/****************************************************************************
- Setup the session key.
- Input: 8 byte challenge block
- 8 byte server challenge block
- 16 byte md4 encrypted password
- Output:
- 16 byte session key (last 8 bytes zero).
+ Setup the session key and the client and server creds in dc.
+ Used by both client and server creds setup.
****************************************************************************/
-static void cred_create_session_key(const DOM_CHAL *clnt_chal_in,
+static void creds_init_64(struct dcinfo *dc,
+ const DOM_CHAL *clnt_chal_in,
const DOM_CHAL *srv_chal_in,
- const uchar *pass_in,
- uchar session_key_out[16])
+ const char mach_pw[16])
{
uint32 sum[2];
unsigned char sum2[8];
+ /* Just in case this isn't already there */
+ memcpy(dc->mach_pw, mach_pw, 16);
+
sum[0] = IVAL(clnt_chal_in->data, 0) + IVAL(srv_chal_in->data, 0);
sum[1] = IVAL(clnt_chal_in->data, 4) + IVAL(srv_chal_in->data, 4);
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
- cred_hash1(session_key_out, sum2, pass_in);
- memset(&session_key_out[8], '\0', 8);
+ ZERO_STRUCT(dc->sess_key);
- /* debug output */
- DEBUG(4,("cred_create_session_key\n"));
+ des_crypt128(dc->sess_key, sum2, dc->mach_pw);
+ /* debug output */
+ DEBUG(5,("creds_init_64\n"));
DEBUG(5,(" clnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
DEBUG(5,(" srv_chal_in : %s\n", credstr(srv_chal_in->data)));
DEBUG(5,(" clnt+srv : %s\n", credstr(sum2)));
- DEBUG(5,(" sess_key_out : %s\n", credstr(session_key_out)));
+ DEBUG(5,(" sess_key_out : %s\n", credstr(dc->sess_key)));
+
+ /* Generate the next client and server creds. */
+
+ des_crypt112(dc->clnt_chal.data, /* output */
+ clnt_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ des_crypt112(dc->srv_chal.data, /* output */
+ srv_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ /* Seed is the client chal. */
+ memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
}
/****************************************************************************
DEBUG(5,("\tseed+seq %s\n", credstr(time_chal.data) ));
- cred_hash2(dc->clnt_chal.data, time_chal.data, dc->sess_key);
+ des_crypt112(dc->clnt_chal.data, time_chal.data, dc->sess_key, 1);
DEBUG(5,("\tCLIENT %s\n", credstr(dc->clnt_chal.data) ));
DEBUG(5,("\tseed+seq+1 %s\n", credstr(time_chal.data) ));
- cred_hash2(dc->srv_chal.data, time_chal.data, dc->sess_key);
+ des_crypt112(dc->srv_chal.data, time_chal.data, dc->sess_key, 1);
DEBUG(5,("\tSERVER %s\n", credstr(dc->srv_chal.data) ));
}
-
/****************************************************************************
Create a server credential struct.
****************************************************************************/
DEBUG(10,("creds_server_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_server_init: machine pass", (const unsigned char *)mach_pw, 16);
- /* Just in case this isn't already there */
- memcpy(dc->mach_pw, mach_pw, 16);
-
- /* Generate the session key. */
- cred_create_session_key(clnt_chal, /* Stored client challenge. */
- srv_chal, /* Stored server challenge. */
- dc->mach_pw, /* input machine password. */
- dc->sess_key); /* output session key. */
+ /* Generate the session key and the next client and server creds. */
+ creds_init_64(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
dump_data_pw("creds_server_init: session key", dc->sess_key, 16);
- /* Generate the next client and server creds. */
- cred_hash2(dc->clnt_chal.data, /* output */
- clnt_chal->data, /* input */
- dc->sess_key); /* input */
-
- cred_hash2(dc->srv_chal.data, /* output */
- srv_chal->data, /* input */
- dc->sess_key); /* input */
-
- /* Seed is the client chal. */
- memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
-
DEBUG(10,("creds_server_init: clnt : %s\n", credstr(dc->clnt_chal.data) ));
DEBUG(10,("creds_server_init: server : %s\n", credstr(dc->srv_chal.data) ));
DEBUG(10,("creds_server_init: seed : %s\n", credstr(dc->seed_chal.data) ));
DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16);
- /* Just in case this isn't already there */
- memcpy(dc->mach_pw, mach_pw, 16);
-
- /* Generate the session key. */
- cred_create_session_key(clnt_chal, /* Stored client challenge. */
- srv_chal, /* Stored server challenge. */
- dc->mach_pw, /* input machine password. */
- dc->sess_key); /* output session key. */
+ /* Generate the session key and the next client and server creds. */
+ creds_init_64(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
dump_data_pw("creds_client_init: session key", dc->sess_key, 16);
- /* Generate the next client and server creds. */
- cred_hash2(dc->clnt_chal.data, /* output */
- clnt_chal->data, /* input */
- dc->sess_key); /* input */
-
- cred_hash2(dc->srv_chal.data, /* output */
- srv_chal->data, /* input */
- dc->sess_key); /* input */
-
- /* Seed is the client cred. */
- memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
-
DEBUG(10,("creds_client_init: clnt : %s\n", credstr(dc->clnt_chal.data) ));
DEBUG(10,("creds_client_init: server : %s\n", credstr(dc->srv_chal.data) ));
DEBUG(10,("creds_client_init: seed : %s\n", credstr(dc->seed_chal.data) ));
permute(out, rl, perm6, 64);
}
-static void str_to_key(const unsigned char *str,unsigned char *key)
+/* Convert a 7 byte string to an 8 byte key. */
+static void str_to_key(const unsigned char str[7], unsigned char key[8])
{
int i;
des_crypt56(out+8, in+8, p14+7, 1);
}
-void cred_hash1(unsigned char *out, const unsigned char *in, const unsigned char *key)
+/* forward des encryption with a 128 bit key */
+void des_crypt128(unsigned char out[8], const unsigned char in[8], const unsigned char key[16])
{
unsigned char buf[8];
des_crypt56(out, buf, key+9, 1);
}
-void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char *key)
+/* forward des encryption with a 64 bit key */
+void des_crypt64(unsigned char out[8], const unsigned char in[8], const unsigned char key[8])
{
unsigned char buf[8];
- static unsigned char key2[8];
+ unsigned char key2[8];
+ memset(key2,'\0',8);
des_crypt56(buf, in, key, 1);
key2[0] = key[7];
des_crypt56(out, buf, key2, 1);
}
+/* des encryption with a 112 bit (14 byte) key */
+/* Note that if the forw is 1, and key is actually 8 bytes of key, followed by 6 bytes of zeros,
+ this is identical to des_crypt64(). JRA. */
+
+void des_crypt112(unsigned char out[8], const unsigned char in[8], const unsigned char key[14], int forw)
+{
+ unsigned char buf[8];
+ des_crypt56(buf, in, key, forw);
+ des_crypt56(out, buf, key+7, forw);
+}
+
void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
{
- static unsigned char key2[8];
+ unsigned char key2[8];
+ memset(key2,'\0',8);
des_crypt56(out, in, key, forw);
key2[0] = key[7];
des_crypt56(out + 8, in + 8, key2, forw);
}
+/* des encryption of a 16 byte lump of data with a 112 bit key */
+/* Note that if the key is actually 8 bytes of key, followed by 6 bytes of zeros,
+ this is identical to cred_hash3(). JRA. */
+
+void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned char key[14], int forw)
+{
+ des_crypt56(out, in, key, forw);
+ des_crypt56(out + 8, in + 8, key+7, forw);
+}
+
/*****************************************************************
arc4 crypt/decrypt with a 16 byte key.
*****************************************************************/
git.samba.org / samba.git / commitdiff