auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num()

author Andreas Schneider <asn@samba.org>

Fri, 9 Nov 2018 09:33:44 +0000 (10:33 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 27 Jun 2019 12:54:23 +0000 (12:54 +0000)
author Andreas Schneider <asn@samba.org>
Fri, 9 Nov 2018 09:33:44 +0000 (10:33 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 27 Jun 2019 12:54:23 +0000 (12:54 +0000)
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c

index ef62d9781226371f2febfe635766234da4a47dda..5627c14f821e1d3d6d7b3d955bec25d6656cbd29 100644 (file)
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -33,7 +33,7 @@
  #include "librpc/gen_ndr/dcerpc.h"
  #include "param/param.h"
  #include "auth/gensec/gensec_toplevel_proto.h"
-#include "lib/crypto/crypto.h"
+#include "lib/crypto/aes.h"
  #include "libds/common/roles.h"
  
  #include "lib/crypto/gnutls_helpers.h"
@@ -158,7 +158,12 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
                 aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT);
         } else {
                 static const uint8_t zeros[4];
-               uint8_t sequence_key[16];
+               uint8_t _sequence_key[16];
+               gnutls_cipher_hd_t cipher_hnd;
+               gnutls_datum_t sequence_key = {
+                       .data = _sequence_key,
+                       .size = sizeof(_sequence_key),
+               };
                 uint8_t digest1[16];
                 int rc;
  
@@ -177,16 +182,30 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
                                       sizeof(digest1),
                                       checksum,
                                       checksum_length,
-                                     sequence_key);
+                                     _sequence_key);
                 if (rc < 0) {
                         return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
                 }
  
                 ZERO_ARRAY(digest1);
  
-               arcfour_crypt(seq_num, sequence_key, 8);
+               rc = gnutls_cipher_init(&cipher_hnd,
+                                       GNUTLS_CIPHER_ARCFOUR_128,
+                                       &sequence_key,
+                                       NULL);
+               if (rc < 0) {
+                       ZERO_ARRAY(_sequence_key);
+                       return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+               }
  
-               ZERO_ARRAY(sequence_key);
+               rc = gnutls_cipher_encrypt(cipher_hnd,
+                                          seq_num,
+                                          8);
+               gnutls_cipher_deinit(cipher_hnd);
+               ZERO_ARRAY(_sequence_key);
+               if (rc < 0) {
+                       return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+               }
         }
  
         state->seq_num++;
author	Andreas Schneider <asn@samba.org>
	Fri, 9 Nov 2018 09:33:44 +0000 (10:33 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 27 Jun 2019 12:54:23 +0000 (12:54 +0000)