From d5ca7ff40f32845afaba4a1fc2a40e093132ea62 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 9 Nov 2018 10:33:44 +0100 Subject: [PATCH] auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num() Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- auth/gensec/schannel.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index ef62d978122..5627c14f821 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -33,7 +33,7 @@ #include "librpc/gen_ndr/dcerpc.h" #include "param/param.h" #include "auth/gensec/gensec_toplevel_proto.h" -#include "lib/crypto/crypto.h" +#include "lib/crypto/aes.h" #include "libds/common/roles.h" #include "lib/crypto/gnutls_helpers.h" @@ -158,7 +158,12 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state, aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT); } else { static const uint8_t zeros[4]; - uint8_t sequence_key[16]; + uint8_t _sequence_key[16]; + gnutls_cipher_hd_t cipher_hnd; + gnutls_datum_t sequence_key = { + .data = _sequence_key, + .size = sizeof(_sequence_key), + }; uint8_t digest1[16]; int rc; @@ -177,16 +182,30 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state, sizeof(digest1), checksum, checksum_length, - sequence_key); + _sequence_key); if (rc < 0) { return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED); } ZERO_ARRAY(digest1); - arcfour_crypt(seq_num, sequence_key, 8); + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &sequence_key, + NULL); + if (rc < 0) { + ZERO_ARRAY(_sequence_key); + return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } - ZERO_ARRAY(sequence_key); + rc = gnutls_cipher_encrypt(cipher_hnd, + seq_num, + 8); + gnutls_cipher_deinit(cipher_hnd); + ZERO_ARRAY(_sequence_key); + if (rc < 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } } state->seq_num++; -- 2.34.1