libcli: add getters for smb2 {signing,encryption,decryption} keys

Adds:
- smb2cli_session_signing_key()
- smb2cli_session_encryption_key()
- smb2cli_session_decryption_key()

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 3118365871aaf7ab1179828dc34f0664692035dc..2455b6deacd71718d53bd0c52166e82aa87046c2 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5561,6 +5561,85 @@ bool smbXcli_session_is_authenticated(struct smbXcli_session *session)
        return true;
 }
 
+NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session,
+                                    TALLOC_CTX *mem_ctx,
+                                    DATA_BLOB *key)
+{
+       DATA_BLOB *sig = NULL;
+
+       if (session->conn == NULL) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       /*
+        * Use channel signing key if there is one, otherwise fallback
+        * to session.
+        */
+
+       if (session->smb2_channel.signing_key.length != 0) {
+               sig = &session->smb2_channel.signing_key;
+       } else if (session->smb2->signing_key.length != 0) {
+               sig = &session->smb2->signing_key;
+       } else {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       *key = data_blob_dup_talloc(mem_ctx, *sig);
+       if (key->data == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
+NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB *key)
+{
+       if (session->conn == NULL) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       if (session->conn->protocol < PROTOCOL_SMB3_00) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       if (session->smb2->encryption_key.length == 0) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key);
+       if (key->data == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
+NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB *key)
+{
+       if (session->conn == NULL) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       if (session->conn->protocol < PROTOCOL_SMB3_00) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       if (session->smb2->decryption_key.length == 0) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       *key = data_blob_dup_talloc(mem_ctx, session->smb2->decryption_key);
+       if (key->data == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       return NT_STATUS_OK;
+}
+
 NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
                                         TALLOC_CTX *mem_ctx,
                                         DATA_BLOB *key)

diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 42c2519c7ff5dcb0d4bbb3eb08c563c56cbe93c6..a7256490bd12690042a0147684dce2056dfce5eb 100644 (file)
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -468,6 +468,15 @@ struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx,
                                               struct smbXcli_session *src);
 bool smbXcli_session_is_guest(struct smbXcli_session *session);
 bool smbXcli_session_is_authenticated(struct smbXcli_session *session);
+NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session,
+                                    TALLOC_CTX *mem_ctx,
+                                    DATA_BLOB *key);
+NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB *key);
+NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB *key);
 NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
                                         TALLOC_CTX *mem_ctx,
                                         DATA_BLOB *key);