From fcbef176770dc8531ab9eb8bb091b44b3923f405 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Thu, 14 Mar 2019 10:53:23 +0100

Subject: [PATCH 126/187] libcli:smb: Use smb2_signing_key in

 smb2_signing_decrypt_pdu()

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Adaped to remove Samba AES support

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 7f56e91dbe404bc1ee40e4843c4046336945b057)

---

 libcli/smb/smb2_signing.c  | 34 +++++++++++++++-------------------

 libcli/smb/smb2_signing.h  |  2 +-

 libcli/smb/smbXcli_base.c  |  2 +-

 source3/smbd/smb2_server.c |  2 +-

 4 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c

index 1d9c99337d8..9f40e8bbea5 100644

--- a/libcli/smb/smb2_signing.c

+++ b/libcli/smb/smb2_signing.c

@@ -558,7 +558,7 @@ out:

 	return status;

 }

-NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

+NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,

 				  uint16_t cipher_id,

 				  struct iovec *vector,

 				  int count)

@@ -574,7 +574,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 	uint32_t tag_size = 0;

 	uint8_t _key[16] = {0};

 	gnutls_cipher_algorithm_t algo = 0;

-	gnutls_aead_cipher_hd_t cipher_hnd = NULL;

 	gnutls_datum_t key;

 	gnutls_datum_t iv;

 	NTSTATUS status;

@@ -590,9 +589,9 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 	tf = (uint8_t *)vector[0].iov_base;

-	if (decryption_key.length == 0) {

-		DEBUG(2,("Wrong decryption key length %u for SMB2 signing\n",

-			 (unsigned)decryption_key.length));

+	if (!smb2_signing_key_valid(decryption_key)) {

+		DBG_WARNING("Wrong decryption key length %zu for SMB2 signing\n",

+			    decryption_key->blob.length);

 		return NT_STATUS_ACCESS_DENIED;

 	}

@@ -640,20 +639,22 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 	};

 	memcpy(key.data,

-	       decryption_key.data,

-	       MIN(decryption_key.length, key.size));

+	       decryption_key->blob.data,

+	       MIN(decryption_key->blob.length, key.size));

 	iv = (gnutls_datum_t) {

 		.data = tf + SMB2_TF_NONCE,

 		.size = iv_size,

 	};

-	rc = gnutls_aead_cipher_init(&cipher_hnd,

-				     algo,

-				     &key);

-	if (rc < 0) {

-		status = NT_STATUS_NO_MEMORY;

-		goto out;

+	if (decryption_key->cipher_hnd == NULL) {

+		rc = gnutls_aead_cipher_init(&decryption_key->cipher_hnd,

+					     algo,

+					     &key);

+		if (rc < 0) {

+			status = NT_STATUS_NO_MEMORY;

+			goto out;

+		}

 	}

 	{

@@ -667,7 +668,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 		ptext = talloc_size(talloc_tos(), ptext_size);

 		if (ptext == NULL) {

-			gnutls_aead_cipher_deinit(cipher_hnd);

 			status = NT_STATUS_NO_MEMORY;

 			goto out;

 		}

@@ -675,7 +675,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 		ctext = talloc_size(talloc_tos(), ctext_size);

 		if (ctext == NULL) {

 			TALLOC_FREE(ptext);

-			gnutls_aead_cipher_deinit(cipher_hnd);

 			status = NT_STATUS_NO_MEMORY;

 			goto out;

 		}

@@ -691,7 +690,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 		if (len != m_total) {

 			TALLOC_FREE(ptext);

 			TALLOC_FREE(ctext);

-			gnutls_aead_cipher_deinit(cipher_hnd);

 			status = NT_STATUS_INTERNAL_ERROR;

 			goto out;

 		}

@@ -701,7 +699,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 		       tag_size);

 		/* This function will verify the tag */

-		rc = gnutls_aead_cipher_decrypt(cipher_hnd,

+		rc = gnutls_aead_cipher_decrypt(decryption_key->cipher_hnd,

 						iv.data,

 						iv.size,

 						tf + SMB2_TF_NONCE,

@@ -715,7 +713,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 			DBG_ERR("ERROR: %s\n", gnutls_strerror(rc));

 			TALLOC_FREE(ptext);

 			TALLOC_FREE(ctext);

-			gnutls_aead_cipher_deinit(cipher_hnd);

 			status = NT_STATUS_INTERNAL_ERROR;

 			goto out;

 		}

@@ -732,7 +729,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

 		TALLOC_FREE(ptext);

 		TALLOC_FREE(ctext);

 	}

-	gnutls_aead_cipher_deinit(cipher_hnd);

 	DBG_INFO("Decrypted SMB2 message\n");

diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h

index 13fb54e4e4e..7eefad93b3e 100644

--- a/libcli/smb/smb2_signing.h

+++ b/libcli/smb/smb2_signing.h

@@ -57,7 +57,7 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,

 				  uint16_t cipher_id,

 				  struct iovec *vector,

 				  int count);

-NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,

+NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,

 				  uint16_t cipher_id,

 				  struct iovec *vector,

 				  int count);

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index aa69c374d49..421fc434305 100644

--- a/libcli/smb/smbXcli_base.c

+++ b/libcli/smb/smbXcli_base.c

@@ -3567,7 +3567,7 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,

 			tf_iov[1].iov_base = (void *)hdr;

 			tf_iov[1].iov_len = enc_len;

-			status = smb2_signing_decrypt_pdu(s->smb2->decryption_key->blob,

+			status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,

 							  conn->smb2.server.cipher,

 							  tf_iov, 2);

 			if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c

index 56e7b70696b..9df22b5a6ac 100644

--- a/source3/smbd/smb2_server.c

+++ b/source3/smbd/smb2_server.c

@@ -432,7 +432,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,

 			tf_iov[1].iov_base = (void *)hdr;

 			tf_iov[1].iov_len = enc_len;

-			status = smb2_signing_decrypt_pdu(s->global->decryption_key->blob,

+			status = smb2_signing_decrypt_pdu(s->global->decryption_key,

 							  xconn->smb2.server.cipher,

 							  tf_iov, 2);

 			if (!NT_STATUS_IS_OK(status)) {

-- 

2.23.0