1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli:smb: Use GnuTLS SHA256 HMAC in smb2_key_derivation()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2018-10-10 15:47:37 +02:00 committed by Andrew Bartlett
parent 5d87610976
commit cda938cd9c
2 changed files with 42 additions and 10 deletions

View File

@ -24,6 +24,9 @@
#include "../lib/crypto/crypto.h"
#include "lib/util/iov_buf.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
enum protocol_types protocol,
struct iovec *vector,
@ -184,31 +187,60 @@ void smb2_key_derivation(const uint8_t *KI, size_t KI_len,
const uint8_t *Context, size_t Context_len,
uint8_t KO[16])
{
struct HMACSHA256Context ctx;
gnutls_hmac_hd_t hmac_hnd = NULL;
uint8_t buf[4];
static const uint8_t zero = 0;
uint8_t digest[SHA256_DIGEST_LENGTH];
uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
uint32_t i = 1;
uint32_t L = 128;
int rc;
/*
* a simplified version of
* "NIST Special Publication 800-108" section 5.1
* using hmac-sha256.
*/
hmac_sha256_init(KI, KI_len, &ctx);
rc = gnutls_hmac_init(&hmac_hnd,
GNUTLS_MAC_SHA256,
KI,
KI_len);
if (rc != 0) {
return;
}
RSIVAL(buf, 0, i);
hmac_sha256_update(buf, sizeof(buf), &ctx);
hmac_sha256_update(Label, Label_len, &ctx);
hmac_sha256_update(&zero, 1, &ctx);
hmac_sha256_update(Context, Context_len, &ctx);
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return;
}
rc = gnutls_hmac(hmac_hnd, Label, Label_len);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return;
}
rc = gnutls_hmac(hmac_hnd, &zero, 1);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return;
}
rc = gnutls_hmac(hmac_hnd, Context, Context_len);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return;
}
RSIVAL(buf, 0, L);
hmac_sha256_update(buf, sizeof(buf), &ctx);
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return;
}
hmac_sha256_final(digest, &ctx);
gnutls_hmac_deinit(hmac_hnd, digest);
memcpy(KO, digest, 16);
ZERO_ARRAY(digest);
}
NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,

View File

@ -46,7 +46,7 @@ def build(bld):
tstream_smbXcli_np.c
''',
deps='''
LIBCRYPTO NDR_SMB2_LEASE_STRUCT samba-errors gensec krb5samba
LIBCRYPTO gnutls NDR_SMB2_LEASE_STRUCT samba-errors gensec krb5samba
smb_transport
''',
public_deps='talloc samba-util iov_buf',