sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code

s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()

Browse Source 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2010-01-08 13:58:42 -07:00 committed by Günther Deschner
parent 00f99a3df5
commit a69260642e
2 changed files with 10 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source4/auth/ntlmssp/ntlmssp.h
View File

@ -138,8 +138,8 @@ struct ntlmssp_state
struct {
uint32_t send_seq_num;
uint32_t recv_seq_num;
DATA_BLOB send_sign_key;
DATA_BLOB recv_sign_key;
uint8_t send_sign_key[16];
uint8_t recv_sign_key[16];
struct arcfour_state *send_seal_arcfour_state;
struct arcfour_state *recv_seal_arcfour_state;
} ntlm2;

35
source4/auth/ntlmssp/ntlmssp_sign.c
View File

@ -40,19 +40,6 @@
*
*/
static void calc_ntlmv2_key_talloc(TALLOC_CTX *mem_ctx,
DATA_BLOB *subkey,
DATA_BLOB session_key,
const char *constant)
{
struct MD5Context ctx3;
*subkey = data_blob_talloc(mem_ctx, NULL, 16);
MD5Init(&ctx3);
MD5Update(&ctx3, session_key.data, session_key.length);
MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
MD5Final(subkey->data, &ctx3);
}
static void calc_ntlmv2_key(uint8_t subkey[16],
DATA_BLOB session_key,
const char *constant)
@ -90,14 +77,12 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
case NTLMSSP_SEND:
SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.send_seq_num);
ntlmssp_state->crypt.ntlm2.send_seq_num++;
hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key.data,
ntlmssp_state->crypt.ntlm2.send_sign_key.length, &ctx);
hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key, 16, &ctx);
break;
case NTLMSSP_RECEIVE:
SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.recv_seq_num);
ntlmssp_state->crypt.ntlm2.recv_seq_num++;
hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
ntlmssp_state->crypt.ntlm2.recv_sign_key.length, &ctx);
hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key, 16, &ctx);
break;
}
hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
@ -427,12 +412,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
weak_session_key.length);
/* SEND: sign key */
calc_ntlmv2_key_talloc(ntlmssp_state,
&ntlmssp_state->crypt.ntlm2.send_sign_key,
calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.send_sign_key,
ntlmssp_state->session_key, send_sign_const);
dump_data_pw("NTLMSSP send sign key:\n",
ntlmssp_state->crypt.ntlm2.send_sign_key.data,
ntlmssp_state->crypt.ntlm2.send_sign_key.length);
ntlmssp_state->crypt.ntlm2.send_sign_key, 16);
/* SEND: seal ARCFOUR pad */
calc_ntlmv2_key(send_seal_key,
@ -450,12 +433,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
ntlmssp_state->crypt.ntlm2.send_seq_num = 0;
/* RECV: sign key */
calc_ntlmv2_key_talloc(ntlmssp_state,
&ntlmssp_state->crypt.ntlm2.recv_sign_key,
calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.recv_sign_key,
ntlmssp_state->session_key, recv_sign_const);
dump_data_pw("NTLMSSP recv sign key:\n",
ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
ntlmssp_state->crypt.ntlm2.recv_sign_key.length);
ntlmssp_state->crypt.ntlm2.recv_sign_key, 16);
/* RECV: seal ARCFOUR pad */
calc_ntlmv2_key(recv_seal_key,
@ -715,7 +696,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
ntlm2_seqnum_r = ntlmssp_state->crypt.ntlm2.recv_seq_num;
ntlm2_state_r = *ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state;
memcpy(ntlm2_key_r,
ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
ntlmssp_state->crypt.ntlm2.recv_sign_key,
16);
} else {
ntlm_seqnum = ntlmssp_state->crypt.ntlm.seq_num;
@ -737,7 +718,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
ntlmssp_state->crypt.ntlm2.recv_seq_num = ntlm2_seqnum_r;
*ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state = ntlm2_state_r;
memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key,
ntlm2_key_r, 16);
} else {
ntlmssp_state->crypt.ntlm.seq_num = ntlm_seqnum;