATA_BLOB key_blob = data_blob_null;
+	uint8_t sig[AES_BLOCK_SIZE] = {0, };
 	int rc;
-
+	int cmp;
 	TALLOC_CTX *frame = talloc_stackframe();
 
-
-	ntl_ctx = talloc_zero_size(frame,  ntl->context_size);
-	if (ntl_ctx == NULL) {
-		ldb_set_errstring(ldb,
-				  "Out of memory allocating nettle "
-				  "encryption context\n");
-		goto error_exit;
-	}
-
 	/*
 	 * Set the encryption key
 	 */
 	key_blob = get_key(data);
-	if (key_blob.length != ntl->key_size) {
+	if (key_blob.length != AES_BLOCK_SIZE) {
 		ldb_asprintf_errstring(ldb,
 				       "Invalid EncryptedSecrets key size, "
-				       "expected %zu bytes and is %zu bytes\n",
-				       ntl->key_size,
+				       "expected %u bytes and is %zu bytes\n",
+				       AES_BLOCK_SIZE,
 				       key_blob.length);
 		goto error_exit;
 	}
-	ntl->set_key(ntl_ctx, key_blob.length, key_blob.data);
 
-	ntl->set_iv(ntl_ctx, es->iv.length, es->iv.data);
-	ntl->update(ntl_ctx,
-		    sizeof(struct EncryptedSecretHeader),
-		    (uint8_t *)&es->header);
+	if (es->iv.length < AES_GCM_128_IV_SIZE) {
+		ldb_asprintf_errstring(ldb,
+				       "Invalid EncryptedSecrets iv size, "
+				       "expected %u bytes and is %zu bytes\n",
+				       AES_GCM_128_IV_SIZE,
+				       es->iv.length);
+		goto error_exit;
+	}
+
+	if (es->encrypted.length < AES_BLOCK_SIZE) {
+		ldb_asprintf_errstring(ldb,
+				       "Invalid EncryptedData size, "
+				       "expected %u bytes and is %zu bytes\n",
+				       AES_BLOCK_SIZE,
+				       es->encrypted.length);
+		goto error_exit;
+	}
 
-	pt.length = es->encrypted.length - tag_size;
+	pt.length = es->encrypted.length - AES_BLOCK_SIZE;
 	pt.data   = talloc_zero_size(ctx, pt.length);
 	if (pt.data == NULL) {
 		ldb_set_errstring(ldb,
@@ -657,29 +563,25 @@ static void nettle_decrypt_aead(int *err,
 				  "plain text\n");
 		goto error_exit;
 	}
-	ntl->decrypt(ntl_ctx, pt.length, pt.data, es->encrypted.data);
+	memcpy(pt.data, es->encrypted.data, pt.length);
+
+	aes_gcm_128_init(&cctx, key_blob.data, es->iv.data);
+	aes_gcm_128_updateA(&cctx,
+		    (uint8_t *)&es->header,
+		    sizeof(struct EncryptedSecretHeader));
+	aes_gcm_128_updateC(&cctx, pt.data, pt.length);
+	aes_gcm_128_crypt(&cctx, pt.data, pt.length);
+	aes_gcm_128_digest(&cctx, sig);
 
 	/*
 	 * Check the authentication tag
 	 */
-	{
-		uint8_t *tag = talloc_zero_size(frame, tag_size);
-		if (tag == NULL) {
-			ldb_set_errstring(ldb,
-					  "Out of memory allocating tag\n");
-			goto error_exit;
-		}
-
-		ntl->digest(ntl_ctx, tag_size, tag);
-		if (memcmp(&es->encrypted.data[pt.length],
-			   tag,
-			   tag_size) != 0) {
-
-			ldb_set_errstring(ldb,
-					  "Tag does not match, "
-					  "data corrupted or altered\n");
-			goto error_exit;
-		}
+	cmp = memcmp(&es->encrypted.data[pt.length], sig, AES_BLOCK_SIZE);
+	if (cmp != 0) {
+		ldb_set_errstring(ldb,
+				  "Tag does not match, "
+				  "data corrupted or altered\n");
+		goto error_exit;
 	}
 
 	rc = ndr_pull_struct_blob(&pt,
@@ -702,7 +604,7 @@ error_exit:
 	TALLOC_FREE(frame);
 	return;
 }
-#endif /* BUILD_WITH_NETTLE_AES_GCM */
+#endif /* BUILD_WITH_SAMBA_AES_GCM */
 
 #ifdef BUILD_WITH_GNUTLS_AEAD
 
@@ -1071,8 +973,8 @@ static struct ldb_val encrypt_value(int *err,
 {
 #ifdef BUILD_WITH_GNUTLS_AEAD
 	return gnutls_encrypt_aead(err, ctx, ldb, val, data);
-#elif defined BUILD_WITH_NETTLE_AES_GCM
-	return nettle_encrypt_aead(err, ctx, ldb, val, data);
+#elif defined BUILD_WITH_SAMBA_AES_GCM
+	return samba_encrypt_aead(err, ctx, ldb, val, data);
 #endif
 }
 
@@ -1305,8 +1207,8 @@ static struct ldb_val decrypt_value(int *err,
 	}
 #ifdef BUILD_WITH_GNUTLS_AEAD
 	gnutls_decrypt_aead(err, frame, ldb, &es, &ps, data);
-#elif defined BUILD_WITH_NETTLE_AES_GCM
-	nettle_decrypt_aead(err, frame, ldb, &es, &ps, data);
+#elif defined BUILD_WITH_SAMBA_AES_GCM
+	samba_decrypt_aead(err, frame, ldb, &es, &ps, data);
 #endif
 
 	if (*err != LDB_SUCCESS) {
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
index 7c1363156c4..4aa325635ce 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
@@ -392,11 +392,10 @@ static void test_gnutls_value_encryption(void **state)
 				&plain_text));
 	}
 
-#ifdef HAVE_NETTLE_AES_GCM
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -412,7 +411,6 @@ static void test_gnutls_value_encryption(void **state)
 				&decrypted->cleartext,
 				&plain_text));
 	}
-#endif /* HAVE_NETTLE_AES_GCM */
 }
 #endif /* HAVE_GNUTLS_AEAD */
 
@@ -616,11 +614,10 @@ static void test_gnutls_altered_iv(void **state)
 	}
 }
 #endif /* HAVE_GNUTLS_AEAD */
-#ifdef HAVE_NETTLE_AES_GCM
 /*
- *  Test nettle encryption and decryption and decryption.
+ *  Test samba encryption and decryption and decryption.
  */
-static void test_nettle_value_encryption(void **state)
+static void test_samba_value_encryption(void **state)
 {
 	struct ldbtest_ctx *test_ctx =
 		talloc_get_type_abort(*state, struct ldbtest_ctx);
@@ -635,7 +632,7 @@ static void test_nettle_value_encryption(void **state)
 	int rc;
 
 	plain_text = data_blob_string_const("A text value");
-	cipher_text = nettle_encrypt_aead(
+	cipher_text = samba_encrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -677,7 +674,7 @@ static void test_nettle_value_encryption(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -695,10 +692,8 @@ static void test_nettle_value_encryption(void **state)
 	}
 
 }
-#endif /* HAVE_NETTLE_AES_GCM  */
 
-#ifdef HAVE_NETTLE_AES_GCM
-static void test_nettle_altered_header(void **state)
+static void test_samba_altered_header(void **state)
 {
 	struct ldbtest_ctx *test_ctx =
 		talloc_get_type_abort(*state, struct ldbtest_ctx);
@@ -713,7 +708,7 @@ static void test_nettle_altered_header(void **state)
 	int rc;
 
 	plain_text = data_blob_string_const("A text value");
-	cipher_text = nettle_encrypt_aead(
+	cipher_text = samba_encrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -732,7 +727,7 @@ static void test_nettle_altered_header(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -752,7 +747,7 @@ static void test_nettle_altered_header(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -762,10 +757,8 @@ static void test_nettle_altered_header(void **state)
 		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
 	}
 }
-#endif /* HAVE_NETTLE_AES_GCM */
 
-#ifdef HAVE_NETTLE_AES_GCM
-static void test_nettle_altered_data(void **state)
+static void test_samba_altered_data(void **state)
 {
 	struct ldbtest_ctx *test_ctx =
 		talloc_get_type_abort(*state, struct ldbtest_ctx);
@@ -780,7 +773,7 @@ static void test_nettle_altered_data(void **state)
 	int rc;
 
 	plain_text = data_blob_string_const("A text value");
-	cipher_text = nettle_encrypt_aead(
+	cipher_text = samba_encrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -799,7 +792,7 @@ static void test_nettle_altered_data(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -819,7 +812,7 @@ static void test_nettle_altered_data(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -829,10 +822,8 @@ static void test_nettle_altered_data(void **state)
 		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
 	}
 }
-#endif /* HAVE_NETTLE_AES_GCM */
 
-#ifdef HAVE_NETTLE_AES_GCM
-static void test_nettle_altered_iv(void **state)
+static void test_samba_altered_iv(void **state)
 {
 	struct ldbtest_ctx *test_ctx =
 		talloc_get_type_abort(*state, struct ldbtest_ctx);
@@ -847,7 +838,7 @@ static void test_nettle_altered_iv(void **state)
 	int rc;
 
 	plain_text = data_blob_string_const("A text value");
-	cipher_text = nettle_encrypt_aead(
+	cipher_text = samba_encrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -866,7 +857,7 @@ static void test_nettle_altered_iv(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -886,7 +877,7 @@ static void test_nettle_altered_iv(void **state)
 	{
 		struct PlaintextSecret *decrypted =
 			talloc_zero(test_ctx, struct PlaintextSecret);
-		nettle_decrypt_aead(
+		samba_decrypt_aead(
 			&err,
 			test_ctx,
 			test_ctx->ldb,
@@ -896,7 +887,6 @@ static void test_nettle_altered_iv(void **state)
 		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
 	}
 }
-#endif /* HAVE_NETTLE_AES_GCM */
 
 /*
  *  Test message encryption.
@@ -1153,24 +1143,22 @@ int main(void) {
 			setup_with_key,
 			teardown),
 #endif /* HAVE_GNUTLS_AEAD */
-#ifdef HAVE_NETTLE_AES_GCM
 		cmocka_unit_test_setup_teardown(
-			test_nettle_value_encryption,
+			test_samba_value_encryption,
 			setup_with_key,
 			teardown),
 		cmocka_unit_test_setup_teardown(
-			test_nettle_altered_header,
+			test_samba_altered_header,
 			setup_with_key,
 			teardown),
 		cmocka_unit_test_setup_teardown(
-			test_nettle_altered_data,
+			test_samba_altered_data,
 			setup_with_key,
 			teardown),
 		cmocka_unit_test_setup_teardown(
-			test_nettle_altered_iv,
+			test_samba_altered_iv,
 			setup_with_key,
 			teardown),
-#endif /* HAVE_NETTLE_AES_GCM */
 		cmocka_unit_test_setup_teardown(
 			test_message_encryption_decryption,
 			setup_with_key,
diff --git a/source4/dsdb/samdb/ldb_modules/wscript b/source4/dsdb/samdb/ldb_modules/wscript
index e2f2cda3312..91edbcb2594 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript
+++ b/source4/dsdb/samdb/ldb_modules/wscript
@@ -12,23 +12,6 @@ def set_options(opt):
     return
 
 def configure(conf):
-    conf.SET_TARGET_TYPE('nettle', 'EMPTY')
-    if conf.CHECK_CFG(
-        package="nettle",
-        args="--cflags --libs",
-        msg='Checking for nettle support'):
-
-        if conf.CHECK_FUNCS_IN(
-            'nettle_gcm_aes_encrypt',
-            'nettle',
-            headers='nettle/gcm.h'):
-
-            conf.DEFINE('HAVE_NETTLE_AES_GCM', '1')
-        else:
-            Logs.warn('No nettle support for AES GCM')
-    else:
-        Logs.warn('No nettle encryption libraries')
-
     if conf.env.HAVE_GNUTLS:
         if conf.CHECK_FUNCS_IN(
             'gnutls_aead_cipher_init',
@@ -39,11 +22,6 @@ def configure(conf):
         else:
             Logs.warn('No gnutls support for AEAD encryption')
 
-    if not conf.env.HAVE_GNUTLS_AEAD and not conf.env.HAVE_NETTLE_AES_GCM:
-        conf.fatal("No AES GCM AEAD support"
-                   "Try installing gnutls if that does not support AEAD "
-                   "try installing nettle-dev or nettle-devel")
-
     conf.SET_TARGET_TYPE('gpgme', 'EMPTY')
 
     if Options.options.with_gpgme != False:
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build
index 0ff94711763..9e0ac281cc6 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build
@@ -36,7 +36,6 @@ bld.SAMBA_BINARY('test_encrypted_secrets',
             samdb-common
             samdb
             cmocka
-            nettle
             gnutls
             DSDB_MODULE_HELPERS
         ''',
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build_server b/source4/dsdb/samdb/ldb_modules/wscript_build_server
index 71af9b27278..368260afe09 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build_server
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build_server
@@ -422,7 +422,6 @@ bld.SAMBA_MODULE('ldb_encrypted_secrets',
             samdb-common
             DSDB_MODULE_HELPERS
             samdb
-            nettle
             gnutls
         '''
 	)