xref: /freebsd/crypto/heimdal/lib/ntlm/test_ntlm.c (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1 /*
2  * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <stdio.h>
37 #include <err.h>
38 #include <roken.h>
39 #include <getarg.h>
40 
41 #include <krb5-types.h> /* or <inttypes.h> */
42 #include <heimntlm.h>
43 
44 static int
45 test_parse(void)
46 {
47     const char *user = "foo",
48 	*domain = "mydomain",
49 	*password = "digestpassword",
50 	*target = "DOMAIN";
51     struct ntlm_type1 type1;
52     struct ntlm_type2 type2;
53     struct ntlm_type3 type3;
54     struct ntlm_buf data;
55     int ret, flags;
56 
57     memset(&type1, 0, sizeof(type1));
58 
59     type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
60     type1.domain = rk_UNCONST(domain);
61     type1.hostname = NULL;
62     type1.os[0] = 0;
63     type1.os[1] = 0;
64 
65     ret = heim_ntlm_encode_type1(&type1, &data);
66     if (ret)
67 	errx(1, "heim_ntlm_encode_type1");
68 
69     memset(&type1, 0, sizeof(type1));
70 
71     ret = heim_ntlm_decode_type1(&data, &type1);
72     free(data.data);
73     if (ret)
74 	errx(1, "heim_ntlm_encode_type1");
75 
76     heim_ntlm_free_type1(&type1);
77 
78     /*
79      *
80      */
81 
82     memset(&type2, 0, sizeof(type2));
83 
84     flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
85     type2.flags = flags;
86 
87     memset(type2.challenge, 0x7f, sizeof(type2.challenge));
88     type2.targetname = rk_UNCONST(target);
89     type2.targetinfo.data = NULL;
90     type2.targetinfo.length = 0;
91 
92     ret = heim_ntlm_encode_type2(&type2, &data);
93     if (ret)
94 	errx(1, "heim_ntlm_encode_type2");
95 
96     memset(&type2, 0, sizeof(type2));
97 
98     ret = heim_ntlm_decode_type2(&data, &type2);
99     free(data.data);
100     if (ret)
101 	errx(1, "heim_ntlm_decode_type2");
102 
103     heim_ntlm_free_type2(&type2);
104 
105     /*
106      *
107      */
108 
109     memset(&type3, 0, sizeof(type3));
110 
111     type3.flags = flags;
112     type3.username = rk_UNCONST(user);
113     type3.targetname = rk_UNCONST(target);
114     type3.ws = rk_UNCONST("workstation");
115 
116     {
117 	struct ntlm_buf key;
118 	heim_ntlm_nt_key(password, &key);
119 
120 	heim_ntlm_calculate_ntlm1(key.data, key.length,
121 				  type2.challenge,
122 				  &type3.ntlm);
123 	free(key.data);
124     }
125 
126     ret = heim_ntlm_encode_type3(&type3, &data);
127     if (ret)
128 	errx(1, "heim_ntlm_encode_type3");
129 
130     free(type3.ntlm.data);
131 
132     memset(&type3, 0, sizeof(type3));
133 
134     ret = heim_ntlm_decode_type3(&data, 1, &type3);
135     free(data.data);
136     if (ret)
137 	errx(1, "heim_ntlm_decode_type3");
138 
139     if (strcmp("workstation", type3.ws) != 0)
140 	errx(1, "type3 ws wrong");
141 
142     if (strcmp(target, type3.targetname) != 0)
143 	errx(1, "type3 targetname wrong");
144 
145     if (strcmp(user, type3.username) != 0)
146 	errx(1, "type3 username wrong");
147 
148 
149     heim_ntlm_free_type3(&type3);
150 
151     /*
152      * NTLMv2
153      */
154 
155     memset(&type2, 0, sizeof(type2));
156 
157     flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
158     type2.flags = flags;
159 
160     memset(type2.challenge, 0x7f, sizeof(type2.challenge));
161     type2.targetname = rk_UNCONST(target);
162     type2.targetinfo.data = "\x00\x00";
163     type2.targetinfo.length = 2;
164 
165     ret = heim_ntlm_encode_type2(&type2, &data);
166     if (ret)
167 	errx(1, "heim_ntlm_encode_type2");
168 
169     memset(&type2, 0, sizeof(type2));
170 
171     ret = heim_ntlm_decode_type2(&data, &type2);
172     free(data.data);
173     if (ret)
174 	errx(1, "heim_ntlm_decode_type2");
175 
176     heim_ntlm_free_type2(&type2);
177 
178     return 0;
179 }
180 
181 static int
182 test_keys(void)
183 {
184     const char
185 	*username = "test",
186 	*password = "test1234",
187 	*target = "TESTNT";
188     const unsigned char
189 	serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
190     struct ntlm_buf infotarget, infotarget2, answer, key;
191     unsigned char ntlmv2[16], ntlmv2_1[16];
192     int ret;
193 
194     infotarget.length = 70;
195     infotarget.data =
196 	"\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
197 	"\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
198 	"\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
199 	    "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
200 	    "\x00\x6d\x00"
201 	"\x00\x00\x00\x00";
202 
203     answer.length = 0;
204     answer.data = NULL;
205 
206     heim_ntlm_nt_key(password, &key);
207 
208     ret = heim_ntlm_calculate_ntlm2(key.data,
209 				    key.length,
210 				    username,
211 				    target,
212 				    serverchallenge,
213 				    &infotarget,
214 				    ntlmv2,
215 				    &answer);
216     if (ret)
217 	errx(1, "heim_ntlm_calculate_ntlm2");
218 
219     ret = heim_ntlm_verify_ntlm2(key.data,
220 				 key.length,
221 				 username,
222 				 target,
223 				 0,
224 				 serverchallenge,
225 				 &answer,
226 				 &infotarget2,
227 				 ntlmv2_1);
228     if (ret)
229 	errx(1, "heim_ntlm_verify_ntlm2");
230 
231     if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
232 	errx(1, "ntlm master key not same");
233 
234     if (infotarget.length > infotarget2.length)
235 	errx(1, "infotarget length");
236 
237     if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
238 	errx(1, "infotarget not the same");
239 
240     free(key.data);
241     free(answer.data);
242     free(infotarget2.data);
243 
244     return 0;
245 }
246 
247 static int
248 test_ntlm2_session_resp(void)
249 {
250     int ret;
251     struct ntlm_buf lm, ntlm;
252 
253     const unsigned char lm_resp[24] =
254 	"\xff\xff\xff\x00\x11\x22\x33\x44"
255 	"\x00\x00\x00\x00\x00\x00\x00\x00"
256 	"\x00\x00\x00\x00\x00\x00\x00\x00";
257     const unsigned char ntlm2_sess_resp[24] =
258 	"\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
259 	"\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
260 	"\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
261 
262     const unsigned char client_nonce[8] =
263 	"\xff\xff\xff\x00\x11\x22\x33\x44";
264     const unsigned char server_challenge[8] =
265 	"\x01\x23\x45\x67\x89\xab\xcd\xef";
266 
267     const unsigned char ntlm_hash[16] =
268 	"\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
269 	"\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
270 
271     ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
272 					 server_challenge,
273 					 ntlm_hash,
274 					 &lm,
275 					 &ntlm);
276     if (ret)
277 	errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
278 
279     if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
280 	errx(1, "lm_resp wrong");
281     if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
282 	errx(1, "ntlm2_sess_resp wrong");
283 
284     free(lm.data);
285     free(ntlm.data);
286 
287 
288     return 0;
289 }
290 
291 static int
292 test_targetinfo(void)
293 {
294     struct ntlm_targetinfo ti;
295     struct ntlm_buf buf;
296     const char *dnsservername = "dnsservername";
297     int ret;
298 
299     memset(&ti, 0, sizeof(ti));
300 
301     ti.dnsservername = rk_UNCONST(dnsservername);
302     ti.avflags = 1;
303     ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf);
304     if (ret)
305 	return ret;
306 
307     memset(&ti, 0, sizeof(ti));
308 
309     ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti);
310     if (ret)
311 	return ret;
312 
313     if (ti.dnsservername == NULL ||
314 	strcmp(ti.dnsservername, dnsservername) != 0)
315 	errx(1, "ti.dnshostname != %s", dnsservername);
316     if (ti.avflags != 1)
317 	errx(1, "ti.avflags != 1");
318 
319     heim_ntlm_free_targetinfo(&ti);
320 
321     return 0;
322 }
323 
324 static int verbose_flag = 0;
325 static int version_flag = 0;
326 static int help_flag	= 0;
327 
328 static struct getargs args[] = {
329     {"verbose",	0,	arg_flag,	&verbose_flag, "verbose printing", NULL },
330     {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
331     {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
332 };
333 
334 static void
335 usage (int ret)
336 {
337     arg_printusage (args, sizeof(args)/sizeof(*args),
338 		    NULL, "");
339     exit (ret);
340 }
341 
342 int
343 main(int argc, char **argv)
344 {
345     int ret = 0, optind = 0;
346 
347     setprogname(argv[0]);
348 
349     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
350 	usage(1);
351 
352     if (help_flag)
353 	usage (0);
354 
355     if(version_flag){
356 	print_version(NULL);
357 	exit(0);
358     }
359 
360     argc -= optind;
361     argv += optind;
362 
363     if (verbose_flag)
364 	printf("test_parse\n");
365 
366     ret += test_parse();
367     if (verbose_flag)
368 	printf("test_keys\n");
369 
370     ret += test_keys();
371     if (verbose_flag)
372 	printf("test_ntlm2_session_resp\n");
373     ret += test_ntlm2_session_resp();
374 
375     if (verbose_flag)
376 	printf("test_targetinfo\n");
377     ret += test_targetinfo();
378 
379     return ret;
380 }
381