|
rpm-build |
4f3c61 |
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
|
|
rpm-build |
4f3c61 |
/*
|
|
rpm-build |
4f3c61 |
* soup-auth-ntlm.c: HTTP NTLM Authentication helper
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Copyright (C) 2007 Red Hat, Inc.
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef HAVE_CONFIG_H
|
|
rpm-build |
4f3c61 |
#include <config.h>
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#include <errno.h>
|
|
rpm-build |
4f3c61 |
#include <stdlib.h>
|
|
rpm-build |
4f3c61 |
#include <string.h>
|
|
rpm-build |
4f3c61 |
#include <glib.h>
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#include "soup-auth-ntlm.h"
|
|
rpm-build |
4f3c61 |
#include "soup.h"
|
|
rpm-build |
4f3c61 |
#include "soup-message-private.h"
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void soup_ntlm_lanmanager_hash (const char *password,
|
|
rpm-build |
4f3c61 |
guchar hash[21]);
|
|
rpm-build |
4f3c61 |
static void soup_ntlm_nt_hash (const char *password,
|
|
rpm-build |
4f3c61 |
guchar hash[21]);
|
|
rpm-build |
4f3c61 |
static char *soup_ntlm_request (void);
|
|
rpm-build |
4f3c61 |
static gboolean soup_ntlm_parse_challenge (const char *challenge,
|
|
rpm-build |
4f3c61 |
char **nonce,
|
|
rpm-build |
4f3c61 |
char **default_domain,
|
|
rpm-build |
4f3c61 |
gboolean *ntlmv2_session);
|
|
rpm-build |
4f3c61 |
static char *soup_ntlm_response (const char *nonce,
|
|
rpm-build |
4f3c61 |
const char *user,
|
|
rpm-build |
4f3c61 |
guchar nt_hash[21],
|
|
rpm-build |
4f3c61 |
guchar lm_hash[21],
|
|
rpm-build |
4f3c61 |
const char *host,
|
|
rpm-build |
4f3c61 |
const char *domain,
|
|
rpm-build |
4f3c61 |
gboolean ntlmv2_session);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef enum {
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_NEW,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_SSO_FAILED,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_SENT_REQUEST,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_RECEIVED_CHALLENGE,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_SENT_RESPONSE,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_FAILED
|
|
rpm-build |
4f3c61 |
} SoupNTLMState;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef struct {
|
|
rpm-build |
4f3c61 |
SoupNTLMState state;
|
|
rpm-build |
4f3c61 |
char *nonce;
|
|
rpm-build |
4f3c61 |
char *response_header;
|
|
rpm-build |
4f3c61 |
gboolean ntlmv2_session;
|
|
rpm-build |
4f3c61 |
} SoupNTLMConnectionState;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef enum {
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_PASSWORD_NONE,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_PASSWORD_PROVIDED,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_PASSWORD_ACCEPTED,
|
|
rpm-build |
4f3c61 |
SOUP_NTLM_PASSWORD_REJECTED
|
|
rpm-build |
4f3c61 |
} SoupNTLMPasswordState;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef struct {
|
|
rpm-build |
4f3c61 |
char *username, *domain;
|
|
rpm-build |
4f3c61 |
guchar nt_hash[21], lm_hash[21];
|
|
rpm-build |
4f3c61 |
SoupNTLMPasswordState password_state;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
/* Use Samba's 'winbind' daemon to support NTLM single-sign-on,
|
|
rpm-build |
4f3c61 |
* by delegating the NTLM challenge/response protocal to a helper
|
|
rpm-build |
4f3c61 |
* in ntlm_auth.
|
|
rpm-build |
4f3c61 |
* http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
|
|
rpm-build |
4f3c61 |
* http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
|
|
rpm-build |
4f3c61 |
* http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
gboolean sso_available;
|
|
rpm-build |
4f3c61 |
int fd_in;
|
|
rpm-build |
4f3c61 |
int fd_out;
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
} SoupAuthNTLMPrivate;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
static gboolean ntlm_auth_available, ntlm_auth_debug;
|
|
rpm-build |
4f3c61 |
static void sso_ntlm_close (SoupAuthNTLMPrivate *priv);
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_TYPE_AUTH_NTLM:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* A #GType corresponding to HTTP-based NTLM authentication.
|
|
rpm-build |
4f3c61 |
* #SoupSessions do not support this type by default; if you want to
|
|
rpm-build |
4f3c61 |
* enable support for it, call soup_session_add_feature_by_type(),
|
|
rpm-build |
4f3c61 |
* passing %SOUP_TYPE_AUTH_NTLM.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Since: 2.34
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
G_DEFINE_TYPE_WITH_PRIVATE (SoupAuthNTLM, soup_auth_ntlm, SOUP_TYPE_CONNECTION_AUTH)
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_init (SoupAuthNTLM *ntlm)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (ntlm);
|
|
rpm-build |
4f3c61 |
const char *username = NULL, *slash;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
priv->sso_available = TRUE;
|
|
rpm-build |
4f3c61 |
priv->fd_in = -1;
|
|
rpm-build |
4f3c61 |
priv->fd_out = -1;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
username = getenv ("NTLMUSER");
|
|
rpm-build |
4f3c61 |
if (!username)
|
|
rpm-build |
4f3c61 |
username = g_get_user_name ();
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
slash = strpbrk (username, "\\/");
|
|
rpm-build |
4f3c61 |
if (slash) {
|
|
rpm-build |
4f3c61 |
priv->username = g_strdup (slash + 1);
|
|
rpm-build |
4f3c61 |
priv->domain = g_strndup (username, slash - username);
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
priv->username = g_strdup (username);
|
|
rpm-build |
4f3c61 |
priv->domain = NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_finalize (GObject *object)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (SOUP_AUTH_NTLM (object));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (priv->username);
|
|
rpm-build |
4f3c61 |
g_free (priv->domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
memset (priv->nt_hash, 0, sizeof (priv->nt_hash));
|
|
rpm-build |
4f3c61 |
memset (priv->lm_hash, 0, sizeof (priv->lm_hash));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
sso_ntlm_close (priv);
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
G_OBJECT_CLASS (soup_auth_ntlm_parent_class)->finalize (object);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
sso_ntlm_close (SoupAuthNTLMPrivate *priv)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
if (priv->fd_in != -1) {
|
|
rpm-build |
4f3c61 |
close (priv->fd_in);
|
|
rpm-build |
4f3c61 |
priv->fd_in = -1;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->fd_out != -1) {
|
|
rpm-build |
4f3c61 |
close (priv->fd_out);
|
|
rpm-build |
4f3c61 |
priv->fd_out = -1;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gboolean
|
|
rpm-build |
4f3c61 |
sso_ntlm_initiate (SoupAuthNTLMPrivate *priv)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
char *argv[9];
|
|
rpm-build |
4f3c61 |
gboolean ret;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!priv->sso_available)
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!ntlm_auth_available && !ntlm_auth_debug) {
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Return if ntlm_auth execution process exist already */
|
|
rpm-build |
4f3c61 |
if (priv->fd_in != -1 && priv->fd_out != -1)
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
else {
|
|
rpm-build |
4f3c61 |
/* Clean all sso data before re-initiate */
|
|
rpm-build |
4f3c61 |
sso_ntlm_close (priv);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (ntlm_auth_debug) {
|
|
rpm-build |
4f3c61 |
argv[0] = (char *) g_getenv ("SOUP_NTLM_AUTH_DEBUG");
|
|
rpm-build |
4f3c61 |
if (!*argv[0]) {
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
} else
|
|
rpm-build |
4f3c61 |
argv[0] = NTLM_AUTH;
|
|
rpm-build |
4f3c61 |
argv[1] = "--helper-protocol";
|
|
rpm-build |
4f3c61 |
argv[2] = "ntlmssp-client-1";
|
|
rpm-build |
4f3c61 |
argv[3] = "--use-cached-creds";
|
|
rpm-build |
4f3c61 |
argv[4] = "--username";
|
|
rpm-build |
4f3c61 |
argv[5] = priv->username;
|
|
rpm-build |
4f3c61 |
argv[6] = priv->domain ? "--domain" : NULL;
|
|
rpm-build |
4f3c61 |
argv[7] = priv->domain;
|
|
rpm-build |
4f3c61 |
argv[8] = NULL;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
ret = g_spawn_async_with_pipes (NULL, argv, NULL,
|
|
rpm-build |
4f3c61 |
G_SPAWN_STDERR_TO_DEV_NULL,
|
|
rpm-build |
4f3c61 |
NULL, NULL,
|
|
rpm-build |
4f3c61 |
NULL, &priv->fd_in, &priv->fd_out,
|
|
rpm-build |
4f3c61 |
NULL, NULL);
|
|
rpm-build |
4f3c61 |
if (!ret)
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
return ret;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static char *
|
|
rpm-build |
4f3c61 |
sso_ntlm_response (SoupAuthNTLMPrivate *priv, const char *input, SoupNTLMState conn_state)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
ssize_t size;
|
|
rpm-build |
4f3c61 |
char buf[1024];
|
|
rpm-build |
4f3c61 |
char *tmpbuf = buf;
|
|
rpm-build |
4f3c61 |
size_t len_in = strlen (input), len_out = sizeof (buf);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
while (len_in > 0) {
|
|
rpm-build |
4f3c61 |
int written = write (priv->fd_in, input, len_in);
|
|
rpm-build |
4f3c61 |
if (written == -1) {
|
|
rpm-build |
4f3c61 |
if (errno == EINTR)
|
|
rpm-build |
4f3c61 |
continue;
|
|
rpm-build |
4f3c61 |
/* write failed if other errors happen */
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
input += written;
|
|
rpm-build |
4f3c61 |
len_in -= written;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
/* Read one line */
|
|
rpm-build |
4f3c61 |
while (len_out > 0) {
|
|
rpm-build |
4f3c61 |
size = read (priv->fd_out, tmpbuf, len_out);
|
|
rpm-build |
4f3c61 |
if (size == -1) {
|
|
rpm-build |
4f3c61 |
if (errno == EINTR)
|
|
rpm-build |
4f3c61 |
continue;
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
} else if (size == 0)
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
else if (tmpbuf[size - 1] == '\n') {
|
|
rpm-build |
4f3c61 |
tmpbuf[size - 1] = '\0';
|
|
rpm-build |
4f3c61 |
goto wrfinish;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
tmpbuf += size;
|
|
rpm-build |
4f3c61 |
len_out -= size;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
wrfinish:
|
|
rpm-build |
4f3c61 |
if (g_ascii_strcasecmp (buf, "PW") == 0) {
|
|
rpm-build |
4f3c61 |
/* Samba/winbind installed but not configured */
|
|
rpm-build |
4f3c61 |
return g_strdup ("PW");
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
if (conn_state == SOUP_NTLM_NEW &&
|
|
rpm-build |
4f3c61 |
g_ascii_strncasecmp (buf, "YR ", 3) != 0) {
|
|
rpm-build |
4f3c61 |
/* invalid response for type 1 message */
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
if (conn_state == SOUP_NTLM_RECEIVED_CHALLENGE &&
|
|
rpm-build |
4f3c61 |
g_ascii_strncasecmp (buf, "KK ", 3) != 0 &&
|
|
rpm-build |
4f3c61 |
g_ascii_strncasecmp (buf, "AF ", 3) != 0) {
|
|
rpm-build |
4f3c61 |
/* invalid response for type 3 message */
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return g_strdup_printf ("NTLM %.*s", (int)(size - 4), buf + 3);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
#endif /* USE_NTLM_AUTH */
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gpointer
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_create_connection_state (SoupConnectionAuth *auth)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupNTLMConnectionState *conn;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
conn = g_slice_new0 (SoupNTLMConnectionState);
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_NEW;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return conn;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_free_connection_state (SoupConnectionAuth *auth,
|
|
rpm-build |
4f3c61 |
gpointer state)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupNTLMConnectionState *conn = state;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (conn->nonce);
|
|
rpm-build |
4f3c61 |
g_free (conn->response_header);
|
|
rpm-build |
4f3c61 |
g_slice_free (SoupNTLMConnectionState, conn);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
|
|
rpm-build |
4f3c61 |
const char *auth_header, gpointer state)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLM *auth_ntlm = SOUP_AUTH_NTLM (auth);
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (auth_ntlm);
|
|
rpm-build |
4f3c61 |
SoupNTLMConnectionState *conn = state;
|
|
rpm-build |
4f3c61 |
gboolean success = TRUE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Note that we only return FALSE if some sort of parsing error
|
|
rpm-build |
4f3c61 |
* occurs. Otherwise, the SoupAuth is still reusable (though it may
|
|
rpm-build |
4f3c61 |
* no longer be _ready or _authenticated).
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!g_str_has_prefix (auth_header, "NTLM"))
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (conn->state > SOUP_NTLM_SENT_REQUEST) {
|
|
rpm-build |
4f3c61 |
if (priv->password_state == SOUP_NTLM_PASSWORD_ACCEPTED) {
|
|
rpm-build |
4f3c61 |
/* We know our password is correct, so a 401
|
|
rpm-build |
4f3c61 |
* means "permission denied". The code can't deal
|
|
rpm-build |
4f3c61 |
* with re-authenticating correctly, so make sure
|
|
rpm-build |
4f3c61 |
* we don't try.
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_FAILED;
|
|
rpm-build |
4f3c61 |
if (soup_message_is_keepalive (msg)) {
|
|
rpm-build |
4f3c61 |
soup_message_headers_append (msg->response_headers,
|
|
rpm-build |
4f3c61 |
"Connection", "close");
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
if (priv->sso_available) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SSO_FAILED;
|
|
rpm-build |
4f3c61 |
priv->password_state = SOUP_NTLM_PASSWORD_NONE;
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_FAILED;
|
|
rpm-build |
4f3c61 |
priv->password_state = SOUP_NTLM_PASSWORD_REJECTED;
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (conn->state == SOUP_NTLM_NEW && !auth_header[4])
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!auth_header[4] || !auth_header[5]) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_FAILED;
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce,
|
|
rpm-build |
4f3c61 |
priv->domain ? NULL : &priv->domain,
|
|
rpm-build |
4f3c61 |
&conn->ntlmv2_session)) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_FAILED;
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
if (priv->sso_available && conn->state == SOUP_NTLM_SENT_REQUEST) {
|
|
rpm-build |
4f3c61 |
char *input, *response;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Re-Initiate ntlm_auth process in case it was closed/killed abnormally */
|
|
rpm-build |
4f3c61 |
if (!sso_ntlm_initiate (priv)) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SSO_FAILED;
|
|
rpm-build |
4f3c61 |
success = FALSE;
|
|
rpm-build |
4f3c61 |
goto out;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
input = g_strdup_printf ("TT %s\n", auth_header + 5);
|
|
rpm-build |
4f3c61 |
response = sso_ntlm_response (priv, input, conn->state);
|
|
rpm-build |
4f3c61 |
sso_ntlm_close (priv);
|
|
rpm-build |
4f3c61 |
g_free (input);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!response) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SSO_FAILED;
|
|
rpm-build |
4f3c61 |
success = FALSE;
|
|
rpm-build |
4f3c61 |
} else if (!g_ascii_strcasecmp (response, "PW")) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SSO_FAILED;
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
g_free (response);
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
conn->response_header = response;
|
|
rpm-build |
4f3c61 |
if (priv->password_state != SOUP_NTLM_PASSWORD_ACCEPTED)
|
|
rpm-build |
4f3c61 |
priv->password_state = SOUP_NTLM_PASSWORD_PROVIDED;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
out:
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (conn->state == SOUP_NTLM_SENT_REQUEST)
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_RECEIVED_CHALLENGE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_object_set (G_OBJECT (auth),
|
|
rpm-build |
4f3c61 |
SOUP_AUTH_REALM, priv->domain,
|
|
rpm-build |
4f3c61 |
SOUP_AUTH_HOST, soup_message_get_uri (msg)->host,
|
|
rpm-build |
4f3c61 |
NULL);
|
|
rpm-build |
4f3c61 |
return success;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static GSList *
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
char *space, *p;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
space = g_strdup (source_uri->path);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Strip filename component */
|
|
rpm-build |
4f3c61 |
p = strrchr (space, '/');
|
|
rpm-build |
4f3c61 |
if (p && p != space && p[1])
|
|
rpm-build |
4f3c61 |
*p = '\0';
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return g_slist_prepend (NULL, space);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_authenticate (SoupAuth *auth, const char *username,
|
|
rpm-build |
4f3c61 |
const char *password)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLM *auth_ntlm = SOUP_AUTH_NTLM (auth);
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (auth_ntlm);
|
|
rpm-build |
4f3c61 |
const char *slash;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_return_if_fail (username != NULL);
|
|
rpm-build |
4f3c61 |
g_return_if_fail (password != NULL);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->username)
|
|
rpm-build |
4f3c61 |
g_free (priv->username);
|
|
rpm-build |
4f3c61 |
if (priv->domain)
|
|
rpm-build |
4f3c61 |
g_free (priv->domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
slash = strpbrk (username, "\\/");
|
|
rpm-build |
4f3c61 |
if (slash) {
|
|
rpm-build |
4f3c61 |
priv->domain = g_strndup (username, slash - username);
|
|
rpm-build |
4f3c61 |
priv->username = g_strdup (slash + 1);
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
priv->domain = g_strdup ("");
|
|
rpm-build |
4f3c61 |
priv->username = g_strdup (username);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
soup_ntlm_nt_hash (password, priv->nt_hash);
|
|
rpm-build |
4f3c61 |
soup_ntlm_lanmanager_hash (password, priv->lm_hash);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
priv->password_state = SOUP_NTLM_PASSWORD_PROVIDED;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_is_authenticated (SoupAuth *auth)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLM *auth_ntlm = SOUP_AUTH_NTLM (auth);
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (auth_ntlm);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return (priv->password_state != SOUP_NTLM_PASSWORD_NONE &&
|
|
rpm-build |
4f3c61 |
priv->password_state != SOUP_NTLM_PASSWORD_REJECTED);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_is_connection_ready (SoupConnectionAuth *auth,
|
|
rpm-build |
4f3c61 |
SoupMessage *msg,
|
|
rpm-build |
4f3c61 |
gpointer state)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLM *auth_ntlm = SOUP_AUTH_NTLM (auth);
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (auth_ntlm);
|
|
rpm-build |
4f3c61 |
SoupNTLMConnectionState *conn = state;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->password_state == SOUP_NTLM_PASSWORD_REJECTED)
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->password_state == SOUP_NTLM_PASSWORD_PROVIDED)
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return conn->state != SOUP_NTLM_FAILED;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
got_final_auth_result (SoupMessage *msg, gpointer data)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuth *auth = data;
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (SOUP_AUTH_NTLM (auth));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_signal_handlers_disconnect_by_func (msg, G_CALLBACK (got_final_auth_result), auth);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (auth != soup_message_get_auth (msg))
|
|
rpm-build |
4f3c61 |
return;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (msg->status_code != SOUP_STATUS_UNAUTHORIZED)
|
|
rpm-build |
4f3c61 |
priv->password_state = SOUP_NTLM_PASSWORD_ACCEPTED;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static char *
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_get_connection_authorization (SoupConnectionAuth *auth,
|
|
rpm-build |
4f3c61 |
SoupMessage *msg,
|
|
rpm-build |
4f3c61 |
gpointer state)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthNTLM *auth_ntlm = SOUP_AUTH_NTLM (auth);
|
|
rpm-build |
4f3c61 |
SoupAuthNTLMPrivate *priv = soup_auth_ntlm_get_instance_private (auth_ntlm);
|
|
rpm-build |
4f3c61 |
SoupNTLMConnectionState *conn = state;
|
|
rpm-build |
4f3c61 |
char *header = NULL;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
switch (conn->state) {
|
|
rpm-build |
4f3c61 |
case SOUP_NTLM_NEW:
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
if (sso_ntlm_initiate (priv)) {
|
|
rpm-build |
4f3c61 |
header = sso_ntlm_response (priv, "YR\n", conn->state);
|
|
rpm-build |
4f3c61 |
if (header) {
|
|
rpm-build |
4f3c61 |
if (g_ascii_strcasecmp (header, "PW") != 0) {
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SENT_REQUEST;
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
g_free (header);
|
|
rpm-build |
4f3c61 |
header = NULL;
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
g_debug ("NTLM single-sign-on using %s failed", NTLM_AUTH);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
/* If NTLM single-sign-on fails, go back to original
|
|
rpm-build |
4f3c61 |
* request handling process.
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
header = soup_ntlm_request ();
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SENT_REQUEST;
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case SOUP_NTLM_RECEIVED_CHALLENGE:
|
|
rpm-build |
4f3c61 |
if (conn->response_header) {
|
|
rpm-build |
4f3c61 |
header = conn->response_header;
|
|
rpm-build |
4f3c61 |
conn->response_header = NULL;
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
header = soup_ntlm_response (conn->nonce,
|
|
rpm-build |
4f3c61 |
priv->username,
|
|
rpm-build |
4f3c61 |
priv->nt_hash,
|
|
rpm-build |
4f3c61 |
priv->lm_hash,
|
|
rpm-build |
4f3c61 |
NULL,
|
|
rpm-build |
4f3c61 |
priv->domain,
|
|
rpm-build |
4f3c61 |
conn->ntlmv2_session);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
g_clear_pointer (&conn->nonce, g_free);
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SENT_RESPONSE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->password_state != SOUP_NTLM_PASSWORD_ACCEPTED) {
|
|
rpm-build |
4f3c61 |
/* We need to know if this worked */
|
|
rpm-build |
4f3c61 |
g_signal_connect (msg, "got-headers",
|
|
rpm-build |
4f3c61 |
G_CALLBACK (got_final_auth_result),
|
|
rpm-build |
4f3c61 |
auth);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
case SOUP_NTLM_SSO_FAILED:
|
|
rpm-build |
4f3c61 |
/* Restart request without SSO */
|
|
rpm-build |
4f3c61 |
g_debug ("NTLM single-sign-on by using %s failed", NTLM_AUTH);
|
|
rpm-build |
4f3c61 |
priv->sso_available = FALSE;
|
|
rpm-build |
4f3c61 |
header = soup_ntlm_request ();
|
|
rpm-build |
4f3c61 |
conn->state = SOUP_NTLM_SENT_REQUEST;
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
default:
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return header;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_ntlm_class_init (SoupAuthNTLMClass *auth_ntlm_class)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthClass *auth_class = SOUP_AUTH_CLASS (auth_ntlm_class);
|
|
rpm-build |
4f3c61 |
SoupConnectionAuthClass *connauth_class = SOUP_CONNECTION_AUTH_CLASS (auth_ntlm_class);
|
|
rpm-build |
4f3c61 |
GObjectClass *object_class = G_OBJECT_CLASS (auth_ntlm_class);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
auth_class->scheme_name = "NTLM";
|
|
rpm-build |
4f3c61 |
auth_class->strength = 3;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
auth_class->get_protection_space = soup_auth_ntlm_get_protection_space;
|
|
rpm-build |
4f3c61 |
auth_class->authenticate = soup_auth_ntlm_authenticate;
|
|
rpm-build |
4f3c61 |
auth_class->is_authenticated = soup_auth_ntlm_is_authenticated;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
connauth_class->create_connection_state = soup_auth_ntlm_create_connection_state;
|
|
rpm-build |
4f3c61 |
connauth_class->free_connection_state = soup_auth_ntlm_free_connection_state;
|
|
rpm-build |
4f3c61 |
connauth_class->update_connection = soup_auth_ntlm_update_connection;
|
|
rpm-build |
4f3c61 |
connauth_class->get_connection_authorization = soup_auth_ntlm_get_connection_authorization;
|
|
rpm-build |
4f3c61 |
connauth_class->is_connection_ready = soup_auth_ntlm_is_connection_ready;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
object_class->finalize = soup_auth_ntlm_finalize;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef USE_NTLM_AUTH
|
|
rpm-build |
4f3c61 |
ntlm_auth_available = g_file_test (NTLM_AUTH, G_FILE_TEST_IS_EXECUTABLE);
|
|
rpm-build |
4f3c61 |
ntlm_auth_debug = (g_getenv ("SOUP_NTLM_AUTH_DEBUG") != NULL);
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void md4sum (const unsigned char *in,
|
|
rpm-build |
4f3c61 |
int nbytes,
|
|
rpm-build |
4f3c61 |
unsigned char digest[16]);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef guint32 DES_KS[16][2]; /* Single-key DES key schedule */
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void deskey (DES_KS, unsigned char *, int);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void des (DES_KS, unsigned char *);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void setup_schedule (const guchar *key_56, DES_KS ks);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void calc_response (const guchar *key,
|
|
rpm-build |
4f3c61 |
const guchar *plaintext,
|
|
rpm-build |
4f3c61 |
guchar *results);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#define LM_PASSWORD_MAGIC "\x4B\x47\x53\x21\x40\x23\x24\x25" \
|
|
rpm-build |
4f3c61 |
"\x4B\x47\x53\x21\x40\x23\x24\x25" \
|
|
rpm-build |
4f3c61 |
"\x00\x00\x00\x00\x00"
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_ntlm_lanmanager_hash (const char *password, guchar hash[21])
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
guchar lm_password [15];
|
|
rpm-build |
4f3c61 |
DES_KS ks;
|
|
rpm-build |
4f3c61 |
int i;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
for (i = 0; i < 14 && password [i]; i++)
|
|
rpm-build |
4f3c61 |
lm_password [i] = g_ascii_toupper ((unsigned char) password [i]);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
for (; i < 15; i++)
|
|
rpm-build |
4f3c61 |
lm_password [i] = '\0';
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
memcpy (hash, LM_PASSWORD_MAGIC, 21);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
setup_schedule (lm_password, ks);
|
|
rpm-build |
4f3c61 |
des (ks, hash);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
setup_schedule (lm_password + 7, ks);
|
|
rpm-build |
4f3c61 |
des (ks, hash + 8);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_ntlm_nt_hash (const char *password, guchar hash[21])
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
unsigned char *buf, *p;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
p = buf = g_malloc (strlen (password) * 2);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
while (*password) {
|
|
rpm-build |
4f3c61 |
*p++ = *password++;
|
|
rpm-build |
4f3c61 |
*p++ = '\0';
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
md4sum (buf, p - buf, hash);
|
|
rpm-build |
4f3c61 |
memset (hash + 16, 0, 5);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (buf);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef struct {
|
|
rpm-build |
4f3c61 |
guint16 length;
|
|
rpm-build |
4f3c61 |
guint16 length2;
|
|
rpm-build |
4f3c61 |
guint16 offset;
|
|
rpm-build |
4f3c61 |
guchar zero_pad[2];
|
|
rpm-build |
4f3c61 |
} NTLMString;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#define NTLM_CHALLENGE_NONCE_OFFSET 24
|
|
rpm-build |
4f3c61 |
#define NTLM_CHALLENGE_NONCE_LENGTH 8
|
|
rpm-build |
4f3c61 |
#define NTLM_CHALLENGE_DOMAIN_STRING_OFFSET 12
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#define NTLM_CHALLENGE_FLAGS_OFFSET 20
|
|
rpm-build |
4f3c61 |
#define NTLM_FLAGS_NEGOTIATE_NTLMV2 0x00080000
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#define NTLM_RESPONSE_HEADER "NTLMSSP\x00\x03\x00\x00\x00"
|
|
rpm-build |
4f3c61 |
#define NTLM_RESPONSE_FLAGS 0x8201
|
|
rpm-build |
4f3c61 |
#define NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0x00080000
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef struct {
|
|
rpm-build |
4f3c61 |
guchar header[12];
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
NTLMString lm_resp;
|
|
rpm-build |
4f3c61 |
NTLMString nt_resp;
|
|
rpm-build |
4f3c61 |
NTLMString domain;
|
|
rpm-build |
4f3c61 |
NTLMString user;
|
|
rpm-build |
4f3c61 |
NTLMString host;
|
|
rpm-build |
4f3c61 |
NTLMString session_key;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
guint32 flags;
|
|
rpm-build |
4f3c61 |
} NTLMResponse;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
ntlm_set_string (NTLMString *string, int *offset, int len)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
string->offset = GUINT16_TO_LE (*offset);
|
|
rpm-build |
4f3c61 |
string->length = string->length2 = GUINT16_TO_LE (len);
|
|
rpm-build |
4f3c61 |
*offset += len;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static char *
|
|
rpm-build |
4f3c61 |
soup_ntlm_request (void)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
return g_strdup ("NTLM TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA");
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static gboolean
|
|
rpm-build |
4f3c61 |
soup_ntlm_parse_challenge (const char *challenge,
|
|
rpm-build |
4f3c61 |
char **nonce,
|
|
rpm-build |
4f3c61 |
char **default_domain,
|
|
rpm-build |
4f3c61 |
gboolean *ntlmv2_session)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
gsize clen;
|
|
rpm-build |
4f3c61 |
NTLMString domain;
|
|
rpm-build |
4f3c61 |
guchar *chall;
|
|
rpm-build |
4f3c61 |
guint32 flags;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
chall = g_base64_decode (challenge, &clen);
|
|
rpm-build |
4f3c61 |
if (clen < NTLM_CHALLENGE_DOMAIN_STRING_OFFSET ||
|
|
rpm-build |
4f3c61 |
clen < NTLM_CHALLENGE_NONCE_OFFSET + NTLM_CHALLENGE_NONCE_LENGTH) {
|
|
rpm-build |
4f3c61 |
g_free (chall);
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
memcpy (&flags, chall + NTLM_CHALLENGE_FLAGS_OFFSET, sizeof(flags));
|
|
rpm-build |
4f3c61 |
flags = GUINT_FROM_LE (flags);
|
|
rpm-build |
4f3c61 |
*ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (default_domain) {
|
|
rpm-build |
4f3c61 |
memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain));
|
|
rpm-build |
4f3c61 |
domain.length = GUINT16_FROM_LE (domain.length);
|
|
rpm-build |
4f3c61 |
domain.offset = GUINT16_FROM_LE (domain.offset);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (clen < domain.length + domain.offset) {
|
|
rpm-build |
4f3c61 |
g_free (chall);
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
*default_domain = g_convert ((char *)chall + domain.offset,
|
|
rpm-build |
4f3c61 |
domain.length, "UTF-8", "UCS-2LE",
|
|
rpm-build |
4f3c61 |
NULL, NULL, NULL);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (nonce) {
|
|
rpm-build |
4f3c61 |
*nonce = g_memdup (chall + NTLM_CHALLENGE_NONCE_OFFSET,
|
|
rpm-build |
4f3c61 |
NTLM_CHALLENGE_NONCE_LENGTH);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (chall);
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
calc_ntlm2_session_response (const char *nonce,
|
|
rpm-build |
4f3c61 |
guchar nt_hash[21],
|
|
rpm-build |
4f3c61 |
guchar lm_hash[21],
|
|
rpm-build |
4f3c61 |
guchar *lm_resp,
|
|
rpm-build |
4f3c61 |
gsize lm_resp_sz,
|
|
rpm-build |
4f3c61 |
guchar *nt_resp)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
guint32 client_nonce[2];
|
|
rpm-build |
4f3c61 |
guchar ntlmv2_hash[16];
|
|
rpm-build |
4f3c61 |
GChecksum *ntlmv2_cksum;
|
|
rpm-build |
4f3c61 |
gsize ntlmv2_hash_sz = sizeof (ntlmv2_hash);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* FIXME: if GLib ever gets a more secure random number
|
|
rpm-build |
4f3c61 |
* generator, use it here
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
client_nonce[0] = g_random_int();
|
|
rpm-build |
4f3c61 |
client_nonce[1] = g_random_int();
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
ntlmv2_cksum = g_checksum_new (G_CHECKSUM_MD5);
|
|
rpm-build |
4f3c61 |
g_checksum_update (ntlmv2_cksum, (const guchar *) nonce, 8);
|
|
rpm-build |
4f3c61 |
g_checksum_update (ntlmv2_cksum, (const guchar *) client_nonce, sizeof (client_nonce));
|
|
rpm-build |
4f3c61 |
g_checksum_get_digest (ntlmv2_cksum, ntlmv2_hash, &ntlmv2_hash_sz);
|
|
rpm-build |
4f3c61 |
g_checksum_free (ntlmv2_cksum);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Send the padded client nonce as a fake lm_resp */
|
|
rpm-build |
4f3c61 |
memset (lm_resp, 0, lm_resp_sz);
|
|
rpm-build |
4f3c61 |
memcpy (lm_resp, client_nonce, sizeof (client_nonce));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Compute nt_hash as usual but with a new nonce */
|
|
rpm-build |
4f3c61 |
calc_response (nt_hash, ntlmv2_hash, nt_resp);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static char *
|
|
rpm-build |
4f3c61 |
soup_ntlm_response (const char *nonce,
|
|
rpm-build |
4f3c61 |
const char *user,
|
|
rpm-build |
4f3c61 |
guchar nt_hash[21],
|
|
rpm-build |
4f3c61 |
guchar lm_hash[21],
|
|
rpm-build |
4f3c61 |
const char *host,
|
|
rpm-build |
4f3c61 |
const char *domain,
|
|
rpm-build |
4f3c61 |
gboolean ntlmv2_session)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
int offset;
|
|
rpm-build |
4f3c61 |
gsize hlen, dlen, ulen;
|
|
rpm-build |
4f3c61 |
guchar lm_resp[24], nt_resp[24];
|
|
rpm-build |
4f3c61 |
char *user_conv, *host_conv, *domain_conv;
|
|
rpm-build |
4f3c61 |
NTLMResponse resp;
|
|
rpm-build |
4f3c61 |
char *out, *p;
|
|
rpm-build |
4f3c61 |
int state, save;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (ntlmv2_session) {
|
|
rpm-build |
4f3c61 |
calc_ntlm2_session_response (nonce, nt_hash, lm_hash,
|
|
rpm-build |
4f3c61 |
lm_resp, sizeof(lm_resp), nt_resp);
|
|
rpm-build |
4f3c61 |
} else {
|
|
rpm-build |
4f3c61 |
/* Compute a regular response */
|
|
rpm-build |
4f3c61 |
calc_response (nt_hash, (guchar *) nonce, nt_resp);
|
|
rpm-build |
4f3c61 |
calc_response (lm_hash, (guchar *) nonce, lm_resp);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
memset (&resp, 0, sizeof (resp));
|
|
rpm-build |
4f3c61 |
memcpy (resp.header, NTLM_RESPONSE_HEADER, sizeof (resp.header));
|
|
rpm-build |
4f3c61 |
resp.flags = GUINT32_TO_LE (NTLM_RESPONSE_FLAGS);
|
|
rpm-build |
4f3c61 |
if (ntlmv2_session)
|
|
rpm-build |
4f3c61 |
resp.flags |= GUINT32_TO_LE (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
offset = sizeof (resp);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!host)
|
|
rpm-build |
4f3c61 |
host = "UNKNOWN";
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
domain_conv = g_convert (domain, -1, "UCS-2LE", "UTF-8", NULL, &dlen, NULL);
|
|
rpm-build |
4f3c61 |
user_conv = g_convert (user, -1, "UCS-2LE", "UTF-8", NULL, &ulen, NULL);
|
|
rpm-build |
4f3c61 |
host_conv = g_convert (host, -1, "UCS-2LE", "UTF-8", NULL, &hlen, NULL);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
ntlm_set_string (&resp.domain, &offset, dlen);
|
|
rpm-build |
4f3c61 |
ntlm_set_string (&resp.user, &offset, ulen);
|
|
rpm-build |
4f3c61 |
ntlm_set_string (&resp.host, &offset, hlen);
|
|
rpm-build |
4f3c61 |
ntlm_set_string (&resp.lm_resp, &offset, sizeof (lm_resp));
|
|
rpm-build |
4f3c61 |
ntlm_set_string (&resp.nt_resp, &offset, sizeof (nt_resp));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
out = g_malloc (((offset + 3) * 4) / 3 + 6);
|
|
rpm-build |
4f3c61 |
strncpy (out, "NTLM ", 5);
|
|
rpm-build |
4f3c61 |
p = out + 5;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
state = save = 0;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step ((const guchar *) &resp, sizeof (resp),
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step ((const guchar *) domain_conv, dlen,
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step ((const guchar *) user_conv, ulen,
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step ((const guchar *) host_conv, hlen,
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step (lm_resp, sizeof (lm_resp),
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_step (nt_resp, sizeof (nt_resp),
|
|
rpm-build |
4f3c61 |
FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
p += g_base64_encode_close (FALSE, p, &state, &save);
|
|
rpm-build |
4f3c61 |
*p = '\0';
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (domain_conv);
|
|
rpm-build |
4f3c61 |
g_free (user_conv);
|
|
rpm-build |
4f3c61 |
g_free (host_conv);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return out;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* DES utils */
|
|
rpm-build |
4f3c61 |
/* Set up a key schedule based on a 56bit key */
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
setup_schedule (const guchar *key_56, DES_KS ks)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
guchar key[8];
|
|
rpm-build |
4f3c61 |
int i, c, bit;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
key[0] = (key_56[0]) ;
|
|
rpm-build |
4f3c61 |
key[1] = (key_56[1] >> 1) | ((key_56[0] << 7) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[2] = (key_56[2] >> 2) | ((key_56[1] << 6) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[3] = (key_56[3] >> 3) | ((key_56[2] << 5) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[4] = (key_56[4] >> 4) | ((key_56[3] << 4) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[5] = (key_56[5] >> 5) | ((key_56[4] << 3) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[6] = (key_56[6] >> 6) | ((key_56[5] << 2) & 0xFF);
|
|
rpm-build |
4f3c61 |
key[7] = ((key_56[6] << 1) & 0xFF);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Fix parity */
|
|
rpm-build |
4f3c61 |
for (i = 0; i < 8; i++) {
|
|
rpm-build |
4f3c61 |
for (c = bit = 0; bit < 8; bit++)
|
|
rpm-build |
4f3c61 |
if (key[i] & (1 << bit))
|
|
rpm-build |
4f3c61 |
c++;
|
|
rpm-build |
4f3c61 |
if (!(c & 1))
|
|
rpm-build |
4f3c61 |
key[i] ^= 0x01;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
deskey (ks, key, 0);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
calc_response (const guchar *key, const guchar *plaintext, guchar *results)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
DES_KS ks;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
memcpy (results, plaintext, 8);
|
|
rpm-build |
4f3c61 |
memcpy (results + 8, plaintext, 8);
|
|
rpm-build |
4f3c61 |
memcpy (results + 16, plaintext, 8);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
setup_schedule (key, ks);
|
|
rpm-build |
4f3c61 |
des (ks, results);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
setup_schedule (key + 7, ks);
|
|
rpm-build |
4f3c61 |
des (ks, results + 8);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
setup_schedule (key + 14, ks);
|
|
rpm-build |
4f3c61 |
des (ks, results + 16);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/*
|
|
rpm-build |
4f3c61 |
* MD4 encoder. (The one everyone else uses is not GPL-compatible;
|
|
rpm-build |
4f3c61 |
* this is a reimplementation from spec.) This doesn't need to be
|
|
rpm-build |
4f3c61 |
* efficient for our purposes, although it would be nice to fix
|
|
rpm-build |
4f3c61 |
* it to not malloc()...
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#define F(X,Y,Z) ( ((X)&(Y)) | ((~(X))&(Z)) )
|
|
rpm-build |
4f3c61 |
#define G(X,Y,Z) ( ((X)&(Y)) | ((X)&(Z)) | ((Y)&(Z)) )
|
|
rpm-build |
4f3c61 |
#define H(X,Y,Z) ( (X)^(Y)^(Z) )
|
|
rpm-build |
4f3c61 |
#define ROT(val, n) ( ((val) << (n)) | ((val) >> (32 - (n))) )
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
md4sum (const unsigned char *in, int nbytes, unsigned char digest[16])
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
unsigned char *M;
|
|
rpm-build |
4f3c61 |
guint32 A, B, C, D, AA, BB, CC, DD, X[16];
|
|
rpm-build |
4f3c61 |
int pbytes, nbits = nbytes * 8, i, j;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* There is *always* padding of at least one bit. */
|
|
rpm-build |
4f3c61 |
pbytes = ((119 - (nbytes % 64)) % 64) + 1;
|
|
rpm-build |
4f3c61 |
M = alloca (nbytes + pbytes + 8);
|
|
rpm-build |
4f3c61 |
memcpy (M, in, nbytes);
|
|
rpm-build |
4f3c61 |
memset (M + nbytes, 0, pbytes + 8);
|
|
rpm-build |
4f3c61 |
M[nbytes] = 0x80;
|
|
rpm-build |
4f3c61 |
M[nbytes + pbytes] = nbits & 0xFF;
|
|
rpm-build |
4f3c61 |
M[nbytes + pbytes + 1] = (nbits >> 8) & 0xFF;
|
|
rpm-build |
4f3c61 |
M[nbytes + pbytes + 2] = (nbits >> 16) & 0xFF;
|
|
rpm-build |
4f3c61 |
M[nbytes + pbytes + 3] = (nbits >> 24) & 0xFF;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
A = 0x67452301;
|
|
rpm-build |
4f3c61 |
B = 0xEFCDAB89;
|
|
rpm-build |
4f3c61 |
C = 0x98BADCFE;
|
|
rpm-build |
4f3c61 |
D = 0x10325476;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
for (i = 0; i < nbytes + pbytes + 8; i += 64) {
|
|
rpm-build |
4f3c61 |
for (j = 0; j < 16; j++) {
|
|
rpm-build |
4f3c61 |
X[j] = (M[i + j*4]) |
|
|
rpm-build |
4f3c61 |
(M[i + j*4 + 1] << 8) |
|
|
rpm-build |
4f3c61 |
(M[i + j*4 + 2] << 16) |
|
|
rpm-build |
4f3c61 |
(M[i + j*4 + 3] << 24);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
AA = A;
|
|
rpm-build |
4f3c61 |
BB = B;
|
|
rpm-build |
4f3c61 |
CC = C;
|
|
rpm-build |
4f3c61 |
DD = D;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
A = ROT (A + F(B, C, D) + X[0], 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + F(A, B, C) + X[1], 7);
|
|
rpm-build |
4f3c61 |
C = ROT (C + F(D, A, B) + X[2], 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + F(C, D, A) + X[3], 19);
|
|
rpm-build |
4f3c61 |
A = ROT (A + F(B, C, D) + X[4], 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + F(A, B, C) + X[5], 7);
|
|
rpm-build |
4f3c61 |
C = ROT (C + F(D, A, B) + X[6], 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + F(C, D, A) + X[7], 19);
|
|
rpm-build |
4f3c61 |
A = ROT (A + F(B, C, D) + X[8], 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + F(A, B, C) + X[9], 7);
|
|
rpm-build |
4f3c61 |
C = ROT (C + F(D, A, B) + X[10], 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + F(C, D, A) + X[11], 19);
|
|
rpm-build |
4f3c61 |
A = ROT (A + F(B, C, D) + X[12], 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + F(A, B, C) + X[13], 7);
|
|
rpm-build |
4f3c61 |
C = ROT (C + F(D, A, B) + X[14], 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + F(C, D, A) + X[15], 19);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
A = ROT (A + G(B, C, D) + X[0] + 0x5A827999, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + G(A, B, C) + X[4] + 0x5A827999, 5);
|
|
rpm-build |
4f3c61 |
C = ROT (C + G(D, A, B) + X[8] + 0x5A827999, 9);
|
|
rpm-build |
4f3c61 |
B = ROT (B + G(C, D, A) + X[12] + 0x5A827999, 13);
|
|
rpm-build |
4f3c61 |
A = ROT (A + G(B, C, D) + X[1] + 0x5A827999, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + G(A, B, C) + X[5] + 0x5A827999, 5);
|
|
rpm-build |
4f3c61 |
C = ROT (C + G(D, A, B) + X[9] + 0x5A827999, 9);
|
|
rpm-build |
4f3c61 |
B = ROT (B + G(C, D, A) + X[13] + 0x5A827999, 13);
|
|
rpm-build |
4f3c61 |
A = ROT (A + G(B, C, D) + X[2] + 0x5A827999, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + G(A, B, C) + X[6] + 0x5A827999, 5);
|
|
rpm-build |
4f3c61 |
C = ROT (C + G(D, A, B) + X[10] + 0x5A827999, 9);
|
|
rpm-build |
4f3c61 |
B = ROT (B + G(C, D, A) + X[14] + 0x5A827999, 13);
|
|
rpm-build |
4f3c61 |
A = ROT (A + G(B, C, D) + X[3] + 0x5A827999, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + G(A, B, C) + X[7] + 0x5A827999, 5);
|
|
rpm-build |
4f3c61 |
C = ROT (C + G(D, A, B) + X[11] + 0x5A827999, 9);
|
|
rpm-build |
4f3c61 |
B = ROT (B + G(C, D, A) + X[15] + 0x5A827999, 13);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
A = ROT (A + H(B, C, D) + X[0] + 0x6ED9EBA1, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + H(A, B, C) + X[8] + 0x6ED9EBA1, 9);
|
|
rpm-build |
4f3c61 |
C = ROT (C + H(D, A, B) + X[4] + 0x6ED9EBA1, 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + H(C, D, A) + X[12] + 0x6ED9EBA1, 15);
|
|
rpm-build |
4f3c61 |
A = ROT (A + H(B, C, D) + X[2] + 0x6ED9EBA1, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + H(A, B, C) + X[10] + 0x6ED9EBA1, 9);
|
|
rpm-build |
4f3c61 |
C = ROT (C + H(D, A, B) + X[6] + 0x6ED9EBA1, 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + H(C, D, A) + X[14] + 0x6ED9EBA1, 15);
|
|
rpm-build |
4f3c61 |
A = ROT (A + H(B, C, D) + X[1] + 0x6ED9EBA1, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + H(A, B, C) + X[9] + 0x6ED9EBA1, 9);
|
|
rpm-build |
4f3c61 |
C = ROT (C + H(D, A, B) + X[5] + 0x6ED9EBA1, 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + H(C, D, A) + X[13] + 0x6ED9EBA1, 15);
|
|
rpm-build |
4f3c61 |
A = ROT (A + H(B, C, D) + X[3] + 0x6ED9EBA1, 3);
|
|
rpm-build |
4f3c61 |
D = ROT (D + H(A, B, C) + X[11] + 0x6ED9EBA1, 9);
|
|
rpm-build |
4f3c61 |
C = ROT (C + H(D, A, B) + X[7] + 0x6ED9EBA1, 11);
|
|
rpm-build |
4f3c61 |
B = ROT (B + H(C, D, A) + X[15] + 0x6ED9EBA1, 15);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
A += AA;
|
|
rpm-build |
4f3c61 |
B += BB;
|
|
rpm-build |
4f3c61 |
C += CC;
|
|
rpm-build |
4f3c61 |
D += DD;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
digest[0] = A & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[1] = (A >> 8) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[2] = (A >> 16) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[3] = (A >> 24) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[4] = B & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[5] = (B >> 8) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[6] = (B >> 16) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[7] = (B >> 24) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[8] = C & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[9] = (C >> 8) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[10] = (C >> 16) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[11] = (C >> 24) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[12] = D & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[13] = (D >> 8) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[14] = (D >> 16) & 0xFF;
|
|
rpm-build |
4f3c61 |
digest[15] = (D >> 24) & 0xFF;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Public domain DES implementation from Phil Karn */
|
|
rpm-build |
4f3c61 |
static const guint32 Spbox[8][64] = {
|
|
rpm-build |
4f3c61 |
{ 0x01010400,0x00000000,0x00010000,0x01010404,
|
|
rpm-build |
4f3c61 |
0x01010004,0x00010404,0x00000004,0x00010000,
|
|
rpm-build |
4f3c61 |
0x00000400,0x01010400,0x01010404,0x00000400,
|
|
rpm-build |
4f3c61 |
0x01000404,0x01010004,0x01000000,0x00000004,
|
|
rpm-build |
4f3c61 |
0x00000404,0x01000400,0x01000400,0x00010400,
|
|
rpm-build |
4f3c61 |
0x00010400,0x01010000,0x01010000,0x01000404,
|
|
rpm-build |
4f3c61 |
0x00010004,0x01000004,0x01000004,0x00010004,
|
|
rpm-build |
4f3c61 |
0x00000000,0x00000404,0x00010404,0x01000000,
|
|
rpm-build |
4f3c61 |
0x00010000,0x01010404,0x00000004,0x01010000,
|
|
rpm-build |
4f3c61 |
0x01010400,0x01000000,0x01000000,0x00000400,
|
|
rpm-build |
4f3c61 |
0x01010004,0x00010000,0x00010400,0x01000004,
|
|
rpm-build |
4f3c61 |
0x00000400,0x00000004,0x01000404,0x00010404,
|
|
rpm-build |
4f3c61 |
0x01010404,0x00010004,0x01010000,0x01000404,
|
|
rpm-build |
4f3c61 |
0x01000004,0x00000404,0x00010404,0x01010400,
|
|
rpm-build |
4f3c61 |
0x00000404,0x01000400,0x01000400,0x00000000,
|
|
rpm-build |
4f3c61 |
0x00010004,0x00010400,0x00000000,0x01010004 },
|
|
rpm-build |
4f3c61 |
{ 0x80108020,0x80008000,0x00008000,0x00108020,
|
|
rpm-build |
4f3c61 |
0x00100000,0x00000020,0x80100020,0x80008020,
|
|
rpm-build |
4f3c61 |
0x80000020,0x80108020,0x80108000,0x80000000,
|
|
rpm-build |
4f3c61 |
0x80008000,0x00100000,0x00000020,0x80100020,
|
|
rpm-build |
4f3c61 |
0x00108000,0x00100020,0x80008020,0x00000000,
|
|
rpm-build |
4f3c61 |
0x80000000,0x00008000,0x00108020,0x80100000,
|
|
rpm-build |
4f3c61 |
0x00100020,0x80000020,0x00000000,0x00108000,
|
|
rpm-build |
4f3c61 |
0x00008020,0x80108000,0x80100000,0x00008020,
|
|
rpm-build |
4f3c61 |
0x00000000,0x00108020,0x80100020,0x00100000,
|
|
rpm-build |
4f3c61 |
0x80008020,0x80100000,0x80108000,0x00008000,
|
|
rpm-build |
4f3c61 |
0x80100000,0x80008000,0x00000020,0x80108020,
|
|
rpm-build |
4f3c61 |
0x00108020,0x00000020,0x00008000,0x80000000,
|
|
rpm-build |
4f3c61 |
0x00008020,0x80108000,0x00100000,0x80000020,
|
|
rpm-build |
4f3c61 |
0x00100020,0x80008020,0x80000020,0x00100020,
|
|
rpm-build |
4f3c61 |
0x00108000,0x00000000,0x80008000,0x00008020,
|
|
rpm-build |
4f3c61 |
0x80000000,0x80100020,0x80108020,0x00108000 },
|
|
rpm-build |
4f3c61 |
{ 0x00000208,0x08020200,0x00000000,0x08020008,
|
|
rpm-build |
4f3c61 |
0x08000200,0x00000000,0x00020208,0x08000200,
|
|
rpm-build |
4f3c61 |
0x00020008,0x08000008,0x08000008,0x00020000,
|
|
rpm-build |
4f3c61 |
0x08020208,0x00020008,0x08020000,0x00000208,
|
|
rpm-build |
4f3c61 |
0x08000000,0x00000008,0x08020200,0x00000200,
|
|
rpm-build |
4f3c61 |
0x00020200,0x08020000,0x08020008,0x00020208,
|
|
rpm-build |
4f3c61 |
0x08000208,0x00020200,0x00020000,0x08000208,
|
|
rpm-build |
4f3c61 |
0x00000008,0x08020208,0x00000200,0x08000000,
|
|
rpm-build |
4f3c61 |
0x08020200,0x08000000,0x00020008,0x00000208,
|
|
rpm-build |
4f3c61 |
0x00020000,0x08020200,0x08000200,0x00000000,
|
|
rpm-build |
4f3c61 |
0x00000200,0x00020008,0x08020208,0x08000200,
|
|
rpm-build |
4f3c61 |
0x08000008,0x00000200,0x00000000,0x08020008,
|
|
rpm-build |
4f3c61 |
0x08000208,0x00020000,0x08000000,0x08020208,
|
|
rpm-build |
4f3c61 |
0x00000008,0x00020208,0x00020200,0x08000008,
|
|
rpm-build |
4f3c61 |
0x08020000,0x08000208,0x00000208,0x08020000,
|
|
rpm-build |
4f3c61 |
0x00020208,0x00000008,0x08020008,0x00020200 },
|
|
rpm-build |
4f3c61 |
{ 0x00802001,0x00002081,0x00002081,0x00000080,
|
|
rpm-build |
4f3c61 |
0x00802080,0x00800081,0x00800001,0x00002001,
|
|
rpm-build |
4f3c61 |
0x00000000,0x00802000,0x00802000,0x00802081,
|
|
rpm-build |
4f3c61 |
0x00000081,0x00000000,0x00800080,0x00800001,
|
|
rpm-build |
4f3c61 |
0x00000001,0x00002000,0x00800000,0x00802001,
|
|
rpm-build |
4f3c61 |
0x00000080,0x00800000,0x00002001,0x00002080,
|
|
rpm-build |
4f3c61 |
0x00800081,0x00000001,0x00002080,0x00800080,
|
|
rpm-build |
4f3c61 |
0x00002000,0x00802080,0x00802081,0x00000081,
|
|
rpm-build |
4f3c61 |
0x00800080,0x00800001,0x00802000,0x00802081,
|
|
rpm-build |
4f3c61 |
0x00000081,0x00000000,0x00000000,0x00802000,
|
|
rpm-build |
4f3c61 |
0x00002080,0x00800080,0x00800081,0x00000001,
|
|
rpm-build |
4f3c61 |
0x00802001,0x00002081,0x00002081,0x00000080,
|
|
rpm-build |
4f3c61 |
0x00802081,0x00000081,0x00000001,0x00002000,
|
|
rpm-build |
4f3c61 |
0x00800001,0x00002001,0x00802080,0x00800081,
|
|
rpm-build |
4f3c61 |
0x00002001,0x00002080,0x00800000,0x00802001,
|
|
rpm-build |
4f3c61 |
0x00000080,0x00800000,0x00002000,0x00802080 },
|
|
rpm-build |
4f3c61 |
{ 0x00000100,0x02080100,0x02080000,0x42000100,
|
|
rpm-build |
4f3c61 |
0x00080000,0x00000100,0x40000000,0x02080000,
|
|
rpm-build |
4f3c61 |
0x40080100,0x00080000,0x02000100,0x40080100,
|
|
rpm-build |
4f3c61 |
0x42000100,0x42080000,0x00080100,0x40000000,
|
|
rpm-build |
4f3c61 |
0x02000000,0x40080000,0x40080000,0x00000000,
|
|
rpm-build |
4f3c61 |
0x40000100,0x42080100,0x42080100,0x02000100,
|
|
rpm-build |
4f3c61 |
0x42080000,0x40000100,0x00000000,0x42000000,
|
|
rpm-build |
4f3c61 |
0x02080100,0x02000000,0x42000000,0x00080100,
|
|
rpm-build |
4f3c61 |
0x00080000,0x42000100,0x00000100,0x02000000,
|
|
rpm-build |
4f3c61 |
0x40000000,0x02080000,0x42000100,0x40080100,
|
|
rpm-build |
4f3c61 |
0x02000100,0x40000000,0x42080000,0x02080100,
|
|
rpm-build |
4f3c61 |
0x40080100,0x00000100,0x02000000,0x42080000,
|
|
rpm-build |
4f3c61 |
0x42080100,0x00080100,0x42000000,0x42080100,
|
|
rpm-build |
4f3c61 |
0x02080000,0x00000000,0x40080000,0x42000000,
|
|
rpm-build |
4f3c61 |
0x00080100,0x02000100,0x40000100,0x00080000,
|
|
rpm-build |
4f3c61 |
0x00000000,0x40080000,0x02080100,0x40000100 },
|
|
rpm-build |
4f3c61 |
{ 0x20000010,0x20400000,0x00004000,0x20404010,
|
|
rpm-build |
4f3c61 |
0x20400000,0x00000010,0x20404010,0x00400000,
|
|
rpm-build |
4f3c61 |
0x20004000,0x00404010,0x00400000,0x20000010,
|
|
rpm-build |
4f3c61 |
0x00400010,0x20004000,0x20000000,0x00004010,
|
|
rpm-build |
4f3c61 |
0x00000000,0x00400010,0x20004010,0x00004000,
|
|
rpm-build |
4f3c61 |
0x00404000,0x20004010,0x00000010,0x20400010,
|
|
rpm-build |
4f3c61 |
0x20400010,0x00000000,0x00404010,0x20404000,
|
|
rpm-build |
4f3c61 |
0x00004010,0x00404000,0x20404000,0x20000000,
|
|
rpm-build |
4f3c61 |
0x20004000,0x00000010,0x20400010,0x00404000,
|
|
rpm-build |
4f3c61 |
0x20404010,0x00400000,0x00004010,0x20000010,
|
|
rpm-build |
4f3c61 |
0x00400000,0x20004000,0x20000000,0x00004010,
|
|
rpm-build |
4f3c61 |
0x20000010,0x20404010,0x00404000,0x20400000,
|
|
rpm-build |
4f3c61 |
0x00404010,0x20404000,0x00000000,0x20400010,
|
|
rpm-build |
4f3c61 |
0x00000010,0x00004000,0x20400000,0x00404010,
|
|
rpm-build |
4f3c61 |
0x00004000,0x00400010,0x20004010,0x00000000,
|
|
rpm-build |
4f3c61 |
0x20404000,0x20000000,0x00400010,0x20004010 },
|
|
rpm-build |
4f3c61 |
{ 0x00200000,0x04200002,0x04000802,0x00000000,
|
|
rpm-build |
4f3c61 |
0x00000800,0x04000802,0x00200802,0x04200800,
|
|
rpm-build |
4f3c61 |
0x04200802,0x00200000,0x00000000,0x04000002,
|
|
rpm-build |
4f3c61 |
0x00000002,0x04000000,0x04200002,0x00000802,
|
|
rpm-build |
4f3c61 |
0x04000800,0x00200802,0x00200002,0x04000800,
|
|
rpm-build |
4f3c61 |
0x04000002,0x04200000,0x04200800,0x00200002,
|
|
rpm-build |
4f3c61 |
0x04200000,0x00000800,0x00000802,0x04200802,
|
|
rpm-build |
4f3c61 |
0x00200800,0x00000002,0x04000000,0x00200800,
|
|
rpm-build |
4f3c61 |
0x04000000,0x00200800,0x00200000,0x04000802,
|
|
rpm-build |
4f3c61 |
0x04000802,0x04200002,0x04200002,0x00000002,
|
|
rpm-build |
4f3c61 |
0x00200002,0x04000000,0x04000800,0x00200000,
|
|
rpm-build |
4f3c61 |
0x04200800,0x00000802,0x00200802,0x04200800,
|
|
rpm-build |
4f3c61 |
0x00000802,0x04000002,0x04200802,0x04200000,
|
|
rpm-build |
4f3c61 |
0x00200800,0x00000000,0x00000002,0x04200802,
|
|
rpm-build |
4f3c61 |
0x00000000,0x00200802,0x04200000,0x00000800,
|
|
rpm-build |
4f3c61 |
0x04000002,0x04000800,0x00000800,0x00200002 },
|
|
rpm-build |
4f3c61 |
{ 0x10001040,0x00001000,0x00040000,0x10041040,
|
|
rpm-build |
4f3c61 |
0x10000000,0x10001040,0x00000040,0x10000000,
|
|
rpm-build |
4f3c61 |
0x00040040,0x10040000,0x10041040,0x00041000,
|
|
rpm-build |
4f3c61 |
0x10041000,0x00041040,0x00001000,0x00000040,
|
|
rpm-build |
4f3c61 |
0x10040000,0x10000040,0x10001000,0x00001040,
|
|
rpm-build |
4f3c61 |
0x00041000,0x00040040,0x10040040,0x10041000,
|
|
rpm-build |
4f3c61 |
0x00001040,0x00000000,0x00000000,0x10040040,
|
|
rpm-build |
4f3c61 |
0x10000040,0x10001000,0x00041040,0x00040000,
|
|
rpm-build |
4f3c61 |
0x00041040,0x00040000,0x10041000,0x00001000,
|
|
rpm-build |
4f3c61 |
0x00000040,0x10040040,0x00001000,0x00041040,
|
|
rpm-build |
4f3c61 |
0x10001000,0x00000040,0x10000040,0x10040000,
|
|
rpm-build |
4f3c61 |
0x10040040,0x10000000,0x00040000,0x10001040,
|
|
rpm-build |
4f3c61 |
0x00000000,0x10041040,0x00040040,0x10000040,
|
|
rpm-build |
4f3c61 |
0x10040000,0x10001000,0x10001040,0x00000000,
|
|
rpm-build |
4f3c61 |
0x10041040,0x00041000,0x00041000,0x00001040,
|
|
rpm-build |
4f3c61 |
0x00001040,0x00040040,0x10000000,0x10041000 }
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#undef F
|
|
rpm-build |
4f3c61 |
#define F(l,r,key){\
|
|
rpm-build |
4f3c61 |
work = ((r >> 4) | (r << 28)) ^ key[0];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[6][work & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[4][(work >> 8) & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[2][(work >> 16) & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[0][(work >> 24) & 0x3f];\
|
|
rpm-build |
4f3c61 |
work = r ^ key[1];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[7][work & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[5][(work >> 8) & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[3][(work >> 16) & 0x3f];\
|
|
rpm-build |
4f3c61 |
l ^= Spbox[1][(work >> 24) & 0x3f];\
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
/* Encrypt or decrypt a block of data in ECB mode */
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
des (guint32 ks[16][2], unsigned char block[8])
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
guint32 left,right,work;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Read input block and place in left/right in big-endian order */
|
|
rpm-build |
4f3c61 |
left = ((guint32)block[0] << 24)
|
|
rpm-build |
4f3c61 |
| ((guint32)block[1] << 16)
|
|
rpm-build |
4f3c61 |
| ((guint32)block[2] << 8)
|
|
rpm-build |
4f3c61 |
| (guint32)block[3];
|
|
rpm-build |
4f3c61 |
right = ((guint32)block[4] << 24)
|
|
rpm-build |
4f3c61 |
| ((guint32)block[5] << 16)
|
|
rpm-build |
4f3c61 |
| ((guint32)block[6] << 8)
|
|
rpm-build |
4f3c61 |
| (guint32)block[7];
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Hoey's clever initial permutation algorithm, from Outerbridge
|
|
rpm-build |
4f3c61 |
* (see Schneier p 478)
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* The convention here is the same as Outerbridge: rotate each
|
|
rpm-build |
4f3c61 |
* register left by 1 bit, i.e., so that "left" contains permuted
|
|
rpm-build |
4f3c61 |
* input bits 2, 3, 4, ... 1 and "right" contains 33, 34, 35, ... 32
|
|
rpm-build |
4f3c61 |
* (using origin-1 numbering as in the FIPS). This allows us to avoid
|
|
rpm-build |
4f3c61 |
* one of the two rotates that would otherwise be required in each of
|
|
rpm-build |
4f3c61 |
* the 16 rounds.
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
work = ((left >> 4) ^ right) & 0x0f0f0f0f;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left ^= work << 4;
|
|
rpm-build |
4f3c61 |
work = ((left >> 16) ^ right) & 0xffff;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left ^= work << 16;
|
|
rpm-build |
4f3c61 |
work = ((right >> 2) ^ left) & 0x33333333;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= (work << 2);
|
|
rpm-build |
4f3c61 |
work = ((right >> 8) ^ left) & 0xff00ff;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= (work << 8);
|
|
rpm-build |
4f3c61 |
right = (right << 1) | (right >> 31);
|
|
rpm-build |
4f3c61 |
work = (left ^ right) & 0xaaaaaaaa;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left = (left << 1) | (left >> 31);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Now do the 16 rounds */
|
|
rpm-build |
4f3c61 |
F(left,right,ks[0]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[1]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[2]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[3]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[4]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[5]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[6]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[7]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[8]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[9]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[10]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[11]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[12]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[13]);
|
|
rpm-build |
4f3c61 |
F(left,right,ks[14]);
|
|
rpm-build |
4f3c61 |
F(right,left,ks[15]);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Inverse permutation, also from Hoey via Outerbridge and Schneier */
|
|
rpm-build |
4f3c61 |
right = (right << 31) | (right >> 1);
|
|
rpm-build |
4f3c61 |
work = (left ^ right) & 0xaaaaaaaa;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left = (left >> 1) | (left << 31);
|
|
rpm-build |
4f3c61 |
work = ((left >> 8) ^ right) & 0xff00ff;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left ^= work << 8;
|
|
rpm-build |
4f3c61 |
work = ((left >> 2) ^ right) & 0x33333333;
|
|
rpm-build |
4f3c61 |
right ^= work;
|
|
rpm-build |
4f3c61 |
left ^= work << 2;
|
|
rpm-build |
4f3c61 |
work = ((right >> 16) ^ left) & 0xffff;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= work << 16;
|
|
rpm-build |
4f3c61 |
work = ((right >> 4) ^ left) & 0x0f0f0f0f;
|
|
rpm-build |
4f3c61 |
left ^= work;
|
|
rpm-build |
4f3c61 |
right ^= work << 4;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Put the block back into the user's buffer with final swap */
|
|
rpm-build |
4f3c61 |
block[0] = right >> 24;
|
|
rpm-build |
4f3c61 |
block[1] = right >> 16;
|
|
rpm-build |
4f3c61 |
block[2] = right >> 8;
|
|
rpm-build |
4f3c61 |
block[3] = right;
|
|
rpm-build |
4f3c61 |
block[4] = left >> 24;
|
|
rpm-build |
4f3c61 |
block[5] = left >> 16;
|
|
rpm-build |
4f3c61 |
block[6] = left >> 8;
|
|
rpm-build |
4f3c61 |
block[7] = left;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Key schedule-related tables from FIPS-46 */
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* permuted choice table (key) */
|
|
rpm-build |
4f3c61 |
static const unsigned char pc1[] = {
|
|
rpm-build |
4f3c61 |
57, 49, 41, 33, 25, 17, 9,
|
|
rpm-build |
4f3c61 |
1, 58, 50, 42, 34, 26, 18,
|
|
rpm-build |
4f3c61 |
10, 2, 59, 51, 43, 35, 27,
|
|
rpm-build |
4f3c61 |
19, 11, 3, 60, 52, 44, 36,
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
63, 55, 47, 39, 31, 23, 15,
|
|
rpm-build |
4f3c61 |
7, 62, 54, 46, 38, 30, 22,
|
|
rpm-build |
4f3c61 |
14, 6, 61, 53, 45, 37, 29,
|
|
rpm-build |
4f3c61 |
21, 13, 5, 28, 20, 12, 4
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* number left rotations of pc1 */
|
|
rpm-build |
4f3c61 |
static const unsigned char totrot[] = {
|
|
rpm-build |
4f3c61 |
1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* permuted choice key (table) */
|
|
rpm-build |
4f3c61 |
static const unsigned char pc2[] = {
|
|
rpm-build |
4f3c61 |
14, 17, 11, 24, 1, 5,
|
|
rpm-build |
4f3c61 |
3, 28, 15, 6, 21, 10,
|
|
rpm-build |
4f3c61 |
23, 19, 12, 4, 26, 8,
|
|
rpm-build |
4f3c61 |
16, 7, 27, 20, 13, 2,
|
|
rpm-build |
4f3c61 |
41, 52, 31, 37, 47, 55,
|
|
rpm-build |
4f3c61 |
30, 40, 51, 45, 33, 48,
|
|
rpm-build |
4f3c61 |
44, 49, 39, 56, 34, 53,
|
|
rpm-build |
4f3c61 |
46, 42, 50, 36, 29, 32
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* End of DES-defined tables */
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* bit 0 is left-most in byte */
|
|
rpm-build |
4f3c61 |
static const int bytebit[] = {
|
|
rpm-build |
4f3c61 |
0200,0100,040,020,010,04,02,01
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* Generate key schedule for encryption or decryption
|
|
rpm-build |
4f3c61 |
* depending on the value of "decrypt"
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
deskey (DES_KS k, unsigned char *key, int decrypt)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
unsigned char pc1m[56]; /* place to modify pc1 into */
|
|
rpm-build |
4f3c61 |
unsigned char pcr[56]; /* place to rotate pc1 into */
|
|
rpm-build |
4f3c61 |
register int i,j,l;
|
|
rpm-build |
4f3c61 |
int m;
|
|
rpm-build |
4f3c61 |
unsigned char ks[8];
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
for (j=0; j<56; j++) { /* convert pc1 to bits of key */
|
|
rpm-build |
4f3c61 |
l=pc1[j]-1; /* integer bit location */
|
|
rpm-build |
4f3c61 |
m = l & 07; /* find bit */
|
|
rpm-build |
4f3c61 |
pc1m[j]=(key[l>>3] & /* find which key byte l is in */
|
|
rpm-build |
4f3c61 |
bytebit[m]) /* and which bit of that byte */
|
|
rpm-build |
4f3c61 |
? 1 : 0; /* and store 1-bit result */
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
for (i=0; i<16; i++) { /* key chunk for each iteration */
|
|
rpm-build |
4f3c61 |
memset(ks,0,sizeof(ks)); /* Clear key schedule */
|
|
rpm-build |
4f3c61 |
for (j=0; j<56; j++) /* rotate pc1 the right amount */
|
|
rpm-build |
4f3c61 |
pcr[j] = pc1m[(l=j+totrot[decrypt? 15-i : i])<(j<28? 28 : 56) ? l: l-28];
|
|
rpm-build |
4f3c61 |
/* rotate left and right halves independently */
|
|
rpm-build |
4f3c61 |
for (j=0; j<48; j++){ /* select bits individually */
|
|
rpm-build |
4f3c61 |
/* check bit that goes to ks[j] */
|
|
rpm-build |
4f3c61 |
if (pcr[pc2[j]-1]){
|
|
rpm-build |
4f3c61 |
/* mask it in if it's there */
|
|
rpm-build |
4f3c61 |
l= j % 6;
|
|
rpm-build |
4f3c61 |
ks[j/6] |= bytebit[l] >> 2;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
/* Now convert to packed odd/even interleaved form */
|
|
rpm-build |
4f3c61 |
k[i][0] = ((guint32)ks[0] << 24)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[2] << 16)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[4] << 8)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[6]);
|
|
rpm-build |
4f3c61 |
k[i][1] = ((guint32)ks[1] << 24)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[3] << 16)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[5] << 8)
|
|
rpm-build |
4f3c61 |
| ((guint32)ks[7]);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|