smbdes: convert des_crypt112 to use gnutls

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 1b94a06ebfb5f23813f752d67eef4a3241dc8794..5f65428a1d7e04d91dd8aaacce6616408b392b90 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -38,6 +38,8 @@ static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
                                          struct netr_Credential *out)
 {
        NTSTATUS status;
+       int rc;
+
        if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
                memcpy(out->data, in->data, sizeof(out->data));
 
@@ -48,7 +50,11 @@ static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
                        return status;
                }
        } else {
-               des_crypt112(out->data, in->data, creds->session_key, 1);
+               rc = des_crypt112(out->data, in->data, creds->session_key, SAMBA_GNUTLS_ENCRYPT);
+               if (rc != 0) {
+                       return gnutls_error_to_ntstatus(rc,
+                                                       NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+               }
        }
 
        return NT_STATUS_OK;

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 5e88d7527fdeb3057bfd9a5616a1c2561da5f91f..3994db20a36d36338273b7470eeceb02a358f6bb 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -227,7 +227,8 @@ int E_P16(const uint8_t *p14,uint8_t *p16);
 int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
 int E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
 int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
-void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
+int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14],
+                enum samba_gnutls_direction encrypt);
 void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
 int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,
                  enum samba_gnutls_direction encrypt);

diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
index ec922da47277b5db946fc9974470230ad6b68864..8dc4fc4097ca59e950fb99e94dfd6c4a23f54ec8 100644 (file)
--- a/libcli/auth/smbdes.c
+++ b/libcli/auth/smbdes.c
@@ -418,16 +418,27 @@ int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
 }
 
 /* des encryption with a 112 bit (14 byte) key */
-void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw)
+int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14],
+                enum samba_gnutls_direction encrypt)
 {
        uint8_t buf[8];
-       if (forw) {
-               des_crypt56(buf, in, key, forw);
-               des_crypt56(out, buf, key+7, forw);
-       } else {
-               des_crypt56(buf, in, key+7, forw);
-               des_crypt56(out, buf, key, forw);
+       int ret;
+
+       if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
+               ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
+               if (ret != 0) {
+                       return ret;
+               }
+
+               return des_crypt56_gnutls(out, buf, key+7, SAMBA_GNUTLS_ENCRYPT);
        }
+
+       ret = des_crypt56_gnutls(buf, in, key+7, SAMBA_GNUTLS_DECRYPT);
+       if (ret != 0) {
+               return ret;
+       }
+
+       return des_crypt56_gnutls(out, buf, key, SAMBA_GNUTLS_DECRYPT);
 }
 
 /* des encryption of a 16 byte lump of data with a 112 bit key */

diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index 087afee09dbdb77360d3eb21bd31914b2fa6acf3..68a27adc894cbb3131f7753a0f422d6b616e43a6 100644 (file)
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -386,11 +386,14 @@ static void torture_gnutls_des_crypt112(void **state)
 
        uint8_t crypt[8];
        uint8_t decrypt[8];
+       int rc;
 
-       des_crypt112(crypt, clear, key, 1);
+       rc = des_crypt112(crypt, clear, key, SAMBA_GNUTLS_ENCRYPT);
+       assert_int_equal(rc, 0);
        assert_memory_equal(crypt, crypt_expected, 8);
 
-       des_crypt112(decrypt, crypt, key, 0);
+       rc = des_crypt112(decrypt, crypt, key, SAMBA_GNUTLS_DECRYPT);
+       assert_int_equal(rc, 0);
        assert_memory_equal(decrypt, clear, 8);
 }