summaryrefslogtreecommitdiffstats
path: root/source/n/samba/0000-use-gnutls-for-des-cbc.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/samba/0000-use-gnutls-for-des-cbc.patch')
-rw-r--r--source/n/samba/0000-use-gnutls-for-des-cbc.patch371
1 files changed, 371 insertions, 0 deletions
diff --git a/source/n/samba/0000-use-gnutls-for-des-cbc.patch b/source/n/samba/0000-use-gnutls-for-des-cbc.patch
new file mode 100644
index 000000000..9180a646c
--- /dev/null
+++ b/source/n/samba/0000-use-gnutls-for-des-cbc.patch
@@ -0,0 +1,371 @@
+From 21073bff847fbc41d3dab0a649fa400d8188fa16 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Sat, 19 Oct 2019 23:48:19 +0300
+Subject: [PATCH 1/2] smbdes: add des_crypt56_gnutls() using use DES-CBC with
+ zeroed IV
+
+Signed-off-by: Isaac Boukris <iboukris@gmail.com>
+---
+ libcli/auth/smbdes.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 47 insertions(+)
+
+diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
+index 6d9a6dc2ce8..37ede91ad22 100644
+--- a/libcli/auth/smbdes.c
++++ b/libcli/auth/smbdes.c
+@@ -23,6 +23,9 @@
+ #include "includes.h"
+ #include "libcli/auth/libcli_auth.h"
+
++#include <gnutls/gnutls.h>
++#include <gnutls/crypto.h>
++
+ /* NOTES:
+
+ This code makes no attempt to be fast! In fact, it is a very
+@@ -273,6 +276,50 @@ static void str_to_key(const uint8_t *str,uint8_t *key)
+ }
+ }
+
++static int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8],
++ const uint8_t key_in[7], bool enc)
++{
++ static uint8_t iv8[8];
++ gnutls_datum_t iv = { iv8, 8 };
++ gnutls_datum_t key;
++ gnutls_cipher_hd_t ctx;
++ uint8_t key2[8];
++ uint8_t outb[8];
++ int ret;
++
++ memset(out, 0, 8);
++
++ str_to_key(key_in, key2);
++
++ key.data = key2;
++ key.size = 8;
++
++ ret = gnutls_global_init();
++ if (ret != 0) {
++ return ret;
++ }
++
++ ret = gnutls_cipher_init(&ctx, GNUTLS_CIPHER_DES_CBC, &key, &iv);
++ if (ret != 0) {
++ return ret;
++ }
++
++ memcpy(outb, in, 8);
++ if (enc) {
++ ret = gnutls_cipher_encrypt(ctx, outb, 8);
++ } else {
++ ret = gnutls_cipher_decrypt(ctx, outb, 8);
++ }
++
++ if (ret == 0) {
++ memcpy(out, outb, 8);
++ }
++
++ gnutls_cipher_deinit(ctx);
++
++ return ret;
++}
++
+ /*
+ basic des crypt using a 56 bit (7 byte) key
+ */
+--
+2.22.0
+
+
+From 6d6651213f391840e3004ec3b055f8f25be9b360 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Mon, 21 Oct 2019 20:03:04 +0300
+Subject: [PATCH 2/2] smbdes: use the new des_crypt56_gnutls()
+
+and remove builtin DES crypto.
+
+Signed-off-by: Isaac Boukris <iboukris@gmail.com>
+---
+ libcli/auth/smbdes.c | 258 +------------------------------------------
+ 1 file changed, 1 insertion(+), 257 deletions(-)
+
+diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
+index 37ede91ad22..7de05b75303 100644
+--- a/libcli/auth/smbdes.c
++++ b/libcli/auth/smbdes.c
+@@ -26,239 +26,6 @@
+ #include <gnutls/gnutls.h>
+ #include <gnutls/crypto.h>
+
+-/* NOTES:
+-
+- This code makes no attempt to be fast! In fact, it is a very
+- slow implementation
+-
+- This code is NOT a complete DES implementation. It implements only
+- the minimum necessary for SMB authentication, as used by all SMB
+- products (including every copy of Microsoft Windows95 ever sold)
+-
+- In particular, it can only do a unchained forward DES pass. This
+- means it is not possible to use this code for encryption/decryption
+- of data, instead it is only useful as a "hash" algorithm.
+-
+- There is no entry point into this code that allows normal DES operation.
+-
+- I believe this means that this code does not come under ITAR
+- regulations but this is NOT a legal opinion. If you are concerned
+- about the applicability of ITAR regulations to this code then you
+- should confirm it for yourself (and maybe let me know if you come
+- up with a different answer to the one above)
+-*/
+-
+-
+-static const uint8_t perm1[56] = {57, 49, 41, 33, 25, 17, 9,
+- 1, 58, 50, 42, 34, 26, 18,
+- 10, 2, 59, 51, 43, 35, 27,
+- 19, 11, 3, 60, 52, 44, 36,
+- 63, 55, 47, 39, 31, 23, 15,
+- 7, 62, 54, 46, 38, 30, 22,
+- 14, 6, 61, 53, 45, 37, 29,
+- 21, 13, 5, 28, 20, 12, 4};
+-
+-static const uint8_t perm2[48] = {14, 17, 11, 24, 1, 5,
+- 3, 28, 15, 6, 21, 10,
+- 23, 19, 12, 4, 26, 8,
+- 16, 7, 27, 20, 13, 2,
+- 41, 52, 31, 37, 47, 55,
+- 30, 40, 51, 45, 33, 48,
+- 44, 49, 39, 56, 34, 53,
+- 46, 42, 50, 36, 29, 32};
+-
+-static const uint8_t perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
+- 60, 52, 44, 36, 28, 20, 12, 4,
+- 62, 54, 46, 38, 30, 22, 14, 6,
+- 64, 56, 48, 40, 32, 24, 16, 8,
+- 57, 49, 41, 33, 25, 17, 9, 1,
+- 59, 51, 43, 35, 27, 19, 11, 3,
+- 61, 53, 45, 37, 29, 21, 13, 5,
+- 63, 55, 47, 39, 31, 23, 15, 7};
+-
+-static const uint8_t perm4[48] = { 32, 1, 2, 3, 4, 5,
+- 4, 5, 6, 7, 8, 9,
+- 8, 9, 10, 11, 12, 13,
+- 12, 13, 14, 15, 16, 17,
+- 16, 17, 18, 19, 20, 21,
+- 20, 21, 22, 23, 24, 25,
+- 24, 25, 26, 27, 28, 29,
+- 28, 29, 30, 31, 32, 1};
+-
+-static const uint8_t perm5[32] = { 16, 7, 20, 21,
+- 29, 12, 28, 17,
+- 1, 15, 23, 26,
+- 5, 18, 31, 10,
+- 2, 8, 24, 14,
+- 32, 27, 3, 9,
+- 19, 13, 30, 6,
+- 22, 11, 4, 25};
+-
+-
+-static const uint8_t perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
+- 39, 7, 47, 15, 55, 23, 63, 31,
+- 38, 6, 46, 14, 54, 22, 62, 30,
+- 37, 5, 45, 13, 53, 21, 61, 29,
+- 36, 4, 44, 12, 52, 20, 60, 28,
+- 35, 3, 43, 11, 51, 19, 59, 27,
+- 34, 2, 42, 10, 50, 18, 58, 26,
+- 33, 1, 41, 9, 49, 17, 57, 25};
+-
+-
+-static const uint8_t sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
+-
+-static const uint8_t sbox[8][4][16] = {
+- {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
+- {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
+- {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
+- {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
+-
+- {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
+- {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
+- {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
+- {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
+-
+- {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
+- {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
+- {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
+- {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
+-
+- {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
+- {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
+- {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
+- {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
+-
+- {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
+- {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
+- {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
+- {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
+-
+- {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
+- {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
+- {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
+- {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
+-
+- {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
+- {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
+- {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
+- {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
+-
+- {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
+- {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
+- {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
+- {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
+-
+-static void permute(char *out, const char *in, const uint8_t *p, int n)
+-{
+- int i;
+- for (i=0;i<n;i++)
+- out[i] = in[p[i]-1];
+-}
+-
+-static void lshift(char *d, int count, int n)
+-{
+- char out[64];
+- int i;
+- for (i=0;i<n;i++)
+- out[i] = d[(i+count)%n];
+- for (i=0;i<n;i++)
+- d[i] = out[i];
+-}
+-
+-static void concat(char *out, char *in1, char *in2, int l1, int l2)
+-{
+- while (l1--)
+- *out++ = *in1++;
+- while (l2--)
+- *out++ = *in2++;
+-}
+-
+-static void xor(char *out, char *in1, char *in2, int n)
+-{
+- int i;
+- for (i=0;i<n;i++)
+- out[i] = in1[i] ^ in2[i];
+-}
+-
+-static void dohash(char *out, char *in, char *key, int forw)
+-{
+- int i, j, k;
+- char pk1[56];
+- char c[28];
+- char d[28];
+- char cd[56];
+- char ki[16][48];
+- char pd1[64];
+- char l[32], r[32];
+- char rl[64];
+-
+- permute(pk1, key, perm1, 56);
+-
+- for (i=0;i<28;i++)
+- c[i] = pk1[i];
+- for (i=0;i<28;i++)
+- d[i] = pk1[i+28];
+-
+- for (i=0;i<16;i++) {
+- lshift(c, sc[i], 28);
+- lshift(d, sc[i], 28);
+-
+- concat(cd, c, d, 28, 28);
+- permute(ki[i], cd, perm2, 48);
+- }
+-
+- permute(pd1, in, perm3, 64);
+-
+- for (j=0;j<32;j++) {
+- l[j] = pd1[j];
+- r[j] = pd1[j+32];
+- }
+-
+- for (i=0;i<16;i++) {
+- char er[48];
+- char erk[48];
+- char b[8][6];
+- char cb[32];
+- char pcb[32];
+- char r2[32];
+-
+- permute(er, r, perm4, 48);
+-
+- xor(erk, er, ki[forw ? i : 15 - i], 48);
+-
+- for (j=0;j<8;j++)
+- for (k=0;k<6;k++)
+- b[j][k] = erk[j*6 + k];
+-
+- for (j=0;j<8;j++) {
+- int m, n;
+- m = (b[j][0]<<1) | b[j][5];
+-
+- n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
+-
+- for (k=0;k<4;k++)
+- b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
+- }
+-
+- for (j=0;j<8;j++)
+- for (k=0;k<4;k++)
+- cb[j*4+k] = b[j][k];
+- permute(pcb, cb, perm5, 32);
+-
+- xor(r2, l, pcb, 32);
+-
+- for (j=0;j<32;j++)
+- l[j] = r[j];
+-
+- for (j=0;j<32;j++)
+- r[j] = r2[j];
+- }
+-
+- concat(rl, r, l, 32, 32);
+-
+- permute(out, rl, perm6, 64);
+-}
+-
+ static void str_to_key(const uint8_t *str,uint8_t *key)
+ {
+ int i;
+@@ -325,30 +92,7 @@ static int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8],
+ */
+ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw)
+ {
+- int i;
+- char outb[64];
+- char inb[64];
+- char keyb[64];
+- uint8_t key2[8];
+-
+- str_to_key(key, key2);
+-
+- for (i=0;i<64;i++) {
+- inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
+- keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
+- outb[i] = 0;
+- }
+-
+- dohash(outb, inb, keyb, forw);
+-
+- for (i=0;i<8;i++) {
+- out[i] = 0;
+- }
+-
+- for (i=0;i<64;i++) {
+- if (outb[i])
+- out[i/8] |= (1<<(7-(i%8)));
+- }
++ (void)des_crypt56_gnutls(out, in, key, forw);
+ }
+
+ void E_P16(const uint8_t *p14,uint8_t *p16)
+--
+2.22.0
+