|
|
1524bc |
From 8b5c3ae97f0e30e8df78e81c53b4ba02365a299d Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Date: Fri, 23 Aug 2019 09:12:21 +0200
|
|
|
1524bc |
Subject: [PATCH 137/187] libcli:smb: Use gnutls_aead_cipher_decryptv2() for
|
|
|
1524bc |
AES GCM or CCM
|
|
|
1524bc |
|
|
|
1524bc |
This is a new call which has been added with GnuTLS 3.6.10 and will
|
|
|
1524bc |
recuduce memory allocations and copying of data.
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Reviewed-by: Simo Sorce <idra@samba.org>
|
|
|
1524bc |
|
|
|
1524bc |
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
|
|
1524bc |
Autobuild-Date(master): Tue Oct 8 14:12:44 UTC 2019 on sn-devel-184
|
|
|
1524bc |
|
|
|
1524bc |
(cherry picked from commit 4a24d9499757dea377b4e3d8beb7f2c10fd5c5d0)
|
|
|
1524bc |
---
|
|
|
1524bc |
libcli/smb/smb2_signing.c | 29 +++++++++++++++++++++++++++--
|
|
|
1524bc |
1 file changed, 27 insertions(+), 2 deletions(-)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
|
|
|
1524bc |
index ac0f6f4d29f..166ab9d83ff 100644
|
|
|
1524bc |
--- a/libcli/smb/smb2_signing.c
|
|
|
1524bc |
+++ b/libcli/smb/smb2_signing.c
|
|
|
1524bc |
@@ -588,13 +588,12 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
|
|
|
1524bc |
{
|
|
|
1524bc |
uint8_t *tf;
|
|
|
1524bc |
uint16_t flags;
|
|
|
1524bc |
- int i;
|
|
|
1524bc |
size_t a_total;
|
|
|
1524bc |
ssize_t m_total;
|
|
|
1524bc |
uint32_t msg_size = 0;
|
|
|
1524bc |
uint32_t iv_size = 0;
|
|
|
1524bc |
uint32_t key_size = 0;
|
|
|
1524bc |
- uint32_t tag_size = 0;
|
|
|
1524bc |
+ size_t tag_size = 0;
|
|
|
1524bc |
uint8_t _key[16] = {0};
|
|
|
1524bc |
gnutls_cipher_algorithm_t algo = 0;
|
|
|
1524bc |
gnutls_datum_t key;
|
|
|
1524bc |
@@ -680,12 +679,37 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
|
|
|
1524bc |
}
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
|
|
|
1524bc |
+ {
|
|
|
1524bc |
+ giovec_t auth_iov[1];
|
|
|
1524bc |
+
|
|
|
1524bc |
+ auth_iov[0] = (giovec_t) {
|
|
|
1524bc |
+ .iov_base = tf + SMB2_TF_NONCE,
|
|
|
1524bc |
+ .iov_len = a_total,
|
|
|
1524bc |
+ };
|
|
|
1524bc |
+
|
|
|
1524bc |
+ rc = gnutls_aead_cipher_decryptv2(decryption_key->cipher_hnd,
|
|
|
1524bc |
+ iv.data,
|
|
|
1524bc |
+ iv.size,
|
|
|
1524bc |
+ auth_iov,
|
|
|
1524bc |
+ 1,
|
|
|
1524bc |
+ &vector[1],
|
|
|
1524bc |
+ count - 1,
|
|
|
1524bc |
+ tf + SMB2_TF_SIGNATURE,
|
|
|
1524bc |
+ tag_size);
|
|
|
1524bc |
+ if (rc < 0) {
|
|
|
1524bc |
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
|
|
|
1524bc |
+ goto out;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
+ }
|
|
|
1524bc |
+#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
|
|
|
1524bc |
{
|
|
|
1524bc |
size_t ctext_size = m_total + tag_size;
|
|
|
1524bc |
uint8_t *ctext = NULL;
|
|
|
1524bc |
size_t ptext_size = m_total;
|
|
|
1524bc |
uint8_t *ptext = NULL;
|
|
|
1524bc |
size_t len = 0;
|
|
|
1524bc |
+ int i;
|
|
|
1524bc |
|
|
|
1524bc |
/* GnuTLS doesn't have a iovec API for decryption yet */
|
|
|
1524bc |
|
|
|
1524bc |
@@ -751,6 +775,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
|
|
|
1524bc |
TALLOC_FREE(ptext);
|
|
|
1524bc |
TALLOC_FREE(ctext);
|
|
|
1524bc |
}
|
|
|
1524bc |
+#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
|
|
|
1524bc |
|
|
|
1524bc |
DBG_INFO("Decrypted SMB2 message\n");
|
|
|
1524bc |
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|