|
 |
1524bc |
From 9b5fa6c165e98ddec38bc976bac0cfee62fd0d72 Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Date: Mon, 18 Mar 2019 15:13:08 +0100
|
|
|
1524bc |
Subject: [PATCH 091/187] libcli:auth: Use GnuTLS AES128 CFB for
|
|
|
1524bc |
netlogon_creds_aes_decrypt()
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
(cherry picked from commit a96728586150768957b88a0714b15f13ee9f81af)
|
|
|
1524bc |
---
|
|
|
1524bc |
libcli/auth/credentials.c | 41 ++++++++++++++++++++++++++++++++++++++-
|
|
|
1524bc |
1 file changed, 40 insertions(+), 1 deletion(-)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
|
1524bc |
index 87f8820238e..cfeab6efdcd 100644
|
|
|
1524bc |
--- a/libcli/auth/credentials.c
|
|
|
1524bc |
+++ b/libcli/auth/credentials.c
|
|
|
1524bc |
@@ -22,10 +22,13 @@
|
|
|
1524bc |
|
|
|
1524bc |
#include "includes.h"
|
|
|
1524bc |
#include "system/time.h"
|
|
|
1524bc |
-#include "../lib/crypto/crypto.h"
|
|
|
1524bc |
#include "libcli/auth/libcli_auth.h"
|
|
|
1524bc |
#include "../libcli/security/dom_sid.h"
|
|
|
1524bc |
|
|
|
1524bc |
+#ifndef HAVE_GNUTLS_AES_CFB8
|
|
|
1524bc |
+#include "lib/crypto/aes.h"
|
|
|
1524bc |
+#endif
|
|
|
1524bc |
+
|
|
|
1524bc |
#include "lib/crypto/gnutls_helpers.h"
|
|
|
1524bc |
#include <gnutls/gnutls.h>
|
|
|
1524bc |
#include <gnutls/crypto.h>
|
|
|
1524bc |
@@ -345,12 +348,48 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds
|
|
|
1524bc |
*/
|
|
|
1524bc |
void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
|
|
1524bc |
{
|
|
|
1524bc |
+#ifdef HAVE_GNUTLS_AES_CFB8
|
|
|
1524bc |
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
|
|
1524bc |
+ gnutls_datum_t key = {
|
|
|
1524bc |
+ .data = creds->session_key,
|
|
|
1524bc |
+ .size = sizeof(creds->session_key),
|
|
|
1524bc |
+ };
|
|
|
1524bc |
+ uint32_t iv_size =
|
|
|
1524bc |
+ gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);
|
|
|
1524bc |
+ uint8_t _iv[iv_size];
|
|
|
1524bc |
+ gnutls_datum_t iv = {
|
|
|
1524bc |
+ .data = _iv,
|
|
|
1524bc |
+ .size = iv_size,
|
|
|
1524bc |
+ };
|
|
|
1524bc |
+ int rc;
|
|
|
1524bc |
+
|
|
|
1524bc |
+ ZERO_ARRAY(_iv);
|
|
|
1524bc |
+
|
|
|
1524bc |
+ rc = gnutls_cipher_init(&cipher_hnd,
|
|
|
1524bc |
+ GNUTLS_CIPHER_AES_128_CFB8,
|
|
|
1524bc |
+ &key,
|
|
|
1524bc |
+ &iv;;
|
|
|
1524bc |
+ if (rc < 0) {
|
|
|
1524bc |
+ DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
|
|
1524bc |
+ gnutls_strerror(rc));
|
|
|
1524bc |
+ return;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
+
|
|
|
1524bc |
+ rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
|
|
|
1524bc |
+ gnutls_cipher_deinit(cipher_hnd);
|
|
|
1524bc |
+ if (rc < 0) {
|
|
|
1524bc |
+ DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
|
|
|
1524bc |
+ gnutls_strerror(rc));
|
|
|
1524bc |
+ return;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
+#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
|
|
1524bc |
AES_KEY key;
|
|
|
1524bc |
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
|
|
1524bc |
|
|
|
1524bc |
AES_set_encrypt_key(creds->session_key, 128, &key);
|
|
|
1524bc |
|
|
|
1524bc |
aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
|
|
|
1524bc |
+#endif /* HAVE_GNUTLS_AES_CFB8 */
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
/*****************************************************************
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|