- change generate_challenge() to use md4 instead of des

- move routines about a bit between smbencrypt.c and smbdes.c. Ensure that there is no entry point for normal DES operation - add the following comment: This code is NOT a complete DES implementation. It implements only the minimum necessary for SMB authentication, as used by all SMB products (including every copy of Microsoft Windows95 ever sold) In particular, it can only do a unchained forward DES pass. This means it is not possible to use this code for encryption/decryption of data, instead it is only useful as a "hash" algorithm. There is no entry point into this code that allows normal DES operation. I believe this means that this code does not come under ITAR regulations but this is NOT a legal opinion. If you are concerned about the applicability of ITAR regulations to this code then you should confirm it for yourself (and maybe let me know if you come up with a different answer to the one above) (This used to be commit 35b92e725f351c9a9f2846a6b55f71c234f187c7)
author: Andrew Tridgell <tridge@samba.org> 1997-09-16 04:41:16 +0000
committer: Andrew Tridgell <tridge@samba.org> 1997-09-16 04:41:16 +0000
commit: 57c2578cb2b7e02acc6c04d07adc11a77c40aa9c (patch)
tree: 340729e71e98ad0fe7f3bf6a4b651aaa1286c5e4 /source3/libsmb
parent: 72b02acd7e2c24efcff2faffb2555d70378b01b3 (diff)
download: samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.gz
samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.bz2
samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.zip
2 files changed, 45 insertions, 30 deletions
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 135df7fbb4..1c38612b73 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -1,7 +1,10 @@
 /* 
    Unix SMB/Netbios implementation.
    Version 1.9.
-   a implementation of DES designed for use in the SMB authentication protocol
+
+   a partial implementation of DES designed for use in the 
+   SMB authentication protocol
+
    Copyright (C) Andrew Tridgell 1997
    
    This program is free software; you can redistribute it and/or modify
@@ -20,8 +23,29 @@
 */
 
 
-/* NOTE: This code makes no attempt to be fast! In fact, it is a very
-   slow DES implementation */
+/* NOTES: 
+
+   This code makes no attempt to be fast! In fact, it is a very
+   slow implementation 
+
+   This code is NOT a complete DES implementation. It implements only
+   the minimum necessary for SMB authentication, as used by all SMB
+   products (including every copy of Microsoft Windows95 ever sold)
+
+   In particular, it can only do a unchained forward DES pass. This
+   means it is not possible to use this code for encryption/decryption
+   of data, instead it is only useful as a "hash" algorithm.
+
+   There is no entry point into this code that allows normal DES operation.
+
+   I believe this means that this code does not come under ITAR
+   regulations but this is NOT a legal opinion. If you are concerned
+   about the applicability of ITAR regulations to this code then you
+   should confirm it for yourself (and maybe let me know if you come
+   up with a different answer to the one above)
+*/
+
+
 
 static int perm1[56] = {57, 49, 41, 33, 25, 17,  9,
 			 1, 58, 50, 42, 34, 26, 18,
@@ -154,7 +178,7 @@ static void xor(char *out, char *in1, char *in2, int n)
 		out[i] = in1[i] ^ in2[i];
 }
 
-static void dodes(char *out, char *in, char *key)
+static void dohash(char *out, char *in, char *key)
 {
 	int i, j, k;
 	char pk1[56];
@@ -251,8 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
 }
 
 
-/* this is the entry point to the DES routine. The key is 56 bits (no parity) */
-void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
+static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
 {
 	int i;
 	char outb[64];
@@ -268,7 +291,7 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
 		outb[i] = 0;
 	}
 
-	dodes(outb, inb, keyb);
+	dohash(outb, inb, keyb);
 
 	for (i=0;i<8;i++) {
 		out[i] = 0;
@@ -280,3 +303,18 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
 	}
 }
 
+void E_P16(unsigned char *p14,unsigned char *p16)
+{
+	unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+	smbhash(p16, sp8, p14);
+	smbhash(p16+8, sp8, p14+7);
+}
+
+void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24)
+{
+	smbhash(p24, c8, p21);
+	smbhash(p24+8, c8, p21+7);
+	smbhash(p24+16, c8, p21+14);
+}
+
+
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 2738103692..27172fd413 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -26,29 +26,6 @@ extern int DEBUGLEVEL;
 
 #include "byteorder.h"
 
-void E1(uchar *k, uchar *d, uchar *out)
-{
-	smbdes(out, d, k);
-}
- 
-void E_P16(uchar *p14,uchar *p16)
-{
-	/* the following constant makes us compatible with other
-	   implementations. Note that publishing this constant does not reduce the
-	   security of the encryption mechanism */
-	uchar sp8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
-	E1(p14, sp8, p16);
-	E1(p14+7, sp8, p16+8);
-}
-
-void E_P24(uchar *p21, uchar *c8, uchar *p24)
-{
-	E1(p21, c8, p24);
-	E1(p21+7, c8, p24+8);
-	E1(p21+14, c8, p24+16);
-}
-
-
 /*
    This implements the X/Open SMB password encryption
    It takes a password, a 8 byte "crypt key" and puts 24 bytes of
author	Andrew Tridgell <tridge@samba.org>	1997-09-16 04:41:16 +0000
committer	Andrew Tridgell <tridge@samba.org>	1997-09-16 04:41:16 +0000
commit	57c2578cb2b7e02acc6c04d07adc11a77c40aa9c (patch)
tree	340729e71e98ad0fe7f3bf6a4b651aaa1286c5e4 /source3/libsmb
parent	72b02acd7e2c24efcff2faffb2555d70378b01b3 (diff)
download	samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.gz samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.bz2 samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.zip