From: Joseph Sutton Date: Wed, 29 Nov 2023 02:46:30 +0000 (+1300) Subject: lib:crypto: Add ‘FixedData’ parameter to samba_gnutls_sp800_108_derive_key() X-Git-Tag: talloc-2.4.2~446 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=017c90e1bac09afb33fbd4b6b87208f27f692820;p=thirdparty%2Fsamba.git lib:crypto: Add ‘FixedData’ parameter to samba_gnutls_sp800_108_derive_key() Our code won’t use this, but NIST’s test vectors are based on handing a fixed buffer to the key derivation function. View with ‘git show -b’. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h index c0b76047a0c..0362d5ee782 100644 --- a/lib/crypto/gnutls_helpers.h +++ b/lib/crypto/gnutls_helpers.h @@ -197,6 +197,11 @@ bool samba_gnutls_weak_crypto_allowed(void); * * @param KI_len The length of the key‐derivation key. * + * @param FixedData If non‐NULL, specifies fixed data to be used in place of + * that constructed from the Label and Context parameters. + * + * @param FixedData_len The length of the fixed data, if it is present. + * * @param Label A label that identifies the purpose for the derived key. * Ignored if FixedData is non‐NULL. * @@ -218,6 +223,8 @@ bool samba_gnutls_weak_crypto_allowed(void); NTSTATUS samba_gnutls_sp800_108_derive_key( const uint8_t *KI, size_t KI_len, + const uint8_t *FixedData, + size_t FixedData_len, const uint8_t *Label, size_t Label_len, const uint8_t *Context, diff --git a/lib/crypto/gnutls_sp800_108.c b/lib/crypto/gnutls_sp800_108.c index 505c0664db3..dc04354d3d2 100644 --- a/lib/crypto/gnutls_sp800_108.c +++ b/lib/crypto/gnutls_sp800_108.c @@ -27,6 +27,8 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part( const gnutls_hmac_hd_t hmac_hnd, + const uint8_t *FixedData, + const size_t FixedData_len, const uint8_t *Label, const size_t Label_len, const uint8_t *Context, @@ -45,26 +47,34 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part( return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED); } - rc = gnutls_hmac(hmac_hnd, Label, Label_len); - if (rc < 0) { - return gnutls_error_to_ntstatus(rc, - NT_STATUS_HMAC_NOT_SUPPORTED); - } - rc = gnutls_hmac(hmac_hnd, &zero, 1); - if (rc < 0) { - return gnutls_error_to_ntstatus(rc, - NT_STATUS_HMAC_NOT_SUPPORTED); - } - rc = gnutls_hmac(hmac_hnd, Context, Context_len); - if (rc < 0) { - return gnutls_error_to_ntstatus(rc, - NT_STATUS_HMAC_NOT_SUPPORTED); - } - RSIVAL(buf, 0, L); - rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf)); - if (rc < 0) { - return gnutls_error_to_ntstatus(rc, - NT_STATUS_HMAC_NOT_SUPPORTED); + if (FixedData != NULL) { + rc = gnutls_hmac(hmac_hnd, FixedData, FixedData_len); + if (rc < 0) { + return gnutls_error_to_ntstatus( + rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } + } else { + rc = gnutls_hmac(hmac_hnd, Label, Label_len); + if (rc < 0) { + return gnutls_error_to_ntstatus( + rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } + rc = gnutls_hmac(hmac_hnd, &zero, 1); + if (rc < 0) { + return gnutls_error_to_ntstatus( + rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } + rc = gnutls_hmac(hmac_hnd, Context, Context_len); + if (rc < 0) { + return gnutls_error_to_ntstatus( + rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } + RSIVAL(buf, 0, L); + rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf)); + if (rc < 0) { + return gnutls_error_to_ntstatus( + rc, NT_STATUS_HMAC_NOT_SUPPORTED); + } } gnutls_hmac_output(hmac_hnd, digest); @@ -87,6 +97,11 @@ static size_t ceiling_div(const size_t a, const size_t b) * * @param KI_len The length of the key‐derivation key. * + * @param FixedData If non‐NULL, specifies fixed data to be used in place of + * that constructed from the Label and Context parameters. + * + * @param FixedData_len The length of the fixed data, if it is present. + * * @param Label A label that identifies the purpose for the derived key. * Ignored if FixedData is non‐NULL. * @@ -108,6 +123,8 @@ static size_t ceiling_div(const size_t a, const size_t b) NTSTATUS samba_gnutls_sp800_108_derive_key( const uint8_t *KI, size_t KI_len, + const uint8_t *FixedData, + size_t FixedData_len, const uint8_t *Label, size_t Label_len, const uint8_t *Context, @@ -164,6 +181,8 @@ NTSTATUS samba_gnutls_sp800_108_derive_key( KO_idx += digest_len, ++i) { status = samba_gnutls_sp800_108_derive_key_part(hmac_hnd, + FixedData, + FixedData_len, Label, Label_len, Context, @@ -180,6 +199,8 @@ NTSTATUS samba_gnutls_sp800_108_derive_key( /* Get the last little bit. */ uint8_t digest[digest_len]; status = samba_gnutls_sp800_108_derive_key_part(hmac_hnd, + FixedData, + FixedData_len, Label, Label_len, Context, diff --git a/lib/crypto/tests/test_gnutls_sp800_108.c b/lib/crypto/tests/test_gnutls_sp800_108.c index fda295938c0..19c5d399a79 100644 --- a/lib/crypto/tests/test_gnutls_sp800_108.c +++ b/lib/crypto/tests/test_gnutls_sp800_108.c @@ -61,6 +61,8 @@ static void test_sp800_108_sha256(void **state) status = samba_gnutls_sp800_108_derive_key(key, sizeof key, + NULL, + 0, label, sizeof label, context, @@ -100,6 +102,8 @@ static void test_sp800_108_sha512(void **state) status = samba_gnutls_sp800_108_derive_key(key, sizeof key, + NULL, + 0, label, sizeof label, context, diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 87337874c40..94ff51f2e93 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -260,6 +260,8 @@ static NTSTATUS smb2_signing_key_create(TALLOC_CTX *mem_ctx, status = samba_gnutls_sp800_108_derive_key(key->blob.data, in_key_length, + NULL, + 0, d->label.data, d->label.length, d->context.data, diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 73b505fc7fd..a52a615857f 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -6672,6 +6672,8 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, status = samba_gnutls_sp800_108_derive_key( channel_key, sizeof(channel_key), + NULL, + 0, d->label.data, d->label.length, d->context.data,