1 files changed, 41 insertions, 2 deletions

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index f47659dd03..e64a9c7ddd 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4132,17 +4132,43 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	session->smb2.signing_key = data_blob_talloc(session,
 						     session_key,
 						     sizeof(session_key));
-	ZERO_STRUCT(session_key);
 	if (session->smb2.signing_key.data == NULL) {
+		ZERO_STRUCT(session_key);
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+		const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC");
+		const DATA_BLOB context = _STRING_BLOB("SmbSign");
+#undef _STRING_BLOB
+
+		smb2_key_deviration(session_key, sizeof(session_key),
+				    label.data, label.length,
+				    context.data, context.length,
+				    session->smb2.signing_key.data);
+	}
+
 	session->smb2.application_key = data_blob_dup_talloc(session,
 						session->smb2.signing_key);
 	if (session->smb2.application_key.data == NULL) {
+		ZERO_STRUCT(session_key);
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+		const DATA_BLOB label = _STRING_BLOB("SMB2APP");
+		const DATA_BLOB context = _STRING_BLOB("SmbRpc");
+#undef _STRING_BLOB
+
+		smb2_key_deviration(session_key, sizeof(session_key),
+				    label.data, label.length,
+				    context.data, context.length,
+				    session->smb2.application_key.data);
+	}
+	ZERO_STRUCT(session_key);
+
 	session->smb2.channel_signing_key = data_blob_dup_talloc(session,
 						session->smb2.signing_key);
 	if (session->smb2.channel_signing_key.data == NULL) {
@@ -4230,11 +4256,24 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
 	session->smb2.channel_signing_key = data_blob_talloc(session,
 						channel_key,
 						sizeof(channel_key));
-	ZERO_STRUCT(channel_key);
 	if (session->smb2.channel_signing_key.data == NULL) {
+		ZERO_STRUCT(channel_key);
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (conn->protocol >= PROTOCOL_SMB2_24) {
+#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x))
+		const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC");
+		const DATA_BLOB context = _STRING_BLOB("SmbSign");
+#undef _STRING_BLOB
+
+		smb2_key_deviration(channel_key, sizeof(channel_key),
+				    label.data, label.length,
+				    context.data, context.length,
+				    session->smb2.channel_signing_key.data);
+	}
+	ZERO_STRUCT(channel_key);
+
 	status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
 					session->conn->protocol,
 					recv_iov, 3);