2025-08-04 08:22:08 +03:00 · 1997-09-16 04:41:16 +00:00
parent 72b02acd7e
commit 57c2578cb2
4 changed files with 65 additions and 45 deletions
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@ -786,13 +786,11 @@ BOOL smb_shm_get_usage(int *bytes_free,

 /*The following definitions come from  smbdes.c  */

-void smbdes(unsigned char *out, unsigned char *in, unsigned char *key);
+void E_P16(unsigned char *p14,unsigned char *p16);
+void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);

 /*The following definitions come from  smbencrypt.c  */

-void E1(uchar *k, uchar *d, uchar *out);
-void E_P16(uchar *p14,uchar *p16);
-void E_P24(uchar *p21, uchar *c8, uchar *p24);
 void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24);
 void E_md4hash(uchar *passwd, uchar *p16);
 void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24);
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@ -1,7 +1,10 @@
 /* 
   Unix SMB/Netbios implementation.
   Version 1.9.
-   a implementation of DES designed for use in the SMB authentication protocol
+
+   a partial implementation of DES designed for use in the 
+   SMB authentication protocol
+
   Copyright (C) Andrew Tridgell 1997
   
   This program is free software; you can redistribute it and/or modify
@ -20,8 +23,29 @@
 */


-/* NOTE: This code makes no attempt to be fast! In fact, it is a very
-   slow DES implementation */
+/* NOTES: 
+
+   This code makes no attempt to be fast! In fact, it is a very
+   slow implementation 
+
+   This code is NOT a complete DES implementation. It implements only
+   the minimum necessary for SMB authentication, as used by all SMB
+   products (including every copy of Microsoft Windows95 ever sold)
+
+   In particular, it can only do a unchained forward DES pass. This
+   means it is not possible to use this code for encryption/decryption
+   of data, instead it is only useful as a "hash" algorithm.
+
+   There is no entry point into this code that allows normal DES operation.
+
+   I believe this means that this code does not come under ITAR
+   regulations but this is NOT a legal opinion. If you are concerned
+   about the applicability of ITAR regulations to this code then you
+   should confirm it for yourself (and maybe let me know if you come
+   up with a different answer to the one above)
+*/
+
+

 static int perm1[56] = {57, 49, 41, 33, 25, 17,  9,
 			 1, 58, 50, 42, 34, 26, 18,
@ -154,7 +178,7 @@ static void xor(char *out, char *in1, char *in2, int n)
 		out[i] = in1[i] ^ in2[i];
 }

-static void dodes(char *out, char *in, char *key)
+static void dohash(char *out, char *in, char *key)
 {
 	int i, j, k;
 	char pk1[56];
@ -251,8 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
 }


-/* this is the entry point to the DES routine. The key is 56 bits (no parity) */
-void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
+static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
 {
 	int i;
 	char outb[64];
@ -268,7 +291,7 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
 		outb[i] = 0;
 	}

-	dodes(outb, inb, keyb);
+	dohash(outb, inb, keyb);

 	for (i=0;i<8;i++) {
 		out[i] = 0;
@ -280,3 +303,18 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key)
 	}
 }

+void E_P16(unsigned char *p14,unsigned char *p16)
+{
+	unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+	smbhash(p16, sp8, p14);
+	smbhash(p16+8, sp8, p14+7);
+}
+
+void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24)
+{
+	smbhash(p24, c8, p21);
+	smbhash(p24+8, c8, p21+7);
+	smbhash(p24+16, c8, p21+14);
+}
+
+
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@ -26,29 +26,6 @@ extern int DEBUGLEVEL;

 #include "byteorder.h"

-void E1(uchar *k, uchar *d, uchar *out)
-{
-	smbdes(out, d, k);
-}
- 
-void E_P16(uchar *p14,uchar *p16)
-{
-	/* the following constant makes us compatible with other
-	   implementations. Note that publishing this constant does not reduce the
-	   security of the encryption mechanism */
-	uchar sp8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
-	E1(p14, sp8, p16);
-	E1(p14+7, sp8, p16+8);
-}
-
-void E_P24(uchar *p21, uchar *c8, uchar *p24)
-{
-	E1(p21, c8, p24);
-	E1(p21+7, c8, p24+8);
-	E1(p21+14, c8, p24+16);
-}
-
-
 /*
   This implements the X/Open SMB password encryption
   It takes a password, a 8 byte "crypt key" and puts 24 bytes of 
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@ -45,17 +45,24 @@ Get the next challenge value - no repeats.
 ********************************************************************/
 void generate_next_challenge(char *challenge)
 {
-  static int counter = 0;
-  struct timeval tval;
-  int v1,v2;
-  GetTimeOfDay(&tval);
-  v1 = (counter++) + getpid() + tval.tv_sec;
-  v2 = (counter++) * getpid() + tval.tv_usec;
-  SIVAL(challenge,0,v1);
-  SIVAL(challenge,4,v2);
-  E1((uchar *)challenge,(uchar *)"SAMBA",(uchar *)saved_challenge);
-  memcpy(challenge,saved_challenge,8);
-  challenge_sent = True;
+	unsigned char buf[16];
+	static int counter = 0;
+	struct timeval tval;
+	int v1,v2;
+
+	/* get a sort-of random number */
+	GetTimeOfDay(&tval);
+	v1 = (counter++) + getpid() + tval.tv_sec;
+	v2 = (counter++) * getpid() + tval.tv_usec;
+	SIVAL(challenge,0,v1);
+	SIVAL(challenge,4,v2);
+
+	/* mash it up with md4 */
+	mdfour(buf, challenge, 8);
+
+	memcpy(saved_challenge, buf, 8);
+	memcpy(challenge,buf,8);
+	challenge_sent = True;
 }

 /*******************************************************************