mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
libcli:smb: Use gnutls_aead_cipher_encryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will recuduce memory allocations and copying of data. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
This commit is contained in:
parent
fa255a36df
commit
70fdd4821a
@ -392,12 +392,11 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
|
|||||||
int count)
|
int count)
|
||||||
{
|
{
|
||||||
uint8_t *tf;
|
uint8_t *tf;
|
||||||
int i;
|
|
||||||
size_t a_total;
|
size_t a_total;
|
||||||
ssize_t m_total;
|
ssize_t m_total;
|
||||||
uint32_t iv_size = 0;
|
uint32_t iv_size = 0;
|
||||||
uint32_t key_size = 0;
|
uint32_t key_size = 0;
|
||||||
uint32_t tag_size = 0;
|
size_t tag_size = 0;
|
||||||
uint8_t _key[16] = {0};
|
uint8_t _key[16] = {0};
|
||||||
gnutls_cipher_algorithm_t algo = 0;
|
gnutls_cipher_algorithm_t algo = 0;
|
||||||
gnutls_datum_t key;
|
gnutls_datum_t key;
|
||||||
@ -479,12 +478,40 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
|
|||||||
0,
|
0,
|
||||||
16 - iv_size);
|
16 - iv_size);
|
||||||
|
|
||||||
|
#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
|
||||||
|
{
|
||||||
|
uint8_t tag[tag_size];
|
||||||
|
giovec_t auth_iov[1];
|
||||||
|
|
||||||
|
auth_iov[0] = (giovec_t) {
|
||||||
|
.iov_base = tf + SMB2_TF_NONCE,
|
||||||
|
.iov_len = a_total,
|
||||||
|
};
|
||||||
|
|
||||||
|
rc = gnutls_aead_cipher_encryptv2(encryption_key->cipher_hnd,
|
||||||
|
iv.data,
|
||||||
|
iv.size,
|
||||||
|
auth_iov,
|
||||||
|
1,
|
||||||
|
&vector[1],
|
||||||
|
count - 1,
|
||||||
|
tag,
|
||||||
|
&tag_size);
|
||||||
|
if (rc < 0) {
|
||||||
|
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(tf + SMB2_TF_SIGNATURE, tag, tag_size);
|
||||||
|
}
|
||||||
|
#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
|
||||||
{
|
{
|
||||||
size_t ptext_size = m_total;
|
size_t ptext_size = m_total;
|
||||||
uint8_t *ptext = NULL;
|
uint8_t *ptext = NULL;
|
||||||
size_t ctext_size = m_total + tag_size;
|
size_t ctext_size = m_total + tag_size;
|
||||||
uint8_t *ctext = NULL;
|
uint8_t *ctext = NULL;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
int i;
|
||||||
|
|
||||||
ptext = talloc_size(talloc_tos(), ptext_size);
|
ptext = talloc_size(talloc_tos(), ptext_size);
|
||||||
if (ptext == NULL) {
|
if (ptext == NULL) {
|
||||||
@ -543,6 +570,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
|
|||||||
TALLOC_FREE(ptext);
|
TALLOC_FREE(ptext);
|
||||||
TALLOC_FREE(ctext);
|
TALLOC_FREE(ctext);
|
||||||
}
|
}
|
||||||
|
#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
|
||||||
|
|
||||||
DBG_INFO("Enencrypted SMB2 message\n");
|
DBG_INFO("Enencrypted SMB2 message\n");
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user