diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-11-08 17:49:48 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-10 00:30:30 +0000 |
commit | c57f429574243adbcd43dca4f35d125df8d69ba0 (patch) | |
tree | 9093d91512e4bf15cf846ff74b1ed5d9586d1f27 /libcli/auth | |
parent | a5548af018643f2e78c482e33ef0e6073db149e4 (diff) | |
download | samba-c57f429574243adbcd43dca4f35d125df8d69ba0.tar.gz |
smbdes: convert des_crypt128() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth')
-rw-r--r-- | libcli/auth/credentials.c | 6 | ||||
-rw-r--r-- | libcli/auth/proto.h | 2 | ||||
-rw-r--r-- | libcli/auth/smbdes.c | 12 | ||||
-rw-r--r-- | libcli/auth/tests/test_gnutls.c | 4 |
4 files changed, 18 insertions, 6 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index d9237f3875b..1b94a06ebfb 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -66,6 +66,7 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState { uint32_t sum[2]; uint8_t sum2[8]; + int rc; sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0); sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4); @@ -75,7 +76,10 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState ZERO_ARRAY(creds->session_key); - des_crypt128(creds->session_key, sum2, machine_password->hash); + rc = des_crypt128(creds->session_key, sum2, machine_password->hash); + if (rc != 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } return NT_STATUS_OK; } diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 5209d6766e4..2ea4eca822a 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -226,7 +226,7 @@ int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7] int E_P16(const uint8_t *p14,uint8_t *p16); int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24); void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out); -void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]); +int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]); void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw); void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw); int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out, diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c index 4e3499f9d26..6a4f4d1d42a 100644 --- a/libcli/auth/smbdes.c +++ b/libcli/auth/smbdes.c @@ -398,11 +398,17 @@ void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out) } /* des encryption with a 128 bit key */ -void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]) +int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]) { uint8_t buf[8]; - des_crypt56(buf, in, key, 1); - des_crypt56(out, buf, key+9, 1); + int ret; + + ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT); + if (ret != 0) { + return ret; + } + + return des_crypt56_gnutls(out, buf, key+9, SAMBA_GNUTLS_ENCRYPT); } /* des encryption with a 112 bit (14 byte) key */ diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c index 9fafe2a767b..d9acfb67075 100644 --- a/libcli/auth/tests/test_gnutls.c +++ b/libcli/auth/tests/test_gnutls.c @@ -362,8 +362,10 @@ static void torture_gnutls_des_crypt128(void **state) }; uint8_t crypt[8]; + int rc; - des_crypt128(crypt, clear, key); + rc = des_crypt128(crypt, clear, key); + assert_int_equal(rc, 0); assert_memory_equal(crypt, crypt_expected, 8); } |