summaryrefslogtreecommitdiff
path: root/lib/crypto
Commit message (Collapse)AuthorAgeFilesLines
* lib:crypto: Improve comment about weak cryptoAndreas Schneider2023-04-031-2/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Change error return to SMB_ASSERT()Joseph Sutton2022-10-051-8/+6
| | | | | | | | Getting an HMAC too long to fit our array is a programming error. It should always be 64 bytes exactly. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password changeJoseph Sutton2022-09-121-0/+221
| | | | | | | | | | | These functions allow us to perform key derivation and AES256 encryption in Python. They will be used in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4Joseph Sutton2022-09-121-0/+35
| | | | | | | | | | | | This lets us access MD4, which might not be available in hashlib, from Python. This function is used in a following commit for hashing a password to obtain the verifier for a SAMR password change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DESJoseph Sutton2022-09-122-1/+66
| | | | | | | | | | | | This lets us access single-DES from Python. This function is used in a following commit for encrypting an NT hash to obtain the verifier for a SAMR password change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Use constant time memory comparison to check HMACJoseph Sutton2022-09-121-3/+3
| | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Check for overflow before filling pauth_tag arrayJoseph Sutton2022-09-121-0/+8
| | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Zero auth_tag array in encryption testJoseph Sutton2022-09-121-1/+1
| | | | | | | | | If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the array completely, we may be comparing uninitialised bytes. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Add test for pbkdf2Andreas Schneider2022-07-281-0/+47
| | | | | | | This is just that we use the right parameters for gnutls_pbkdf2() and reach the values from Windows. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()Andreas Schneider2022-07-281-0/+48
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()Andreas Schneider2022-07-282-0/+189
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()Andreas Schneider2022-07-282-0/+238
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Implement samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()Andreas Schneider2022-07-283-12/+288
| | | | | | This is for [MS-SAMR] 3.2.2.4 AES Cipher Usage Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Merge wscript_build into wscriptAndreas Schneider2022-07-282-54/+55
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Merge wscript_configure into wscriptAndreas Schneider2022-07-282-15/+20
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Reformat wscriptAndreas Schneider2022-07-281-2/+5
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib:crypto: Add py binding for set_relax/strict fips modeIsaac Boukris2020-10-291-0/+16
| | | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Fix clang 9 missing-field-initializer warningsGary Lockyer2020-05-081-1/+1
| | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:crypto: Add samba_gnutls_weak_crypto()Andreas Schneider2020-03-193-0/+56
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMACAndreas Schneider2019-12-101-1/+2
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Dec 10 20:30:57 UTC 2019 on sn-devel-184
* lib:crypto: Only build AES code if we need AES CMACAndreas Schneider2019-12-101-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Remove our implementation of AES GCMAndreas Schneider2019-12-105-570/+0
| | | | | | | We require GnuTLS >= 3.4.7 which provides AES GCM. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Remove our implementation of AES CCMAndreas Schneider2019-12-105-645/+0
| | | | | | | We require GnuTLS >= 3.4.7 which provides AES CCM. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Spelling fixes s/ ot / to /Mathieu Parent2019-09-011-1/+1
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib:crypto: Do not build AES-CMAC if we use GnuTLS that supports itAndreas Schneider2019-08-211-2/+4
| | | | | | | | | | This requires GnuTLS >= 3.6.5. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Aug 21 11:14:11 UTC 2019 on sn-devel-184
* lib/crypto: Remove unused RC4 code from SambaAndrew Bartlett2019-08-213-119/+0
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:crypto: Prepare not to build AES or AES-CMAC if we use GnuTLS support itAndreas Schneider2019-08-211-10/+42
| | | | | | | | | | | Samba will soon require GnuTLS >= 3.4.7. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Adjusted by Andrew Bartlett from an earlier more comprehensive patch by Andreas Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* crypto: Update REQUIREMENTS file with new minimum versionAndrew Bartlett2019-08-211-2/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:crypto: Don't build RC4 if we have GnuTLS >= 3.4.7Andreas Schneider2019-07-261-5/+20
| | | | | | | | | | | We have a GnuTLS DCEPRC backupkey implementation for the server and the test. However this is only working with GnuTLS >= 3.4.7. So we need to keep this around till we can require at least GnuTLS in a newer version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Remove arcfour.h from crypto.hAndreas Schneider2019-07-261-1/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Use GnuTLS RC4 in py_cryptoAndreas Schneider2019-07-262-9/+32
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Document samba_gnutls_arcfour_confounded_md5()Andreas Schneider2019-07-261-0/+18
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Document gnutls_error_to_werror()Andreas Schneider2019-07-261-0/+16
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Document gnutls_error_to_ntstatus()Andreas Schneider2019-07-261-0/+16
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Add GNUTLS_FIPS140_SET_(LAX|STRICT)_MODE to helpersAndreas Schneider2019-07-091-0/+11
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib:crypto: Fix path to header file in gnutls_helpers.hAndreas Schneider2019-07-091-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()Andrew Bartlett2019-06-273-11/+35
| | | | | | | This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/crypto: Add GnuTLS helper function samba_gnutls_arcfour_confounded_md5()Andrew Bartlett2019-06-273-2/+85
| | | | | | | | This will avoid duplicated code as we convert arcfour_crypt_blob() into direct GnuTLS calls Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:util: Add gnutls_error_to_werror()Andreas Schneider2019-06-272-0/+56
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-273-0/+104
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix ubsan null pointer passed as argument 2Gary Lockyer2019-05-271-4/+6
| | | | | | | | | | | | Fix ubsan warning null pointer passed as argument 2 when the source pointer is NULL. The calls to memcpy are now guarded by an if (len > 0) Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
* lib:crypto: Remove obsolete MD5 and HMAC MD5Andreas Schneider2019-05-219-673/+3
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 21 01:18:08 UTC 2019 on sn-devel-184
* lib/crypto: squash 'cast between incompatible function types' warningNoel Power2019-05-161-1/+1
| | | | | | | | | | | To avoid warning above produced by using -Wcast-function-type we; + ensure PyCFunctions of type METH_VARARGS do not declare unused and problematic kargs param. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:crypto: Remove unused SHA512Andreas Schneider2019-05-074-340/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Remove unused SHA256 and HMAC SHA256Andreas Schneider2019-04-307-482/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove bld.gen_python_environments()Andrew Bartlett2019-03-211-5/+4
| | | | | | | This was part of --extra-python support. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lib:crypto: Include only the required header filesAndreas Schneider2019-02-2710-12/+19
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib:crypto: Fix undefined behavior in md4Andreas Schneider2018-11-221-2/+4
| | | | | | | runtime error: left shift of 145 by 24 places cannot be represented in type 'int' Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib: Remove lib/crypto/crc32.[ch]Volker Lendecke2018-10-104-107/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144
* lib/crypto/wscript_configure: update to handle waf 2.0.4Alexander Bokovoy2018-09-051-4/+4
| | | | | Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status