The branch, v3-6-test has been updated via 710b083 lib/crypto: add aes_cfb8_encrypt() via b41068c s3:librpc: use netsec_outgoing_sig_size() instead of a hardcoded signature size via f72e70f s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature size via b7923a2 libcli/auth: add netsec_outgoing_sig_size() from 07a4db9 talloc: Fix warnings in test code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit 710b083f25db16d6754492cbb7b85ca3a3db841c Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 18 01:04:02 2009 +0200 lib/crypto: add aes_cfb8_encrypt() metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Mon Jan 3 17:32:07 CET 2011 on sn-devel-104 (cherry picked from commit ea5940e7eb099feb693f53bb725fc55f3d5d5ef0) commit b41068c03016dbb618c4b292a4aafe32abd378e9 Author: Stefan Metzmacher <me...@samba.org> Date: Sat Sep 26 02:59:59 2009 +0200 s3:librpc: use netsec_outgoing_sig_size() instead of a hardcoded signature size metze (cherry picked from commit 2d466b41cd20d0162d3fa4cd29a83bbc20d00454) commit f72e70f8fad6ab28a76ac174027ca6a9c464be72 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 29 09:10:27 2009 +0200 s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature size metze (cherry picked from commit cbf6c88aa8ff2ee1e31aed4773cec5266773d213) commit b7923a2d922e5141c472a2235107204f1c86d4ce Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 29 09:00:57 2009 +0200 libcli/auth: add netsec_outgoing_sig_size() The size of the signature blob depends on the used algorithm. metze (cherry picked from commit e22c4c5632e4172c2056cec07c842a69f24e068a) ----------------------------------------------------------------------- Summary of changes: lib/crypto/aes.c | 22 ++++++++++++++++++++++ lib/crypto/aes.h | 4 ++++ libcli/auth/schannel_proto.h | 1 + libcli/auth/schannel_sign.c | 14 ++++++++++++++ source3/librpc/rpc/dcerpc_helpers.c | 5 ++++- source4/auth/gensec/schannel.c | 7 ++++++- 6 files changed, 51 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c index 7735e8f..a47a456 100644 --- a/lib/crypto/aes.c +++ b/lib/crypto/aes.c @@ -112,3 +112,25 @@ AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } } + +void aes_cfb8_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const AES_KEY *key, + uint8_t *iv, int forward) +{ + size_t i; + + for (i=0; i < length; i++) { + uint8_t tiv[AES_BLOCK_SIZE*2]; + + memcpy(tiv, iv, AES_BLOCK_SIZE); + AES_encrypt(iv, iv, key); + if (!forward) { + tiv[AES_BLOCK_SIZE] = in[i]; + } + out[i] = in[i] ^ iv[0]; + if (forward) { + tiv[AES_BLOCK_SIZE] = out[i]; + } + memcpy(iv, tiv+1, AES_BLOCK_SIZE); + } +} diff --git a/lib/crypto/aes.h b/lib/crypto/aes.h index e74d345..a2b6c07 100644 --- a/lib/crypto/aes.h +++ b/lib/crypto/aes.h @@ -72,6 +72,10 @@ void AES_cbc_encrypt(const unsigned char *, unsigned char *, const unsigned long, const AES_KEY *, unsigned char *, int); +void aes_cfb8_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const AES_KEY *key, + uint8_t *iv, int forward); + #ifdef __cplusplus } #endif diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h index a85a6db..e454c3d 100644 --- a/libcli/auth/schannel_proto.h +++ b/libcli/auth/schannel_proto.h @@ -33,6 +33,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, bool do_unseal, uint8_t *data, size_t length, const DATA_BLOB *sig); +uint32_t netsec_outgoing_sig_size(struct schannel_state *state); NTSTATUS netsec_outgoing_packet(struct schannel_state *state, TALLOC_CTX *mem_ctx, bool do_seal, diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index 0672f67..eb605f4 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -204,6 +204,20 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, return NT_STATUS_OK; } +uint32_t netsec_outgoing_sig_size(struct schannel_state *state) +{ + uint32_t sig_size = 0; + + netsec_offset_and_sizes(state, + true, + NULL, + &sig_size, + NULL, + NULL); + + return sig_size; +} + NTSTATUS netsec_outgoing_packet(struct schannel_state *state, TALLOC_CTX *mem_ctx, bool do_seal, diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index a94f6c8..f45ee94 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -266,6 +266,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, { size_t max_len; size_t mod_len; + struct schannel_state *schannel_auth; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; enum spnego_mech auth_type; @@ -336,7 +337,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, break; case DCERPC_AUTH_TYPE_SCHANNEL: - *auth_len = NL_AUTH_SIGNATURE_SIZE; + schannel_auth = talloc_get_type_abort(auth->auth_ctx, + struct schannel_state); + *auth_len = netsec_outgoing_sig_size(schannel_auth); break; case DCERPC_AUTH_TYPE_KRB5: diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 56e8855..45e5954 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -32,7 +32,12 @@ static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size) { - return 32; + struct schannel_state *state = (struct schannel_state *)gensec_security->private_data; + uint32_t sig_size; + + sig_size = netsec_outgoing_sig_size(state); + + return sig_size; } static NTSTATUS schannel_session_key(struct gensec_security *gensec_security, -- Samba Shared Repository