2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $");
49 #include "krb5-types.h"
50 #include "crypto-headers.h"
56 * Source of NTLM information:
57 * http://davenport.sourceforge.net/ntlm.html
67 static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
74 do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0)
77 _ntlm_free_buf(struct ntlm_buf *p)
87 ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
93 if (len / 2 > UINT_MAX)
96 buf->length = len * 2;
97 buf->data = malloc(buf->length);
98 if (buf->data == NULL && len != 0) {
104 for (i = 0; i < len; i++) {
105 unsigned char t = (unsigned char)string[i];
122 static krb5_error_code
123 ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
126 CHECK(krb5_ret_uint16(sp, &buf->length), 0);
127 CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
128 CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
133 static krb5_error_code
134 store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
137 CHECK(krb5_store_uint16(sp, buf->length), 0);
138 CHECK(krb5_store_uint16(sp, buf->allocated), 0);
139 CHECK(krb5_store_uint32(sp, buf->offset), 0);
145 * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
146 * wire, but using utf8 in memory.
149 static krb5_error_code
150 len_string(int ucs2, const char *s)
152 size_t len = strlen(s);
158 static krb5_error_code
159 ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
163 *s = malloc(desc->length + 1);
164 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
165 CHECK(krb5_storage_read(sp, *s, desc->length), desc->length);
166 (*s)[desc->length] = '\0';
170 for (i = 0; i < desc->length / 2; i++) {
171 (*s)[i] = (*s)[i * 2];
172 if ((*s)[i * 2 + 1]) {
187 static krb5_error_code
188 put_string(krb5_storage *sp, int ucs2, const char *s)
194 ret = ascii2ucs2le(s, 0, &buf);
198 buf.data = rk_UNCONST(s);
199 buf.length = strlen(s);
202 CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
204 _ntlm_free_buf(&buf);
214 static krb5_error_code
215 ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
219 buf->data = malloc(desc->length);
220 buf->length = desc->length;
221 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
222 CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
228 static krb5_error_code
229 put_buf(krb5_storage *sp, struct ntlm_buf *buf)
232 CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
243 heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
245 free(ti->servername);
246 free(ti->domainname);
247 free(ti->dnsdomainname);
248 free(ti->dnsservername);
249 memset(ti, 0, sizeof(*ti));
253 encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s)
256 CHECK(krb5_store_uint16(out, type), 0);
257 CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
258 CHECK(put_string(out, ucs2, s), 0);
264 heim_ntlm_encode_targetinfo(struct ntlm_targetinfo *ti,
266 struct ntlm_buf *data)
274 out = krb5_storage_emem();
279 CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0);
281 CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0);
282 if (ti->dnsservername)
283 CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0);
284 if (ti->dnsdomainname)
285 CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0);
288 CHECK(krb5_store_int16(out, 0), 0);
289 CHECK(krb5_store_int16(out, 0), 0);
293 ret = krb5_storage_to_data(out, &d);
295 data->length = d.length;
298 krb5_storage_free(out);
303 heim_ntlm_decode_targetinfo(struct ntlm_buf *data, int ucs2,
304 struct ntlm_targetinfo *ti)
306 memset(ti, 0, sizeof(*ti));
311 * encoder/decoder type1 messages
315 heim_ntlm_free_type1(struct ntlm_type1 *data)
320 free(data->hostname);
321 memset(data, 0, sizeof(*data));
325 heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
328 unsigned char sig[8];
330 struct sec_buffer domain, hostname;
333 memset(data, 0, sizeof(*data));
335 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
340 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
342 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
343 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
344 CHECK(krb5_ret_uint32(in, &type), 0);
346 CHECK(krb5_ret_uint32(in, &data->flags), 0);
347 if (data->flags & NTLM_SUPPLIED_DOMAIN)
348 CHECK(ret_sec_buffer(in, &domain), 0);
349 if (data->flags & NTLM_SUPPLIED_WORKSTAION)
350 CHECK(ret_sec_buffer(in, &hostname), 0);
352 if (domain.offset > 32) {
353 CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
354 CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
357 if (data->flags & NTLM_SUPPLIED_DOMAIN)
358 CHECK(ret_string(in, 0, &domain, &data->domain), 0);
359 if (data->flags & NTLM_SUPPLIED_WORKSTAION)
360 CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
363 krb5_storage_free(in);
365 heim_ntlm_free_type1(data);
371 heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
374 struct sec_buffer domain, hostname;
376 uint32_t base, flags;
378 flags = type1->flags;
383 flags |= NTLM_SUPPLIED_DOMAIN;
385 if (type1->hostname) {
387 flags |= NTLM_SUPPLIED_WORKSTAION;
393 domain.offset = base;
394 domain.length = len_string(0, type1->domain);
395 domain.allocated = domain.length;
397 if (type1->hostname) {
398 hostname.offset = domain.allocated + domain.offset;
399 hostname.length = len_string(0, type1->hostname);
400 hostname.allocated = hostname.length;
403 out = krb5_storage_emem();
407 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
408 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
409 sizeof(ntlmsigature));
410 CHECK(krb5_store_uint32(out, 1), 0);
411 CHECK(krb5_store_uint32(out, flags), 0);
414 CHECK(store_sec_buffer(out, &domain), 0);
416 CHECK(store_sec_buffer(out, &hostname), 0);
418 CHECK(krb5_store_uint32(out, type1->os[0]), 0);
419 CHECK(krb5_store_uint32(out, type1->os[1]), 0);
422 CHECK(put_string(out, 0, type1->domain), 0);
424 CHECK(put_string(out, 0, type1->hostname), 0);
428 ret = krb5_storage_to_data(out, &d);
430 data->length = d.length;
433 krb5_storage_free(out);
439 * encoder/decoder type 2 messages
443 heim_ntlm_free_type2(struct ntlm_type2 *data)
445 if (data->targetname)
446 free(data->targetname);
447 _ntlm_free_buf(&data->targetinfo);
448 memset(data, 0, sizeof(*data));
452 heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
455 unsigned char sig[8];
456 uint32_t type, ctx[2];
457 struct sec_buffer targetname, targetinfo;
461 memset(type2, 0, sizeof(*type2));
463 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
468 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
470 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
471 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
472 CHECK(krb5_ret_uint32(in, &type), 0);
475 CHECK(ret_sec_buffer(in, &targetname), 0);
476 CHECK(krb5_ret_uint32(in, &type2->flags), 0);
477 if (type2->flags & NTLM_NEG_UNICODE)
479 CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)),
480 sizeof(type2->challange));
481 CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
482 CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
483 CHECK(ret_sec_buffer(in, &targetinfo), 0);
486 CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
487 CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
490 CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0);
491 CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
495 krb5_storage_free(in);
497 heim_ntlm_free_type2(type2);
503 heim_ntlm_encode_type2(struct ntlm_type2 *type2, struct ntlm_buf *data)
505 struct sec_buffer targetname, targetinfo;
507 krb5_storage *out = NULL;
516 if (type2->flags & NTLM_NEG_UNICODE)
519 targetname.offset = base;
520 targetname.length = len_string(ucs2, type2->targetname);
521 targetname.allocated = targetname.length;
523 targetinfo.offset = targetname.allocated + targetname.offset;
524 targetinfo.length = type2->targetinfo.length;
525 targetinfo.allocated = type2->targetinfo.length;
527 out = krb5_storage_emem();
531 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
532 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
533 sizeof(ntlmsigature));
534 CHECK(krb5_store_uint32(out, 2), 0);
535 CHECK(store_sec_buffer(out, &targetname), 0);
536 CHECK(krb5_store_uint32(out, type2->flags), 0);
537 CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)),
538 sizeof(type2->challange));
539 CHECK(krb5_store_uint32(out, 0), 0); /* context */
540 CHECK(krb5_store_uint32(out, 0), 0);
541 CHECK(store_sec_buffer(out, &targetinfo), 0);
544 CHECK(krb5_store_uint32(out, type2->os[0]), 0);
545 CHECK(krb5_store_uint32(out, type2->os[1]), 0);
547 CHECK(put_string(out, ucs2, type2->targetname), 0);
548 CHECK(krb5_storage_write(out, type2->targetinfo.data,
549 type2->targetinfo.length),
550 type2->targetinfo.length);
554 ret = krb5_storage_to_data(out, &d);
556 data->length = d.length;
560 krb5_storage_free(out);
566 * encoder/decoder type 2 messages
570 heim_ntlm_free_type3(struct ntlm_type3 *data)
572 _ntlm_free_buf(&data->lm);
573 _ntlm_free_buf(&data->ntlm);
574 if (data->targetname)
575 free(data->targetname);
577 free(data->username);
580 _ntlm_free_buf(&data->sessionkey);
581 memset(data, 0, sizeof(*data));
589 heim_ntlm_decode_type3(const struct ntlm_buf *buf,
591 struct ntlm_type3 *type3)
594 unsigned char sig[8];
597 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
599 memset(type3, 0, sizeof(*type3));
600 memset(&sessionkey, 0, sizeof(sessionkey));
602 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
607 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
609 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
610 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
611 CHECK(krb5_ret_uint32(in, &type), 0);
613 CHECK(ret_sec_buffer(in, &lm), 0);
614 CHECK(ret_sec_buffer(in, &ntlm), 0);
615 CHECK(ret_sec_buffer(in, &target), 0);
616 CHECK(ret_sec_buffer(in, &username), 0);
617 CHECK(ret_sec_buffer(in, &ws), 0);
618 if (lm.offset >= 60) {
619 CHECK(ret_sec_buffer(in, &sessionkey), 0);
621 if (lm.offset >= 64) {
622 CHECK(krb5_ret_uint32(in, &type3->flags), 0);
624 if (lm.offset >= 72) {
625 CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
626 CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
628 CHECK(ret_buf(in, &lm, &type3->lm), 0);
629 CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
630 CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0);
631 CHECK(ret_string(in, ucs2, &username, &type3->username), 0);
632 CHECK(ret_string(in, ucs2, &username, &type3->ws), 0);
633 if (sessionkey.offset)
634 CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
637 krb5_storage_free(in);
639 heim_ntlm_free_type3(type3);
645 heim_ntlm_encode_type3(struct ntlm_type3 *type3, struct ntlm_buf *data)
647 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
649 krb5_storage *out = NULL;
653 memset(&lm, 0, sizeof(lm));
654 memset(&ntlm, 0, sizeof(ntlm));
655 memset(&target, 0, sizeof(target));
656 memset(&username, 0, sizeof(username));
657 memset(&ws, 0, sizeof(ws));
658 memset(&sessionkey, 0, sizeof(sessionkey));
661 if (type3->sessionkey.length) {
662 base += 8; /* sessionkey sec buf */
663 base += 4; /* flags */
669 if (type3->flags & NTLM_NEG_UNICODE)
673 lm.length = type3->lm.length;
674 lm.allocated = type3->lm.length;
676 ntlm.offset = lm.offset + lm.allocated;
677 ntlm.length = type3->ntlm.length;
678 ntlm.allocated = ntlm.length;
680 target.offset = ntlm.offset + ntlm.allocated;
681 target.length = len_string(ucs2, type3->targetname);
682 target.allocated = target.length;
684 username.offset = target.offset + target.allocated;
685 username.length = len_string(ucs2, type3->username);
686 username.allocated = username.length;
688 ws.offset = username.offset + username.allocated;
689 ws.length = len_string(ucs2, type3->ws);
690 ws.allocated = ws.length;
692 sessionkey.offset = ws.offset + ws.allocated;
693 sessionkey.length = type3->sessionkey.length;
694 sessionkey.allocated = type3->sessionkey.length;
696 out = krb5_storage_emem();
700 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
701 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
702 sizeof(ntlmsigature));
703 CHECK(krb5_store_uint32(out, 3), 0);
705 CHECK(store_sec_buffer(out, &lm), 0);
706 CHECK(store_sec_buffer(out, &ntlm), 0);
707 CHECK(store_sec_buffer(out, &target), 0);
708 CHECK(store_sec_buffer(out, &username), 0);
709 CHECK(store_sec_buffer(out, &ws), 0);
711 if (type3->sessionkey.length) {
712 CHECK(store_sec_buffer(out, &sessionkey), 0);
713 CHECK(krb5_store_uint32(out, type3->flags), 0);
716 CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
717 CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
720 CHECK(put_buf(out, &type3->lm), 0);
721 CHECK(put_buf(out, &type3->ntlm), 0);
722 CHECK(put_string(out, ucs2, type3->targetname), 0);
723 CHECK(put_string(out, ucs2, type3->username), 0);
724 CHECK(put_string(out, ucs2, type3->ws), 0);
725 CHECK(put_buf(out, &type3->sessionkey), 0);
729 ret = krb5_storage_to_data(out, &d);
731 data->length = d.length;
735 krb5_storage_free(out);
746 splitandenc(unsigned char *hash,
747 unsigned char *challange,
748 unsigned char *answer)
751 DES_key_schedule sched;
753 ((unsigned char*)key)[0] = hash[0];
754 ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
755 ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
756 ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
757 ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
758 ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
759 ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
760 ((unsigned char*)key)[7] = (hash[6] << 1);
762 DES_set_odd_parity(&key);
763 DES_set_key(&key, &sched);
764 DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
765 memset(&sched, 0, sizeof(sched));
766 memset(key, 0, sizeof(key));
770 * String-to-key function for NTLM
774 heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
780 key->data = malloc(MD5_DIGEST_LENGTH);
781 if (key->data == NULL)
783 key->length = MD5_DIGEST_LENGTH;
785 ret = ascii2ucs2le(password, 0, &buf);
791 MD4_Update(&ctx, buf.data, buf.length);
792 MD4_Final(key->data, &ctx);
793 _ntlm_free_buf(&buf);
798 * Calculate NTLMv1 response hash
802 heim_ntlm_calculate_ntlm1(void *key, size_t len,
803 unsigned char challange[8],
804 struct ntlm_buf *answer)
806 unsigned char res[21];
808 if (len != MD4_DIGEST_LENGTH)
811 memcpy(res, key, len);
812 memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
814 answer->data = malloc(24);
815 if (answer->data == NULL)
819 splitandenc(&res[0], challange, ((unsigned char *)answer->data) + 0);
820 splitandenc(&res[7], challange, ((unsigned char *)answer->data) + 8);
821 splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16);
827 * Calculate NTLMv1 master key
831 heim_ntlm_build_ntlm1_master(void *key, size_t len,
832 struct ntlm_buf *session,
833 struct ntlm_buf *master)
837 memset(master, 0, sizeof(*master));
838 memset(session, 0, sizeof(*session));
840 if (len != MD4_DIGEST_LENGTH)
843 session->length = MD4_DIGEST_LENGTH;
844 session->data = malloc(session->length);
845 if (session->data == NULL) {
849 master->length = MD4_DIGEST_LENGTH;
850 master->data = malloc(master->length);
851 if (master->data == NULL) {
852 _ntlm_free_buf(master);
853 _ntlm_free_buf(session);
858 unsigned char sessionkey[MD4_DIGEST_LENGTH];
862 MD4_Update(&ctx, key, len);
863 MD4_Final(sessionkey, &ctx);
865 RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
868 if (RAND_bytes(session->data, session->length) != 1) {
869 _ntlm_free_buf(master);
870 _ntlm_free_buf(session);
874 RC4(&rc4, master->length, session->data, master->data);
875 memset(&rc4, 0, sizeof(rc4));
885 heim_ntlm_ntlmv2_key(const void *key, size_t len,
886 const char *username,
888 unsigned char ntlmv2[16])
890 unsigned int hmaclen;
894 HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
897 /* uppercase username and turn it inte ucs2-le */
898 ascii2ucs2le(username, 1, &buf);
899 HMAC_Update(&c, buf.data, buf.length);
901 /* uppercase target and turn into ucs2-le */
902 ascii2ucs2le(target, 1, &buf);
903 HMAC_Update(&c, buf.data, buf.length);
906 HMAC_Final(&c, ntlmv2, &hmaclen);
907 HMAC_CTX_cleanup(&c);
915 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
918 unix2nttime(time_t unix_time)
921 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
926 nt2unixtime(uint64_t t)
928 t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
929 if (t > (((time_t)(~(uint64_t)0)) >> 1))
936 * Calculate NTLMv2 response
940 heim_ntlm_calculate_ntlm2(const void *key, size_t len,
941 const char *username,
943 const unsigned char serverchallange[8],
944 const struct ntlm_buf *infotarget,
945 unsigned char ntlmv2[16],
946 struct ntlm_buf *answer)
950 unsigned int hmaclen;
951 unsigned char ntlmv2answer[16];
953 unsigned char clientchallange[8];
957 t = unix2nttime(time(NULL));
959 if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1)
962 /* calculate ntlmv2 key */
964 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
966 /* calculate and build ntlmv2 answer */
968 sp = krb5_storage_emem();
971 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
973 CHECK(krb5_store_uint32(sp, 0x00000101), 0);
974 CHECK(krb5_store_uint32(sp, 0), 0);
975 /* timestamp le 64 bit ts */
976 CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
977 CHECK(krb5_store_uint32(sp, t >> 32), 0);
979 CHECK(krb5_storage_write(sp, clientchallange, 8), 8);
981 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
982 CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
984 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
986 CHECK(krb5_storage_to_data(sp, &data), 0);
987 krb5_storage_free(sp);
991 HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
992 HMAC_Update(&c, serverchallange, 8);
993 HMAC_Update(&c, data.data, data.length);
994 HMAC_Final(&c, ntlmv2answer, &hmaclen);
995 HMAC_CTX_cleanup(&c);
997 sp = krb5_storage_emem();
999 krb5_data_free(&data);
1003 CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
1004 CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
1005 krb5_data_free(&data);
1007 CHECK(krb5_storage_to_data(sp, &data), 0);
1008 krb5_storage_free(sp);
1011 answer->data = data.data;
1012 answer->length = data.length;
1017 krb5_storage_free(sp);
1021 static const int authtimediff = 3600 * 2; /* 2 hours */
1024 * Verify NTLMv2 response.
1028 heim_ntlm_verify_ntlm2(const void *key, size_t len,
1029 const char *username,
1032 const unsigned char serverchallange[8],
1033 const struct ntlm_buf *answer,
1034 struct ntlm_buf *infotarget,
1035 unsigned char ntlmv2[16])
1037 krb5_error_code ret;
1038 unsigned int hmaclen;
1039 unsigned char clientanswer[16];
1040 unsigned char clientnonce[8];
1041 unsigned char serveranswer[16];
1048 infotarget->length = 0;
1049 infotarget->data = NULL;
1051 if (answer->length < 16)
1057 /* calculate ntlmv2 key */
1059 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1061 /* calculate and build ntlmv2 answer */
1063 sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
1066 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1068 CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
1070 CHECK(krb5_ret_uint32(sp, &temp), 0);
1071 CHECK(temp, 0x00000101);
1072 CHECK(krb5_ret_uint32(sp, &temp), 0);
1074 /* timestamp le 64 bit ts */
1075 CHECK(krb5_ret_uint32(sp, &temp), 0);
1077 CHECK(krb5_ret_uint32(sp, &temp), 0);
1078 t |= ((uint64_t)temp)<< 32;
1080 authtime = nt2unixtime(t);
1082 if (abs((int)(authtime - now)) > authtimediff) {
1087 /* client challange */
1088 CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
1090 CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
1092 /* should really unparse the infotarget, but lets pick up everything */
1093 infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
1094 infotarget->data = malloc(infotarget->length);
1095 if (infotarget->data == NULL) {
1099 CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
1100 infotarget->length);
1101 /* XXX remove the unknown ?? */
1102 krb5_storage_free(sp);
1106 HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
1107 HMAC_Update(&c, serverchallange, 8);
1108 HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16);
1109 HMAC_Final(&c, serveranswer, &hmaclen);
1110 HMAC_CTX_cleanup(&c);
1112 if (memcmp(serveranswer, clientanswer, 16) != 0) {
1113 _ntlm_free_buf(infotarget);
1119 _ntlm_free_buf(infotarget);
1121 krb5_storage_free(sp);
1127 * Calculate the NTLM2 Session Response
1131 heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
1132 const unsigned char svr_chal[8],
1133 const unsigned char ntlm_hash[16],
1134 struct ntlm_buf *lm,
1135 struct ntlm_buf *ntlm)
1137 unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
1138 unsigned char res[21], *resp;
1141 lm->data = malloc(24);
1142 if (lm->data == NULL)
1146 ntlm->data = malloc(24);
1147 if (ntlm->data == NULL) {
1154 /* first setup the lm resp */
1155 memset(lm->data, 0, 24);
1156 memcpy(lm->data, clnt_nonce, 8);
1159 MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
1160 MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
1161 MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
1163 memset(res, 0, sizeof(res));
1164 memcpy(res, ntlm_hash, 16);
1167 splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
1168 splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
1169 splitandenc(&res[14], ntlm2_sess_hash, resp + 16);