1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

17 Commits

Author SHA1 Message Date
Jeremy Allison
53ac0f7c59 lib: crypto: Plumb in the Intel AES instructions.
Causes:

AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()

to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard <jmaggard@netgear.com>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-09-07 02:01:08 +02:00
Alexander Bokovoy
bbeef554f2 lib/crypto: implement samba.crypto Python module for RC4
Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.

When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.

Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.

Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
2017-03-15 01:30:24 +01:00
Stefan Metzmacher
77c3d504b2 lib/crypto: add aes_ccm_128 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-27 20:23:20 +02:00
Douglas Bagnall
e3373e9d14 Revert "lib: Fix deps for LIBCRYPTO"
This reverts commit 30bfb8d638.

Talloc is still needed by LIBCRYPTO, because arcfour.h
includes lib/util/data_blob.h which includes talloc.h.

It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt
and arcfour_init).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
2015-06-28 11:47:16 +02:00
Volker Lendecke
30bfb8d638 lib: Fix deps for LIBCRYPTO
LIBCRYPTO itself does not depend on talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-06-23 22:12:08 +02:00
Stefan Metzmacher
03bf8fe4fc lib/crypto: add aes_gcm_128 support.
Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Günther Deschner
9ec531d30d lib/crypto: add and build a copied version of SHA512 functions.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-14 10:52:04 +02:00
Andrew Bartlett
fc13489c91 build: Build with system md5.h on OpenIndiana
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-19 21:32:36 +02:00
Andrew Bartlett
30a2243675 build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmd
This brings the two build systems in sync, without using md5.h (which is a problem name)

Tested on FreeBSD

Andrew Bartlett

Reviewed-by: Richard Sharpe <rsharpe@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed May 22 10:06:40 CEST 2013 on sn-devel-104
2013-05-22 10:06:40 +02:00
Stefan Metzmacher
5adf63fe30 lib/crypto: add aes_ccm_128
metze
2012-07-23 18:19:36 +02:00
Matthieu Patou
b68f72c7f5 lib/crypto: Detect CommonCrypto and use it if available
CommonCrypto/CommonDigest is available on Mac and there is function in
the libc for MD5 calculation. MD5Final is a C define of CC_MD5_Final.
Under some circumstance we have the symbol defined twice in samba
binaries on Snow Leopard at least.

By detecting CommonCrypto/CommonDigest we end up always using the system
version if available.
2012-03-14 06:52:27 +01:00
Stefan Metzmacher
7102eafc26 lib/crypto: add aes_cmac_128_test.c as local.crypto.aes_cmac_128 test
metze
2012-02-29 03:16:22 +01:00
Stefan Metzmacher
062d1a09c2 lib/crypto: add aes_cmac_128* (rfc 4493)
Thanks to Jeremy, Michael and Volker for the debugging!

metze
2012-02-29 03:16:22 +01:00
Jelmer Vernooij
8443e15eee crypto: Use libbsd md5 header, if available. 2012-02-07 01:11:08 +01:00
Jelmer Vernooij
dc47e8dc52 libcli-auth: Remove unnecessary dependency on libsamba-hostconfig. 2010-10-11 01:06:35 +02:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00