+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- An implementation of arc4.
-
- Copyright (C) Jeremy Allison 2005.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/*****************************************************************
- Initialize state for an arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen)
-{
- size_t ind;
- unsigned char j = 0;
-
- for (ind = 0; ind < 256; ind++) {
- arc4_state_out[ind] = (unsigned char)ind;
- }
-
- for( ind = 0; ind < 256; ind++) {
- unsigned char tc;
-
- j += (arc4_state_out[ind] + key[ind%keylen]);
-
- tc = arc4_state_out[ind];
- arc4_state_out[ind] = arc4_state_out[j];
- arc4_state_out[j] = tc;
- }
- arc4_state_out[256] = 0;
- arc4_state_out[257] = 0;
-}
-
-/*****************************************************************
- Do the arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len)
-{
- unsigned char index_i = arc4_state_inout[256];
- unsigned char index_j = arc4_state_inout[257];
- size_t ind;
-
- for( ind = 0; ind < len; ind++) {
- unsigned char tc;
- unsigned char t;
-
- index_i++;
- index_j += arc4_state_inout[index_i];
-
- tc = arc4_state_inout[index_i];
- arc4_state_inout[index_i] = arc4_state_inout[index_j];
- arc4_state_inout[index_j] = tc;
-
- t = arc4_state_inout[index_i] + arc4_state_inout[index_j];
- data[ind] = data[ind] ^ arc4_state_inout[t];
- }
-
- arc4_state_inout[256] = index_i;
- arc4_state_inout[257] = index_j;
-}
*
*/
+static void dump_arc4_state(const char *description,
+ struct arcfour_state *state)
+{
+ dump_data_pw(description, state->sbox, sizeof(state->sbox));
+}
+
static void calc_ntlmv2_key(unsigned char subkey[16],
DATA_BLOB session_key,
const char *constant)
if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
switch (direction) {
case NTLMSSP_SEND:
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, digest, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8);
break;
case NTLMSSP_RECEIVE:
- smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, digest, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8);
break;
}
}
ntlmssp_state->ntlmv1_seq_num++;
- dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state,
- sizeof(ntlmssp_state->ntlmv1_arc4_state));
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+ dump_arc4_state("ntlmssp hash: \n", &ntlmssp_state->ntlmv1_arc4_state);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
}
return NT_STATUS_OK;
}
return nt_status;
}
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
- smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
+ arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
}
} else {
uint32 crc;
then seal the sequence number - this is becouse the ntlmv1_arc4_state is not
constant, but is is rather updated with each iteration */
- dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
- sizeof(ntlmssp_state->ntlmv1_arc4_state));
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+ dump_arc4_state("ntlmv1 arc4 state:\n",
+ &ntlmssp_state->ntlmv1_arc4_state);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
- dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
- sizeof(ntlmssp_state->ntlmv1_arc4_state));
+ dump_arc4_state("ntlmv1 arc4 state:\n",
+ &ntlmssp_state->ntlmv1_arc4_state);
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
ntlmssp_state->ntlmv1_seq_num++;
}
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
/* First unseal the data. */
- smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length);
dump_data_pw("ntlmv2 clear data\n", data, length);
} else {
- smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+ arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
dump_data_pw("ntlmv1 clear data\n", data, length);
}
return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
const char *send_seal_const;
const char *recv_sign_const;
const char *recv_seal_const;
+ DATA_BLOB send_seal_key_blob, recv_seal_blob;
switch (ntlmssp_state->role) {
case NTLMSSP_CLIENT:
dump_data_pw("NTLMSSP send seal key:\n",
ntlmssp_state->send_seal_key, 16);
- smb_arc4_init(ntlmssp_state->send_seal_arc4_state,
- ntlmssp_state->send_seal_key, 16);
+ send_seal_key_blob.data = ntlmssp_state->send_seal_key;
+ send_seal_key_blob.length = 16;
+ arcfour_init(&ntlmssp_state->send_seal_arc4_state,
+ &send_seal_key_blob);
- dump_data_pw("NTLMSSP send seal arc4 state:\n",
- ntlmssp_state->send_seal_arc4_state,
- sizeof(ntlmssp_state->send_seal_arc4_state));
+ dump_arc4_state("NTLMSSP send seal arc4 state:\n",
+ &ntlmssp_state->send_seal_arc4_state);
/* RECV: sign key */
calc_ntlmv2_key(ntlmssp_state->recv_sign_key,
dump_data_pw("NTLMSSP recv seal key:\n",
ntlmssp_state->recv_seal_key, 16);
- smb_arc4_init(ntlmssp_state->recv_seal_arc4_state,
- ntlmssp_state->recv_seal_key, 16);
+ recv_seal_blob.data = ntlmssp_state->recv_seal_key;
+ recv_seal_blob.length = 16;
+ arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
+ &recv_seal_blob);
- dump_data_pw("NTLMSSP recv seal arc4 state:\n",
- ntlmssp_state->recv_seal_arc4_state,
- sizeof(ntlmssp_state->recv_seal_arc4_state));
+ dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
+ &ntlmssp_state->recv_seal_arc4_state);
ntlmssp_state->ntlm2_send_seq_num = 0;
ntlmssp_state->ntlm2_recv_seq_num = 0;
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
- smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state,
- weak_session_key.data, weak_session_key.length);
+ arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
+ &weak_session_key);
- dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
- sizeof(ntlmssp_state->ntlmv1_arc4_state));
+ dump_arc4_state("NTLMv1 arc4 state:\n",
+ &ntlmssp_state->ntlmv1_arc4_state);
ntlmssp_state->ntlmv1_seq_num = 0;
}