From 4dc911798e6e5a534c194cb2519c955a0589bf66 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Thu, 14 Mar 2019 10:10:34 +0100

Subject: [PATCH 116/187] s3:smbd: Use smb2_signing_key structure for the

 decryption key

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit b51c4293f7430b5ce6a81599fb0c7be5dc444c46)

---

 source3/librpc/idl/smbXsrv.idl |  1 +

 source3/smbd/smb2_server.c     |  2 +-

 source3/smbd/smb2_sesssetup.c  | 24 +++++++++++++++++-------

 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl

index f7acb2198fb..330c6896114 100644

--- a/source3/librpc/idl/smbXsrv.idl

+++ b/source3/librpc/idl/smbXsrv.idl

@@ -231,6 +231,7 @@ interface smbXsrv

 		[noprint] DATA_BLOB			encryption_key_blob;

 		[ignore] smb2_signing_key		*encryption_key;

 		[noprint] DATA_BLOB			decryption_key_blob;

+		[ignore] smb2_signing_key		*decryption_key;

 		[noprint] DATA_BLOB			application_key;

 		[range(1, 1024)] uint32			num_channels;

 		smbXsrv_channel_global0			channels[num_channels];

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c

index b708fdb90b9..56e7b70696b 100644

--- a/source3/smbd/smb2_server.c

+++ b/source3/smbd/smb2_server.c

@@ -432,7 +432,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,

 			tf_iov[1].iov_base = (void *)hdr;

 			tf_iov[1].iov_len = enc_len;

-			status = smb2_signing_decrypt_pdu(s->global->decryption_key_blob,

+			status = smb2_signing_decrypt_pdu(s->global->decryption_key->blob,

 							  xconn->smb2.server.cipher,

 							  tf_iov, 2);

 			if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c

index c2725825d7a..d6900665a95 100644

--- a/source3/smbd/smb2_sesssetup.c

+++ b/source3/smbd/smb2_sesssetup.c

@@ -373,18 +373,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,

 	if (xconn->protocol >= PROTOCOL_SMB2_24) {

 		struct _derivation *d = &derivation.decryption;

-		x->global->decryption_key_blob = data_blob_talloc(x->global,

-							     session_key,

-							     sizeof(session_key));

-		if (x->global->decryption_key_blob.data == NULL) {

+		x->global->decryption_key =

+			talloc_zero(x->global, struct smb2_signing_key);

+		if (x->global->decryption_key == NULL) {

+			ZERO_STRUCT(session_key);

+			return NT_STATUS_NO_MEMORY;

+		}

+

+		x->global->decryption_key->blob =

+			x->global->decryption_key_blob =

+				data_blob_talloc(x->global->decryption_key,

+						 session_key,

+						 sizeof(session_key));

+		if (!smb2_signing_key_valid(x->global->decryption_key)) {

 			ZERO_STRUCT(session_key);

 			return NT_STATUS_NO_MEMORY;

 		}

+		talloc_keep_secret(x->global->decryption_key->blob.data);

 		status = smb2_key_derivation(session_key, sizeof(session_key),

 					     d->label.data, d->label.length,

 					     d->context.data, d->context.length,

-					     x->global->decryption_key_blob.data);

+					     x->global->decryption_key->blob.data);

 		if (!NT_STATUS_IS_OK(status)) {

 			return status;

 		}

@@ -484,8 +494,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,

 		/* In server code, ServerIn is the decryption key */

 		DEBUGADD(0, ("ServerIn Key  "));

-		dump_data(0, x->global->decryption_key_blob.data,

-			  x->global->decryption_key_blob.length);

+		dump_data(0, x->global->decryption_key->blob.data,

+			  x->global->decryption_key->blob.length);

 		DEBUGADD(0, ("ServerOut Key "));

 		dump_data(0, x->global->encryption_key->blob.data,

 			  x->global->encryption_key->blob.length);

-- 

2.23.0