1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3:smbd: Use smb2_signing_key structure for the encryption key

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-03-14 10:02:27 +01:00 committed by Andreas Schneider
parent 87832f6140
commit 95e1c85a47
3 changed files with 28 additions and 14 deletions

View File

@ -229,6 +229,7 @@ interface smbXsrv
[noprint] DATA_BLOB signing_key_blob;
[ignore] smb2_signing_key *signing_key;
[noprint] DATA_BLOB encryption_key_blob;
[ignore] smb2_signing_key *encryption_key;
[noprint] DATA_BLOB decryption_key_blob;
[noprint] DATA_BLOB application_key;
[range(1, 1024)] uint32 num_channels;

View File

@ -1737,9 +1737,9 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
if (req->do_encryption) {
struct smbXsrv_session *x = req->session;
DATA_BLOB encryption_key = x->global->encryption_key_blob;
struct smb2_signing_key *encryption_key = x->global->encryption_key;
status = smb2_signing_encrypt_pdu(encryption_key,
status = smb2_signing_encrypt_pdu(encryption_key->blob,
xconn->smb2.server.cipher,
&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
SMBD_SMB2_NUM_IOV_PER_REQ);
@ -2852,9 +2852,10 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
(firsttf->iov_len == 0) &&
(req->first_key.length == 0) &&
(req->session != NULL) &&
(req->session->global->encryption_key_blob.length != 0))
smb2_signing_key_valid(req->session->global->encryption_key))
{
DATA_BLOB encryption_key = req->session->global->encryption_key_blob;
struct smb2_signing_key *encryption_key =
req->session->global->encryption_key;
uint8_t *tf;
uint64_t session_id = req->session->global->session_wire_id;
uint64_t nonce_high;
@ -2878,7 +2879,8 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
* we are sure that we do not change
* the header again.
*/
req->first_key = data_blob_dup_talloc(req, encryption_key);
req->first_key = data_blob_dup_talloc(req,
encryption_key->blob);
if (req->first_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -3414,9 +3416,10 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn,
}
if (do_encryption) {
DATA_BLOB encryption_key = session->global->encryption_key_blob;
struct smb2_signing_key *encryption_key =
session->global->encryption_key;
status = smb2_signing_encrypt_pdu(encryption_key,
status = smb2_signing_encrypt_pdu(encryption_key->blob,
xconn->smb2.server.cipher,
&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
SMBD_SMB2_NUM_IOV_PER_REQ);

View File

@ -394,18 +394,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
struct _derivation *d = &derivation.encryption;
size_t nonce_size;
x->global->encryption_key_blob = data_blob_talloc(x->global,
session_key,
sizeof(session_key));
if (x->global->encryption_key_blob.data == NULL) {
x->global->encryption_key =
talloc_zero(x->global, struct smb2_signing_key);
if (x->global->encryption_key == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
x->global->encryption_key->blob =
x->global->encryption_key_blob =
data_blob_talloc(x->global->encryption_key,
session_key,
sizeof(session_key));
if (!smb2_signing_key_valid(x->global->encryption_key)) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
talloc_keep_secret(x->global->encryption_key->blob.data);
status = smb2_key_derivation(session_key, sizeof(session_key),
d->label.data, d->label.length,
d->context.data, d->context.length,
x->global->encryption_key_blob.data);
x->global->encryption_key->blob.data);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -477,8 +487,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
dump_data(0, x->global->decryption_key_blob.data,
x->global->decryption_key_blob.length);
DEBUGADD(0, ("ServerOut Key "));
dump_data(0, x->global->encryption_key_blob.data,
x->global->encryption_key_blob.length);
dump_data(0, x->global->encryption_key->blob.data,
x->global->encryption_key->blob.length);
}
ZERO_STRUCT(session_key);