libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index d036fd95918a36953e67e3811eb174e9f8cdb7c2..42c0854c0686cd5d75e29c9b50239f48b8b88f35 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -318,14 +318,30 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
                             const uint8_t *Context, size_t Context_len,
                             uint8_t KO[16])
 {
+       size_t KO_len = 16;
        gnutls_hmac_hd_t hmac_hnd = NULL;
        uint8_t buf[4];
        static const uint8_t zero = 0;
-       uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
+       const size_t digest_len = gnutls_hash_get_len(GNUTLS_MAC_SHA256);
+       uint8_t digest[digest_len];
        uint32_t i = 1;
-       uint32_t L = 128;
+       uint32_t L = KO_len * 8;
        int rc;
 
+       if (KO_len > digest_len) {
+               DBG_ERR("KO_len[%zu] > digest_len[%zu]\n", KO_len, digest_len);
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       switch (KO_len) {
+       case 16:
+       case 32:
+               break;
+       default:
+               DBG_ERR("KO_len[%zu] not supported\n", KO_len);
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
        /*
         * a simplified version of
         * "NIST Special Publication 800-108" section 5.1
@@ -374,7 +390,7 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
 
        gnutls_hmac_deinit(hmac_hnd, digest);
 
-       memcpy(KO, digest, 16);
+       memcpy(KO, digest, KO_len);
 
        ZERO_ARRAY(digest);