#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
memset(lm_response.data, 0, lm_response.length);
}
} else if (*flags & CLI_CRED_NTLM2) {
- MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
+ int rc;
lm_response = data_blob_talloc_zero(frame, 24);
if (lm_response.data == NULL) {
memcpy(session_nonce, challenge.data, 8);
memcpy(&session_nonce[8], lm_response.data, 8);
- MD5Init(&md5_session_nonce_ctx);
- MD5Update(&md5_session_nonce_ctx, session_nonce,
- sizeof(session_nonce));
- MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
+ rc = gnutls_hash_fast(GNUTLS_DIG_MD5,
+ session_nonce,
+ sizeof(session_nonce),
+ session_nonce_hash);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
DEBUG(5, ("challenge is: \n"));
session_nonce_hash,
nt_response.data);
+ ZERO_ARRAY(session_nonce_hash);
+
session_key = data_blob_talloc_zero(frame, 16);
if (session_key.data == NULL) {
TALLOC_FREE(frame);
}
SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
- hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
- ZERO_STRUCT(user_session_key);
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ user_session_key,
+ sizeof(user_session_key),
+ session_nonce,
+ sizeof(session_nonce),
+ session_key.data);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ZERO_ARRAY(user_session_key);
+
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
/* LM Key is incompatible... */