Use common arcfour implementation.
authorJelmer Vernooij <jelmer@samba.org>
Wed, 24 Sep 2008 14:04:43 +0000 (16:04 +0200)
committerJelmer Vernooij <jelmer@samba.org>
Wed, 24 Sep 2008 14:04:43 +0000 (16:04 +0200)
lib/crypto/arcfour.c
lib/crypto/arcfour.h [new file with mode: 0644]
lib/crypto/crypto.h
source3/Makefile.in
source3/include/includes.h
source3/include/ntlmssp.h
source3/include/proto.h
source3/lib/arc4.c [deleted file]
source3/lib/genrand.c
source3/libsmb/ntlmssp_sign.c
source3/libsmb/smbdes.c

index 94196fa..c57e05d 100644 (file)
@@ -20,7 +20,7 @@
 */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/arcfour.h"
 
 /* initialise the arcfour sbox with key */
 _PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key) 
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
new file mode 100644 (file)
index 0000000..501b3f2
--- /dev/null
@@ -0,0 +1,15 @@
+#ifndef ARCFOUR_HEADER_H
+#define ARCFOUR_HEADER_H
+
+struct arcfour_state {
+       uint8_t sbox[256];
+       uint8_t index_i;
+       uint8_t index_j;
+};
+
+void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
+void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
+void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
+void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
+
+#endif /* ARCFOUR_HEADER_H */
index 9cb16ad..0a43cbe 100644 (file)
 #include "../lib/crypto/hmacmd5.h"
 #include "../lib/crypto/sha256.h"
 #include "../lib/crypto/hmacsha256.h"
+#include "../lib/crypto/arcfour.h"
 
-struct arcfour_state {
-       uint8_t sbox[256];
-       uint8_t index_i;
-       uint8_t index_j;
-};
-
-void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
-void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
-void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
-void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
 
index 20adeeb..d48e597 100644 (file)
@@ -328,8 +328,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
          lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \
          lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \
          lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
-         ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o lib/arc4.o lib/iconv.o \
-         lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
+         ../lib/crypto/md5.o ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
+         lib/iconv.o lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
          lib/adt_tree.o lib/gencache.o \
          lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
          lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
index de50eab..25135d7 100644 (file)
@@ -687,6 +687,7 @@ typedef char fstring[FSTRING_LEN];
 #include "msdfs.h"
 #include "rap.h"
 #include "../lib/crypto/md5.h"
+#include "../lib/crypto/arcfour.h"
 #include "../lib/crypto/hmacmd5.h"
 #include "ntlmssp.h"
 #include "auth.h"
index 3fb41c5..b014b21 100644 (file)
@@ -157,14 +157,14 @@ typedef struct ntlmssp_state
        unsigned char recv_sign_key[16];
        unsigned char recv_seal_key[16];
 
-       unsigned char send_seal_arc4_state[258];
-       unsigned char recv_seal_arc4_state[258];
+       struct arcfour_state send_seal_arc4_state;
+       struct arcfour_state recv_seal_arc4_state;
 
        uint32 ntlm2_send_seq_num;
        uint32 ntlm2_recv_seq_num;
 
        /* ntlmv1 */
-       unsigned char ntlmv1_arc4_state[258];
+       struct arcfour_state ntlmv1_arc4_state;
        uint32 ntlmv1_seq_num;
 
        /* it turns out that we don't always get the
index a5f43aa..ad7350c 100644 (file)
@@ -312,11 +312,6 @@ int afs_syscall( int subcall,
 bool afs_settoken_str(const char *token_string);
 bool afs_settoken_str(const char *token_string);
 
-/* The following definitions come from lib/arc4.c  */
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen);
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len);
-
 /* The following definitions come from lib/audit.c  */
 
 const char *audit_category_str(uint32 category);
diff --git a/source3/lib/arc4.c b/source3/lib/arc4.c
deleted file mode 100644 (file)
index af2564b..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   An implementation of arc4.
-
-   Copyright (C) Jeremy Allison 2005.
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/*****************************************************************
- Initialize state for an arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_init(unsigned char arc4_state_out[258], const unsigned char *key, size_t keylen)
-{
-       size_t ind;
-       unsigned char j = 0;
-
-       for (ind = 0; ind < 256; ind++) {
-               arc4_state_out[ind] = (unsigned char)ind;
-       }
-
-       for( ind = 0; ind < 256; ind++) {
-               unsigned char tc;
-
-               j += (arc4_state_out[ind] + key[ind%keylen]);
-
-               tc = arc4_state_out[ind];
-               arc4_state_out[ind] = arc4_state_out[j];
-               arc4_state_out[j] = tc;
-       }
-       arc4_state_out[256] = 0;
-       arc4_state_out[257] = 0;
-}
-
-/*****************************************************************
- Do the arc4 crypt/decrpyt.
- arc4 state is 258 bytes - last 2 bytes are the index bytes.
-*****************************************************************/
-
-void smb_arc4_crypt(unsigned char arc4_state_inout[258], unsigned char *data, size_t len)
-{
-       unsigned char index_i = arc4_state_inout[256];
-       unsigned char index_j = arc4_state_inout[257];
-        size_t ind;
-
-       for( ind = 0; ind < len; ind++) {
-               unsigned char tc;
-               unsigned char t;
-
-               index_i++;
-               index_j += arc4_state_inout[index_i];
-
-               tc = arc4_state_inout[index_i];
-               arc4_state_inout[index_i] = arc4_state_inout[index_j];
-               arc4_state_inout[index_j] = tc;
-
-               t = arc4_state_inout[index_i] + arc4_state_inout[index_j];
-               data[ind] = data[ind] ^ arc4_state_inout[t];
-       }
-
-       arc4_state_inout[256] = index_i;
-       arc4_state_inout[257] = index_j;
-}
index 4590b81..57314c5 100644 (file)
@@ -21,7 +21,7 @@
 
 #include "includes.h"
 
-static unsigned char smb_arc4_state[258];
+static struct arcfour_state smb_arc4_state;
 static uint32 counter;
 
 static bool done_reseed = False;
@@ -89,6 +89,7 @@ static void do_filehash(const char *fname, unsigned char *the_hash)
 static int do_reseed(bool use_fd, int fd)
 {
        unsigned char seed_inbuf[40];
+       DATA_BLOB seed_blob = { seed_inbuf, 40 };
        uint32 v1, v2; struct timeval tval; pid_t mypid;
        struct passwd *pw;
        int reseed_data = 0;
@@ -146,7 +147,7 @@ static int do_reseed(bool use_fd, int fd)
                        seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)];
        }
 
-       smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf));
+       arcfour_init(&smb_arc4_state, &seed_blob);
 
        return -1;
 }
@@ -190,7 +191,7 @@ void generate_random_buffer( unsigned char *out, int len)
        while(len > 0) {
                int copy_len = len > 16 ? 16 : len;
 
-               smb_arc4_crypt(smb_arc4_state, md4_buf, sizeof(md4_buf));
+               arcfour_crypt_sbox(&smb_arc4_state, md4_buf, sizeof(md4_buf));
                mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
                memcpy(p, tmp_buf, copy_len);
                p += copy_len;
index 8413c80..4db5141 100644 (file)
@@ -101,10 +101,10 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
                if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
                        switch (direction) {
                        case NTLMSSP_SEND:
-                               smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state,  digest, 8);
+                               arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, digest, 8);
                                break;
                        case NTLMSSP_RECEIVE:
-                               smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state,  digest, 8);
+                               arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, digest, 8);
                                break;
                        }
                }
@@ -126,7 +126,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 
                dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state,
                             sizeof(ntlmssp_state->ntlmv1_arc4_state));
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
        }
        return NT_STATUS_OK;
 }
@@ -259,9 +259,9 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
                        return nt_status;
                }
 
-               smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, data, length);
                if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
-                       smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
+                       arcfour_crypt_sbox(&ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
                }
        } else {
                uint32 crc;
@@ -276,12 +276,12 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
                
                dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
                             sizeof(ntlmssp_state->ntlmv1_arc4_state));
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
 
                dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
                             sizeof(ntlmssp_state->ntlmv1_arc4_state));
 
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
 
                ntlmssp_state->ntlmv1_seq_num++;
        }
@@ -311,10 +311,10 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
 
        if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
                /* First unseal the data. */
-               smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->recv_seal_arc4_state, data, length);
                dump_data_pw("ntlmv2 clear data\n", data, length);
        } else {
-               smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
+               arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
                dump_data_pw("ntlmv1 clear data\n", data, length);
        }
        return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
@@ -397,7 +397,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
                dump_data_pw("NTLMSSP send seal key:\n",
                                ntlmssp_state->send_seal_key, 16);
 
-               smb_arc4_init(ntlmssp_state->send_seal_arc4_state,
+               arcfour_init(&ntlmssp_state->send_seal_arc4_state,
                                ntlmssp_state->send_seal_key, 16);
 
                dump_data_pw("NTLMSSP send seal arc4 state:\n", 
@@ -417,7 +417,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
                dump_data_pw("NTLMSSP recv seal key:\n",
                                ntlmssp_state->recv_seal_key, 16);
                                
-               smb_arc4_init(ntlmssp_state->recv_seal_arc4_state,
+               arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
                                ntlmssp_state->recv_seal_key, 16);
 
                dump_data_pw("NTLMSSP recv seal arc4 state:\n", 
@@ -454,7 +454,7 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
 
                DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
 
-               smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state,
+               arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
                              weak_session_key.data, weak_session_key.length);
 
                 dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
index 98d5cd0..4869fc5 100644 (file)
@@ -388,18 +388,18 @@ void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned
 
 void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len)
 {
-       unsigned char arc4_state[258];
+       struct arcfour_state arc4_state;
 
-       smb_arc4_init(arc4_state, key, 16);
-       smb_arc4_crypt(arc4_state, data, len);
+       arcfour_init(&arc4_state, key, 16);
+       arcfour_crypt_sbox(&arc4_state, data, len);
 }
 
 void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key)
 {
-       unsigned char arc4_state[258];
+       struct arcfour_state arc4_state;
 
-       smb_arc4_init(arc4_state, key->data, key->length);
-       smb_arc4_crypt(arc4_state, data, len);
+       arcfour_init(&arc4_state, key);
+       arcfour_crypt_sbox(&arc4_state, data, len);
 }
 
 /* Decode a sam password hash into a password.  The password hash is the