1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli:smb: Use smb2_signing_key for smb2_signing_check_pdu()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-03-14 17:42:34 +01:00 committed by Andrew Bartlett
parent dcf37228e1
commit 015e4d2dc2
4 changed files with 23 additions and 23 deletions

View File

@ -138,7 +138,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
return NT_STATUS_OK;
}
NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
enum protocol_types protocol,
const struct iovec *vector,
int count)
@ -169,7 +169,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
return NT_STATUS_OK;
}
if (signing_key.length == 0) {
if (!smb2_signing_key_valid(signing_key)) {
/* we don't have the session key yet */
return NT_STATUS_OK;
}
@ -180,7 +180,9 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
struct aes_cmac_128_context ctx;
uint8_t key[AES_BLOCK_SIZE] = {0};
memcpy(key, signing_key.data, MIN(signing_key.length, 16));
memcpy(key,
signing_key->blob.data,
MIN(signing_key->blob.length, 16));
aes_cmac_128_init(&ctx, key);
aes_cmac_128_update(&ctx, hdr, SMB2_HDR_SIGNATURE);
@ -194,39 +196,37 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
ZERO_ARRAY(key);
} else {
gnutls_hmac_hd_t hmac_hnd = NULL;
uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
int rc;
rc = gnutls_hmac_init(&hmac_hnd,
GNUTLS_MAC_SHA256,
signing_key.data,
MIN(signing_key.length, 16));
if (rc < 0) {
return NT_STATUS_NO_MEMORY;
if (signing_key->hmac_hnd == NULL) {
rc = gnutls_hmac_init(&signing_key->hmac_hnd,
GNUTLS_MAC_SHA256,
signing_key->blob.data,
MIN(signing_key->blob.length, 16));
if (rc < 0) {
return NT_STATUS_NO_MEMORY;
}
}
rc = gnutls_hmac(hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
rc = gnutls_hmac(hmac_hnd, zero_sig, 16);
rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
for (i = 1; i < count; i++) {
rc = gnutls_hmac(hmac_hnd,
rc = gnutls_hmac(signing_key->hmac_hnd,
vector[i].iov_base,
vector[i].iov_len);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
}
gnutls_hmac_deinit(hmac_hnd, digest);
gnutls_hmac_output(signing_key->hmac_hnd, digest);
memcpy(res, digest, 16);
ZERO_ARRAY(digest);
}

View File

@ -40,7 +40,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
struct iovec *vector,
int count);
NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
enum protocol_types protocol,
const struct iovec *vector,
int count);

View File

@ -3698,7 +3698,7 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
uint16_t credits = SVAL(inhdr, SMB2_HDR_CREDIT);
uint32_t new_credits;
struct smbXcli_session *session = NULL;
const struct smb2_signing_key *signing_key = NULL;
struct smb2_signing_key *signing_key = NULL;
bool was_encrypted = false;
new_credits = conn->smb2.cur_credits;
@ -3915,7 +3915,7 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
if (signing_key) {
NTSTATUS signing_status;
signing_status = smb2_signing_check_pdu(signing_key->blob,
signing_status = smb2_signing_check_pdu(signing_key,
state->conn->protocol,
&cur[1], 3);
if (!NT_STATUS_IS_OK(signing_status)) {
@ -6074,7 +6074,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
}
if (check_signature) {
status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
@ -6237,7 +6237,7 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
}
ZERO_STRUCT(channel_key);
status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -2483,7 +2483,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
req->do_signing = true;
}
status = smb2_signing_check_pdu(signing_key->blob,
status = smb2_signing_check_pdu(signing_key,
xconn->protocol,
SMBD_SMB2_IN_HDR_IOV(req),
SMBD_SMB2_NUM_IOV_PER_REQ - 1);