Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 93 insertions, 0 deletions

diff --git a/lib/crypto/gnutls_arcfour_confounded_md5.c b/lib/crypto/gnutls_arcfour_confounded_md5.c
new file mode 100644
index 0000000..b99e611
--- /dev/null
+++ b/lib/crypto/gnutls_arcfour_confounded_md5.c
@@ -0,0 +1,93 @@
+/*
+   Unix SMB/CIFS implementation.
+   Wrapper for gnutls hash and encryption functions
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019
+   Copyright (c) Andreas Schneider <asn@samba.org> 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+ * This (arcfour over data with a key combined from two imputs, one
+ * the key another the confounder), is a common pattern in pre-AES
+ * windows cryptography
+ *
+ * Some protocols put the confounder first, others second so both
+ * parameters are named key_input here.
+ *
+ */
+
+#include "includes.h"
+#include "lib/util/data_blob.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include "gnutls_helpers.h"
+#include "lib/util/memory.h"
+
+int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
+					const DATA_BLOB *key_input2,
+					DATA_BLOB *data,
+					enum samba_gnutls_direction encrypt)
+{
+	int rc;
+	gnutls_hash_hd_t hash_hnd = NULL;
+	uint8_t confounded_key[16];
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t confounded_key_datum = {
+		.data = confounded_key,
+		.size = sizeof(confounded_key),
+	};
+
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		return rc;
+	}
+	rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return rc;
+	}
+	rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return rc;
+	}
+
+	gnutls_hash_deinit(hash_hnd, confounded_key);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&confounded_key_datum,
+				NULL);
+	if (rc < 0) {
+		return rc;
+	}
+
+	if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
+		rc = gnutls_cipher_encrypt(cipher_hnd,
+					   data->data,
+					   data->length);
+	} else {
+		rc = gnutls_cipher_decrypt(cipher_hnd,
+					   data->data,
+					   data->length);
+	}
+	gnutls_cipher_deinit(cipher_hnd);
+	ZERO_ARRAY(confounded_key);
+
+	return rc;
+}