1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
/*
Unix SMB/CIFS implementation.
code to encrypt/decrypt data using the user session key
Copyright (C) Andrew Tridgell 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/*
encrypt or decrypt a blob of data using the user session key
as used in lsa_SetSecret
before calling, the out blob must be initialised to be the same size
as the in blob
*/
void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const uint8 session_key[16],
BOOL forward)
{
int i, k;
for (i=0,k=0;
i<in->length;
i += 8, k += 7) {
uint8 bin[8], bout[8], key[7];
memset(bin, 0, 8);
memcpy(bin, &in->data[i], MIN(8, in->length-i));
if (k + 7 > 16) {
k = (16 - k);
}
memcpy(key, &session_key[k], 7);
smbhash(bout, bin, key, forward?1:0);
memcpy(&out->data[i], bout, MIN(8, in->length-i));
}
}
/*
a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
note that we round the length to a multiple of 8. This seems to be needed for
compatibility with windows
caller should free using data_blob_free()
*/
DATA_BLOB sess_encrypt_string(const char *str, const uint8 session_key[16])
{
DATA_BLOB ret, src;
int slen = strlen(str);
int dlen = (slen+7) & ~7;
src = data_blob(NULL, 8+dlen);
if (!src.data) {
return data_blob(NULL, 0);
}
ret = data_blob(NULL, 8+dlen);
if (!ret.data) {
data_blob_free(&src);
return data_blob(NULL, 0);
}
SIVAL(src.data, 0, slen);
SIVAL(src.data, 4, 1);
memset(src.data+8, 0, dlen);
memcpy(src.data+8, str, slen);
sess_crypt_blob(&ret, &src, session_key, True);
data_blob_free(&src);
return ret;
}
/*
a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
caller should free the returned string
*/
char *sess_decrypt_string(DATA_BLOB *blob, const uint8 session_key[16])
{
DATA_BLOB out;
int slen;
char *ret;
if (blob->length < 8) {
return NULL;
}
out = data_blob(NULL, blob->length);
if (!out.data) {
return NULL;
}
sess_crypt_blob(&out, blob, session_key, False);
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
return NULL;
}
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
IVAL(out.data, 4)));
return NULL;
}
ret = strndup(out.data+8, slen);
data_blob_free(&out);
return ret;
}
|