2 Unix SMB/CIFS implementation.
4 a partial implementation of DES designed for use in the
5 SMB authentication protocol
7 Copyright (C) Andrew Tridgell 1998
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 This code makes no attempt to be fast! In fact, it is a very
30 This code is NOT a complete DES implementation. It implements only
31 the minimum necessary for SMB authentication, as used by all SMB
32 products (including every copy of Microsoft Windows95 ever sold)
34 In particular, it can only do a unchained forward DES pass. This
35 means it is not possible to use this code for encryption/decryption
36 of data, instead it is only useful as a "hash" algorithm.
38 There is no entry point into this code that allows normal DES operation.
40 I believe this means that this code does not come under ITAR
41 regulations but this is NOT a legal opinion. If you are concerned
42 about the applicability of ITAR regulations to this code then you
43 should confirm it for yourself (and maybe let me know if you come
44 up with a different answer to the one above)
48 static const uint8_t perm1[56] = {57, 49, 41, 33, 25, 17, 9,
49 1, 58, 50, 42, 34, 26, 18,
50 10, 2, 59, 51, 43, 35, 27,
51 19, 11, 3, 60, 52, 44, 36,
52 63, 55, 47, 39, 31, 23, 15,
53 7, 62, 54, 46, 38, 30, 22,
54 14, 6, 61, 53, 45, 37, 29,
55 21, 13, 5, 28, 20, 12, 4};
57 static const uint8_t perm2[48] = {14, 17, 11, 24, 1, 5,
61 41, 52, 31, 37, 47, 55,
62 30, 40, 51, 45, 33, 48,
63 44, 49, 39, 56, 34, 53,
64 46, 42, 50, 36, 29, 32};
66 static const uint8_t perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
67 60, 52, 44, 36, 28, 20, 12, 4,
68 62, 54, 46, 38, 30, 22, 14, 6,
69 64, 56, 48, 40, 32, 24, 16, 8,
70 57, 49, 41, 33, 25, 17, 9, 1,
71 59, 51, 43, 35, 27, 19, 11, 3,
72 61, 53, 45, 37, 29, 21, 13, 5,
73 63, 55, 47, 39, 31, 23, 15, 7};
75 static const uint8_t perm4[48] = { 32, 1, 2, 3, 4, 5,
78 12, 13, 14, 15, 16, 17,
79 16, 17, 18, 19, 20, 21,
80 20, 21, 22, 23, 24, 25,
81 24, 25, 26, 27, 28, 29,
82 28, 29, 30, 31, 32, 1};
84 static const uint8_t perm5[32] = { 16, 7, 20, 21,
94 static const uint8_t perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
95 39, 7, 47, 15, 55, 23, 63, 31,
96 38, 6, 46, 14, 54, 22, 62, 30,
97 37, 5, 45, 13, 53, 21, 61, 29,
98 36, 4, 44, 12, 52, 20, 60, 28,
99 35, 3, 43, 11, 51, 19, 59, 27,
100 34, 2, 42, 10, 50, 18, 58, 26,
101 33, 1, 41, 9, 49, 17, 57, 25};
104 static const uint8_t sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
106 static const uint8_t sbox[8][4][16] = {
107 {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
108 {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
109 {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
110 {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
112 {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
113 {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
114 {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
115 {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
117 {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
118 {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
119 {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
120 {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
122 {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
123 {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
124 {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
125 {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
127 {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
128 {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
129 {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
130 {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
132 {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
133 {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
134 {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
135 {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
137 {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
138 {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
139 {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
140 {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
142 {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
143 {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
144 {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
145 {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
147 static void permute(char *out, const char *in, const uint8_t *p, int n)
154 static void lshift(char *d, int count, int n)
159 out[i] = d[(i+count)%n];
164 static void concat(char *out, char *in1, char *in2, int l1, int l2)
172 static void xor(char *out, char *in1, char *in2, int n)
176 out[i] = in1[i] ^ in2[i];
179 static void dohash(char *out, char *in, char *key, int forw)
191 permute(pk1, key, perm1, 56);
199 lshift(c, sc[i], 28);
200 lshift(d, sc[i], 28);
202 concat(cd, c, d, 28, 28);
203 permute(ki[i], cd, perm2, 48);
206 permute(pd1, in, perm3, 64);
221 permute(er, r, perm4, 48);
223 xor(erk, er, ki[forw ? i : 15 - i], 48);
227 b[j][k] = erk[j*6 + k];
231 m = (b[j][0]<<1) | b[j][5];
233 n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
236 b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
242 permute(pcb, cb, perm5, 32);
253 concat(rl, r, l, 32, 32);
255 permute(out, rl, perm6, 64);
258 static void str_to_key(const uint8_t *str,uint8_t *key)
263 key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
264 key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
265 key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
266 key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
267 key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
268 key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
269 key[7] = str[6]&0x7F;
271 key[i] = (key[i]<<1);
276 basic des crypt using a 56 bit (7 byte) key
278 void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw)
286 str_to_key(key, key2);
289 inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
290 keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
294 dohash(outb, inb, keyb, forw);
302 out[i/8] |= (1<<(7-(i%8)));
306 void E_P16(const uint8_t *p14,uint8_t *p16)
308 const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
309 des_crypt56(p16, sp8, p14, 1);
310 des_crypt56(p16+8, sp8, p14+7, 1);
313 void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
315 des_crypt56(p24, c8, p21, 1);
316 des_crypt56(p24+8, c8, p21+7, 1);
317 des_crypt56(p24+16, c8, p21+14, 1);
320 void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out)
322 des_crypt56(out, in, p14, 0);
323 des_crypt56(out+8, in+8, p14+7, 0);
326 void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
328 des_crypt56(out, in, p14, 1);
329 des_crypt56(out+8, in+8, p14+7, 1);
332 /* des encryption with a 128 bit key */
333 void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
336 des_crypt56(buf, in, key, 1);
337 des_crypt56(out, buf, key+9, 1);
340 /* des encryption with a 64 bit key */
341 void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw)
346 des_crypt56(buf, in, key, forw);
348 des_crypt56(out, buf, key2, forw);
351 /* des encryption with a 112 bit (14 byte) key */
352 void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw)
355 des_crypt56(buf, in, key, forw);
356 des_crypt56(out, buf, key+7, forw);
359 /* des encryption of a 16 byte lump of data with a 112 bit key */
360 void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int forw)
362 des_crypt56(out, in, key, forw);
363 des_crypt56(out + 8, in + 8, key+7, forw);
366 /* Decode a sam password hash into a password. The password hash is the
367 same method used to store passwords in the NT registry. The DES key
368 used is based on the RID of the user. */
369 void sam_rid_crypt(uint_t rid, const uint8_t *in, uint8_t *out, int forw)
373 s[0] = s[4] = s[8] = s[12] = (uint8_t)(rid & 0xFF);
374 s[1] = s[5] = s[9] = s[13] = (uint8_t)((rid >> 8) & 0xFF);
375 s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF);
376 s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF);
378 des_crypt56(out, in, s, forw);
379 des_crypt56(out+8, in+8, s+7, forw);