summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/smb/smb2_signing.c32
-rw-r--r--libcli/smb/smb2_signing.h5
2 files changed, 37 insertions, 0 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 30172772b7..62a5ade043 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -135,3 +135,35 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
return NT_STATUS_OK;
}
+
+void smb2_key_deviration(const uint8_t *KI, size_t KI_len,
+ const uint8_t *Label, size_t Label_len,
+ const uint8_t *Context, size_t Context_len,
+ uint8_t KO[16])
+{
+ struct HMACSHA256Context ctx;
+ uint8_t buf[4];
+ static const uint8_t zero = 0;
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ uint32_t i = 1;
+ uint32_t L = 128;
+
+ /*
+ * a simplified version of
+ * "NIST Special Publication 800-108" section 5.1
+ * using hmac-sha256.
+ */
+ hmac_sha256_init(KI, KI_len, &ctx);
+
+ RSIVAL(buf, 0, i);
+ hmac_sha256_update(buf, sizeof(buf), &ctx);
+ hmac_sha256_update(Label, Label_len, &ctx);
+ hmac_sha256_update(&zero, 1, &ctx);
+ hmac_sha256_update(Context, Context_len, &ctx);
+ RSIVAL(buf, 0, L);
+ hmac_sha256_update(buf, sizeof(buf), &ctx);
+
+ hmac_sha256_final(digest, &ctx);
+
+ memcpy(KO, digest, 16);
+}
diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
index ba2b1ca302..34d8ba2f4e 100644
--- a/libcli/smb/smb2_signing.h
+++ b/libcli/smb/smb2_signing.h
@@ -33,4 +33,9 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
const struct iovec *vector,
int count);
+void smb2_key_deviration(const uint8_t *KI, size_t KI_len,
+ const uint8_t *Label, size_t Label_len,
+ const uint8_t *Context, size_t Context_len,
+ uint8_t KO[16]);
+
#endif /* _LIBCLI_SMB_SMB2_SIGNING_H_ */