return NT_STATUS_OK;
}
-NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
+NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
enum protocol_types protocol,
const struct iovec *vector,
int count)
return NT_STATUS_OK;
}
- if (signing_key.length == 0) {
+ if (!smb2_signing_key_valid(signing_key)) {
/* we don't have the session key yet */
return NT_STATUS_OK;
}
struct aes_cmac_128_context ctx;
uint8_t key[AES_BLOCK_SIZE] = {0};
- memcpy(key, signing_key.data, MIN(signing_key.length, 16));
+ memcpy(key,
+ signing_key->blob.data,
+ MIN(signing_key->blob.length, 16));
aes_cmac_128_init(&ctx, key);
aes_cmac_128_update(&ctx, hdr, SMB2_HDR_SIGNATURE);
ZERO_ARRAY(key);
} else {
- gnutls_hmac_hd_t hmac_hnd = NULL;
uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
int rc;
- rc = gnutls_hmac_init(&hmac_hnd,
- GNUTLS_MAC_SHA256,
- signing_key.data,
- MIN(signing_key.length, 16));
- if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ if (signing_key->hmac_hnd == NULL) {
+ rc = gnutls_hmac_init(&signing_key->hmac_hnd,
+ GNUTLS_MAC_SHA256,
+ signing_key->blob.data,
+ MIN(signing_key->blob.length, 16));
+ if (rc < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
- rc = gnutls_hmac(hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
+ rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
if (rc < 0) {
- gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
- rc = gnutls_hmac(hmac_hnd, zero_sig, 16);
+ rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
if (rc < 0) {
- gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
for (i = 1; i < count; i++) {
- rc = gnutls_hmac(hmac_hnd,
+ rc = gnutls_hmac(signing_key->hmac_hnd,
vector[i].iov_base,
vector[i].iov_len);
if (rc < 0) {
- gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
}
}
- gnutls_hmac_deinit(hmac_hnd, digest);
+ gnutls_hmac_output(signing_key->hmac_hnd, digest);
memcpy(res, digest, 16);
ZERO_ARRAY(digest);
}
uint16_t credits = SVAL(inhdr, SMB2_HDR_CREDIT);
uint32_t new_credits;
struct smbXcli_session *session = NULL;
- const struct smb2_signing_key *signing_key = NULL;
+ struct smb2_signing_key *signing_key = NULL;
bool was_encrypted = false;
new_credits = conn->smb2.cur_credits;
if (signing_key) {
NTSTATUS signing_status;
- signing_status = smb2_signing_check_pdu(signing_key->blob,
+ signing_status = smb2_signing_check_pdu(signing_key,
state->conn->protocol,
&cur[1], 3);
if (!NT_STATUS_IS_OK(signing_status)) {
}
if (check_signature) {
- status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
}
ZERO_STRUCT(channel_key);
- status = smb2_signing_check_pdu(session->smb2_channel.signing_key->blob,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {