From 94b8f3071fafea18ceb59098f8611a0f2cb5a655 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 Feb 2019 16:43:36 +0100
Subject: [PATCH 125/187] libcli:smb: Support GnuTLS AES CCM and GCM in
smb2_signing_decrypt_pdu()
This requires GnuTLS >= 3.4.0.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3d2de36d9a08354fb775a5d93a9b40012bf6966f)
---
libcli/smb/smb2_signing.c | 170 ++++++++++++++++++++++++++++----------
1 file changed, 125 insertions(+), 45 deletions(-)
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 52209d9553b..1d9c99337d8 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -558,7 +558,6 @@ out:
return status;
}
-
NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
uint16_t cipher_id,
struct iovec *vector,
@@ -566,17 +565,20 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
{
uint8_t *tf;
uint16_t flags;
- uint8_t *sig_ptr = NULL;
- uint8_t sig[16];
int i;
size_t a_total;
ssize_t m_total;
uint32_t msg_size = 0;
- union {
- struct aes_ccm_128_context ccm;
- struct aes_gcm_128_context gcm;
- } c;
- uint8_t key[AES_BLOCK_SIZE];
+ uint32_t iv_size = 0;
+ uint32_t key_size = 0;
+ uint32_t tag_size = 0;
+ uint8_t _key[16] = {0};
+ gnutls_cipher_algorithm_t algo = 0;
+ gnutls_aead_cipher_hd_t cipher_hnd = NULL;
+ gnutls_datum_t key;
+ gnutls_datum_t iv;
+ NTSTATUS status;
+ int rc;
if (count < 1) {
return NT_STATUS_INVALID_PARAMETER;
@@ -612,53 +614,131 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
return NT_STATUS_INTERNAL_ERROR;
}
- ZERO_STRUCT(key);
- memcpy(key, decryption_key.data,
- MIN(decryption_key.length, AES_BLOCK_SIZE));
-
switch (cipher_id) {
case SMB2_ENCRYPTION_AES128_CCM:
- aes_ccm_128_init(&c.ccm, key,
- tf + SMB2_TF_NONCE,
- a_total, m_total);
- aes_ccm_128_update(&c.ccm, tf + SMB2_TF_NONCE, a_total);
- for (i=1; i < count; i++) {
- aes_ccm_128_crypt(&c.ccm,
- (uint8_t *)vector[i].iov_base,
- vector[i].iov_len);
- aes_ccm_128_update(&c.ccm,
- ( uint8_t *)vector[i].iov_base,
- vector[i].iov_len);
- }
- aes_ccm_128_digest(&c.ccm, sig);
+ algo = GNUTLS_CIPHER_AES_128_CCM;
+ iv_size = SMB2_AES_128_CCM_NONCE_SIZE;
break;
-
case SMB2_ENCRYPTION_AES128_GCM:
- aes_gcm_128_init(&c.gcm, key, tf + SMB2_TF_NONCE);
- aes_gcm_128_updateA(&c.gcm, tf + SMB2_TF_NONCE, a_total);
- for (i=1; i < count; i++) {
- aes_gcm_128_updateC(&c.gcm,
- (const uint8_t *)vector[i].iov_base,
- vector[i].iov_len);
- aes_gcm_128_crypt(&c.gcm,
- (uint8_t *)vector[i].iov_base,
- vector[i].iov_len);
- }
- aes_gcm_128_digest(&c.gcm, sig);
+ algo = GNUTLS_CIPHER_AES_128_GCM;
+ iv_size = gnutls_cipher_get_iv_size(algo);
break;
-
default:
- ZERO_STRUCT(key);
return NT_STATUS_INVALID_PARAMETER;
}
- ZERO_STRUCT(key);
- sig_ptr = tf + SMB2_TF_SIGNATURE;
- if (memcmp(sig_ptr, sig, 16) != 0) {
- return NT_STATUS_ACCESS_DENIED;
+ key_size = gnutls_cipher_get_key_size(algo);
+ tag_size = gnutls_cipher_get_tag_size(algo);
+
+ if (key_size > sizeof(_key)) {
+ return NT_STATUS_BUFFER_TOO_SMALL;
}
- DEBUG(5,("decrypt SMB2 message\n"));
+ key = (gnutls_datum_t) {
+ .data = _key,
+ .size = key_size,
+ };
- return NT_STATUS_OK;
+ memcpy(key.data,
+ decryption_key.data,
+ MIN(decryption_key.length, key.size));
+
+ iv = (gnutls_datum_t) {
+ .data = tf + SMB2_TF_NONCE,
+ .size = iv_size,
+ };
+
+ rc = gnutls_aead_cipher_init(&cipher_hnd,
+ algo,
+ &key);
+ if (rc < 0) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ {
+ size_t ctext_size = m_total + tag_size;
+ uint8_t *ctext = NULL;
+ size_t ptext_size = m_total;
+ uint8_t *ptext = NULL;
+ size_t len = 0;
+
+ /* GnuTLS doesn't have a iovec API for decryption yet */
+
+ ptext = talloc_size(talloc_tos(), ptext_size);
+ if (ptext == NULL) {
+ gnutls_aead_cipher_deinit(cipher_hnd);
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ ctext = talloc_size(talloc_tos(), ctext_size);
+ if (ctext == NULL) {
+ TALLOC_FREE(ptext);
+ gnutls_aead_cipher_deinit(cipher_hnd);
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+
+ for (i = 1; i < count; i++) {
+ memcpy(ctext + len,
+ vector[i].iov_base,
+ vector[i].iov_len);
+
+ len += vector[i].iov_len;
+ }
+ if (len != m_total) {
+ TALLOC_FREE(ptext);
+ TALLOC_FREE(ctext);
+ gnutls_aead_cipher_deinit(cipher_hnd);
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
+ memcpy(ctext + len,
+ tf + SMB2_TF_SIGNATURE,
+ tag_size);
+
+ /* This function will verify the tag */
+ rc = gnutls_aead_cipher_decrypt(cipher_hnd,
+ iv.data,
+ iv.size,
+ tf + SMB2_TF_NONCE,
+ a_total,
+ tag_size,
+ ctext,
+ ctext_size,
+ ptext,
+ &ptext_size);
+ if (rc < 0 || ptext_size != m_total) {
+ DBG_ERR("ERROR: %s\n", gnutls_strerror(rc));
+ TALLOC_FREE(ptext);
+ TALLOC_FREE(ctext);
+ gnutls_aead_cipher_deinit(cipher_hnd);
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
+ len = 0;
+ for (i = 1; i < count; i++) {
+ memcpy(vector[i].iov_base,
+ ptext + len,
+ vector[i].iov_len);
+
+ len += vector[i].iov_len;
+ }
+
+ TALLOC_FREE(ptext);
+ TALLOC_FREE(ctext);
+ }
+ gnutls_aead_cipher_deinit(cipher_hnd);
+
+ DBG_INFO("Decrypted SMB2 message\n");
+
+ status = NT_STATUS_OK;
+out:
+ ZERO_ARRAY(_key);
+
+ return status;
}
--
2.23.0