}
}
-/**
- Weaken NTLMSSP keys to cope with down-level clients and servers.
-
- We probably should have some parameters to control this, but as
- it only occours for LM_KEY connections, and this is controlled
- by the client lanman auth/lanman auth parameters, it isn't too bad.
-*/
-
-DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx)
-{
- DATA_BLOB weakened_key = data_blob_talloc(mem_ctx,
- ntlmssp_state->session_key.data,
- ntlmssp_state->session_key.length);
-
- /* Nothing to weaken. We certainly don't want to 'extend' the length... */
- if (weakened_key.length < 16) {
- /* perhaps there was no key? */
- return weakened_key;
- }
-
- /* Key weakening not performed on the master key for NTLM2
- and does not occour for NTLM1. Therefore we only need
- to do this for the LM_KEY.
- */
-
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
- /* LM key doesn't support 128 bit crypto, so this is
- * the best we can do. If you negotiate 128 bit, but
- * not 56, you end up with 40 bit... */
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
- weakened_key.data[7] = 0xa0;
- } else { /* forty bits */
- weakened_key.data[5] = 0xe5;
- weakened_key.data[6] = 0x38;
- weakened_key.data[7] = 0xb0;
- }
- weakened_key.length = 8;
- }
- return weakened_key;
-}
-
/**
* Next state function for the Negotiate packet
*
*/
NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("weak_keys");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
if (ntlmssp_state->session_key.length < 8) {
- TALLOC_FREE(mem_ctx);
DEBUG(3, ("NO session key, cannot intialise signing\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
}
recv_seal_const = CLI_SEAL;
break;
default:
- TALLOC_FREE(mem_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
} else {
-#if 0
- /* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */
+ uint8_t weak_session_key[8];
+ DATA_BLOB seal_session_key = ntlmssp_state->session_key;
+ bool do_weak = false;
- DATA_BLOB weak_session_key = ntlmssp_state->session_key;
- /**
- Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
- We probably should have some parameters to control this, once we get NTLM2 working.
- */
+ DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
- ;
- } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
- weak_session_key.length = 6;
- } else { /* forty bits */
- weak_session_key.length = 5;
+ /*
+ * Key weakening not performed on the master key for NTLM2
+ * and does not occour for NTLM1. Therefore we only need
+ * to do this for the LM_KEY.
+ */
+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+ do_weak = true;
}
- dump_data_pw("NTLMSSP weakend master key:\n",
- weak_session_key.data,
- weak_session_key.length);
-#endif
- DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx);
+ /*
+ * Nothing to weaken.
+ * We certainly don't want to 'extend' the length...
+ */
+ if (seal_session_key.length < 16) {
+ /* TODO: is this really correct? */
+ do_weak = false;
+ }
- DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
+ if (do_weak) {
+ memcpy(weak_session_key, seal_session_key.data, 8);
+ seal_session_key = data_blob_const(weak_session_key, 8);
+
+ /*
+ * LM key doesn't support 128 bit crypto, so this is
+ * the best we can do. If you negotiate 128 bit, but
+ * not 56, you end up with 40 bit...
+ */
+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
+ weak_session_key[7] = 0xa0;
+ } else { /* forty bits */
+ weak_session_key[5] = 0xe5;
+ weak_session_key[6] = 0x38;
+ weak_session_key[7] = 0xb0;
+ }
+ }
arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
- &weak_session_key);
+ &seal_session_key);
dump_arc4_state("NTLMv1 arc4 state:\n",
&ntlmssp_state->ntlmv1_arc4_state);
ntlmssp_state->ntlmv1_seq_num = 0;
}
- TALLOC_FREE(mem_ctx);
return NT_STATUS_OK;
}
git.samba.org / metze / samba / wip.git / commitdiff