diff options
author | Holger Hetterich <hhetter@novell.com> | 2010-01-29 21:34:27 +0100 |
---|---|---|
committer | Jim McDonough <jmcd@samba.org> | 2010-03-16 09:52:10 -0400 |
commit | 6437df7d2ceedeb26be82e050b300ad55839a721 (patch) | |
tree | 1fcc9cfdc8ebf77b16896d1d06d5250e3766678d | |
parent | 3f5f2d82bd2447ea6a3f7dc626ff9a11f7101055 (diff) | |
download | samba-6437df7d2ceedeb26be82e050b300ad55839a721.tar.gz samba-6437df7d2ceedeb26be82e050b300ad55839a721.tar.bz2 samba-6437df7d2ceedeb26be82e050b300ad55839a721.zip |
Implement AES encryption of the data block.
First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.
This code is untested, as creating the receiver will be my next step.
To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
-rw-r--r-- | source3/modules/vfs_smb_traffic_analyzer.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index e09b6f34fc..9bc0d2ef73 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -531,34 +531,54 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, * over the data. */ size_t size; - char *akey = secrets_fetch("smb_traffic_analyzer_key", &size); + become_root(); + char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size); + unbecome_root(); if ( akey != NULL ) { - char *crypted; + char crypted[18], *filler, *output; + int h,d,s1,s2; state_flags[2] = 'E'; - DEBUG(10, ("smb_traffic_analyzer: a key was found, encrypting " - "data!")); - AES_KEY *key; - samba_AES_set_encrypt_key(akey, 128, key); - samba_AES_encrypt( str, crypted, key ); - len = strlen( crypted ); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: a key was" + " found, encrypting data!\n")); + AES_KEY key; + samba_AES_set_encrypt_key(akey, 128, &key); + s1 = strlen(str) / 16; + s2 = strlen(str) % 16; + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: found %i" + " blocks, %i missing bytes.\n", + s1,s2)); + filler = talloc_asprintf( talloc_tos(), "................" ); + for (h = 0; h < s2; h++) { + *(filler+h)=*(str+(s1*16)+h); + } + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s" + " as filling block.\n", filler)); + output = talloc_array(talloc_tos(), char, (s1*16)+17 ); + d=0; + for (h = 0; h < s1; h++) { + samba_AES_encrypt(str+(16*h), crypted, &key); + for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d]; + } + samba_AES_encrypt( str+(16*h), filler, &key ); + for (d = 0;d < 16; d++) output[d+(16*h)]=*(filler+d); + len = (s1*16)+16; header = talloc_asprintf( talloc_tos(), "V2.%s%017u", state_flags, len); DEBUG(10, ("smb_traffic_analyzer_send_data_socket:" - " header created for crypted data: %s", header)); + " header created for crypted data: %s\n", header)); len = strlen(header); if (write_data(rf_sock->sock, header, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending the header" " over the socket!\n")); } - len = strlen(crypted); - if (write_data(rf_sock->sock, crypted, len) != len) { + len = (s1*16)+16; + if (write_data(rf_sock->sock, output, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending crypted data to socket!\n")); - free( crypted ); - return ; } + return; } len = strlen(str); |