NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session)
{
+ NTSTATUS status;
+
if (session->smb1.protected_key) {
/* already protected */
return NT_STATUS_OK;
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- smb_key_derivation(session->smb1.application_key.data,
- session->smb1.application_key.length,
- session->smb1.application_key.data);
+ status = smb_key_derivation(session->smb1.application_key.data,
+ session->smb1.application_key.length,
+ session->smb1.application_key.data);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
session->smb1.protected_key = true;
return si->negotiated;
}
-void smb_key_derivation(const uint8_t *KI, size_t KI_len,
- uint8_t KO[16])
+NTSTATUS smb_key_derivation(const uint8_t *KI,
+ size_t KI_len,
+ uint8_t KO[16])
{
+ int rc;
static const uint8_t SSKeyHash[256] = {
0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
};
/* The callers passing down KI_len of 16 so no need to limit to 64 */
- gnutls_hmac_fast(GNUTLS_MAC_MD5,
- KI,
- KI_len,
- SSKeyHash,
- sizeof(SSKeyHash),
- KO);
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ KI,
+ KI_len,
+ SSKeyHash,
+ sizeof(SSKeyHash),
+ KO);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_HASH_NOT_SUPPORTED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ return NT_STATUS_OK;
}
bool smb_signing_set_negotiated(struct smb_signing_state *si,
bool allowed, bool mandatory);
bool smb_signing_is_negotiated(struct smb_signing_state *si);
-void smb_key_derivation(const uint8_t *KI, size_t KI_len,
- uint8_t KO[16]);
+NTSTATUS smb_key_derivation(const uint8_t *KI,
+ size_t KI_len,
+ uint8_t KO[16]);
#endif /* _SMB_SIGNING_H_ */
}
if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
- smb_key_derivation(x->global->application_key.data,
- x->global->application_key.length,
- x->global->application_key.data);
+ NTSTATUS status;
+
+ status = smb_key_derivation(x->global->application_key.data,
+ x->global->application_key.length,
+ x->global->application_key.data);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("smb_key_derivation failed: %s\n",
+ nt_errstr(status));
+ return;
+ }
optional_support |= SMB_EXTENDED_SIGNATURES;
}