[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Mon Jan 3 09:33:01 MST 2011
The branch, master has been updated
via ea5940e lib/crypto: add aes_cfb8_encrypt()
via 2d466b4 s3:librpc: use netsec_outgoing_sig_size() instead of a hardcoded signature size
via cbf6c88 s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature size
via e22c4c5 libcli/auth: add netsec_outgoing_sig_size()
from 3f9157a s4:dynconfig: Add prototypes to match dynconfig.c
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ea5940e7eb099feb693f53bb725fc55f3d5d5ef0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 18 01:04:02 2009 +0200
lib/crypto: add aes_cfb8_encrypt()
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Mon Jan 3 17:32:07 CET 2011 on sn-devel-104
commit 2d466b41cd20d0162d3fa4cd29a83bbc20d00454
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 26 02:59:59 2009 +0200
s3:librpc: use netsec_outgoing_sig_size() instead of a hardcoded signature
size
metze
commit cbf6c88aa8ff2ee1e31aed4773cec5266773d213
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 29 09:10:27 2009 +0200
s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature size
metze
commit e22c4c5632e4172c2056cec07c842a69f24e068a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 29 09:00:57 2009 +0200
libcli/auth: add netsec_outgoing_sig_size()
The size of the signature blob depends on the used
algorithm.
metze
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/aes.c | 22 ++++++++++++++++++++++
lib/crypto/aes.h | 4 ++++
libcli/auth/schannel_proto.h | 1 +
libcli/auth/schannel_sign.c | 14 ++++++++++++++
source3/librpc/rpc/dcerpc_helpers.c | 5 ++++-
source4/auth/gensec/schannel.c | 7 ++++++-
6 files changed, 51 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index 7735e8f..a47a456 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -112,3 +112,25 @@ AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
+
+void aes_cfb8_encrypt(const uint8_t *in, uint8_t *out,
+ size_t length, const AES_KEY *key,
+ uint8_t *iv, int forward)
+{
+ size_t i;
+
+ for (i=0; i < length; i++) {
+ uint8_t tiv[AES_BLOCK_SIZE*2];
+
+ memcpy(tiv, iv, AES_BLOCK_SIZE);
+ AES_encrypt(iv, iv, key);
+ if (!forward) {
+ tiv[AES_BLOCK_SIZE] = in[i];
+ }
+ out[i] = in[i] ^ iv[0];
+ if (forward) {
+ tiv[AES_BLOCK_SIZE] = out[i];
+ }
+ memcpy(iv, tiv+1, AES_BLOCK_SIZE);
+ }
+}
diff --git a/lib/crypto/aes.h b/lib/crypto/aes.h
index e74d345..a2b6c07 100644
--- a/lib/crypto/aes.h
+++ b/lib/crypto/aes.h
@@ -72,6 +72,10 @@ void AES_cbc_encrypt(const unsigned char *, unsigned char *,
const unsigned long, const AES_KEY *,
unsigned char *, int);
+void aes_cfb8_encrypt(const uint8_t *in, uint8_t *out,
+ size_t length, const AES_KEY *key,
+ uint8_t *iv, int forward);
+
#ifdef __cplusplus
}
#endif
diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h
index a85a6db..e454c3d 100644
--- a/libcli/auth/schannel_proto.h
+++ b/libcli/auth/schannel_proto.h
@@ -33,6 +33,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state,
bool do_unseal,
uint8_t *data, size_t length,
const DATA_BLOB *sig);
+uint32_t netsec_outgoing_sig_size(struct schannel_state *state);
NTSTATUS netsec_outgoing_packet(struct schannel_state *state,
TALLOC_CTX *mem_ctx,
bool do_seal,
diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
index 0672f67..eb605f4 100644
--- a/libcli/auth/schannel_sign.c
+++ b/libcli/auth/schannel_sign.c
@@ -204,6 +204,20 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state,
return NT_STATUS_OK;
}
+uint32_t netsec_outgoing_sig_size(struct schannel_state *state)
+{
+ uint32_t sig_size = 0;
+
+ netsec_offset_and_sizes(state,
+ true,
+ NULL,
+ &sig_size,
+ NULL,
+ NULL);
+
+ return sig_size;
+}
+
NTSTATUS netsec_outgoing_packet(struct schannel_state *state,
TALLOC_CTX *mem_ctx,
bool do_seal,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index a94f6c8..f45ee94 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -266,6 +266,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
{
size_t max_len;
size_t mod_len;
+ struct schannel_state *schannel_auth;
struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx;
enum spnego_mech auth_type;
@@ -336,7 +337,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
break;
case DCERPC_AUTH_TYPE_SCHANNEL:
- *auth_len = NL_AUTH_SIGNATURE_SIZE;
+ schannel_auth = talloc_get_type_abort(auth->auth_ctx,
+ struct schannel_state);
+ *auth_len = netsec_outgoing_sig_size(schannel_auth);
break;
case DCERPC_AUTH_TYPE_KRB5:
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 56e8855..45e5954 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -32,7 +32,12 @@
static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
- return 32;
+ struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
+ uint32_t sig_size;
+
+ sig_size = netsec_outgoing_sig_size(state);
+
+ return sig_size;
}
static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
--
Samba Shared Repository
More information about the samba-cvs
mailing list