| 1 | /*************************************************************************** |
|---|---|
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | ***************************************************************************/ |
| 22 | |
| 23 | #include "curl_setup.h" |
| 24 | |
| 25 | #if defined(USE_NTLM) |
| 26 | |
| 27 | /* |
| 28 | * NTLM details: |
| 29 | * |
| 30 | * https://davenport.sourceforge.io/ntlm.html |
| 31 | * https://www.innovation.ch/java/ntlm.html |
| 32 | */ |
| 33 | |
| 34 | /* Please keep the SSL backend-specific #if branches in this order: |
| 35 | |
| 36 | 1. USE_OPENSSL |
| 37 | 2. USE_GNUTLS_NETTLE |
| 38 | 3. USE_GNUTLS |
| 39 | 4. USE_NSS |
| 40 | 5. USE_MBEDTLS |
| 41 | 6. USE_SECTRANSP |
| 42 | 7. USE_OS400CRYPTO |
| 43 | 8. USE_WIN32_CRYPTO |
| 44 | |
| 45 | This ensures that: |
| 46 | - the same SSL branch gets activated throughout this source |
| 47 | file even if multiple backends are enabled at the same time. |
| 48 | - OpenSSL and NSS have higher priority than Windows Crypt, due |
| 49 | to issues with the latter supporting NTLM2Session responses |
| 50 | in NTLM type-3 messages. |
| 51 | */ |
| 52 | |
| 53 | #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) |
| 54 | |
| 55 | #ifdef USE_OPENSSL |
| 56 | |
| 57 | # include <openssl/des.h> |
| 58 | # include <openssl/md5.h> |
| 59 | # include <openssl/ssl.h> |
| 60 | # include <openssl/rand.h> |
| 61 | # if (OPENSSL_VERSION_NUMBER < 0x00907001L) |
| 62 | # define DES_key_schedule des_key_schedule |
| 63 | # define DES_cblock des_cblock |
| 64 | # define DES_set_odd_parity des_set_odd_parity |
| 65 | # define DES_set_key des_set_key |
| 66 | # define DES_ecb_encrypt des_ecb_encrypt |
| 67 | # define DESKEY(x) x |
| 68 | # define DESKEYARG(x) x |
| 69 | # else |
| 70 | # define DESKEYARG(x) *x |
| 71 | # define DESKEY(x) &x |
| 72 | # endif |
| 73 | |
| 74 | #elif defined(USE_GNUTLS_NETTLE) |
| 75 | |
| 76 | # include <nettle/des.h> |
| 77 | |
| 78 | #elif defined(USE_GNUTLS) |
| 79 | |
| 80 | # include <gcrypt.h> |
| 81 | # define MD5_DIGEST_LENGTH 16 |
| 82 | |
| 83 | #elif defined(USE_NSS) |
| 84 | |
| 85 | # include <nss.h> |
| 86 | # include <pk11pub.h> |
| 87 | # include <hasht.h> |
| 88 | # define MD5_DIGEST_LENGTH MD5_LENGTH |
| 89 | |
| 90 | #elif defined(USE_MBEDTLS) |
| 91 | |
| 92 | # include <mbedtls/des.h> |
| 93 | # include "curl_md4.h" |
| 94 | |
| 95 | #elif defined(USE_SECTRANSP) |
| 96 | |
| 97 | # include <CommonCrypto/CommonCryptor.h> |
| 98 | # include <CommonCrypto/CommonDigest.h> |
| 99 | |
| 100 | #elif defined(USE_OS400CRYPTO) |
| 101 | # include "cipher.mih" /* mih/cipher */ |
| 102 | #elif defined(USE_WIN32_CRYPTO) |
| 103 | # include <wincrypt.h> |
| 104 | #else |
| 105 | # error "Can't compile NTLM support without a crypto library." |
| 106 | #endif |
| 107 | |
| 108 | #include "urldata.h" |
| 109 | #include "non-ascii.h" |
| 110 | #include "strcase.h" |
| 111 | #include "curl_ntlm_core.h" |
| 112 | #include "curl_md5.h" |
| 113 | #include "curl_hmac.h" |
| 114 | #include "warnless.h" |
| 115 | #include "curl_endian.h" |
| 116 | #include "curl_des.h" |
| 117 | #include "curl_md4.h" |
| 118 | /* The last 3 #include files should be in this order */ |
| 119 | #include "curl_printf.h" |
| 120 | #include "curl_memory.h" |
| 121 | #include "memdebug.h" |
| 122 | |
| 123 | #define NTLM_HMAC_MD5_LEN (16) |
| 124 | #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" |
| 125 | #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) |
| 126 | |
| 127 | /* |
| 128 | * Turns a 56-bit key into being 64-bit wide. |
| 129 | */ |
| 130 | static void extend_key_56_to_64(const unsigned char *key_56, char *key) |
| 131 | { |
| 132 | key[0] = key_56[0]; |
| 133 | key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); |
| 134 | key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); |
| 135 | key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); |
| 136 | key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); |
| 137 | key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); |
| 138 | key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); |
| 139 | key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); |
| 140 | } |
| 141 | |
| 142 | #ifdef USE_OPENSSL |
| 143 | /* |
| 144 | * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The |
| 145 | * key schedule ks is also set. |
| 146 | */ |
| 147 | static void setup_des_key(const unsigned char *key_56, |
| 148 | DES_key_schedule DESKEYARG(ks)) |
| 149 | { |
| 150 | DES_cblock key; |
| 151 | |
| 152 | /* Expand the 56-bit key to 64-bits */ |
| 153 | extend_key_56_to_64(key_56, (char *) &key); |
| 154 | |
| 155 | /* Set the key parity to odd */ |
| 156 | DES_set_odd_parity(&key); |
| 157 | |
| 158 | /* Set the key */ |
| 159 | DES_set_key(&key, ks); |
| 160 | } |
| 161 | |
| 162 | #elif defined(USE_GNUTLS_NETTLE) |
| 163 | |
| 164 | static void setup_des_key(const unsigned char *key_56, |
| 165 | struct des_ctx *des) |
| 166 | { |
| 167 | char key[8]; |
| 168 | |
| 169 | /* Expand the 56-bit key to 64-bits */ |
| 170 | extend_key_56_to_64(key_56, key); |
| 171 | |
| 172 | /* Set the key parity to odd */ |
| 173 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
| 174 | |
| 175 | /* Set the key */ |
| 176 | des_set_key(des, (const uint8_t *) key); |
| 177 | } |
| 178 | |
| 179 | #elif defined(USE_GNUTLS) |
| 180 | |
| 181 | /* |
| 182 | * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. |
| 183 | */ |
| 184 | static void setup_des_key(const unsigned char *key_56, |
| 185 | gcry_cipher_hd_t *des) |
| 186 | { |
| 187 | char key[8]; |
| 188 | |
| 189 | /* Expand the 56-bit key to 64-bits */ |
| 190 | extend_key_56_to_64(key_56, key); |
| 191 | |
| 192 | /* Set the key parity to odd */ |
| 193 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
| 194 | |
| 195 | /* Set the key */ |
| 196 | gcry_cipher_setkey(*des, key, sizeof(key)); |
| 197 | } |
| 198 | |
| 199 | #elif defined(USE_NSS) |
| 200 | |
| 201 | /* |
| 202 | * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using |
| 203 | * the expanded key. The caller is responsible for giving 64 bit of valid |
| 204 | * data is IN and (at least) 64 bit large buffer as OUT. |
| 205 | */ |
| 206 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
| 207 | const unsigned char *key_56) |
| 208 | { |
| 209 | const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */ |
| 210 | char key[8]; /* expanded 64 bit key */ |
| 211 | SECItem key_item; |
| 212 | PK11SymKey *symkey = NULL; |
| 213 | SECItem *param = NULL; |
| 214 | PK11Context *ctx = NULL; |
| 215 | int out_len; /* not used, required by NSS */ |
| 216 | bool rv = FALSE; |
| 217 | |
| 218 | /* use internal slot for DES encryption (requires NSS to be initialized) */ |
| 219 | PK11SlotInfo *slot = PK11_GetInternalKeySlot(); |
| 220 | if(!slot) |
| 221 | return FALSE; |
| 222 | |
| 223 | /* Expand the 56-bit key to 64-bits */ |
| 224 | extend_key_56_to_64(key_56, key); |
| 225 | |
| 226 | /* Set the key parity to odd */ |
| 227 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
| 228 | |
| 229 | /* Import the key */ |
| 230 | key_item.data = (unsigned char *)key; |
| 231 | key_item.len = sizeof(key); |
| 232 | symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT, |
| 233 | &key_item, NULL); |
| 234 | if(!symkey) |
| 235 | goto fail; |
| 236 | |
| 237 | /* Create the DES encryption context */ |
| 238 | param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL); |
| 239 | if(!param) |
| 240 | goto fail; |
| 241 | ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param); |
| 242 | if(!ctx) |
| 243 | goto fail; |
| 244 | |
| 245 | /* Perform the encryption */ |
| 246 | if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8, |
| 247 | (unsigned char *)in, /* inbuflen */ 8) |
| 248 | && SECSuccess == PK11_Finalize(ctx)) |
| 249 | rv = /* all OK */ TRUE; |
| 250 | |
| 251 | fail: |
| 252 | /* cleanup */ |
| 253 | if(ctx) |
| 254 | PK11_DestroyContext(ctx, PR_TRUE); |
| 255 | if(symkey) |
| 256 | PK11_FreeSymKey(symkey); |
| 257 | if(param) |
| 258 | SECITEM_FreeItem(param, PR_TRUE); |
| 259 | PK11_FreeSlot(slot); |
| 260 | return rv; |
| 261 | } |
| 262 | |
| 263 | #elif defined(USE_MBEDTLS) |
| 264 | |
| 265 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
| 266 | const unsigned char *key_56) |
| 267 | { |
| 268 | mbedtls_des_context ctx; |
| 269 | char key[8]; |
| 270 | |
| 271 | /* Expand the 56-bit key to 64-bits */ |
| 272 | extend_key_56_to_64(key_56, key); |
| 273 | |
| 274 | /* Set the key parity to odd */ |
| 275 | mbedtls_des_key_set_parity((unsigned char *) key); |
| 276 | |
| 277 | /* Perform the encryption */ |
| 278 | mbedtls_des_init(&ctx); |
| 279 | mbedtls_des_setkey_enc(&ctx, (unsigned char *) key); |
| 280 | return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; |
| 281 | } |
| 282 | |
| 283 | #elif defined(USE_SECTRANSP) |
| 284 | |
| 285 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
| 286 | const unsigned char *key_56) |
| 287 | { |
| 288 | char key[8]; |
| 289 | size_t out_len; |
| 290 | CCCryptorStatus err; |
| 291 | |
| 292 | /* Expand the 56-bit key to 64-bits */ |
| 293 | extend_key_56_to_64(key_56, key); |
| 294 | |
| 295 | /* Set the key parity to odd */ |
| 296 | Curl_des_set_odd_parity((unsigned char *) key, sizeof(key)); |
| 297 | |
| 298 | /* Perform the encryption */ |
| 299 | err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key, |
| 300 | kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out, |
| 301 | 8 /* outbuflen */, &out_len); |
| 302 | |
| 303 | return err == kCCSuccess; |
| 304 | } |
| 305 | |
| 306 | #elif defined(USE_OS400CRYPTO) |
| 307 | |
| 308 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
| 309 | const unsigned char *key_56) |
| 310 | { |
| 311 | char key[8]; |
| 312 | _CIPHER_Control_T ctl; |
| 313 | |
| 314 | /* Setup the cipher control structure */ |
| 315 | ctl.Func_ID = ENCRYPT_ONLY; |
| 316 | ctl.Data_Len = sizeof(key); |
| 317 | |
| 318 | /* Expand the 56-bit key to 64-bits */ |
| 319 | extend_key_56_to_64(key_56, ctl.Crypto_Key); |
| 320 | |
| 321 | /* Set the key parity to odd */ |
| 322 | Curl_des_set_odd_parity((unsigned char *) ctl.Crypto_Key, ctl.Data_Len); |
| 323 | |
| 324 | /* Perform the encryption */ |
| 325 | _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in); |
| 326 | |
| 327 | return TRUE; |
| 328 | } |
| 329 | |
| 330 | #elif defined(USE_WIN32_CRYPTO) |
| 331 | |
| 332 | static bool encrypt_des(const unsigned char *in, unsigned char *out, |
| 333 | const unsigned char *key_56) |
| 334 | { |
| 335 | HCRYPTPROV hprov; |
| 336 | HCRYPTKEY hkey; |
| 337 | struct { |
| 338 | BLOBHEADER hdr; |
| 339 | unsigned int len; |
| 340 | char key[8]; |
| 341 | } blob; |
| 342 | DWORD len = 8; |
| 343 | |
| 344 | /* Acquire the crypto provider */ |
| 345 | if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL, |
| 346 | CRYPT_VERIFYCONTEXT)) |
| 347 | return FALSE; |
| 348 | |
| 349 | /* Setup the key blob structure */ |
| 350 | memset(&blob, 0, sizeof(blob)); |
| 351 | blob.hdr.bType = PLAINTEXTKEYBLOB; |
| 352 | blob.hdr.bVersion = 2; |
| 353 | blob.hdr.aiKeyAlg = CALG_DES; |
| 354 | blob.len = sizeof(blob.key); |
| 355 | |
| 356 | /* Expand the 56-bit key to 64-bits */ |
| 357 | extend_key_56_to_64(key_56, blob.key); |
| 358 | |
| 359 | /* Set the key parity to odd */ |
| 360 | Curl_des_set_odd_parity((unsigned char *) blob.key, sizeof(blob.key)); |
| 361 | |
| 362 | /* Import the key */ |
| 363 | if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) { |
| 364 | CryptReleaseContext(hprov, 0); |
| 365 | |
| 366 | return FALSE; |
| 367 | } |
| 368 | |
| 369 | memcpy(out, in, 8); |
| 370 | |
| 371 | /* Perform the encryption */ |
| 372 | CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len); |
| 373 | |
| 374 | CryptDestroyKey(hkey); |
| 375 | CryptReleaseContext(hprov, 0); |
| 376 | |
| 377 | return TRUE; |
| 378 | } |
| 379 | |
| 380 | #endif /* defined(USE_WIN32_CRYPTO) */ |
| 381 | |
| 382 | /* |
| 383 | * takes a 21 byte array and treats it as 3 56-bit DES keys. The |
| 384 | * 8 byte plaintext is encrypted with each key and the resulting 24 |
| 385 | * bytes are stored in the results array. |
| 386 | */ |
| 387 | void Curl_ntlm_core_lm_resp(const unsigned char *keys, |
| 388 | const unsigned char *plaintext, |
| 389 | unsigned char *results) |
| 390 | { |
| 391 | #ifdef USE_OPENSSL |
| 392 | DES_key_schedule ks; |
| 393 | |
| 394 | setup_des_key(keys, DESKEY(ks)); |
| 395 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, |
| 396 | DESKEY(ks), DES_ENCRYPT); |
| 397 | |
| 398 | setup_des_key(keys + 7, DESKEY(ks)); |
| 399 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8), |
| 400 | DESKEY(ks), DES_ENCRYPT); |
| 401 | |
| 402 | setup_des_key(keys + 14, DESKEY(ks)); |
| 403 | DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16), |
| 404 | DESKEY(ks), DES_ENCRYPT); |
| 405 | #elif defined(USE_GNUTLS_NETTLE) |
| 406 | struct des_ctx des; |
| 407 | setup_des_key(keys, &des); |
| 408 | des_encrypt(&des, 8, results, plaintext); |
| 409 | setup_des_key(keys + 7, &des); |
| 410 | des_encrypt(&des, 8, results + 8, plaintext); |
| 411 | setup_des_key(keys + 14, &des); |
| 412 | des_encrypt(&des, 8, results + 16, plaintext); |
| 413 | #elif defined(USE_GNUTLS) |
| 414 | gcry_cipher_hd_t des; |
| 415 | |
| 416 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
| 417 | setup_des_key(keys, &des); |
| 418 | gcry_cipher_encrypt(des, results, 8, plaintext, 8); |
| 419 | gcry_cipher_close(des); |
| 420 | |
| 421 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
| 422 | setup_des_key(keys + 7, &des); |
| 423 | gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8); |
| 424 | gcry_cipher_close(des); |
| 425 | |
| 426 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
| 427 | setup_des_key(keys + 14, &des); |
| 428 | gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); |
| 429 | gcry_cipher_close(des); |
| 430 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
| 431 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
| 432 | encrypt_des(plaintext, results, keys); |
| 433 | encrypt_des(plaintext, results + 8, keys + 7); |
| 434 | encrypt_des(plaintext, results + 16, keys + 14); |
| 435 | #endif |
| 436 | } |
| 437 | |
| 438 | /* |
| 439 | * Set up lanmanager hashed password |
| 440 | */ |
| 441 | CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, |
| 442 | const char *password, |
| 443 | unsigned char *lmbuffer /* 21 bytes */) |
| 444 | { |
| 445 | CURLcode result; |
| 446 | unsigned char pw[14]; |
| 447 | static const unsigned char magic[] = { |
| 448 | 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ |
| 449 | }; |
| 450 | size_t len = CURLMIN(strlen(password), 14); |
| 451 | |
| 452 | Curl_strntoupper((char *)pw, password, len); |
| 453 | memset(&pw[len], 0, 14 - len); |
| 454 | |
| 455 | /* |
| 456 | * The LanManager hashed password needs to be created using the |
| 457 | * password in the network encoding not the host encoding. |
| 458 | */ |
| 459 | result = Curl_convert_to_network(data, (char *)pw, 14); |
| 460 | if(result) |
| 461 | return result; |
| 462 | |
| 463 | { |
| 464 | /* Create LanManager hashed password. */ |
| 465 | |
| 466 | #ifdef USE_OPENSSL |
| 467 | DES_key_schedule ks; |
| 468 | |
| 469 | setup_des_key(pw, DESKEY(ks)); |
| 470 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, |
| 471 | DESKEY(ks), DES_ENCRYPT); |
| 472 | |
| 473 | setup_des_key(pw + 7, DESKEY(ks)); |
| 474 | DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8), |
| 475 | DESKEY(ks), DES_ENCRYPT); |
| 476 | #elif defined(USE_GNUTLS_NETTLE) |
| 477 | struct des_ctx des; |
| 478 | setup_des_key(pw, &des); |
| 479 | des_encrypt(&des, 8, lmbuffer, magic); |
| 480 | setup_des_key(pw + 7, &des); |
| 481 | des_encrypt(&des, 8, lmbuffer + 8, magic); |
| 482 | #elif defined(USE_GNUTLS) |
| 483 | gcry_cipher_hd_t des; |
| 484 | |
| 485 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
| 486 | setup_des_key(pw, &des); |
| 487 | gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8); |
| 488 | gcry_cipher_close(des); |
| 489 | |
| 490 | gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); |
| 491 | setup_des_key(pw + 7, &des); |
| 492 | gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); |
| 493 | gcry_cipher_close(des); |
| 494 | #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ |
| 495 | || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) |
| 496 | encrypt_des(magic, lmbuffer, pw); |
| 497 | encrypt_des(magic, lmbuffer + 8, pw + 7); |
| 498 | #endif |
| 499 | |
| 500 | memset(lmbuffer + 16, 0, 21 - 16); |
| 501 | } |
| 502 | |
| 503 | return CURLE_OK; |
| 504 | } |
| 505 | |
| 506 | #ifdef USE_NTRESPONSES |
| 507 | static void ascii_to_unicode_le(unsigned char *dest, const char *src, |
| 508 | size_t srclen) |
| 509 | { |
| 510 | size_t i; |
| 511 | for(i = 0; i < srclen; i++) { |
| 512 | dest[2 * i] = (unsigned char)src[i]; |
| 513 | dest[2 * i + 1] = '\0'; |
| 514 | } |
| 515 | } |
| 516 | |
| 517 | #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) |
| 518 | |
| 519 | static void ascii_uppercase_to_unicode_le(unsigned char *dest, |
| 520 | const char *src, size_t srclen) |
| 521 | { |
| 522 | size_t i; |
| 523 | for(i = 0; i < srclen; i++) { |
| 524 | dest[2 * i] = (unsigned char)(Curl_raw_toupper(src[i])); |
| 525 | dest[2 * i + 1] = '\0'; |
| 526 | } |
| 527 | } |
| 528 | |
| 529 | #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ |
| 530 | |
| 531 | /* |
| 532 | * Set up nt hashed passwords |
| 533 | * @unittest: 1600 |
| 534 | */ |
| 535 | CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, |
| 536 | const char *password, |
| 537 | unsigned char *ntbuffer /* 21 bytes */) |
| 538 | { |
| 539 | size_t len = strlen(password); |
| 540 | unsigned char *pw; |
| 541 | CURLcode result; |
| 542 | if(len > SIZE_T_MAX/2) /* avoid integer overflow */ |
| 543 | return CURLE_OUT_OF_MEMORY; |
| 544 | pw = len ? malloc(len * 2) : (unsigned char *)strdup(""); |
| 545 | if(!pw) |
| 546 | return CURLE_OUT_OF_MEMORY; |
| 547 | |
| 548 | ascii_to_unicode_le(pw, password, len); |
| 549 | |
| 550 | /* |
| 551 | * The NT hashed password needs to be created using the password in the |
| 552 | * network encoding not the host encoding. |
| 553 | */ |
| 554 | result = Curl_convert_to_network(data, (char *)pw, len * 2); |
| 555 | if(result) |
| 556 | return result; |
| 557 | |
| 558 | /* Create NT hashed password. */ |
| 559 | Curl_md4it(ntbuffer, pw, 2 * len); |
| 560 | |
| 561 | memset(ntbuffer + 16, 0, 21 - 16); |
| 562 | |
| 563 | free(pw); |
| 564 | |
| 565 | return CURLE_OK; |
| 566 | } |
| 567 | |
| 568 | #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) |
| 569 | |
| 570 | /* This returns the HMAC MD5 digest */ |
| 571 | static CURLcode hmac_md5(const unsigned char *key, unsigned int keylen, |
| 572 | const unsigned char *data, unsigned int datalen, |
| 573 | unsigned char *output) |
| 574 | { |
| 575 | HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen); |
| 576 | |
| 577 | if(!ctxt) |
| 578 | return CURLE_OUT_OF_MEMORY; |
| 579 | |
| 580 | /* Update the digest with the given challenge */ |
| 581 | Curl_HMAC_update(ctxt, data, datalen); |
| 582 | |
| 583 | /* Finalise the digest */ |
| 584 | Curl_HMAC_final(ctxt, output); |
| 585 | |
| 586 | return CURLE_OK; |
| 587 | } |
| 588 | |
| 589 | /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode |
| 590 | * (uppercase UserName + Domain) as the data |
| 591 | */ |
| 592 | CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, |
| 593 | const char *domain, size_t domlen, |
| 594 | unsigned char *ntlmhash, |
| 595 | unsigned char *ntlmv2hash) |
| 596 | { |
| 597 | /* Unicode representation */ |
| 598 | size_t identity_len; |
| 599 | unsigned char *identity; |
| 600 | CURLcode result = CURLE_OK; |
| 601 | |
| 602 | /* we do the length checks below separately to avoid integer overflow risk |
| 603 | on extreme data lengths */ |
| 604 | if((userlen > SIZE_T_MAX/2) || |
| 605 | (domlen > SIZE_T_MAX/2) || |
| 606 | ((userlen + domlen) > SIZE_T_MAX/2)) |
| 607 | return CURLE_OUT_OF_MEMORY; |
| 608 | |
| 609 | identity_len = (userlen + domlen) * 2; |
| 610 | identity = malloc(identity_len); |
| 611 | |
| 612 | if(!identity) |
| 613 | return CURLE_OUT_OF_MEMORY; |
| 614 | |
| 615 | ascii_uppercase_to_unicode_le(identity, user, userlen); |
| 616 | ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); |
| 617 | |
| 618 | result = hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len), |
| 619 | ntlmv2hash); |
| 620 | free(identity); |
| 621 | |
| 622 | return result; |
| 623 | } |
| 624 | |
| 625 | /* |
| 626 | * Curl_ntlm_core_mk_ntlmv2_resp() |
| 627 | * |
| 628 | * This creates the NTLMv2 response as set in the ntlm type-3 message. |
| 629 | * |
| 630 | * Parameters: |
| 631 | * |
| 632 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
| 633 | * challenge_client [in] - The client nonce (8 bytes) |
| 634 | * ntlm [in] - The ntlm data struct being used to read TargetInfo |
| 635 | and Server challenge received in the type-2 message |
| 636 | * ntresp [out] - The address where a pointer to newly allocated |
| 637 | * memory holding the NTLMv2 response. |
| 638 | * ntresp_len [out] - The length of the output message. |
| 639 | * |
| 640 | * Returns CURLE_OK on success. |
| 641 | */ |
| 642 | CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, |
| 643 | unsigned char *challenge_client, |
| 644 | struct ntlmdata *ntlm, |
| 645 | unsigned char **ntresp, |
| 646 | unsigned int *ntresp_len) |
| 647 | { |
| 648 | /* NTLMv2 response structure : |
| 649 | ------------------------------------------------------------------------------ |
| 650 | 0 HMAC MD5 16 bytes |
| 651 | ------BLOB-------------------------------------------------------------------- |
| 652 | 16 Signature 0x01010000 |
| 653 | 20 Reserved long (0x00000000) |
| 654 | 24 Timestamp LE, 64-bit signed value representing the number of |
| 655 | tenths of a microsecond since January 1, 1601. |
| 656 | 32 Client Nonce 8 bytes |
| 657 | 40 Unknown 4 bytes |
| 658 | 44 Target Info N bytes (from the type-2 message) |
| 659 | 44+N Unknown 4 bytes |
| 660 | ------------------------------------------------------------------------------ |
| 661 | */ |
| 662 | |
| 663 | unsigned int len = 0; |
| 664 | unsigned char *ptr = NULL; |
| 665 | unsigned char hmac_output[NTLM_HMAC_MD5_LEN]; |
| 666 | curl_off_t tw; |
| 667 | |
| 668 | CURLcode result = CURLE_OK; |
| 669 | |
| 670 | #if CURL_SIZEOF_CURL_OFF_T < 8 |
| 671 | #error "this section needs 64bit support to work" |
| 672 | #endif |
| 673 | |
| 674 | /* Calculate the timestamp */ |
| 675 | #ifdef DEBUGBUILD |
| 676 | char *force_timestamp = getenv("CURL_FORCETIME"); |
| 677 | if(force_timestamp) |
| 678 | tw = CURL_OFF_T_C(11644473600) * 10000000; |
| 679 | else |
| 680 | #endif |
| 681 | tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000; |
| 682 | |
| 683 | /* Calculate the response len */ |
| 684 | len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN; |
| 685 | |
| 686 | /* Allocate the response */ |
| 687 | ptr = calloc(1, len); |
| 688 | if(!ptr) |
| 689 | return CURLE_OUT_OF_MEMORY; |
| 690 | |
| 691 | /* Create the BLOB structure */ |
| 692 | msnprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN, |
| 693 | "%c%c%c%c"/* NTLMv2_BLOB_SIGNATURE */ |
| 694 | "%c%c%c%c", /* Reserved = 0 */ |
| 695 | NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1], |
| 696 | NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3], |
| 697 | 0, 0, 0, 0); |
| 698 | |
| 699 | Curl_write64_le(tw, ptr + 24); |
| 700 | memcpy(ptr + 32, challenge_client, 8); |
| 701 | memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len); |
| 702 | |
| 703 | /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */ |
| 704 | memcpy(ptr + 8, &ntlm->nonce[0], 8); |
| 705 | result = hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8, |
| 706 | NTLMv2_BLOB_LEN + 8, hmac_output); |
| 707 | if(result) { |
| 708 | free(ptr); |
| 709 | return result; |
| 710 | } |
| 711 | |
| 712 | /* Concatenate the HMAC MD5 output with the BLOB */ |
| 713 | memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN); |
| 714 | |
| 715 | /* Return the response */ |
| 716 | *ntresp = ptr; |
| 717 | *ntresp_len = len; |
| 718 | |
| 719 | return result; |
| 720 | } |
| 721 | |
| 722 | /* |
| 723 | * Curl_ntlm_core_mk_lmv2_resp() |
| 724 | * |
| 725 | * This creates the LMv2 response as used in the ntlm type-3 message. |
| 726 | * |
| 727 | * Parameters: |
| 728 | * |
| 729 | * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) |
| 730 | * challenge_client [in] - The client nonce (8 bytes) |
| 731 | * challenge_client [in] - The server challenge (8 bytes) |
| 732 | * lmresp [out] - The LMv2 response (24 bytes) |
| 733 | * |
| 734 | * Returns CURLE_OK on success. |
| 735 | */ |
| 736 | CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, |
| 737 | unsigned char *challenge_client, |
| 738 | unsigned char *challenge_server, |
| 739 | unsigned char *lmresp) |
| 740 | { |
| 741 | unsigned char data[16]; |
| 742 | unsigned char hmac_output[16]; |
| 743 | CURLcode result = CURLE_OK; |
| 744 | |
| 745 | memcpy(&data[0], challenge_server, 8); |
| 746 | memcpy(&data[8], challenge_client, 8); |
| 747 | |
| 748 | result = hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output); |
| 749 | if(result) |
| 750 | return result; |
| 751 | |
| 752 | /* Concatenate the HMAC MD5 output with the client nonce */ |
| 753 | memcpy(lmresp, hmac_output, 16); |
| 754 | memcpy(lmresp + 16, challenge_client, 8); |
| 755 | |
| 756 | return result; |
| 757 | } |
| 758 | |
| 759 | #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ |
| 760 | |
| 761 | #endif /* USE_NTRESPONSES */ |
| 762 | |
| 763 | #endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */ |
| 764 | |
| 765 | #endif /* USE_NTLM */ |
| 766 |
Generated on 2019-Nov-27 from project Curl revision 7.18.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.