diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-06 17:53:58 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
commit | 2fef5bb26b1141f0f42bb5cb488c0eaa06a76d78 (patch) | |
tree | 54ab0e29b675925f55b7c1ca836f8ad54f71e6d2 | |
parent | ffc782afefb404e323ac30cc64e1852a3bcf83d5 (diff) | |
download | gss-ntlmssp-2fef5bb26b1141f0f42bb5cb488c0eaa06a76d78.tar.gz gss-ntlmssp-2fef5bb26b1141f0f42bb5cb488c0eaa06a76d78.tar.xz gss-ntlmssp-2fef5bb26b1141f0f42bb5cb488c0eaa06a76d78.zip |
Add function to verify Channel Binding Token
-rw-r--r-- | src/ntlm.h | 10 | ||||
-rw-r--r-- | src/ntlm_crypto.c | 17 |
2 files changed, 27 insertions, 0 deletions
@@ -461,6 +461,16 @@ int ntlm_verify_mic(struct ntlm_key *key, int ntlm_hash_channel_bindings(struct ntlm_buffer *unhashed, struct ntlm_buffer *signature); +/** + * @brief Verifies Channel binding signature from unhashed data. + * + * @param unhashed The unhashed channel bindings data + * @param signature The recieved MD5 signature to check against + * + * @return 0 on success, EACCES if the CBT fails to verify, or an error + */ +int ntlm_verify_channel_bindings(struct ntlm_buffer *unhashed, + struct ntlm_buffer *signature); /* ############## ENCODING / DECODING ############## */ diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index a0b7f24..bf4878a 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -866,3 +866,20 @@ int ntlm_hash_channel_bindings(struct ntlm_buffer *unhashed, safefree(input.data); return ret; } + +int ntlm_verify_channel_bindings(struct ntlm_buffer *unhashed, + struct ntlm_buffer *signature) +{ + uint8_t cbbuf[16]; + struct ntlm_buffer cb = { cbbuf, 16 }; + int ret; + + if (signature->length != 16) return EINVAL; + + ret = ntlm_hash_channel_bindings(unhashed, &cb); + if (ret) return ret; + + if (memcmp(cb.data, signature->data, 16) != 0) return EACCES; + + return 0; +} |