/src/samba/lib/crypto/gnutls_arcfour_confounded_md5.c

Source
/*
   Unix SMB/CIFS implementation.
   Wrapper for gnutls hash and encryption functions

   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019
   Copyright (c) Andreas Schneider <asn@samba.org> 2019

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

/*
 * This (arcfour over data with a key combined from two inputs, one
 * the key another the confounder), is a common pattern in pre-AES
 * windows cryptography
 *
 * Some protocols put the confounder first, others second so both
 * parameters are named key_input here.
 *
 */

#include "includes.h"
#include "lib/util/data_blob.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include "gnutls_helpers.h"
#include "lib/util/memory.h"

int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
          const DATA_BLOB *key_input2,
          DATA_BLOB *data,
          enum samba_gnutls_direction encrypt)
{
  int rc;
  gnutls_hash_hd_t hash_hnd = NULL;
  uint8_t confounded_key[16];
  gnutls_cipher_hd_t cipher_hnd = NULL;
  gnutls_datum_t confounded_key_datum = {
    .data = confounded_key,
    .size = sizeof(confounded_key),
  };

  rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
  if (rc < 0) {
    return rc;
  }
  rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length);
  if (rc < 0) {
    gnutls_hash_deinit(hash_hnd, NULL);
    return rc;
  }
  rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length);
  if (rc < 0) {
    gnutls_hash_deinit(hash_hnd, NULL);
    return rc;
  }

  gnutls_hash_deinit(hash_hnd, confounded_key);

  rc = gnutls_cipher_init(&cipher_hnd,
        GNUTLS_CIPHER_ARCFOUR_128,
        &confounded_key_datum,
        NULL);
  if (rc < 0) {
    return rc;
  }

  if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
    rc = gnutls_cipher_encrypt(cipher_hnd,
             data->data,
             data->length);
  } else {
    rc = gnutls_cipher_decrypt(cipher_hnd,
             data->data,
             data->length);
  }
  gnutls_cipher_deinit(cipher_hnd);
  ZERO_ARRAY(confounded_key);

  return rc;
}

Line	Count	Source
1		/*
2		Unix SMB/CIFS implementation.
3		Wrapper for gnutls hash and encryption functions
4
5		Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
6		Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2019
7		Copyright (c) Andreas Schneider <asn@samba.org> 2019
8
9		This program is free software; you can redistribute it and/or modify
10		it under the terms of the GNU General Public License as published by
11		the Free Software Foundation; either version 3 of the License, or
12		(at your option) any later version.
13
14		This program is distributed in the hope that it will be useful,
15		but WITHOUT ANY WARRANTY; without even the implied warranty of
16		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		GNU General Public License for more details.
18
19		You should have received a copy of the GNU General Public License
20		along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22		*/
23
24		/*
25		* This (arcfour over data with a key combined from two inputs, one
26		* the key another the confounder), is a common pattern in pre-AES
27		* windows cryptography
28		*
29		* Some protocols put the confounder first, others second so both
30		* parameters are named key_input here.
31		*
32		*/
33
34		#include "includes.h"
35		#include "lib/util/data_blob.h"
36		#include <gnutls/gnutls.h>
37		#include <gnutls/crypto.h>
38		#include "gnutls_helpers.h"
39		#include "lib/util/memory.h"
40
41		int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
42		const DATA_BLOB *key_input2,
43		DATA_BLOB *data,
44		enum samba_gnutls_direction encrypt)
45	0	{
46	0	int rc;
47	0	gnutls_hash_hd_t hash_hnd = NULL;
48	0	uint8_t confounded_key[16];
49	0	gnutls_cipher_hd_t cipher_hnd = NULL;
50	0	gnutls_datum_t confounded_key_datum = {
51	0	.data = confounded_key,
52	0	.size = sizeof(confounded_key),
53	0	};
54
55	0	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
56	0	if (rc < 0) {
57	0	return rc;
58	0	}
59	0	rc = gnutls_hash(hash_hnd, key_input1->data, key_input1->length);
60	0	if (rc < 0) {
61	0	gnutls_hash_deinit(hash_hnd, NULL);
62	0	return rc;
63	0	}
64	0	rc = gnutls_hash(hash_hnd, key_input2->data, key_input2->length);
65	0	if (rc < 0) {
66	0	gnutls_hash_deinit(hash_hnd, NULL);
67	0	return rc;
68	0	}
69
70	0	gnutls_hash_deinit(hash_hnd, confounded_key);
71
72	0	rc = gnutls_cipher_init(&cipher_hnd,
73	0	GNUTLS_CIPHER_ARCFOUR_128,
74	0	&confounded_key_datum,
75	0	NULL);
76	0	if (rc < 0) {
77	0	return rc;
78	0	}
79
80	0	if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
81	0	rc = gnutls_cipher_encrypt(cipher_hnd,
82	0	data->data,
83	0	data->length);
84	0	} else {
85	0	rc = gnutls_cipher_decrypt(cipher_hnd,
86	0	data->data,
87	0	data->length);
88	0	}
89	0	gnutls_cipher_deinit(cipher_hnd);
90	0	ZERO_ARRAY(confounded_key);
91
92	0	return rc;
93	0	}

Coverage Report

Created: 2025-11-16 06:57