The branch, master has been updated via 1f4123677e509f4479b87c0a9c20abdc556890b1 (commit) via 9cb205d7535ce1ff811892580e3419c3f562d607 (commit) from f8014d30e7023532dfdfce7469024f20af37a3d3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1f4123677e509f4479b87c0a9c20abdc556890b1 Author: Günther Deschner <g...@samba.org> Date: Sun Sep 13 18:42:45 2009 +0200 s4-schannel: first step of decoupling schannel from gensec. Guenther commit 9cb205d7535ce1ff811892580e3419c3f562d607 Author: Günther Deschner <g...@samba.org> Date: Sun Sep 13 15:21:20 2009 +0200 s4-schannel: strip trailing whitespace. Guenther ----------------------------------------------------------------------- Summary of changes: source4/auth/gensec/schannel.c | 51 ++++++++++++++++++++++-- source4/auth/gensec/schannel_sign.c | 74 ++++++++++++++-------------------- 2 files changed, 78 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 15d6443..90b90fc 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -281,6 +281,49 @@ static bool schannel_have_feature(struct gensec_security *gensec_security, return false; } +static NTSTATUS schannel_seal_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + + return schannel_seal_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_sign_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + + return schannel_sign_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_check_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + + return schannel_check_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_unseal_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + + return schannel_unseal_packet(state, mem_ctx, data, length, sig); +} static const struct gensec_security_ops gensec_schannel_security_ops = { .name = "schannel", @@ -288,10 +331,10 @@ static const struct gensec_security_ops gensec_schannel_security_ops = { .client_start = schannel_client_start, .server_start = schannel_server_start, .update = schannel_update, - .seal_packet = schannel_seal_packet, - .sign_packet = schannel_sign_packet, - .check_packet = schannel_check_packet, - .unseal_packet = schannel_unseal_packet, + .seal_packet = schannel_seal_packet_wrap, + .sign_packet = schannel_sign_packet_wrap, + .check_packet = schannel_check_packet_wrap, + .unseal_packet = schannel_unseal_packet_wrap, .session_key = schannel_session_key, .session_info = schannel_session_info, .sig_size = schannel_sig_size, diff --git a/source4/auth/gensec/schannel_sign.c b/source4/auth/gensec/schannel_sign.c index 17a0c17..ca066b1 100644 --- a/source4/auth/gensec/schannel_sign.c +++ b/source4/auth/gensec/schannel_sign.c @@ -1,21 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. schannel library code Copyright (C) Andrew Tridgell 2004 Copyright (C) Andrew Bartlett <abart...@samba.org> 2005 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -49,11 +49,11 @@ static void netsec_deal_with_seq_num(struct schannel_state *state, /******************************************************************* - Calculate the key with which to encode the data payload + Calculate the key with which to encode the data payload ********************************************************************/ static void netsec_get_sealing_key(const uint8_t session_key[16], const uint8_t seq_num[8], - uint8_t sealing_key[16]) + uint8_t sealing_key[16]) { static const uint8_t zeros[4]; uint8_t digest2[16]; @@ -63,26 +63,26 @@ static void netsec_get_sealing_key(const uint8_t session_key[16], for (i = 0; i < 16; i++) { sess_kf0[i] = session_key[i] ^ 0xf0; } - + hmac_md5(sess_kf0, zeros, 4, digest2); hmac_md5(digest2, seq_num, 8, sealing_key); } /******************************************************************* - Create a digest over the entire packet (including the data), and + Create a digest over the entire packet (including the data), and MD5 it with the session key. ********************************************************************/ static void schannel_digest(const uint8_t sess_key[16], const uint8_t netsec_sig[8], const uint8_t *confounder, const uint8_t *data, size_t data_len, - uint8_t digest_final[16]) + uint8_t digest_final[16]) { uint8_t packet_digest[16]; static const uint8_t zeros[4]; struct MD5Context ctx; - + MD5Init(&ctx); MD5Update(&ctx, zeros, 4); MD5Update(&ctx, netsec_sig, 8); @@ -91,7 +91,7 @@ static void schannel_digest(const uint8_t sess_key[16], } MD5Update(&ctx, data, data_len); MD5Final(packet_digest, &ctx); - + hmac_md5(sess_key, packet_digest, sizeof(packet_digest), digest_final); } @@ -99,14 +99,11 @@ static void schannel_digest(const uint8_t sess_key[16], /* unseal a packet */ -NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, +NTSTATUS schannel_unseal_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, const DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - uint8_t digest_final[16]; uint8_t confounder[8]; uint8_t seq_num[8]; @@ -126,8 +123,8 @@ NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, arcfour_crypt(confounder, sealing_key, 8); arcfour_crypt(data, sealing_key, length); - schannel_digest(state->creds->session_key, - netsec_sig, confounder, + schannel_digest(state->creds->session_key, + netsec_sig, confounder, data, length, digest_final); if (memcmp(digest_final, sig->data+16, 8) != 0) { @@ -150,14 +147,11 @@ NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, /* check the signature on a packet */ -NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, +NTSTATUS schannel_check_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, const DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - uint8_t digest_final[16]; uint8_t seq_num[8]; static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE; @@ -173,8 +167,8 @@ NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, dump_data_pw("seq_num:\n", seq_num, 8); dump_data_pw("sess_key:\n", state->creds->session_key, 16); - schannel_digest(state->creds->session_key, - netsec_sig, NULL, + schannel_digest(state->creds->session_key, + netsec_sig, NULL, data, length, digest_final); netsec_deal_with_seq_num(state, digest_final, seq_num); @@ -198,14 +192,11 @@ NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, /* seal a packet */ -NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, +NTSTATUS schannel_seal_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - uint8_t digest_final[16]; uint8_t confounder[8]; uint8_t seq_num[8]; @@ -217,8 +208,8 @@ NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security, RSIVAL(seq_num, 0, state->seq_num); SIVAL(seq_num, 4, state->initiator?0x80:0); - schannel_digest(state->creds->session_key, - netsec_sig, confounder, + schannel_digest(state->creds->session_key, + netsec_sig, confounder, data, length, digest_final); netsec_get_sealing_key(state->creds->session_key, seq_num, sealing_key); @@ -246,14 +237,11 @@ NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security, /* sign a packet */ -NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, +NTSTATUS schannel_sign_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - uint8_t digest_final[16]; uint8_t seq_num[8]; static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE; @@ -261,8 +249,8 @@ NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security, RSIVAL(seq_num, 0, state->seq_num); SIVAL(seq_num, 4, state->initiator?0x80:0); - schannel_digest(state->creds->session_key, - netsec_sig, NULL, + schannel_digest(state->creds->session_key, + netsec_sig, NULL, data, length, digest_final); netsec_deal_with_seq_num(state, digest_final, seq_num); -- Samba Shared Repository