struct netr_Credential *out)
{
NTSTATUS status;
+ int rc;
+
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
memcpy(out->data, in->data, sizeof(out->data));
return status;
}
} else {
- des_crypt112(out->data, in->data, creds->session_key, 1);
+ rc = des_crypt112(out->data, in->data, creds->session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
}
return NT_STATUS_OK;
int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
int E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
-void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
+int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14],
+ enum samba_gnutls_direction encrypt);
void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,
enum samba_gnutls_direction encrypt);
}
/* des encryption with a 112 bit (14 byte) key */
-void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw)
+int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14],
+ enum samba_gnutls_direction encrypt)
{
uint8_t buf[8];
- if (forw) {
- des_crypt56(buf, in, key, forw);
- des_crypt56(out, buf, key+7, forw);
- } else {
- des_crypt56(buf, in, key+7, forw);
- des_crypt56(out, buf, key, forw);
+ int ret;
+
+ if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
+ ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return des_crypt56_gnutls(out, buf, key+7, SAMBA_GNUTLS_ENCRYPT);
}
+
+ ret = des_crypt56_gnutls(buf, in, key+7, SAMBA_GNUTLS_DECRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return des_crypt56_gnutls(out, buf, key, SAMBA_GNUTLS_DECRYPT);
}
/* des encryption of a 16 byte lump of data with a 112 bit key */
uint8_t crypt[8];
uint8_t decrypt[8];
+ int rc;
- des_crypt112(crypt, clear, key, 1);
+ rc = des_crypt112(crypt, clear, key, SAMBA_GNUTLS_ENCRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(crypt, crypt_expected, 8);
- des_crypt112(decrypt, crypt, key, 0);
+ rc = des_crypt112(decrypt, crypt, key, SAMBA_GNUTLS_DECRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(decrypt, clear, 8);
}