2019-06-27 06:05:49 +03:00
/*
Unix SMB / CIFS implementation .
Wrapper for gnutls hash and encryption functions
Copyright ( C ) Stefan Metzmacher < metze @ samba . org > 2007
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2009 - 2019
Copyright ( c ) Andreas Schneider < asn @ samba . org > 2019
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
/*
2023-09-07 06:52:26 +03:00
* This ( arcfour over data with a key combined from two inputs , one
2019-06-27 06:05:49 +03:00
* the key another the confounder ) , is a common pattern in pre - AES
* windows cryptography
*
* Some protocols put the confounder first , others second so both
* parameters are named key_input here .
*
*/
# include "includes.h"
# include "lib/util/data_blob.h"
# include <gnutls/gnutls.h>
# include <gnutls/crypto.h>
# include "gnutls_helpers.h"
# include "lib/util/memory.h"
int samba_gnutls_arcfour_confounded_md5 ( const DATA_BLOB * key_input1 ,
const DATA_BLOB * key_input2 ,
2019-06-27 07:45:33 +03:00
DATA_BLOB * data ,
enum samba_gnutls_direction encrypt )
2019-06-27 06:05:49 +03:00
{
int rc ;
gnutls_hash_hd_t hash_hnd = NULL ;
uint8_t confounded_key [ 16 ] ;
2019-06-27 07:45:33 +03:00
gnutls_cipher_hd_t cipher_hnd = NULL ;
gnutls_datum_t confounded_key_datum = {
. data = confounded_key ,
. size = sizeof ( confounded_key ) ,
} ;
2019-06-27 06:05:49 +03:00
rc = gnutls_hash_init ( & hash_hnd , GNUTLS_DIG_MD5 ) ;
if ( rc < 0 ) {
return rc ;
}
rc = gnutls_hash ( hash_hnd , key_input1 - > data , key_input1 - > length ) ;
if ( rc < 0 ) {
gnutls_hash_deinit ( hash_hnd , NULL ) ;
return rc ;
}
rc = gnutls_hash ( hash_hnd , key_input2 - > data , key_input2 - > length ) ;
if ( rc < 0 ) {
gnutls_hash_deinit ( hash_hnd , NULL ) ;
return rc ;
}
2019-06-27 07:45:33 +03:00
gnutls_hash_deinit ( hash_hnd , confounded_key ) ;
2019-06-27 06:05:49 +03:00
2019-06-27 07:45:33 +03:00
rc = gnutls_cipher_init ( & cipher_hnd ,
GNUTLS_CIPHER_ARCFOUR_128 ,
& confounded_key_datum ,
NULL ) ;
if ( rc < 0 ) {
return rc ;
}
2019-06-27 06:05:49 +03:00
2019-06-27 07:45:33 +03:00
if ( encrypt = = SAMBA_GNUTLS_ENCRYPT ) {
rc = gnutls_cipher_encrypt ( cipher_hnd ,
data - > data ,
data - > length ) ;
} else {
rc = gnutls_cipher_decrypt ( cipher_hnd ,
data - > data ,
data - > length ) ;
}
gnutls_cipher_deinit ( cipher_hnd ) ;
2019-06-27 06:05:49 +03:00
ZERO_ARRAY ( confounded_key ) ;
2019-06-27 07:45:33 +03:00
return rc ;
2019-06-27 06:05:49 +03:00
}