summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-01-08 13:58:42 -0700
committerGünther Deschner <gd@samba.org>2010-03-24 17:34:53 +0100
commita69260642e9a08a1f3eceed2f77d5c246b171765 (patch)
tree1ce542fb5ccac576635463ad07079b62b1b6961f
parent00f99a3df580598442250d38199a457aa8c1b2e7 (diff)
downloadsamba-a69260642e9a08a1f3eceed2f77d5c246b171765.tar.gz
samba-a69260642e9a08a1f3eceed2f77d5c246b171765.tar.bz2
samba-a69260642e9a08a1f3eceed2f77d5c246b171765.zip
s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()
metze Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h4
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c35
2 files changed, 10 insertions, 29 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 9e41d77664..e8035661ce 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -138,8 +138,8 @@ struct ntlmssp_state
struct {
uint32_t send_seq_num;
uint32_t recv_seq_num;
- DATA_BLOB send_sign_key;
- DATA_BLOB recv_sign_key;
+ uint8_t send_sign_key[16];
+ uint8_t recv_sign_key[16];
struct arcfour_state *send_seal_arcfour_state;
struct arcfour_state *recv_seal_arcfour_state;
} ntlm2;
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index f00cbaa017..e487427403 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -40,19 +40,6 @@
*
*/
-static void calc_ntlmv2_key_talloc(TALLOC_CTX *mem_ctx,
- DATA_BLOB *subkey,
- DATA_BLOB session_key,
- const char *constant)
-{
- struct MD5Context ctx3;
- *subkey = data_blob_talloc(mem_ctx, NULL, 16);
- MD5Init(&ctx3);
- MD5Update(&ctx3, session_key.data, session_key.length);
- MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
- MD5Final(subkey->data, &ctx3);
-}
-
static void calc_ntlmv2_key(uint8_t subkey[16],
DATA_BLOB session_key,
const char *constant)
@@ -90,14 +77,12 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
case NTLMSSP_SEND:
SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.send_seq_num);
ntlmssp_state->crypt.ntlm2.send_seq_num++;
- hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key.data,
- ntlmssp_state->crypt.ntlm2.send_sign_key.length, &ctx);
+ hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key, 16, &ctx);
break;
case NTLMSSP_RECEIVE:
SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.recv_seq_num);
ntlmssp_state->crypt.ntlm2.recv_seq_num++;
- hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
- ntlmssp_state->crypt.ntlm2.recv_sign_key.length, &ctx);
+ hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key, 16, &ctx);
break;
}
hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
@@ -427,12 +412,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
weak_session_key.length);
/* SEND: sign key */
- calc_ntlmv2_key_talloc(ntlmssp_state,
- &ntlmssp_state->crypt.ntlm2.send_sign_key,
+ calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.send_sign_key,
ntlmssp_state->session_key, send_sign_const);
dump_data_pw("NTLMSSP send sign key:\n",
- ntlmssp_state->crypt.ntlm2.send_sign_key.data,
- ntlmssp_state->crypt.ntlm2.send_sign_key.length);
+ ntlmssp_state->crypt.ntlm2.send_sign_key, 16);
/* SEND: seal ARCFOUR pad */
calc_ntlmv2_key(send_seal_key,
@@ -450,12 +433,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
ntlmssp_state->crypt.ntlm2.send_seq_num = 0;
/* RECV: sign key */
- calc_ntlmv2_key_talloc(ntlmssp_state,
- &ntlmssp_state->crypt.ntlm2.recv_sign_key,
+ calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.recv_sign_key,
ntlmssp_state->session_key, recv_sign_const);
dump_data_pw("NTLMSSP recv sign key:\n",
- ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
- ntlmssp_state->crypt.ntlm2.recv_sign_key.length);
+ ntlmssp_state->crypt.ntlm2.recv_sign_key, 16);
/* RECV: seal ARCFOUR pad */
calc_ntlmv2_key(recv_seal_key,
@@ -715,7 +696,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
ntlm2_seqnum_r = ntlmssp_state->crypt.ntlm2.recv_seq_num;
ntlm2_state_r = *ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state;
memcpy(ntlm2_key_r,
- ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
+ ntlmssp_state->crypt.ntlm2.recv_sign_key,
16);
} else {
ntlm_seqnum = ntlmssp_state->crypt.ntlm.seq_num;
@@ -737,7 +718,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
ntlmssp_state->crypt.ntlm2.recv_seq_num = ntlm2_seqnum_r;
*ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state = ntlm2_state_r;
- memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
+ memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key,
ntlm2_key_r, 16);
} else {
ntlmssp_state->crypt.ntlm.seq_num = ntlm_seqnum;