From b65e6f0c0da1ecb8d1b05a4190c1dc77ed9b465e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 6 Jan 2010 15:45:38 +0100 Subject: s3:ntlmssp: inline ntlmssp_weaken_keys() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit metze Signed-off-by: Günther Deschner --- source3/libsmb/ntlmssp.c | 41 -------------------------- source3/libsmb/ntlmssp_sign.c | 67 ++++++++++++++++++++++++------------------- 2 files changed, 37 insertions(+), 71 deletions(-) diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 1ca9810b5d..4c1fd24e3b 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -438,47 +438,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, } } -/** - Weaken NTLMSSP keys to cope with down-level clients and servers. - - We probably should have some parameters to control this, but as - it only occours for LM_KEY connections, and this is controlled - by the client lanman auth/lanman auth parameters, it isn't too bad. -*/ - -DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx) -{ - DATA_BLOB weakened_key = data_blob_talloc(mem_ctx, - ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - - /* Nothing to weaken. We certainly don't want to 'extend' the length... */ - if (weakened_key.length < 16) { - /* perhaps there was no key? */ - return weakened_key; - } - - /* Key weakening not performed on the master key for NTLM2 - and does not occour for NTLM1. Therefore we only need - to do this for the LM_KEY. - */ - - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - /* LM key doesn't support 128 bit crypto, so this is - * the best we can do. If you negotiate 128 bit, but - * not 56, you end up with 40 bit... */ - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - weakened_key.data[7] = 0xa0; - } else { /* forty bits */ - weakened_key.data[5] = 0xe5; - weakened_key.data[6] = 0x38; - weakened_key.data[7] = 0xb0; - } - weakened_key.length = 8; - } - return weakened_key; -} - /** * Next state function for the Negotiate packet * diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index e3d53ab137..26d35f9980 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -331,18 +331,10 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state, */ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("weak_keys"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n")); debug_ntlmssp_flags(ntlmssp_state->neg_flags); if (ntlmssp_state->session_key.length < 8) { - TALLOC_FREE(mem_ctx); DEBUG(3, ("NO session key, cannot intialise signing\n")); return NT_STATUS_NO_USER_SESSION_KEY; } @@ -374,7 +366,6 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) recv_seal_const = CLI_SEAL; break; default: - TALLOC_FREE(mem_ctx); return NT_STATUS_INTERNAL_ERROR; } @@ -434,33 +425,50 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) } else { -#if 0 - /* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */ + uint8_t weak_session_key[8]; + DATA_BLOB seal_session_key = ntlmssp_state->session_key; + bool do_weak = false; - DATA_BLOB weak_session_key = ntlmssp_state->session_key; - /** - Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. - We probably should have some parameters to control this, once we get NTLM2 working. - */ + DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { - ; - } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - weak_session_key.length = 6; - } else { /* forty bits */ - weak_session_key.length = 5; + /* + * Key weakening not performed on the master key for NTLM2 + * and does not occour for NTLM1. Therefore we only need + * to do this for the LM_KEY. + */ + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { + do_weak = true; } - dump_data_pw("NTLMSSP weakend master key:\n", - weak_session_key.data, - weak_session_key.length); -#endif - DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx); + /* + * Nothing to weaken. + * We certainly don't want to 'extend' the length... + */ + if (seal_session_key.length < 16) { + /* TODO: is this really correct? */ + do_weak = false; + } - DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); + if (do_weak) { + memcpy(weak_session_key, seal_session_key.data, 8); + seal_session_key = data_blob_const(weak_session_key, 8); + + /* + * LM key doesn't support 128 bit crypto, so this is + * the best we can do. If you negotiate 128 bit, but + * not 56, you end up with 40 bit... + */ + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { + weak_session_key[7] = 0xa0; + } else { /* forty bits */ + weak_session_key[5] = 0xe5; + weak_session_key[6] = 0x38; + weak_session_key[7] = 0xb0; + } + } arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, - &weak_session_key); + &seal_session_key); dump_arc4_state("NTLMv1 arc4 state:\n", &ntlmssp_state->ntlmv1_arc4_state); @@ -468,6 +476,5 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->ntlmv1_seq_num = 0; } - TALLOC_FREE(mem_ctx); return NT_STATUS_OK; } -- cgit