diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-09-16 04:41:16 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-09-16 04:41:16 +0000 |
commit | 57c2578cb2b7e02acc6c04d07adc11a77c40aa9c (patch) | |
tree | 340729e71e98ad0fe7f3bf6a4b651aaa1286c5e4 /source3/libsmb | |
parent | 72b02acd7e2c24efcff2faffb2555d70378b01b3 (diff) | |
download | samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.gz samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.tar.xz samba-57c2578cb2b7e02acc6c04d07adc11a77c40aa9c.zip |
- change generate_challenge() to use md4 instead of des
- move routines about a bit between smbencrypt.c and smbdes.c. Ensure
that there is no entry point for normal DES operation
- add the following comment:
This code is NOT a complete DES implementation. It implements only
the minimum necessary for SMB authentication, as used by all SMB
products (including every copy of Microsoft Windows95 ever sold)
In particular, it can only do a unchained forward DES pass. This
means it is not possible to use this code for encryption/decryption
of data, instead it is only useful as a "hash" algorithm.
There is no entry point into this code that allows normal DES operation.
I believe this means that this code does not come under ITAR
regulations but this is NOT a legal opinion. If you are concerned
about the applicability of ITAR regulations to this code then you
should confirm it for yourself (and maybe let me know if you come
up with a different answer to the one above)
(This used to be commit 35b92e725f351c9a9f2846a6b55f71c234f187c7)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/smbdes.c | 52 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 23 |
2 files changed, 45 insertions, 30 deletions
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index 135df7fbb44..1c38612b739 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -1,7 +1,10 @@ /* Unix SMB/Netbios implementation. Version 1.9. - a implementation of DES designed for use in the SMB authentication protocol + + a partial implementation of DES designed for use in the + SMB authentication protocol + Copyright (C) Andrew Tridgell 1997 This program is free software; you can redistribute it and/or modify @@ -20,8 +23,29 @@ */ -/* NOTE: This code makes no attempt to be fast! In fact, it is a very - slow DES implementation */ +/* NOTES: + + This code makes no attempt to be fast! In fact, it is a very + slow implementation + + This code is NOT a complete DES implementation. It implements only + the minimum necessary for SMB authentication, as used by all SMB + products (including every copy of Microsoft Windows95 ever sold) + + In particular, it can only do a unchained forward DES pass. This + means it is not possible to use this code for encryption/decryption + of data, instead it is only useful as a "hash" algorithm. + + There is no entry point into this code that allows normal DES operation. + + I believe this means that this code does not come under ITAR + regulations but this is NOT a legal opinion. If you are concerned + about the applicability of ITAR regulations to this code then you + should confirm it for yourself (and maybe let me know if you come + up with a different answer to the one above) +*/ + + static int perm1[56] = {57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, @@ -154,7 +178,7 @@ static void xor(char *out, char *in1, char *in2, int n) out[i] = in1[i] ^ in2[i]; } -static void dodes(char *out, char *in, char *key) +static void dohash(char *out, char *in, char *key) { int i, j, k; char pk1[56]; @@ -251,8 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key) } -/* this is the entry point to the DES routine. The key is 56 bits (no parity) */ -void smbdes(unsigned char *out, unsigned char *in, unsigned char *key) +static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key) { int i; char outb[64]; @@ -268,7 +291,7 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key) outb[i] = 0; } - dodes(outb, inb, keyb); + dohash(outb, inb, keyb); for (i=0;i<8;i++) { out[i] = 0; @@ -280,3 +303,18 @@ void smbdes(unsigned char *out, unsigned char *in, unsigned char *key) } } +void E_P16(unsigned char *p14,unsigned char *p16) +{ + unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; + smbhash(p16, sp8, p14); + smbhash(p16+8, sp8, p14+7); +} + +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) +{ + smbhash(p24, c8, p21); + smbhash(p24+8, c8, p21+7); + smbhash(p24+16, c8, p21+14); +} + + diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 2738103692b..27172fd4136 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -26,29 +26,6 @@ extern int DEBUGLEVEL; #include "byteorder.h" -void E1(uchar *k, uchar *d, uchar *out) -{ - smbdes(out, d, k); -} - -void E_P16(uchar *p14,uchar *p16) -{ - /* the following constant makes us compatible with other - implementations. Note that publishing this constant does not reduce the - security of the encryption mechanism */ - uchar sp8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; - E1(p14, sp8, p16); - E1(p14+7, sp8, p16+8); -} - -void E_P24(uchar *p21, uchar *c8, uchar *p24) -{ - E1(p21, c8, p24); - E1(p21+7, c8, p24+8); - E1(p21+14, c8, p24+16); -} - - /* This implements the X/Open SMB password encryption It takes a password, a 8 byte "crypt key" and puts 24 bytes of |