lib/crypto/gnutls_helpers.h

   1 /*
   2  * Copyright (c) 2019      Andreas Schneider <asn@samba.org>
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU General Public License as published by
   6  * the Free Software Foundation, either version 3 of the License, or
   7  * (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17
  18 #ifndef _GNUTLS_HELPERS_H
  19 #define _GNUTLS_HELPERS_H
  20
  21 #include <gnutls/gnutls.h>
  22
  23 #include "libcli/util/ntstatus.h"
  24 #include "libcli/util/werror.h"
  25
  26 /* Those macros are only available in GnuTLS >= 3.6.4 */
  27 #ifndef GNUTLS_FIPS140_SET_LAX_MODE
  28 #define GNUTLS_FIPS140_SET_LAX_MODE()
  29 #endif
  30
  31 #ifndef GNUTLS_FIPS140_SET_STRICT_MODE
  32 #define GNUTLS_FIPS140_SET_STRICT_MODE()
  33 #endif
  34
  35 #ifdef DOXYGEN
  36 /**
  37  * @brief Convert a gnutls error code to a corresponding NTSTATUS.
  38  *
  39  * @param[in]  gnutls_rc      The GnuTLS return code.
  40  *
  41  * @param[in]  blocked_status The NTSTATUS return code which should be returned
  42  *                            in case the e.g. the cipher might be blocked due
  43  *                            to FIPS mode.
  44  *
  45  * @return A corresponding NTSTATUS code.
  46  */
  47 NTSTATUS gnutls_error_to_ntstatus(int gnutls_rc, NTSTATUS blocked_status);
  48 #else
  49 NTSTATUS _gnutls_error_to_ntstatus(int gnutls_rc,
  50                                    NTSTATUS blocked_status,
  51                                    const char *function,
  52                                    const char *location);
  53 #define gnutls_error_to_ntstatus(gnutls_rc, blocked_status) \
  54         _gnutls_error_to_ntstatus(gnutls_rc,                \
  55                                   blocked_status,           \
  56                                   __FUNCTION__,             \
  57                                   __location__)
  58 #endif
  59
  60 #ifdef DOXYGEN
  61 /**
  62  * @brief Convert a gnutls error code to a corresponding WERROR.
  63  *
  64  * @param[in]  gnutls_rc      The GnuTLS return code.
  65  *
  66  * @param[in]  blocked_werr   The WERROR code which should be returned if e.g
  67  *                            the cipher we want to used it not allowed to be
  68  *                            used because of FIPS mode.
  69  *
  70  * @return A corresponding WERROR code.
  71  */
  72 WERROR gnutls_error_to_werror(int gnutls_rc, WERROR blocked_werr);
  73 #else
  74 WERROR _gnutls_error_to_werror(int gnutls_rc,
  75                                WERROR blocked_werr,
  76                                const char *function,
  77                                const char *location);
  78 #define gnutls_error_to_werror(gnutls_rc, blocked_werr) \
  79         _gnutls_error_to_werror(gnutls_rc,              \
  80                                 blocked_werr,           \
  81                                 __FUNCTION__,           \
  82                                 __location__)
  83 #endif
  84
  85 enum samba_gnutls_direction { SAMBA_GNUTLS_ENCRYPT, SAMBA_GNUTLS_DECRYPT };
  86
  87 /**
  88  * @brief Encrypt or decrypt a data blob using RC4 with a key and salt.
  89  *
  90  * One of the key input should be a session key and the other a confounder
  91  * (aka salt). Which one depends on the implementation details of the
  92  * protocol.
  93  *
  94  * @param[in]  key_input1 Either a session_key or a confounder.
  95  *
  96  * @param[in]  key_input2 Either a session_key or a confounder.
  97  *
  98  * @param[in]  data       The data blob to either encrypt or decrypt. The data
  99  *                        will be encrypted or decrypted in place.
 100  *
 101  * @param[in]  encrypt    The encryption direction.
 102  *
 103  * @return A gnutls error code.
 104  */
 105 int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
 106                                         const DATA_BLOB *key_input2,
 107                                         DATA_BLOB *data,
 108                                         enum samba_gnutls_direction encrypt);
 109
 110 /**
 111  * @brief Encrypted a secret plaintext using AEAD_AES_256_CBC_HMAC_SHA512 and
 112  * the session key.
 113  *
 114  * This encrypts a secret plaintext using AEAD_AES_256_CBC_HMAC_SHA512 with a
 115  * key (can be the session key or PBKDF2 password). This is used in SAMR and
 116  * LSA.
 117  *
 118  * @param mem_ctx       The memory context to allocate the cipher text pointer.
 119  *
 120  * @param plaintext     The secret to encrypt
 121  *
 122  * @param cek           The content encryption key to encrypt the secret.
 123  *
 124  * @param key_salt      The salt used to calculate the encryption key.
 125  *
 126  * @param key_salt      The salt used to calculate the mac key.
 127
 128  * @param iv            The initialization vector used for the encryption.
 129  *
 130  * @param pciphertext   A pointer to store the cipher text.
 131  *
 132  * @param pauth_tag[64] An array to store the auth tag.
 133  *
 134  * @return NT_STATUS_OK on success, an nt status error code otherwise.
 135  */
 136 NTSTATUS
 137 samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx,
 138                                                   const DATA_BLOB *plaintext,
 139                                                   const DATA_BLOB *cek,
 140                                                   const DATA_BLOB *key_salt,
 141                                                   const DATA_BLOB *mac_salt,
 142                                                   const DATA_BLOB *iv,
 143                                                   DATA_BLOB *pciphertext,
 144                                                   uint8_t pauth_tag[64]);
 145
 146 /**
 147  * @brief Decypt cipher text using AEAD_AES_256_CBC_HMAC_SHA512 and the session
 148  * key.
 149  *
 150  * This decrypts the cipher text using AEAD_AES_256_CBC_HMAC_SHA512 with the
 151  * given content decryption key key. The plaintext will be zeroed as soon as the
 152  * data blob is freed.
 153  *
 154  * @param mem_ctx       The memory context to allocate the plaintext on.
 155  *
 156  * @param ciphertext    The cipher text to decrypt.
 157  *
 158  * @param cdk           The content decryption key.
 159  *
 160  * @param key_salt      The salt used to calculate the encryption key.
 161  *
 162  * @param key_salt      The salt used to calculate the mac key.
 163
 164  * @param iv            The initialization vector used for the encryption.
 165  *
 166  * @param auth_tag[64]  The authentication blob to be verified.
 167  *
 168  * @param pplaintext    A pointer to a DATA_BLOB to store the plaintext.
 169  *
 170  * @return NT_STATUS_OK on success, an nt status error code otherwise.
 171  */
 172 NTSTATUS
 173 samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
 174                                                   const DATA_BLOB *ciphertext,
 175                                                   const DATA_BLOB *cdk,
 176                                                   const DATA_BLOB *key_salt,
 177                                                   const DATA_BLOB *mac_salt,
 178                                                   const DATA_BLOB *iv,
 179                                                   const uint8_t auth_tag[64],
 180                                                   DATA_BLOB *pplaintext);
 181
 182 /**
 183  * @brief Check if weak crypto is allowed.
 184  *
 185  * @return true if weak crypo is allowed, false otherwise.
 186  */
 187 bool samba_gnutls_weak_crypto_allowed(void);
 188
 189 #endif /* _GNUTLS_HELPERS_H */