OpenVAS Scanner  22.7.9
smb_crypt.c File Reference

Unix SMB/Netbios implementation. Version 1.9. More...

#include "smb_crypt.h"
#include "proto.h"
#include <glib.h>
Include dependency graph for smb_crypt.c:

Go to the source code of this file.

Macros

#define int16   1
 
#define FSTRING_LEN   256
 

Typedefs

typedef char fstring[FSTRING_LEN]
 

Functions

static void permute (char *out, char *in, const uchar *p, int n)
 
static void lshift (char *d, int count, int n)
 
static void concat (char *out, char *in1, char *in2, int l1, int l2)
 
static void xor (char *out, char *in1, char *in2, int n)
 
static void dohash (char *out, char *in, char *key, int forw)
 
static void str_to_key (const uchar *str, uchar *key)
 
static void smbhash (uchar *out, const uchar *in, const uchar *key, int forw)
 
void E_P16 (uchar *p14, uchar *p16)
 
void E_P24 (const uchar *p21, const uchar *c8, uchar *p24)
 
void SamOEMhash (uchar *data, const uchar *key, int val)
 
void SMBsesskeygen_ntv1_ntlmssp (const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
 
void SMBOWFencrypt_ntlmssp (const uchar passwd[16], const uchar *c8, uchar p24[24])
 
void SMBencrypt_hash_ntlmssp (const uchar lm_hash[16], const uchar *c8, uchar p24[24])
 
void SMBNTencrypt_hash_ntlmssp (const uchar nt_hash[16], uchar *c8, uchar *p24)
 
void SMBsesskeygen_lm_sess_key_ntlmssp (const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
 
bool E_deshash_ntlmssp (const char *passwd, uint8_t pass_len, uchar p16[16])
 
void SMBsesskeygen_ntv2_ntlmssp (const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
 
uint8_t * NTLMv2_generate_client_data_ntlmssp (const char *addr_list, int address_list_len)
 
void NTLMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
 
void LMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
 
void SMBNTLMv2encrypt_hash_ntlmssp (const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
 

Variables

static const uchar perm1 [56]
 
static const uchar perm2 [48]
 
static const uchar perm3 [64]
 
static const uchar perm4 [48]
 
static const uchar perm5 [32]
 
static const uchar perm6 [64]
 
static const uchar sc [16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}
 
static const uchar sbox [8][4][16]
 

Detailed Description

Unix SMB/Netbios implementation. Version 1.9.

a partial implementation of DES designed for use in the SMB authentication protocol

Definition in file smb_crypt.c.

Macro Definition Documentation

◆ FSTRING_LEN

#define FSTRING_LEN   256

Definition at line 54 of file smb_crypt.c.

◆ int16

#define int16   1

Definition at line 51 of file smb_crypt.c.

Typedef Documentation

◆ fstring

typedef char fstring[FSTRING_LEN]

Definition at line 55 of file smb_crypt.c.

Function Documentation

◆ concat()

static void concat ( char *  out,
char *  in1,
char *  in2,
int  l1,
int  l2 
)
static

Definition at line 152 of file smb_crypt.c.

153 {
154  while (l1--)
155  *out++ = *in1++;
156  while (l2--)
157  *out++ = *in2++;
158 }

Referenced by dohash().

Here is the caller graph for this function:

◆ dohash()

static void dohash ( char *  out,
char *  in,
char *  key,
int  forw 
)
static

Definition at line 167 of file smb_crypt.c.

168 {
169  int i, j, k;
170  char pk1[56];
171  char c[28];
172  char d[28];
173  char cd[56];
174  char ki[16][48];
175  char pd1[64];
176  char l[32], r[32];
177  char rl[64];
178 
179  permute (pk1, key, perm1, 56);
180 
181  for (i = 0; i < 28; i++)
182  c[i] = pk1[i];
183  for (i = 0; i < 28; i++)
184  d[i] = pk1[i + 28];
185 
186  for (i = 0; i < 16; i++)
187  {
188  lshift (c, sc[i], 28);
189  lshift (d, sc[i], 28);
190 
191  concat (cd, c, d, 28, 28);
192  permute (ki[i], cd, perm2, 48);
193  }
194 
195  permute (pd1, in, perm3, 64);
196 
197  for (j = 0; j < 32; j++)
198  {
199  l[j] = pd1[j];
200  r[j] = pd1[j + 32];
201  }
202 
203  for (i = 0; i < 16; i++)
204  {
205  char er[48];
206  char erk[48];
207  char b[8][6];
208  char cb[32];
209  char pcb[32];
210  char r2[32];
211 
212  permute (er, r, perm4, 48);
213 
214  xor(erk, er, ki[forw ? i : 15 - i], 48);
215 
216  for (j = 0; j < 8; j++)
217  for (k = 0; k < 6; k++)
218  b[j][k] = erk[j * 6 + k];
219 
220  for (j = 0; j < 8; j++)
221  {
222  int m, n;
223  m = (b[j][0] << 1) | b[j][5];
224 
225  n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4];
226 
227  for (k = 0; k < 4; k++)
228  b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0;
229  }
230 
231  for (j = 0; j < 8; j++)
232  for (k = 0; k < 4; k++)
233  cb[j * 4 + k] = b[j][k];
234  permute (pcb, cb, perm5, 32);
235 
236  xor(r2, l, pcb, 32);
237 
238  for (j = 0; j < 32; j++)
239  l[j] = r[j];
240 
241  for (j = 0; j < 32; j++)
242  r[j] = r2[j];
243  }
244 
245  concat (rl, r, l, 32, 32);
246 
247  permute (out, rl, perm6, 64);
248 }

References concat(), lshift(), perm1, perm2, perm3, perm4, perm5, perm6, permute(), sbox, sc, and xor().

Referenced by smbhash().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ E_deshash_ntlmssp()

bool E_deshash_ntlmssp ( const char *  passwd,
uint8_t  pass_len,
uchar  p16[16] 
)

Creates the DES forward-only Hash of the users password in DOS ASCII charset

Parameters
passwdpassword in 'unix' charset.
p16return password hashed with DES, caller allocated 16 byte buffer
Returns
False if password was > 14 characters, and therefore may be incorrect, otherwise True
Note
p16 is filled in regardless

Definition at line 437 of file smb_crypt.c.

438 {
439  bool ret = True;
440  fstring dospwd;
441  ZERO_STRUCT (dospwd);
442  char *dpass;
443 
444  /* Password must be converted to DOS charset - null terminated, uppercase. */
445  dpass = g_utf8_strup (passwd, pass_len);
446  memcpy (dospwd, dpass, pass_len);
447  g_free (dpass);
448 
449  /* Only the first 14 chars are considered, password need not be null
450  * terminated. */
451  E_P16 ((unsigned char *) dospwd, p16);
452 
453  if (strlen (dospwd) > 14)
454  {
455  ret = False;
456  }
457 
458  ZERO_STRUCT (dospwd);
459 
460  return ret;
461 }

References E_P16(), False, True, and ZERO_STRUCT.

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ E_P16()

void E_P16 ( uchar p14,
uchar p16 
)

Definition at line 302 of file smb_crypt.c.

303 {
304  uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
305  smbhash (p16, sp8, p14, 1);
306  smbhash (p16 + 8, sp8, p14 + 7, 1);
307 }

References smbhash(), and uchar.

Referenced by E_deshash_ntlmssp(), and nasl_lm_owf_gen().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ E_P24()

void E_P24 ( const uchar p21,
const uchar c8,
uchar p24 
)

Definition at line 310 of file smb_crypt.c.

311 {
312  smbhash (p24, c8, p21, 1);
313  smbhash (p24 + 8, c8, p21 + 7, 1);
314  smbhash (p24 + 16, c8, p21 + 14, 1);
315 }

References smbhash().

Referenced by nasl_ntlmv1_hash(), and SMBOWFencrypt_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ LMv2_generate_response_ntlmssp()

void LMv2_generate_response_ntlmssp ( const uchar  ntlm_v2_hash[16],
const char *  server_chal,
uint8_t *  lm_response 
)

Definition at line 534 of file smb_crypt.c.

536 {
537  uchar lmv2_response[16];
538  uint8_t lmv2_client_data[8];
539 
540  /* LMv2 */
541  /* client-supplied random data */
542  generate_random_buffer_ntlmssp (lmv2_client_data, sizeof (lmv2_client_data));
543 
544  /* Given that data, and the challenge from the server, generate a response */
545  SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
546  lmv2_client_data, sizeof (lmv2_client_data),
547  lmv2_response);
548  memcpy (lm_response, lmv2_response, sizeof (lmv2_response));
549 
550  /* after the first 16 bytes is the random data we generated above,
551  so the server can verify us with it */
552  memcpy (lm_response + sizeof (lmv2_response), lmv2_client_data,
553  sizeof (lmv2_client_data));
554 }

References generate_random_buffer_ntlmssp(), SMBOWFencrypt_ntv2_ntlmssp(), and uchar.

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ lshift()

static void lshift ( char *  d,
int  count,
int  n 
)
static

Definition at line 141 of file smb_crypt.c.

142 {
143  char out[64];
144  int i;
145  for (i = 0; i < n; i++)
146  out[i] = d[(i + count) % n];
147  for (i = 0; i < n; i++)
148  d[i] = out[i];
149 }

Referenced by dohash().

Here is the caller graph for this function:

◆ NTLMv2_generate_client_data_ntlmssp()

uint8_t* NTLMv2_generate_client_data_ntlmssp ( const char *  addr_list,
int  address_list_len 
)

Definition at line 476 of file smb_crypt.c.

478 {
479  int i = 0;
480  /*length of response
481  *header-4, reserved-4, date-8, client chal-8, unknown-4, addr_list-size sent
482  *in arguments
483  */
484  uchar client_chal[8];
485  uint8_t *response = g_malloc0 (28 + address_list_len);
486  char long_date[8];
487  int header = 0x00000101;
488  int zeros = 0x00000000;
489 
490  generate_random_buffer_ntlmssp (client_chal, sizeof (client_chal));
491 
492  put_long_date_ntlmssp (long_date, time (NULL));
493  SIVAL (response, 0, header);
494  SIVAL (response, 4, zeros);
495  memcpy (response + 4 + 4, long_date, 8);
496  memcpy (response + 4 + 4 + sizeof (long_date), client_chal, 8);
497  SIVAL (response, 24, zeros);
498  for (i = 0; i < address_list_len; i++)
499  {
500  *(response + 28 + i) = *(addr_list + i);
501  }
502 
503  return response;
504 }

References generate_random_buffer_ntlmssp(), put_long_date_ntlmssp(), SIVAL, and uchar.

Referenced by NTLMv2_generate_response_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ NTLMv2_generate_response_ntlmssp()

void NTLMv2_generate_response_ntlmssp ( const uchar  ntlm_v2_hash[16],
const char *  server_chal,
const char *  address_list,
int  address_list_len,
uint8_t *  nt_response 
)

Definition at line 507 of file smb_crypt.c.

511 {
512  uchar ntlmv2_response[16];
513  uint8_t *ntlmv2_client_data;
514 
515  /* NTLMv2 */
516  /* generate some data to pass into the response function - including
517  the hostname and domain name of the server */
518  ntlmv2_client_data =
519  NTLMv2_generate_client_data_ntlmssp (address_list, address_list_len);
520 
521  /* Given that data, and the challenge from the server, generate a response */
522  int client_data_len = 28 + address_list_len;
523  SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
524  ntlmv2_client_data, client_data_len,
525  ntlmv2_response);
526  memcpy (nt_response, ntlmv2_response, sizeof (ntlmv2_response));
527  memcpy (nt_response + sizeof (ntlmv2_response), ntlmv2_client_data,
528  client_data_len);
529 
530  g_free (ntlmv2_client_data);
531 }

References NTLMv2_generate_client_data_ntlmssp(), SMBOWFencrypt_ntv2_ntlmssp(), and uchar.

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ permute()

static void permute ( char *  out,
char *  in,
const uchar p,
int  n 
)
static

Definition at line 133 of file smb_crypt.c.

134 {
135  int i;
136  for (i = 0; i < n; i++)
137  out[i] = in[p[i] - 1];
138 }

Referenced by dohash().

Here is the caller graph for this function:

◆ SamOEMhash()

void SamOEMhash ( uchar data,
const uchar key,
int  val 
)

Definition at line 318 of file smb_crypt.c.

319 {
320  uchar hash[256];
321  uchar index_i = 0;
322  uchar index_j = 0;
323  uchar j = 0;
324  int ind;
325  int len = 0;
326  if (val == 1)
327  len = 516;
328  if (val == 0)
329  len = 16;
330  if (val == 3)
331  len = 8;
332  if (val == 2)
333  len = 68;
334  if (val == 4)
335  len = 32;
336 
337  if (val >= 8)
338  len = val;
339 
340  for (ind = 0; ind < 256; ind++)
341  {
342  hash[ind] = (uchar) ind;
343  }
344 
345  for (ind = 0; ind < 256; ind++)
346  {
347  uchar tc;
348 
349  j += (hash[ind] + key[ind % 16]);
350 
351  tc = hash[ind];
352  hash[ind] = hash[j];
353  hash[j] = tc;
354  }
355  for (ind = 0; ind < len; ind++)
356  {
357  uchar tc;
358  uchar t;
359 
360  index_i++;
361  index_j += hash[index_i];
362 
363  tc = hash[index_i];
364  hash[index_i] = hash[index_j];
365  hash[index_j] = tc;
366 
367  t = hash[index_i] + hash[index_j];
368  data[ind] = data[ind] ^ hash[t];
369  }
370 }

References len, uchar, and val.

Referenced by ntlmssp_genauth_keyexchg().

Here is the caller graph for this function:

◆ SMBencrypt_hash_ntlmssp()

void SMBencrypt_hash_ntlmssp ( const uchar  lm_hash[16],
const uchar c8,
uchar  p24[24] 
)

Definition at line 394 of file smb_crypt.c.

396 {
397  uchar p21[21];
398 
399  memset (p21, '\0', 21);
400  memcpy (p21, lm_hash, 16);
401  SMBOWFencrypt_ntlmssp (p21, c8, p24);
402 }

References SMBOWFencrypt_ntlmssp(), and uchar.

Referenced by ntlmssp_genauth_ntlm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ smbhash()

static void smbhash ( uchar out,
const uchar in,
const uchar key,
int  forw 
)
static

Definition at line 270 of file smb_crypt.c.

271 {
272  int i;
273  char outb[64];
274  char inb[64];
275  char keyb[64];
276  uchar key2[8];
277 
278  str_to_key (key, key2);
279 
280  for (i = 0; i < 64; i++)
281  {
282  inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
283  keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
284  outb[i] = 0;
285  }
286 
287  dohash (outb, inb, keyb, forw);
288 
289  for (i = 0; i < 8; i++)
290  {
291  out[i] = 0;
292  }
293 
294  for (i = 0; i < 64; i++)
295  {
296  if (outb[i])
297  out[i / 8] |= (1 << (7 - (i % 8)));
298  }
299 }

References dohash(), str_to_key(), and uchar.

Referenced by E_P16(), and E_P24().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBNTencrypt_hash_ntlmssp()

void SMBNTencrypt_hash_ntlmssp ( const uchar  nt_hash[16],
uchar c8,
uchar p24 
)

Definition at line 406 of file smb_crypt.c.

407 {
408  uchar p21[21];
409 
410  memset (p21, '\0', 21);
411  memcpy (p21, nt_hash, 16);
412  SMBOWFencrypt_ntlmssp (p21, c8, p24);
413 }

References SMBOWFencrypt_ntlmssp(), and uchar.

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBNTLMv2encrypt_hash_ntlmssp()

void SMBNTLMv2encrypt_hash_ntlmssp ( const char *  user,
const char *  domain,
uchar  ntlm_v2_hash[16],
const char *  server_chal,
const char *  address_list,
int  address_list_len,
uint8_t *  lm_response,
uint8_t *  nt_response,
uint8_t *  user_session_key 
)

Definition at line 557 of file smb_crypt.c.

562 {
563  (void) user;
564  (void) domain;
565  NTLMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, address_list,
566  address_list_len, nt_response);
567 
568  /* The NTLMv2 calculations also provide a session key, for signing etc later
569  */
570  /* use only the first 16 bytes of nt_response for session key */
571  SMBsesskeygen_ntv2_ntlmssp (ntlm_v2_hash, nt_response, user_session_key);
572 
573  LMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, lm_response);
574 }

References LMv2_generate_response_ntlmssp(), NTLMv2_generate_response_ntlmssp(), and SMBsesskeygen_ntv2_ntlmssp().

Referenced by ntlmssp_genauth_ntlmv2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBOWFencrypt_ntlmssp()

void SMBOWFencrypt_ntlmssp ( const uchar  passwd[16],
const uchar c8,
uchar  p24[24] 
)

Definition at line 384 of file smb_crypt.c.

385 {
386  uchar p21[21];
387 
388  ZERO_STRUCT (p21);
389  memcpy (p21, passwd, 16);
390  E_P24 (p21, c8, p24);
391 }

References E_P24(), uchar, and ZERO_STRUCT.

Referenced by SMBencrypt_hash_ntlmssp(), SMBNTencrypt_hash_ntlmssp(), and SMBsesskeygen_lm_sess_key_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBsesskeygen_lm_sess_key_ntlmssp()

void SMBsesskeygen_lm_sess_key_ntlmssp ( const uchar  lm_hash[16],
const uchar  lm_resp[24],
uint8  sess_key[16] 
)

Definition at line 416 of file smb_crypt.c.

418 {
419  uchar p24[24];
420  uchar partial_lm_hash[16];
421 
422  memcpy (partial_lm_hash, lm_hash, 8);
423  memset (partial_lm_hash + 8, 0xbd, 8);
424  SMBOWFencrypt_ntlmssp (partial_lm_hash, lm_resp, p24);
425  memcpy (sess_key, p24, 16);
426 }

References SMBOWFencrypt_ntlmssp(), and uchar.

Referenced by ntlmssp_genauth_ntlm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBsesskeygen_ntv1_ntlmssp()

void SMBsesskeygen_ntv1_ntlmssp ( const uchar  kr[16],
const uchar nt_resp,
uint8  sess_key[16] 
)

Definition at line 373 of file smb_crypt.c.

375 {
376  /* yes, this session key does not change - yes, this
377  is a problem - but it is 128 bits */
378  (void) nt_resp;
379  mdfour_ntlmssp ((unsigned char *) sess_key, kr, 16);
380 }

References mdfour_ntlmssp().

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBsesskeygen_ntv2_ntlmssp()

void SMBsesskeygen_ntv2_ntlmssp ( const uchar  kr[16],
const uchar nt_resp,
uint8  sess_key[16] 
)

Definition at line 463 of file smb_crypt.c.

465 {
466  /* a very nice, 128 bit, variable session key */
467 
468  HMACMD5Context ctx;
469 
470  hmac_md5_init_limK_to_64 (kr, 16, &ctx);
471  hmac_md5_update (nt_resp, 16, &ctx);
472  hmac_md5_final ((unsigned char *) sess_key, &ctx);
473 }

References hmac_md5_final(), hmac_md5_init_limK_to_64(), and hmac_md5_update().

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ str_to_key()

static void str_to_key ( const uchar str,
uchar key 
)
static

Definition at line 251 of file smb_crypt.c.

252 {
253  int i;
254 
255  key[0] = str[0] >> 1;
256  key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
257  key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
258  key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
259  key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
260  key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
261  key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
262  key[7] = str[6] & 0x7F;
263  for (i = 0; i < 8; i++)
264  {
265  key[i] = (key[i] << 1);
266  }
267 }

Referenced by smbhash().

Here is the caller graph for this function:

◆ xor()

static void xor ( char *  out,
char *  in1,
char *  in2,
int  n 
)
static

Definition at line 160 of file smb_crypt.c.

161 {
162  int i;
163  for (i=0;i<n;i++)
164  out[i] = in1[i] ^ in2[i];
165 }

Referenced by dohash().

Here is the caller graph for this function:

Variable Documentation

◆ perm1

const uchar perm1[56]
static
Initial value:
= {
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43,
35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54,
46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4}

Definition at line 58 of file smb_crypt.c.

Referenced by dohash().

◆ perm2

const uchar perm2[48]
static
Initial value:
= {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32}

Definition at line 63 of file smb_crypt.c.

Referenced by dohash().

◆ perm3

const uchar perm3[64]
static
Initial value:
= {
58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7}

Definition at line 68 of file smb_crypt.c.

Referenced by dohash().

◆ perm4

const uchar perm4[48]
static
Initial value:
= {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1}

Definition at line 74 of file smb_crypt.c.

Referenced by dohash().

◆ perm5

const uchar perm5[32]
static
Initial value:
= {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23,
26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27,
3, 9, 19, 13, 30, 6, 22, 11, 4, 25}

Definition at line 79 of file smb_crypt.c.

Referenced by dohash().

◆ perm6

const uchar perm6[64]
static
Initial value:
= {
40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25}

Definition at line 83 of file smb_crypt.c.

Referenced by dohash().

◆ sbox

const uchar sbox[8][4][16]
static

Definition at line 91 of file smb_crypt.c.

Referenced by dohash().

◆ sc

const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}
static

Definition at line 89 of file smb_crypt.c.

Referenced by dohash().

HMACMD5Context
Definition: hmacmd5.h:29
E_P24
void E_P24(const uchar *p21, const uchar *c8, uchar *p24)
Definition: smb_crypt.c:310
ZERO_STRUCT
#define ZERO_STRUCT(x)
Definition: genrand.c:56
uchar
#define uchar
Definition: hmacmd5.h:22
mdfour_ntlmssp
void mdfour_ntlmssp(unsigned char *out, const unsigned char *in, int n)
Definition: md4.c:165
perm3
static const uchar perm3[64]
Definition: smb_crypt.c:68
LMv2_generate_response_ntlmssp
void LMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
Definition: smb_crypt.c:534
SMBOWFencrypt_ntv2_ntlmssp
void SMBOWFencrypt_ntv2_ntlmssp(const uchar *kr, const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])
fstring
char fstring[FSTRING_LEN]
Definition: smb_crypt.c:55
E_P16
void E_P16(uchar *p14, uchar *p16)
Definition: smb_crypt.c:302
SIVAL
#define SIVAL(buf, pos, val)
Definition: byteorder.h:117
NTLMv2_generate_response_ntlmssp
void NTLMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
Definition: smb_crypt.c:507
perm2
static const uchar perm2[48]
Definition: smb_crypt.c:63
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition: genrand.c:170
hmac_md5_init_limK_to_64
void hmac_md5_init_limK_to_64(const uchar *key, int key_len, HMACMD5Context *ctx)
The microsoft version of hmac_md5 initialisation.
Definition: hmacmd5.c:24
perm5
static const uchar perm5[32]
Definition: smb_crypt.c:79
SMBOWFencrypt_ntlmssp
void SMBOWFencrypt_ntlmssp(const uchar passwd[16], const uchar *c8, uchar p24[24])
Definition: smb_crypt.c:384
str_to_key
static void str_to_key(const uchar *str, uchar *key)
Definition: smb_crypt.c:251
len
uint8_t len
Definition: nasl_packet_forgery.c:1
hmac_md5_update
void hmac_md5_update(const uchar *text, int text_len, HMACMD5Context *ctx)
Update hmac_md5 "inner" buffer.
Definition: hmacmd5.c:55
put_long_date_ntlmssp
void put_long_date_ntlmssp(char *p, time_t t)
Definition: time.c:110
NTLMv2_generate_client_data_ntlmssp
uint8_t * NTLMv2_generate_client_data_ntlmssp(const char *addr_list, int address_list_len)
Definition: smb_crypt.c:476
permute
static void permute(char *out, char *in, const uchar *p, int n)
Definition: smb_crypt.c:133
perm1
static const uchar perm1[56]
Definition: smb_crypt.c:58
perm4
static const uchar perm4[48]
Definition: smb_crypt.c:74
concat
static void concat(char *out, char *in1, char *in2, int l1, int l2)
Definition: smb_crypt.c:152
smbhash
static void smbhash(uchar *out, const uchar *in, const uchar *key, int forw)
Definition: smb_crypt.c:270
xor
static void xor(char *out, char *in1, char *in2, int n)
Definition: smb_crypt.c:160
hmac_md5_final
void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
Finish off hmac_md5 "inner" buffer and generate outer one.
Definition: hmacmd5.c:64
False
#define False
Definition: charcnv.c:63
True
#define True
Definition: charcnv.c:64
SMBsesskeygen_ntv2_ntlmssp
void SMBsesskeygen_ntv2_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition: smb_crypt.c:463
val
const char * val
Definition: nasl_init.c:412
sc
static const uchar sc[16]
Definition: smb_crypt.c:89
lshift
static void lshift(char *d, int count, int n)
Definition: smb_crypt.c:141
dohash
static void dohash(char *out, char *in, char *key, int forw)
Definition: smb_crypt.c:167
sbox
static const uchar sbox[8][4][16]
Definition: smb_crypt.c:91
perm6
static const uchar perm6[64]
Definition: smb_crypt.c:83