summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/crypto/arcfour.h15
-rw-r--r--lib/crypto/crypto.h11
-rw-r--r--source3/Makefile.in4
-rw-r--r--source3/include/includes.h1
-rw-r--r--source3/include/ntlmssp.h6
-rw-r--r--source3/include/proto.h5
-rw-r--r--source3/lib/arc4.c79
-rw-r--r--source3/lib/genrand.c7
-rw-r--r--source3/libsmb/ntlmssp_sign.c24
-rw-r--r--source3/libsmb/smbdes.c12
10 files changed, 44 insertions, 120 deletions
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
new file mode 100644
index 0000000000..501b3f2fab
--- /dev/null
+++ b/lib/crypto/arcfour.h
@@ -0,0 +1,15 @@
+#ifndef ARCFOUR_HEADER_H
+#define ARCFOUR_HEADER_H
+
+struct arcfour_state {
+ uint8_t sbox[256];
+ uint8_t index_i;
+ uint8_t index_j;
+};
+
+void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
+void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
+void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
+void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
+
+#endif /* ARCFOUR_HEADER_H */
diff --git a/lib/crypto/crypto.h b/lib/crypto/crypto.h
index 9cb16ad344..0a43cbe7d4 100644
--- a/lib/crypto/crypto.h
+++ b/lib/crypto/crypto.h
@@ -23,15 +23,6 @@
#include "../lib/crypto/hmacmd5.h"
#include "../lib/crypto/sha256.h"
#include "../lib/crypto/hmacsha256.h"
+#include "../lib/crypto/arcfour.h"
-struct arcfour_state {
- uint8_t sbox[256];
- uint8_t index_i;
- uint8_t index_j;
-};
-
-void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
-void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
-void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
-void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 9e0a1179f3..b8ce0523dd 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -328,8 +328,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \
lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \
lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
- ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o lib/arc4.o lib/iconv.o \
- lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
+ ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
+ lib/iconv.o lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
lib/adt_tree.o lib/gencache.o \
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 79495a7ecf..0417a7e01c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -687,6 +687,7 @@ typedef char fstring[FSTRING_LEN];
#include "msdfs.h"
#include "rap.h"
#include "../lib/crypto/md5.h"
+#include "../lib/crypto/arcfour.h"
#include "../lib/crypto/crc32.h"
#include "../lib/crypto/hmacmd5.h"
#include "ntlmssp.h"
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 3fb41c5613..b014b2170c 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -157,14 +157,14 @@ typedef struct ntlmssp_state
unsigned char recv_sign_key[16];
unsigned char recv_seal_key[16];
- unsigned char send_seal_arc4_state[258];
- unsigned char recv_seal_arc4_state[258];
+ struct arcfour_state send_seal_arc4_state;
+ struct arcfour_state recv_seal_arc4_state;
uint32 ntlm2_send_seq_num;
uint32 ntlm2_recv_seq_num;
/* ntlmv1 */
- unsigned char ntlmv1_arc4_state[258];
+ struct arcfour_state ntlmv1_arc4_state;
uint32 ntlmv1_seq_num;
/* it turns out that we don't always get the
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b1c4d2e5d9..198248c517 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -312,11 +312,6 @@ int afs_syscall( int subcall,
bool afs_settoken_str(const char *token_string);
bool afs_settoken_str(const char *token_string);
-/* The following definitions come from lib/arc4.c */
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen);
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len);
-
/* The following definitions come from lib/audit.c */
const char *audit_category_str(uint32 category);
diff --git a/source3/lib/arc4.c b/source3/lib/arc4.c
deleted file mode 100644
index af2564b6c0..0000000000
--- a/source3/lib/arc4.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- An implementation of arc4.
-
- Copyright (C) Jeremy Allison 2005.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/*****************************************************************
- Initialize state for an arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen)
-{
- size_t ind;
- unsigned char j = 0;
-
- for (ind = 0; ind < 256; ind++) {
- arc4_state_out[ind] = (unsigned char)ind;
- }
-
- for( ind = 0; ind < 256; ind++) {
- unsigned char tc;
-
- j += (arc4_state_out[ind] + key[ind%keylen]);
-
- tc = arc4_state_out[ind];
- arc4_state_out[ind] = arc4_state_out[j];
- arc4_state_out[j] = tc;
- }
- arc4_state_out[256] = 0;
- arc4_state_out[257] = 0;
-}
-
-/*****************************************************************
- Do the arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len)
-{
- unsigned char index_i = arc4_state_inout[256];
- unsigned char index_j = arc4_state_inout[257];
- size_t ind;
-
- for( ind = 0; ind < len; ind++) {
- unsigned char tc;
- unsigned char t;
-
- index_i++;
- index_j += arc4_state_inout[index_i];
-
- tc = arc4_state_inout[index_i];
- arc4_state_inout[index_i] = arc4_state_inout[index_j];
- arc4_state_inout[index_j] = tc;
-
- t = arc4_state_inout[index_i] + arc4_state_inout[index_j];
- data[ind] = data[ind] ^ arc4_state_inout[t];
- }
-
- arc4_state_inout[256] = index_i;
- arc4_state_inout[257] = index_j;
-}
diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
index 4590b812c5..57314c55df 100644
--- a/source3/lib/genrand.c
+++ b/source3/lib/genrand.c
@@ -21,7 +21,7 @@
#include "includes.h"
-static unsigned char smb_arc4_state[258];
+static struct arcfour_state smb_arc4_state;
static uint32 counter;
static bool done_reseed = False;
@@ -89,6 +89,7 @@ static void do_filehash(const char *fname, unsigned char *the_hash)
static int do_reseed(bool use_fd, int fd)
{
unsigned char seed_inbuf[40];
+ DATA_BLOB seed_blob = { seed_inbuf, 40 };
uint32 v1, v2; struct timeval tval; pid_t mypid;
struct passwd *pw;
int reseed_data = 0;
@@ -146,7 +147,7 @@ static int do_reseed(bool use_fd, int fd)
seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)];
}
- smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf));
+ arcfour_init(&smb_arc4_state, &seed_blob);
return -1;
}
@@ -190,7 +191,7 @@ void generate_random_buffer( unsigned char *out, int len)
while(len > 0) {
int copy_len = len > 16 ? 16 : len;
- smb_arc4_crypt(smb_arc4_state, md4_buf, sizeof(md4_buf));
+ arcfour_crypt_sbox(&smb_arc4_state, md4_buf, sizeof(md4_buf));
mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
memcpy(p, tmp_buf, copy_len);
p += copy_len;
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 1abdf61b7f..5120544058 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -101,10 +101,10 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
switch (direction) {
case NTLMSSP_SEND:
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, digest, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8);
break;
case NTLMSSP_RECEIVE:
- smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, digest, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8);
break;
}
}
@@ -126,7 +126,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state,
sizeof(ntlmssp_state->ntlmv1_arc4_state));
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
}
return NT_STATUS_OK;
}
@@ -259,9 +259,9 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
return nt_status;
}
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
}
} else {
uint32 crc;
@@ -276,12 +276,12 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
sizeof(ntlmssp_state->ntlmv1_arc4_state));
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
sizeof(ntlmssp_state->ntlmv1_arc4_state));
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
ntlmssp_state->ntlmv1_seq_num++;
}
@@ -311,10 +311,10 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
/* First unseal the data. */
- smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length);
dump_data_pw("ntlmv2 clear data\n", data, length);
} else {
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
dump_data_pw("ntlmv1 clear data\n", data, length);
}
return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
@@ -397,7 +397,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
dump_data_pw("NTLMSSP send seal key:\n",
ntlmssp_state->send_seal_key, 16);
- smb_arc4_init(ntlmssp_state->send_seal_arc4_state,
+ arcfour_init(&ntlmssp_state->send_seal_arc4_state,
ntlmssp_state->send_seal_key, 16);
dump_data_pw("NTLMSSP send seal arc4 state:\n",
@@ -417,7 +417,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
dump_data_pw("NTLMSSP recv seal key:\n",
ntlmssp_state->recv_seal_key, 16);
- smb_arc4_init(ntlmssp_state->recv_seal_arc4_state,
+ arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
ntlmssp_state->recv_seal_key, 16);
dump_data_pw("NTLMSSP recv seal arc4 state:\n",
@@ -454,7 +454,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
- smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state,
+ arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
weak_session_key.data, weak_session_key.length);
dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 98d5cd05b7..4869fc54a4 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -388,18 +388,18 @@ void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned
void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len)
{
- unsigned char arc4_state[258];
+ struct arcfour_state arc4_state;
- smb_arc4_init(arc4_state, key, 16);
- smb_arc4_crypt(arc4_state, data, len);
+ arcfour_init(&arc4_state, key, 16);
+ arcfour_crypt_sbox(&arc4_state, data, len);
}
void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key)
{
- unsigned char arc4_state[258];
+ struct arcfour_state arc4_state;
- smb_arc4_init(arc4_state, key->data, key->length);
- smb_arc4_crypt(arc4_state, data, len);
+ arcfour_init(&arc4_state, key);
+ arcfour_crypt_sbox(&arc4_state, data, len);
}
/* Decode a sam password hash into a password. The password hash is the