summaryrefslogtreecommitdiff
path: root/source4/libcli/util
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-06-03 23:15:16 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:25 -0500
commit8087d844ef59a82617be51f7c887b9bafe362f80 (patch)
treee09e1761bc871b73eeaf5c25109e9d8daf207c1d /source4/libcli/util
parent4309727424a0a27bbf5372789bc8644b96a28ba9 (diff)
downloadsamba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.gz
samba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.bz2
samba-8087d844ef59a82617be51f7c887b9bafe362f80.zip
r995: - renamed many of our crypto routines to use the industry standard
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
Diffstat (limited to 'source4/libcli/util')
-rw-r--r--source4/libcli/util/smbdes.c69
1 files changed, 40 insertions, 29 deletions
diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c
index 967d0ffb82..2492f9a1ba 100644
--- a/source4/libcli/util/smbdes.c
+++ b/source4/libcli/util/smbdes.c
@@ -273,8 +273,10 @@ static void str_to_key(const uint8_t *str,uint8_t *key)
}
}
-
-void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
+/*
+ basic des crypt using a 56 bit (7 byte) key
+*/
+void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw)
{
int i;
char outb[64];
@@ -305,58 +307,67 @@ void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
void E_P16(const uint8_t *p14,uint8_t *p16)
{
const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
- smbhash(p16, sp8, p14, 1);
- smbhash(p16+8, sp8, p14+7, 1);
+ des_crypt56(p16, sp8, p14, 1);
+ des_crypt56(p16+8, sp8, p14+7, 1);
}
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
{
- smbhash(p24, c8, p21, 1);
- smbhash(p24+8, c8, p21+7, 1);
- smbhash(p24+16, c8, p21+14, 1);
+ des_crypt56(p24, c8, p21, 1);
+ des_crypt56(p24+8, c8, p21+7, 1);
+ des_crypt56(p24+16, c8, p21+14, 1);
}
void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out)
{
- smbhash(out, in, p14, 0);
- smbhash(out+8, in+8, p14+7, 0);
+ des_crypt56(out, in, p14, 0);
+ des_crypt56(out+8, in+8, p14+7, 0);
}
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
{
- smbhash(out, in, p14, 1);
- smbhash(out+8, in+8, p14+7, 1);
+ des_crypt56(out, in, p14, 1);
+ des_crypt56(out+8, in+8, p14+7, 1);
}
-void cred_hash1(uint8_t *out, const uint8_t *in, const uint8_t *key)
+/* des encryption with a 128 bit key */
+void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
{
uint8_t buf[8];
-
- smbhash(buf, in, key, 1);
- smbhash(out, buf, key+9, 1);
+ des_crypt56(buf, in, key, 1);
+ des_crypt56(out, buf, key+9, 1);
}
-void cred_hash2(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
+/* des encryption with a 64 bit key */
+void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw)
{
uint8_t buf[8];
uint8_t key2[8];
ZERO_STRUCT(key2);
- smbhash(buf, in, key, forw);
+ des_crypt56(buf, in, key, forw);
key2[0] = key[7];
- smbhash(out, buf, key2, forw);
+ des_crypt56(out, buf, key2, forw);
}
-void cred_hash3(uint8_t *out, uint8_t *in, const uint8_t *key, int forw)
+/* des encryption with a 112 bit (14 byte) key */
+void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw)
{
- uint8_t key2[8];
- ZERO_STRUCT(key2);
- smbhash(out, in, key, forw);
- key2[0] = key[7];
- smbhash(out + 8, in + 8, key2, forw);
+ uint8_t buf[8];
+ des_crypt56(buf, in, key, forw);
+ des_crypt56(out, buf, key+7, forw);
}
+/* des encryption of a 16 byte lump of data with a 112 bit key */
+void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int forw)
+{
+ des_crypt56(out, in, key, forw);
+ des_crypt56(out + 8, in + 8, key+7, forw);
+}
-void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key)
+/*
+ arcfour encryption with a blob key
+*/
+void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
{
uint8_t s_box[256];
uint8_t index_i = 0;
@@ -397,11 +408,11 @@ void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key)
a varient that assumes a 16 byte key. This should be removed
when the last user is gone
*/
-void SamOEMhash(uint8_t *data, const uint8_t keystr[16], int len)
+void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len)
{
DATA_BLOB key = data_blob(keystr, 16);
- SamOEMhashBlob(data, len, &key);
+ arcfour_crypt_blob(data, len, &key);
data_blob_free(&key);
}
@@ -419,6 +430,6 @@ void sam_pwd_hash(uint_t rid, const uint8_t *in, uint8_t *out, int forw)
s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF);
s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF);
- smbhash(out, in, s, forw);
- smbhash(out+8, in+8, s+7, forw);
+ des_crypt56(out, in, s, forw);
+ des_crypt56(out+8, in+8, s+7, forw);
}