Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Refactored NTLM DES key generation

  • Loading branch information...
commit d86e00908abc3f98e90d589daadfc07caac4f2c7 1 parent b8368cc
andj authored June 23, 2011
11  crypto_backend.h
@@ -126,6 +126,17 @@ bool key_des_check (uint8_t *key, int key_len, int ndc);
126 126
  */
127 127
 void key_des_fixup (uint8_t *key, int key_len, int ndc);
128 128
 
  129
+/**
  130
+ * Encrypt the given block, using DES ECB mode
  131
+ *
  132
+ * @param key		DES key to use.
  133
+ * @param src		Buffer containing the 8-byte source.
  134
+ * @param dst		Buffer containing the 8-byte destination
  135
+ */
  136
+void cipher_des_encrypt_ecb (const unsigned char key[8],
  137
+    unsigned char src[8],
  138
+    unsigned char dst[8]);
  139
+
129 140
 /*
130 141
  *
131 142
  * Generic cipher key type functions
11  crypto_openssl.c
@@ -441,3 +441,14 @@ key_des_fixup (uint8_t *key, int key_len, int ndc)
441 441
 }
442 442
 
443 443
 
  444
+void
  445
+cipher_des_encrypt_ecb (const unsigned char key[8],
  446
+    unsigned char *src,
  447
+    unsigned char *dst)
  448
+{
  449
+    des_key_schedule sched;
  450
+
  451
+    des_set_key_unchecked((des_cblock*)key, sched);
  452
+    des_ecb_encrypt((des_cblock *)src, (des_cblock *)dst, sched, DES_ENCRYPT);
  453
+}
  454
+
12  ntlm.c
@@ -196,8 +196,6 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar
196 196
   char md4_hash[21];
197 197
   char challenge[8], ntlm_response[24];
198 198
   int i, ret_val;
199  
-  des_cblock key1, key2, key3;
200  
-  des_key_schedule sched1, sched2, sched3;
201 199
 
202 200
 	char ntlmv2_response[144];
203 201
 	char userdomain_u[256]; /* for uppercase unicode username and domain */
@@ -303,18 +301,16 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar
303 301
 		memcpy(ntlmv2_response, ntlmv2_hmacmd5, 16); /* Note: This overwrites challenge previously written at ntlmv2_response[8..15] */
304 302
 	
305 303
 	} else { /* Generate NTLM response */
  304
+		unsigned char key1[8], key2[8], key3[8];
306 305
 
307 306
 		create_des_keys ((unsigned char *)md4_hash, key1);
308  
-		des_set_key_unchecked ((des_cblock *)key1, sched1);
309  
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)ntlm_response, sched1, DES_ENCRYPT);
  307
+		cipher_des_encrypt_ecb (key1, challenge, ntlm_response);
310 308
 
311 309
 		create_des_keys ((unsigned char *)&(md4_hash[7]), key2);
312  
-		des_set_key_unchecked ((des_cblock *)key2, sched2);
313  
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)&(ntlm_response[8]), sched2, DES_ENCRYPT);
  310
+		cipher_des_encrypt_ecb (key2, challenge, &ntlm_response[8]);
314 311
 
315 312
 		create_des_keys ((unsigned char *)&(md4_hash[14]), key3);
316  
-		des_set_key_unchecked ((des_cblock *)key3, sched3);
317  
-		des_ecb_encrypt ((des_cblock *)challenge, (des_cblock *)&(ntlm_response[16]), sched3, DES_ENCRYPT);
  313
+		cipher_des_encrypt_ecb (key3, challenge, &ntlm_response[16]);
318 314
 	}
319 315
 	
320 316
 	

0 notes on commit d86e009

Please sign in to comment.
Something went wrong with that request. Please try again.