01_port_to_gcrypt.patch Paul Wise Placed in the public domain Port to libgcrypt to avoid GPL/OpenSSL incompatibility Forwarded to Petter Nordahl-Hagen Updated by Philippe Coval for debian diff --git a/Makefile b/Makefile index c3e06c5..8a6f6fb 100644 --- a/Makefile +++ b/Makefile @@ -1,37 +1,24 @@ # # Makefile for the Offline NT Password Editor # -# -# Change here to point to the needed OpenSSL libraries & .h files -# See INSTALL for more info. -# - -#SSLPATH=/usr/local/ssl -OSSLPATH=/usr -OSSLINC=$(OSSLPATH)/include CC=gcc # Force 32 bit -CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +CFLAGS= -DUSELIBGCRYPT -I. $(shell libgcrypt-config --cflags) -Wall -m32 OSSLLIB=$(OSSLPATH)/lib # 64 bit if default for compiler setup #CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall #OSSLLIB=$(OSSLPATH)/lib64 +LIBS=$(shell libgcrypt-config --libs) -# This is to link with whatever we have, SSL crypto lib we put in static -LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a - -all: chntpw chntpw.static cpnt reged reged.static +all: chntpw cpnt reged chntpw: chntpw.o ntreg.o edlib.o $(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o $(LIBS) -chntpw.static: chntpw.o ntreg.o edlib.o - $(CC) -static $(CFLAGS) -o chntpw.static chntpw.o ntreg.o edlib.o $(LIBS) - cpnt: cpnt.o $(CC) $(CFLAGS) -o cpnt cpnt.o $(LIBS) diff --git a/chntpw.c b/chntpw.c index 35202cc..09e548f 100644 --- a/chntpw.c +++ b/chntpw.c @@ -5,6 +5,7 @@ * is to reset password based information. * There is also a simple commandline based registry editor included. * + * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility * 2008-mar: Minor other tweaks * 2008-mar: Interactive reg ed moved out of this file, into edlib.c * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev @@ -61,12 +62,19 @@ #include #include +#if defined(USEOPENSSL) #include #include -#define uchar u_char #define MD4Init MD4_Init #define MD4Update MD4_Update #define MD4Final MD4_Final +#elif defined(USELIBGCRYPT) + #include +#else + #error No DES encryption and MD4 hashing library found +#endif + +#define uchar u_char #include "ntreg.h" #include "sam.h" @@ -138,7 +146,9 @@ void str_to_key(unsigned char *str,unsigned char *key) for (i=0;i<8;i++) { key[i] = (key[i]<<1); } +#if defined(USEOPENSSL) DES_set_odd_parity((des_cblock *)key); +#endif } /* @@ -183,6 +193,7 @@ void sid_to_key2(uint32_t sid,unsigned char deskey[8]) void E1(uchar *k, uchar *d, uchar *out) { +#if defined(USEOPENSSL) des_key_schedule ks; des_cblock deskey; @@ -193,6 +204,15 @@ void E1(uchar *k, uchar *d, uchar *out) des_set_key((des_cblock *)deskey,ks); #endif /* __FreeBsd__ */ des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); +#elif defined(USELIBGCRYPT) + gcry_cipher_hd_t ks; + uchar deskey[8]; + str_to_key(k,deskey); + gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); + gcry_cipher_setkey(ks, deskey, 8); + gcry_cipher_encrypt(ks, out, 8, d, 8); + gcry_cipher_close(ks); +#endif } @@ -500,10 +520,18 @@ char *change_pw(char *buf, int rid, int vlen, int stat) int dontchange = 0; struct user_V *v; +#ifdef USEOPENSSL des_key_schedule ks1, ks2; des_cblock deskey1, deskey2; MD4_CTX context; +#elif defined(USELIBGCRYPT) + gcry_cipher_hd_t ks1, ks2; + uchar deskey1[8], deskey2[8]; + + unsigned char *p; + gcry_md_hd_t context; +#endif unsigned char digest[16]; unsigned short acb; @@ -617,6 +645,7 @@ char *change_pw(char *buf, int rid, int vlen, int stat) hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); } +#if defined(USEOPENSSL) /* Get the two decrpt keys. */ sid_to_key1(rid,(unsigned char *)deskey1); des_set_key((des_cblock *)deskey1,ks1); @@ -634,6 +663,25 @@ char *change_pw(char *buf, int rid, int vlen, int stat) (des_cblock *)lanman, ks1, DES_DECRYPT); des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), (des_cblock *)&lanman[8], ks2, DES_DECRYPT); +#elif defined(USELIBGCRYPT) + /* Start the keys */ + gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); + gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); + + /* Get the two decrpt keys. */ + sid_to_key1(rid,deskey1); + gcry_cipher_setkey(ks1, deskey1, 8); + sid_to_key2(rid,deskey2); + gcry_cipher_setkey(ks2, deskey2, 8); + + /* Decrypt the NT md4 password hash as two 8 byte blocks. */ + gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); + gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); + + /* Decrypt the lanman password hash as two 8 byte blocks. */ + gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); + gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); +#endif if (gverbose) { hexprnt("MD4 hash : ",(unsigned char *)md4,16); @@ -689,9 +737,17 @@ char *change_pw(char *buf, int rid, int vlen, int stat) /* printf("Ucase Lanman: %s\n",newlanpw); */ +#if defined(USEOPENSSL) MD4Init (&context); MD4Update (&context, newunipw, pl<<1); MD4Final (digest, &context); +#elif defined(USELIBGCRYPT) + gcry_md_open(&context, GCRY_MD_MD4, 0); + gcry_md_write(context, newunipw, pl<<1); + p = gcry_md_read(context, GCRY_MD_MD4); + if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); + gcry_md_close(context); +#endif if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); @@ -700,6 +756,7 @@ char *change_pw(char *buf, int rid, int vlen, int stat) if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); +#if defined(USEOPENSSL) /* Encrypt the NT md4 password hash as two 8 byte blocks. */ des_ecb_encrypt((des_cblock *)digest, (des_cblock *)despw, ks1, DES_ENCRYPT); @@ -710,6 +767,18 @@ char *change_pw(char *buf, int rid, int vlen, int stat) (des_cblock *)newlandes, ks1, DES_ENCRYPT); des_ecb_encrypt((des_cblock *)(lanman+8), (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); +#elif defined(USELIBGCRYPT) + /* Encrypt the NT md4 password hash as two 8 byte blocks. */ + gcry_cipher_encrypt(ks1, despw, 8, digest, 8); + gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); + + gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); + gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); + + /* Close keys, not needed after this */ + gcry_cipher_close(ks1); + gcry_cipher_close(ks2); +#endif if (gverbose) { hexprnt("NEW DES crypt : ",(unsigned char *)despw,16);