From 5076ca90caf92b56a5708cf185835e74ddfe3cfb Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Thu, 14 Mar 2019 09:34:23 +0100

Subject: [PATCH 113/187] libcli:smb: Use a smb2_signing_key for storing the

 encryption key

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 48116a30d51d9bac6201a8b94262aa78b451ad63)

---

 libcli/smb/smbXcli_base.c | 29 +++++++++++++++++++----------

 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index bfc85ecc225..52bc438c389 100644

--- a/libcli/smb/smbXcli_base.c

+++ b/libcli/smb/smbXcli_base.c

@@ -154,7 +154,7 @@ struct smb2cli_session {

 	struct smb2_signing_key *signing_key;

 	bool should_sign;

 	bool should_encrypt;

-	DATA_BLOB encryption_key;

+	struct smb2_signing_key *encryption_key;

 	DATA_BLOB decryption_key;

 	uint64_t nonce_high_random;

 	uint64_t nonce_high_max;

@@ -3090,7 +3090,7 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,

 	struct iovec *iov;

 	int i, num_iov, nbt_len;

 	int tf_iov = -1;

-	const DATA_BLOB *encryption_key = NULL;

+	const struct smb2_signing_key *encryption_key = NULL;

 	uint64_t encryption_session_id = 0;

 	uint64_t nonce_high = UINT64_MAX;

 	uint64_t nonce_low = UINT64_MAX;

@@ -3137,8 +3137,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,

 			continue;

 		}

-		encryption_key = &state->session->smb2->encryption_key;

-		if (encryption_key->length == 0) {

+		encryption_key = state->session->smb2->encryption_key;

+		if (!smb2_signing_key_valid(encryption_key)) {

 			return NT_STATUS_INVALID_PARAMETER_MIX;

 		}

@@ -3379,7 +3379,7 @@ skip_credits:

 			buf += v->iov_len;

 		}

-		status = smb2_signing_encrypt_pdu(*encryption_key,

+		status = smb2_signing_encrypt_pdu(encryption_key->blob,

 					state->conn->smb2.server.cipher,

 					&iov[tf_iov], num_iov - tf_iov);

 		if (!NT_STATUS_IS_OK(status)) {

@@ -5723,11 +5723,11 @@ NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session,

 		return NT_STATUS_NO_USER_SESSION_KEY;

 	}

-	if (session->smb2->encryption_key.length == 0) {

+	if (!smb2_signing_key_valid(session->smb2->encryption_key)) {

 		return NT_STATUS_NO_USER_SESSION_KEY;

 	}

-	*key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key);

+	*key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key->blob);

 	if (key->data == NULL) {

 		return NT_STATUS_NO_MEMORY;

 	}

@@ -6121,9 +6121,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,

 	}

 	session->smb2->encryption_key =

-		data_blob_dup_talloc(session,

+		talloc_zero(session, struct smb2_signing_key);

+	if (session->smb2->encryption_key == NULL) {

+		ZERO_STRUCT(session_key);

+		return NT_STATUS_NO_MEMORY;

+	}

+	talloc_set_destructor(session->smb2->encryption_key,

+			      smb2_signing_key_destructor);

+

+	session->smb2->encryption_key->blob =

+		data_blob_dup_talloc(session->smb2->encryption_key,

 				     session->smb2->signing_key->blob);

-	if (session->smb2->encryption_key.data == NULL) {

+	if (!smb2_signing_key_valid(session->smb2->encryption_key)) {

 		ZERO_STRUCT(session_key);

 		return NT_STATUS_NO_MEMORY;

 	}

@@ -6134,7 +6143,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,

 		status = smb2_key_derivation(session_key, sizeof(session_key),

 					     d->label.data, d->label.length,

 					     d->context.data, d->context.length,

-					     session->smb2->encryption_key.data);

+					     session->smb2->encryption_key->blob.data);

 		if (!NT_STATUS_IS_OK(status)) {

 			return status;

 		}

-- 

2.23.0