smbdes: convert des_crypt128() to use gnutls

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index d9237f3875ba20889c09ffb912a7aacc2a8685be..1b94a06ebfb5f23813f752d67eef4a3241dc8794 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -66,6 +66,7 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
 {
        uint32_t sum[2];
        uint8_t sum2[8];
+       int rc;
 
        sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
        sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
@@ -75,7 +76,10 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
 
        ZERO_ARRAY(creds->session_key);
 
-       des_crypt128(creds->session_key, sum2, machine_password->hash);
+       rc = des_crypt128(creds->session_key, sum2, machine_password->hash);
+       if (rc != 0) {
+               return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+       }
 
        return NT_STATUS_OK;
 }

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 5209d6766e421e29d0337ea9c5d15016b1b0458c..2ea4eca822a9ea77495060dba1b5fb00f887b86b 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -226,7 +226,7 @@ int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7]
 int E_P16(const uint8_t *p14,uint8_t *p16);
 int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
 void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
 void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
 void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
 int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,

diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
index 4e3499f9d264bbfab47056a2384558788e240fb5..6a4f4d1d42a301320a86a11c6090e78189fb743b 100644 (file)
--- a/libcli/auth/smbdes.c
+++ b/libcli/auth/smbdes.c
@@ -398,11 +398,17 @@ void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
 }
 
 /* des encryption with a 128 bit key */
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
 {
        uint8_t buf[8];
-       des_crypt56(buf, in, key, 1);
-       des_crypt56(out, buf, key+9, 1);
+       int ret;
+
+       ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
+       if (ret != 0) {
+               return ret;
+       }
+
+       return des_crypt56_gnutls(out, buf, key+9, SAMBA_GNUTLS_ENCRYPT);
 }
 
 /* des encryption with a 112 bit (14 byte) key */

diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index 9fafe2a767b722241812d163a5925cd395dd3aed..d9acfb67075cc920302eeef188fac2d689d74e86 100644 (file)
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -362,8 +362,10 @@ static void torture_gnutls_des_crypt128(void **state)
        };
 
        uint8_t crypt[8];
+       int rc;
 
-       des_crypt128(crypt, clear, key);
+       rc = des_crypt128(crypt, clear, key);
+       assert_int_equal(rc, 0);
        assert_memory_equal(crypt, crypt_expected, 8);
 }