From 0237389ce765cbb6825b79de1b0727da0969efeb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Aug 2004 01:34:01 +0000 Subject: [PATCH] r2099: Get rid of another private ARCFOUR implementation from the codebase. Andrew Bartlett --- source/libcli/auth/ntlmssp.h | 8 +- source/libcli/auth/ntlmssp_sign.c | 135 ++++++++++-------------------- source/libcli/util/smbdes.c | 42 +++++++--- 3 files changed, 77 insertions(+), 108 deletions(-) diff --git a/source/libcli/auth/ntlmssp.h b/source/libcli/auth/ntlmssp.h index b7fc914b75c..61285e472b4 100644 --- a/source/libcli/auth/ntlmssp.h +++ b/source/libcli/auth/ntlmssp.h @@ -166,10 +166,10 @@ struct ntlmssp_state uint32_t ntlmssp_seq_num; /* ntlmv2 */ - char send_sign_key[16]; - char send_seal_key[16]; - char recv_sign_key[16]; - char recv_seal_key[16]; + DATA_BLOB send_sign_key; + DATA_BLOB send_seal_key; + DATA_BLOB recv_sign_key; + DATA_BLOB recv_seal_key; uint8_t send_seal_hash[258]; uint8_t recv_seal_hash[258]; diff --git a/source/libcli/auth/ntlmssp_sign.c b/source/libcli/auth/ntlmssp_sign.c index 6c770b87b90..ca3660eea7d 100644 --- a/source/libcli/auth/ntlmssp_sign.c +++ b/source/libcli/auth/ntlmssp_sign.c @@ -27,57 +27,6 @@ #define SRV_SIGN "session key to server-to-client signing key magic constant" #define SRV_SEAL "session key to server-to-client sealing key magic constant" -static void NTLMSSPcalc_ap(uint8_t *hash, uint8_t *data, int len) -{ - uint8_t index_i = hash[256]; - uint8_t index_j = hash[257]; - int ind; - - for (ind = 0; ind < len; ind++) - { - uint8_t tc; - uint8_t t; - - index_i++; - index_j += hash[index_i]; - - tc = hash[index_i]; - hash[index_i] = hash[index_j]; - hash[index_j] = tc; - - t = hash[index_i] + hash[index_j]; - data[ind] = data[ind] ^ hash[t]; - } - - hash[256] = index_i; - hash[257] = index_j; -} - -static void calc_hash(uint8_t hash[258], const uint8 *key, size_t key_len) -{ - uint8_t j = 0; - int ind; - - for (ind = 0; ind < 256; ind++) - { - hash[ind] = (uint8_t)ind; - } - - for (ind = 0; ind < 256; ind++) - { - uint8_t tc; - - j += (hash[ind] + key[ind%key_len]); - - tc = hash[ind]; - hash[ind] = hash[j]; - hash[j] = tc; - } - - hash[256] = 0; - hash[257] = 0; -} - /** * Some notes on then NTLM2 code: * @@ -94,16 +43,17 @@ static void calc_hash(uint8_t hash[258], const uint8 *key, size_t key_len) * */ -static void calc_ntlmv2_key(uint8_t subkey[16], +static void calc_ntlmv2_key(TALLOC_CTX *mem_ctx, + DATA_BLOB *subkey, DATA_BLOB session_key, const char *constant) { struct MD5Context ctx3; - + *subkey = data_blob_talloc(mem_ctx, NULL, 16); MD5Init(&ctx3); MD5Update(&ctx3, session_key.data, session_key.length); MD5Update(&ctx3, constant, strlen(constant)+1); - MD5Final(subkey, &ctx3); + MD5Final(subkey->data, &ctx3); } enum ntlmssp_direction { @@ -120,31 +70,31 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { HMACMD5Context ctx; - uint8_t seq_num[4]; uint8_t digest[16]; + uint8_t seq_num[4]; SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num); switch (direction) { case NTLMSSP_SEND: - hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, - sizeof(ntlmssp_state->send_sign_key), &ctx); + hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key.data, + ntlmssp_state->send_sign_key.length, &ctx); break; case NTLMSSP_RECEIVE: - hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, - sizeof(ntlmssp_state->recv_sign_key), &ctx); + hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key.data, + ntlmssp_state->recv_sign_key.length, &ctx); break; } - hmac_md5_update(seq_num, 4, &ctx); + hmac_md5_update(seq_num, sizeof(seq_num), &ctx); hmac_md5_update(data, length, &ctx); hmac_md5_final(digest, &ctx); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { switch (direction) { case NTLMSSP_SEND: - NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, digest, 8); + arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, digest, 8); break; case NTLMSSP_RECEIVE: - NTLMSSPcalc_ap(ntlmssp_state->recv_seal_hash, digest, 8); + arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, digest, 8); break; } } @@ -160,7 +110,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat return NT_STATUS_NO_MEMORY; } - NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); + arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); } dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length); return NT_STATUS_OK; @@ -286,8 +236,8 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state, uint8_t digest[16]; SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num); - hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, - sizeof(ntlmssp_state->send_sign_key), &ctx); + hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key.data, + ntlmssp_state->send_sign_key.length, &ctx); hmac_md5_update(seq_num, 4, &ctx); hmac_md5_update(data, length, &ctx); hmac_md5_final(digest, &ctx); @@ -296,10 +246,10 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state, then seal the sequence number - this is becouse the send_seal_hash is not constant, but is is rather updated with each iteration */ - NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { - NTLMSSPcalc_ap(ntlmssp_state->send_seal_hash, digest, 8); + arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, digest, 8); } *sig = data_blob_talloc(sig_mem_ctx, NULL, 16); @@ -317,9 +267,9 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state, then seal the sequence number - this is becouse the ntlmssp_hash is not constant, but is is rather updated with each iteration */ - NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length); - NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); + arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); } dump_data_pw("ntlmssp signature\n", sig->data, sig->length); dump_data_pw("ntlmssp sealed data\n", data, length); @@ -347,9 +297,9 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state, dump_data_pw("ntlmssp sealed data\n", data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - NTLMSSPcalc_ap(ntlmssp_state->recv_seal_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, data, length); } else { - NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length); } dump_data_pw("ntlmssp clear data\n", data, length); @@ -414,41 +364,43 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) weak_session_key.length); /* SEND */ - calc_ntlmv2_key(ntlmssp_state->send_sign_key, + calc_ntlmv2_key(ntlmssp_state->mem_ctx, + &ntlmssp_state->send_sign_key, ntlmssp_state->session_key, send_sign_const); dump_data_pw("NTLMSSP send sign key:\n", - ntlmssp_state->send_sign_key, - sizeof(ntlmssp_state->send_sign_key)); + ntlmssp_state->send_sign_key.data, + ntlmssp_state->send_sign_key.length); - calc_ntlmv2_key(ntlmssp_state->send_seal_key, + calc_ntlmv2_key(ntlmssp_state->mem_ctx, + &ntlmssp_state->send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", - ntlmssp_state->send_seal_key, - sizeof(ntlmssp_state->send_seal_key)); + ntlmssp_state->send_seal_key.data, + ntlmssp_state->send_seal_key.length); - calc_hash(ntlmssp_state->send_seal_hash, - ntlmssp_state->send_seal_key, - sizeof(ntlmssp_state->send_seal_key)); + arcfour_init(ntlmssp_state->send_seal_hash, + &ntlmssp_state->send_seal_key); dump_data_pw("NTLMSSP send sesl hash:\n", ntlmssp_state->send_seal_hash, sizeof(ntlmssp_state->send_seal_hash)); /* RECV */ - calc_ntlmv2_key(ntlmssp_state->recv_sign_key, + calc_ntlmv2_key(ntlmssp_state->mem_ctx, + &ntlmssp_state->recv_sign_key, ntlmssp_state->session_key, recv_sign_const); dump_data_pw("NTLMSSP recv sign key:\n", - ntlmssp_state->recv_sign_key, - sizeof(ntlmssp_state->recv_sign_key)); + ntlmssp_state->recv_sign_key.data, + ntlmssp_state->recv_sign_key.length); - calc_ntlmv2_key(ntlmssp_state->recv_seal_key, + calc_ntlmv2_key(ntlmssp_state->mem_ctx, + &ntlmssp_state->recv_seal_key, weak_session_key, recv_seal_const); dump_data_pw("NTLMSSP recv seal key:\n", - ntlmssp_state->recv_seal_key, - sizeof(ntlmssp_state->recv_seal_key)); - calc_hash(ntlmssp_state->recv_seal_hash, - ntlmssp_state->recv_seal_key, - sizeof(ntlmssp_state->recv_seal_key)); + ntlmssp_state->recv_seal_key.data, + ntlmssp_state->recv_seal_key.length); + arcfour_init(ntlmssp_state->recv_seal_hash, + &ntlmssp_state->recv_seal_key); dump_data_pw("NTLMSSP receive seal hash:\n", ntlmssp_state->recv_seal_hash, @@ -456,9 +408,8 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) } else { DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - calc_hash(ntlmssp_state->ntlmssp_hash, - ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); + arcfour_init(ntlmssp_state->ntlmssp_hash, + &ntlmssp_state->session_key); dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash, sizeof(ntlmssp_state->ntlmssp_hash)); } diff --git a/source/libcli/util/smbdes.c b/source/libcli/util/smbdes.c index 99c2c009772..a7c8f760ea0 100644 --- a/source/libcli/util/smbdes.c +++ b/source/libcli/util/smbdes.c @@ -364,30 +364,36 @@ void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int des_crypt56(out + 8, in + 8, key+7, forw); } -/* - arcfour encryption with a blob key -*/ -void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) +/* initialise the arcfour sbox with key */ +void arcfour_init(uint8_t s_box[256], const DATA_BLOB *key) { - uint8_t s_box[256]; - uint8_t index_i = 0; - uint8_t index_j = 0; - uint8_t j = 0; int ind; - + uint8_t j = 0; for (ind = 0; ind < 256; ind++) { s_box[ind] = (uint8_t)ind; } - + for (ind = 0; ind < 256; ind++) { uint8_t tc; - + j += (s_box[ind] + key->data[ind%key->length]); - + tc = s_box[ind]; s_box[ind] = s_box[j]; s_box[j] = tc; } + s_box[256] = 0; /* i */ + s_box[257] = 0; /* j */ + +} + +/* crypt the data with arcfour */ +void arcfour_crypt_sbox(uint8_t s_box[258], uint8_t *data, int len) +{ + uint8_t index_i = s_box[256]; + uint8_t index_j = s_box[257]; + int ind; + for (ind = 0; ind < len; ind++) { uint8_t tc; uint8_t t; @@ -402,6 +408,18 @@ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) t = s_box[index_i] + s_box[index_j]; data[ind] = data[ind] ^ s_box[t]; } + s_box[256] = index_i; + s_box[257] = index_j; +} + +/* + arcfour encryption with a blob key +*/ +void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) +{ + uint8_t s_box[258]; + arcfour_init(s_box, key); + arcfour_crypt_sbox(s_box, data, len); } /*