Refactored NTLM DES key generation

andj · Jul 5, 2011 · d86e009 · d86e009
1 parent b8368cc
commit d86e009
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 8 deletions.
diff --git a/crypto_backend.h b/crypto_backend.h
@@ -126,6 +126,17 @@ bool key_des_check (uint8_t *key, int key_len, int ndc);
  */
 void key_des_fixup (uint8_t *key, int key_len, int ndc);
 
+/**
+ * Encrypt the given block, using DES ECB mode
+ *
+ * @param key		DES key to use.
+ * @param src		Buffer containing the 8-byte source.
+ * @param dst		Buffer containing the 8-byte destination
+ */
+void cipher_des_encrypt_ecb (const unsigned char key[8],
+    unsigned char src[8],
+    unsigned char dst[8]);
+
 /*
  *
  * Generic cipher key type functions

diff --git a/crypto_openssl.c b/crypto_openssl.c
@@ -441,3 +441,14 @@ key_des_fixup (uint8_t *key, int key_len, int ndc)
 }
 
 
+void
+cipher_des_encrypt_ecb (const unsigned char key[8],
+    unsigned char *src,
+    unsigned char *dst)
+{
+    des_key_schedule sched;
+
+    des_set_key_unchecked((des_cblock*)key, sched);
+    des_ecb_encrypt((des_cblock *)src, (des_cblock *)dst, sched, DES_ENCRYPT);
+}
+
diff --git a/ntlm.c b/ntlm.c
@@ -196,8 +196,6 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar
   char md4_hash[21];
   char challenge[8], ntlm_response[24];
   int i, ret_val;
-  des_cblock key1, key2, key3;
-  des_key_schedule sched1, sched2, sched3;
 
 	char ntlmv2_response[144];
 	char userdomain_u[256]; /* for uppercase unicode username and domain */
@@ -303,18 +301,16 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar
 		memcpy(ntlmv2_response, ntlmv2_hmacmd5, 16); /* Note: This overwrites challenge previously written at ntlmv2_response[8..15] */
 
 	} else { /* Generate NTLM response */
+		unsigned char key1[8], key2[8], key3[8];
 
 		create_des_keys ((unsigned char *)md4_hash, key1);
-		des_set_key_unchecked ((des_cblock *)key1, sched1);
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)ntlm_response, sched1, DES_ENCRYPT);
+		cipher_des_encrypt_ecb (key1, challenge, ntlm_response);
 
 		create_des_keys ((unsigned char *)&(md4_hash[7]), key2);
-		des_set_key_unchecked ((des_cblock *)key2, sched2);
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)&(ntlm_response[8]), sched2, DES_ENCRYPT);
+		cipher_des_encrypt_ecb (key2, challenge, &ntlm_response[8]);
 
 		create_des_keys ((unsigned char *)&(md4_hash[14]), key3);
-		des_set_key_unchecked ((des_cblock *)key3, sched3);
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)&(ntlm_response[16]), sched3, DES_ENCRYPT);
+		cipher_des_encrypt_ecb (key3, challenge, &ntlm_response[16]);
 	}