From 6a052f305734d648103275157a64961d51aaabbe Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 6 Aug 2014 11:31:46 -0400
Subject: Add helper to compute extended security challenge

---
 src/ntlm.h        | 12 ++++++++++++
 src/ntlm_crypto.c | 38 ++++++++++++++++++++++++--------------
 2 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/src/ntlm.h b/src/ntlm.h
index a31a0ec..51204ec 100644
--- a/src/ntlm.h
+++ b/src/ntlm.h
@@ -164,6 +164,18 @@ int NTOWFv1(const char *password, struct ntlm_key *result);
  */
 int LMOWFv1(const char *password, struct ntlm_key *result);
 
+/**
+ * @brief   Generate the challenge used in NTLMv1 w/ Extended Security
+ *
+ * @param server_chal   An 8 byte long buffer w/ the server challenge
+ * @param client_chal   An 8 byte long buffer w/ the client challenge
+ * @param result_chal   An 8 byte long buffer w/ for the result
+ *
+ * @return 0 on success or ERR_CRYPTO
+ */
+int ntlm_compute_ext_sec_challenge(uint8_t *server_chal,
+                                   uint8_t *client_chal,
+                                   uint8_t *result_chal);
 /**
  * @brief   Generates a v1 NT Response
  *
diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c
index 0c5d618..370873a 100644
--- a/src/ntlm_crypto.c
+++ b/src/ntlm_crypto.c
@@ -128,30 +128,40 @@ int LMOWFv1(const char *password, struct ntlm_key *result)
     return WEAK_DES(&key, &plain, &cipher);
 }
 
+int ntlm_compute_ext_sec_challenge(uint8_t *server_chal,
+                                   uint8_t *client_chal,
+                                   uint8_t *result_chal)
+{
+    uint8_t scbuf[16];
+    uint8_t mdbuf[16];
+    struct ntlm_buffer challenges = { scbuf, 16 };
+    struct ntlm_buffer msgdigest = { mdbuf, 16 };
+    int ret;
+
+    memcpy(scbuf, server_chal, 8);
+    memcpy(&scbuf[8], client_chal, 8);
+    ret = MD5_HASH(&challenges, &msgdigest);
+    if (ret) return ret;
+
+    memcpy(result_chal, mdbuf, 8);
+    return 0;
+}
+
 int ntlm_compute_nt_response(struct ntlm_key *nt_key, bool ext_sec,
                              uint8_t server_chal[8], uint8_t client_chal[8],
                              struct ntlm_buffer *nt_response)
 {
     struct ntlm_buffer key = { nt_key->data, nt_key->length };
-    struct ntlm_buffer payload;
-    struct ntlm_buffer result;
-    uint8_t buf1[16];
-    uint8_t buf2[16];
+    uint8_t chal[8];
+    struct ntlm_buffer payload = { chal, 8};
     int ret;
 
-    memcpy(buf1, server_chal, 8);
     if (ext_sec) {
-        memcpy(&buf1[8], client_chal, 8);
-        payload.data = buf1;
-        payload.length = 16;
-        result.data = buf2;
-        result.length = 16;
-        ret = MD5_HASH(&payload, &result);
+        ret = ntlm_compute_ext_sec_challenge(server_chal, client_chal, chal);
         if (ret) return ret;
-        memcpy(buf1, result.data, 8);
+    } else {
+        memcpy(chal, server_chal, 8);
     }
-    payload.data = buf1;
-    payload.length = 8;
 
     return DESL(&key, &payload, nt_response);
 }
-- 
cgit