1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | * SPDX-License-Identifier: curl |
22 | * |
23 | ***************************************************************************/ |
24 | |
25 | #include "curl_setup.h" |
26 | |
27 | #if defined(USE_CURL_NTLM_CORE) |
28 | |
29 | /* |
30 | * NTLM details: |
31 | * |
32 | * https://davenport.sourceforge.io/ntlm.html |
33 | * https://www.innovation.ch/java/ntlm.html |
34 | */ |
35 | |
36 | /* Please keep the SSL backend-specific #if branches in this order: |
37 | |
38 | 1. USE_OPENSSL |
39 | 2. USE_GNUTLS |
40 | 3. USE_NSS |
41 | 4. USE_MBEDTLS |
42 | 5. USE_SECTRANSP |
43 | 6. USE_OS400CRYPTO |
44 | 7. USE_WIN32_CRYPTO |
45 | |
46 | This ensures that: |
47 | - the same SSL branch gets activated throughout this source |
48 | file even if multiple backends are enabled at the same time. |
49 | - OpenSSL and NSS have higher priority than Windows Crypt, due |
50 | to issues with the latter supporting NTLM2Session responses |
51 | in NTLM type-3 messages. |
52 | */ |
53 | |
54 | #if defined(USE_OPENSSL) |
55 | #include <openssl/opensslconf.h> |
56 | #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) |
57 | #define USE_OPENSSL_DES |
58 | #endif |
59 | #endif |
60 | |
61 | #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) |
62 | |
63 | #if defined(USE_OPENSSL) |
64 | # include <openssl/des.h> |
65 | # include <openssl/md5.h> |
66 | # include <openssl/ssl.h> |
67 | # include <openssl/rand.h> |
68 | #else |
69 | # include <wolfssl/options.h> |
70 | # include <wolfssl/openssl/des.h> |
71 | # include <wolfssl/openssl/md5.h> |
72 | # include <wolfssl/openssl/ssl.h> |
73 | # include <wolfssl/openssl/rand.h> |
74 | #endif |
75 | |
76 | # if (defined(OPENSSL_VERSION_NUMBER) && \ |
77 | (OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL) |
78 | # define DES_key_schedule des_key_schedule |
79 | # define DES_cblock des_cblock |
80 | # define DES_set_odd_parity des_set_odd_parity |
81 | # define DES_set_key des_set_key |
82 | # define DES_ecb_encrypt des_ecb_encrypt |
83 | # define DESKEY(x) x |
84 | # define DESKEYARG(x) x |
85 | # else |
86 | # define DESKEYARG(x) *x |
87 | # define DESKEY(x) &x |
88 | # endif |
89 | |
90 | #elif defined(USE_GNUTLS) |
91 | |
92 | # include <nettle/des.h> |
93 | |
94 | #elif defined(USE_NSS) |
95 | |
96 | # include <nss.h> |
97 | # include <pk11pub.h> |
98 | # include <hasht.h> |
99 | |
100 | #elif defined(USE_MBEDTLS) |
101 | |
102 | # include <mbedtls/des.h> |
103 | |
104 | #elif defined(USE_SECTRANSP) |
105 | |
106 | # include <CommonCrypto/CommonCryptor.h> |
107 | # include <CommonCrypto/CommonDigest.h> |
108 | |
109 | #elif defined(USE_OS400CRYPTO) |
110 | # include "cipher.mih" /* mih/cipher */ |
111 | #elif defined(USE_WIN32_CRYPTO) |
112 | # include <wincrypt.h> |
113 | #else |
114 | # error "Can't compile NTLM support without a crypto library with DES." |
115 | #endif |
116 | |
117 | #include "urldata.h" |
118 | #include "strcase.h" |
119 | #include "curl_ntlm_core.h" |
120 | #include "curl_md5.h" |
121 | #include "curl_hmac.h" |
122 | #include "warnless.h" |
123 | #include "curl_endian.h" |
124 | #include "curl_des.h" |
125 | #include "curl_md4.h" |
126 | /* The last 3 #include files should be in this order */ |
127 | #include "curl_printf.h" |
128 | #include "curl_memory.h" |
129 | #include "memdebug.h" |
130 | |
131 | #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" |
132 | #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) |
133 | |
134 | /* |
135 | * Turns a 56-bit key into being 64-bit wide. |
136 | */ |
137 | static void extend_key_56_to_64(const unsigned char *key_56, char *key) |
138 | { |
139 | key[0] = key_56[0]; |
140 | key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); |
141 | key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); |
142 | key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); |
143 | key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); |
144 | key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); |
145 | key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); |
146 | key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); |
147 | } |
148 | |
149 | #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) |
150 | /* |
151 | * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The |
152 | * key schedule ks is also set. |
153 | */ |
154 | static void setup_des_key(const unsigned char *key_56, |
155 | DES_key_schedule DESKEYARG(ks)) |
156 | { |
157 | DES_cblock key; |
158 | |
159 | /* Expand the 56-bit key to 64-bits */ |
160 | extend_key_56_to_64(key_56, (char *) &key); |
161 | |
162 | /* Set the key parity to odd */ |
163 | DES_set_odd_parity(&key); |
164 | |
165 | /* Set the key */ |
166 | DES_set_key_unchecked(&key, ks); |
167 | } |
168 | |
169 | #elif defined(USE_GNUTLS) |
170 | |
171 | static void setup_des_key(const unsigned char *key_56, |
172 | struct des_ctx *des) |
173 | { |
174 | char key[8]; |
175 | |
176 | /* Expand the 56-bit key to 64-bits */ |
177 | extend_key_56_to_64(key_56, key); |
178 | |
179 | /* Set the key parity to odd */ |
180 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
181 | |
182 | /* Set the key */ |
183 | des_set_key(des, (const uint8_t *) key); |
184 | } |
185 | |
186 | #elif defined(USE_NSS) |
187 | |
188 | /* |
189 | * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using |
190 | * the expanded key. The caller is responsible for giving 64 bit of valid |
191 | * data is IN and (at least) 64 bit large buffer as OUT. |
192 | */ |
193 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
194 | const unsigned char *key_56) |
195 | { |
196 | const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */ |
197 | char key[8]; /* expanded 64 bit key */ |
198 | SECItem key_item; |
199 | PK11SymKey *symkey = NULL; |
200 | SECItem *param = NULL; |
201 | PK11Context *ctx = NULL; |
202 | int out_len; /* not used, required by NSS */ |
203 | bool rv = FALSE; |
204 | |
205 | /* use internal slot for DES encryption (requires NSS to be initialized) */ |
206 | PK11SlotInfo *slot = PK11_GetInternalKeySlot(); |
207 | if(!slot) |
208 | return FALSE; |
209 | |
210 | /* Expand the 56-bit key to 64-bits */ |
211 | extend_key_56_to_64(key_56, key); |
212 | |
213 | /* Set the key parity to odd */ |
214 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
215 | |
216 | /* Import the key */ |
217 | key_item.data = (unsigned char *)key; |
218 | key_item.len = sizeof(key); |
219 | symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT, |
220 | &key_item, NULL); |
221 | if(!symkey) |
222 | goto fail; |
223 | |
224 | /* Create the DES encryption context */ |
225 | param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL); |
226 | if(!param) |
227 | goto fail; |
228 | ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param); |
229 | if(!ctx) |
230 | goto fail; |
231 | |
232 | /* Perform the encryption */ |
233 | if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8, |
234 | (unsigned char *)in, /* inbuflen */ 8) |
235 | && SECSuccess == PK11_Finalize(ctx)) |
236 | rv = /* all OK */ TRUE; |
237 | |
238 | fail: |
239 | /* cleanup */ |
240 | if(ctx) |
241 | PK11_DestroyContext(ctx, PR_TRUE); |
242 | if(symkey) |
243 | PK11_FreeSymKey(symkey); |
244 | if(param) |
245 | SECITEM_FreeItem(param, PR_TRUE); |
246 | PK11_FreeSlot(slot); |
247 | return rv; |
248 | } |
249 | |
250 | #elif defined(USE_MBEDTLS) |
251 | |
252 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
253 | const unsigned char *key_56) |
254 | { |
255 | mbedtls_des_context ctx; |
256 | char key[8]; |
257 | |
258 | /* Expand the 56-bit key to 64-bits */ |
259 | extend_key_56_to_64(key_56, key); |
260 | |
261 | /* Set the key parity to odd */ |
262 | mbedtls_des_key_set_parity((unsigned char *) key); |
263 | |
264 | /* Perform the encryption */ |
265 | mbedtls_des_init(&ctx); |
266 | mbedtls_des_setkey_enc(&ctx, (unsigned char *) key); |
267 | return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; |
268 | } |
269 | |
270 | #elif defined(USE_SECTRANSP) |
271 | |
272 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
273 | const unsigned char *key_56) |
274 | { |
275 | char key[8]; |
276 | size_t out_len; |
277 | CCCryptorStatus err; |
278 | |
279 | /* Expand the 56-bit key to 64-bits */ |
280 | extend_key_56_to_64(key_56, key); |
281 | |
282 | /* Set the key parity to odd */ |
283 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
284 | |
285 | /* Perform the encryption */ |
286 | err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key, |
287 | kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out, |
288 | 8 /* outbuflen */, &out_len); |
289 | |
290 | return err == kCCSuccess; |
291 | } |
292 | |
293 | #elif defined(USE_OS400CRYPTO) |
294 | |
295 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
296 | const unsigned char *key_56) |
297 | { |
298 | char key[8]; |
299 | _CIPHER_Control_T ctl; |
300 | |
301 | /* Setup the cipher control structure */ |
302 | ctl.Func_ID = ENCRYPT_ONLY; |
303 | ctl.Data_Len = sizeof(key); |
304 | |
305 | /* Expand the 56-bit key to 64-bits */ |
306 | extend_key_56_to_64(key_56, ctl.Crypto_Key); |
307 | |
308 | /* Set the key parity to odd */ |
309 | Curl_des_set_odd_parity((unsigned char *) ctl.Crypto_Key, ctl.Data_Len); |
310 | |
311 | /* Perform the encryption */ |
312 | _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in); |
313 | |
314 | return TRUE; |
315 | } |
316 | |
317 | #elif defined(USE_WIN32_CRYPTO) |
318 | |
319 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
320 | const unsigned char *key_56) |
321 | { |
322 | HCRYPTPROV hprov; |
323 | HCRYPTKEY hkey; |
324 | struct { |
325 | BLOBHEADER hdr; |
326 | unsigned int len; |
327 | char key[8]; |
328 | } blob; |
329 | DWORD len = 8; |
330 | |
331 | /* Acquire the crypto provider */ |
332 | if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL, |
333 | CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) |
334 | return FALSE; |
335 | |
336 | /* Setup the key blob structure */ |
337 | memset(&blob, 0, sizeof(blob)); |
338 | blob.hdr.bType = PLAINTEXTKEYBLOB; |
339 | blob.hdr.bVersion = 2; |
340 | blob.hdr.aiKeyAlg = CALG_DES; |
341 | blob.len = sizeof(blob.key); |
342 | |
343 | /* Expand the 56-bit key to 64-bits */ |
344 | extend_key_56_to_64(key_56, blob.key); |
345 | |
346 | /* Set the key parity to odd */ |
347 | Curl_des_set_odd_parity((unsigned char *) blob.key, sizeof(blob.key)); |
348 | |
349 | /* Import the key */ |
350 | if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) { |
351 | CryptReleaseContext(hprov, 0); |
352 | |
353 | return FALSE; |
354 | } |
355 | |
356 | memcpy(out, in, 8); |
357 | |
358 | /* Perform the encryption */ |
359 | CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len); |
360 | |
361 | CryptDestroyKey(hkey); |
362 | CryptReleaseContext(hprov, 0); |
363 | |
364 | return TRUE; |
365 | } |
366 | |
367 | #endif /* defined(USE_WIN32_CRYPTO) */ |
368 | |
369 | /* |
370 | * takes a 21 byte array and treats it as 3 56-bit DES keys. The |
371 | * 8 byte plaintext is encrypted with each key and the resulting 24 |
372 | * bytes are stored in the results array. |
373 | */ |
374 | void Curl_ntlm_core_lm_resp(const unsigned char *keys, |
375 | const unsigned char *plaintext, |
376 | unsigned char *results) |
377 | { |
378 | #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) |
379 | DES_key_schedule ks; |
380 | |
381 | setup_des_key(keys, DESKEY(ks)); |
382 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, |
383 | DESKEY(ks), DES_ENCRYPT); |
384 | |
385 | setup_des_key(keys + 7, DESKEY(ks)); |
386 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8), |
387 | DESKEY(ks), DES_ENCRYPT); |
388 | |
389 | setup_des_key(keys + 14, DESKEY(ks)); |
390 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16), |
391 | DESKEY(ks), DES_ENCRYPT); |
392 | #elif defined(USE_GNUTLS) |
393 | struct des_ctx des; |
394 | setup_des_key(keys, &des); |
395 | des_encrypt(&des, 8, results, plaintext); |
396 | setup_des_key(keys + 7, &des); |
397 | des_encrypt(&des, 8, results + 8, plaintext); |
398 | setup_des_key(keys + 14, &des); |
399 | des_encrypt(&des, 8, results + 16, plaintext); |
400 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
401 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
402 | encrypt_des(plaintext, results, keys); |
403 | encrypt_des(plaintext, results + 8, keys + 7); |
404 | encrypt_des(plaintext, results + 16, keys + 14); |
405 | #endif |
406 | } |
407 | |
408 | /* |
409 | * Set up lanmanager hashed password |
410 | */ |
411 | CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, |
412 | unsigned char *lmbuffer /* 21 bytes */) |
413 | { |
414 | unsigned char pw[14]; |
415 | static const unsigned char magic[] = { |
416 | 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ |
417 | }; |
418 | size_t len = CURLMIN(strlen(password), 14); |
419 | |
420 | Curl_strntoupper((char *)pw, password, len); |
421 | memset(&pw[len], 0, 14 - len); |
422 | |
423 | { |
424 | /* Create LanManager hashed password. */ |
425 | |
426 | #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) |
427 | DES_key_schedule ks; |
428 | |
429 | setup_des_key(pw, DESKEY(ks)); |
430 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, |
431 | DESKEY(ks), DES_ENCRYPT); |
432 | |
433 | setup_des_key(pw + 7, DESKEY(ks)); |
434 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8), |
435 | DESKEY(ks), DES_ENCRYPT); |
436 | #elif defined(USE_GNUTLS) |
437 | struct des_ctx des; |
438 | setup_des_key(pw, &des); |
439 | des_encrypt(&des, 8, lmbuffer, magic); |
440 | setup_des_key(pw + 7, &des); |
441 | des_encrypt(&des, 8, lmbuffer + 8, magic); |
442 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
443 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
444 | encrypt_des(magic, lmbuffer, pw); |
445 | encrypt_des(magic, lmbuffer + 8, pw + 7); |
446 | #endif |
447 | |
448 | memset(lmbuffer + 16, 0, 21 - 16); |
449 | } |
450 | |
451 | return CURLE_OK; |
452 | } |
453 | |
454 | static void ascii_to_unicode_le(unsigned char *dest, const char *src, |
455 | size_t srclen) |
456 | { |
457 | size_t i; |
458 | for(i = 0; i < srclen; i++) { |
459 | dest[2 * i] = (unsigned char)src[i]; |
460 | dest[2 * i + 1] = '\0'; |
461 | } |
462 | } |
463 | |
464 | #if !defined(USE_WINDOWS_SSPI) |
465 | |
466 | static void ascii_uppercase_to_unicode_le(unsigned char *dest, |
467 | const char *src, size_t srclen) |
468 | { |
469 | size_t i; |
470 | for(i = 0; i < srclen; i++) { |
471 | dest[2 * i] = (unsigned char)(Curl_raw_toupper(src[i])); |
472 | dest[2 * i + 1] = '\0'; |
473 | } |
474 | } |
475 | |
476 | #endif /* !USE_WINDOWS_SSPI */ |
477 | |
478 | /* |
479 | * Set up nt hashed passwords |
480 | * @unittest: 1600 |
481 | */ |
482 | CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, |
483 | unsigned char *ntbuffer /* 21 bytes */) |
484 | { |
485 | size_t len = strlen(password); |
486 | unsigned char *pw; |
487 | if(len > SIZE_T_MAX/2) /* avoid integer overflow */ |
488 | return CURLE_OUT_OF_MEMORY; |
489 | pw = len ? malloc(len * 2) : (unsigned char *)strdup("" ); |
490 | if(!pw) |
491 | return CURLE_OUT_OF_MEMORY; |
492 | |
493 | ascii_to_unicode_le(pw, password, len); |
494 | |
495 | /* Create NT hashed password. */ |
496 | Curl_md4it(ntbuffer, pw, 2 * len); |
497 | memset(ntbuffer + 16, 0, 21 - 16); |
498 | |
499 | free(pw); |
500 | |
501 | return CURLE_OK; |
502 | } |
503 | |
504 | #if !defined(USE_WINDOWS_SSPI) |
505 | |
506 | /* Timestamp in tenths of a microsecond since January 1, 1601 00:00:00 UTC. */ |
507 | struct ms_filetime { |
508 | unsigned int dwLowDateTime; |
509 | unsigned int dwHighDateTime; |
510 | }; |
511 | |
512 | /* Convert a time_t to an MS FILETIME (MS-DTYP section 2.3.3). */ |
513 | static void time2filetime(struct ms_filetime *ft, time_t t) |
514 | { |
515 | #if SIZEOF_TIME_T > 4 |
516 | t = (t + CURL_OFF_T_C(11644473600)) * 10000000; |
517 | ft->dwLowDateTime = (unsigned int) (t & 0xFFFFFFFF); |
518 | ft->dwHighDateTime = (unsigned int) (t >> 32); |
519 | #else |
520 | unsigned int r, s; |
521 | unsigned int i; |
522 | |
523 | ft->dwLowDateTime = t & 0xFFFFFFFF; |
524 | ft->dwHighDateTime = 0; |
525 | |
526 | # ifndef HAVE_TIME_T_UNSIGNED |
527 | /* Extend sign if needed. */ |
528 | if(ft->dwLowDateTime & 0x80000000) |
529 | ft->dwHighDateTime = ~0; |
530 | # endif |
531 | |
532 | /* Bias seconds to Jan 1, 1601. |
533 | 134774 days = 11644473600 seconds = 0x2B6109100 */ |
534 | r = ft->dwLowDateTime; |
535 | ft->dwLowDateTime = (ft->dwLowDateTime + 0xB6109100U) & 0xFFFFFFFF; |
536 | ft->dwHighDateTime += ft->dwLowDateTime < r? 0x03: 0x02; |
537 | |
538 | /* Convert to tenths of microseconds. */ |
539 | ft->dwHighDateTime *= 10000000; |
540 | i = 32; |
541 | do { |
542 | i -= 8; |
543 | s = ((ft->dwLowDateTime >> i) & 0xFF) * (10000000 - 1); |
544 | r = (s << i) & 0xFFFFFFFF; |
545 | s >>= 1; /* Split shift to avoid width overflow. */ |
546 | s >>= 31 - i; |
547 | ft->dwLowDateTime = (ft->dwLowDateTime + r) & 0xFFFFFFFF; |
548 | if(ft->dwLowDateTime < r) |
549 | s++; |
550 | ft->dwHighDateTime += s; |
551 | } while(i); |
552 | ft->dwHighDateTime &= 0xFFFFFFFF; |
553 | #endif |
554 | } |
555 | |
556 | /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode |
557 | * (uppercase UserName + Domain) as the data |
558 | */ |
559 | CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, |
560 | const char *domain, size_t domlen, |
561 | unsigned char *ntlmhash, |
562 | unsigned char *ntlmv2hash) |
563 | { |
564 | /* Unicode representation */ |
565 | size_t identity_len; |
566 | unsigned char *identity; |
567 | CURLcode result = CURLE_OK; |
568 | |
569 | if((userlen > CURL_MAX_INPUT_LENGTH) || (domlen > CURL_MAX_INPUT_LENGTH)) |
570 | return CURLE_OUT_OF_MEMORY; |
571 | |
572 | identity_len = (userlen + domlen) * 2; |
573 | identity = malloc(identity_len + 1); |
574 | |
575 | if(!identity) |
576 | return CURLE_OUT_OF_MEMORY; |
577 | |
578 | ascii_uppercase_to_unicode_le(identity, user, userlen); |
579 | ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); |
580 | |
581 | result = Curl_hmacit(Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len, |
582 | ntlmv2hash); |
583 | free(identity); |
584 | |
585 | return result; |
586 | } |
587 | |
588 | /* |
589 | * Curl_ntlm_core_mk_ntlmv2_resp() |
590 | * |
591 | * This creates the NTLMv2 response as set in the ntlm type-3 message. |
592 | * |
593 | * Parameters: |
594 | * |
595 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
596 | * challenge_client [in] - The client nonce (8 bytes) |
597 | * ntlm [in] - The ntlm data struct being used to read TargetInfo |
598 | and Server challenge received in the type-2 message |
599 | * ntresp [out] - The address where a pointer to newly allocated |
600 | * memory holding the NTLMv2 response. |
601 | * ntresp_len [out] - The length of the output message. |
602 | * |
603 | * Returns CURLE_OK on success. |
604 | */ |
605 | CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, |
606 | unsigned char *challenge_client, |
607 | struct ntlmdata *ntlm, |
608 | unsigned char **ntresp, |
609 | unsigned int *ntresp_len) |
610 | { |
611 | /* NTLMv2 response structure : |
612 | ------------------------------------------------------------------------------ |
613 | 0 HMAC MD5 16 bytes |
614 | ------BLOB-------------------------------------------------------------------- |
615 | 16 Signature 0x01010000 |
616 | 20 Reserved long (0x00000000) |
617 | 24 Timestamp LE, 64-bit signed value representing the number of |
618 | tenths of a microsecond since January 1, 1601. |
619 | 32 Client Nonce 8 bytes |
620 | 40 Unknown 4 bytes |
621 | 44 Target Info N bytes (from the type-2 message) |
622 | 44+N Unknown 4 bytes |
623 | ------------------------------------------------------------------------------ |
624 | */ |
625 | |
626 | unsigned int len = 0; |
627 | unsigned char *ptr = NULL; |
628 | unsigned char hmac_output[HMAC_MD5_LENGTH]; |
629 | struct ms_filetime tw; |
630 | |
631 | CURLcode result = CURLE_OK; |
632 | |
633 | /* Calculate the timestamp */ |
634 | #ifdef DEBUGBUILD |
635 | char *force_timestamp = getenv("CURL_FORCETIME" ); |
636 | if(force_timestamp) |
637 | time2filetime(&tw, (time_t) 0); |
638 | else |
639 | #endif |
640 | time2filetime(&tw, time(NULL)); |
641 | |
642 | /* Calculate the response len */ |
643 | len = HMAC_MD5_LENGTH + NTLMv2_BLOB_LEN; |
644 | |
645 | /* Allocate the response */ |
646 | ptr = calloc(1, len); |
647 | if(!ptr) |
648 | return CURLE_OUT_OF_MEMORY; |
649 | |
650 | /* Create the BLOB structure */ |
651 | msnprintf((char *)ptr + HMAC_MD5_LENGTH, NTLMv2_BLOB_LEN, |
652 | "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */ |
653 | "%c%c%c%c" /* Reserved = 0 */ |
654 | "%c%c%c%c%c%c%c%c" , /* Timestamp */ |
655 | NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1], |
656 | NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3], |
657 | 0, 0, 0, 0, |
658 | LONGQUARTET(tw.dwLowDateTime), LONGQUARTET(tw.dwHighDateTime)); |
659 | |
660 | memcpy(ptr + 32, challenge_client, 8); |
661 | memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len); |
662 | |
663 | /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */ |
664 | memcpy(ptr + 8, &ntlm->nonce[0], 8); |
665 | result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8, |
666 | NTLMv2_BLOB_LEN + 8, hmac_output); |
667 | if(result) { |
668 | free(ptr); |
669 | return result; |
670 | } |
671 | |
672 | /* Concatenate the HMAC MD5 output with the BLOB */ |
673 | memcpy(ptr, hmac_output, HMAC_MD5_LENGTH); |
674 | |
675 | /* Return the response */ |
676 | *ntresp = ptr; |
677 | *ntresp_len = len; |
678 | |
679 | return result; |
680 | } |
681 | |
682 | /* |
683 | * Curl_ntlm_core_mk_lmv2_resp() |
684 | * |
685 | * This creates the LMv2 response as used in the ntlm type-3 message. |
686 | * |
687 | * Parameters: |
688 | * |
689 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
690 | * challenge_client [in] - The client nonce (8 bytes) |
691 | * challenge_client [in] - The server challenge (8 bytes) |
692 | * lmresp [out] - The LMv2 response (24 bytes) |
693 | * |
694 | * Returns CURLE_OK on success. |
695 | */ |
696 | CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, |
697 | unsigned char *challenge_client, |
698 | unsigned char *challenge_server, |
699 | unsigned char *lmresp) |
700 | { |
701 | unsigned char data[16]; |
702 | unsigned char hmac_output[16]; |
703 | CURLcode result = CURLE_OK; |
704 | |
705 | memcpy(&data[0], challenge_server, 8); |
706 | memcpy(&data[8], challenge_client, 8); |
707 | |
708 | result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16, |
709 | hmac_output); |
710 | if(result) |
711 | return result; |
712 | |
713 | /* Concatenate the HMAC MD5 output with the client nonce */ |
714 | memcpy(lmresp, hmac_output, 16); |
715 | memcpy(lmresp + 16, challenge_client, 8); |
716 | |
717 | return result; |
718 | } |
719 | |
720 | #endif /* !USE_WINDOWS_SSPI */ |
721 | |
722 | #endif /* USE_CURL_NTLM_CORE */ |
723 | |