git.samba.org - samba.git/commit

author	Alexander Bokovoy <ab@samba.org>
	Fri, 10 Mar 2017 14:20:06 +0000 (16:20 +0200)
committer	Günther Deschner <gd@samba.org>
	Wed, 15 Mar 2017 00:30:24 +0000 (01:30 +0100)
commit	bbeef554f2c15e739f6095fcb57d9ef6646b411c
tree	39261e7d1a680d0c1da6d71f22334d9ea7570b5d	tree
parent	64b20a1d42064854faa697b9e53d695601bba42f	commit \| diff

lib/crypto: implement samba.crypto Python module for RC4

Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.

When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.

Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.

Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144

lib/crypto/py_crypto.c	[new file with mode: 0644]	blob
lib/crypto/wscript_build		diff \| blob \| history
python/samba/__init__.py		diff \| blob \| history