From fcbef176770dc8531ab9eb8bb091b44b3923f405 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 14 Mar 2019 10:53:23 +0100 Subject: [PATCH 126/187] libcli:smb: Use smb2_signing_key in smb2_signing_decrypt_pdu() Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Adaped to remove Samba AES support Signed-off-by: Andrew Bartlett (cherry picked from commit 7f56e91dbe404bc1ee40e4843c4046336945b057) --- libcli/smb/smb2_signing.c | 34 +++++++++++++++------------------- libcli/smb/smb2_signing.h | 2 +- libcli/smb/smbXcli_base.c | 2 +- source3/smbd/smb2_server.c | 2 +- 4 files changed, 18 insertions(+), 22 deletions(-) diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 1d9c99337d8..9f40e8bbea5 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -558,7 +558,7 @@ out: return status; } -NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, +NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, uint16_t cipher_id, struct iovec *vector, int count) @@ -574,7 +574,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, uint32_t tag_size = 0; uint8_t _key[16] = {0}; gnutls_cipher_algorithm_t algo = 0; - gnutls_aead_cipher_hd_t cipher_hnd = NULL; gnutls_datum_t key; gnutls_datum_t iv; NTSTATUS status; @@ -590,9 +589,9 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, tf = (uint8_t *)vector[0].iov_base; - if (decryption_key.length == 0) { - DEBUG(2,("Wrong decryption key length %u for SMB2 signing\n", - (unsigned)decryption_key.length)); + if (!smb2_signing_key_valid(decryption_key)) { + DBG_WARNING("Wrong decryption key length %zu for SMB2 signing\n", + decryption_key->blob.length); return NT_STATUS_ACCESS_DENIED; } @@ -640,20 +639,22 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, }; memcpy(key.data, - decryption_key.data, - MIN(decryption_key.length, key.size)); + decryption_key->blob.data, + MIN(decryption_key->blob.length, key.size)); iv = (gnutls_datum_t) { .data = tf + SMB2_TF_NONCE, .size = iv_size, }; - rc = gnutls_aead_cipher_init(&cipher_hnd, - algo, - &key); - if (rc < 0) { - status = NT_STATUS_NO_MEMORY; - goto out; + if (decryption_key->cipher_hnd == NULL) { + rc = gnutls_aead_cipher_init(&decryption_key->cipher_hnd, + algo, + &key); + if (rc < 0) { + status = NT_STATUS_NO_MEMORY; + goto out; + } } { @@ -667,7 +668,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, ptext = talloc_size(talloc_tos(), ptext_size); if (ptext == NULL) { - gnutls_aead_cipher_deinit(cipher_hnd); status = NT_STATUS_NO_MEMORY; goto out; } @@ -675,7 +675,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, ctext = talloc_size(talloc_tos(), ctext_size); if (ctext == NULL) { TALLOC_FREE(ptext); - gnutls_aead_cipher_deinit(cipher_hnd); status = NT_STATUS_NO_MEMORY; goto out; } @@ -691,7 +690,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, if (len != m_total) { TALLOC_FREE(ptext); TALLOC_FREE(ctext); - gnutls_aead_cipher_deinit(cipher_hnd); status = NT_STATUS_INTERNAL_ERROR; goto out; } @@ -701,7 +699,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, tag_size); /* This function will verify the tag */ - rc = gnutls_aead_cipher_decrypt(cipher_hnd, + rc = gnutls_aead_cipher_decrypt(decryption_key->cipher_hnd, iv.data, iv.size, tf + SMB2_TF_NONCE, @@ -715,7 +713,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, DBG_ERR("ERROR: %s\n", gnutls_strerror(rc)); TALLOC_FREE(ptext); TALLOC_FREE(ctext); - gnutls_aead_cipher_deinit(cipher_hnd); status = NT_STATUS_INTERNAL_ERROR; goto out; } @@ -732,7 +729,6 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, TALLOC_FREE(ptext); TALLOC_FREE(ctext); } - gnutls_aead_cipher_deinit(cipher_hnd); DBG_INFO("Decrypted SMB2 message\n"); diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h index 13fb54e4e4e..7eefad93b3e 100644 --- a/libcli/smb/smb2_signing.h +++ b/libcli/smb/smb2_signing.h @@ -57,7 +57,7 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, uint16_t cipher_id, struct iovec *vector, int count); -NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, +NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, uint16_t cipher_id, struct iovec *vector, int count); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index aa69c374d49..421fc434305 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3567,7 +3567,7 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn, tf_iov[1].iov_base = (void *)hdr; tf_iov[1].iov_len = enc_len; - status = smb2_signing_decrypt_pdu(s->smb2->decryption_key->blob, + status = smb2_signing_decrypt_pdu(s->smb2->decryption_key, conn->smb2.server.cipher, tf_iov, 2); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 56e7b70696b..9df22b5a6ac 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -432,7 +432,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn, tf_iov[1].iov_base = (void *)hdr; tf_iov[1].iov_len = enc_len; - status = smb2_signing_decrypt_pdu(s->global->decryption_key->blob, + status = smb2_signing_decrypt_pdu(s->global->decryption_key, xconn->smb2.server.cipher, tf_iov, 2); if (!NT_STATUS_IS_OK(status)) { -- 2.23.0