mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3:smbd: Use smb2_signing_key structure for the encryption key
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
87832f6140
commit
95e1c85a47
@ -229,6 +229,7 @@ interface smbXsrv
|
||||
[noprint] DATA_BLOB signing_key_blob;
|
||||
[ignore] smb2_signing_key *signing_key;
|
||||
[noprint] DATA_BLOB encryption_key_blob;
|
||||
[ignore] smb2_signing_key *encryption_key;
|
||||
[noprint] DATA_BLOB decryption_key_blob;
|
||||
[noprint] DATA_BLOB application_key;
|
||||
[range(1, 1024)] uint32 num_channels;
|
||||
|
@ -1737,9 +1737,9 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
|
||||
|
||||
if (req->do_encryption) {
|
||||
struct smbXsrv_session *x = req->session;
|
||||
DATA_BLOB encryption_key = x->global->encryption_key_blob;
|
||||
struct smb2_signing_key *encryption_key = x->global->encryption_key;
|
||||
|
||||
status = smb2_signing_encrypt_pdu(encryption_key,
|
||||
status = smb2_signing_encrypt_pdu(encryption_key->blob,
|
||||
xconn->smb2.server.cipher,
|
||||
&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
|
||||
SMBD_SMB2_NUM_IOV_PER_REQ);
|
||||
@ -2852,9 +2852,10 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
(firsttf->iov_len == 0) &&
|
||||
(req->first_key.length == 0) &&
|
||||
(req->session != NULL) &&
|
||||
(req->session->global->encryption_key_blob.length != 0))
|
||||
smb2_signing_key_valid(req->session->global->encryption_key))
|
||||
{
|
||||
DATA_BLOB encryption_key = req->session->global->encryption_key_blob;
|
||||
struct smb2_signing_key *encryption_key =
|
||||
req->session->global->encryption_key;
|
||||
uint8_t *tf;
|
||||
uint64_t session_id = req->session->global->session_wire_id;
|
||||
uint64_t nonce_high;
|
||||
@ -2878,7 +2879,8 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
* we are sure that we do not change
|
||||
* the header again.
|
||||
*/
|
||||
req->first_key = data_blob_dup_talloc(req, encryption_key);
|
||||
req->first_key = data_blob_dup_talloc(req,
|
||||
encryption_key->blob);
|
||||
if (req->first_key.data == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -3414,9 +3416,10 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn,
|
||||
}
|
||||
|
||||
if (do_encryption) {
|
||||
DATA_BLOB encryption_key = session->global->encryption_key_blob;
|
||||
struct smb2_signing_key *encryption_key =
|
||||
session->global->encryption_key;
|
||||
|
||||
status = smb2_signing_encrypt_pdu(encryption_key,
|
||||
status = smb2_signing_encrypt_pdu(encryption_key->blob,
|
||||
xconn->smb2.server.cipher,
|
||||
&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
|
||||
SMBD_SMB2_NUM_IOV_PER_REQ);
|
||||
|
@ -394,18 +394,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
|
||||
struct _derivation *d = &derivation.encryption;
|
||||
size_t nonce_size;
|
||||
|
||||
x->global->encryption_key_blob = data_blob_talloc(x->global,
|
||||
session_key,
|
||||
sizeof(session_key));
|
||||
if (x->global->encryption_key_blob.data == NULL) {
|
||||
x->global->encryption_key =
|
||||
talloc_zero(x->global, struct smb2_signing_key);
|
||||
if (x->global->encryption_key == NULL) {
|
||||
ZERO_STRUCT(session_key);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
x->global->encryption_key->blob =
|
||||
x->global->encryption_key_blob =
|
||||
data_blob_talloc(x->global->encryption_key,
|
||||
session_key,
|
||||
sizeof(session_key));
|
||||
if (!smb2_signing_key_valid(x->global->encryption_key)) {
|
||||
ZERO_STRUCT(session_key);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
talloc_keep_secret(x->global->encryption_key->blob.data);
|
||||
|
||||
status = smb2_key_derivation(session_key, sizeof(session_key),
|
||||
d->label.data, d->label.length,
|
||||
d->context.data, d->context.length,
|
||||
x->global->encryption_key_blob.data);
|
||||
x->global->encryption_key->blob.data);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -477,8 +487,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
|
||||
dump_data(0, x->global->decryption_key_blob.data,
|
||||
x->global->decryption_key_blob.length);
|
||||
DEBUGADD(0, ("ServerOut Key "));
|
||||
dump_data(0, x->global->encryption_key_blob.data,
|
||||
x->global->encryption_key_blob.length);
|
||||
dump_data(0, x->global->encryption_key->blob.data,
|
||||
x->global->encryption_key->blob.length);
|
||||
}
|
||||
|
||||
ZERO_STRUCT(session_key);
|
||||
|
Loading…
Reference in New Issue
Block a user