Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 8bee54d0754f1d17ae4b7f4f4ed610d47b8ee3c9..09c054a1e3ba1ef5d1eeb730d6b7e2cb7b59edde 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -330,8 +330,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
          lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \
          lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \
          lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
-         ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o lib/arc4.o lib/iconv.o \
-         lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
+         ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
+         lib/iconv.o lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
          lib/adt_tree.o lib/gencache.o \
          lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
          lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 79495a7ecf678f8175703f6c6d28060e2e63e1a8..0417a7e01c000366b5c613ff64ff776923efa5e7 100644 (file)
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -687,6 +687,7 @@ typedef char fstring[FSTRING_LEN];
 #include "msdfs.h"
 #include "rap.h"
 #include "../lib/crypto/md5.h"
+#include "../lib/crypto/arcfour.h"
 #include "../lib/crypto/crc32.h"
 #include "../lib/crypto/hmacmd5.h"
 #include "ntlmssp.h"

diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 3fb41c56131d299bc7ff245d561cfd0efc0f7c93..b014b2170c7f3b1700412ea22216118886bc6414 100644 (file)
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -157,14 +157,14 @@ typedef struct ntlmssp_state
        unsigned char recv_sign_key[16];
        unsigned char recv_seal_key[16];
 
-       unsigned char send_seal_arc4_state[258];
-       unsigned char recv_seal_arc4_state[258];
+       struct arcfour_state send_seal_arc4_state;
+       struct arcfour_state recv_seal_arc4_state;
 
        uint32 ntlm2_send_seq_num;
        uint32 ntlm2_recv_seq_num;
 
        /* ntlmv1 */
-       unsigned char ntlmv1_arc4_state[258];
+       struct arcfour_state ntlmv1_arc4_state;
        uint32 ntlmv1_seq_num;
 
        /* it turns out that we don't always get the

diff --git a/source3/include/proto.h b/source3/include/proto.h
index fc497b69661c71857968e5f64f0c380547a5acd0..3df87a6c346d7682d885931f1de5630bd331739b 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -315,11 +315,6 @@ int afs_syscall( int subcall,
 bool afs_settoken_str(const char *token_string);
 bool afs_settoken_str(const char *token_string);
 
-/* The following definitions come from lib/arc4.c  */
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen);
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len);
-
 /* The following definitions come from lib/audit.c  */
 
 const char *audit_category_str(uint32 category);

diff --git a/source3/lib/arc4.c b/source3/lib/arc4.c
deleted file mode 100644 (file)
index af2564b..0000000
--- a/source3/lib/arc4.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   An implementation of arc4.
-
-   Copyright (C) Jeremy Allison 2005.
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/*****************************************************************
- Initialize state for an arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen)
-{
-       size_t ind;
-       unsigned char j = 0;
-
-       for (ind = 0; ind < 256; ind++) {
-               arc4_state_out[ind] = (unsigned char)ind;
-       }
-
-       for( ind = 0; ind < 256; ind++) {
-               unsigned char tc;
-
-               j += (arc4_state_out[ind] + key[ind%keylen]);
-
-               tc = arc4_state_out[ind];
-               arc4_state_out[ind] = arc4_state_out[j];
-               arc4_state_out[j] = tc;
-       }
-       arc4_state_out[256] = 0;
-       arc4_state_out[257] = 0;
-}
-
-/*****************************************************************
- Do the arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len)
-{
-       unsigned char index_i = arc4_state_inout[256];
-       unsigned char index_j = arc4_state_inout[257];
-        size_t ind;
-
-       for( ind = 0; ind < len; ind++) {
-               unsigned char tc;
-               unsigned char t;
-
-               index_i++;
-               index_j += arc4_state_inout[index_i];
-
-               tc = arc4_state_inout[index_i];
-               arc4_state_inout[index_i] = arc4_state_inout[index_j];
-               arc4_state_inout[index_j] = tc;
-
-               t = arc4_state_inout[index_i] + arc4_state_inout[index_j];
-               data[ind] = data[ind] ^ arc4_state_inout[t];
-       }
-
-       arc4_state_inout[256] = index_i;
-       arc4_state_inout[257] = index_j;
-}

diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
index 4590b812c58271c85c820b456f6ef26084f1860e..57314c55df112bbbe0d57aecbc1c4d2825ea086a 100644 (file)
--- a/source3/lib/genrand.c
+++ b/source3/lib/genrand.c
@@ -21,7 +21,7 @@
 
 #include "includes.h"
 
-static unsigned char smb_arc4_state[258];
+static struct arcfour_state smb_arc4_state;
 static uint32 counter;
 
 static bool done_reseed = False;
@@ -89,6 +89,7 @@ static void do_filehash(const char *fname, unsigned char *the_hash)
 static int do_reseed(bool use_fd, int fd)
 {
        unsigned char seed_inbuf[40];
+       DATA_BLOB seed_blob = { seed_inbuf, 40 };
        uint32 v1, v2; struct timeval tval; pid_t mypid;
        struct passwd *pw;
        int reseed_data = 0;
@@ -146,7 +147,7 @@ static int do_reseed(bool use_fd, int fd)
                        seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)];
        }
 
-       smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf));
+       arcfour_init(&smb_arc4_state, &seed_blob);
 
        return -1;
 }
@@ -190,7 +191,7 @@ void generate_random_buffer( unsigned char *out, int len)
        while(len > 0) {
                int copy_len = len > 16 ? 16 : len;
 
-               smb_arc4_crypt(smb_arc4_state, md4_buf, sizeof(md4_buf));
+               arcfour_crypt_sbox(&smb_arc4_state, md4_buf, sizeof(md4_buf));
                mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
                memcpy(p, tmp_buf, copy_len);
                p += copy_len;

diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 1abdf61b7f9e2a4e58cc4416d9e1cd851f3bd480..d3d358d33267f05b12430cd7deeb1a67dbb38a93 100644 (file)
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -35,6 +35,12 @@
  *
  */
 
+static void dump_arc4_state(const char *description, 
+                           struct arcfour_state *state)
+{
+       dump_data_pw(description, state->sbox, sizeof(state->sbox));
+}
+
 static void calc_ntlmv2_key(unsigned char subkey[16],
                                DATA_BLOB session_key,
                                const char *constant)
@@ -101,10 +107,10 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
                if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
                        switch (direction) {
                        case NTLMSSP_SEND:
-                               smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state,  digest, 8);
+                               arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8);
                                break;
                        case NTLMSSP_RECEIVE:
-                               smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state,  digest, 8);
+                               arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8);
                                break;
                        }
                }
@@ -124,9 +130,8 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
                
                ntlmssp_state->ntlmv1_seq_num++;
 
-               dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state,
-                            sizeof(ntlmssp_state->ntlmv1_arc4_state));
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+               dump_arc4_state("ntlmssp hash: \n", &ntlmssp_state->ntlmv1_arc4_state);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
        }
        return NT_STATUS_OK;
 }
@@ -259,9 +264,9 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
                        return nt_status;
                }
 
-               smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length);
                if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
-                       smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
+                       arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
                }
        } else {
                uint32 crc;
@@ -274,14 +279,14 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
                   then seal the sequence number - this is becouse the ntlmv1_arc4_state is not
                   constant, but is is rather updated with each iteration */
                
-               dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
-                            sizeof(ntlmssp_state->ntlmv1_arc4_state));
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+               dump_arc4_state("ntlmv1 arc4 state:\n", 
+                                               &ntlmssp_state->ntlmv1_arc4_state);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
 
-               dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
-                            sizeof(ntlmssp_state->ntlmv1_arc4_state));
+               dump_arc4_state("ntlmv1 arc4 state:\n", 
+                                               &ntlmssp_state->ntlmv1_arc4_state);
 
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
 
                ntlmssp_state->ntlmv1_seq_num++;
        }
@@ -311,10 +316,10 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
 
        if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
                /* First unseal the data. */
-               smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length);
                dump_data_pw("ntlmv2 clear data\n", data, length);
        } else {
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
                dump_data_pw("ntlmv1 clear data\n", data, length);
        }
        return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
@@ -349,6 +354,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
                const char *send_seal_const;
                const char *recv_sign_const;
                const char *recv_seal_const;
+               DATA_BLOB send_seal_key_blob, recv_seal_blob;
 
                switch (ntlmssp_state->role) {
                case NTLMSSP_CLIENT:
@@ -397,12 +403,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
                dump_data_pw("NTLMSSP send seal key:\n",
                                ntlmssp_state->send_seal_key, 16);
 
-               smb_arc4_init(ntlmssp_state->send_seal_arc4_state,
-                               ntlmssp_state->send_seal_key, 16);
+               send_seal_key_blob.data = ntlmssp_state->send_seal_key;
+               send_seal_key_blob.length = 16;
+               arcfour_init(&ntlmssp_state->send_seal_arc4_state, 
+                            &send_seal_key_blob);
 
-               dump_data_pw("NTLMSSP send seal arc4 state:\n", 
-                            ntlmssp_state->send_seal_arc4_state, 
-                            sizeof(ntlmssp_state->send_seal_arc4_state));
+               dump_arc4_state("NTLMSSP send seal arc4 state:\n", 
+                            &ntlmssp_state->send_seal_arc4_state);
 
                /* RECV: sign key */
                calc_ntlmv2_key(ntlmssp_state->recv_sign_key,
@@ -417,12 +424,13 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
                dump_data_pw("NTLMSSP recv seal key:\n",
                                ntlmssp_state->recv_seal_key, 16);
                                
-               smb_arc4_init(ntlmssp_state->recv_seal_arc4_state,
-                               ntlmssp_state->recv_seal_key, 16);
+               recv_seal_blob.data = ntlmssp_state->recv_seal_key;
+               recv_seal_blob.length = 16;
+               arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
+                               &recv_seal_blob);
 
-               dump_data_pw("NTLMSSP recv seal arc4 state:\n", 
-                            ntlmssp_state->recv_seal_arc4_state, 
-                            sizeof(ntlmssp_state->recv_seal_arc4_state));
+               dump_arc4_state("NTLMSSP recv seal arc4 state:\n", 
+                            &ntlmssp_state->recv_seal_arc4_state);
 
                ntlmssp_state->ntlm2_send_seq_num = 0;
                ntlmssp_state->ntlm2_recv_seq_num = 0;
@@ -454,11 +462,11 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
 
                DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
 
-               smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state,
-                             weak_session_key.data, weak_session_key.length);
+               arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, 
+                            &weak_session_key);
 
-                dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
-                               sizeof(ntlmssp_state->ntlmv1_arc4_state));
+                dump_arc4_state("NTLMv1 arc4 state:\n", 
+                               &ntlmssp_state->ntlmv1_arc4_state);
 
                ntlmssp_state->ntlmv1_seq_num = 0;
        }

diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 98d5cd05b7e1c9c8eabf7c8bbab6ea3b12ad0775..76779e2d27b3ba23c7c9aa2e94116d46dd38551b 100644 (file)
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -388,18 +388,19 @@ void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned
 
 void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len)
 {
-       unsigned char arc4_state[258];
+       struct arcfour_state arc4_state;
+       DATA_BLOB keyblob = { key, 16 };
 
-       smb_arc4_init(arc4_state, key, 16);
-       smb_arc4_crypt(arc4_state, data, len);
+       arcfour_init(&arc4_state, &keyblob);
+       arcfour_crypt_sbox(&arc4_state, data, len);
 }
 
 void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key)
 {
-       unsigned char arc4_state[258];
+       struct arcfour_state arc4_state;
 
-       smb_arc4_init(arc4_state, key->data, key->length);
-       smb_arc4_crypt(arc4_state, data, len);
+       arcfour_init(&arc4_state, key);
+       arcfour_crypt_sbox(&arc4_state, data, len);
 }
 
 /* Decode a sam password hash into a password.  The password hash is the