summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-02-27 09:33:46 +0100
committerStefan Metzmacher <metze@samba.org>2012-02-29 04:54:46 +0100
commitc9219fe5859957589570ff0deeaccd17125d347e (patch)
treec141f56269247f9a514d2700a941bd52709fa773
parent39ae4737e0fbf8db348db76f7a534a55304918f0 (diff)
downloadsamba-c9219fe5859957589570ff0deeaccd17125d347e.tar.gz
samba-c9219fe5859957589570ff0deeaccd17125d347e.tar.bz2
samba-c9219fe5859957589570ff0deeaccd17125d347e.zip
libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keys
This uses the key diveration function from "NIST Special Publication 800-108" in counter mode (section 5.1). Thanks to Jeremy, Michael and Volker for the debugging! metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
-rw-r--r--libcli/smb/smbXcli_base.c43
1 files changed, 41 insertions, 2 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index f47659dd03..e64a9c7ddd 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4132,17 +4132,43 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
session->smb2.signing_key = data_blob_talloc(session,
session_key,
sizeof(session_key));
- ZERO_STRUCT(session_key);
if (session->smb2.signing_key.data == NULL) {
+ ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+ const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC");
+ const DATA_BLOB context = _STRING_BLOB("SmbSign");
+#undef _STRING_BLOB
+
+ smb2_key_deviration(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.signing_key.data);
+ }
+
session->smb2.application_key = data_blob_dup_talloc(session,
session->smb2.signing_key);
if (session->smb2.application_key.data == NULL) {
+ ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+ const DATA_BLOB label = _STRING_BLOB("SMB2APP");
+ const DATA_BLOB context = _STRING_BLOB("SmbRpc");
+#undef _STRING_BLOB
+
+ smb2_key_deviration(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.application_key.data);
+ }
+ ZERO_STRUCT(session_key);
+
session->smb2.channel_signing_key = data_blob_dup_talloc(session,
session->smb2.signing_key);
if (session->smb2.channel_signing_key.data == NULL) {
@@ -4230,11 +4256,24 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
session->smb2.channel_signing_key = data_blob_talloc(session,
channel_key,
sizeof(channel_key));
- ZERO_STRUCT(channel_key);
if (session->smb2.channel_signing_key.data == NULL) {
+ ZERO_STRUCT(channel_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+ const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC");
+ const DATA_BLOB context = _STRING_BLOB("SmbSign");
+#undef _STRING_BLOB
+
+ smb2_key_deviration(channel_key, sizeof(channel_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.channel_signing_key.data);
+ }
+ ZERO_STRUCT(channel_key);
+
status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
session->conn->protocol,
recv_iov, 3);