diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-02-27 09:33:46 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-29 04:54:46 +0100 |
| commit | c9219fe5859957589570ff0deeaccd17125d347e (patch) | |
| tree | c141f56269247f9a514d2700a941bd52709fa773 | |
| parent | 39ae4737e0fbf8db348db76f7a534a55304918f0 (diff) | |
| download | samba-c9219fe5859957589570ff0deeaccd17125d347e.tar.gz samba-c9219fe5859957589570ff0deeaccd17125d347e.tar.bz2 samba-c9219fe5859957589570ff0deeaccd17125d347e.zip | |
libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keys
This uses the key diveration function from "NIST Special Publication 800-108"
in counter mode (section 5.1).
Thanks to Jeremy, Michael and Volker for the debugging!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
| -rw-r--r-- | libcli/smb/smbXcli_base.c | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index f47659dd03..e64a9c7ddd 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4132,17 +4132,43 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, session->smb2.signing_key = data_blob_talloc(session, session_key, sizeof(session_key)); - ZERO_STRUCT(session_key); if (session->smb2.signing_key.data == NULL) { + ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC"); + const DATA_BLOB context = _STRING_BLOB("SmbSign"); +#undef _STRING_BLOB + + smb2_key_deviration(session_key, sizeof(session_key), + label.data, label.length, + context.data, context.length, + session->smb2.signing_key.data); + } + session->smb2.application_key = data_blob_dup_talloc(session, session->smb2.signing_key); if (session->smb2.application_key.data == NULL) { + ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2APP"); + const DATA_BLOB context = _STRING_BLOB("SmbRpc"); +#undef _STRING_BLOB + + smb2_key_deviration(session_key, sizeof(session_key), + label.data, label.length, + context.data, context.length, + session->smb2.application_key.data); + } + ZERO_STRUCT(session_key); + session->smb2.channel_signing_key = data_blob_dup_talloc(session, session->smb2.signing_key); if (session->smb2.channel_signing_key.data == NULL) { @@ -4230,11 +4256,24 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, session->smb2.channel_signing_key = data_blob_talloc(session, channel_key, sizeof(channel_key)); - ZERO_STRUCT(channel_key); if (session->smb2.channel_signing_key.data == NULL) { + ZERO_STRUCT(channel_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC"); + const DATA_BLOB context = _STRING_BLOB("SmbSign"); +#undef _STRING_BLOB + + smb2_key_deviration(channel_key, sizeof(channel_key), + label.data, label.length, + context.data, context.length, + session->smb2.channel_signing_key.data); + } + ZERO_STRUCT(channel_key); + status = smb2_signing_check_pdu(session->smb2.channel_signing_key, session->conn->protocol, recv_iov, 3); |