mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
b27a67af02
This lets us access single-DES from Python. This function is used in a following commit for encrypting an NT hash to obtain the verifier for a SAMR password change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
95 lines
3.4 KiB
Python
95 lines
3.4 KiB
Python
#!/usr/bin/env python
|
|
from waflib import Options
|
|
from waflib import Errors, Logs
|
|
|
|
|
|
def options(opt):
|
|
opt.add_option('--accel-aes',
|
|
help=("Should we use accelerated AES crypto functions. "
|
|
"Options are intelaesni|none."),
|
|
action="store",
|
|
dest='accel_aes',
|
|
default="none")
|
|
|
|
|
|
def configure(conf):
|
|
if conf.CHECK_FUNCS('SHA1_Update'):
|
|
conf.DEFINE('SHA1_RENAME_NEEDED', 1)
|
|
|
|
#
|
|
# --aes-accel=XXX selects accelerated AES crypto library to use, if any.
|
|
# Default is none.
|
|
#
|
|
if Options.options.accel_aes.lower() == "intelaesni":
|
|
Logs.info("Attempting to compile with runtime-switchable x86_64 "
|
|
"Intel AES instructions. WARNING - this is temporary.")
|
|
elif Options.options.accel_aes.lower() != "none":
|
|
raise Errors.WafError("--aes-accel=%s is not a valid option. Valid "
|
|
"options are [none|intelaesni]" %
|
|
Options.options.accel_aes)
|
|
|
|
|
|
def build(bld):
|
|
extra_deps = ""
|
|
|
|
if (bld.CONFIG_SET("HAVE_AESNI_INTEL")
|
|
and not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC')):
|
|
extra_deps += ' aesni-intel'
|
|
|
|
bld.SAMBA_SUBSYSTEM("GNUTLS_HELPERS",
|
|
source='''
|
|
gnutls_error.c
|
|
gnutls_aead_aes_256_cbc_hmac_sha512.c
|
|
gnutls_arcfour_confounded_md5.c
|
|
gnutls_weak_crypto.c
|
|
''',
|
|
deps="gnutls samba-errors")
|
|
|
|
bld.SAMBA_SUBSYSTEM("LIBCRYPTO_AES",
|
|
source='aes.c rijndael-alg-fst.c',
|
|
deps='talloc',
|
|
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
|
|
|
|
bld.SAMBA_SUBSYSTEM('LIBCRYPTO_AES_CMAC',
|
|
source='aes_cmac_128.c',
|
|
deps='talloc',
|
|
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
|
|
|
|
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
|
|
source='''
|
|
md4.c
|
|
''',
|
|
deps='''
|
|
talloc
|
|
LIBCRYPTO_AES
|
|
LIBCRYPTO_AES_CMAC
|
|
''' + extra_deps)
|
|
|
|
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO_AES_CMAC',
|
|
source='aes_cmac_128_test.c',
|
|
autoproto='aes_cmac_test_proto.h',
|
|
deps='talloc',
|
|
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
|
|
|
|
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
|
|
source='md4test.c',
|
|
autoproto='test_proto.h',
|
|
deps='''
|
|
LIBCRYPTO
|
|
TORTURE_LIBCRYPTO_AES_CMAC
|
|
''')
|
|
|
|
bld.SAMBA_PYTHON('python_crypto',
|
|
source='py_crypto.c',
|
|
deps='gnutls talloc LIBCLI_AUTH',
|
|
realname='samba/crypto.so')
|
|
|
|
bld.SAMBA_BINARY('test_gnutls_aead_aes_256_cbc_hmac_sha512',
|
|
source='''
|
|
gnutls_error.c
|
|
tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
|
|
''',
|
|
deps='cmocka gnutls samba-util samba-errors',
|
|
local_include=False,
|
|
for_selftest=True)
|