103 lines
3.6 KiB
Diff
103 lines
3.6 KiB
Diff
|
From 5076ca90caf92b56a5708cf185835e74ddfe3cfb Mon Sep 17 00:00:00 2001
|
||
|
From: Andreas Schneider <asn@samba.org>
|
||
|
Date: Thu, 14 Mar 2019 09:34:23 +0100
|
||
|
Subject: [PATCH 113/187] libcli:smb: Use a smb2_signing_key for storing the
|
||
|
encryption key
|
||
|
|
||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||
|
(cherry picked from commit 48116a30d51d9bac6201a8b94262aa78b451ad63)
|
||
|
---
|
||
|
libcli/smb/smbXcli_base.c | 29 +++++++++++++++++++----------
|
||
|
1 file changed, 19 insertions(+), 10 deletions(-)
|
||
|
|
||
|
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
|
||
|
index bfc85ecc225..52bc438c389 100644
|
||
|
--- a/libcli/smb/smbXcli_base.c
|
||
|
+++ b/libcli/smb/smbXcli_base.c
|
||
|
@@ -154,7 +154,7 @@ struct smb2cli_session {
|
||
|
struct smb2_signing_key *signing_key;
|
||
|
bool should_sign;
|
||
|
bool should_encrypt;
|
||
|
- DATA_BLOB encryption_key;
|
||
|
+ struct smb2_signing_key *encryption_key;
|
||
|
DATA_BLOB decryption_key;
|
||
|
uint64_t nonce_high_random;
|
||
|
uint64_t nonce_high_max;
|
||
|
@@ -3090,7 +3090,7 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
|
||
|
struct iovec *iov;
|
||
|
int i, num_iov, nbt_len;
|
||
|
int tf_iov = -1;
|
||
|
- const DATA_BLOB *encryption_key = NULL;
|
||
|
+ const struct smb2_signing_key *encryption_key = NULL;
|
||
|
uint64_t encryption_session_id = 0;
|
||
|
uint64_t nonce_high = UINT64_MAX;
|
||
|
uint64_t nonce_low = UINT64_MAX;
|
||
|
@@ -3137,8 +3137,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
|
||
|
continue;
|
||
|
}
|
||
|
|
||
|
- encryption_key = &state->session->smb2->encryption_key;
|
||
|
- if (encryption_key->length == 0) {
|
||
|
+ encryption_key = state->session->smb2->encryption_key;
|
||
|
+ if (!smb2_signing_key_valid(encryption_key)) {
|
||
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||
|
}
|
||
|
|
||
|
@@ -3379,7 +3379,7 @@ skip_credits:
|
||
|
buf += v->iov_len;
|
||
|
}
|
||
|
|
||
|
- status = smb2_signing_encrypt_pdu(*encryption_key,
|
||
|
+ status = smb2_signing_encrypt_pdu(encryption_key->blob,
|
||
|
state->conn->smb2.server.cipher,
|
||
|
&iov[tf_iov], num_iov - tf_iov);
|
||
|
if (!NT_STATUS_IS_OK(status)) {
|
||
|
@@ -5723,11 +5723,11 @@ NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session,
|
||
|
return NT_STATUS_NO_USER_SESSION_KEY;
|
||
|
}
|
||
|
|
||
|
- if (session->smb2->encryption_key.length == 0) {
|
||
|
+ if (!smb2_signing_key_valid(session->smb2->encryption_key)) {
|
||
|
return NT_STATUS_NO_USER_SESSION_KEY;
|
||
|
}
|
||
|
|
||
|
- *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key);
|
||
|
+ *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key->blob);
|
||
|
if (key->data == NULL) {
|
||
|
return NT_STATUS_NO_MEMORY;
|
||
|
}
|
||
|
@@ -6121,9 +6121,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||
|
}
|
||
|
|
||
|
session->smb2->encryption_key =
|
||
|
- data_blob_dup_talloc(session,
|
||
|
+ talloc_zero(session, struct smb2_signing_key);
|
||
|
+ if (session->smb2->encryption_key == NULL) {
|
||
|
+ ZERO_STRUCT(session_key);
|
||
|
+ return NT_STATUS_NO_MEMORY;
|
||
|
+ }
|
||
|
+ talloc_set_destructor(session->smb2->encryption_key,
|
||
|
+ smb2_signing_key_destructor);
|
||
|
+
|
||
|
+ session->smb2->encryption_key->blob =
|
||
|
+ data_blob_dup_talloc(session->smb2->encryption_key,
|
||
|
session->smb2->signing_key->blob);
|
||
|
- if (session->smb2->encryption_key.data == NULL) {
|
||
|
+ if (!smb2_signing_key_valid(session->smb2->encryption_key)) {
|
||
|
ZERO_STRUCT(session_key);
|
||
|
return NT_STATUS_NO_MEMORY;
|
||
|
}
|
||
|
@@ -6134,7 +6143,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||
|
status = smb2_key_derivation(session_key, sizeof(session_key),
|
||
|
d->label.data, d->label.length,
|
||
|
d->context.data, d->context.length,
|
||
|
- session->smb2->encryption_key.data);
|
||
|
+ session->smb2->encryption_key->blob.data);
|
||
|
if (!NT_STATUS_IS_OK(status)) {
|
||
|
return status;
|
||
|
}
|
||
|
--
|
||
|
2.23.0
|
||
|
|