diff options
-rw-r--r-- | lib/crypto/arcfour.h | 15 | ||||
-rw-r--r-- | lib/crypto/crypto.h | 11 | ||||
-rw-r--r-- | source3/Makefile.in | 4 | ||||
-rw-r--r-- | source3/include/includes.h | 1 | ||||
-rw-r--r-- | source3/include/ntlmssp.h | 6 | ||||
-rw-r--r-- | source3/include/proto.h | 5 | ||||
-rw-r--r-- | source3/lib/arc4.c | 79 | ||||
-rw-r--r-- | source3/lib/genrand.c | 7 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_sign.c | 24 | ||||
-rw-r--r-- | source3/libsmb/smbdes.c | 12 |
10 files changed, 44 insertions, 120 deletions
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h new file mode 100644 index 0000000000..501b3f2fab --- /dev/null +++ b/lib/crypto/arcfour.h @@ -0,0 +1,15 @@ +#ifndef ARCFOUR_HEADER_H +#define ARCFOUR_HEADER_H + +struct arcfour_state { + uint8_t sbox[256]; + uint8_t index_i; + uint8_t index_j; +}; + +void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key); +void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len); +void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key); +void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len); + +#endif /* ARCFOUR_HEADER_H */ diff --git a/lib/crypto/crypto.h b/lib/crypto/crypto.h index 9cb16ad344..0a43cbe7d4 100644 --- a/lib/crypto/crypto.h +++ b/lib/crypto/crypto.h @@ -23,15 +23,6 @@ #include "../lib/crypto/hmacmd5.h" #include "../lib/crypto/sha256.h" #include "../lib/crypto/hmacsha256.h" +#include "../lib/crypto/arcfour.h" -struct arcfour_state { - uint8_t sbox[256]; - uint8_t index_i; - uint8_t index_j; -}; - -void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key); -void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len); -void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key); -void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len); diff --git a/source3/Makefile.in b/source3/Makefile.in index 9e0a1179f3..b8ce0523dd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -328,8 +328,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \ lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \ lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \ lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \ - ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o lib/arc4.o lib/iconv.o \ - lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \ + ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \ + lib/iconv.o lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \ lib/adt_tree.o lib/gencache.o \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \ diff --git a/source3/include/includes.h b/source3/include/includes.h index 79495a7ecf..0417a7e01c 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -687,6 +687,7 @@ typedef char fstring[FSTRING_LEN]; #include "msdfs.h" #include "rap.h" #include "../lib/crypto/md5.h" +#include "../lib/crypto/arcfour.h" #include "../lib/crypto/crc32.h" #include "../lib/crypto/hmacmd5.h" #include "ntlmssp.h" diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 3fb41c5613..b014b2170c 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -157,14 +157,14 @@ typedef struct ntlmssp_state unsigned char recv_sign_key[16]; unsigned char recv_seal_key[16]; - unsigned char send_seal_arc4_state[258]; - unsigned char recv_seal_arc4_state[258]; + struct arcfour_state send_seal_arc4_state; + struct arcfour_state recv_seal_arc4_state; uint32 ntlm2_send_seq_num; uint32 ntlm2_recv_seq_num; /* ntlmv1 */ - unsigned char ntlmv1_arc4_state[258]; + struct arcfour_state ntlmv1_arc4_state; uint32 ntlmv1_seq_num; /* it turns out that we don't always get the diff --git a/source3/include/proto.h b/source3/include/proto.h index b1c4d2e5d9..198248c517 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -312,11 +312,6 @@ int afs_syscall( int subcall, bool afs_settoken_str(const char *token_string); bool afs_settoken_str(const char *token_string); -/* The following definitions come from lib/arc4.c */ - -void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen); -void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len); - /* The following definitions come from lib/audit.c */ const char *audit_category_str(uint32 category); diff --git a/source3/lib/arc4.c b/source3/lib/arc4.c deleted file mode 100644 index af2564b6c0..0000000000 --- a/source3/lib/arc4.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - An implementation of arc4. - - Copyright (C) Jeremy Allison 2005. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/***************************************************************** - Initialize state for an arc4 crypt/decrpyt. - arc4 state is 258 bytes - last 2 bytes are the index bytes. -*****************************************************************/ - -void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen) -{ - size_t ind; - unsigned char j = 0; - - for (ind = 0; ind < 256; ind++) { - arc4_state_out[ind] = (unsigned char)ind; - } - - for( ind = 0; ind < 256; ind++) { - unsigned char tc; - - j += (arc4_state_out[ind] + key[ind%keylen]); - - tc = arc4_state_out[ind]; - arc4_state_out[ind] = arc4_state_out[j]; - arc4_state_out[j] = tc; - } - arc4_state_out[256] = 0; - arc4_state_out[257] = 0; -} - -/***************************************************************** - Do the arc4 crypt/decrpyt. - arc4 state is 258 bytes - last 2 bytes are the index bytes. -*****************************************************************/ - -void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len) -{ - unsigned char index_i = arc4_state_inout[256]; - unsigned char index_j = arc4_state_inout[257]; - size_t ind; - - for( ind = 0; ind < len; ind++) { - unsigned char tc; - unsigned char t; - - index_i++; - index_j += arc4_state_inout[index_i]; - - tc = arc4_state_inout[index_i]; - arc4_state_inout[index_i] = arc4_state_inout[index_j]; - arc4_state_inout[index_j] = tc; - - t = arc4_state_inout[index_i] + arc4_state_inout[index_j]; - data[ind] = data[ind] ^ arc4_state_inout[t]; - } - - arc4_state_inout[256] = index_i; - arc4_state_inout[257] = index_j; -} diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c index 4590b812c5..57314c55df 100644 --- a/source3/lib/genrand.c +++ b/source3/lib/genrand.c @@ -21,7 +21,7 @@ #include "includes.h" -static unsigned char smb_arc4_state[258]; +static struct arcfour_state smb_arc4_state; static uint32 counter; static bool done_reseed = False; @@ -89,6 +89,7 @@ static void do_filehash(const char *fname, unsigned char *the_hash) static int do_reseed(bool use_fd, int fd) { unsigned char seed_inbuf[40]; + DATA_BLOB seed_blob = { seed_inbuf, 40 }; uint32 v1, v2; struct timeval tval; pid_t mypid; struct passwd *pw; int reseed_data = 0; @@ -146,7 +147,7 @@ static int do_reseed(bool use_fd, int fd) seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)]; } - smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf)); + arcfour_init(&smb_arc4_state, &seed_blob); return -1; } @@ -190,7 +191,7 @@ void generate_random_buffer( unsigned char *out, int len) while(len > 0) { int copy_len = len > 16 ? 16 : len; - smb_arc4_crypt(smb_arc4_state, md4_buf, sizeof(md4_buf)); + arcfour_crypt_sbox(&smb_arc4_state, md4_buf, sizeof(md4_buf)); mdfour(tmp_buf, md4_buf, sizeof(md4_buf)); memcpy(p, tmp_buf, copy_len); p += copy_len; diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index 1abdf61b7f..5120544058 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -101,10 +101,10 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { switch (direction) { case NTLMSSP_SEND: - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, digest, 8); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8); break; case NTLMSSP_RECEIVE: - smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, digest, 8); + arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8); break; } } @@ -126,7 +126,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state, sizeof(ntlmssp_state->ntlmv1_arc4_state)); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); } return NT_STATUS_OK; } @@ -259,9 +259,9 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, return nt_status; } - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); } } else { uint32 crc; @@ -276,12 +276,12 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, sizeof(ntlmssp_state->ntlmv1_arc4_state)); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length); dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, sizeof(ntlmssp_state->ntlmv1_arc4_state)); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); ntlmssp_state->ntlmv1_seq_num++; } @@ -311,10 +311,10 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state, if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { /* First unseal the data. */ - smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length); dump_data_pw("ntlmv2 clear data\n", data, length); } else { - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length); dump_data_pw("ntlmv1 clear data\n", data, length); } return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig); @@ -397,7 +397,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) dump_data_pw("NTLMSSP send seal key:\n", ntlmssp_state->send_seal_key, 16); - smb_arc4_init(ntlmssp_state->send_seal_arc4_state, + arcfour_init(&ntlmssp_state->send_seal_arc4_state, ntlmssp_state->send_seal_key, 16); dump_data_pw("NTLMSSP send seal arc4 state:\n", @@ -417,7 +417,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) dump_data_pw("NTLMSSP recv seal key:\n", ntlmssp_state->recv_seal_key, 16); - smb_arc4_init(ntlmssp_state->recv_seal_arc4_state, + arcfour_init(&ntlmssp_state->recv_seal_arc4_state, ntlmssp_state->recv_seal_key, 16); dump_data_pw("NTLMSSP recv seal arc4 state:\n", @@ -454,7 +454,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state, + arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, weak_session_key.data, weak_session_key.length); dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index 98d5cd05b7..4869fc54a4 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -388,18 +388,18 @@ void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len) { - unsigned char arc4_state[258]; + struct arcfour_state arc4_state; - smb_arc4_init(arc4_state, key, 16); - smb_arc4_crypt(arc4_state, data, len); + arcfour_init(&arc4_state, key, 16); + arcfour_crypt_sbox(&arc4_state, data, len); } void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key) { - unsigned char arc4_state[258]; + struct arcfour_state arc4_state; - smb_arc4_init(arc4_state, key->data, key->length); - smb_arc4_crypt(arc4_state, data, len); + arcfour_init(&arc4_state, key); + arcfour_crypt_sbox(&arc4_state, data, len); } /* Decode a sam password hash into a password. The password hash is the |