diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 4 | ||||
-rw-r--r-- | source3/include/includes.h | 1 | ||||
-rw-r--r-- | source3/include/ntlmssp.h | 6 | ||||
-rw-r--r-- | source3/include/proto.h | 5 | ||||
-rw-r--r-- | source3/lib/arc4.c | 79 | ||||
-rw-r--r-- | source3/lib/genrand.c | 7 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_sign.c | 66 | ||||
-rw-r--r-- | source3/libsmb/smbdes.c | 13 |
8 files changed, 54 insertions, 127 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 8bee54d075..09c054a1e3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -330,8 +330,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \ lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \ lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \ lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \ - ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o lib/arc4.o lib/iconv.o \ - lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \ + ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \ + lib/iconv.o lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \ lib/adt_tree.o lib/gencache.o \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \ diff --git a/source3/include/includes.h b/source3/include/includes.h index 79495a7ecf..0417a7e01c 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -687,6 +687,7 @@ typedef char fstring[FSTRING_LEN]; #include "msdfs.h" #include "rap.h" #include "../lib/crypto/md5.h" +#include "../lib/crypto/arcfour.h" #include "../lib/crypto/crc32.h" #include "../lib/crypto/hmacmd5.h" #include "ntlmssp.h" diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 3fb41c5613..b014b2170c 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -157,14 +157,14 @@ typedef struct ntlmssp_state unsigned char recv_sign_key[16]; unsigned char recv_seal_key[16]; - unsigned char send_seal_arc4_state[258]; - unsigned char recv_seal_arc4_state[258]; + struct arcfour_state send_seal_arc4_state; + struct arcfour_state recv_seal_arc4_state; uint32 ntlm2_send_seq_num; uint32 ntlm2_recv_seq_num; /* ntlmv1 */ - unsigned char ntlmv1_arc4_state[258]; + struct arcfour_state ntlmv1_arc4_state; uint32 ntlmv1_seq_num; /* it turns out that we don't always get the diff --git a/source3/include/proto.h b/source3/include/proto.h index fc497b6966..3df87a6c34 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -315,11 +315,6 @@ int afs_syscall( int subcall, bool afs_settoken_str(const char *token_string); bool afs_settoken_str(const char *token_string); -/* The following definitions come from lib/arc4.c */ - -void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen); -void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len); - /* The following definitions come from lib/audit.c */ const char *audit_category_str(uint32 category); diff --git a/source3/lib/arc4.c b/source3/lib/arc4.c deleted file mode 100644 index af2564b6c0..0000000000 --- a/source3/lib/arc4.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - An implementation of arc4. - - Copyright (C) Jeremy Allison 2005. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/***************************************************************** - Initialize state for an arc4 crypt/decrpyt. - arc4 state is 258 bytes - last 2 bytes are the index bytes. -*****************************************************************/ - -void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen) -{ - size_t ind; - unsigned char j = 0; - - for (ind = 0; ind < 256; ind++) { - arc4_state_out[ind] = (unsigned char)ind; - } - - for( ind = 0; ind < 256; ind++) { - unsigned char tc; - - j += (arc4_state_out[ind] + key[ind%keylen]); - - tc = arc4_state_out[ind]; - arc4_state_out[ind] = arc4_state_out[j]; - arc4_state_out[j] = tc; - } - arc4_state_out[256] = 0; - arc4_state_out[257] = 0; -} - -/***************************************************************** - Do the arc4 crypt/decrpyt. - arc4 state is 258 bytes - last 2 bytes are the index bytes. -*****************************************************************/ - -void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len) -{ - unsigned char index_i = arc4_state_inout[256]; - unsigned char index_j = arc4_state_inout[257]; - size_t ind; - - for( ind = 0; ind < len; ind++) { - unsigned char tc; - unsigned char t; - - index_i++; - index_j += arc4_state_inout[index_i]; - - tc = arc4_state_inout[index_i]; - arc4_state_inout[index_i] = arc4_state_inout[index_j]; - arc4_state_inout[index_j] = tc; - - t = arc4_state_inout[index_i] + arc4_state_inout[index_j]; - data[ind] = data[ind] ^ arc4_state_inout[t]; - } - - arc4_state_inout[256] = index_i; - arc4_state_inout[257] = index_j; -} diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c index 4590b812c5..57314c55df 100644 --- a/source3/lib/genrand.c +++ b/source3/lib/genrand.c @@ -21,7 +21,7 @@ #include "includes.h" -static unsigned char smb_arc4_state[258]; +static struct arcfour_state smb_arc4_state; static uint32 counter; static bool done_reseed = False; @@ -89,6 +89,7 @@ static void do_filehash(const char *fname, unsigned char *the_hash) static int do_reseed(bool use_fd, int fd) { unsigned char seed_inbuf[40]; + DATA_BLOB seed_blob = { seed_inbuf, 40 }; uint32 v1, v2; struct timeval tval; pid_t mypid; struct passwd *pw; int reseed_data = 0; @@ -146,7 +147,7 @@ static int do_reseed(bool use_fd, int fd) seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)]; } - smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf)); + arcfour_init(&smb_arc4_state, &seed_blob); return -1; } @@ -190,7 +191,7 @@ void generate_random_buffer( unsigned char *out, int len) while(len > 0) { int copy_len = len > 16 ? 16 : len; - smb_arc4_crypt(smb_arc4_state, md4_buf, sizeof(md4_buf)); + arcfour_crypt_sbox(&smb_arc4_state, md4_buf, sizeof(md4_buf)); mdfour(tmp_buf, md4_buf, sizeof(md4_buf)); memcpy(p, tmp_buf, copy_len); p += copy_len; diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index 1abdf61b7f..d3d358d332 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -35,6 +35,12 @@ * */ +static void dump_arc4_state(const char *description, + struct arcfour_state *state) +{ + dump_data_pw(description, state->sbox, sizeof(state->sbox)); +} + static void calc_ntlmv2_key(unsigned char subkey[16], DATA_BLOB session_key, const char *constant) @@ -101,10 +107,10 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { switch (direction) { case NTLMSSP_SEND: - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, digest, 8); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8); break; case NTLMSSP_RECEIVE: - smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, digest, 8); + arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8); break; } } @@ -124,9 +130,8 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, ntlmssp_state->ntlmv1_seq_num++; - dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state, - sizeof(ntlmssp_state->ntlmv1_arc4_state)); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); + dump_arc4_state("ntlmssp hash: \n", &ntlmssp_state->ntlmv1_arc4_state); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); } return NT_STATUS_OK; } @@ -259,9 +264,9 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, return nt_status; } - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { - smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); + arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); } } else { uint32 crc; @@ -274,14 +279,14 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, then seal the sequence number - this is becouse the ntlmv1_arc4_state is not constant, but is is rather updated with each iteration */ - dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, - sizeof(ntlmssp_state->ntlmv1_arc4_state)); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); + dump_arc4_state("ntlmv1 arc4 state:\n", + &ntlmssp_state->ntlmv1_arc4_state); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length); - dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, - sizeof(ntlmssp_state->ntlmv1_arc4_state)); + dump_arc4_state("ntlmv1 arc4 state:\n", + &ntlmssp_state->ntlmv1_arc4_state); - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); ntlmssp_state->ntlmv1_seq_num++; } @@ -311,10 +316,10 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state, if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { /* First unseal the data. */ - smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length); dump_data_pw("ntlmv2 clear data\n", data, length); } else { - smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); + arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length); dump_data_pw("ntlmv1 clear data\n", data, length); } return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig); @@ -349,6 +354,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) const char *send_seal_const; const char *recv_sign_const; const char *recv_seal_const; + DATA_BLOB send_seal_key_blob, recv_seal_blob; switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: @@ -397,12 +403,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) dump_data_pw("NTLMSSP send seal key:\n", ntlmssp_state->send_seal_key, 16); - smb_arc4_init(ntlmssp_state->send_seal_arc4_state, - ntlmssp_state->send_seal_key, 16); + send_seal_key_blob.data = ntlmssp_state->send_seal_key; + send_seal_key_blob.length = 16; + arcfour_init(&ntlmssp_state->send_seal_arc4_state, + &send_seal_key_blob); - dump_data_pw("NTLMSSP send seal arc4 state:\n", - ntlmssp_state->send_seal_arc4_state, - sizeof(ntlmssp_state->send_seal_arc4_state)); + dump_arc4_state("NTLMSSP send seal arc4 state:\n", + &ntlmssp_state->send_seal_arc4_state); /* RECV: sign key */ calc_ntlmv2_key(ntlmssp_state->recv_sign_key, @@ -417,12 +424,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) dump_data_pw("NTLMSSP recv seal key:\n", ntlmssp_state->recv_seal_key, 16); - smb_arc4_init(ntlmssp_state->recv_seal_arc4_state, - ntlmssp_state->recv_seal_key, 16); + recv_seal_blob.data = ntlmssp_state->recv_seal_key; + recv_seal_blob.length = 16; + arcfour_init(&ntlmssp_state->recv_seal_arc4_state, + &recv_seal_blob); - dump_data_pw("NTLMSSP recv seal arc4 state:\n", - ntlmssp_state->recv_seal_arc4_state, - sizeof(ntlmssp_state->recv_seal_arc4_state)); + dump_arc4_state("NTLMSSP recv seal arc4 state:\n", + &ntlmssp_state->recv_seal_arc4_state); ntlmssp_state->ntlm2_send_seq_num = 0; ntlmssp_state->ntlm2_recv_seq_num = 0; @@ -454,11 +462,11 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state, - weak_session_key.data, weak_session_key.length); + arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, + &weak_session_key); - dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, - sizeof(ntlmssp_state->ntlmv1_arc4_state)); + dump_arc4_state("NTLMv1 arc4 state:\n", + &ntlmssp_state->ntlmv1_arc4_state); ntlmssp_state->ntlmv1_seq_num = 0; } diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index 98d5cd05b7..76779e2d27 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -388,18 +388,19 @@ void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len) { - unsigned char arc4_state[258]; + struct arcfour_state arc4_state; + DATA_BLOB keyblob = { key, 16 }; - smb_arc4_init(arc4_state, key, 16); - smb_arc4_crypt(arc4_state, data, len); + arcfour_init(&arc4_state, &keyblob); + arcfour_crypt_sbox(&arc4_state, data, len); } void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key) { - unsigned char arc4_state[258]; + struct arcfour_state arc4_state; - smb_arc4_init(arc4_state, key->data, key->length); - smb_arc4_crypt(arc4_state, data, len); + arcfour_init(&arc4_state, key); + arcfour_crypt_sbox(&arc4_state, data, len); } /* Decode a sam password hash into a password. The password hash is the |