2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 #define HC_DEPRECATED_CRYPTO
49 #include "krb5-types.h"
50 #include "crypto-headers.h"
54 /*! \mainpage Heimdal NTLM library
56 * \section intro Introduction
58 * Heimdal libheimntlm library is a implementation of the NTLM
59 * protocol, both version 1 and 2. The GSS-API mech that uses this
60 * library adds support for transport encryption and integrity
63 * NTLM is a protocol for mutual authentication, its still used in
64 * many protocol where Kerberos is not support, one example is
65 * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
67 * This is a support library for the core protocol, its used in
68 * Heimdal to implement and GSS-API mechanism. There is also support
69 * in the KDC to do remote digest authenticiation, this to allow
70 * services to authenticate users w/o direct access to the users ntlm
71 * hashes (same as Kerberos arcfour enctype keys).
73 * More information about the NTLM protocol can found here
74 * http://davenport.sourceforge.net/ntlm.html .
76 * The Heimdal projects web page: http://www.h5l.org/
78 * @section ntlm_example NTLM Example
80 * Example to to use @ref test_ntlm.c .
82 * @example test_ntlm.c
84 * Example how to use the NTLM primitives.
88 /** @defgroup ntlm_core Heimdal NTLM library
90 * The NTLM core functions implement the string2key generation
91 * function, message encode and decode function, and the hash function
101 static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
107 #define CHECK(f, e) \
108 do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0)
111 * heim_ntlm_free_buf frees the ntlm buffer
113 * @param p buffer to be freed
119 heim_ntlm_free_buf(struct ntlm_buf *p)
129 ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
134 len = strlen(string);
135 if (len / 2 > UINT_MAX)
138 buf->length = len * 2;
139 buf->data = malloc(buf->length);
140 if (buf->data == NULL && len != 0) {
141 heim_ntlm_free_buf(buf);
146 for (i = 0; i < len; i++) {
147 unsigned char t = (unsigned char)string[i];
149 heim_ntlm_free_buf(buf);
164 static krb5_error_code
165 ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
168 CHECK(krb5_ret_uint16(sp, &buf->length), 0);
169 CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
170 CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
175 static krb5_error_code
176 store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
179 CHECK(krb5_store_uint16(sp, buf->length), 0);
180 CHECK(krb5_store_uint16(sp, buf->allocated), 0);
181 CHECK(krb5_store_uint32(sp, buf->offset), 0);
187 * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
188 * wire, but using utf8 in memory.
191 static krb5_error_code
192 len_string(int ucs2, const char *s)
194 size_t len = strlen(s);
200 static krb5_error_code
201 ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
205 *s = malloc(desc->length + 1);
206 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
207 CHECK(krb5_storage_read(sp, *s, desc->length), desc->length);
208 (*s)[desc->length] = '\0';
212 for (i = 0; i < desc->length / 2; i++) {
213 (*s)[i] = (*s)[i * 2];
214 if ((*s)[i * 2 + 1]) {
229 static krb5_error_code
230 put_string(krb5_storage *sp, int ucs2, const char *s)
236 ret = ascii2ucs2le(s, 0, &buf);
240 buf.data = rk_UNCONST(s);
241 buf.length = strlen(s);
244 CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
246 heim_ntlm_free_buf(&buf);
256 static krb5_error_code
257 ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
261 buf->data = malloc(desc->length);
262 buf->length = desc->length;
263 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
264 CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
270 static krb5_error_code
271 put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
274 CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
281 * Frees the ntlm_targetinfo message
283 * @param ti targetinfo to be freed
289 heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
291 free(ti->servername);
292 free(ti->domainname);
293 free(ti->dnsdomainname);
294 free(ti->dnsservername);
295 memset(ti, 0, sizeof(*ti));
299 encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s)
302 CHECK(krb5_store_uint16(out, type), 0);
303 CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
304 CHECK(put_string(out, ucs2, s), 0);
310 * Encodes a ntlm_targetinfo message.
312 * @param ti the ntlm_targetinfo message to encode.
313 * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
314 * @param data is the return buffer with the encoded message, should be
315 * freed with heim_ntlm_free_buf().
317 * @return In case of success 0 is return, an errors, a errno in what
324 heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
326 struct ntlm_buf *data)
334 out = krb5_storage_emem();
339 CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0);
341 CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0);
342 if (ti->dnsservername)
343 CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0);
344 if (ti->dnsdomainname)
345 CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0);
348 CHECK(krb5_store_int16(out, 0), 0);
349 CHECK(krb5_store_int16(out, 0), 0);
353 ret = krb5_storage_to_data(out, &d);
355 data->length = d.length;
358 krb5_storage_free(out);
363 * Decodes an NTLM targetinfo message
365 * @param data input data buffer with the encode NTLM targetinfo message
366 * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
367 * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
369 * @return In case of success 0 is return, an errors, a errno in what
376 heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
378 struct ntlm_targetinfo *ti)
380 memset(ti, 0, sizeof(*ti));
385 * Frees the ntlm_type1 message
387 * @param data message to be freed
393 heim_ntlm_free_type1(struct ntlm_type1 *data)
398 free(data->hostname);
399 memset(data, 0, sizeof(*data));
403 heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
406 unsigned char sig[8];
408 struct sec_buffer domain, hostname;
411 memset(data, 0, sizeof(*data));
413 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
418 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
420 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
421 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
422 CHECK(krb5_ret_uint32(in, &type), 0);
424 CHECK(krb5_ret_uint32(in, &data->flags), 0);
425 if (data->flags & NTLM_SUPPLIED_DOMAIN)
426 CHECK(ret_sec_buffer(in, &domain), 0);
427 if (data->flags & NTLM_SUPPLIED_WORKSTAION)
428 CHECK(ret_sec_buffer(in, &hostname), 0);
430 if (domain.offset > 32) {
431 CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
432 CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
435 if (data->flags & NTLM_SUPPLIED_DOMAIN)
436 CHECK(ret_string(in, 0, &domain, &data->domain), 0);
437 if (data->flags & NTLM_SUPPLIED_WORKSTAION)
438 CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
442 krb5_storage_free(in);
444 heim_ntlm_free_type1(data);
450 * Encodes an ntlm_type1 message.
452 * @param type1 the ntlm_type1 message to encode.
453 * @param data is the return buffer with the encoded message, should be
454 * freed with heim_ntlm_free_buf().
456 * @return In case of success 0 is return, an errors, a errno in what
463 heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
466 struct sec_buffer domain, hostname;
468 uint32_t base, flags;
470 flags = type1->flags;
475 flags |= NTLM_SUPPLIED_DOMAIN;
477 if (type1->hostname) {
479 flags |= NTLM_SUPPLIED_WORKSTAION;
485 domain.offset = base;
486 domain.length = len_string(0, type1->domain);
487 domain.allocated = domain.length;
489 if (type1->hostname) {
490 hostname.offset = domain.allocated + domain.offset;
491 hostname.length = len_string(0, type1->hostname);
492 hostname.allocated = hostname.length;
495 out = krb5_storage_emem();
499 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
500 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
501 sizeof(ntlmsigature));
502 CHECK(krb5_store_uint32(out, 1), 0);
503 CHECK(krb5_store_uint32(out, flags), 0);
506 CHECK(store_sec_buffer(out, &domain), 0);
508 CHECK(store_sec_buffer(out, &hostname), 0);
510 CHECK(krb5_store_uint32(out, type1->os[0]), 0);
511 CHECK(krb5_store_uint32(out, type1->os[1]), 0);
514 CHECK(put_string(out, 0, type1->domain), 0);
516 CHECK(put_string(out, 0, type1->hostname), 0);
520 ret = krb5_storage_to_data(out, &d);
522 data->length = d.length;
525 krb5_storage_free(out);
531 * Frees the ntlm_type2 message
533 * @param data message to be freed
539 heim_ntlm_free_type2(struct ntlm_type2 *data)
541 if (data->targetname)
542 free(data->targetname);
543 heim_ntlm_free_buf(&data->targetinfo);
544 memset(data, 0, sizeof(*data));
548 heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
551 unsigned char sig[8];
552 uint32_t type, ctx[2];
553 struct sec_buffer targetname, targetinfo;
557 memset(type2, 0, sizeof(*type2));
559 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
564 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
566 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
567 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
568 CHECK(krb5_ret_uint32(in, &type), 0);
571 CHECK(ret_sec_buffer(in, &targetname), 0);
572 CHECK(krb5_ret_uint32(in, &type2->flags), 0);
573 if (type2->flags & NTLM_NEG_UNICODE)
575 CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)),
576 sizeof(type2->challange));
577 CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
578 CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
579 CHECK(ret_sec_buffer(in, &targetinfo), 0);
582 CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
583 CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
586 CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0);
587 CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
592 krb5_storage_free(in);
594 heim_ntlm_free_type2(type2);
600 * Encodes an ntlm_type2 message.
602 * @param type2 the ntlm_type2 message to encode.
603 * @param data is the return buffer with the encoded message, should be
604 * freed with heim_ntlm_free_buf().
606 * @return In case of success 0 is return, an errors, a errno in what
613 heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
615 struct sec_buffer targetname, targetinfo;
617 krb5_storage *out = NULL;
626 if (type2->flags & NTLM_NEG_UNICODE)
629 targetname.offset = base;
630 targetname.length = len_string(ucs2, type2->targetname);
631 targetname.allocated = targetname.length;
633 targetinfo.offset = targetname.allocated + targetname.offset;
634 targetinfo.length = type2->targetinfo.length;
635 targetinfo.allocated = type2->targetinfo.length;
637 out = krb5_storage_emem();
641 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
642 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
643 sizeof(ntlmsigature));
644 CHECK(krb5_store_uint32(out, 2), 0);
645 CHECK(store_sec_buffer(out, &targetname), 0);
646 CHECK(krb5_store_uint32(out, type2->flags), 0);
647 CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)),
648 sizeof(type2->challange));
649 CHECK(krb5_store_uint32(out, 0), 0); /* context */
650 CHECK(krb5_store_uint32(out, 0), 0);
651 CHECK(store_sec_buffer(out, &targetinfo), 0);
654 CHECK(krb5_store_uint32(out, type2->os[0]), 0);
655 CHECK(krb5_store_uint32(out, type2->os[1]), 0);
657 CHECK(put_string(out, ucs2, type2->targetname), 0);
658 CHECK(krb5_storage_write(out, type2->targetinfo.data,
659 type2->targetinfo.length),
660 type2->targetinfo.length);
664 ret = krb5_storage_to_data(out, &d);
666 data->length = d.length;
670 krb5_storage_free(out);
676 * Frees the ntlm_type3 message
678 * @param data message to be freed
684 heim_ntlm_free_type3(struct ntlm_type3 *data)
686 heim_ntlm_free_buf(&data->lm);
687 heim_ntlm_free_buf(&data->ntlm);
688 if (data->targetname)
689 free(data->targetname);
691 free(data->username);
694 heim_ntlm_free_buf(&data->sessionkey);
695 memset(data, 0, sizeof(*data));
703 heim_ntlm_decode_type3(const struct ntlm_buf *buf,
705 struct ntlm_type3 *type3)
708 unsigned char sig[8];
711 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
713 memset(type3, 0, sizeof(*type3));
714 memset(&sessionkey, 0, sizeof(sessionkey));
716 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
721 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
723 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
724 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
725 CHECK(krb5_ret_uint32(in, &type), 0);
727 CHECK(ret_sec_buffer(in, &lm), 0);
728 CHECK(ret_sec_buffer(in, &ntlm), 0);
729 CHECK(ret_sec_buffer(in, &target), 0);
730 CHECK(ret_sec_buffer(in, &username), 0);
731 CHECK(ret_sec_buffer(in, &ws), 0);
732 if (lm.offset >= 60) {
733 CHECK(ret_sec_buffer(in, &sessionkey), 0);
735 if (lm.offset >= 64) {
736 CHECK(krb5_ret_uint32(in, &type3->flags), 0);
738 if (lm.offset >= 72) {
739 CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
740 CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
742 CHECK(ret_buf(in, &lm, &type3->lm), 0);
743 CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
744 CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0);
745 CHECK(ret_string(in, ucs2, &username, &type3->username), 0);
746 CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0);
747 if (sessionkey.offset)
748 CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
752 krb5_storage_free(in);
754 heim_ntlm_free_type3(type3);
760 * Encodes an ntlm_type3 message.
762 * @param type3 the ntlm_type3 message to encode.
763 * @param data is the return buffer with the encoded message, should be
764 * freed with heim_ntlm_free_buf().
766 * @return In case of success 0 is return, an errors, a errno in what
773 heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
775 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
777 krb5_storage *out = NULL;
781 memset(&lm, 0, sizeof(lm));
782 memset(&ntlm, 0, sizeof(ntlm));
783 memset(&target, 0, sizeof(target));
784 memset(&username, 0, sizeof(username));
785 memset(&ws, 0, sizeof(ws));
786 memset(&sessionkey, 0, sizeof(sessionkey));
789 if (type3->sessionkey.length) {
790 base += 8; /* sessionkey sec buf */
791 base += 4; /* flags */
797 if (type3->flags & NTLM_NEG_UNICODE)
801 lm.length = type3->lm.length;
802 lm.allocated = type3->lm.length;
804 ntlm.offset = lm.offset + lm.allocated;
805 ntlm.length = type3->ntlm.length;
806 ntlm.allocated = ntlm.length;
808 target.offset = ntlm.offset + ntlm.allocated;
809 target.length = len_string(ucs2, type3->targetname);
810 target.allocated = target.length;
812 username.offset = target.offset + target.allocated;
813 username.length = len_string(ucs2, type3->username);
814 username.allocated = username.length;
816 ws.offset = username.offset + username.allocated;
817 ws.length = len_string(ucs2, type3->ws);
818 ws.allocated = ws.length;
820 sessionkey.offset = ws.offset + ws.allocated;
821 sessionkey.length = type3->sessionkey.length;
822 sessionkey.allocated = type3->sessionkey.length;
824 out = krb5_storage_emem();
828 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
829 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
830 sizeof(ntlmsigature));
831 CHECK(krb5_store_uint32(out, 3), 0);
833 CHECK(store_sec_buffer(out, &lm), 0);
834 CHECK(store_sec_buffer(out, &ntlm), 0);
835 CHECK(store_sec_buffer(out, &target), 0);
836 CHECK(store_sec_buffer(out, &username), 0);
837 CHECK(store_sec_buffer(out, &ws), 0);
839 if (type3->sessionkey.length) {
840 CHECK(store_sec_buffer(out, &sessionkey), 0);
841 CHECK(krb5_store_uint32(out, type3->flags), 0);
844 CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
845 CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
848 CHECK(put_buf(out, &type3->lm), 0);
849 CHECK(put_buf(out, &type3->ntlm), 0);
850 CHECK(put_string(out, ucs2, type3->targetname), 0);
851 CHECK(put_string(out, ucs2, type3->username), 0);
852 CHECK(put_string(out, ucs2, type3->ws), 0);
853 CHECK(put_buf(out, &type3->sessionkey), 0);
857 ret = krb5_storage_to_data(out, &d);
859 data->length = d.length;
863 krb5_storage_free(out);
874 splitandenc(unsigned char *hash,
875 unsigned char *challange,
876 unsigned char *answer)
879 DES_key_schedule sched;
881 ((unsigned char*)key)[0] = hash[0];
882 ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
883 ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
884 ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
885 ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
886 ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
887 ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
888 ((unsigned char*)key)[7] = (hash[6] << 1);
890 DES_set_odd_parity(&key);
891 DES_set_key_unchecked(&key, &sched);
892 DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
893 memset(&sched, 0, sizeof(sched));
894 memset(key, 0, sizeof(key));
898 * Calculate the NTLM key, the password is assumed to be in UTF8.
900 * @param password password to calcute the key for.
901 * @param key calcuted key, should be freed with heim_ntlm_free_buf().
903 * @return In case of success 0 is return, an errors, a errno in what
910 heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
916 key->data = malloc(MD5_DIGEST_LENGTH);
917 if (key->data == NULL)
919 key->length = MD5_DIGEST_LENGTH;
921 ret = ascii2ucs2le(password, 0, &buf);
923 heim_ntlm_free_buf(key);
927 MD4_Update(&ctx, buf.data, buf.length);
928 MD4_Final(key->data, &ctx);
929 heim_ntlm_free_buf(&buf);
934 * Calculate NTLMv1 response hash
936 * @param key the ntlm v1 key
937 * @param len length of key
938 * @param challange sent by the server
939 * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
941 * @return In case of success 0 is return, an errors, a errno in what
948 heim_ntlm_calculate_ntlm1(void *key, size_t len,
949 unsigned char challange[8],
950 struct ntlm_buf *answer)
952 unsigned char res[21];
954 if (len != MD4_DIGEST_LENGTH)
957 memcpy(res, key, len);
958 memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
960 answer->data = malloc(24);
961 if (answer->data == NULL)
965 splitandenc(&res[0], challange, ((unsigned char *)answer->data) + 0);
966 splitandenc(&res[7], challange, ((unsigned char *)answer->data) + 8);
967 splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16);
973 * Generates an NTLMv1 session random with assosited session master key.
975 * @param key the ntlm v1 key
976 * @param len length of key
977 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
978 * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
980 * @return In case of success 0 is return, an errors, a errno in what
987 heim_ntlm_build_ntlm1_master(void *key, size_t len,
988 struct ntlm_buf *session,
989 struct ntlm_buf *master)
993 memset(master, 0, sizeof(*master));
994 memset(session, 0, sizeof(*session));
996 if (len != MD4_DIGEST_LENGTH)
999 session->length = MD4_DIGEST_LENGTH;
1000 session->data = malloc(session->length);
1001 if (session->data == NULL) {
1002 session->length = 0;
1005 master->length = MD4_DIGEST_LENGTH;
1006 master->data = malloc(master->length);
1007 if (master->data == NULL) {
1008 heim_ntlm_free_buf(master);
1009 heim_ntlm_free_buf(session);
1014 unsigned char sessionkey[MD4_DIGEST_LENGTH];
1018 MD4_Update(&ctx, key, len);
1019 MD4_Final(sessionkey, &ctx);
1021 RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
1024 if (RAND_bytes(session->data, session->length) != 1) {
1025 heim_ntlm_free_buf(master);
1026 heim_ntlm_free_buf(session);
1030 RC4(&rc4, master->length, session->data, master->data);
1031 memset(&rc4, 0, sizeof(rc4));
1037 * Generates an NTLMv2 session key.
1039 * @param key the ntlm key
1040 * @param len length of key
1041 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1042 * @param target the name of the target, assumed to be in UTF8.
1043 * @param ntlmv2 the ntlmv2 session key
1045 * @return 0 on success, or an error code on failure.
1047 * @ingroup ntlm_core
1051 heim_ntlm_ntlmv2_key(const void *key, size_t len,
1052 const char *username,
1054 unsigned char ntlmv2[16])
1057 unsigned int hmaclen;
1061 HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
1063 struct ntlm_buf buf;
1064 /* uppercase username and turn it into ucs2-le */
1065 ret = ascii2ucs2le(username, 1, &buf);
1068 HMAC_Update(&c, buf.data, buf.length);
1070 /* uppercase target and turn into ucs2-le */
1071 ret = ascii2ucs2le(target, 1, &buf);
1074 HMAC_Update(&c, buf.data, buf.length);
1077 HMAC_Final(&c, ntlmv2, &hmaclen);
1079 HMAC_CTX_cleanup(&c);
1088 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
1091 unix2nttime(time_t unix_time)
1094 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
1099 nt2unixtime(uint64_t t)
1101 t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
1102 if (t > (((time_t)(~(uint64_t)0)) >> 1))
1109 * Calculate NTLMv2 response
1111 * @param key the ntlm key
1112 * @param len length of key
1113 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1114 * @param target the name of the target, assumed to be in UTF8.
1115 * @param serverchallange challange as sent by the server in the type2 message.
1116 * @param infotarget infotarget as sent by the server in the type2 message.
1117 * @param ntlmv2 calculated session key
1118 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1120 * @return In case of success 0 is return, an errors, a errno in what
1123 * @ingroup ntlm_core
1127 heim_ntlm_calculate_ntlm2(const void *key, size_t len,
1128 const char *username,
1130 const unsigned char serverchallange[8],
1131 const struct ntlm_buf *infotarget,
1132 unsigned char ntlmv2[16],
1133 struct ntlm_buf *answer)
1135 krb5_error_code ret;
1137 unsigned int hmaclen;
1138 unsigned char ntlmv2answer[16];
1140 unsigned char clientchallange[8];
1144 t = unix2nttime(time(NULL));
1146 if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1)
1149 /* calculate ntlmv2 key */
1151 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1153 /* calculate and build ntlmv2 answer */
1155 sp = krb5_storage_emem();
1158 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1160 CHECK(krb5_store_uint32(sp, 0x00000101), 0);
1161 CHECK(krb5_store_uint32(sp, 0), 0);
1162 /* timestamp le 64 bit ts */
1163 CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
1164 CHECK(krb5_store_uint32(sp, t >> 32), 0);
1166 CHECK(krb5_storage_write(sp, clientchallange, 8), 8);
1168 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
1169 CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
1170 infotarget->length);
1171 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
1173 CHECK(krb5_storage_to_data(sp, &data), 0);
1174 krb5_storage_free(sp);
1178 HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
1179 HMAC_Update(&c, serverchallange, 8);
1180 HMAC_Update(&c, data.data, data.length);
1181 HMAC_Final(&c, ntlmv2answer, &hmaclen);
1182 HMAC_CTX_cleanup(&c);
1184 sp = krb5_storage_emem();
1186 krb5_data_free(&data);
1190 CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
1191 CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
1192 krb5_data_free(&data);
1194 CHECK(krb5_storage_to_data(sp, &data), 0);
1195 krb5_storage_free(sp);
1198 answer->data = data.data;
1199 answer->length = data.length;
1204 krb5_storage_free(sp);
1208 static const int authtimediff = 3600 * 2; /* 2 hours */
1211 * Verify NTLMv2 response.
1213 * @param key the ntlm key
1214 * @param len length of key
1215 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1216 * @param target the name of the target, assumed to be in UTF8.
1217 * @param now the time now (0 if the library should pick it up itself)
1218 * @param serverchallange challange as sent by the server in the type2 message.
1219 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1220 * @param infotarget infotarget as sent by the server in the type2 message.
1221 * @param ntlmv2 calculated session key
1223 * @return In case of success 0 is return, an errors, a errno in what
1226 * @ingroup ntlm_core
1230 heim_ntlm_verify_ntlm2(const void *key, size_t len,
1231 const char *username,
1234 const unsigned char serverchallange[8],
1235 const struct ntlm_buf *answer,
1236 struct ntlm_buf *infotarget,
1237 unsigned char ntlmv2[16])
1239 krb5_error_code ret;
1240 unsigned int hmaclen;
1241 unsigned char clientanswer[16];
1242 unsigned char clientnonce[8];
1243 unsigned char serveranswer[16];
1250 infotarget->length = 0;
1251 infotarget->data = NULL;
1253 if (answer->length < 16)
1259 /* calculate ntlmv2 key */
1261 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1263 /* calculate and build ntlmv2 answer */
1265 sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
1268 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1270 CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
1272 CHECK(krb5_ret_uint32(sp, &temp), 0);
1273 CHECK(temp, 0x00000101);
1274 CHECK(krb5_ret_uint32(sp, &temp), 0);
1276 /* timestamp le 64 bit ts */
1277 CHECK(krb5_ret_uint32(sp, &temp), 0);
1279 CHECK(krb5_ret_uint32(sp, &temp), 0);
1280 t |= ((uint64_t)temp)<< 32;
1282 authtime = nt2unixtime(t);
1284 if (abs((int)(authtime - now)) > authtimediff) {
1289 /* client challange */
1290 CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
1292 CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
1294 /* should really unparse the infotarget, but lets pick up everything */
1295 infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
1296 infotarget->data = malloc(infotarget->length);
1297 if (infotarget->data == NULL) {
1301 CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
1302 infotarget->length);
1303 /* XXX remove the unknown ?? */
1304 krb5_storage_free(sp);
1308 HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
1309 HMAC_Update(&c, serverchallange, 8);
1310 HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
1311 HMAC_Final(&c, serveranswer, &hmaclen);
1312 HMAC_CTX_cleanup(&c);
1314 if (memcmp(serveranswer, clientanswer, 16) != 0) {
1315 heim_ntlm_free_buf(infotarget);
1321 heim_ntlm_free_buf(infotarget);
1323 krb5_storage_free(sp);
1329 * Calculate the NTLM2 Session Response
1331 * @param clnt_nonce client nonce
1332 * @param svr_chal server challage
1333 * @param ntlm2_hash ntlm hash
1334 * @param lm The LM response, should be freed with heim_ntlm_free_buf().
1335 * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
1337 * @return In case of success 0 is return, an errors, a errno in what
1340 * @ingroup ntlm_core
1344 heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
1345 const unsigned char svr_chal[8],
1346 const unsigned char ntlm_hash[16],
1347 struct ntlm_buf *lm,
1348 struct ntlm_buf *ntlm)
1350 unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
1351 unsigned char res[21], *resp;
1354 lm->data = malloc(24);
1355 if (lm->data == NULL)
1359 ntlm->data = malloc(24);
1360 if (ntlm->data == NULL) {
1367 /* first setup the lm resp */
1368 memset(lm->data, 0, 24);
1369 memcpy(lm->data, clnt_nonce, 8);
1372 MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
1373 MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
1374 MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
1376 memset(res, 0, sizeof(res));
1377 memcpy(res, ntlm_hash, 16);
1380 splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
1381 splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
1382 splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
git.samba.org / amitay / samba.git / blob