/***********************************************************************
the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/
-void hmac_md5_init_rfc2104(uchar* key, int key_len, HMACMD5Context *ctx)
+
+void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx)
{
int i;
/* if key is longer than 64 bytes reset it to key=MD5(key) */
- if (key_len > 64)
- {
- uchar tk[16];
+ if (key_len > 64) {
+ unsigned char tk[16];
struct MD5Context tctx;
MD5Init(&tctx);
memcpy( ctx->k_opad, key, key_len);
/* XOR key with ipad and opad values */
- for (i=0; i<64; i++)
- {
+ for (i=0; i<64; i++) {
ctx->k_ipad[i] ^= 0x36;
ctx->k_opad[i] ^= 0x5c;
}
/***********************************************************************
the microsoft version of hmac_md5 initialisation.
***********************************************************************/
-void hmac_md5_init_limK_to_64(const uchar* key, int key_len,
+
+void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,
HMACMD5Context *ctx)
{
int i;
/* if key is longer than 64 bytes truncate it */
- if (key_len > 64)
- {
+ if (key_len > 64) {
key_len = 64;
}
/***********************************************************************
update hmac_md5 "inner" buffer
***********************************************************************/
-void hmac_md5_update(const uchar* text, int text_len, HMACMD5Context *ctx)
+
+void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx)
{
MD5Update(&ctx->ctx, text, text_len); /* then text of datagram */
}
/***********************************************************************
finish off hmac_md5 "inner" buffer and generate outer one.
***********************************************************************/
-void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
+void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx)
{
struct MD5Context ctx_o;
single function to calculate an HMAC MD5 digest from data.
use the microsoft hmacmd5 init method because the key is 16 bytes.
************************************************************/
-void hmac_md5( uchar key[16], uchar* data, int data_len, uchar* digest)
+
+void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest)
{
HMACMD5Context ctx;
hmac_md5_init_limK_to_64(key, 16, &ctx);
Represent a credential as a string.
****************************************************************************/
-char *credstr(const uchar *cred)
+char *credstr(const unsigned char *cred)
{
static fstring buf;
slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
return buf;
}
+/****************************************************************************
+ Setup the session key and the client and server creds in dc.
+ ADS-style 128 bit session keys.
+ Used by both client and server creds setup.
+****************************************************************************/
+
+static void creds_init_128(struct dcinfo *dc,
+ const DOM_CHAL *clnt_chal_in,
+ const DOM_CHAL *srv_chal_in,
+ const char mach_pw[16])
+{
+ unsigned char zero[4], tmp[16];
+ HMACMD5Context ctx;
+ struct MD5Context md5;
+
+ /* Just in case this isn't already there */
+ memcpy(dc->mach_pw, mach_pw, 16);
+
+ ZERO_STRUCT(dc->sess_key);
+
+ memset(zero, 0, sizeof(zero));
+
+ hmac_md5_init_rfc2104(mach_pw, 16, &ctx);
+ MD5Init(&md5);
+ MD5Update(&md5, zero, sizeof(zero));
+ MD5Update(&md5, clnt_chal_in->data, 8);
+ MD5Update(&md5, srv_chal_in->data, 8);
+ MD5Final(tmp, &md5);
+ hmac_md5_update(tmp, sizeof(tmp), &ctx);
+ hmac_md5_final(dc->sess_key, &ctx);
+
+ /* debug output */
+ DEBUG(5,("creds_init_128\n"));
+ DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
+ DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data)));
+ dump_data_pw("\tsession_key ", (const unsigned char *)dc->sess_key, 16);
+
+ /* Generate the next client and server creds. */
+
+ des_crypt112(dc->clnt_chal.data, /* output */
+ clnt_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ des_crypt112(dc->srv_chal.data, /* output */
+ srv_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ /* Seed is the client chal. */
+ memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
+}
/****************************************************************************
Setup the session key and the client and server creds in dc.
/* debug output */
DEBUG(5,("creds_init_64\n"));
- DEBUG(5,(" clnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
- DEBUG(5,(" srv_chal_in : %s\n", credstr(srv_chal_in->data)));
- DEBUG(5,(" clnt+srv : %s\n", credstr(sum2)));
- DEBUG(5,(" sess_key_out : %s\n", credstr(dc->sess_key)));
+ DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
+ DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data)));
+ DEBUG(5,("\tclnt+srv : %s\n", credstr(sum2)));
+ DEBUG(5,("\tsess_key_out : %s\n", credstr(dc->sess_key)));
/* Generate the next client and server creds. */
Create a server credential struct.
****************************************************************************/
-void creds_server_init(struct dcinfo *dc,
+void creds_server_init(uint32 neg_flags,
+ struct dcinfo *dc,
DOM_CHAL *clnt_chal,
DOM_CHAL *srv_chal,
const char mach_pw[16],
DOM_CHAL *init_chal_out)
{
+ DEBUG(10,("creds_server_init: neg_flags : %x\n", (unsigned int)neg_flags));
DEBUG(10,("creds_server_init: client chal : %s\n", credstr(clnt_chal->data) ));
DEBUG(10,("creds_server_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_server_init: machine pass", (const unsigned char *)mach_pw, 16);
/* Generate the session key and the next client and server creds. */
- creds_init_64(dc,
+ if (neg_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128(dc,
clnt_chal,
srv_chal,
mach_pw);
+ } else {
+ creds_init_64(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
+ }
dump_data_pw("creds_server_init: session key", dc->sess_key, 16);
Create a client credential struct.
****************************************************************************/
-void creds_client_init(struct dcinfo *dc,
+void creds_client_init(uint32 neg_flags,
+ struct dcinfo *dc,
DOM_CHAL *clnt_chal,
DOM_CHAL *srv_chal,
const unsigned char mach_pw[16],
{
dc->sequence = time(NULL);
+ DEBUG(10,("creds_client_init: neg_flags : %x\n", (unsigned int)neg_flags));
DEBUG(10,("creds_client_init: client chal : %s\n", credstr(clnt_chal->data) ));
DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16);
/* Generate the session key and the next client and server creds. */
- creds_init_64(dc,
+ if (neg_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
+ } else {
+ creds_init_64(dc,
clnt_chal,
srv_chal,
mach_pw);
+ }
dump_data_pw("creds_client_init: session key", dc->sess_key, 16);
git.samba.org / ira / wip.git / commitdiff