Mercurial > dovecot > core-2.2
annotate src/lib-ntlm/ntlm-encrypt.c @ 2377:8f5be0be3199 HEAD
NTLM authentication. Patch by Andrey Panin
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 28 Jul 2004 18:39:29 +0300 |
parents | |
children | 6531fd0f779f |
rev | line source |
---|---|
2377
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * NTLM and NTLMv2 hash generation. |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * This library is free software; you can redistribute it and/or modify |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 * it under the terms of the GNU Lesser General Public License as published |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 * by the Free Software Foundation; either version 2 of the License, or |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 * (at your option) any later version. |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 */ |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include <ctype.h> |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "lib.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "buffer.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "compat.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "safe-memset.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include "md4.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include "hmac-md5.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #include "ntlm.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 #include "ntlm-des.h" |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 static unsigned char * |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 t_unicode_str(const char *src, int ucase, size_t *size) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 buffer_t *wstr; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 wstr = buffer_create_dynamic(unsafe_data_stack_pool, 32, (size_t)-1); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 for ( ; *src; src++) { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 buffer_append_c(wstr, ucase ? i_toupper(*src) : *src); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 buffer_append_c(wstr, '\0'); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 *size = buffer_get_used_size(wstr); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 return buffer_free_without_data(wstr); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 static void |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 ntlmssp_des_encrypt_triad(const unsigned char *hash, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 const unsigned char *challenge, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 unsigned char *response) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 deshash(response, hash, challenge); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 deshash(response + 8, hash + 7, challenge); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 deshash(response + 16, hash + 14, challenge); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 const unsigned char * |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 ntlm_v1_hash(const char *passwd, unsigned char hash[NTLMSSP_HASH_SIZE]) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 size_t len; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 void *wpwd = t_unicode_str(passwd, 0, &len); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 md4_get_digest(wpwd, len, hash); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 safe_memset(wpwd, 0, len); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 return hash; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 static void |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 hmac_md5_ucs2le_string_ucase(struct hmac_md5_context *ctx, const char *str) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 size_t len; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 unsigned char *wstr = t_unicode_str(str, 1, &len); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 hmac_md5_update(ctx, wstr, len); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 static void |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 ntlm_v2_hash(const char *user, const char *target, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 const unsigned char *hash_v1, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 unsigned char hash[NTLMSSP_V2_HASH_SIZE]) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 struct hmac_md5_context ctx; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 hmac_md5_init(&ctx, hash_v1, NTLMSSP_HASH_SIZE); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 hmac_md5_ucs2le_string_ucase(&ctx, user); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 if (target) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 hmac_md5_ucs2le_string_ucase(&ctx, target); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 hmac_md5_final(&ctx, hash); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 void |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 ntlmssp_v1_response(const unsigned char *hash, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 const unsigned char *challenge, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 unsigned char response[NTLMSSP_RESPONSE_SIZE]) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 unsigned char des_hash[NTLMSSP_DES_KEY_LENGTH * 3]; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 memcpy(des_hash, hash, NTLMSSP_HASH_SIZE); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 memset(des_hash + NTLMSSP_HASH_SIZE, 0, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 sizeof(des_hash) - NTLMSSP_HASH_SIZE); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 ntlmssp_des_encrypt_triad(des_hash, challenge, response); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 } |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 void |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 ntlmssp_v2_response(const char *user, const char *target, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 const unsigned char *hash_v1, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 const unsigned char *challenge, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 const unsigned char *blob, size_t blob_size, |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 unsigned char response[NTLMSSP_V2_RESPONSE_SIZE]) |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 { |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 struct hmac_md5_context ctx; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 unsigned char hash[NTLMSSP_V2_HASH_SIZE]; |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 ntlm_v2_hash(user, target, hash_v1, hash); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 hmac_md5_init(&ctx, hash, NTLMSSP_V2_HASH_SIZE); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 hmac_md5_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 hmac_md5_update(&ctx, blob, blob_size); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 hmac_md5_final(&ctx, response); |
8f5be0be3199
NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 } |