-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid usage of legacy algorithms on libssl-3.0+ (#53)
Single DES and MD4 are considered legacy algorithms in OpenSSL/libssl-3.0. They can be enabled by adjusting the openssl configuration file or by using the new provider concept of OpenSSL-3. Editing the configuration must be done by each use of rubyntlm, which is very inconvenient. The provider API is not yet supported by the ruby binding to OpenSSL. So it's better to avoid the legacy algorithms at all. The single DES algorithm can easily implemented by a two key 3-DES run. The md4 implementation is taken from here: https://gist.github.com/tprynn/5419da1a2ad8935c1fff And the rc4 implementation is taken from here and modified: https://github.com/caiges/Ruby-RC4/blob/082fce56ab707dc77442709357cf176f7b3b6f22/lib/rc4.rb
- Loading branch information
Showing
4 changed files
with
153 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
require 'openssl' | ||
|
||
module Net | ||
module NTLM | ||
|
||
class Md4 | ||
|
||
begin | ||
OpenSSL::Digest::MD4.digest("") | ||
rescue | ||
# libssl-3.0+ doesn't support legacy MD4 -> use our own implementation | ||
|
||
require 'stringio' | ||
|
||
def self.digest(string) | ||
# functions | ||
mask = (1 << 32) - 1 | ||
f = proc {|x, y, z| x & y | x.^(mask) & z} | ||
g = proc {|x, y, z| x & y | x & z | y & z} | ||
h = proc {|x, y, z| x ^ y ^ z} | ||
r = proc {|v, s| (v << s).&(mask) | (v.&(mask) >> (32 - s))} | ||
|
||
# initial hash | ||
a, b, c, d = 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476 | ||
|
||
bit_len = string.size << 3 | ||
string += "\x80" | ||
while (string.size % 64) != 56 | ||
string += "\0" | ||
end | ||
string = string.force_encoding('ascii-8bit') + [bit_len & mask, bit_len >> 32].pack("V2") | ||
|
||
if string.size % 64 != 0 | ||
fail "failed to pad to correct length" | ||
end | ||
|
||
io = StringIO.new(string) | ||
block = "" | ||
|
||
while io.read(64, block) | ||
x = block.unpack("V16") | ||
|
||
# Process this block. | ||
aa, bb, cc, dd = a, b, c, d | ||
[0, 4, 8, 12].each {|i| | ||
a = r[a + f[b, c, d] + x[i], 3]; i += 1 | ||
d = r[d + f[a, b, c] + x[i], 7]; i += 1 | ||
c = r[c + f[d, a, b] + x[i], 11]; i += 1 | ||
b = r[b + f[c, d, a] + x[i], 19] | ||
} | ||
[0, 1, 2, 3].each {|i| | ||
a = r[a + g[b, c, d] + x[i] + 0x5a827999, 3]; i += 4 | ||
d = r[d + g[a, b, c] + x[i] + 0x5a827999, 5]; i += 4 | ||
c = r[c + g[d, a, b] + x[i] + 0x5a827999, 9]; i += 4 | ||
b = r[b + g[c, d, a] + x[i] + 0x5a827999, 13] | ||
} | ||
[0, 2, 1, 3].each {|i| | ||
a = r[a + h[b, c, d] + x[i] + 0x6ed9eba1, 3]; i += 8 | ||
d = r[d + h[a, b, c] + x[i] + 0x6ed9eba1, 9]; i -= 4 | ||
c = r[c + h[d, a, b] + x[i] + 0x6ed9eba1, 11]; i += 8 | ||
b = r[b + h[c, d, a] + x[i] + 0x6ed9eba1, 15] | ||
} | ||
a = (a + aa) & mask | ||
b = (b + bb) & mask | ||
c = (c + cc) & mask | ||
d = (d + dd) & mask | ||
end | ||
|
||
[a, b, c, d].pack("V4") | ||
end | ||
|
||
else | ||
# Openssl/libssl provides MD4, so we can use it. | ||
def self.digest(string) | ||
OpenSSL::Digest::MD4.digest(string) | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
require 'openssl' | ||
|
||
module Net | ||
module NTLM | ||
|
||
begin | ||
OpenSSL::Cipher.new("rc4") | ||
rescue | ||
# libssl-3.0+ doesn't support legacy Rc4 -> use our own implementation | ||
|
||
class Rc4 | ||
def initialize(str) | ||
raise ArgumentError, "RC4: Key supplied is blank" if str.eql?('') | ||
initialize_state(str) | ||
@q1, @q2 = 0, 0 | ||
end | ||
|
||
def encrypt(text) | ||
text.each_byte.map do |b| | ||
@q1 = (@q1 + 1) % 256 | ||
@q2 = (@q2 + @state[@q1]) % 256 | ||
@state[@q1], @state[@q2] = @state[@q2], @state[@q1] | ||
b ^ @state[(@state[@q1] + @state[@q2]) % 256] | ||
end.pack("C*") | ||
end | ||
|
||
private | ||
|
||
# The initial state which is then modified by the key-scheduling algorithm | ||
INITIAL_STATE = (0..255).to_a | ||
|
||
# Performs the key-scheduling algorithm to initialize the state. | ||
def initialize_state(key) | ||
i = j = 0 | ||
@state = INITIAL_STATE.dup | ||
key_length = key.length | ||
while i < 256 | ||
j = (j + @state[i] + key.getbyte(i % key_length)) % 256 | ||
@state[i], @state[j] = @state[j], @state[i] | ||
i += 1 | ||
end | ||
end | ||
end | ||
|
||
else | ||
# Openssl/libssl provides RC4, so we can use it. | ||
class Rc4 | ||
def initialize(str) | ||
@ci = OpenSSL::Cipher.new("rc4") | ||
@ci.key = str | ||
end | ||
|
||
def encrypt(text) | ||
@ci.update(text) + @ci.final | ||
end | ||
end | ||
end | ||
end | ||
end |