samba.git/lib/crypto, branch ldb-1.2.3 Unnamed repository; edit this file 'description' to name the repository. lib: crypto: Add the ability to select Intel AESNI instruction set at configure time. 2017-09-10T23:18:19+00:00 Jeremy Allison jra@samba.org 2017-09-06T18:59:44+00:00 a1aa3f49bf348e2c9bbfd23a04b973b2b1e03c6b Add --accel-aes=[none|intelaesni] to select. Default is none. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14) 
Add --accel-aes=[none|intelaesni] to select.
Default is none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14)
lib: crypto: Plumb in the Intel AES instructions. 2017-09-10T23:18:19+00:00 Jeremy Allison jra@samba.org 2017-09-06T18:40:02+00:00 9d193a942fdbcab135e40d06422eab640d33d00b Causes: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() to probe for the Intel AES instructions at runtime (only once) and then call the hardware implementations if so, otherwise fall back to the software implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23) 
Causes:

AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()

to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard <jmaggard@netgear.com>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23)
lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions. 2017-09-10T23:18:19+00:00 Jeremy Allison jra@samba.org 2017-08-31T18:41:32+00:00 8e2afc83b012bf1caa662a03c4cff28d9f0259a6 Rename the old struct aes_key as an intermediate struct aes_key_rj and wrap it in a union so we can chose an alternate aes_key struct when using Intel AES hardware. Rename the original software implementations of: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() by adding an _rj on the end, and call them via a wrapper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba) 
Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.

Rename the original software implementations of:

 AES_set_encrypt_key()
 AES_set_decrypt_key()
 AES_encrypt()
 AES_decrypt()

by adding an _rj on the end, and call them via a wrapper
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard <jmaggard@netgear.com>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba)
lib/crypto: implement samba.crypto Python module for RC4 2017-03-15T00:30:24+00:00 Alexander Bokovoy ab@samba.org 2017-03-10T14:20:06+00:00 bbeef554f2c15e739f6095fcb57d9ef6646b411c Implement a small Python module that exposes arcfour_crypt_blob() function widely used in Samba C code. When Samba Python bindings are used to call LSA CreateTrustedDomainEx2, there is a need to encrypt trusted credentials with RC4 cipher. Current Samba Python code relies on Python runtime to provide RC4 cipher. However, in FIPS 140-2 mode system crypto libraries do not provide access RC4 cipher at all. According to Microsoft dochelp team, Windows is treating AuthenticationInformation blob encryption as 'plain text' in terms of FIPS 140-2, thus doing application-level encryption. Replace samba.arcfour_encrypt() implementation with a call to samba.crypto.arcfour_crypt_blob(). Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144 
Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.

When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.

Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.

Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
lib: Fix some whitespace 2016-05-16T17:52:22+00:00 Volker Lendecke vl@samba.org 2016-05-01T15:30:11+00:00 c4504bd7e344773f5d1b8cb16c398e43de3d2390 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib: Fix a signed/unsigned mixup 2016-05-16T17:52:22+00:00 Volker Lendecke vl@samba.org 2016-05-01T15:28:56+00:00 8c332f46e4efc93e2b3aa810eff6b4e5778bb156 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
vfs: Remove smb_traffic_analyzer 2015-11-10T23:23:35+00:00 Volker Lendecke vl@samba.org 2015-11-09T09:14:26+00:00 42d5b06d7ab2226598e98ebf3df94723f2f9b093 Holger Hetterich told me in a personal email that he does not have time to care about this project anymore and that he is fine to remove it from Samba. Why the removal? It contains homegrown crypto that would need to be thoroughly audited and/or fixed. And if it's neither maintained nor widely used I'd rather have it removed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104 
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.

Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
lib/crypto: make it possible to use only parts of aes.[ch] 2015-08-27T21:23:54+00:00 Stefan Metzmacher metze@samba.org 2015-08-12T10:58:49+00:00 d9166eb2d7880d0717dbf231b02d50c2a331827e This can be used in order to optimize some parts later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104 
This can be used in order to optimize some parts later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
lib/crypto: sync AES_cfb8_encrypt() from heimdal 2015-08-27T18:23:20+00:00 Stefan Metzmacher metze@samba.org 2015-08-12T10:58:49+00:00 aaad9e9618686066ed24fef43cb3872fb9861678 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib/crypto: make use of aes_test.h in aes_gcm_128_test.c 2015-08-27T18:23:20+00:00 Stefan Metzmacher metze@samba.org 2015-08-14T21:45:07+00:00 e9d3379d72f5698d579842d2f1aafa4fd0dde56f BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>