diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-05 22:36:42 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-07 12:44:46 -0400 |
| commit | d46909d5058cc08c61da39e8e8ff135b9b665a73 (patch) | |
| tree | 9821e364cb619d7c566c6560752be3df7cb601a8 | |
| parent | 121cd303f238d47ff6392c76fa4597794305e2e4 (diff) | |
| download | gss-ntlmssp-d46909d5058cc08c61da39e8e8ff135b9b665a73.tar.gz gss-ntlmssp-d46909d5058cc08c61da39e8e8ff135b9b665a73.tar.xz gss-ntlmssp-d46909d5058cc08c61da39e8e8ff135b9b665a73.zip | |
Add functions to verify NTLMv1 responses
| -rw-r--r-- | src/ntlm.h | 30 | ||||
| -rw-r--r-- | src/ntlm_crypto.c | 42 |
2 files changed, 72 insertions, 0 deletions
@@ -360,6 +360,36 @@ int ntlm_verify_lm_response(struct ntlm_buffer *lm_response, uint8_t server_chal[8], uint8_t client_chal[8]); /** + * @brief Verifies a NTLM v1 NT Response + * + * @param nt_response The NT Response buffer + * @param nt_key The NTLMv1 NT Key + * @param ext_sec Whether Extended Security was negotiated + * @param server_chal[8] The Server Challenge + * @param client_chal[8] The Client Challenge + * + * @return 0 on success, or an error + */ +int ntlm_verify_nt_response(struct ntlm_buffer *nt_response, + struct ntlm_key *nt_key, bool ext_sec, + uint8_t server_chal[8], uint8_t client_chal[8]); + +/** + * @brief Verifies a NTLM v1 LM Response + * + * @param lm_response The LM Response buffer + * @param lm_key The NTLMv1 LM Key + * @param ext_sec Whether Extended Security was negotiated + * @param server_chal[8] The Server Challenge + * @param client_chal[8] The Client Challenge + * + * @return 0 on success, or an error + */ +int ntlm_verify_lm_response(struct ntlm_buffer *lm_response, + struct ntlm_key *lm_key, bool ext_sec, + uint8_t server_chal[8], uint8_t client_chal[8]); + +/** * @brief Verifies a 16 bit NT Response * * @param nt_response The NT Response buffer including client challenge diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index 4d7b055..0c5d618 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -579,6 +579,48 @@ static int ntlm_seal_regen(struct ntlm_signseal_handle *h) return ret; } +int ntlm_verify_nt_response(struct ntlm_buffer *nt_response, + struct ntlm_key *nt_key, bool ext_sec, + uint8_t server_chal[8], uint8_t client_chal[8]) +{ + uint8_t buf[24]; + struct ntlm_buffer expected_response = { buf, 24 }; + int ret; + + ret = ntlm_compute_nt_response(nt_key, ext_sec, + server_chal, client_chal, + &expected_response); + if (ret) return ret; + + ret = EINVAL; + if (memcmp(nt_response->data, expected_response.data, 24) == 0) { + ret = 0; + } + + return ret; +} + +int ntlm_verify_lm_response(struct ntlm_buffer *lm_response, + struct ntlm_key *lm_key, bool ext_sec, + uint8_t server_chal[8], uint8_t client_chal[8]) +{ + uint8_t buf[24]; + struct ntlm_buffer expected_response = { buf, 24 }; + int ret; + + ret = ntlm_compute_lm_response(lm_key, ext_sec, + server_chal, client_chal, + &expected_response); + if (ret) return ret; + + ret = EINVAL; + if (memcmp(lm_response->data, expected_response.data, 24) == 0) { + ret = 0; + } + + return ret; +} + int ntlmv2_verify_nt_response(struct ntlm_buffer *nt_response, struct ntlm_key *ntlmv2_key, uint8_t server_chal[8]) |