1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | ***************************************************************************/ |
22 | |
23 | #include "curl_setup.h" |
24 | |
25 | #if defined(USE_NTLM) |
26 | |
27 | /* |
28 | * NTLM details: |
29 | * |
30 | * https://davenport.sourceforge.io/ntlm.html |
31 | * https://www.innovation.ch/java/ntlm.html |
32 | */ |
33 | |
34 | /* Please keep the SSL backend-specific #if branches in this order: |
35 | |
36 | 1. USE_OPENSSL |
37 | 2. USE_GNUTLS_NETTLE |
38 | 3. USE_GNUTLS |
39 | 4. USE_NSS |
40 | 5. USE_MBEDTLS |
41 | 6. USE_SECTRANSP |
42 | 7. USE_OS400CRYPTO |
43 | 8. USE_WIN32_CRYPTO |
44 | |
45 | This ensures that: |
46 | - the same SSL branch gets activated throughout this source |
47 | file even if multiple backends are enabled at the same time. |
48 | - OpenSSL and NSS have higher priority than Windows Crypt, due |
49 | to issues with the latter supporting NTLM2Session responses |
50 | in NTLM type-3 messages. |
51 | */ |
52 | |
53 | #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) |
54 | |
55 | #ifdef USE_OPENSSL |
56 | |
57 | # include <openssl/des.h> |
58 | # include <openssl/md5.h> |
59 | # include <openssl/ssl.h> |
60 | # include <openssl/rand.h> |
61 | # if (OPENSSL_VERSION_NUMBER < 0x00907001L) |
62 | # define DES_key_schedule des_key_schedule |
63 | # define DES_cblock des_cblock |
64 | # define DES_set_odd_parity des_set_odd_parity |
65 | # define DES_set_key des_set_key |
66 | # define DES_ecb_encrypt des_ecb_encrypt |
67 | # define DESKEY(x) x |
68 | # define DESKEYARG(x) x |
69 | # else |
70 | # define DESKEYARG(x) *x |
71 | # define DESKEY(x) &x |
72 | # endif |
73 | |
74 | #elif defined(USE_GNUTLS_NETTLE) |
75 | |
76 | # include <nettle/des.h> |
77 | |
78 | #elif defined(USE_GNUTLS) |
79 | |
80 | # include <gcrypt.h> |
81 | # define MD5_DIGEST_LENGTH 16 |
82 | |
83 | #elif defined(USE_NSS) |
84 | |
85 | # include <nss.h> |
86 | # include <pk11pub.h> |
87 | # include <hasht.h> |
88 | # define MD5_DIGEST_LENGTH MD5_LENGTH |
89 | |
90 | #elif defined(USE_MBEDTLS) |
91 | |
92 | # include <mbedtls/des.h> |
93 | # include "curl_md4.h" |
94 | |
95 | #elif defined(USE_SECTRANSP) |
96 | |
97 | # include <CommonCrypto/CommonCryptor.h> |
98 | # include <CommonCrypto/CommonDigest.h> |
99 | |
100 | #elif defined(USE_OS400CRYPTO) |
101 | # include "cipher.mih" /* mih/cipher */ |
102 | #elif defined(USE_WIN32_CRYPTO) |
103 | # include <wincrypt.h> |
104 | #else |
105 | # error "Can't compile NTLM support without a crypto library." |
106 | #endif |
107 | |
108 | #include "urldata.h" |
109 | #include "non-ascii.h" |
110 | #include "strcase.h" |
111 | #include "curl_ntlm_core.h" |
112 | #include "curl_md5.h" |
113 | #include "curl_hmac.h" |
114 | #include "warnless.h" |
115 | #include "curl_endian.h" |
116 | #include "curl_des.h" |
117 | #include "curl_md4.h" |
118 | /* The last 3 #include files should be in this order */ |
119 | #include "curl_printf.h" |
120 | #include "curl_memory.h" |
121 | #include "memdebug.h" |
122 | |
123 | #define NTLM_HMAC_MD5_LEN (16) |
124 | #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" |
125 | #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) |
126 | |
127 | /* |
128 | * Turns a 56-bit key into being 64-bit wide. |
129 | */ |
130 | static void extend_key_56_to_64(const unsigned char *key_56, char *key) |
131 | { |
132 | key[0] = key_56[0]; |
133 | key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); |
134 | key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); |
135 | key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); |
136 | key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); |
137 | key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); |
138 | key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); |
139 | key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); |
140 | } |
141 | |
142 | #ifdef USE_OPENSSL |
143 | /* |
144 | * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The |
145 | * key schedule ks is also set. |
146 | */ |
147 | static void setup_des_key(const unsigned char *key_56, |
148 | DES_key_schedule DESKEYARG(ks)) |
149 | { |
150 | DES_cblock key; |
151 | |
152 | /* Expand the 56-bit key to 64-bits */ |
153 | extend_key_56_to_64(key_56, (char *) &key); |
154 | |
155 | /* Set the key parity to odd */ |
156 | DES_set_odd_parity(&key); |
157 | |
158 | /* Set the key */ |
159 | DES_set_key(&key, ks); |
160 | } |
161 | |
162 | #elif defined(USE_GNUTLS_NETTLE) |
163 | |
164 | static void setup_des_key(const unsigned char *key_56, |
165 | struct des_ctx *des) |
166 | { |
167 | char key[8]; |
168 | |
169 | /* Expand the 56-bit key to 64-bits */ |
170 | extend_key_56_to_64(key_56, key); |
171 | |
172 | /* Set the key parity to odd */ |
173 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
174 | |
175 | /* Set the key */ |
176 | des_set_key(des, (const uint8_t *) key); |
177 | } |
178 | |
179 | #elif defined(USE_GNUTLS) |
180 | |
181 | /* |
182 | * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. |
183 | */ |
184 | static void setup_des_key(const unsigned char *key_56, |
185 | gcry_cipher_hd_t *des) |
186 | { |
187 | char key[8]; |
188 | |
189 | /* Expand the 56-bit key to 64-bits */ |
190 | extend_key_56_to_64(key_56, key); |
191 | |
192 | /* Set the key parity to odd */ |
193 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
194 | |
195 | /* Set the key */ |
196 | gcry_cipher_setkey(*des, key, sizeof(key)); |
197 | } |
198 | |
199 | #elif defined(USE_NSS) |
200 | |
201 | /* |
202 | * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using |
203 | * the expanded key. The caller is responsible for giving 64 bit of valid |
204 | * data is IN and (at least) 64 bit large buffer as OUT. |
205 | */ |
206 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
207 | const unsigned char *key_56) |
208 | { |
209 | const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */ |
210 | char key[8]; /* expanded 64 bit key */ |
211 | SECItem key_item; |
212 | PK11SymKey *symkey = NULL; |
213 | SECItem *param = NULL; |
214 | PK11Context *ctx = NULL; |
215 | int out_len; /* not used, required by NSS */ |
216 | bool rv = FALSE; |
217 | |
218 | /* use internal slot for DES encryption (requires NSS to be initialized) */ |
219 | PK11SlotInfo *slot = PK11_GetInternalKeySlot(); |
220 | if(!slot) |
221 | return FALSE; |
222 | |
223 | /* Expand the 56-bit key to 64-bits */ |
224 | extend_key_56_to_64(key_56, key); |
225 | |
226 | /* Set the key parity to odd */ |
227 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
228 | |
229 | /* Import the key */ |
230 | key_item.data = (unsigned char *)key; |
231 | key_item.len = sizeof(key); |
232 | symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT, |
233 | &key_item, NULL); |
234 | if(!symkey) |
235 | goto fail; |
236 | |
237 | /* Create the DES encryption context */ |
238 | param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL); |
239 | if(!param) |
240 | goto fail; |
241 | ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param); |
242 | if(!ctx) |
243 | goto fail; |
244 | |
245 | /* Perform the encryption */ |
246 | if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8, |
247 | (unsigned char *)in, /* inbuflen */ 8) |
248 | && SECSuccess == PK11_Finalize(ctx)) |
249 | rv = /* all OK */ TRUE; |
250 | |
251 | fail: |
252 | /* cleanup */ |
253 | if(ctx) |
254 | PK11_DestroyContext(ctx, PR_TRUE); |
255 | if(symkey) |
256 | PK11_FreeSymKey(symkey); |
257 | if(param) |
258 | SECITEM_FreeItem(param, PR_TRUE); |
259 | PK11_FreeSlot(slot); |
260 | return rv; |
261 | } |
262 | |
263 | #elif defined(USE_MBEDTLS) |
264 | |
265 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
266 | const unsigned char *key_56) |
267 | { |
268 | mbedtls_des_context ctx; |
269 | char key[8]; |
270 | |
271 | /* Expand the 56-bit key to 64-bits */ |
272 | extend_key_56_to_64(key_56, key); |
273 | |
274 | /* Set the key parity to odd */ |
275 | mbedtls_des_key_set_parity((unsigned char *) key); |
276 | |
277 | /* Perform the encryption */ |
278 | mbedtls_des_init(&ctx); |
279 | mbedtls_des_setkey_enc(&ctx, (unsigned char *) key); |
280 | return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; |
281 | } |
282 | |
283 | #elif defined(USE_SECTRANSP) |
284 | |
285 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
286 | const unsigned char *key_56) |
287 | { |
288 | char key[8]; |
289 | size_t out_len; |
290 | CCCryptorStatus err; |
291 | |
292 | /* Expand the 56-bit key to 64-bits */ |
293 | extend_key_56_to_64(key_56, key); |
294 | |
295 | /* Set the key parity to odd */ |
296 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
297 | |
298 | /* Perform the encryption */ |
299 | err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key, |
300 | kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out, |
301 | 8 /* outbuflen */, &out_len); |
302 | |
303 | return err == kCCSuccess; |
304 | } |
305 | |
306 | #elif defined(USE_OS400CRYPTO) |
307 | |
308 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
309 | const unsigned char *key_56) |
310 | { |
311 | char key[8]; |
312 | _CIPHER_Control_T ctl; |
313 | |
314 | /* Setup the cipher control structure */ |
315 | ctl.Func_ID = ENCRYPT_ONLY; |
316 | ctl.Data_Len = sizeof(key); |
317 | |
318 | /* Expand the 56-bit key to 64-bits */ |
319 | extend_key_56_to_64(key_56, ctl.Crypto_Key); |
320 | |
321 | /* Set the key parity to odd */ |
322 | Curl_des_set_odd_parity((unsigned char *) ctl.Crypto_Key, ctl.Data_Len); |
323 | |
324 | /* Perform the encryption */ |
325 | _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in); |
326 | |
327 | return TRUE; |
328 | } |
329 | |
330 | #elif defined(USE_WIN32_CRYPTO) |
331 | |
332 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
333 | const unsigned char *key_56) |
334 | { |
335 | HCRYPTPROV hprov; |
336 | HCRYPTKEY hkey; |
337 | struct { |
338 | BLOBHEADER hdr; |
339 | unsigned int len; |
340 | char key[8]; |
341 | } blob; |
342 | DWORD len = 8; |
343 | |
344 | /* Acquire the crypto provider */ |
345 | if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL, |
346 | CRYPT_VERIFYCONTEXT)) |
347 | return FALSE; |
348 | |
349 | /* Setup the key blob structure */ |
350 | memset(&blob, 0, sizeof(blob)); |
351 | blob.hdr.bType = PLAINTEXTKEYBLOB; |
352 | blob.hdr.bVersion = 2; |
353 | blob.hdr.aiKeyAlg = CALG_DES; |
354 | blob.len = sizeof(blob.key); |
355 | |
356 | /* Expand the 56-bit key to 64-bits */ |
357 | extend_key_56_to_64(key_56, blob.key); |
358 | |
359 | /* Set the key parity to odd */ |
360 | Curl_des_set_odd_parity((unsigned char *) blob.key, sizeof(blob.key)); |
361 | |
362 | /* Import the key */ |
363 | if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) { |
364 | CryptReleaseContext(hprov, 0); |
365 | |
366 | return FALSE; |
367 | } |
368 | |
369 | memcpy(out, in, 8); |
370 | |
371 | /* Perform the encryption */ |
372 | CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len); |
373 | |
374 | CryptDestroyKey(hkey); |
375 | CryptReleaseContext(hprov, 0); |
376 | |
377 | return TRUE; |
378 | } |
379 | |
380 | #endif /* defined(USE_WIN32_CRYPTO) */ |
381 | |
382 | /* |
383 | * takes a 21 byte array and treats it as 3 56-bit DES keys. The |
384 | * 8 byte plaintext is encrypted with each key and the resulting 24 |
385 | * bytes are stored in the results array. |
386 | */ |
387 | void Curl_ntlm_core_lm_resp(const unsigned char *keys, |
388 | const unsigned char *plaintext, |
389 | unsigned char *results) |
390 | { |
391 | #ifdef USE_OPENSSL |
392 | DES_key_schedule ks; |
393 | |
394 | setup_des_key(keys, DESKEY(ks)); |
395 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, |
396 | DESKEY(ks), DES_ENCRYPT); |
397 | |
398 | setup_des_key(keys + 7, DESKEY(ks)); |
399 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8), |
400 | DESKEY(ks), DES_ENCRYPT); |
401 | |
402 | setup_des_key(keys + 14, DESKEY(ks)); |
403 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16), |
404 | DESKEY(ks), DES_ENCRYPT); |
405 | #elif defined(USE_GNUTLS_NETTLE) |
406 | struct des_ctx des; |
407 | setup_des_key(keys, &des); |
408 | des_encrypt(&des, 8, results, plaintext); |
409 | setup_des_key(keys + 7, &des); |
410 | des_encrypt(&des, 8, results + 8, plaintext); |
411 | setup_des_key(keys + 14, &des); |
412 | des_encrypt(&des, 8, results + 16, plaintext); |
413 | #elif defined(USE_GNUTLS) |
414 | gcry_cipher_hd_t des; |
415 | |
416 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
417 | setup_des_key(keys, &des); |
418 | gcry_cipher_encrypt(des, results, 8, plaintext, 8); |
419 | gcry_cipher_close(des); |
420 | |
421 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
422 | setup_des_key(keys + 7, &des); |
423 | gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8); |
424 | gcry_cipher_close(des); |
425 | |
426 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
427 | setup_des_key(keys + 14, &des); |
428 | gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); |
429 | gcry_cipher_close(des); |
430 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
431 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
432 | encrypt_des(plaintext, results, keys); |
433 | encrypt_des(plaintext, results + 8, keys + 7); |
434 | encrypt_des(plaintext, results + 16, keys + 14); |
435 | #endif |
436 | } |
437 | |
438 | /* |
439 | * Set up lanmanager hashed password |
440 | */ |
441 | CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, |
442 | const char *password, |
443 | unsigned char *lmbuffer /* 21 bytes */) |
444 | { |
445 | CURLcode result; |
446 | unsigned char pw[14]; |
447 | static const unsigned char magic[] = { |
448 | 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ |
449 | }; |
450 | size_t len = CURLMIN(strlen(password), 14); |
451 | |
452 | Curl_strntoupper((char *)pw, password, len); |
453 | memset(&pw[len], 0, 14 - len); |
454 | |
455 | /* |
456 | * The LanManager hashed password needs to be created using the |
457 | * password in the network encoding not the host encoding. |
458 | */ |
459 | result = Curl_convert_to_network(data, (char *)pw, 14); |
460 | if(result) |
461 | return result; |
462 | |
463 | { |
464 | /* Create LanManager hashed password. */ |
465 | |
466 | #ifdef USE_OPENSSL |
467 | DES_key_schedule ks; |
468 | |
469 | setup_des_key(pw, DESKEY(ks)); |
470 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, |
471 | DESKEY(ks), DES_ENCRYPT); |
472 | |
473 | setup_des_key(pw + 7, DESKEY(ks)); |
474 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8), |
475 | DESKEY(ks), DES_ENCRYPT); |
476 | #elif defined(USE_GNUTLS_NETTLE) |
477 | struct des_ctx des; |
478 | setup_des_key(pw, &des); |
479 | des_encrypt(&des, 8, lmbuffer, magic); |
480 | setup_des_key(pw + 7, &des); |
481 | des_encrypt(&des, 8, lmbuffer + 8, magic); |
482 | #elif defined(USE_GNUTLS) |
483 | gcry_cipher_hd_t des; |
484 | |
485 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
486 | setup_des_key(pw, &des); |
487 | gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8); |
488 | gcry_cipher_close(des); |
489 | |
490 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
491 | setup_des_key(pw + 7, &des); |
492 | gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); |
493 | gcry_cipher_close(des); |
494 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
495 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
496 | encrypt_des(magic, lmbuffer, pw); |
497 | encrypt_des(magic, lmbuffer + 8, pw + 7); |
498 | #endif |
499 | |
500 | memset(lmbuffer + 16, 0, 21 - 16); |
501 | } |
502 | |
503 | return CURLE_OK; |
504 | } |
505 | |
506 | #ifdef USE_NTRESPONSES |
507 | static void ascii_to_unicode_le(unsigned char *dest, const char *src, |
508 | size_t srclen) |
509 | { |
510 | size_t i; |
511 | for(i = 0; i < srclen; i++) { |
512 | dest[2 * i] = (unsigned char)src[i]; |
513 | dest[2 * i + 1] = '\0'; |
514 | } |
515 | } |
516 | |
517 | #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) |
518 | |
519 | static void ascii_uppercase_to_unicode_le(unsigned char *dest, |
520 | const char *src, size_t srclen) |
521 | { |
522 | size_t i; |
523 | for(i = 0; i < srclen; i++) { |
524 | dest[2 * i] = (unsigned char)(Curl_raw_toupper(src[i])); |
525 | dest[2 * i + 1] = '\0'; |
526 | } |
527 | } |
528 | |
529 | #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ |
530 | |
531 | /* |
532 | * Set up nt hashed passwords |
533 | * @unittest: 1600 |
534 | */ |
535 | CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, |
536 | const char *password, |
537 | unsigned char *ntbuffer /* 21 bytes */) |
538 | { |
539 | size_t len = strlen(password); |
540 | unsigned char *pw; |
541 | CURLcode result; |
542 | if(len > SIZE_T_MAX/2) /* avoid integer overflow */ |
543 | return CURLE_OUT_OF_MEMORY; |
544 | pw = len ? malloc(len * 2) : (unsigned char *)strdup("" ); |
545 | if(!pw) |
546 | return CURLE_OUT_OF_MEMORY; |
547 | |
548 | ascii_to_unicode_le(pw, password, len); |
549 | |
550 | /* |
551 | * The NT hashed password needs to be created using the password in the |
552 | * network encoding not the host encoding. |
553 | */ |
554 | result = Curl_convert_to_network(data, (char *)pw, len * 2); |
555 | if(result) |
556 | return result; |
557 | |
558 | /* Create NT hashed password. */ |
559 | Curl_md4it(ntbuffer, pw, 2 * len); |
560 | |
561 | memset(ntbuffer + 16, 0, 21 - 16); |
562 | |
563 | free(pw); |
564 | |
565 | return CURLE_OK; |
566 | } |
567 | |
568 | #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) |
569 | |
570 | /* This returns the HMAC MD5 digest */ |
571 | static CURLcode hmac_md5(const unsigned char *key, unsigned int keylen, |
572 | const unsigned char *data, unsigned int datalen, |
573 | unsigned char *output) |
574 | { |
575 | HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen); |
576 | |
577 | if(!ctxt) |
578 | return CURLE_OUT_OF_MEMORY; |
579 | |
580 | /* Update the digest with the given challenge */ |
581 | Curl_HMAC_update(ctxt, data, datalen); |
582 | |
583 | /* Finalise the digest */ |
584 | Curl_HMAC_final(ctxt, output); |
585 | |
586 | return CURLE_OK; |
587 | } |
588 | |
589 | /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode |
590 | * (uppercase UserName + Domain) as the data |
591 | */ |
592 | CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, |
593 | const char *domain, size_t domlen, |
594 | unsigned char *ntlmhash, |
595 | unsigned char *ntlmv2hash) |
596 | { |
597 | /* Unicode representation */ |
598 | size_t identity_len; |
599 | unsigned char *identity; |
600 | CURLcode result = CURLE_OK; |
601 | |
602 | /* we do the length checks below separately to avoid integer overflow risk |
603 | on extreme data lengths */ |
604 | if((userlen > SIZE_T_MAX/2) || |
605 | (domlen > SIZE_T_MAX/2) || |
606 | ((userlen + domlen) > SIZE_T_MAX/2)) |
607 | return CURLE_OUT_OF_MEMORY; |
608 | |
609 | identity_len = (userlen + domlen) * 2; |
610 | identity = malloc(identity_len); |
611 | |
612 | if(!identity) |
613 | return CURLE_OUT_OF_MEMORY; |
614 | |
615 | ascii_uppercase_to_unicode_le(identity, user, userlen); |
616 | ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); |
617 | |
618 | result = hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len), |
619 | ntlmv2hash); |
620 | free(identity); |
621 | |
622 | return result; |
623 | } |
624 | |
625 | /* |
626 | * Curl_ntlm_core_mk_ntlmv2_resp() |
627 | * |
628 | * This creates the NTLMv2 response as set in the ntlm type-3 message. |
629 | * |
630 | * Parameters: |
631 | * |
632 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
633 | * challenge_client [in] - The client nonce (8 bytes) |
634 | * ntlm [in] - The ntlm data struct being used to read TargetInfo |
635 | and Server challenge received in the type-2 message |
636 | * ntresp [out] - The address where a pointer to newly allocated |
637 | * memory holding the NTLMv2 response. |
638 | * ntresp_len [out] - The length of the output message. |
639 | * |
640 | * Returns CURLE_OK on success. |
641 | */ |
642 | CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, |
643 | unsigned char *challenge_client, |
644 | struct ntlmdata *ntlm, |
645 | unsigned char **ntresp, |
646 | unsigned int *ntresp_len) |
647 | { |
648 | /* NTLMv2 response structure : |
649 | ------------------------------------------------------------------------------ |
650 | 0 HMAC MD5 16 bytes |
651 | ------BLOB-------------------------------------------------------------------- |
652 | 16 Signature 0x01010000 |
653 | 20 Reserved long (0x00000000) |
654 | 24 Timestamp LE, 64-bit signed value representing the number of |
655 | tenths of a microsecond since January 1, 1601. |
656 | 32 Client Nonce 8 bytes |
657 | 40 Unknown 4 bytes |
658 | 44 Target Info N bytes (from the type-2 message) |
659 | 44+N Unknown 4 bytes |
660 | ------------------------------------------------------------------------------ |
661 | */ |
662 | |
663 | unsigned int len = 0; |
664 | unsigned char *ptr = NULL; |
665 | unsigned char hmac_output[NTLM_HMAC_MD5_LEN]; |
666 | curl_off_t tw; |
667 | |
668 | CURLcode result = CURLE_OK; |
669 | |
670 | #if CURL_SIZEOF_CURL_OFF_T < 8 |
671 | #error "this section needs 64bit support to work" |
672 | #endif |
673 | |
674 | /* Calculate the timestamp */ |
675 | #ifdef DEBUGBUILD |
676 | char *force_timestamp = getenv("CURL_FORCETIME" ); |
677 | if(force_timestamp) |
678 | tw = CURL_OFF_T_C(11644473600) * 10000000; |
679 | else |
680 | #endif |
681 | tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000; |
682 | |
683 | /* Calculate the response len */ |
684 | len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN; |
685 | |
686 | /* Allocate the response */ |
687 | ptr = calloc(1, len); |
688 | if(!ptr) |
689 | return CURLE_OUT_OF_MEMORY; |
690 | |
691 | /* Create the BLOB structure */ |
692 | msnprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN, |
693 | "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */ |
694 | "%c%c%c%c" , /* Reserved = 0 */ |
695 | NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1], |
696 | NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3], |
697 | 0, 0, 0, 0); |
698 | |
699 | Curl_write64_le(tw, ptr + 24); |
700 | memcpy(ptr + 32, challenge_client, 8); |
701 | memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len); |
702 | |
703 | /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */ |
704 | memcpy(ptr + 8, &ntlm->nonce[0], 8); |
705 | result = hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8, |
706 | NTLMv2_BLOB_LEN + 8, hmac_output); |
707 | if(result) { |
708 | free(ptr); |
709 | return result; |
710 | } |
711 | |
712 | /* Concatenate the HMAC MD5 output with the BLOB */ |
713 | memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN); |
714 | |
715 | /* Return the response */ |
716 | *ntresp = ptr; |
717 | *ntresp_len = len; |
718 | |
719 | return result; |
720 | } |
721 | |
722 | /* |
723 | * Curl_ntlm_core_mk_lmv2_resp() |
724 | * |
725 | * This creates the LMv2 response as used in the ntlm type-3 message. |
726 | * |
727 | * Parameters: |
728 | * |
729 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
730 | * challenge_client [in] - The client nonce (8 bytes) |
731 | * challenge_client [in] - The server challenge (8 bytes) |
732 | * lmresp [out] - The LMv2 response (24 bytes) |
733 | * |
734 | * Returns CURLE_OK on success. |
735 | */ |
736 | CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, |
737 | unsigned char *challenge_client, |
738 | unsigned char *challenge_server, |
739 | unsigned char *lmresp) |
740 | { |
741 | unsigned char data[16]; |
742 | unsigned char hmac_output[16]; |
743 | CURLcode result = CURLE_OK; |
744 | |
745 | memcpy(&data[0], challenge_server, 8); |
746 | memcpy(&data[8], challenge_client, 8); |
747 | |
748 | result = hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output); |
749 | if(result) |
750 | return result; |
751 | |
752 | /* Concatenate the HMAC MD5 output with the client nonce */ |
753 | memcpy(lmresp, hmac_output, 16); |
754 | memcpy(lmresp + 16, challenge_client, 8); |
755 | |
756 | return result; |
757 | } |
758 | |
759 | #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ |
760 | |
761 | #endif /* USE_NTRESPONSES */ |
762 | |
763 | #endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */ |
764 | |
765 | #endif /* USE_NTLM */ |
766 | |