diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-06 11:31:46 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-08-07 12:44:47 -0400 |
commit | 6a052f305734d648103275157a64961d51aaabbe (patch) | |
tree | 1e0e8ac2dcc4945de3c2e5ca95787fceab73ff30 | |
parent | d4e920b8e0cabbb0f8978c25c946036f644d2155 (diff) | |
download | gss-ntlmssp-6a052f305734d648103275157a64961d51aaabbe.tar.gz gss-ntlmssp-6a052f305734d648103275157a64961d51aaabbe.tar.xz gss-ntlmssp-6a052f305734d648103275157a64961d51aaabbe.zip |
Add helper to compute extended security challenge
-rw-r--r-- | src/ntlm.h | 12 | ||||
-rw-r--r-- | src/ntlm_crypto.c | 38 |
2 files changed, 36 insertions, 14 deletions
@@ -165,6 +165,18 @@ int NTOWFv1(const char *password, struct ntlm_key *result); int LMOWFv1(const char *password, struct ntlm_key *result); /** + * @brief Generate the challenge used in NTLMv1 w/ Extended Security + * + * @param server_chal An 8 byte long buffer w/ the server challenge + * @param client_chal An 8 byte long buffer w/ the client challenge + * @param result_chal An 8 byte long buffer w/ for the result + * + * @return 0 on success or ERR_CRYPTO + */ +int ntlm_compute_ext_sec_challenge(uint8_t *server_chal, + uint8_t *client_chal, + uint8_t *result_chal); +/** * @brief Generates a v1 NT Response * * @param nt_key The NTLMv1 key computed by NTOWFv1() diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index 0c5d618..370873a 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -128,30 +128,40 @@ int LMOWFv1(const char *password, struct ntlm_key *result) return WEAK_DES(&key, &plain, &cipher); } +int ntlm_compute_ext_sec_challenge(uint8_t *server_chal, + uint8_t *client_chal, + uint8_t *result_chal) +{ + uint8_t scbuf[16]; + uint8_t mdbuf[16]; + struct ntlm_buffer challenges = { scbuf, 16 }; + struct ntlm_buffer msgdigest = { mdbuf, 16 }; + int ret; + + memcpy(scbuf, server_chal, 8); + memcpy(&scbuf[8], client_chal, 8); + ret = MD5_HASH(&challenges, &msgdigest); + if (ret) return ret; + + memcpy(result_chal, mdbuf, 8); + return 0; +} + int ntlm_compute_nt_response(struct ntlm_key *nt_key, bool ext_sec, uint8_t server_chal[8], uint8_t client_chal[8], struct ntlm_buffer *nt_response) { struct ntlm_buffer key = { nt_key->data, nt_key->length }; - struct ntlm_buffer payload; - struct ntlm_buffer result; - uint8_t buf1[16]; - uint8_t buf2[16]; + uint8_t chal[8]; + struct ntlm_buffer payload = { chal, 8}; int ret; - memcpy(buf1, server_chal, 8); if (ext_sec) { - memcpy(&buf1[8], client_chal, 8); - payload.data = buf1; - payload.length = 16; - result.data = buf2; - result.length = 16; - ret = MD5_HASH(&payload, &result); + ret = ntlm_compute_ext_sec_challenge(server_chal, client_chal, chal); if (ret) return ret; - memcpy(buf1, result.data, 8); + } else { + memcpy(chal, server_chal, 8); } - payload.data = buf1; - payload.length = 8; return DESL(&key, &payload, nt_response); } |