#include "includes.h"
#include "system/time.h"
-#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "../libcli/security/dom_sid.h"
+#ifndef HAVE_GNUTLS_AES_CFB8
+#include "lib/crypto/aes.h"
+#endif
+
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
*/
void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
{
+#ifdef HAVE_GNUTLS_AES_CFB8
+ gnutls_cipher_hd_t cipher_hnd = NULL;
+ gnutls_datum_t key = {
+ .data = creds->session_key,
+ .size = sizeof(creds->session_key),
+ };
+ uint32_t iv_size =
+ gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);
+ uint8_t _iv[iv_size];
+ gnutls_datum_t iv = {
+ .data = _iv,
+ .size = iv_size,
+ };
+ int rc;
+
+ ZERO_ARRAY(_iv);
+
+ rc = gnutls_cipher_init(&cipher_hnd,
+ GNUTLS_CIPHER_AES_128_CFB8,
+ &key,
+ &iv);
+ if (rc < 0) {
+ DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
+ gnutls_strerror(rc));
+ return;
+ }
+
+ rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
+ gnutls_cipher_deinit(cipher_hnd);
+ if (rc < 0) {
+ DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
+ gnutls_strerror(rc));
+ return;
+ }
+#else /* NOT HAVE_GNUTLS_AES_CFB8 */
AES_KEY key;
uint8_t iv[AES_BLOCK_SIZE] = {0};
AES_set_encrypt_key(creds->session_key, 128, &key);
aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
+#endif /* HAVE_GNUTLS_AES_CFB8 */
}
/*****************************************************************