Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : Wrapper for gnutls hash and encryption functions 4 : 5 : Copyright (C) Stefan Metzmacher <metze@samba.org> 2007 6 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019 7 : Copyright (c) Andreas Schneider <asn@samba.org> 2019 8 : 9 : This program is free software; you can redistribute it and/or modify 10 : it under the terms of the GNU General Public License as published by 11 : the Free Software Foundation; either version 3 of the License, or 12 : (at your option) any later version. 13 : 14 : This program is distributed in the hope that it will be useful, 15 : but WITHOUT ANY WARRANTY; without even the implied warranty of 16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 : GNU General Public License for more details. 18 : 19 : You should have received a copy of the GNU General Public License 20 : along with this program. If not, see <http://www.gnu.org/licenses/>. 21 : 22 : */ 23 : 24 : /* 25 : * This (arcfour over data with a key combined from two inputs, one 26 : * the key another the confounder), is a common pattern in pre-AES 27 : * windows cryptography 28 : * 29 : * Some protocols put the confounder first, others second so both 30 : * parameters are named key_input here. 31 : * 32 : */ 33 : 34 : #include "includes.h" 35 : #include "lib/util/data_blob.h" 36 : #include <gnutls/gnutls.h> 37 : #include <gnutls/crypto.h> 38 : #include "gnutls_helpers.h" 39 : #include "lib/util/memory.h" 40 : 41 27925 : int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, 42 : const DATA_BLOB *key_input2, 43 : DATA_BLOB *data, 44 : enum samba_gnutls_direction encrypt) 45 : { 46 160 : int rc; 47 27925 : gnutls_hash_hd_t hash_hnd = NULL; 48 160 : uint8_t confounded_key[16]; 49 27925 : gnutls_cipher_hd_t cipher_hnd = NULL; 50 27925 : gnutls_datum_t confounded_key_datum = { 51 : .data = confounded_key, 52 : .size = sizeof(confounded_key), 53 : }; 54 : 55 27925 : rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); 56 27925 : if (rc < 0) { 57 0 : return rc; 58 : } 59 27925 : rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length); 60 27925 : if (rc < 0) { 61 0 : gnutls_hash_deinit(hash_hnd, NULL); 62 0 : return rc; 63 : } 64 27925 : rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length); 65 27925 : if (rc < 0) { 66 0 : gnutls_hash_deinit(hash_hnd, NULL); 67 0 : return rc; 68 : } 69 : 70 27925 : gnutls_hash_deinit(hash_hnd, confounded_key); 71 : 72 27925 : rc = gnutls_cipher_init(&cipher_hnd, 73 : GNUTLS_CIPHER_ARCFOUR_128, 74 : &confounded_key_datum, 75 : NULL); 76 27925 : if (rc < 0) { 77 0 : return rc; 78 : } 79 : 80 27925 : if (encrypt == SAMBA_GNUTLS_ENCRYPT) { 81 15854 : rc = gnutls_cipher_encrypt(cipher_hnd, 82 15854 : data->data, 83 : data->length); 84 : } else { 85 12071 : rc = gnutls_cipher_decrypt(cipher_hnd, 86 12071 : data->data, 87 : data->length); 88 : } 89 27925 : gnutls_cipher_deinit(cipher_hnd); 90 27925 : ZERO_ARRAY(confounded_key); 91 : 92 27925 : return rc; 93 : }