diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-06-03 23:15:16 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:25 -0500 |
| commit | 8087d844ef59a82617be51f7c887b9bafe362f80 (patch) | |
| tree | e09e1761bc871b73eeaf5c25109e9d8daf207c1d /source4/libcli/util | |
| parent | 4309727424a0a27bbf5372789bc8644b96a28ba9 (diff) | |
| download | samba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.gz samba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.bz2 samba-8087d844ef59a82617be51f7c887b9bafe362f80.zip | |
r995: - renamed many of our crypto routines to use the industry standard
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
Diffstat (limited to 'source4/libcli/util')
| -rw-r--r-- | source4/libcli/util/smbdes.c | 69 |
1 files changed, 40 insertions, 29 deletions
diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c index 967d0ffb82..2492f9a1ba 100644 --- a/source4/libcli/util/smbdes.c +++ b/source4/libcli/util/smbdes.c @@ -273,8 +273,10 @@ static void str_to_key(const uint8_t *str,uint8_t *key) } } - -void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw) +/* + basic des crypt using a 56 bit (7 byte) key +*/ +void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw) { int i; char outb[64]; @@ -305,58 +307,67 @@ void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw) void E_P16(const uint8_t *p14,uint8_t *p16) { const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; - smbhash(p16, sp8, p14, 1); - smbhash(p16+8, sp8, p14+7, 1); + des_crypt56(p16, sp8, p14, 1); + des_crypt56(p16+8, sp8, p14+7, 1); } void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24) { - smbhash(p24, c8, p21, 1); - smbhash(p24+8, c8, p21+7, 1); - smbhash(p24+16, c8, p21+14, 1); + des_crypt56(p24, c8, p21, 1); + des_crypt56(p24+8, c8, p21+7, 1); + des_crypt56(p24+16, c8, p21+14, 1); } void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out) { - smbhash(out, in, p14, 0); - smbhash(out+8, in+8, p14+7, 0); + des_crypt56(out, in, p14, 0); + des_crypt56(out+8, in+8, p14+7, 0); } void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out) { - smbhash(out, in, p14, 1); - smbhash(out+8, in+8, p14+7, 1); + des_crypt56(out, in, p14, 1); + des_crypt56(out+8, in+8, p14+7, 1); } -void cred_hash1(uint8_t *out, const uint8_t *in, const uint8_t *key) +/* des encryption with a 128 bit key */ +void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]) { uint8_t buf[8]; - - smbhash(buf, in, key, 1); - smbhash(out, buf, key+9, 1); + des_crypt56(buf, in, key, 1); + des_crypt56(out, buf, key+9, 1); } -void cred_hash2(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw) +/* des encryption with a 64 bit key */ +void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw) { uint8_t buf[8]; uint8_t key2[8]; ZERO_STRUCT(key2); - smbhash(buf, in, key, forw); + des_crypt56(buf, in, key, forw); key2[0] = key[7]; - smbhash(out, buf, key2, forw); + des_crypt56(out, buf, key2, forw); } -void cred_hash3(uint8_t *out, uint8_t *in, const uint8_t *key, int forw) +/* des encryption with a 112 bit (14 byte) key */ +void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw) { - uint8_t key2[8]; - ZERO_STRUCT(key2); - smbhash(out, in, key, forw); - key2[0] = key[7]; - smbhash(out + 8, in + 8, key2, forw); + uint8_t buf[8]; + des_crypt56(buf, in, key, forw); + des_crypt56(out, buf, key+7, forw); } +/* des encryption of a 16 byte lump of data with a 112 bit key */ +void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int forw) +{ + des_crypt56(out, in, key, forw); + des_crypt56(out + 8, in + 8, key+7, forw); +} -void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key) +/* + arcfour encryption with a blob key +*/ +void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) { uint8_t s_box[256]; uint8_t index_i = 0; @@ -397,11 +408,11 @@ void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key) a varient that assumes a 16 byte key. This should be removed when the last user is gone */ -void SamOEMhash(uint8_t *data, const uint8_t keystr[16], int len) +void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len) { DATA_BLOB key = data_blob(keystr, 16); - SamOEMhashBlob(data, len, &key); + arcfour_crypt_blob(data, len, &key); data_blob_free(&key); } @@ -419,6 +430,6 @@ void sam_pwd_hash(uint_t rid, const uint8_t *in, uint8_t *out, int forw) s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF); s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF); - smbhash(out, in, s, forw); - smbhash(out+8, in+8, s+7, forw); + des_crypt56(out, in, s, forw); + des_crypt56(out+8, in+8, s+7, forw); } |