void testrun_performance_arcfour(void){
uint64_t t;
char str[16];
uint8_t key[16];
arcfour_ctx_t ctx;
calibrateTimer();
print_overhead();
memset(key, 0, 16);
startTimer(1);
arcfour_init(key, 16, &ctx);
t = stopTimer();
uart_putstr_P(PSTR("\r\n\tctx-gen time: "));
ultoa((unsigned long)t, str, 10);
uart_putstr(str);
startTimer(1);
arcfour_gen(&ctx);
t = stopTimer();
uart_putstr_P(PSTR("\r\n\tencrypt time: "));
ultoa((unsigned long)t, str, 10);
uart_putstr(str);
uart_putstr_P(PSTR("\r\n"));
}
/**
Initialise the state for NTLMSSP signing.
*/
NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
{
unsigned char p24[24];
TALLOC_CTX *mem_ctx;
ZERO_STRUCT(p24);
mem_ctx = talloc_init("weak_keys");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
if (ntlmssp_state->session_key.length < 8) {
TALLOC_FREE(mem_ctx);
DEBUG(3, ("NO session key, cannot intialise signing\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
}
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
DATA_BLOB weak_session_key = ntlmssp_state->session_key;
const char *send_sign_const;
const char *send_seal_const;
const char *recv_sign_const;
const char *recv_seal_const;
DATA_BLOB send_seal_key_blob, recv_seal_blob;
switch (ntlmssp_state->role) {
case NTLMSSP_CLIENT:
send_sign_const = CLI_SIGN;
send_seal_const = CLI_SEAL;
recv_sign_const = SRV_SIGN;
recv_seal_const = SRV_SEAL;
break;
case NTLMSSP_SERVER:
send_sign_const = SRV_SIGN;
send_seal_const = SRV_SEAL;
recv_sign_const = CLI_SIGN;
recv_seal_const = CLI_SEAL;
break;
default:
TALLOC_FREE(mem_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
/**
Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
We probably should have some parameters to control this, once we get NTLM2 working.
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
;
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
weak_session_key.length = 7;
} else { /* forty bits */
weak_session_key.length = 5;
}
dump_data_pw("NTLMSSP weakend master key:\n",
weak_session_key.data,
weak_session_key.length);
/* SEND: sign key */
calc_ntlmv2_key(ntlmssp_state->send_sign_key,
ntlmssp_state->session_key, send_sign_const);
dump_data_pw("NTLMSSP send sign key:\n",
ntlmssp_state->send_sign_key, 16);
/* SEND: seal ARCFOUR pad */
calc_ntlmv2_key(ntlmssp_state->send_seal_key,
weak_session_key, send_seal_const);
dump_data_pw("NTLMSSP send seal key:\n",
ntlmssp_state->send_seal_key, 16);
send_seal_key_blob.data = ntlmssp_state->send_seal_key;
send_seal_key_blob.length = 16;
arcfour_init(&ntlmssp_state->send_seal_arc4_state,
&send_seal_key_blob);
dump_arc4_state("NTLMSSP send seal arc4 state:\n",
&ntlmssp_state->send_seal_arc4_state);
/* RECV: sign key */
calc_ntlmv2_key(ntlmssp_state->recv_sign_key,
ntlmssp_state->session_key, recv_sign_const);
dump_data_pw("NTLMSSP recv send sign key:\n",
ntlmssp_state->recv_sign_key, 16);
/* RECV: seal ARCFOUR pad */
calc_ntlmv2_key(ntlmssp_state->recv_seal_key,
weak_session_key, recv_seal_const);
dump_data_pw("NTLMSSP recv seal key:\n",
ntlmssp_state->recv_seal_key, 16);
recv_seal_blob.data = ntlmssp_state->recv_seal_key;
recv_seal_blob.length = 16;
arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
&recv_seal_blob);
dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
&ntlmssp_state->recv_seal_arc4_state);
ntlmssp_state->ntlm2_send_seq_num = 0;
ntlmssp_state->ntlm2_recv_seq_num = 0;
} else {
#if 0
/* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */
DATA_BLOB weak_session_key = ntlmssp_state->session_key;
/**
Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
We probably should have some parameters to control this, once we get NTLM2 working.
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
;
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
weak_session_key.length = 6;
} else { /* forty bits */
weak_session_key.length = 5;
}
dump_data_pw("NTLMSSP weakend master key:\n",
weak_session_key.data,
weak_session_key.length);
#endif
DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx);
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
&weak_session_key);
dump_arc4_state("NTLMv1 arc4 state:\n",
&ntlmssp_state->ntlmv1_arc4_state);
ntlmssp_state->ntlmv1_seq_num = 0;
}
TALLOC_FREE(mem_ctx);
return NT_STATUS_OK;
}
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void arcfour_genctx_dummy(uint8_t* key, uint16_t keysize, void* ctx){
arcfour_init(key, (uint8_t)((keysize+7)/8), ctx);
}
void cipher_set_key(CipherContext * context, int cipher, const unsigned char *key, int keylen, int for_encryption)
{
unsigned char padded[32];
/* Clear the context to remove any traces of old keys. */
memset(context, 0, sizeof(*context));
/* Set cipher type. */
context->type = cipher;
/* Get 32 bytes of key data. Pad if necessary. (So that code below does
not need to worry about key size). */
memset(padded, 0, sizeof(padded));
memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
/* Initialize the initialization vector. */
switch (cipher) {
case SSH_CIPHER_NONE:
break;
#ifdef WITH_IDEA
case SSH_CIPHER_IDEA:
if (keylen < 16)
error("Key length %d is insufficient for IDEA.", keylen);
idea_set_key(&context->u.idea.key, padded);
memset(context->u.idea.iv, 0, sizeof(context->u.idea.iv));
break;
#endif /* WITH_IDEA */
#ifdef WITH_DES
case SSH_CIPHER_DES:
/* Note: the least significant bit of each byte of key is parity,
and must be ignored by the implementation. 8 bytes of key are
used. */
if (keylen < 8)
error("Key length %d is insufficient for DES.", keylen);
des_set_key(padded, &context->u.des.key);
memset(context->u.des.iv, 0, sizeof(context->u.des.iv));
break;
#endif /* WITH_DES */
case SSH_CIPHER_3DES:
/* Note: the least significant bit of each byte of key is parity,
and must be ignored by the implementation. 16 bytes of key are
used (first and last keys are the same). */
if (keylen < 16)
error("Key length %d is insufficient for 3DES.", keylen);
des_set_key(padded, &context->u.des3.key1);
des_set_key(padded + 8, &context->u.des3.key2);
if (keylen <= 16)
des_set_key(padded, &context->u.des3.key3);
else
des_set_key(padded + 16, &context->u.des3.key3);
memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1));
memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
break;
#ifdef WITH_ARCFOUR
case SSH_CIPHER_ARCFOUR:
arcfour_init(&context->u.arcfour, key, keylen);
break;
#endif /* WITH_ARCFOUR */
#ifdef WITH_BLOWFISH
case SSH_CIPHER_BLOWFISH:
if (keylen < 8)
error("Key length %d is insufficient for Blowfish", keylen);
blowfish_set_key(&context->u.blowfish, key, keylen, for_encryption);
break;
#endif /* WITH_BLOWFISH */
default:
fatal("cipher_set_key: unknown cipher: %d", cipher);
}
memset(padded, 0, sizeof(padded));
}
