2
Unix SMB/CIFS implementation.
4
a partial implementation of DES designed for use in the
5
SMB authentication protocol
7
Copyright (C) Andrew Tridgell 1998
9
This program is free software; you can redistribute it and/or modify
10
it under the terms of the GNU General Public License as published by
11
the Free Software Foundation; either version 3 of the License, or
12
(at your option) any later version.
14
This program is distributed in the hope that it will be useful,
15
but WITHOUT ANY WARRANTY; without even the implied warranty of
16
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
GNU General Public License for more details.
19
You should have received a copy of the GNU General Public License
20
along with this program. If not, see <http://www.gnu.org/licenses/>.
27
This code makes no attempt to be fast! In fact, it is a very
30
This code is NOT a complete DES implementation. It implements only
31
the minimum necessary for SMB authentication, as used by all SMB
32
products (including every copy of Microsoft Windows95 ever sold)
34
In particular, it can only do a unchained forward DES pass. This
35
means it is not possible to use this code for encryption/decryption
36
of data, instead it is only useful as a "hash" algorithm.
38
There is no entry point into this code that allows normal DES operation.
40
I believe this means that this code does not come under ITAR
41
regulations but this is NOT a legal opinion. If you are concerned
42
about the applicability of ITAR regulations to this code then you
43
should confirm it for yourself (and maybe let me know if you come
44
up with a different answer to the one above)
48
#define uchar unsigned char
50
static const uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9,
51
1, 58, 50, 42, 34, 26, 18,
52
10, 2, 59, 51, 43, 35, 27,
53
19, 11, 3, 60, 52, 44, 36,
54
63, 55, 47, 39, 31, 23, 15,
55
7, 62, 54, 46, 38, 30, 22,
56
14, 6, 61, 53, 45, 37, 29,
57
21, 13, 5, 28, 20, 12, 4};
59
static const uchar perm2[48] = {14, 17, 11, 24, 1, 5,
63
41, 52, 31, 37, 47, 55,
64
30, 40, 51, 45, 33, 48,
65
44, 49, 39, 56, 34, 53,
66
46, 42, 50, 36, 29, 32};
68
static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
69
60, 52, 44, 36, 28, 20, 12, 4,
70
62, 54, 46, 38, 30, 22, 14, 6,
71
64, 56, 48, 40, 32, 24, 16, 8,
72
57, 49, 41, 33, 25, 17, 9, 1,
73
59, 51, 43, 35, 27, 19, 11, 3,
74
61, 53, 45, 37, 29, 21, 13, 5,
75
63, 55, 47, 39, 31, 23, 15, 7};
77
static const uchar perm4[48] = { 32, 1, 2, 3, 4, 5,
80
12, 13, 14, 15, 16, 17,
81
16, 17, 18, 19, 20, 21,
82
20, 21, 22, 23, 24, 25,
83
24, 25, 26, 27, 28, 29,
84
28, 29, 30, 31, 32, 1};
86
static const uchar perm5[32] = { 16, 7, 20, 21,
96
static const uchar perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
97
39, 7, 47, 15, 55, 23, 63, 31,
98
38, 6, 46, 14, 54, 22, 62, 30,
99
37, 5, 45, 13, 53, 21, 61, 29,
100
36, 4, 44, 12, 52, 20, 60, 28,
101
35, 3, 43, 11, 51, 19, 59, 27,
102
34, 2, 42, 10, 50, 18, 58, 26,
103
33, 1, 41, 9, 49, 17, 57, 25};
106
static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
108
static const uchar sbox[8][4][16] = {
109
{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
110
{0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
111
{4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
112
{15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
114
{{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
115
{3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
116
{0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
117
{13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
119
{{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
120
{13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
121
{13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
122
{1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
124
{{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
125
{13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
126
{10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
127
{3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
129
{{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
130
{14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
131
{4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
132
{11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
134
{{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
135
{10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
136
{9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
137
{4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
139
{{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
140
{13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
141
{1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
142
{6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
144
{{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
145
{1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
146
{7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
147
{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
149
static void permute(char *out, const char *in, const uchar *p, int n)
156
static void lshift(char *d, int count, int n)
161
out[i] = d[(i+count)%n];
166
static void concat(char *out, char *in1, char *in2, int l1, int l2)
174
static void x_or(char *out, char *in1, char *in2, int n)
178
out[i] = in1[i] ^ in2[i];
181
static void dohash(char *out, char *in, char *key, int forw)
193
permute(pk1, key, perm1, 56);
201
lshift(c, sc[i], 28);
202
lshift(d, sc[i], 28);
204
concat(cd, c, d, 28, 28);
205
permute(ki[i], cd, perm2, 48);
208
permute(pd1, in, perm3, 64);
223
permute(er, r, perm4, 48);
225
x_or(erk, er, ki[forw ? i : 15 - i], 48);
229
b[j][k] = erk[j*6 + k];
233
m = (b[j][0]<<1) | b[j][5];
235
n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
238
b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
244
permute(pcb, cb, perm5, 32);
246
x_or(r2, l, pcb, 32);
255
concat(rl, r, l, 32, 32);
257
permute(out, rl, perm6, 64);
260
/* Convert a 7 byte string to an 8 byte key. */
261
static void str_to_key(const unsigned char str[7], unsigned char key[8])
266
key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
267
key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
268
key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
269
key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
270
key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
271
key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
272
key[7] = str[6]&0x7F;
274
key[i] = (key[i]<<1);
279
void des_crypt56(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
285
unsigned char key2[8];
287
str_to_key(key, key2);
290
inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
291
keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
295
dohash(outb, inb, keyb, forw);
303
out[i/8] |= (1<<(7-(i%8)));
307
void E_P16(const unsigned char *p14,unsigned char *p16)
309
unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
310
des_crypt56(p16, sp8, p14, 1);
311
des_crypt56(p16+8, sp8, p14+7, 1);
314
void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24)
316
des_crypt56(p24, c8, p21, 1);
317
des_crypt56(p24+8, c8, p21+7, 1);
318
des_crypt56(p24+16, c8, p21+14, 1);
321
void D_P16(const unsigned char *p14, const unsigned char *in, unsigned char *out)
323
des_crypt56(out, in, p14, 0);
324
des_crypt56(out+8, in+8, p14+7, 0);
327
void E_old_pw_hash( unsigned char *p14, const unsigned char *in, unsigned char *out)
329
des_crypt56(out, in, p14, 1);
330
des_crypt56(out+8, in+8, p14+7, 1);
333
/* forward des encryption with a 128 bit key */
334
void des_crypt128(unsigned char out[8], const unsigned char in[8], const unsigned char key[16])
336
unsigned char buf[8];
338
des_crypt56(buf, in, key, 1);
339
des_crypt56(out, buf, key+9, 1);
342
/* forward des encryption with a 64 bit key */
343
void des_crypt64(unsigned char out[8], const unsigned char in[8], const unsigned char key[8])
345
unsigned char buf[8];
346
unsigned char key2[8];
349
des_crypt56(buf, in, key, 1);
351
des_crypt56(out, buf, key2, 1);
354
/* des encryption with a 112 bit (14 byte) key */
355
/* Note that if the forw is 1, and key is actually 8 bytes of key, followed by 6 bytes of zeros,
356
this is identical to des_crypt64(). JRA. */
358
void des_crypt112(unsigned char out[8], const unsigned char in[8], const unsigned char key[14], int forw)
360
unsigned char buf[8];
361
des_crypt56(buf, in, key, forw);
362
des_crypt56(out, buf, key+7, forw);
365
void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
367
unsigned char key2[8];
370
des_crypt56(out, in, key, forw);
372
des_crypt56(out + 8, in + 8, key2, forw);
375
/* des encryption of a 16 byte lump of data with a 112 bit key */
376
/* Note that if the key is actually 8 bytes of key, followed by 6 bytes of zeros,
377
this is identical to cred_hash3(). JRA. */
379
void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned char key[14], int forw)
381
des_crypt56(out, in, key, forw);
382
des_crypt56(out + 8, in + 8, key+7, forw);
385
/*****************************************************************
386
arc4 crypt/decrypt with a 16 byte key.
387
*****************************************************************/
389
void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len)
391
struct arcfour_state arc4_state;
392
const DATA_BLOB keyblob = data_blob_const(key, 16);
394
arcfour_init(&arc4_state, &keyblob);
395
arcfour_crypt_sbox(&arc4_state, data, len);
398
void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key)
400
struct arcfour_state arc4_state;
402
arcfour_init(&arc4_state, key);
403
arcfour_crypt_sbox(&arc4_state, data, len);
406
/* Decode a sam password hash into a password. The password hash is the
407
same method used to store passwords in the NT registry. The DES key
408
used is based on the RID of the user. */
410
void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw)
414
s[0] = s[4] = s[8] = s[12] = (uchar)(rid & 0xFF);
415
s[1] = s[5] = s[9] = s[13] = (uchar)((rid >> 8) & 0xFF);
416
s[2] = s[6] = s[10] = (uchar)((rid >> 16) & 0xFF);
417
s[3] = s[7] = s[11] = (uchar)((rid >> 24) & 0xFF);
419
des_crypt56(out, in, s, forw);
420
des_crypt56(out+8, in+8, s+7, forw);