diff options
-rw-r--r-- | crypt-rc4.c | 50 | ||||
-rw-r--r-- | crypt-rc4.h | 14 | ||||
-rw-r--r-- | packet-dcerpc-samr.c | 6 |
3 files changed, 52 insertions, 18 deletions
diff --git a/crypt-rc4.c b/crypt-rc4.c index 73d08d45eb..2ea651a6d8 100644 --- a/crypt-rc4.c +++ b/crypt-rc4.c @@ -6,7 +6,7 @@ Copyright (C) Andrew Tridgell 1998 - $Id: crypt-rc4.c,v 1.1 2002/12/03 00:37:27 guy Exp $ + $Id: crypt-rc4.c,v 1.2 2002/12/11 19:31:02 guy Exp $ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,27 +27,29 @@ # include "config.h" #endif #include <glib.h> +#include <string.h> + +#include "crypt-rc4.h" /* Perform RC4 on a block of data using specified key. "data" is a pointer to the block to be processed. Output is written to same memory as input, so caller may need to make a copy before calling this function, since - the input will be overwritten. "val" specifies length of data buffer. - "key" is assumed to be a 16 octets in length + the input will be overwritten. - Taken from Samba source code. In the long term, it might be nice to have - the input and output buffer differ, have a length specifier for the key, - and separate the initialization function from the process function (as is - done with the Alleged-RC4 implementation). + Taken from Samba source code. Modified to allow us to maintain state + between calls to crypt_rc4. */ -void crypt_rc4( unsigned char *data, const unsigned char *key, int val) +void crypt_rc4_init(rc4_state_struct *rc4_state, + const unsigned char *key, int key_len) { - unsigned char s_box[256]; - unsigned char index_i = 0; - unsigned char index_j = 0; - unsigned char j = 0; int ind; + unsigned char j = 0; + unsigned char *s_box; + memset(rc4_state, 0, sizeof(rc4_state_struct)); + s_box = rc4_state->s_box; + for (ind = 0; ind < 256; ind++) { s_box[ind] = (unsigned char)ind; @@ -57,13 +59,29 @@ void crypt_rc4( unsigned char *data, const unsigned char *key, int val) { unsigned char tc; - j += (s_box[ind] + key[ind%16]); + j += (s_box[ind] + key[ind%key_len]); tc = s_box[ind]; s_box[ind] = s_box[j]; s_box[j] = tc; } - for( ind = 0; ind < val; ind++) + +} + +void crypt_rc4(rc4_state_struct *rc4_state, unsigned char *data, int data_len) +{ + unsigned char *s_box; + unsigned char index_i; + unsigned char index_j; + int ind; + + /* retrieve current state from the state struct (so we can resume where + we left off) */ + index_i = rc4_state->index_i; + index_j = rc4_state->index_j; + s_box = rc4_state->s_box; + + for( ind = 0; ind < data_len; ind++) { unsigned char tc; unsigned char t; @@ -78,4 +96,8 @@ void crypt_rc4( unsigned char *data, const unsigned char *key, int val) t = s_box[index_i] + s_box[index_j]; data[ind] = data[ind] ^ s_box[t]; } + + /* Store the updated state */ + rc4_state->index_i = index_i; + rc4_state->index_j = index_j; } diff --git a/crypt-rc4.h b/crypt-rc4.h index ec3dffd692..b76ecbb71b 100644 --- a/crypt-rc4.h +++ b/crypt-rc4.h @@ -6,7 +6,7 @@ Copyright (C) Andrew Tridgell 1998 - $Id: crypt-rc4.h,v 1.1 2002/12/03 00:37:27 guy Exp $ + $Id: crypt-rc4.h,v 1.2 2002/12/11 19:31:02 guy Exp $ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,4 +23,14 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -void crypt_rc4( unsigned char *data, const unsigned char *key, int val); +typedef struct _rc4_state_struct { + unsigned char s_box[256]; + unsigned char index_i; + unsigned char index_j; +} rc4_state_struct; + +void crypt_rc4_init(rc4_state_struct *rc4_state, + const unsigned char *key, int key_len); + +void crypt_rc4(rc4_state_struct *rc4_state, unsigned char *data, int data_len); + diff --git a/packet-dcerpc-samr.c b/packet-dcerpc-samr.c index c78aa622ef..9cca006ddf 100644 --- a/packet-dcerpc-samr.c +++ b/packet-dcerpc-samr.c @@ -3,7 +3,7 @@ * Copyright 2001, Tim Potter <tpot@samba.org> * 2002 Added all command dissectors Ronnie Sahlberg * - * $Id: packet-dcerpc-samr.c,v 1.62 2002/12/03 01:20:56 guy Exp $ + * $Id: packet-dcerpc-samr.c,v 1.63 2002/12/11 19:31:02 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1726,6 +1726,7 @@ samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, unsigned char password_md4_hash[16]; guint8 *block; tvbuff_t *decr_tvb; /* Used to store decrypted buffer */ + rc4_state_struct rc4_state; guint i; /* This implements the the algorithm discussed in lkcl -"DCE/RPC @@ -1774,7 +1775,8 @@ samr_dissect_NT_PASSCHANGE_BLOCK(tvbuff_t *tvb, int offset, tvb_memcpy(tvb, block, offset, NT_BLOCK_SIZE); /* RC4 decrypt the block with the old NT password hash */ - crypt_rc4(block, password_md4_hash, NT_BLOCK_SIZE); + crypt_rc4_init(&rc4_state, password_md4_hash, 16); + crypt_rc4(&rc4_state, block, NT_BLOCK_SIZE); /* Show the decrypted buffer in a new window */ decr_tvb = tvb_new_real_data(block, NT_BLOCK_SIZE, |