mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli:smb: Use smb2_signing_key for smb2_signing_check_pdu()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
dcf37228e1
commit
015e4d2dc2
@ -138,7 +138,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
|
||||
NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
|
||||
enum protocol_types protocol,
|
||||
const struct iovec *vector,
|
||||
int count)
|
||||
@ -169,7 +169,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (signing_key.length == 0) {
|
||||
if (!smb2_signing_key_valid(signing_key)) {
|
||||
/* we don't have the session key yet */
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -180,7 +180,9 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
|
||||
struct aes_cmac_128_context ctx;
|
||||
uint8_t key[AES_BLOCK_SIZE] = {0};
|
||||
|
||||
memcpy(key, signing_key.data, MIN(signing_key.length, 16));
|
||||
memcpy(key,
|
||||
signing_key->blob.data,
|
||||
MIN(signing_key->blob.length, 16));
|
||||
|
||||
aes_cmac_128_init(&ctx, key);
|
||||
aes_cmac_128_update(&ctx, hdr, SMB2_HDR_SIGNATURE);
|
||||
@ -194,39 +196,37 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
|
||||
|
||||
ZERO_ARRAY(key);
|
||||
} else {
|
||||
gnutls_hmac_hd_t hmac_hnd = NULL;
|
||||
uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
|
||||
int rc;
|
||||
|
||||
rc = gnutls_hmac_init(&hmac_hnd,
|
||||
GNUTLS_MAC_SHA256,
|
||||
signing_key.data,
|
||||
MIN(signing_key.length, 16));
|
||||
if (rc < 0) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
if (signing_key->hmac_hnd == NULL) {
|
||||
rc = gnutls_hmac_init(&signing_key->hmac_hnd,
|
||||
GNUTLS_MAC_SHA256,
|
||||
signing_key->blob.data,
|
||||
MIN(signing_key->blob.length, 16));
|
||||
if (rc < 0) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
rc = gnutls_hmac(hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
|
||||
rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
rc = gnutls_hmac(hmac_hnd, zero_sig, 16);
|
||||
rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
for (i = 1; i < count; i++) {
|
||||
rc = gnutls_hmac(hmac_hnd,
|
||||
rc = gnutls_hmac(signing_key->hmac_hnd,
|
||||
vector[i].iov_base,
|
||||
vector[i].iov_len);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
}
|
||||
gnutls_hmac_deinit(hmac_hnd, digest);
|
||||
gnutls_hmac_output(signing_key->hmac_hnd, digest);
|
||||
memcpy(res, digest, 16);
|
||||
ZERO_ARRAY(digest);
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
|
||||
struct iovec *vector,
|
||||
int count);
|
||||
|
||||
NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
|
||||
NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
|
||||
enum protocol_types protocol,
|
||||
const struct iovec *vector,
|
||||
int count);
|
||||
|
@ -3698,7 +3698,7 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
|
||||
uint16_t credits = SVAL(inhdr, SMB2_HDR_CREDIT);
|
||||
uint32_t new_credits;
|
||||
struct smbXcli_session *session = NULL;
|
||||
const struct smb2_signing_key *signing_key = NULL;
|
||||
struct smb2_signing_key *signing_key = NULL;
|
||||
bool was_encrypted = false;
|
||||
|
||||
new_credits = conn->smb2.cur_credits;
|
||||
@ -3915,7 +3915,7 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
|
||||
if (signing_key) {
|
||||
NTSTATUS signing_status;
|
||||
|
||||
signing_status = smb2_signing_check_pdu(signing_key->blob,
|
||||
signing_status = smb2_signing_check_pdu(signing_key,
|
||||
state->conn->protocol,
|
||||
&cur[1], 3);
|
||||
if (!NT_STATUS_IS_OK(signing_status)) {
|
||||
@ -6074,7 +6074,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||||
}
|
||||
|
||||
if (check_signature) {
|
||||
status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
|
||||
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
|
||||
session->conn->protocol,
|
||||
recv_iov, 3);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -6237,7 +6237,7 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
|
||||
}
|
||||
ZERO_STRUCT(channel_key);
|
||||
|
||||
status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
|
||||
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
|
||||
session->conn->protocol,
|
||||
recv_iov, 3);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -2483,7 +2483,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
|
||||
req->do_signing = true;
|
||||
}
|
||||
|
||||
status = smb2_signing_check_pdu(signing_key->blob,
|
||||
status = smb2_signing_check_pdu(signing_key,
|
||||
xconn->protocol,
|
||||
SMBD_SMB2_IN_HDR_IOV(req),
|
||||
SMBD_SMB2_NUM_IOV_PER_REQ - 1);
|
||||
|
Loading…
Reference in New Issue
Block a user