From c9219fe5859957589570ff0deeaccd17125d347e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Feb 2012 09:33:46 +0100 Subject: libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keys This uses the key diveration function from "NIST Special Publication 800-108" in counter mode (section 5.1). Thanks to Jeremy, Michael and Volker for the debugging! metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104 --- libcli/smb/smbXcli_base.c | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index f47659dd03..e64a9c7ddd 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4132,17 +4132,43 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, session->smb2.signing_key = data_blob_talloc(session, session_key, sizeof(session_key)); - ZERO_STRUCT(session_key); if (session->smb2.signing_key.data == NULL) { + ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC"); + const DATA_BLOB context = _STRING_BLOB("SmbSign"); +#undef _STRING_BLOB + + smb2_key_deviration(session_key, sizeof(session_key), + label.data, label.length, + context.data, context.length, + session->smb2.signing_key.data); + } + session->smb2.application_key = data_blob_dup_talloc(session, session->smb2.signing_key); if (session->smb2.application_key.data == NULL) { + ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2APP"); + const DATA_BLOB context = _STRING_BLOB("SmbRpc"); +#undef _STRING_BLOB + + smb2_key_deviration(session_key, sizeof(session_key), + label.data, label.length, + context.data, context.length, + session->smb2.application_key.data); + } + ZERO_STRUCT(session_key); + session->smb2.channel_signing_key = data_blob_dup_talloc(session, session->smb2.signing_key); if (session->smb2.channel_signing_key.data == NULL) { @@ -4230,11 +4256,24 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, session->smb2.channel_signing_key = data_blob_talloc(session, channel_key, sizeof(channel_key)); - ZERO_STRUCT(channel_key); if (session->smb2.channel_signing_key.data == NULL) { + ZERO_STRUCT(channel_key); return NT_STATUS_NO_MEMORY; } + if (conn->protocol >= PROTOCOL_SMB2_24) { +#define _STRING_BLOB(x) data_blob_const((const uint8_t *)(x), sizeof(x)) + const DATA_BLOB label = _STRING_BLOB("SMB2AESCMAC"); + const DATA_BLOB context = _STRING_BLOB("SmbSign"); +#undef _STRING_BLOB + + smb2_key_deviration(channel_key, sizeof(channel_key), + label.data, label.length, + context.data, context.length, + session->smb2.channel_signing_key.data); + } + ZERO_STRUCT(channel_key); + status = smb2_signing_check_pdu(session->smb2.channel_signing_key, session->conn->protocol, recv_iov, 3); -- cgit