2 Unix SMB/CIFS implementation.
4 server side dcerpc authentication code - crypto support
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 this provides a crypto interface to the various backends (such as
25 NTLMSSP and SCHANNEL) for the rpc server code
31 startup the cryptographic side of an authenticated dcerpc server
33 NTSTATUS dcesrv_crypto_startup(struct dcesrv_connection *dce_conn,
34 struct dcesrv_auth *auth)
36 struct auth_ntlmssp_state *ntlmssp = NULL;
39 if (auth->auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY &&
40 auth->auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
41 DEBUG(2,("auth_level %d not supported in dcesrv auth\n",
42 auth->auth_info->auth_level));
43 return NT_STATUS_INVALID_PARAMETER;
46 switch (auth->auth_info->auth_type) {
48 case DCERPC_AUTH_TYPE_SCHANNEL:
49 return auth_schannel_start();
52 case DCERPC_AUTH_TYPE_NTLMSSP:
53 status = auth_ntlmssp_start(&ntlmssp);
54 auth->crypto_state = ntlmssp;
58 DEBUG(2,("dcesrv auth_type %d not supported\n", auth->auth_info->auth_type));
59 status = NT_STATUS_INVALID_PARAMETER;
62 DEBUG(4,("dcesrv_crypto_startup: %s\n", nt_errstr(status)));
70 NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth,
71 TALLOC_CTX *out_mem_ctx,
72 const DATA_BLOB in, DATA_BLOB *out)
74 AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
76 return ntlmssp_update(ntlmssp->ntlmssp_state, out_mem_ctx, in, out);
83 NTSTATUS dcesrv_crypto_seal(struct dcesrv_auth *auth,
84 TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig)
86 AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
88 return ntlmssp_seal_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
94 NTSTATUS dcesrv_crypto_sign(struct dcesrv_auth *auth,
95 TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, DATA_BLOB *sig)
97 AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
99 return ntlmssp_sign_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
103 check a packet signature
105 NTSTATUS dcesrv_crypto_check_sig(struct dcesrv_auth *auth,
106 TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, const DATA_BLOB *sig)
108 AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
110 return ntlmssp_check_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
116 NTSTATUS dcesrv_crypto_unseal(struct dcesrv_auth *auth,
117 TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig)
119 AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
121 return ntlmssp_unseal_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);