static void creds_step(struct dcinfo *dc) { DOM_CHAL time_chal; DEBUG(5,("\tsequence = 0x%x\n", (unsigned int)dc->sequence )); DEBUG(5,("\tseed: %s\n", credstr(dc->seed_chal.data) )); SIVAL(time_chal.data, 0, IVAL(dc->seed_chal.data, 0) + dc->sequence); SIVAL(time_chal.data, 4, IVAL(dc->seed_chal.data, 4)); DEBUG(5,("\tseed+seq %s\n", credstr(time_chal.data) )); des_crypt112(dc->clnt_chal.data, time_chal.data, dc->sess_key, 1); DEBUG(5,("\tCLIENT %s\n", credstr(dc->clnt_chal.data) )); SIVAL(time_chal.data, 0, IVAL(dc->seed_chal.data, 0) + dc->sequence + 1); SIVAL(time_chal.data, 4, IVAL(dc->seed_chal.data, 4)); DEBUG(5,("\tseed+seq+1 %s\n", credstr(time_chal.data) )); des_crypt112(dc->srv_chal.data, time_chal.data, dc->sess_key, 1); DEBUG(5,("\tSERVER %s\n", credstr(dc->srv_chal.data) )); }
/* step the credentials to the next element in the chain, updating the current client and server credentials and the seed */ static void creds_step(struct creds_CredentialState *creds) { struct netr_Credential time_cred; DEBUG(5,("\tseed %08x:%08x\n", IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4))); SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence); SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4)); DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1); DEBUG(5,("\tCLIENT %08x:%08x\n", IVAL(creds->client.data, 0), IVAL(creds->client.data, 4))); SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1); SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4)); DEBUG(5,("\tseed+time+1 %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1); DEBUG(5,("\tSERVER %08x:%08x\n", IVAL(creds->server.data, 0), IVAL(creds->server.data, 4))); creds->seed = time_cred; }
/* initialise the credentials state for ADS-style 128 bit session keys this call is made after the netr_ServerReqChallenge call */ static void creds_init_128bit(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const struct samr_Password *machine_password) { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; struct MD5Context md5; ZERO_STRUCT(creds->session_key); memset(zero, 0, sizeof(zero)); hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx); MD5Init(&md5); MD5Update(&md5, zero, sizeof(zero)); MD5Update(&md5, client_challenge->data, 8); MD5Update(&md5, server_challenge->data, 8); MD5Final(tmp, &md5); hmac_md5_update(tmp, sizeof(tmp), &ctx); hmac_md5_final(creds->session_key, &ctx); creds->client = *client_challenge; creds->server = *server_challenge; des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1); des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1); creds->seed = creds->client; }
static void creds_init_128(struct dcinfo *dc, const DOM_CHAL *clnt_chal_in, const DOM_CHAL *srv_chal_in, const unsigned char mach_pw[16]) { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; struct MD5Context md5; /* Just in case this isn't already there */ memcpy(dc->mach_pw, mach_pw, 16); ZERO_STRUCT(dc->sess_key); memset(zero, 0, sizeof(zero)); hmac_md5_init_rfc2104(mach_pw, 16, &ctx); MD5Init(&md5); MD5Update(&md5, zero, sizeof(zero)); MD5Update(&md5, clnt_chal_in->data, 8); MD5Update(&md5, srv_chal_in->data, 8); MD5Final(tmp, &md5); hmac_md5_update(tmp, sizeof(tmp), &ctx); hmac_md5_final(dc->sess_key, &ctx); /* debug output */ DEBUG(5,("creds_init_128\n")); DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data))); DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data))); dump_data_pw("\tsession_key ", (const unsigned char *)dc->sess_key, 16); /* Generate the next client and server creds. */ des_crypt112(dc->clnt_chal.data, /* output */ clnt_chal_in->data, /* input */ dc->sess_key, /* input */ 1); des_crypt112(dc->srv_chal.data, /* output */ srv_chal_in->data, /* input */ dc->sess_key, /* input */ 1); /* Seed is the client chal. */ memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8); }
static void creds_init_64(struct dcinfo *dc, const DOM_CHAL *clnt_chal_in, const DOM_CHAL *srv_chal_in, const unsigned char mach_pw[16]) { uint32 sum[2]; unsigned char sum2[8]; /* Just in case this isn't already there */ if (dc->mach_pw != mach_pw) { memcpy(dc->mach_pw, mach_pw, 16); } sum[0] = IVAL(clnt_chal_in->data, 0) + IVAL(srv_chal_in->data, 0); sum[1] = IVAL(clnt_chal_in->data, 4) + IVAL(srv_chal_in->data, 4); SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); ZERO_STRUCT(dc->sess_key); des_crypt128(dc->sess_key, sum2, dc->mach_pw); /* debug output */ DEBUG(5,("creds_init_64\n")); DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data))); DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data))); DEBUG(5,("\tclnt+srv : %s\n", credstr(sum2))); DEBUG(5,("\tsess_key_out : %s\n", credstr(dc->sess_key))); /* Generate the next client and server creds. */ des_crypt112(dc->clnt_chal.data, /* output */ clnt_chal_in->data, /* input */ dc->sess_key, /* input */ 1); des_crypt112(dc->srv_chal.data, /* output */ srv_chal_in->data, /* input */ dc->sess_key, /* input */ 1); /* Seed is the client chal. */ memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8); }
/* initialise the credentials state for old-style 64 bit session keys this call is made after the netr_ServerReqChallenge call */ static void creds_init_64bit(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const struct samr_Password *machine_password) { uint32_t sum[2]; uint8_t sum2[8]; sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0); sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4); SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); ZERO_STRUCT(creds->session_key); des_crypt128(creds->session_key, sum2, machine_password->hash); des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1); des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1); creds->seed = creds->client; }
static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *in, struct netr_Credential *out) { des_crypt112(out->data, in->data, creds->session_key, 1); }