2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1998
5 Modified by Jeremy Allison 1995.
6 Copyright (C) Jeremy Allison 1995-2000.
7 Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "byteorder.h"
29 This implements the X/Open SMB password encryption
30 It takes a password ('unix' string), a 8 byte "crypt key"
31 and puts 24 bytes of encrypted password into p24 */
32 void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
37 E_deshash(passwd, p21);
39 SMBOWFencrypt(p21, c8, p24);
42 DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
43 dump_data(100, (char *)p21, 16);
44 dump_data(100, (const char *)c8, 8);
45 dump_data(100, (char *)p24, 24);
50 * Creates the MD4 Hash of the users password in NT UNICODE.
51 * @param passwd password in 'unix' charset.
52 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
55 void E_md4hash(const char *passwd, uchar p16[16])
60 /* Password must be converted to NT unicode - null terminated. */
61 push_ucs2(NULL, wpwd, (const char *)passwd, 256, STR_UNICODE|STR_NOALIGN|STR_TERMINATE);
62 /* Calculate length in bytes */
63 len = strlen_w(wpwd) * sizeof(int16);
65 mdfour(p16, (unsigned char *)wpwd, len);
70 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
71 * @param passwd password in 'unix' charset.
72 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
75 void E_deshash(const char *passwd, uchar p16[16])
80 /* Password must be converted to DOS charset - null terminated, uppercase. */
81 push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
83 /* Only the fisrt 14 chars are considered, password need not be null terminated. */
90 * Creates the MD4 and DES (LM) Hash of the users password.
91 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
92 * @param passwd password in 'unix' charset.
93 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
94 * @param p16 return password hashed with des, caller allocated 16 byte buffer
97 /* Does both the NT and LM owfs of a user's password */
98 void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
100 /* Calculate the MD4 hash (NT compatible) of the password */
101 memset(nt_p16, '\0', 16);
102 E_md4hash(pwd, nt_p16);
104 #ifdef DEBUG_PASSWORD
105 DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
106 dump_data(120, pwd, strlen(pwd));
107 dump_data(100, (char *)nt_p16, 16);
110 E_deshash(pwd, (uchar *)p16);
112 #ifdef DEBUG_PASSWORD
113 DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
114 dump_data(120, pwd, strlen(pwd));
115 dump_data(100, (char *)p16, 16);
119 /* Does both the NTLMv2 owfs of a user's password */
120 BOOL ntv2_owf_gen(const uchar owf[16],
121 const char *user_in, const char *domain_in, uchar kr_buf[16])
126 size_t user_byte_len;
127 size_t domain_byte_len;
131 user_byte_len = push_ucs2_allocate(&user, user_in);
132 if (user_byte_len == (size_t)-1) {
133 DEBUG(0, ("push_uss2_allocate() for user returned -1 (probably malloc() failure)\n"));
137 domain_byte_len = push_ucs2_allocate(&domain, domain_in);
138 if (domain_byte_len == (size_t)-1) {
139 DEBUG(0, ("push_uss2_allocate() for domain returned -1 (probably malloc() failure)\n"));
146 SMB_ASSERT(user_byte_len >= 2);
147 SMB_ASSERT(domain_byte_len >= 2);
149 /* We don't want null termination */
150 user_byte_len = user_byte_len - 2;
151 domain_byte_len = domain_byte_len - 2;
153 hmac_md5_init_limK_to_64(owf, 16, &ctx);
154 hmac_md5_update((const unsigned char *)user, user_byte_len, &ctx);
155 hmac_md5_update((const unsigned char *)domain, domain_byte_len, &ctx);
156 hmac_md5_final(kr_buf, &ctx);
158 #ifdef DEBUG_PASSWORD
159 DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
160 dump_data(100, (const char *)user, user_byte_len);
161 dump_data(100, (const char *)domain, domain_byte_len);
162 dump_data(100, owf, 16);
163 dump_data(100, kr_buf, 16);
171 /* Does the des encryption from the NT or LM MD4 hash. */
172 void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24])
178 memcpy(p21, passwd, 16);
182 /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
183 void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24])
188 memcpy(p21, passwd, 8);
189 memset(p21 + 8, 0xbd, 8);
191 E_P24(p21, ntlmchalresp, p24);
192 #ifdef DEBUG_PASSWORD
193 DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
194 dump_data(100, (char *)p21, 21);
195 dump_data(100, (const char *)ntlmchalresp, 8);
196 dump_data(100, (char *)p24, 24);
201 /* Does the NT MD4 hash then des encryption. */
203 void SMBNTencrypt(const char *passwd, uchar *c8, uchar *p24)
209 E_md4hash(passwd, p21);
210 SMBOWFencrypt(p21, c8, p24);
212 #ifdef DEBUG_PASSWORD
213 DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
214 dump_data(100, (char *)p21, 16);
215 dump_data(100, (char *)c8, 8);
216 dump_data(100, (char *)p24, 24);
220 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
222 int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
224 if (new_pw_len > 512)
226 DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
231 * Now setup the data area.
232 * We need to generate a random fill
233 * for this area to make it harder to
236 generate_random_buffer((unsigned char *)data, 516, False);
237 push_string(NULL, &data[512 - new_pw_len], passwd, new_pw_len,
238 STR_NOALIGN | (unicode?STR_UNICODE:STR_ASCII));
239 SIVAL(data, 512, new_pw_len);
241 #ifdef DEBUG_PASSWORD
242 DEBUG(100,("make_oem_passwd_hash\n"));
243 dump_data(100, data, 516);
245 SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
250 /* Does the md5 encryption from the NT hash for NTLMv2. */
251 void SMBOWFencrypt_ntv2(const uchar kr[16],
252 const DATA_BLOB srv_chal,
253 const DATA_BLOB cli_chal,
258 hmac_md5_init_limK_to_64(kr, 16, &ctx);
259 hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
260 hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
261 hmac_md5_final(resp_buf, &ctx);
263 #ifdef DEBUG_PASSWORD
264 DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
265 dump_data(100, srv_chal.data, srv_chal.length);
266 dump_data(100, cli_chal.data, cli_chal.length);
267 dump_data(100, resp_buf, 16);
271 void SMBsesskeygen_ntv2(const uchar kr[16],
272 const uchar * nt_resp, uint8 sess_key[16])
276 hmac_md5_init_limK_to_64(kr, 16, &ctx);
277 hmac_md5_update(nt_resp, 16, &ctx);
278 hmac_md5_final((unsigned char *)sess_key, &ctx);
280 #ifdef DEBUG_PASSWORD
281 DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
282 dump_data(100, sess_key, 16);
286 void SMBsesskeygen_ntv1(const uchar kr[16],
287 const uchar * nt_resp, uint8 sess_key[16])
289 mdfour((unsigned char *)sess_key, kr, 16);
291 #ifdef DEBUG_PASSWORD
292 DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
293 dump_data(100, sess_key, 16);
297 static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
298 DATA_BLOB server_chal, size_t client_chal_length)
300 uchar ntlmv2_response[16];
301 DATA_BLOB ntlmv2_client_data;
302 DATA_BLOB final_response;
306 /* We also get to specify some random data */
307 ntlmv2_client_data = data_blob(NULL, client_chal_length);
308 generate_random_buffer(ntlmv2_client_data.data, ntlmv2_client_data.length, False);
310 /* Given that data, and the challenge from the server, generate a response */
311 SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, ntlmv2_client_data, ntlmv2_response);
313 /* put it into nt_response, for the code below to put into the packet */
314 final_response = data_blob(NULL, ntlmv2_client_data.length + sizeof(ntlmv2_response));
315 memcpy(final_response.data, ntlmv2_response, sizeof(ntlmv2_response));
316 /* after the first 16 bytes is the random data we generated above, so the server can verify us with it */
317 memcpy(final_response.data + sizeof(ntlmv2_response), ntlmv2_client_data.data, ntlmv2_client_data.length);
318 data_blob_free(&ntlmv2_client_data);
320 return final_response;
323 BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
324 const DATA_BLOB server_chal,
325 DATA_BLOB *lm_response, DATA_BLOB *nt_response,
326 DATA_BLOB *lm_session_key,
327 DATA_BLOB *nt_session_key)
330 uchar ntlm_v2_hash[16];
331 E_md4hash(password, nt_hash);
333 /* We don't use the NT# directly. Instead we use it mashed up with
334 the username and domain.
335 This prevents username swapping during the auth exchange
337 if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
342 *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
343 if (nt_session_key) {
344 *nt_session_key = data_blob(NULL, 16);
346 /* The NTLMv2 calculations also provide a session key, for signing etc later */
347 /* use only the first 16 bytes of nt_response for session key */
348 SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
355 *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
356 if (lm_session_key) {
357 *lm_session_key = data_blob(NULL, 16);
359 /* The NTLMv2 calculations also provide a session key, for signing etc later */
360 /* use only the first 16 bytes of nt_response for session key */
361 SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
368 /***********************************************************
369 encode a password buffer. The caller gets to figure out
371 ************************************************************/
372 BOOL encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
374 generate_random_buffer((unsigned char *)buffer, 516, True);
376 memcpy(&buffer[512 - new_pw_length], new_pw, new_pw_length);
379 * The length of the new password is in the last 4 bytes of
382 SIVAL(buffer, 512, new_pw_length);
387 /***********************************************************
388 decode a password buffer
389 *new_pw_len is the length in bytes of the possibly mulitbyte
390 returned password including termination.
391 ************************************************************/
392 BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
393 int new_pwrd_size, uint32 *new_pw_len)
398 Warning !!! : This function is called from some rpc call.
399 The password IN the buffer is a UNICODE string.
400 The password IN new_pwrd is an ASCII string
401 If you reuse that code somewhere else check first.
404 /* The length of the new password is in the last 4 bytes of the data buffer. */
406 byte_len = IVAL(in_buffer, 512);
408 #ifdef DEBUG_PASSWORD
409 dump_data(100, in_buffer, 516);
412 /* Password cannot be longer than 128 characters */
413 if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) {
414 DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
415 DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
419 /* decode into the return buffer. Buffer must be a pstring */
420 *new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE);
422 #ifdef DEBUG_PASSWORD
423 DEBUG(100,("decode_pw_buffer: new_pwrd: "));
424 dump_data(100, (char *)new_pwrd, *new_pw_len);
425 DEBUG(100,("multibyte len:%d\n", *new_pw_len));
426 DEBUG(100,("original char len:%d\n", byte_len/2));
git.samba.org / samba.git / blob