From 477ecfbdaf73a8a2b7af31938c14b84242336460 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 28 May 2015 15:20:54 +0200
Subject: libcli/smb: In CCM and GCM mode we can't reuse nonces

Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
---
 libcli/smb/smb2_constants.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'libcli/smb/smb2_constants.h')

diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 2bda4e9c6b5..f6edf6ba109 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -138,6 +138,11 @@
 /* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */
 #define SMB2_ENCRYPTION_AES128_CCM         0x0001 /* only in dialect >= 0x224 */
 #define SMB2_ENCRYPTION_AES128_GCM         0x0002 /* only in dialect >= 0x310 */
+#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\
+	((nonce_len_bytes) >= 16) ? UINT64_MAX : \
+	((nonce_len_bytes) <= 8) ? 0 : \
+	(((uint64_t)1 << (((nonce_len_bytes) - 8)*8)) - 1) \
+	))
 
 /* SMB2 session (request) flags */
 #define SMB2_SESSION_FLAG_BINDING       0x01
-- 
cgit v1.2.1