From 20bd9ca871f318ba8360525b51f56010f8607fbb Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 8 Nov 2019 17:49:48 +0100
Subject: [PATCH 181/187] smbdes: convert des_crypt128() to use gnutls

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c57f429574243adbcd43dca4f35d125df8d69ba0)
---
 libcli/auth/credentials.c       |  6 +++++-
 libcli/auth/proto.h             |  2 +-
 libcli/auth/smbdes.c            | 12 +++++++++---
 libcli/auth/tests/test_gnutls.c |  4 +++-
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index d9237f3875b..1b94a06ebfb 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -66,6 +66,7 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
 {
 	uint32_t sum[2];
 	uint8_t sum2[8];
+	int rc;
 
 	sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
 	sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
@@ -75,7 +76,10 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
 
 	ZERO_ARRAY(creds->session_key);
 
-	des_crypt128(creds->session_key, sum2, machine_password->hash);
+	rc = des_crypt128(creds->session_key, sum2, machine_password->hash);
+	if (rc != 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+	}
 
 	return NT_STATUS_OK;
 }
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 5209d6766e4..2ea4eca822a 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -226,7 +226,7 @@ int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7]
 int E_P16(const uint8_t *p14,uint8_t *p16);
 int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
 void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
 void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
 void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
 int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,
diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
index 4e3499f9d26..6a4f4d1d42a 100644
--- a/libcli/auth/smbdes.c
+++ b/libcli/auth/smbdes.c
@@ -398,11 +398,17 @@ void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
 }
 
 /* des encryption with a 128 bit key */
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
 {
 	uint8_t buf[8];
-	des_crypt56(buf, in, key, 1);
-	des_crypt56(out, buf, key+9, 1);
+	int ret;
+
+	ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
+	if (ret != 0) {
+		return ret;
+	}
+
+	return des_crypt56_gnutls(out, buf, key+9, SAMBA_GNUTLS_ENCRYPT);
 }
 
 /* des encryption with a 112 bit (14 byte) key */
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index 9fafe2a767b..d9acfb67075 100644
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -362,8 +362,10 @@ static void torture_gnutls_des_crypt128(void **state)
 	};
 
 	uint8_t crypt[8];
+	int rc;
 
-	des_crypt128(crypt, clear, key);
+	rc = des_crypt128(crypt, clear, key);
+	assert_int_equal(rc, 0);
 	assert_memory_equal(crypt, crypt_expected, 8);
 }
 
-- 
2.23.0