samba.git/lib/crypto, branch talloc-2.4.0 Unnamed repository; edit this file 'description' to name the repository. lib:crypto: Change error return to SMB_ASSERT() 2022-10-05T04:23:32+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-09-23T04:22:14+00:00 c52f5ee84ba5b8e7c9d2c67151cf3a6b9a7a780b Getting an HMAC too long to fit our array is a programming error. It should always be 64 bytes exactly. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Getting an HMAC too long to fit our array is a programming error. It
should always be 64 bytes exactly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-08-02T02:35:19+00:00 4bb9d85fed8498566bdb87baa71a3147806baafc These functions allow us to perform key derivation and AES256 encryption in Python. They will be used in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
These functions allow us to perform key derivation and AES256 encryption
in Python. They will be used in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-07-13T02:20:59+00:00 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8 This lets us access MD4, which might not be available in hashlib, from Python. This function is used in a following commit for hashing a password to obtain the verifier for a SAMR password change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-07-06T03:36:26+00:00 b27a67af0216811d330d8a4c52390cf4fc04b5fd This lets us access single-DES from Python. This function is used in a following commit for encrypting an NT hash to obtain the verifier for a SAMR password change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Use constant time memory comparison to check HMAC 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-08-02T02:34:55+00:00 121e439e24a9c03ae900ffca1ae1dda8e059008c Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Check for overflow before filling pauth_tag array 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-08-02T02:34:26+00:00 cec59b82f7041a305c228091a84257c28e0818d5 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Zero auth_tag array in encryption test 2022-09-12T23:07:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-08-02T03:19:02+00:00 f9850c776f81d596ffbd2761c85fe7a72d369bae If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the array completely, we may be comparing uninitialised bytes. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Add test for pbkdf2 2022-07-28T11:51:29+00:00 Andreas Schneider asn@samba.org 2022-07-15T07:06:04+00:00 3d6b9ca8520f4eda1c41e496f343bc4ec23bb5a0 This is just that we use the right parameters for gnutls_pbkdf2() and reach the values from Windows. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
This is just that we use the right parameters for gnutls_pbkdf2() and
reach the values from Windows.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() 2022-07-28T11:51:28+00:00 Andreas Schneider asn@samba.org 2021-08-17T09:19:01+00:00 0813ea5bf86b9aead6c3529b356744241cff770b Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() 2022-07-28T11:51:28+00:00 Andreas Schneider asn@samba.org 2021-08-16T15:14:19+00:00 0d059e4425587a196332477ed4e75293ced47296 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>