--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Wrapper for gnutls hash and encryption functions
+
+ Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019
+ Copyright (c) Andreas Schneider <asn@samba.org> 2019
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+ * This (arcfour over data with a key combined from two imputs, one
+ * the key another the confounder), is a common pattern in pre-AES
+ * windows cryptography
+ *
+ * Some protocols put the confounder first, others second so both
+ * parameters are named key_input here.
+ *
+ */
+
+#include "includes.h"
+#include "lib/util/data_blob.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include "gnutls_helpers.h"
+#include "arcfour.h"
+#include "lib/util/memory.h"
+
+int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
+ const DATA_BLOB *key_input2,
+ DATA_BLOB *data)
+{
+ int rc;
+ gnutls_hash_hd_t hash_hnd = NULL;
+ uint8_t confounded_key[16];
+ DATA_BLOB confounded_key_as_blob
+ = data_blob_const(confounded_key,
+ sizeof(confounded_key));
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ if (rc < 0) {
+ return rc;
+ }
+ rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return rc;
+ }
+ rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return rc;
+ }
+
+ gnutls_hash_deinit(hash_hnd, confounded_key_as_blob.data);
+
+ arcfour_crypt_blob(data->data, data->length,
+ &confounded_key_as_blob);
+
+ ZERO_ARRAY(confounded_key);
+
+ return 0;
+}