summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-30 01:34:01 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:58:24 -0500
commit18bbab726884725ccf2f3264223866194855f320 (patch)
tree91c0ff4344da8762527b56eefe66503d5e1e7392 /source4/libcli/auth
parent63b4975391d97439c37f97dd59ca9138774cea61 (diff)
downloadsamba-18bbab726884725ccf2f3264223866194855f320.tar.gz
samba-18bbab726884725ccf2f3264223866194855f320.tar.bz2
samba-18bbab726884725ccf2f3264223866194855f320.zip
r2099: Get rid of another private ARCFOUR implementation from the codebase.
Andrew Bartlett (This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r--source4/libcli/auth/ntlmssp.h8
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c135
2 files changed, 47 insertions, 96 deletions
diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h
index b7fc914b75..61285e472b 100644
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/libcli/auth/ntlmssp.h
@@ -166,10 +166,10 @@ struct ntlmssp_state
uint32_t ntlmssp_seq_num;
/* ntlmv2 */
- char send_sign_key[16];
- char send_seal_key[16];
- char recv_sign_key[16];
- char recv_seal_key[16];
+ DATA_BLOB send_sign_key;
+ DATA_BLOB send_seal_key;
+ DATA_BLOB recv_sign_key;
+ DATA_BLOB recv_seal_key;
uint8_t send_seal_hash[258];
uint8_t recv_seal_hash[258];
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 6c770b87b9..ca3660eea7 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -27,57 +27,6 @@
#define SRV_SIGN "session key to server-to-client signing key magic constant"
#define SRV_SEAL "session key to server-to-client sealing key magic constant"
-static void NTLMSSPcalc_ap(uint8_t *hash, uint8_t *data, int len)
-{
- uint8_t index_i = hash[256];
- uint8_t index_j = hash[257];
- int ind;
-
- for (ind = 0; ind < len; ind++)
- {
- uint8_t tc;
- uint8_t t;
-
- index_i++;
- index_j += hash[index_i];
-
- tc = hash[index_i];
- hash[index_i] = hash[index_j];
- hash[index_j] = tc;
-
- t = hash[index_i] + hash[index_j];
- data[ind] = data[ind] ^ hash[t];
- }
-
- hash[256] = index_i;
- hash[257] = index_j;
-}
-
-static void calc_hash(uint8_t hash[258], const uint8 *key, size_t key_len)
-{
- uint8_t j = 0;
- int ind;
-
- for (ind = 0; ind < 256; ind++)
- {
- hash[ind] = (uint8_t)ind;
- }
-
- for (ind = 0; ind < 256; ind++)
- {
- uint8_t tc;
-
- j += (hash[ind] + key[ind%key_len]);
-
- tc = hash[ind];
- hash[ind] = hash[j];
- hash[j] = tc;
- }
-
- hash[256] = 0;
- hash[257] = 0;
-}
-
/**
* Some notes on then NTLM2 code:
*
@@ -94,16 +43,17 @@ static void calc_hash(uint8_t hash[258], const uint8 *key, size_t key_len)
*
*/
-static void calc_ntlmv2_key(uint8_t subkey[16],
+static void calc_ntlmv2_key(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *subkey,
DATA_BLOB session_key,
const char *constant)
{
struct MD5Context ctx3;
-
+ *subkey = data_blob_talloc(mem_ctx, NULL, 16);
MD5Init(&ctx3);
MD5Update(&ctx3, session_key.data, session_key.length);
MD5Update(&ctx3, constant, strlen(constant)+1);
- MD5Final(subkey, &ctx3);
+ MD5Final(subkey->data, &ctx3);
}
enum ntlmssp_direction {
@@ -120,31 +70,31 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
HMACMD5Context ctx;
- uint8_t seq_num[4];
uint8_t digest[16];
+ uint8_t seq_num[4];
SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
switch (direction) {
case NTLMSSP_SEND:
- hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key,
- sizeof(ntlmssp_state->send_sign_key), &ctx);
+ hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key.data,
+ ntlmssp_state->send_sign_key.length, &ctx);
break;
case NTLMSSP_RECEIVE:
- hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key,
- sizeof(ntlmssp_state->recv_sign_key), &ctx);
+ hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key.data,
+ ntlmssp_state->recv_sign_key.length, &ctx);
break;
}
- hmac_md5_update(seq_num, 4, &ctx);
+ hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
hmac_md5_update(data, length, &ctx);
hmac_md5_final(digest, &ctx);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
switch (direction) {
case NTLMSSP_SEND:
- NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, digest, 8);
+ arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, digest, 8);
break;
case NTLMSSP_RECEIVE:
- NTLMSSPcalc_ap(ntlmssp_state->recv_seal_hash, digest, 8);
+ arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, digest, 8);
break;
}
}
@@ -160,7 +110,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
return NT_STATUS_NO_MEMORY;
}
- NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
}
dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length);
return NT_STATUS_OK;
@@ -286,8 +236,8 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
uint8_t digest[16];
SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
- hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key,
- sizeof(ntlmssp_state->send_sign_key), &ctx);
+ hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key.data,
+ ntlmssp_state->send_sign_key.length, &ctx);
hmac_md5_update(seq_num, 4, &ctx);
hmac_md5_update(data, length, &ctx);
hmac_md5_final(digest, &ctx);
@@ -296,10 +246,10 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
then seal the sequence number - this is becouse the send_seal_hash is not
constant, but is is rather updated with each iteration */
- NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, data, length);
+ arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
- NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, digest, 8);
+ arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, digest, 8);
}
*sig = data_blob_talloc(sig_mem_ctx, NULL, 16);
@@ -317,9 +267,9 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
then seal the sequence number - this is becouse the ntlmssp_hash is not
constant, but is is rather updated with each iteration */
- NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length);
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length);
- NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
}
dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
dump_data_pw("ntlmssp sealed data\n", data, length);
@@ -347,9 +297,9 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
dump_data_pw("ntlmssp sealed data\n", data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
- NTLMSSPcalc_ap(ntlmssp_state->recv_seal_hash, data, length);
+ arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, data, length);
} else {
- NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length);
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length);
}
dump_data_pw("ntlmssp clear data\n", data, length);
@@ -414,41 +364,43 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
weak_session_key.length);
/* SEND */
- calc_ntlmv2_key(ntlmssp_state->send_sign_key,
+ calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ &ntlmssp_state->send_sign_key,
ntlmssp_state->session_key, send_sign_const);
dump_data_pw("NTLMSSP send sign key:\n",
- ntlmssp_state->send_sign_key,
- sizeof(ntlmssp_state->send_sign_key));
+ ntlmssp_state->send_sign_key.data,
+ ntlmssp_state->send_sign_key.length);
- calc_ntlmv2_key(ntlmssp_state->send_seal_key,
+ calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ &ntlmssp_state->send_seal_key,
weak_session_key, send_seal_const);
dump_data_pw("NTLMSSP send seal key:\n",
- ntlmssp_state->send_seal_key,
- sizeof(ntlmssp_state->send_seal_key));
+ ntlmssp_state->send_seal_key.data,
+ ntlmssp_state->send_seal_key.length);
- calc_hash(ntlmssp_state->send_seal_hash,
- ntlmssp_state->send_seal_key,
- sizeof(ntlmssp_state->send_seal_key));
+ arcfour_init(ntlmssp_state->send_seal_hash,
+ &ntlmssp_state->send_seal_key);
dump_data_pw("NTLMSSP send sesl hash:\n",
ntlmssp_state->send_seal_hash,
sizeof(ntlmssp_state->send_seal_hash));
/* RECV */
- calc_ntlmv2_key(ntlmssp_state->recv_sign_key,
+ calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ &ntlmssp_state->recv_sign_key,
ntlmssp_state->session_key, recv_sign_const);
dump_data_pw("NTLMSSP recv sign key:\n",
- ntlmssp_state->recv_sign_key,
- sizeof(ntlmssp_state->recv_sign_key));
+ ntlmssp_state->recv_sign_key.data,
+ ntlmssp_state->recv_sign_key.length);
- calc_ntlmv2_key(ntlmssp_state->recv_seal_key,
+ calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ &ntlmssp_state->recv_seal_key,
weak_session_key, recv_seal_const);
dump_data_pw("NTLMSSP recv seal key:\n",
- ntlmssp_state->recv_seal_key,
- sizeof(ntlmssp_state->recv_seal_key));
- calc_hash(ntlmssp_state->recv_seal_hash,
- ntlmssp_state->recv_seal_key,
- sizeof(ntlmssp_state->recv_seal_key));
+ ntlmssp_state->recv_seal_key.data,
+ ntlmssp_state->recv_seal_key.length);
+ arcfour_init(ntlmssp_state->recv_seal_hash,
+ &ntlmssp_state->recv_seal_key);
dump_data_pw("NTLMSSP receive seal hash:\n",
ntlmssp_state->recv_seal_hash,
@@ -456,9 +408,8 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
} else {
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
- calc_hash(ntlmssp_state->ntlmssp_hash,
- ntlmssp_state->session_key.data,
- ntlmssp_state->session_key.length);
+ arcfour_init(ntlmssp_state->ntlmssp_hash,
+ &ntlmssp_state->session_key);
dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash,
sizeof(ntlmssp_state->ntlmssp_hash));
}