1 /*
2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include <config.h>
37
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <assert.h>
41 #include <string.h>
42 #include <ctype.h>
43 #include <errno.h>
44 #include <limits.h>
45
46 #include <roken.h>
47 #include <parse_units.h>
48 #include <krb5.h>
49
50 #define HC_DEPRECATED_CRYPTO
51
52 #include "krb5-types.h"
53 #include "crypto-headers.h"
54
55 #include <heimntlm.h>
56
57 /*! \mainpage Heimdal NTLM library
58 *
59 * \section intro Introduction
60 *
61 * Heimdal libheimntlm library is a implementation of the NTLM
62 * protocol, both version 1 and 2. The GSS-API mech that uses this
63 * library adds support for transport encryption and integrity
64 * checking.
65 *
66 * NTLM is a protocol for mutual authentication, its still used in
67 * many protocol where Kerberos is not support, one example is
68 * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
69 *
70 * This is a support library for the core protocol, its used in
71 * Heimdal to implement and GSS-API mechanism. There is also support
72 * in the KDC to do remote digest authenticiation, this to allow
73 * services to authenticate users w/o direct access to the users ntlm
74 * hashes (same as Kerberos arcfour enctype keys).
75 *
76 * More information about the NTLM protocol can found here
77 * http://davenport.sourceforge.net/ntlm.html .
78 *
79 * The Heimdal projects web page: http://www.h5l.org/
80 *
81 * @section ntlm_example NTLM Example
82 *
83 * Example to to use @ref test_ntlm.c .
84 *
85 * @example test_ntlm.c
86 *
87 * Example how to use the NTLM primitives.
88 *
89 */
90
91 /** @defgroup ntlm_core Heimdal NTLM library
92 *
93 * The NTLM core functions implement the string2key generation
94 * function, message encode and decode function, and the hash function
95 * functions.
96 */
97
98 struct sec_buffer {
99 uint16_t length;
100 uint16_t allocated;
101 uint32_t offset;
102 };
103
104 static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
105
106 /*
107 *
108 */
109
110 #define CHECK(f, e) \
111 do { \
112 ret = f; \
113 if (ret != (ssize_t)(e)) { \
114 ret = HNTLM_ERR_DECODE; \
115 goto out; \
116 } \
117 } while(/*CONSTCOND*/0)
118
119 static struct units ntlm_flag_units[] = {
120 #define ntlm_flag(x) { #x, NTLM_##x }
121 ntlm_flag(ENC_56),
122 ntlm_flag(NEG_KEYEX),
123 ntlm_flag(ENC_128),
124 ntlm_flag(MBZ1),
125 ntlm_flag(MBZ2),
126 ntlm_flag(MBZ3),
127 ntlm_flag(NEG_VERSION),
128 ntlm_flag(MBZ4),
129 ntlm_flag(NEG_TARGET_INFO),
130 ntlm_flag(NON_NT_SESSION_KEY),
131 ntlm_flag(MBZ5),
132 ntlm_flag(NEG_IDENTIFY),
133 ntlm_flag(NEG_NTLM2),
134 ntlm_flag(TARGET_SHARE),
135 ntlm_flag(TARGET_SERVER),
136 ntlm_flag(TARGET_DOMAIN),
137 ntlm_flag(NEG_ALWAYS_SIGN),
138 ntlm_flag(MBZ6),
139 ntlm_flag(OEM_SUPPLIED_WORKSTATION),
140 ntlm_flag(OEM_SUPPLIED_DOMAIN),
141 ntlm_flag(NEG_ANONYMOUS),
142 ntlm_flag(NEG_NT_ONLY),
143 ntlm_flag(NEG_NTLM),
144 ntlm_flag(MBZ8),
145 ntlm_flag(NEG_LM_KEY),
146 ntlm_flag(NEG_DATAGRAM),
147 ntlm_flag(NEG_SEAL),
148 ntlm_flag(NEG_SIGN),
149 ntlm_flag(MBZ9),
150 ntlm_flag(NEG_TARGET),
151 ntlm_flag(NEG_OEM),
152 ntlm_flag(NEG_UNICODE),
153 #undef ntlm_flag
154 {NULL, 0}
155 };
156
157 size_t
heim_ntlm_unparse_flags(uint32_t flags,char * s,size_t len)158 heim_ntlm_unparse_flags(uint32_t flags, char *s, size_t len)
159 {
160 return unparse_flags(flags, ntlm_flag_units, s, len);
161 }
162
163
164 /**
165 * heim_ntlm_free_buf frees the ntlm buffer
166 *
167 * @param p buffer to be freed
168 *
169 * @ingroup ntlm_core
170 */
171
172 void
heim_ntlm_free_buf(struct ntlm_buf * p)173 heim_ntlm_free_buf(struct ntlm_buf *p)
174 {
175 if (p->data)
176 free(p->data);
177 p->data = NULL;
178 p->length = 0;
179 }
180
181
182 static int
ascii2ucs2le(const char * string,int up,struct ntlm_buf * buf)183 ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
184 {
185 unsigned char *p;
186 size_t len, i;
187
188 len = strlen(string);
189 if (len / 2 > UINT_MAX)
190 return ERANGE;
191
192 buf->length = len * 2;
193 buf->data = malloc(buf->length);
194 if (buf->data == NULL && len != 0) {
195 heim_ntlm_free_buf(buf);
196 return ENOMEM;
197 }
198
199 p = buf->data;
200 for (i = 0; i < len; i++) {
201 unsigned char t = (unsigned char)string[i];
202 if (t & 0x80) {
203 heim_ntlm_free_buf(buf);
204 return EINVAL;
205 }
206 if (up)
207 t = toupper(t);
208 p[(i * 2) + 0] = t;
209 p[(i * 2) + 1] = 0;
210 }
211 return 0;
212 }
213
214 /*
215 *
216 */
217
218 static krb5_error_code
ret_sec_buffer(krb5_storage * sp,struct sec_buffer * buf)219 ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
220 {
221 krb5_error_code ret;
222 CHECK(krb5_ret_uint16(sp, &buf->length), 0);
223 CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
224 CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
225 out:
226 return ret;
227 }
228
229 static krb5_error_code
store_sec_buffer(krb5_storage * sp,const struct sec_buffer * buf)230 store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
231 {
232 krb5_error_code ret;
233 CHECK(krb5_store_uint16(sp, buf->length), 0);
234 CHECK(krb5_store_uint16(sp, buf->allocated), 0);
235 CHECK(krb5_store_uint32(sp, buf->offset), 0);
236 out:
237 return ret;
238 }
239
240 /*
241 * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
242 * wire, but using utf8 in memory.
243 */
244
245 static krb5_error_code
len_string(int ucs2,const char * s)246 len_string(int ucs2, const char *s)
247 {
248 size_t len = strlen(s);
249 if (ucs2)
250 len *= 2;
251 return len;
252 }
253
254 /*
255 *
256 */
257
258 static krb5_error_code
ret_string(krb5_storage * sp,int ucs2,size_t len,char ** s)259 ret_string(krb5_storage *sp, int ucs2, size_t len, char **s)
260 {
261 krb5_error_code ret;
262
263 *s = malloc(len + 1);
264 if (*s == NULL)
265 return ENOMEM;
266 CHECK(krb5_storage_read(sp, *s, len), len);
267
268 (*s)[len] = '\0';
269
270 if (ucs2) {
271 size_t i;
272 for (i = 0; i < len / 2; i++) {
273 (*s)[i] = (*s)[i * 2];
274 if ((*s)[i * 2 + 1]) {
275 free(*s);
276 *s = NULL;
277 return EINVAL;
278 }
279 }
280 (*s)[i] = '\0';
281 }
282 ret = 0;
283 out:
284 return ret;
285 }
286
287
288
289 static krb5_error_code
ret_sec_string(krb5_storage * sp,int ucs2,struct sec_buffer * desc,char ** s)290 ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
291 {
292 krb5_error_code ret = 0;
293 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
294 CHECK(ret_string(sp, ucs2, desc->length, s), 0);
295 out:
296 return ret;
297 }
298
299 static krb5_error_code
put_string(krb5_storage * sp,int ucs2,const char * s)300 put_string(krb5_storage *sp, int ucs2, const char *s)
301 {
302 krb5_error_code ret;
303 struct ntlm_buf buf;
304
305 if (ucs2) {
306 ret = ascii2ucs2le(s, 0, &buf);
307 if (ret)
308 return ret;
309 } else {
310 buf.data = rk_UNCONST(s);
311 buf.length = strlen(s);
312 }
313
314 CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
315 if (ucs2)
316 heim_ntlm_free_buf(&buf);
317 ret = 0;
318 out:
319 return ret;
320 }
321
322 /*
323 *
324 */
325
326 static krb5_error_code
ret_buf(krb5_storage * sp,struct sec_buffer * desc,struct ntlm_buf * buf)327 ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
328 {
329 krb5_error_code ret;
330
331 buf->data = malloc(desc->length);
332 buf->length = desc->length;
333 CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
334 CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
335 ret = 0;
336 out:
337 return ret;
338 }
339
340 static krb5_error_code
put_buf(krb5_storage * sp,const struct ntlm_buf * buf)341 put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
342 {
343 krb5_error_code ret;
344 CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
345 ret = 0;
346 out:
347 return ret;
348 }
349
350 /**
351 * Frees the ntlm_targetinfo message
352 *
353 * @param ti targetinfo to be freed
354 *
355 * @ingroup ntlm_core
356 */
357
358 void
heim_ntlm_free_targetinfo(struct ntlm_targetinfo * ti)359 heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
360 {
361 free(ti->servername);
362 free(ti->domainname);
363 free(ti->dnsdomainname);
364 free(ti->dnsservername);
365 free(ti->dnstreename);
366 memset(ti, 0, sizeof(*ti));
367 }
368
369 static int
encode_ti_string(krb5_storage * out,uint16_t type,int ucs2,char * s)370 encode_ti_string(krb5_storage *out, uint16_t type, int ucs2, char *s)
371 {
372 krb5_error_code ret;
373 CHECK(krb5_store_uint16(out, type), 0);
374 CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
375 CHECK(put_string(out, ucs2, s), 0);
376 out:
377 return ret;
378 }
379
380 /**
381 * Encodes a ntlm_targetinfo message.
382 *
383 * @param ti the ntlm_targetinfo message to encode.
384 * @param ucs2 ignored
385 * @param data is the return buffer with the encoded message, should be
386 * freed with heim_ntlm_free_buf().
387 *
388 * @return In case of success 0 is return, an errors, a errno in what
389 * went wrong.
390 *
391 * @ingroup ntlm_core
392 */
393
394 int
heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo * ti,int ucs2,struct ntlm_buf * data)395 heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
396 int ucs2,
397 struct ntlm_buf *data)
398 {
399 krb5_error_code ret;
400 krb5_storage *out;
401
402 data->data = NULL;
403 data->length = 0;
404
405 out = krb5_storage_emem();
406 if (out == NULL)
407 return ENOMEM;
408
409 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
410
411 if (ti->servername)
412 CHECK(encode_ti_string(out, 1, ucs2, ti->servername), 0);
413 if (ti->domainname)
414 CHECK(encode_ti_string(out, 2, ucs2, ti->domainname), 0);
415 if (ti->dnsservername)
416 CHECK(encode_ti_string(out, 3, ucs2, ti->dnsservername), 0);
417 if (ti->dnsdomainname)
418 CHECK(encode_ti_string(out, 4, ucs2, ti->dnsdomainname), 0);
419 if (ti->dnstreename)
420 CHECK(encode_ti_string(out, 5, ucs2, ti->dnstreename), 0);
421 if (ti->avflags) {
422 CHECK(krb5_store_uint16(out, 6), 0);
423 CHECK(krb5_store_uint16(out, 4), 0);
424 CHECK(krb5_store_uint32(out, ti->avflags), 0);
425 }
426
427 /* end tag */
428 CHECK(krb5_store_int16(out, 0), 0);
429 CHECK(krb5_store_int16(out, 0), 0);
430
431 {
432 krb5_data d;
433 ret = krb5_storage_to_data(out, &d);
434 data->data = d.data;
435 data->length = d.length;
436 }
437 out:
438 krb5_storage_free(out);
439 return ret;
440 }
441
442 /**
443 * Decodes an NTLM targetinfo message
444 *
445 * @param data input data buffer with the encode NTLM targetinfo message
446 * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
447 * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
448 *
449 * @return In case of success 0 is return, an errors, a errno in what
450 * went wrong.
451 *
452 * @ingroup ntlm_core
453 */
454
455 int
heim_ntlm_decode_targetinfo(const struct ntlm_buf * data,int ucs2,struct ntlm_targetinfo * ti)456 heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
457 int ucs2,
458 struct ntlm_targetinfo *ti)
459 {
460 uint16_t type, len;
461 krb5_storage *in;
462 int ret = 0, done = 0;
463
464 memset(ti, 0, sizeof(*ti));
465
466 if (data->length == 0)
467 return 0;
468
469 in = krb5_storage_from_readonly_mem(data->data, data->length);
470 if (in == NULL)
471 return ENOMEM;
472 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
473
474 while (!done) {
475 CHECK(krb5_ret_uint16(in, &type), 0);
476 CHECK(krb5_ret_uint16(in, &len), 0);
477
478 switch (type) {
479 case 0:
480 done = 1;
481 break;
482 case 1:
483 CHECK(ret_string(in, ucs2, len, &ti->servername), 0);
484 break;
485 case 2:
486 CHECK(ret_string(in, ucs2, len, &ti->domainname), 0);
487 break;
488 case 3:
489 CHECK(ret_string(in, ucs2, len, &ti->dnsservername), 0);
490 break;
491 case 4:
492 CHECK(ret_string(in, ucs2, len, &ti->dnsdomainname), 0);
493 break;
494 case 5:
495 CHECK(ret_string(in, ucs2, len, &ti->dnstreename), 0);
496 break;
497 case 6:
498 CHECK(krb5_ret_uint32(in, &ti->avflags), 0);
499 break;
500 default:
501 krb5_storage_seek(in, len, SEEK_CUR);
502 break;
503 }
504 }
505 out:
506 if (in)
507 krb5_storage_free(in);
508 return ret;
509 }
510
511 /**
512 * Frees the ntlm_type1 message
513 *
514 * @param data message to be freed
515 *
516 * @ingroup ntlm_core
517 */
518
519 void
heim_ntlm_free_type1(struct ntlm_type1 * data)520 heim_ntlm_free_type1(struct ntlm_type1 *data)
521 {
522 if (data->domain)
523 free(data->domain);
524 if (data->hostname)
525 free(data->hostname);
526 memset(data, 0, sizeof(*data));
527 }
528
529 int
heim_ntlm_decode_type1(const struct ntlm_buf * buf,struct ntlm_type1 * data)530 heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
531 {
532 krb5_error_code ret;
533 unsigned char sig[8];
534 uint32_t type;
535 struct sec_buffer domain, hostname;
536 krb5_storage *in;
537
538 memset(data, 0, sizeof(*data));
539
540 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
541 if (in == NULL) {
542 ret = ENOMEM;
543 goto out;
544 }
545 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
546
547 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
548 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
549 CHECK(krb5_ret_uint32(in, &type), 0);
550 CHECK(type, 1);
551 CHECK(krb5_ret_uint32(in, &data->flags), 0);
552 if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
553 CHECK(ret_sec_buffer(in, &domain), 0);
554 if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION)
555 CHECK(ret_sec_buffer(in, &hostname), 0);
556 #if 0
557 if (domain.offset > 32) {
558 CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
559 CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
560 }
561 #endif
562 if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
563 CHECK(ret_sec_string(in, 0, &domain, &data->domain), 0);
564 if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION)
565 CHECK(ret_sec_string(in, 0, &hostname, &data->hostname), 0);
566
567 out:
568 if (in)
569 krb5_storage_free(in);
570 if (ret)
571 heim_ntlm_free_type1(data);
572
573 return ret;
574 }
575
576 /**
577 * Encodes an ntlm_type1 message.
578 *
579 * @param type1 the ntlm_type1 message to encode.
580 * @param data is the return buffer with the encoded message, should be
581 * freed with heim_ntlm_free_buf().
582 *
583 * @return In case of success 0 is return, an errors, a errno in what
584 * went wrong.
585 *
586 * @ingroup ntlm_core
587 */
588
589 int
heim_ntlm_encode_type1(const struct ntlm_type1 * type1,struct ntlm_buf * data)590 heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
591 {
592 krb5_error_code ret;
593 struct sec_buffer domain, hostname;
594 krb5_storage *out;
595 uint32_t base, flags;
596
597 flags = type1->flags;
598 base = 16;
599
600 if (type1->domain) {
601 base += 8;
602 flags |= NTLM_OEM_SUPPLIED_DOMAIN;
603 }
604 if (type1->hostname) {
605 base += 8;
606 flags |= NTLM_OEM_SUPPLIED_WORKSTATION;
607 }
608 if (type1->os[0])
609 base += 8;
610
611 domain.offset = base;
612 if (type1->domain) {
613 domain.length = len_string(0, type1->domain);
614 domain.allocated = domain.length;
615 } else {
616 domain.length = 0;
617 domain.allocated = 0;
618 }
619
620 hostname.offset = domain.allocated + domain.offset;
621 if (type1->hostname) {
622 hostname.length = len_string(0, type1->hostname);
623 hostname.allocated = hostname.length;
624 } else {
625 hostname.length = 0;
626 hostname.allocated = 0;
627 }
628
629 out = krb5_storage_emem();
630 if (out == NULL)
631 return ENOMEM;
632
633 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
634 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
635 sizeof(ntlmsigature));
636 CHECK(krb5_store_uint32(out, 1), 0);
637 CHECK(krb5_store_uint32(out, flags), 0);
638
639 CHECK(store_sec_buffer(out, &domain), 0);
640 CHECK(store_sec_buffer(out, &hostname), 0);
641 #if 0
642 CHECK(krb5_store_uint32(out, type1->os[0]), 0);
643 CHECK(krb5_store_uint32(out, type1->os[1]), 0);
644 #endif
645 if (type1->domain)
646 CHECK(put_string(out, 0, type1->domain), 0);
647 if (type1->hostname)
648 CHECK(put_string(out, 0, type1->hostname), 0);
649
650 {
651 krb5_data d;
652 ret = krb5_storage_to_data(out, &d);
653 data->data = d.data;
654 data->length = d.length;
655 }
656 out:
657 krb5_storage_free(out);
658
659 return ret;
660 }
661
662 /**
663 * Frees the ntlm_type2 message
664 *
665 * @param data message to be freed
666 *
667 * @ingroup ntlm_core
668 */
669
670 void
heim_ntlm_free_type2(struct ntlm_type2 * data)671 heim_ntlm_free_type2(struct ntlm_type2 *data)
672 {
673 if (data->targetname)
674 free(data->targetname);
675 heim_ntlm_free_buf(&data->targetinfo);
676 memset(data, 0, sizeof(*data));
677 }
678
679 int
heim_ntlm_decode_type2(const struct ntlm_buf * buf,struct ntlm_type2 * type2)680 heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
681 {
682 krb5_error_code ret;
683 unsigned char sig[8];
684 uint32_t type, ctx[2];
685 struct sec_buffer targetname, targetinfo;
686 krb5_storage *in;
687 int ucs2 = 0;
688
689 memset(type2, 0, sizeof(*type2));
690
691 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
692 if (in == NULL) {
693 ret = ENOMEM;
694 goto out;
695 }
696 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
697
698 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
699 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
700 CHECK(krb5_ret_uint32(in, &type), 0);
701 CHECK(type, 2);
702
703 CHECK(ret_sec_buffer(in, &targetname), 0);
704 CHECK(krb5_ret_uint32(in, &type2->flags), 0);
705 if (type2->flags & NTLM_NEG_UNICODE)
706 ucs2 = 1;
707 CHECK(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)),
708 sizeof(type2->challenge));
709 CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
710 CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
711 CHECK(ret_sec_buffer(in, &targetinfo), 0);
712 /* os version */
713 if (type2->flags & NTLM_NEG_VERSION) {
714 CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
715 CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
716 }
717
718 CHECK(ret_sec_string(in, ucs2, &targetname, &type2->targetname), 0);
719 CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
720 ret = 0;
721
722 out:
723 if (in)
724 krb5_storage_free(in);
725 if (ret)
726 heim_ntlm_free_type2(type2);
727
728 return ret;
729 }
730
731 /**
732 * Encodes an ntlm_type2 message.
733 *
734 * @param type2 the ntlm_type2 message to encode.
735 * @param data is the return buffer with the encoded message, should be
736 * freed with heim_ntlm_free_buf().
737 *
738 * @return In case of success 0 is return, an errors, a errno in what
739 * went wrong.
740 *
741 * @ingroup ntlm_core
742 */
743
744 int
heim_ntlm_encode_type2(const struct ntlm_type2 * type2,struct ntlm_buf * data)745 heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
746 {
747 struct sec_buffer targetname, targetinfo;
748 krb5_error_code ret;
749 krb5_storage *out = NULL;
750 uint32_t base;
751 int ucs2 = 0;
752
753 base = 48;
754
755 if (type2->flags & NTLM_NEG_VERSION)
756 base += 8;
757
758 if (type2->flags & NTLM_NEG_UNICODE)
759 ucs2 = 1;
760
761 targetname.offset = base;
762 targetname.length = len_string(ucs2, type2->targetname);
763 targetname.allocated = targetname.length;
764
765 targetinfo.offset = targetname.allocated + targetname.offset;
766 targetinfo.length = type2->targetinfo.length;
767 targetinfo.allocated = type2->targetinfo.length;
768
769 out = krb5_storage_emem();
770 if (out == NULL)
771 return ENOMEM;
772
773 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
774 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
775 sizeof(ntlmsigature));
776 CHECK(krb5_store_uint32(out, 2), 0);
777 CHECK(store_sec_buffer(out, &targetname), 0);
778 CHECK(krb5_store_uint32(out, type2->flags), 0);
779 CHECK(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)),
780 sizeof(type2->challenge));
781 CHECK(krb5_store_uint32(out, 0), 0); /* context */
782 CHECK(krb5_store_uint32(out, 0), 0);
783 CHECK(store_sec_buffer(out, &targetinfo), 0);
784 /* os version */
785 if (type2->flags & NTLM_NEG_VERSION) {
786 CHECK(krb5_store_uint32(out, type2->os[0]), 0);
787 CHECK(krb5_store_uint32(out, type2->os[1]), 0);
788 }
789 CHECK(put_string(out, ucs2, type2->targetname), 0);
790 CHECK(krb5_storage_write(out, type2->targetinfo.data,
791 type2->targetinfo.length),
792 type2->targetinfo.length);
793
794 {
795 krb5_data d;
796 ret = krb5_storage_to_data(out, &d);
797 data->data = d.data;
798 data->length = d.length;
799 }
800
801 out:
802 krb5_storage_free(out);
803
804 return ret;
805 }
806
807 /**
808 * Frees the ntlm_type3 message
809 *
810 * @param data message to be freed
811 *
812 * @ingroup ntlm_core
813 */
814
815 void
heim_ntlm_free_type3(struct ntlm_type3 * data)816 heim_ntlm_free_type3(struct ntlm_type3 *data)
817 {
818 heim_ntlm_free_buf(&data->lm);
819 heim_ntlm_free_buf(&data->ntlm);
820 if (data->targetname)
821 free(data->targetname);
822 if (data->username)
823 free(data->username);
824 if (data->ws)
825 free(data->ws);
826 heim_ntlm_free_buf(&data->sessionkey);
827 memset(data, 0, sizeof(*data));
828 }
829
830 /*
831 *
832 */
833
834 int
heim_ntlm_decode_type3(const struct ntlm_buf * buf,int ucs2,struct ntlm_type3 * type3)835 heim_ntlm_decode_type3(const struct ntlm_buf *buf,
836 int ucs2,
837 struct ntlm_type3 *type3)
838 {
839 krb5_error_code ret;
840 unsigned char sig[8];
841 uint32_t type;
842 krb5_storage *in;
843 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
844 uint32_t min_offset = 72;
845
846 memset(type3, 0, sizeof(*type3));
847 memset(&sessionkey, 0, sizeof(sessionkey));
848
849 in = krb5_storage_from_readonly_mem(buf->data, buf->length);
850 if (in == NULL) {
851 ret = ENOMEM;
852 goto out;
853 }
854 krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
855
856 CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
857 CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
858 CHECK(krb5_ret_uint32(in, &type), 0);
859 CHECK(type, 3);
860 CHECK(ret_sec_buffer(in, &lm), 0);
861 if (lm.allocated)
862 min_offset = min(min_offset, lm.offset);
863 CHECK(ret_sec_buffer(in, &ntlm), 0);
864 if (ntlm.allocated)
865 min_offset = min(min_offset, ntlm.offset);
866 CHECK(ret_sec_buffer(in, &target), 0);
867 if (target.allocated)
868 min_offset = min(min_offset, target.offset);
869 CHECK(ret_sec_buffer(in, &username), 0);
870 if (username.allocated)
871 min_offset = min(min_offset, username.offset);
872 CHECK(ret_sec_buffer(in, &ws), 0);
873 if (ws.allocated)
874 min_offset = min(min_offset, ws.offset);
875
876 if (min_offset > 52) {
877 CHECK(ret_sec_buffer(in, &sessionkey), 0);
878 min_offset = max(min_offset, sessionkey.offset);
879 CHECK(krb5_ret_uint32(in, &type3->flags), 0);
880 }
881 if (min_offset > 52 + 8 + 4 + 8) {
882 CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
883 CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
884 }
885 CHECK(ret_buf(in, &lm, &type3->lm), 0);
886 CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
887 CHECK(ret_sec_string(in, ucs2, &target, &type3->targetname), 0);
888 CHECK(ret_sec_string(in, ucs2, &username, &type3->username), 0);
889 CHECK(ret_sec_string(in, ucs2, &ws, &type3->ws), 0);
890 if (sessionkey.offset)
891 CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
892
893 out:
894 if (in)
895 krb5_storage_free(in);
896 if (ret)
897 heim_ntlm_free_type3(type3);
898
899 return ret;
900 }
901
902 /**
903 * Encodes an ntlm_type3 message.
904 *
905 * @param type3 the ntlm_type3 message to encode.
906 * @param data is the return buffer with the encoded message, should be
907 * freed with heim_ntlm_free_buf().
908 *
909 * @return In case of success 0 is return, an errors, a errno in what
910 * went wrong.
911 *
912 * @ingroup ntlm_core
913 */
914
915 int
heim_ntlm_encode_type3(const struct ntlm_type3 * type3,struct ntlm_buf * data)916 heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
917 {
918 struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
919 krb5_error_code ret;
920 krb5_storage *out = NULL;
921 uint32_t base;
922 int ucs2 = 0;
923
924 memset(&lm, 0, sizeof(lm));
925 memset(&ntlm, 0, sizeof(ntlm));
926 memset(&target, 0, sizeof(target));
927 memset(&username, 0, sizeof(username));
928 memset(&ws, 0, sizeof(ws));
929 memset(&sessionkey, 0, sizeof(sessionkey));
930
931 base = 52;
932
933 base += 8; /* sessionkey sec buf */
934 base += 4; /* flags */
935
936 if (type3->os[0]) {
937 base += 8;
938 }
939
940 if (type3->flags & NTLM_NEG_UNICODE)
941 ucs2 = 1;
942
943 target.offset = base;
944 target.length = len_string(ucs2, type3->targetname);
945 target.allocated = target.length;
946
947 username.offset = target.offset + target.allocated;
948 username.length = len_string(ucs2, type3->username);
949 username.allocated = username.length;
950
951 ws.offset = username.offset + username.allocated;
952 ws.length = len_string(ucs2, type3->ws);
953 ws.allocated = ws.length;
954
955 lm.offset = ws.offset + ws.allocated;
956 lm.length = type3->lm.length;
957 lm.allocated = type3->lm.length;
958
959 ntlm.offset = lm.offset + lm.allocated;
960 ntlm.length = type3->ntlm.length;
961 ntlm.allocated = ntlm.length;
962
963 sessionkey.offset = ntlm.offset + ntlm.allocated;
964 sessionkey.length = type3->sessionkey.length;
965 sessionkey.allocated = type3->sessionkey.length;
966
967 out = krb5_storage_emem();
968 if (out == NULL)
969 return ENOMEM;
970
971 krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
972 CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
973 sizeof(ntlmsigature));
974 CHECK(krb5_store_uint32(out, 3), 0);
975
976 CHECK(store_sec_buffer(out, &lm), 0);
977 CHECK(store_sec_buffer(out, &ntlm), 0);
978 CHECK(store_sec_buffer(out, &target), 0);
979 CHECK(store_sec_buffer(out, &username), 0);
980 CHECK(store_sec_buffer(out, &ws), 0);
981 CHECK(store_sec_buffer(out, &sessionkey), 0);
982 CHECK(krb5_store_uint32(out, type3->flags), 0);
983
984 #if 0
985 CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
986 CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
987 #endif
988
989 CHECK(put_string(out, ucs2, type3->targetname), 0);
990 CHECK(put_string(out, ucs2, type3->username), 0);
991 CHECK(put_string(out, ucs2, type3->ws), 0);
992 CHECK(put_buf(out, &type3->lm), 0);
993 CHECK(put_buf(out, &type3->ntlm), 0);
994 CHECK(put_buf(out, &type3->sessionkey), 0);
995
996 {
997 krb5_data d;
998 ret = krb5_storage_to_data(out, &d);
999 data->data = d.data;
1000 data->length = d.length;
1001 }
1002
1003 out:
1004 krb5_storage_free(out);
1005
1006 return ret;
1007 }
1008
1009
1010 /*
1011 *
1012 */
1013
1014 static int
splitandenc(unsigned char * hash,unsigned char * challenge,unsigned char * answer)1015 splitandenc(unsigned char *hash,
1016 unsigned char *challenge,
1017 unsigned char *answer)
1018 {
1019 EVP_CIPHER_CTX *ctx;
1020 unsigned char key[8];
1021
1022 key[0] = hash[0];
1023 key[1] = (hash[0] << 7) | (hash[1] >> 1);
1024 key[2] = (hash[1] << 6) | (hash[2] >> 2);
1025 key[3] = (hash[2] << 5) | (hash[3] >> 3);
1026 key[4] = (hash[3] << 4) | (hash[4] >> 4);
1027 key[5] = (hash[4] << 3) | (hash[5] >> 5);
1028 key[6] = (hash[5] << 2) | (hash[6] >> 6);
1029 key[7] = (hash[6] << 1);
1030
1031 ctx = EVP_CIPHER_CTX_new();
1032 if (ctx == NULL)
1033 return ENOMEM;
1034
1035 EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL, key, NULL, 1);
1036 EVP_Cipher(ctx, answer, challenge, 8);
1037 EVP_CIPHER_CTX_free(ctx);
1038 memset(key, 0, sizeof(key));
1039 return 0;
1040 }
1041
1042 /**
1043 * Calculate the NTLM key, the password is assumed to be in UTF8.
1044 *
1045 * @param password password to calcute the key for.
1046 * @param key calcuted key, should be freed with heim_ntlm_free_buf().
1047 *
1048 * @return In case of success 0 is return, an errors, a errno in what
1049 * went wrong.
1050 *
1051 * @ingroup ntlm_core
1052 */
1053
1054 int
heim_ntlm_nt_key(const char * password,struct ntlm_buf * key)1055 heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
1056 {
1057 struct ntlm_buf buf;
1058 EVP_MD_CTX *m;
1059 int ret;
1060
1061 key->data = malloc(MD5_DIGEST_LENGTH);
1062 if (key->data == NULL)
1063 return ENOMEM;
1064 key->length = MD5_DIGEST_LENGTH;
1065
1066 ret = ascii2ucs2le(password, 0, &buf);
1067 if (ret) {
1068 heim_ntlm_free_buf(key);
1069 return ret;
1070 }
1071
1072 m = EVP_MD_CTX_create();
1073 if (m == NULL) {
1074 heim_ntlm_free_buf(key);
1075 heim_ntlm_free_buf(&buf);
1076 return ENOMEM;
1077 }
1078
1079 EVP_DigestInit_ex(m, EVP_md4(), NULL);
1080 EVP_DigestUpdate(m, buf.data, buf.length);
1081 EVP_DigestFinal_ex(m, key->data, NULL);
1082 EVP_MD_CTX_destroy(m);
1083
1084 heim_ntlm_free_buf(&buf);
1085 return 0;
1086 }
1087
1088 /**
1089 * Calculate NTLMv1 response hash
1090 *
1091 * @param key the ntlm v1 key
1092 * @param len length of key
1093 * @param challenge sent by the server
1094 * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
1095 *
1096 * @return In case of success 0 is return, an errors, a errno in what
1097 * went wrong.
1098 *
1099 * @ingroup ntlm_core
1100 */
1101
1102 int
heim_ntlm_calculate_ntlm1(void * key,size_t len,unsigned char challenge[8],struct ntlm_buf * answer)1103 heim_ntlm_calculate_ntlm1(void *key, size_t len,
1104 unsigned char challenge[8],
1105 struct ntlm_buf *answer)
1106 {
1107 unsigned char res[21];
1108 int ret;
1109
1110 if (len != MD4_DIGEST_LENGTH)
1111 return HNTLM_ERR_INVALID_LENGTH;
1112
1113 memcpy(res, key, len);
1114 memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
1115
1116 answer->data = malloc(24);
1117 if (answer->data == NULL)
1118 return ENOMEM;
1119 answer->length = 24;
1120
1121 ret = splitandenc(&res[0], challenge, ((unsigned char *)answer->data) + 0);
1122 if (ret)
1123 goto out;
1124 ret = splitandenc(&res[7], challenge, ((unsigned char *)answer->data) + 8);
1125 if (ret)
1126 goto out;
1127 ret = splitandenc(&res[14], challenge, ((unsigned char *)answer->data) + 16);
1128 if (ret)
1129 goto out;
1130
1131 return 0;
1132
1133 out:
1134 heim_ntlm_free_buf(answer);
1135 return ret;
1136 }
1137
1138 int
heim_ntlm_v1_base_session(void * key,size_t len,struct ntlm_buf * session)1139 heim_ntlm_v1_base_session(void *key, size_t len,
1140 struct ntlm_buf *session)
1141 {
1142 EVP_MD_CTX *m;
1143
1144 session->length = MD4_DIGEST_LENGTH;
1145 session->data = malloc(session->length);
1146 if (session->data == NULL) {
1147 session->length = 0;
1148 return ENOMEM;
1149 }
1150
1151 m = EVP_MD_CTX_create();
1152 if (m == NULL) {
1153 heim_ntlm_free_buf(session);
1154 return ENOMEM;
1155 }
1156 EVP_DigestInit_ex(m, EVP_md4(), NULL);
1157 EVP_DigestUpdate(m, key, len);
1158 EVP_DigestFinal_ex(m, session->data, NULL);
1159 EVP_MD_CTX_destroy(m);
1160
1161 return 0;
1162 }
1163
1164 int
heim_ntlm_v2_base_session(void * key,size_t len,struct ntlm_buf * ntlmResponse,struct ntlm_buf * session)1165 heim_ntlm_v2_base_session(void *key, size_t len,
1166 struct ntlm_buf *ntlmResponse,
1167 struct ntlm_buf *session)
1168 {
1169 unsigned int hmaclen;
1170 HMAC_CTX *c;
1171
1172 if (ntlmResponse->length <= 16)
1173 return HNTLM_ERR_INVALID_LENGTH;
1174
1175 session->data = malloc(16);
1176 if (session->data == NULL)
1177 return ENOMEM;
1178 session->length = 16;
1179
1180 /* Note: key is the NTLMv2 key */
1181 c = HMAC_CTX_new();
1182 if (c == NULL) {
1183 heim_ntlm_free_buf(session);
1184 return ENOMEM;
1185 }
1186 HMAC_Init_ex(c, key, len, EVP_md5(), NULL);
1187 HMAC_Update(c, ntlmResponse->data, 16);
1188 HMAC_Final(c, session->data, &hmaclen);
1189 HMAC_CTX_free(c);
1190
1191 return 0;
1192 }
1193
1194
1195 int
heim_ntlm_keyex_wrap(struct ntlm_buf * base_session,struct ntlm_buf * session,struct ntlm_buf * encryptedSession)1196 heim_ntlm_keyex_wrap(struct ntlm_buf *base_session,
1197 struct ntlm_buf *session,
1198 struct ntlm_buf *encryptedSession)
1199 {
1200 EVP_CIPHER_CTX *c;
1201 int ret;
1202
1203 session->length = MD4_DIGEST_LENGTH;
1204 session->data = malloc(session->length);
1205 if (session->data == NULL) {
1206 session->length = 0;
1207 return ENOMEM;
1208 }
1209 encryptedSession->length = MD4_DIGEST_LENGTH;
1210 encryptedSession->data = malloc(encryptedSession->length);
1211 if (encryptedSession->data == NULL) {
1212 heim_ntlm_free_buf(session);
1213 encryptedSession->length = 0;
1214 return ENOMEM;
1215 }
1216
1217 c = EVP_CIPHER_CTX_new();
1218 if (c == NULL) {
1219 heim_ntlm_free_buf(encryptedSession);
1220 heim_ntlm_free_buf(session);
1221 return ENOMEM;
1222 }
1223
1224 ret = EVP_CipherInit_ex(c, EVP_rc4(), NULL, base_session->data, NULL, 1);
1225 if (ret != 1) {
1226 EVP_CIPHER_CTX_free(c);
1227 heim_ntlm_free_buf(encryptedSession);
1228 heim_ntlm_free_buf(session);
1229 return HNTLM_ERR_CRYPTO;
1230 }
1231
1232 if (RAND_bytes(session->data, session->length) != 1) {
1233 EVP_CIPHER_CTX_free(c);
1234 heim_ntlm_free_buf(encryptedSession);
1235 heim_ntlm_free_buf(session);
1236 return HNTLM_ERR_RAND;
1237 }
1238
1239 EVP_Cipher(c, encryptedSession->data, session->data, encryptedSession->length);
1240 EVP_CIPHER_CTX_free(c);
1241
1242 return 0;
1243
1244
1245
1246 }
1247
1248
1249
1250 /**
1251 * Generates an NTLMv1 session random with assosited session master key.
1252 *
1253 * @param key the ntlm v1 key
1254 * @param len length of key
1255 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1256 * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
1257 *
1258 * @return In case of success 0 is return, an errors, a errno in what
1259 * went wrong.
1260 *
1261 * @ingroup ntlm_core
1262 */
1263
1264 int
heim_ntlm_build_ntlm1_master(void * key,size_t len,struct ntlm_buf * session,struct ntlm_buf * master)1265 heim_ntlm_build_ntlm1_master(void *key, size_t len,
1266 struct ntlm_buf *session,
1267 struct ntlm_buf *master)
1268 {
1269 struct ntlm_buf sess;
1270 int ret;
1271
1272 ret = heim_ntlm_v1_base_session(key, len, &sess);
1273 if (ret)
1274 return ret;
1275
1276 ret = heim_ntlm_keyex_wrap(&sess, session, master);
1277 heim_ntlm_free_buf(&sess);
1278
1279 return ret;
1280 }
1281
1282 /**
1283 * Generates an NTLMv2 session random with associated session master key.
1284 *
1285 * @param key the NTLMv2 key
1286 * @param len length of key
1287 * @param blob the NTLMv2 "blob"
1288 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1289 * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
1290 *
1291 * @return In case of success 0 is return, an errors, a errno in what
1292 * went wrong.
1293 *
1294 * @ingroup ntlm_core
1295 */
1296
1297
1298 int
heim_ntlm_build_ntlm2_master(void * key,size_t len,struct ntlm_buf * blob,struct ntlm_buf * session,struct ntlm_buf * master)1299 heim_ntlm_build_ntlm2_master(void *key, size_t len,
1300 struct ntlm_buf *blob,
1301 struct ntlm_buf *session,
1302 struct ntlm_buf *master)
1303 {
1304 struct ntlm_buf sess;
1305 int ret;
1306
1307 ret = heim_ntlm_v2_base_session(key, len, blob, &sess);
1308 if (ret)
1309 return ret;
1310
1311 ret = heim_ntlm_keyex_wrap(&sess, session, master);
1312 heim_ntlm_free_buf(&sess);
1313
1314 return ret;
1315 }
1316
1317 /**
1318 * Given a key and encrypted session, unwrap the session key
1319 *
1320 * @param baseKey the sessionBaseKey
1321 * @param encryptedSession encrypted session, type3.session field.
1322 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1323 *
1324 * @return In case of success 0 is return, an errors, a errno in what
1325 * went wrong.
1326 *
1327 * @ingroup ntlm_core
1328 */
1329
1330 int
heim_ntlm_keyex_unwrap(struct ntlm_buf * baseKey,struct ntlm_buf * encryptedSession,struct ntlm_buf * session)1331 heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey,
1332 struct ntlm_buf *encryptedSession,
1333 struct ntlm_buf *session)
1334 {
1335 EVP_CIPHER_CTX *c;
1336
1337 memset(session, 0, sizeof(*session));
1338
1339 if (baseKey->length != MD4_DIGEST_LENGTH)
1340 return HNTLM_ERR_INVALID_LENGTH;
1341
1342 session->length = MD4_DIGEST_LENGTH;
1343 session->data = malloc(session->length);
1344 if (session->data == NULL) {
1345 session->length = 0;
1346 return ENOMEM;
1347 }
1348 c = EVP_CIPHER_CTX_new();
1349 if (c == NULL) {
1350 heim_ntlm_free_buf(session);
1351 return ENOMEM;
1352 }
1353
1354 if (EVP_CipherInit_ex(c, EVP_rc4(), NULL, baseKey->data, NULL, 0) != 1) {
1355 EVP_CIPHER_CTX_free(c);
1356 heim_ntlm_free_buf(session);
1357 return HNTLM_ERR_CRYPTO;
1358 }
1359
1360 EVP_Cipher(c, session->data, encryptedSession->data, session->length);
1361 EVP_CIPHER_CTX_free(c);
1362
1363 return 0;
1364 }
1365
1366
1367 /**
1368 * Generates an NTLMv2 session key.
1369 *
1370 * @param key the ntlm key
1371 * @param len length of key
1372 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1373 * @param target the name of the target, assumed to be in UTF8.
1374 * @param ntlmv2 the ntlmv2 session key
1375 *
1376 * @return 0 on success, or an error code on failure.
1377 *
1378 * @ingroup ntlm_core
1379 */
1380
1381 int
heim_ntlm_ntlmv2_key(const void * key,size_t len,const char * username,const char * target,unsigned char ntlmv2[16])1382 heim_ntlm_ntlmv2_key(const void *key, size_t len,
1383 const char *username,
1384 const char *target,
1385 unsigned char ntlmv2[16])
1386 {
1387 int ret;
1388 unsigned int hmaclen;
1389 HMAC_CTX *c;
1390
1391 c = HMAC_CTX_new();
1392 if (c == NULL)
1393 return ENOMEM;
1394 HMAC_Init_ex(c, key, len, EVP_md5(), NULL);
1395 {
1396 struct ntlm_buf buf;
1397 /* uppercase username and turn it into ucs2-le */
1398 ret = ascii2ucs2le(username, 1, &buf);
1399 if (ret)
1400 goto out;
1401 HMAC_Update(c, buf.data, buf.length);
1402 free(buf.data);
1403 /* uppercase target and turn into ucs2-le */
1404 ret = ascii2ucs2le(target, 1, &buf);
1405 if (ret)
1406 goto out;
1407 HMAC_Update(c, buf.data, buf.length);
1408 free(buf.data);
1409 }
1410 HMAC_Final(c, ntlmv2, &hmaclen);
1411 out:
1412 HMAC_CTX_free(c);
1413
1414 return ret;
1415 }
1416
1417 /*
1418 *
1419 */
1420
1421 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
1422
1423 static uint64_t
unix2nttime(time_t unix_time)1424 unix2nttime(time_t unix_time)
1425 {
1426 long long wt;
1427 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
1428 return wt;
1429 }
1430
1431 static time_t
nt2unixtime(uint64_t t)1432 nt2unixtime(uint64_t t)
1433 {
1434 t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
1435 if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1))
1436 return 0;
1437 return (time_t)t;
1438 }
1439
1440 /**
1441 * Calculate LMv2 response
1442 *
1443 * @param key the ntlm key
1444 * @param len length of key
1445 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1446 * @param target the name of the target, assumed to be in UTF8.
1447 * @param serverchallenge challenge as sent by the server in the type2 message.
1448 * @param ntlmv2 calculated session key
1449 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1450 *
1451 * @return In case of success 0 is return, an errors, a errno in what
1452 * went wrong.
1453 *
1454 * @ingroup ntlm_core
1455 */
1456
1457 int
heim_ntlm_calculate_lm2(const void * key,size_t len,const char * username,const char * target,const unsigned char serverchallenge[8],unsigned char ntlmv2[16],struct ntlm_buf * answer)1458 heim_ntlm_calculate_lm2(const void *key, size_t len,
1459 const char *username,
1460 const char *target,
1461 const unsigned char serverchallenge[8],
1462 unsigned char ntlmv2[16],
1463 struct ntlm_buf *answer)
1464 {
1465 unsigned char clientchallenge[8];
1466 int ret;
1467
1468 if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
1469 return HNTLM_ERR_RAND;
1470
1471 /* calculate ntlmv2 key */
1472
1473 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1474
1475 answer->data = malloc(24);
1476 if (answer->data == NULL)
1477 return ENOMEM;
1478 answer->length = 24;
1479
1480 ret = heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8,
1481 serverchallenge, answer->data);
1482 if (ret)
1483 return ret;
1484
1485 memcpy(((uint8_t *)answer->data) + 16, clientchallenge, 8);
1486
1487 return 0;
1488 }
1489
1490
1491 /**
1492 * Calculate NTLMv2 response
1493 *
1494 * @param key the ntlm key
1495 * @param len length of key
1496 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1497 * @param target the name of the target, assumed to be in UTF8.
1498 * @param serverchallenge challenge as sent by the server in the type2 message.
1499 * @param infotarget infotarget as sent by the server in the type2 message.
1500 * @param ntlmv2 calculated session key
1501 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1502 *
1503 * @return In case of success 0 is return, an errors, a errno in what
1504 * went wrong.
1505 *
1506 * @ingroup ntlm_core
1507 */
1508
1509 int
heim_ntlm_calculate_ntlm2(const void * key,size_t len,const char * username,const char * target,const unsigned char serverchallenge[8],const struct ntlm_buf * infotarget,unsigned char ntlmv2[16],struct ntlm_buf * answer)1510 heim_ntlm_calculate_ntlm2(const void *key, size_t len,
1511 const char *username,
1512 const char *target,
1513 const unsigned char serverchallenge[8],
1514 const struct ntlm_buf *infotarget,
1515 unsigned char ntlmv2[16],
1516 struct ntlm_buf *answer)
1517 {
1518 krb5_error_code ret;
1519 krb5_data data;
1520 unsigned char ntlmv2answer[16];
1521 krb5_storage *sp;
1522 unsigned char clientchallenge[8];
1523 uint64_t t;
1524 int code;
1525
1526 t = unix2nttime(time(NULL));
1527
1528 if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
1529 return HNTLM_ERR_RAND;
1530
1531 /* calculate ntlmv2 key */
1532
1533 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1534
1535 /* calculate and build ntlmv2 answer */
1536
1537 sp = krb5_storage_emem();
1538 if (sp == NULL)
1539 return ENOMEM;
1540 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1541
1542 CHECK(krb5_store_uint32(sp, 0x00000101), 0);
1543 CHECK(krb5_store_uint32(sp, 0), 0);
1544 /* timestamp le 64 bit ts */
1545 CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
1546 CHECK(krb5_store_uint32(sp, t >> 32), 0);
1547
1548 CHECK(krb5_storage_write(sp, clientchallenge, 8), 8);
1549
1550 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
1551 CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
1552 infotarget->length);
1553 CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
1554
1555 CHECK(krb5_storage_to_data(sp, &data), 0);
1556 krb5_storage_free(sp);
1557 sp = NULL;
1558
1559 code = heim_ntlm_derive_ntlm2_sess(ntlmv2, data.data, data.length, serverchallenge, ntlmv2answer);
1560 if (code) {
1561 krb5_data_free(&data);
1562 return code;
1563 }
1564
1565 sp = krb5_storage_emem();
1566 if (sp == NULL) {
1567 krb5_data_free(&data);
1568 return ENOMEM;
1569 }
1570
1571 CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
1572 CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
1573 krb5_data_free(&data);
1574
1575 CHECK(krb5_storage_to_data(sp, &data), 0);
1576 krb5_storage_free(sp);
1577 sp = NULL;
1578
1579 answer->data = data.data;
1580 answer->length = data.length;
1581
1582 return 0;
1583 out:
1584 if (sp)
1585 krb5_storage_free(sp);
1586 return ret;
1587 }
1588
1589 static const int authtimediff = 3600 * 2; /* 2 hours */
1590
1591 /**
1592 * Verify NTLMv2 response.
1593 *
1594 * @param key the ntlm key
1595 * @param len length of key
1596 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1597 * @param target the name of the target, assumed to be in UTF8.
1598 * @param now the time now (0 if the library should pick it up itself)
1599 * @param serverchallenge challenge as sent by the server in the type2 message.
1600 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1601 * @param infotarget infotarget as sent by the server in the type2 message.
1602 * @param ntlmv2 calculated session key
1603 *
1604 * @return In case of success 0 is return, an errors, a errno in what
1605 * went wrong.
1606 *
1607 * @ingroup ntlm_core
1608 */
1609
1610 int
heim_ntlm_verify_ntlm2(const void * key,size_t len,const char * username,const char * target,time_t now,const unsigned char serverchallenge[8],const struct ntlm_buf * answer,struct ntlm_buf * infotarget,unsigned char ntlmv2[16])1611 heim_ntlm_verify_ntlm2(const void *key, size_t len,
1612 const char *username,
1613 const char *target,
1614 time_t now,
1615 const unsigned char serverchallenge[8],
1616 const struct ntlm_buf *answer,
1617 struct ntlm_buf *infotarget,
1618 unsigned char ntlmv2[16])
1619 {
1620 krb5_error_code ret;
1621 unsigned char clientanswer[16];
1622 unsigned char clientnonce[8];
1623 unsigned char serveranswer[16];
1624 krb5_storage *sp;
1625 time_t authtime;
1626 uint32_t temp;
1627 uint64_t t;
1628 int code;
1629
1630 infotarget->length = 0;
1631 infotarget->data = NULL;
1632
1633 if (answer->length < 16)
1634 return HNTLM_ERR_INVALID_LENGTH;
1635
1636 if (now == 0)
1637 now = time(NULL);
1638
1639 /* calculate ntlmv2 key */
1640
1641 heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1642
1643 /* calculate and build ntlmv2 answer */
1644
1645 sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
1646 if (sp == NULL)
1647 return ENOMEM;
1648 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1649
1650 CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
1651
1652 CHECK(krb5_ret_uint32(sp, &temp), 0);
1653 CHECK(temp, 0x00000101);
1654 CHECK(krb5_ret_uint32(sp, &temp), 0);
1655 CHECK(temp, 0);
1656 /* timestamp le 64 bit ts */
1657 CHECK(krb5_ret_uint32(sp, &temp), 0);
1658 t = temp;
1659 CHECK(krb5_ret_uint32(sp, &temp), 0);
1660 t |= ((uint64_t)temp)<< 32;
1661
1662 authtime = nt2unixtime(t);
1663
1664 if (abs((int)(authtime - now)) > authtimediff) {
1665 ret = HNTLM_ERR_TIME_SKEW;
1666 goto out;
1667 }
1668
1669 /* client challenge */
1670 CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
1671
1672 CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
1673
1674 /* should really unparse the infotarget, but lets pick up everything */
1675 infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
1676 infotarget->data = malloc(infotarget->length);
1677 if (infotarget->data == NULL) {
1678 ret = ENOMEM;
1679 goto out;
1680 }
1681 CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
1682 infotarget->length);
1683 /* XXX remove the unknown ?? */
1684 krb5_storage_free(sp);
1685 sp = NULL;
1686
1687 if (answer->length < 16) {
1688 ret = HNTLM_ERR_INVALID_LENGTH;
1689 goto out;
1690 }
1691
1692 ret = heim_ntlm_derive_ntlm2_sess(ntlmv2,
1693 ((unsigned char *)answer->data) + 16, answer->length - 16,
1694 serverchallenge,
1695 serveranswer);
1696 if (ret)
1697 goto out;
1698
1699 if (memcmp(serveranswer, clientanswer, 16) != 0) {
1700 heim_ntlm_free_buf(infotarget);
1701 return HNTLM_ERR_AUTH;
1702 }
1703
1704 return 0;
1705 out:
1706 heim_ntlm_free_buf(infotarget);
1707 if (sp)
1708 krb5_storage_free(sp);
1709 return ret;
1710 }
1711
1712
1713 /*
1714 * Calculate the NTLM2 Session Response
1715 *
1716 * @param clnt_nonce client nonce
1717 * @param svr_chal server challage
1718 * @param ntlm2_hash ntlm hash
1719 * @param lm The LM response, should be freed with heim_ntlm_free_buf().
1720 * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
1721 *
1722 * @return In case of success 0 is return, an errors, a errno in what
1723 * went wrong.
1724 *
1725 * @ingroup ntlm_core
1726 */
1727
1728 int
heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],const unsigned char svr_chal[8],const unsigned char ntlm_hash[16],struct ntlm_buf * lm,struct ntlm_buf * ntlm)1729 heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
1730 const unsigned char svr_chal[8],
1731 const unsigned char ntlm_hash[16],
1732 struct ntlm_buf *lm,
1733 struct ntlm_buf *ntlm)
1734 {
1735 unsigned char ntlm2_sess_hash[8];
1736 unsigned char res[21], *resp;
1737 int code;
1738
1739 code = heim_ntlm_calculate_ntlm2_sess_hash(clnt_nonce, svr_chal,
1740 ntlm2_sess_hash);
1741 if (code) {
1742 return code;
1743 }
1744
1745 lm->data = malloc(24);
1746 if (lm->data == NULL) {
1747 return ENOMEM;
1748 }
1749 lm->length = 24;
1750
1751 ntlm->data = malloc(24);
1752 if (ntlm->data == NULL) {
1753 free(lm->data);
1754 lm->data = NULL;
1755 return ENOMEM;
1756 }
1757 ntlm->length = 24;
1758
1759 /* first setup the lm resp */
1760 memset(lm->data, 0, 24);
1761 memcpy(lm->data, clnt_nonce, 8);
1762
1763 memset(res, 0, sizeof(res));
1764 memcpy(res, ntlm_hash, 16);
1765
1766 resp = ntlm->data;
1767 code = splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
1768 if (code)
1769 goto out;
1770 code = splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
1771 if (code)
1772 goto out;
1773 code = splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
1774 if (code)
1775 goto out;
1776
1777 return 0;
1778
1779 out:
1780 heim_ntlm_free_buf(ntlm);
1781 heim_ntlm_free_buf(lm);
1782 return code;
1783 }
1784
1785
1786 /*
1787 * Calculate the NTLM2 Session "Verifier"
1788 *
1789 * @param clnt_nonce client nonce
1790 * @param svr_chal server challage
1791 * @param hash The NTLM session verifier
1792 *
1793 * @return In case of success 0 is return, an errors, a errno in what
1794 * went wrong.
1795 *
1796 * @ingroup ntlm_core
1797 */
1798
1799 int
heim_ntlm_calculate_ntlm2_sess_hash(const unsigned char clnt_nonce[8],const unsigned char svr_chal[8],unsigned char verifier[8])1800 heim_ntlm_calculate_ntlm2_sess_hash(const unsigned char clnt_nonce[8],
1801 const unsigned char svr_chal[8],
1802 unsigned char verifier[8])
1803 {
1804 unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
1805 EVP_MD_CTX *m;
1806
1807 m = EVP_MD_CTX_create();
1808 if (m == NULL)
1809 return ENOMEM;
1810
1811 EVP_DigestInit_ex(m, EVP_md5(), NULL);
1812 EVP_DigestUpdate(m, svr_chal, 8); /* session nonce part 1 */
1813 EVP_DigestUpdate(m, clnt_nonce, 8); /* session nonce part 2 */
1814 EVP_DigestFinal_ex(m, ntlm2_sess_hash, NULL); /* will only use first 8 bytes */
1815 EVP_MD_CTX_destroy(m);
1816
1817 memcpy(verifier, ntlm2_sess_hash, 8);
1818
1819 return 0;
1820 }
1821
1822
1823 /*
1824 * Derive a NTLM2 session key
1825 *
1826 * @param sessionkey session key from domain controller
1827 * @param clnt_nonce client nonce
1828 * @param svr_chal server challenge
1829 * @param derivedkey salted session key
1830 *
1831 * @return In case of success 0 is return, an errors, a errno in what
1832 * went wrong.
1833 *
1834 * @ingroup ntlm_core
1835 */
1836
1837 int
heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],const unsigned char * clnt_nonce,size_t clnt_nonce_length,const unsigned char svr_chal[8],unsigned char derivedkey[16])1838 heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
1839 const unsigned char *clnt_nonce, size_t clnt_nonce_length,
1840 const unsigned char svr_chal[8],
1841 unsigned char derivedkey[16])
1842 {
1843 unsigned int hmaclen;
1844 HMAC_CTX *c;
1845
1846 /* HMAC(Ksession, serverchallenge || clientchallenge) */
1847 c = HMAC_CTX_new();
1848 if (c == NULL)
1849 return ENOMEM;
1850 HMAC_Init_ex(c, sessionkey, 16, EVP_md5(), NULL);
1851 HMAC_Update(c, svr_chal, 8);
1852 HMAC_Update(c, clnt_nonce, clnt_nonce_length);
1853 HMAC_Final(c, derivedkey, &hmaclen);
1854 HMAC_CTX_free(c);
1855 return 0;
1856 }
1857
1858