From 5076ca90caf92b56a5708cf185835e74ddfe3cfb Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 14 Mar 2019 09:34:23 +0100 Subject: [PATCH 113/187] libcli:smb: Use a smb2_signing_key for storing the encryption key Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 48116a30d51d9bac6201a8b94262aa78b451ad63) --- libcli/smb/smbXcli_base.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index bfc85ecc225..52bc438c389 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -154,7 +154,7 @@ struct smb2cli_session { struct smb2_signing_key *signing_key; bool should_sign; bool should_encrypt; - DATA_BLOB encryption_key; + struct smb2_signing_key *encryption_key; DATA_BLOB decryption_key; uint64_t nonce_high_random; uint64_t nonce_high_max; @@ -3090,7 +3090,7 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, struct iovec *iov; int i, num_iov, nbt_len; int tf_iov = -1; - const DATA_BLOB *encryption_key = NULL; + const struct smb2_signing_key *encryption_key = NULL; uint64_t encryption_session_id = 0; uint64_t nonce_high = UINT64_MAX; uint64_t nonce_low = UINT64_MAX; @@ -3137,8 +3137,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, continue; } - encryption_key = &state->session->smb2->encryption_key; - if (encryption_key->length == 0) { + encryption_key = state->session->smb2->encryption_key; + if (!smb2_signing_key_valid(encryption_key)) { return NT_STATUS_INVALID_PARAMETER_MIX; } @@ -3379,7 +3379,7 @@ skip_credits: buf += v->iov_len; } - status = smb2_signing_encrypt_pdu(*encryption_key, + status = smb2_signing_encrypt_pdu(encryption_key->blob, state->conn->smb2.server.cipher, &iov[tf_iov], num_iov - tf_iov); if (!NT_STATUS_IS_OK(status)) { @@ -5723,11 +5723,11 @@ NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session, return NT_STATUS_NO_USER_SESSION_KEY; } - if (session->smb2->encryption_key.length == 0) { + if (!smb2_signing_key_valid(session->smb2->encryption_key)) { return NT_STATUS_NO_USER_SESSION_KEY; } - *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key); + *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key->blob); if (key->data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6121,9 +6121,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, } session->smb2->encryption_key = - data_blob_dup_talloc(session, + talloc_zero(session, struct smb2_signing_key); + if (session->smb2->encryption_key == NULL) { + ZERO_STRUCT(session_key); + return NT_STATUS_NO_MEMORY; + } + talloc_set_destructor(session->smb2->encryption_key, + smb2_signing_key_destructor); + + session->smb2->encryption_key->blob = + data_blob_dup_talloc(session->smb2->encryption_key, session->smb2->signing_key->blob); - if (session->smb2->encryption_key.data == NULL) { + if (!smb2_signing_key_valid(session->smb2->encryption_key)) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } @@ -6134,7 +6143,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, status = smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, - session->smb2->encryption_key.data); + session->smb2->encryption_key->blob.data); if (!NT_STATUS_IS_OK(status)) { return status; } -- 2.23.0