#include "../lib/crypto/crypto.h"
#include "lib/util/iov_buf.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
enum protocol_types protocol,
struct iovec *vector,
const uint8_t *Context, size_t Context_len,
uint8_t KO[16])
{
- struct HMACSHA256Context ctx;
+ gnutls_hmac_hd_t hmac_hnd = NULL;
uint8_t buf[4];
static const uint8_t zero = 0;
- uint8_t digest[SHA256_DIGEST_LENGTH];
+ uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
uint32_t i = 1;
uint32_t L = 128;
+ int rc;
/*
* a simplified version of
* "NIST Special Publication 800-108" section 5.1
* using hmac-sha256.
*/
- hmac_sha256_init(KI, KI_len, &ctx);
+ rc = gnutls_hmac_init(&hmac_hnd,
+ GNUTLS_MAC_SHA256,
+ KI,
+ KI_len);
+ if (rc != 0) {
+ return;
+ }
RSIVAL(buf, 0, i);
- hmac_sha256_update(buf, sizeof(buf), &ctx);
- hmac_sha256_update(Label, Label_len, &ctx);
- hmac_sha256_update(&zero, 1, &ctx);
- hmac_sha256_update(Context, Context_len, &ctx);
+ rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ return;
+ }
+ rc = gnutls_hmac(hmac_hnd, Label, Label_len);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ return;
+ }
+ rc = gnutls_hmac(hmac_hnd, &zero, 1);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ return;
+ }
+ rc = gnutls_hmac(hmac_hnd, Context, Context_len);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ return;
+ }
RSIVAL(buf, 0, L);
- hmac_sha256_update(buf, sizeof(buf), &ctx);
+ rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ return;
+ }
- hmac_sha256_final(digest, &ctx);
+ gnutls_hmac_deinit(hmac_hnd, digest);
memcpy(KO, digest, 16);
+
+ ZERO_ARRAY(digest);
}
NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,