From 67825c96473ff8731af415683b4a74caca7a6809 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Wed, 6 Feb 2019 19:23:35 +0100 Subject: libcli: add getters for smb2 {signing,encryption,decryption} keys Adds: - smb2cli_session_signing_key() - smb2cli_session_encryption_key() - smb2cli_session_decryption_key() Signed-off-by: Aurelien Aptel Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Reviewed-by: David Disseldorp --- libcli/smb/smbXcli_base.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++ libcli/smb/smbXcli_base.h | 9 ++++++ 2 files changed, 88 insertions(+) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 3118365871a..2455b6deacd 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -5561,6 +5561,85 @@ bool smbXcli_session_is_authenticated(struct smbXcli_session *session) return true; } +NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key) +{ + DATA_BLOB *sig = NULL; + + if (session->conn == NULL) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + /* + * Use channel signing key if there is one, otherwise fallback + * to session. + */ + + if (session->smb2_channel.signing_key.length != 0) { + sig = &session->smb2_channel.signing_key; + } else if (session->smb2->signing_key.length != 0) { + sig = &session->smb2->signing_key; + } else { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + *key = data_blob_dup_talloc(mem_ctx, *sig); + if (key->data == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key) +{ + if (session->conn == NULL) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if (session->conn->protocol < PROTOCOL_SMB3_00) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if (session->smb2->encryption_key.length == 0) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key); + if (key->data == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key) +{ + if (session->conn == NULL) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if (session->conn->protocol < PROTOCOL_SMB3_00) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if (session->smb2->decryption_key.length == 0) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + *key = data_blob_dup_talloc(mem_ctx, session->smb2->decryption_key); + if (key->data == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key) diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 42c2519c7ff..a7256490bd1 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -468,6 +468,15 @@ struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx, struct smbXcli_session *src); bool smbXcli_session_is_guest(struct smbXcli_session *session); bool smbXcli_session_is_authenticated(struct smbXcli_session *session); +NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key); +NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key); +NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session, + TALLOC_CTX *mem_ctx, + DATA_BLOB *key); NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key); -- cgit v1.2.1