libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()

This abstracts the usage of crypto functions instead of directly calling
des_crypt112().

metze

Signed-off-by: Günther Deschner <gd@samba.org>

1 files changed, 21 insertions, 10 deletions

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index e268b9ddff..87d1866ca4 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -25,6 +25,13 @@
 #include "../lib/crypto/crypto.h"
 #include "libcli/auth/libcli_auth.h"
 
+static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
+				      const struct netr_Credential *in,
+				      struct netr_Credential *out)
+{
+	des_crypt112(out->data, in->data, creds->session_key, 1);
+}
+
 /*
   initialise the credentials state for old-style 64 bit session keys
 
@@ -47,11 +54,6 @@ static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *cre
 	ZERO_STRUCT(creds->session_key);
 
 	des_crypt128(creds->session_key, sum2, machine_password->hash);
-
-	des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
-	des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
-
-	creds->seed = creds->client;
 }
 
 /*
@@ -80,14 +82,19 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
 	MD5Final(tmp, &md5);
 	hmac_md5_update(tmp, sizeof(tmp), &ctx);
 	hmac_md5_final(creds->session_key, &ctx);
+}
 
-	des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
-	des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
+static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
+				      const struct netr_Credential *client_challenge,
+				      const struct netr_Credential *server_challenge)
+{
+	netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
+
+	netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
 
 	creds->seed = creds->client;
 }
 
-
 /*
   step the credentials to the next element in the chain, updating the
   current client and server credentials and the seed
@@ -104,7 +111,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
 
 	DEBUG(5,("\tseed+time   %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 
-	des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1);
+	netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
 
 	DEBUG(5,("\tCLIENT      %08x:%08x\n", 
 		 IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -115,7 +122,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
 	DEBUG(5,("\tseed+time+1 %08x:%08x\n", 
 		 IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 
-	des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1);
+	netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
 
 	DEBUG(5,("\tSERVER      %08x:%08x\n", 
 		 IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@@ -225,6 +232,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
 		netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
 	}
 
+	netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
 	dump_data_pw("Session key", creds->session_key, 16);
 	dump_data_pw("Credential ", creds->client.data, 8);
 
@@ -346,6 +355,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 					  machine_password);
 	}
 
+	netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
 	/* And before we leak information about the machine account
 	 * password, check that they got the first go right */
 	if (!netlogon_creds_server_check_internal(creds, credentials_in)) {