diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-02-22 13:13:47 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-29 03:16:23 +0100 |
| commit | 7f5e56971f617fd71ec47a54866577d08dabd1d7 (patch) | |
| tree | 4884182bc45c037b92d51e6332c32662bc691781 /libcli | |
| parent | 7102eafc266e82121b1a267991584885ebfa9a65 (diff) | |
| download | samba-7f5e56971f617fd71ec47a54866577d08dabd1d7.tar.gz samba-7f5e56971f617fd71ec47a54866577d08dabd1d7.tar.bz2 samba-7f5e56971f617fd71ec47a54866577d08dabd1d7.zip | |
libcli/smb/smb2_signing: add smb2_key_deviration()
This implements a simplified version of "NIST Special Publication 800-108" section 5.1
using hmac-sha256.
Thanks to Jeremy, Michael and Volker for the debugging!
metze
Diffstat (limited to 'libcli')
| -rw-r--r-- | libcli/smb/smb2_signing.c | 32 | ||||
| -rw-r--r-- | libcli/smb/smb2_signing.h | 5 |
2 files changed, 37 insertions, 0 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 30172772b7..62a5ade043 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -135,3 +135,35 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key, return NT_STATUS_OK; } + +void smb2_key_deviration(const uint8_t *KI, size_t KI_len, + const uint8_t *Label, size_t Label_len, + const uint8_t *Context, size_t Context_len, + uint8_t KO[16]) +{ + struct HMACSHA256Context ctx; + uint8_t buf[4]; + static const uint8_t zero = 0; + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t i = 1; + uint32_t L = 128; + + /* + * a simplified version of + * "NIST Special Publication 800-108" section 5.1 + * using hmac-sha256. + */ + hmac_sha256_init(KI, KI_len, &ctx); + + RSIVAL(buf, 0, i); + hmac_sha256_update(buf, sizeof(buf), &ctx); + hmac_sha256_update(Label, Label_len, &ctx); + hmac_sha256_update(&zero, 1, &ctx); + hmac_sha256_update(Context, Context_len, &ctx); + RSIVAL(buf, 0, L); + hmac_sha256_update(buf, sizeof(buf), &ctx); + + hmac_sha256_final(digest, &ctx); + + memcpy(KO, digest, 16); +} diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h index ba2b1ca302..34d8ba2f4e 100644 --- a/libcli/smb/smb2_signing.h +++ b/libcli/smb/smb2_signing.h @@ -33,4 +33,9 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key, const struct iovec *vector, int count); +void smb2_key_deviration(const uint8_t *KI, size_t KI_len, + const uint8_t *Label, size_t Label_len, + const uint8_t *Context, size_t Context_len, + uint8_t KO[16]); + #endif /* _LIBCLI_SMB_SMB2_SIGNING_H_ */ |