search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: Update release notes.
[Samba.git] / source3 / libsmb / smbdes.c
blob8087d66799fb874a9e2727156ce0c3d4dfe17449
1 /*
2 Unix SMB/CIFS implementation.
3
4 a partial implementation of DES designed for use in the
5 SMB authentication protocol
6
7 Copyright (C) Andrew Tridgell 1998
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24
25 /* NOTES:
26
27 This code makes no attempt to be fast! In fact, it is a very
28 slow implementation
29
30 This code is NOT a complete DES implementation. It implements only
31 the minimum necessary for SMB authentication, as used by all SMB
32 products (including every copy of Microsoft Windows95 ever sold)
33
34 In particular, it can only do a unchained forward DES pass. This
35 means it is not possible to use this code for encryption/decryption
36 of data, instead it is only useful as a "hash" algorithm.
37
38 There is no entry point into this code that allows normal DES operation.
39
40 I believe this means that this code does not come under ITAR
41 regulations but this is NOT a legal opinion. If you are concerned
42 about the applicability of ITAR regulations to this code then you
43 should confirm it for yourself (and maybe let me know if you come
44 up with a different answer to the one above)
45 */
46
47
48 #define uchar unsigned char
49
50 static const uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9,
51 1, 58, 50, 42, 34, 26, 18,
52 10, 2, 59, 51, 43, 35, 27,
53 19, 11, 3, 60, 52, 44, 36,
54 63, 55, 47, 39, 31, 23, 15,
55 7, 62, 54, 46, 38, 30, 22,
56 14, 6, 61, 53, 45, 37, 29,
57 21, 13, 5, 28, 20, 12, 4};
58
59 static const uchar perm2[48] = {14, 17, 11, 24, 1, 5,
60 3, 28, 15, 6, 21, 10,
61 23, 19, 12, 4, 26, 8,
62 16, 7, 27, 20, 13, 2,
63 41, 52, 31, 37, 47, 55,
64 30, 40, 51, 45, 33, 48,
65 44, 49, 39, 56, 34, 53,
66 46, 42, 50, 36, 29, 32};
67
68 static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
69 60, 52, 44, 36, 28, 20, 12, 4,
70 62, 54, 46, 38, 30, 22, 14, 6,
71 64, 56, 48, 40, 32, 24, 16, 8,
72 57, 49, 41, 33, 25, 17, 9, 1,
73 59, 51, 43, 35, 27, 19, 11, 3,
74 61, 53, 45, 37, 29, 21, 13, 5,
75 63, 55, 47, 39, 31, 23, 15, 7};
76
77 static const uchar perm4[48] = { 32, 1, 2, 3, 4, 5,
78 4, 5, 6, 7, 8, 9,
79 8, 9, 10, 11, 12, 13,
80 12, 13, 14, 15, 16, 17,
81 16, 17, 18, 19, 20, 21,
82 20, 21, 22, 23, 24, 25,
83 24, 25, 26, 27, 28, 29,
84 28, 29, 30, 31, 32, 1};
85
86 static const uchar perm5[32] = { 16, 7, 20, 21,
87 29, 12, 28, 17,
88 1, 15, 23, 26,
89 5, 18, 31, 10,
90 2, 8, 24, 14,
91 32, 27, 3, 9,
92 19, 13, 30, 6,
93 22, 11, 4, 25};
94
95
96 static const uchar perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
97 39, 7, 47, 15, 55, 23, 63, 31,
98 38, 6, 46, 14, 54, 22, 62, 30,
99 37, 5, 45, 13, 53, 21, 61, 29,
100 36, 4, 44, 12, 52, 20, 60, 28,
101 35, 3, 43, 11, 51, 19, 59, 27,
102 34, 2, 42, 10, 50, 18, 58, 26,
103 33, 1, 41, 9, 49, 17, 57, 25};
104
105
106 static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
107
108 static const uchar sbox[8][4][16] = {
109 {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
110 {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
111 {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
112 {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
113
114 {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
115 {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
116 {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
117 {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
118
119 {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
120 {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
121 {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
122 {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
123
124 {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
125 {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
126 {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
127 {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
128
129 {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
130 {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
131 {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
132 {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
133
134 {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
135 {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
136 {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
137 {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
138
139 {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
140 {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
141 {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
142 {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
143
144 {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
145 {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
146 {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
147 {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
148
149 static void permute(char *out, const char *in, const uchar *p, int n)
150 {
151 int i;
152 for (i=0;i<n;i++)
153 out[i] = in[p[i]-1];
154 }
155
156 static void lshift(char *d, int count, int n)
157 {
158 char out[64];
159 int i;
160 for (i=0;i<n;i++)
161 out[i] = d[(i+count)%n];
162 for (i=0;i<n;i++)
163 d[i] = out[i];
164 }
165
166 static void concat(char *out, char *in1, char *in2, int l1, int l2)
167 {
168 while (l1--)
169 *out++ = *in1++;
170 while (l2--)
171 *out++ = *in2++;
172 }
173
174 static void x_or(char *out, char *in1, char *in2, int n)
175 {
176 int i;
177 for (i=0;i<n;i++)
178 out[i] = in1[i] ^ in2[i];
179 }
180
181 static void dohash(char *out, char *in, char *key, int forw)
182 {
183 int i, j, k;
184 char pk1[56];
185 char c[28];
186 char d[28];
187 char cd[56];
188 char ki[16][48];
189 char pd1[64];
190 char l[32], r[32];
191 char rl[64];
192
193 permute(pk1, key, perm1, 56);
194
195 for (i=0;i<28;i++)
196 c[i] = pk1[i];
197 for (i=0;i<28;i++)
198 d[i] = pk1[i+28];
199
200 for (i=0;i<16;i++) {
201 lshift(c, sc[i], 28);
202 lshift(d, sc[i], 28);
203
204 concat(cd, c, d, 28, 28);
205 permute(ki[i], cd, perm2, 48);
206 }
207
208 permute(pd1, in, perm3, 64);
209
210 for (j=0;j<32;j++) {
211 l[j] = pd1[j];
212 r[j] = pd1[j+32];
213 }
214
215 for (i=0;i<16;i++) {
216 char er[48];
217 char erk[48];
218 char b[8][6];
219 char cb[32];
220 char pcb[32];
221 char r2[32];
222
223 permute(er, r, perm4, 48);
224
225 x_or(erk, er, ki[forw ? i : 15 - i], 48);
226
227 for (j=0;j<8;j++)
228 for (k=0;k<6;k++)
229 b[j][k] = erk[j*6 + k];
230
231 for (j=0;j<8;j++) {
232 int m, n;
233 m = (b[j][0]<<1) | b[j][5];
234
235 n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
236
237 for (k=0;k<4;k++)
238 b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
239 }
240
241 for (j=0;j<8;j++)
242 for (k=0;k<4;k++)
243 cb[j*4+k] = b[j][k];
244 permute(pcb, cb, perm5, 32);
245
246 x_or(r2, l, pcb, 32);
247
248 for (j=0;j<32;j++)
249 l[j] = r[j];
250
251 for (j=0;j<32;j++)
252 r[j] = r2[j];
253 }
254
255 concat(rl, r, l, 32, 32);
256
257 permute(out, rl, perm6, 64);
258 }
259
260 /* Convert a 7 byte string to an 8 byte key. */
261 static void str_to_key(const unsigned char str[7], unsigned char key[8])
262 {
263 int i;
264
265 key[0] = str[0]>>1;
266 key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
267 key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
268 key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
269 key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
270 key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
271 key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
272 key[7] = str[6]&0x7F;
273 for (i=0;i<8;i++) {
274 key[i] = (key[i]<<1);
275 }
276 }
277
278
279 void des_crypt56(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
280 {
281 int i;
282 char outb[64];
283 char inb[64];
284 char keyb[64];
285 unsigned char key2[8];
286
287 str_to_key(key, key2);
288
289 for (i=0;i<64;i++) {
290 inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
291 keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
292 outb[i] = 0;
293 }
294
295 dohash(outb, inb, keyb, forw);
296
297 for (i=0;i<8;i++) {
298 out[i] = 0;
299 }
300
301 for (i=0;i<64;i++) {
302 if (outb[i])
303 out[i/8] |= (1<<(7-(i%8)));
304 }
305 }
306
307 void E_P16(const unsigned char *p14,unsigned char *p16)
308 {
309 unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
310 des_crypt56(p16, sp8, p14, 1);
311 des_crypt56(p16+8, sp8, p14+7, 1);
312 }
313
314 void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24)
315 {
316 des_crypt56(p24, c8, p21, 1);
317 des_crypt56(p24+8, c8, p21+7, 1);
318 des_crypt56(p24+16, c8, p21+14, 1);
319 }
320
321 void D_P16(const unsigned char *p14, const unsigned char *in, unsigned char *out)
322 {
323 des_crypt56(out, in, p14, 0);
324 des_crypt56(out+8, in+8, p14+7, 0);
325 }
326
327 void E_old_pw_hash( unsigned char *p14, const unsigned char *in, unsigned char *out)
328 {
329 des_crypt56(out, in, p14, 1);
330 des_crypt56(out+8, in+8, p14+7, 1);
331 }
332
333 /* forward des encryption with a 128 bit key */
334 void des_crypt128(unsigned char out[8], const unsigned char in[8], const unsigned char key[16])
335 {
336 unsigned char buf[8];
337
338 des_crypt56(buf, in, key, 1);
339 des_crypt56(out, buf, key+9, 1);
340 }
341
342 /* forward des encryption with a 64 bit key */
343 void des_crypt64(unsigned char out[8], const unsigned char in[8], const unsigned char key[8])
344 {
345 unsigned char buf[8];
346 unsigned char key2[8];
347
348 memset(key2,'\0',8);
349 des_crypt56(buf, in, key, 1);
350 key2[0] = key[7];
351 des_crypt56(out, buf, key2, 1);
352 }
353
354 /* des encryption with a 112 bit (14 byte) key */
355 /* Note that if the forw is 1, and key is actually 8 bytes of key, followed by 6 bytes of zeros,
356 this is identical to des_crypt64(). JRA. */
357
358 void des_crypt112(unsigned char out[8], const unsigned char in[8], const unsigned char key[14], int forw)
359 {
360 unsigned char buf[8];
361 des_crypt56(buf, in, key, forw);
362 des_crypt56(out, buf, key+7, forw);
363 }
364
365 void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
366 {
367 unsigned char key2[8];
368
369 memset(key2,'\0',8);
370 des_crypt56(out, in, key, forw);
371 key2[0] = key[7];
372 des_crypt56(out + 8, in + 8, key2, forw);
373 }
374
375 /* des encryption of a 16 byte lump of data with a 112 bit key */
376 /* Note that if the key is actually 8 bytes of key, followed by 6 bytes of zeros,
377 this is identical to cred_hash3(). JRA. */
378
379 void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned char key[14], int forw)
380 {
381 des_crypt56(out, in, key, forw);
382 des_crypt56(out + 8, in + 8, key+7, forw);
383 }
384
385 /*****************************************************************
386 arc4 crypt/decrypt with a 16 byte key.
387 *****************************************************************/
388
389 void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len)
390 {
391 struct arcfour_state arc4_state;
392 const DATA_BLOB keyblob = data_blob_const(key, 16);
393
394 arcfour_init(&arc4_state, &keyblob);
395 arcfour_crypt_sbox(&arc4_state, data, len);
396 }
397
398 void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key)
399 {
400 struct arcfour_state arc4_state;
401
402 arcfour_init(&arc4_state, key);
403 arcfour_crypt_sbox(&arc4_state, data, len);
404 }
405
406 /* Decode a sam password hash into a password. The password hash is the
407 same method used to store passwords in the NT registry. The DES key
408 used is based on the RID of the user. */
409
410 void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw)
411 {
412 uchar s[14];
413
414 s[0] = s[4] = s[8] = s[12] = (uchar)(rid & 0xFF);
415 s[1] = s[5] = s[9] = s[13] = (uchar)((rid >> 8) & 0xFF);
416 s[2] = s[6] = s[10] = (uchar)((rid >> 16) & 0xFF);
417 s[3] = s[7] = s[11] = (uchar)((rid >> 24) & 0xFF);
418
419 des_crypt56(out, in, s, forw);
420 des_crypt56(out+8, in+8, s+7, forw);
421 }
Samba GIT mirror