From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- lib/crypto/gnutls_arcfour_confounded_md5.c | 93 ++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 lib/crypto/gnutls_arcfour_confounded_md5.c (limited to 'lib/crypto/gnutls_arcfour_confounded_md5.c') diff --git a/lib/crypto/gnutls_arcfour_confounded_md5.c b/lib/crypto/gnutls_arcfour_confounded_md5.c new file mode 100644 index 0000000..7f1bf94 --- /dev/null +++ b/lib/crypto/gnutls_arcfour_confounded_md5.c @@ -0,0 +1,93 @@ +/* + Unix SMB/CIFS implementation. + Wrapper for gnutls hash and encryption functions + + Copyright (C) Stefan Metzmacher 2007 + Copyright (C) Andrew Bartlett 2009-2019 + Copyright (c) Andreas Schneider 2019 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +/* + * This (arcfour over data with a key combined from two inputs, one + * the key another the confounder), is a common pattern in pre-AES + * windows cryptography + * + * Some protocols put the confounder first, others second so both + * parameters are named key_input here. + * + */ + +#include "includes.h" +#include "lib/util/data_blob.h" +#include +#include +#include "gnutls_helpers.h" +#include "lib/util/memory.h" + +int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1, + const DATA_BLOB *key_input2, + DATA_BLOB *data, + enum samba_gnutls_direction encrypt) +{ + int rc; + gnutls_hash_hd_t hash_hnd = NULL; + uint8_t confounded_key[16]; + gnutls_cipher_hd_t cipher_hnd = NULL; + gnutls_datum_t confounded_key_datum = { + .data = confounded_key, + .size = sizeof(confounded_key), + }; + + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + return rc; + } + rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return rc; + } + rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return rc; + } + + gnutls_hash_deinit(hash_hnd, confounded_key); + + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &confounded_key_datum, + NULL); + if (rc < 0) { + return rc; + } + + if (encrypt == SAMBA_GNUTLS_ENCRYPT) { + rc = gnutls_cipher_encrypt(cipher_hnd, + data->data, + data->length); + } else { + rc = gnutls_cipher_decrypt(cipher_hnd, + data->data, + data->length); + } + gnutls_cipher_deinit(cipher_hnd); + ZERO_ARRAY(confounded_key); + + return rc; +} -- cgit v1.2.3