From d5856b993e8ddd83f36097a5aba0026aa8e9d2ca Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Jun 2019 16:05:32 +1200 Subject: [PATCH] liblic/drsupai: use samba_gnutls_arcfour_confounded_md5() wrapper This common code will reduce duplication, particularly when we move arcfour_encrypt_buffer() calls to GnuTLS Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- libcli/drsuapi/repl_decrypt.c | 95 +++++++++++------------------------ 1 file changed, 30 insertions(+), 65 deletions(-) diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c index 81f695ad2c2..5425eef9631 100644 --- a/libcli/drsuapi/repl_decrypt.c +++ b/libcli/drsuapi/repl_decrypt.c @@ -25,7 +25,6 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" -#include "../lib/crypto/arcfour.h" #include "zlib.h" #include "../libcli/drsuapi/drsuapi.h" #include "libcli/auth/libcli_auth.h" @@ -45,10 +44,6 @@ static WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB confounder; DATA_BLOB enc_buffer; - gnutls_hash_hd_t hash_hnd = NULL; - uint8_t _enc_key[16]; - DATA_BLOB enc_key; - DATA_BLOB dec_buffer; uint32_t crc32_given; @@ -77,42 +72,27 @@ static WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx, enc_buffer = data_blob_const(in->data + 16, in->length - 16); /* - * build the encryption key md5 over the session key followed - * by the confounder + * decrypt with the encryption key, being md5 over the session + * key followed by the confounder. The parameter order to + * samba_gnutls_arcfour_confounded_md5() matters for this! * * here the gensec session key is used and * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key! */ - enc_key = data_blob_const(_enc_key, sizeof(_enc_key)); - - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); - if (rc < 0) { - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - rc = gnutls_hash(hash_hnd, confounder.data, confounder.length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - - gnutls_hash_deinit(hash_hnd, enc_key.data); /* * reference the encrypted buffer part and * decrypt it using the created encryption key using arcfour */ dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length); - arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key); - ZERO_ARRAY_LEN(enc_key.data, enc_key.length); + rc = samba_gnutls_arcfour_confounded_md5(gensec_skey, + &confounder, + &dec_buffer); + if (rc < 0) { + result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); + goto out; + } /* * the first 4 byte are the crc32 checksum @@ -236,12 +216,10 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB rid_crypt_out = data_blob(NULL, 0); DATA_BLOB confounder; - gnutls_hash_hd_t hash_hnd = NULL; - uint8_t _enc_key[16]; - DATA_BLOB enc_key; - DATA_BLOB enc_buffer; + DATA_BLOB to_encrypt; + uint32_t crc32_calc; WERROR result; int rc; @@ -295,35 +273,6 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, confounder = data_blob_const(enc_buffer.data, 16); generate_random_buffer(confounder.data, confounder.length); - /* - * build the encryption key md5 over the session key followed - * by the confounder - * - * here the gensec session key is used and - * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key! - */ - enc_key = data_blob_const(_enc_key, sizeof(_enc_key)); - - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); - if (rc < 0) { - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - - rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - rc = gnutls_hash(hash_hnd, confounder.data, confounder.length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - goto out; - } - gnutls_hash_deinit(hash_hnd, enc_key.data); - /* * the first 4 byte are the crc32 checksum * of the remaining bytes @@ -339,9 +288,25 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, memcpy(enc_buffer.data+20, in->data, in->length); talloc_free(rid_crypt_out.data); - arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key); + to_encrypt = data_blob_const(enc_buffer.data+16, + enc_buffer.length-16); - ZERO_ARRAY_LEN(enc_key.data, enc_key.length); + /* + * encrypt with the encryption key, being md5 over the session + * key followed by the confounder. The parameter order to + * samba_gnutls_arcfour_confounded_md5() matters for this! + * + * here the gensec session key is used and + * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key! + */ + + rc = samba_gnutls_arcfour_confounded_md5(gensec_skey, + &confounder, + &to_encrypt); + if (rc < 0) { + result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); + goto out; + } *out = enc_buffer; result = WERR_OK;