The road to removing Samba's internal copy of AES (and perhaps DES?)

Alexander Bokovoy ab at samba.org
Wed Oct 2 17:20:15 UTC 2019 

On ma, 02 syys 2019, Andrew Bartlett via samba-technical wrote:
> G'Day,
> 
> I wanted to write to update the list on where we at at with removing
> cryptographic code from Samba.
> 
> We now absolutely rely on GnuTLS 3.4.7 or later, which has allowed use
> to delete a great deal of such duplicate code.
> 
> We do still have AES code, for the AES CFB8 and CMAC functions.
> 
> These could probably be open-coded against raw AES routines from
> GnuTLS, but for now I would rather not go down that route. 
> 
> The operating systems that do not supply that[1], in our CI system are:
>  - CentOS7
>  - Ubuntu 16.04
>  - Ubuntu 18.04
>  - Debian 9
> 
> By April 2020 we should have a new Ubuntu LTS, Debian 10 is already out
> and CentOS8 will be available.  (And we already backport GnuTLS for
> CentOS7 regardless). 
> 
> So I would propose we remove the fallback internal code after Ubuntu
> 20.04 is released, or discuss it earlier if we can get a newer backport
> package for the above.  
> 
> On a related note, I plan to experiment with implementing our DES code
> via GnuTLS using the CBC-DES cipher and an all-zero IV.  That may let
> us remove that code as well, becoming essentially crypto-free and
> therefore honouring FIPS mode correctly in all cases.  Do let me know
> if you happen to experiment in this area so I don't double-up!
If I understood correctly, you are talking about these codepaths:

$ git grep -i SMBEnCrypt\(
libcli/auth/proto.h:bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]);
libcli/auth/smbencrypt.c:bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24])
nsswitch/wbinfo.c:                      ok = SMBencrypt(pass,
source3/auth/auth_util.c:               SMBencrypt( (const char *)plaintext_password.data,
source3/libsmb/cliconnect.c:            SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
source3/rpc_client/cli_netlogon.c:              SMBencrypt(password, chal, local_lm_response);
source3/utils/ntlm_auth_diagnostics.c:  SMBencrypt(opt_password,chall.data,lm_response.data);
source4/libcli/cliconnect.c:            SMBencrypt(password, cli->transport->negotiate.secblob.data, tcon.tconx.in.password.data);
source4/torture/auth/smbencrypt.c:struct torture_suite *torture_smbencrypt(TALLOC_CTX *mem_ctx)
source4/torture/rpc/samlogon.c: lm_good = SMBencrypt(samlogon_state->password, samlogon_state->chall.data, lm_response.data);

But there are other parts where DES is used via libkrb5. They affect
Samba AD deployment, domain join, tests, etc as MIT Kerberos 1.17
removed DES support.

Isaac has created WIP branch
https://gitlab.com/samba-team/devel/samba/commits/iboukris_no_des_mit_118
which passes autobuilds.

I also made COPR repository with DES and S4U fixes to address the
following Fedora bugs:

 - https://bugzilla.redhat.com/show_bug.cgi?id=1757071
 - https://bugzilla.redhat.com/show_bug.cgi?id=1748860

The combined build is available in
https://copr.fedorainfracloud.org/coprs/abbra/samba-nodes-test/ and can
be installed on Fedora 31 for tests after enabling the COPR repo: 

$ dnf copr enable abbra/samba-nodes-test

-- 
/ Alexander Bokovoy

More information about the samba-technical mailing list