mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli:smb: Use GnuTLS SHA256 HMAC in smb2_key_derivation()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
5d87610976
commit
cda938cd9c
@ -24,6 +24,9 @@
|
||||
#include "../lib/crypto/crypto.h"
|
||||
#include "lib/util/iov_buf.h"
|
||||
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
|
||||
NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
|
||||
enum protocol_types protocol,
|
||||
struct iovec *vector,
|
||||
@ -184,31 +187,60 @@ void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
|
||||
const uint8_t *Context, size_t Context_len,
|
||||
uint8_t KO[16])
|
||||
{
|
||||
struct HMACSHA256Context ctx;
|
||||
gnutls_hmac_hd_t hmac_hnd = NULL;
|
||||
uint8_t buf[4];
|
||||
static const uint8_t zero = 0;
|
||||
uint8_t digest[SHA256_DIGEST_LENGTH];
|
||||
uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
|
||||
uint32_t i = 1;
|
||||
uint32_t L = 128;
|
||||
int rc;
|
||||
|
||||
/*
|
||||
* a simplified version of
|
||||
* "NIST Special Publication 800-108" section 5.1
|
||||
* using hmac-sha256.
|
||||
*/
|
||||
hmac_sha256_init(KI, KI_len, &ctx);
|
||||
rc = gnutls_hmac_init(&hmac_hnd,
|
||||
GNUTLS_MAC_SHA256,
|
||||
KI,
|
||||
KI_len);
|
||||
if (rc != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
RSIVAL(buf, 0, i);
|
||||
hmac_sha256_update(buf, sizeof(buf), &ctx);
|
||||
hmac_sha256_update(Label, Label_len, &ctx);
|
||||
hmac_sha256_update(&zero, 1, &ctx);
|
||||
hmac_sha256_update(Context, Context_len, &ctx);
|
||||
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return;
|
||||
}
|
||||
rc = gnutls_hmac(hmac_hnd, Label, Label_len);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return;
|
||||
}
|
||||
rc = gnutls_hmac(hmac_hnd, &zero, 1);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return;
|
||||
}
|
||||
rc = gnutls_hmac(hmac_hnd, Context, Context_len);
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return;
|
||||
}
|
||||
RSIVAL(buf, 0, L);
|
||||
hmac_sha256_update(buf, sizeof(buf), &ctx);
|
||||
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
|
||||
if (rc < 0) {
|
||||
gnutls_hmac_deinit(hmac_hnd, NULL);
|
||||
return;
|
||||
}
|
||||
|
||||
hmac_sha256_final(digest, &ctx);
|
||||
gnutls_hmac_deinit(hmac_hnd, digest);
|
||||
|
||||
memcpy(KO, digest, 16);
|
||||
|
||||
ZERO_ARRAY(digest);
|
||||
}
|
||||
|
||||
NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
|
||||
|
@ -46,7 +46,7 @@ def build(bld):
|
||||
tstream_smbXcli_np.c
|
||||
''',
|
||||
deps='''
|
||||
LIBCRYPTO NDR_SMB2_LEASE_STRUCT samba-errors gensec krb5samba
|
||||
LIBCRYPTO gnutls NDR_SMB2_LEASE_STRUCT samba-errors gensec krb5samba
|
||||
smb_transport
|
||||
''',
|
||||
public_deps='talloc samba-util iov_buf',
|
||||
|
Loading…
Reference in New Issue
Block a user