libcli/smb: add smb2_signing_derivations_fill_const_stack()

This will allow us to have the logic in one place only
in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index e263c29fef505ec941084fd899962499cc2bacb4..6e1b50ba49aa0462a2d9d60ca65c43b119be0de7 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -34,6 +34,62 @@
 
 #include "lib/crypto/gnutls_helpers.h"
 
+void smb2_signing_derivations_fill_const_stack(struct smb2_signing_derivations *ds,
+                                              enum protocol_types protocol,
+                                              const DATA_BLOB preauth_hash)
+{
+       *ds = (struct smb2_signing_derivations) { .signing = NULL, };
+
+       if (protocol >= PROTOCOL_SMB3_10) {
+               struct smb2_signing_derivation *d = NULL;
+
+               SMB_ASSERT(preauth_hash.length != 0);
+
+               d = &ds->__signing;
+               ds->signing = d;
+               d->label = data_blob_string_const_null("SMBSigningKey");
+               d->context = preauth_hash;
+
+               d = &ds->__cipher_c2s;
+               ds->cipher_c2s = d;
+               d->label = data_blob_string_const_null("SMBC2SCipherKey");
+               d->context = preauth_hash;
+
+               d = &ds->__cipher_s2c;
+               ds->cipher_s2c = d;
+               d->label = data_blob_string_const_null("SMBS2CCipherKey");
+               d->context = preauth_hash;
+
+               d = &ds->__application;
+               ds->application = d;
+               d->label = data_blob_string_const_null("SMBAppKey");
+               d->context = preauth_hash;
+
+       } else if (protocol >= PROTOCOL_SMB2_24) {
+               struct smb2_signing_derivation *d = NULL;
+
+               d = &ds->__signing;
+               ds->signing = d;
+               d->label = data_blob_string_const_null("SMB2AESCMAC");
+               d->context = data_blob_string_const_null("SmbSign");
+
+               d = &ds->__cipher_c2s;
+               ds->cipher_c2s = d;
+               d->label = data_blob_string_const_null("SMB2AESCCM");
+               d->context = data_blob_string_const_null("ServerIn ");
+
+               d = &ds->__cipher_s2c;
+               ds->cipher_s2c = d;
+               d->label = data_blob_string_const_null("SMB2AESCCM");
+               d->context = data_blob_string_const_null("ServerOut");
+
+               d = &ds->__application;
+               ds->application = d;
+               d->label = data_blob_string_const_null("SMB2APP");
+               d->context = data_blob_string_const_null("SmbRpc");
+       }
+}
+
 int smb2_signing_key_destructor(struct smb2_signing_key *key)
 {
        if (key->hmac_hnd != NULL) {

diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
index 79989039d50d06bb2ee115a9c8912cc651c20728..0a80467717eabb739513b5efab5914aef8dce238 100644 (file)
--- a/libcli/smb/smb2_signing.h
+++ b/libcli/smb/smb2_signing.h
@@ -23,6 +23,26 @@
 
 struct iovec;
 
+struct smb2_signing_derivation {
+       DATA_BLOB label;
+       DATA_BLOB context;
+};
+
+struct smb2_signing_derivations {
+       struct smb2_signing_derivation __signing;
+       const struct smb2_signing_derivation *signing;
+       struct smb2_signing_derivation __cipher_c2s;
+       const struct smb2_signing_derivation *cipher_c2s;
+       struct smb2_signing_derivation __cipher_s2c;
+       const struct smb2_signing_derivation *cipher_s2c;
+       struct smb2_signing_derivation __application;
+       const struct smb2_signing_derivation *application;
+};
+
+void smb2_signing_derivations_fill_const_stack(struct smb2_signing_derivations *ds,
+                                              enum protocol_types protocol,
+                                              const DATA_BLOB preauth_hash);
+
 struct smb2_signing_key {
        DATA_BLOB blob;
        union {