rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0121-libcli-smb-Use-GnuTLS-AES128-CMAC-in-smb2_signing_ch.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0121-libcli-smb-Use-GnuTLS-AES128-CMAC-in-smb2_signing_ch.patch
Blob History Raw
b6b438 
From 7f4ab026bdb4b276a76c8359481124ff77597a42 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Fri, 15 Mar 2019 16:58:21 +0100
b6b438 
Subject: [PATCH 121/187] libcli:smb: Use GnuTLS AES128 CMAC in
b6b438 
 smb2_signing_check_pdu()
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit 1490f9260060104b31beefac9e61addd36b1919a)
b6b438 
---
b6b438 
 libcli/smb/smb2_signing.c | 38 ++++++++++++++++++++++++++++++++++++++
b6b438 
 1 file changed, 38 insertions(+)
b6b438
b6b438 
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
b6b438 
index 466fe9a49e3..5bf61bd477b 100644
b6b438 
--- a/libcli/smb/smb2_signing.c
b6b438 
+++ b/libcli/smb/smb2_signing.c
b6b438 
@@ -216,6 +216,43 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
b6b438 
 	sig = hdr+SMB2_HDR_SIGNATURE;
b6b438
b6b438 
 	if (protocol >= PROTOCOL_SMB2_24) {
b6b438 
+#ifdef HAVE_GNUTLS_AES_CMAC
b6b438 
+		gnutls_datum_t key = {
b6b438 
+			.data = signing_key->blob.data,
b6b438 
+			.size = MIN(signing_key->blob.length, 16),
b6b438 
+		};
b6b438 
+		int rc;
b6b438 
+
b6b438 
+		if (signing_key->hmac_hnd == NULL) {
b6b438 
+			rc = gnutls_hmac_init(&signing_key->hmac_hnd,
b6b438 
+					      GNUTLS_MAC_AES_CMAC_128,
b6b438 
+					      key.data,
b6b438 
+					      key.size);
b6b438 
+			if (rc < 0) {
b6b438 
+				return NT_STATUS_NO_MEMORY;
b6b438 
+			}
b6b438 
+		}
b6b438 
+
b6b438 
+		rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
b6b438 
+		if (rc < 0) {
b6b438 
+			return NT_STATUS_INTERNAL_ERROR;
b6b438 
+		}
b6b438 
+
b6b438 
+		rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
b6b438 
+		if (rc < 0) {
b6b438 
+			return NT_STATUS_INTERNAL_ERROR;
b6b438 
+		}
b6b438 
+
b6b438 
+		for (i = 1; i < count; i++) {
b6b438 
+			rc = gnutls_hmac(signing_key->hmac_hnd,
b6b438 
+					 vector[i].iov_base,
b6b438 
+					 vector[i].iov_len);
b6b438 
+			if (rc < 0) {
b6b438 
+				return NT_STATUS_INTERNAL_ERROR;
b6b438 
+			}
b6b438 
+		}
b6b438 
+		gnutls_hmac_output(signing_key->hmac_hnd, res);
b6b438 
+#else /* NOT HAVE_GNUTLS_AES_CMAC */
b6b438 
 		struct aes_cmac_128_context ctx;
b6b438 
 		uint8_t key[AES_BLOCK_SIZE] = {0};
b6b438
b6b438 
@@ -234,6 +271,7 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
b6b438 
 		aes_cmac_128_final(&ctx, res);
b6b438
b6b438 
 		ZERO_ARRAY(key);
b6b438 
+#endif
b6b438 
 	} else {
b6b438 
 		uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
b6b438 
 		int rc;
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation