From d46909d5058cc08c61da39e8e8ff135b9b665a73 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 5 Aug 2014 22:36:42 -0400
Subject: Add functions to verify NTLMv1 responses

---
 src/ntlm.h        | 30 ++++++++++++++++++++++++++++++
 src/ntlm_crypto.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)

diff --git a/src/ntlm.h b/src/ntlm.h
index 29f6221..a31a0ec 100644
--- a/src/ntlm.h
+++ b/src/ntlm.h
@@ -359,6 +359,36 @@ int ntlm_verify_lm_response(struct ntlm_buffer *lm_response,
                             struct ntlm_key *lm_key, bool ext_sec,
                             uint8_t server_chal[8], uint8_t client_chal[8]);
 
+/**
+ * @brief   Verifies a NTLM v1 NT Response
+ *
+ * @param nt_response       The NT Response buffer
+ * @param nt_key            The NTLMv1 NT Key
+ * @param ext_sec           Whether Extended Security was negotiated
+ * @param server_chal[8]    The Server Challenge
+ * @param client_chal[8]    The Client Challenge
+ *
+ * @return 0 on success, or an error
+ */
+int ntlm_verify_nt_response(struct ntlm_buffer *nt_response,
+                            struct ntlm_key *nt_key, bool ext_sec,
+                            uint8_t server_chal[8], uint8_t client_chal[8]);
+
+/**
+ * @brief   Verifies a NTLM v1 LM Response
+ *
+ * @param lm_response       The LM Response buffer
+ * @param lm_key            The NTLMv1 LM Key
+ * @param ext_sec           Whether Extended Security was negotiated
+ * @param server_chal[8]    The Server Challenge
+ * @param client_chal[8]    The Client Challenge
+ *
+ * @return 0 on success, or an error
+ */
+int ntlm_verify_lm_response(struct ntlm_buffer *lm_response,
+                            struct ntlm_key *lm_key, bool ext_sec,
+                            uint8_t server_chal[8], uint8_t client_chal[8]);
+
 /**
  * @brief   Verifies a 16 bit NT Response
  *
diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c
index 4d7b055..0c5d618 100644
--- a/src/ntlm_crypto.c
+++ b/src/ntlm_crypto.c
@@ -579,6 +579,48 @@ static int ntlm_seal_regen(struct ntlm_signseal_handle *h)
     return ret;
 }
 
+int ntlm_verify_nt_response(struct ntlm_buffer *nt_response,
+                            struct ntlm_key *nt_key, bool ext_sec,
+                            uint8_t server_chal[8], uint8_t client_chal[8])
+{
+    uint8_t buf[24];
+    struct ntlm_buffer expected_response = { buf, 24 };
+    int ret;
+
+    ret = ntlm_compute_nt_response(nt_key, ext_sec,
+                                   server_chal, client_chal,
+                                   &expected_response);
+    if (ret) return ret;
+
+    ret = EINVAL;
+    if (memcmp(nt_response->data, expected_response.data, 24) == 0) {
+        ret = 0;
+    }
+
+    return ret;
+}
+
+int ntlm_verify_lm_response(struct ntlm_buffer *lm_response,
+                            struct ntlm_key *lm_key, bool ext_sec,
+                            uint8_t server_chal[8], uint8_t client_chal[8])
+{
+    uint8_t buf[24];
+    struct ntlm_buffer expected_response = { buf, 24 };
+    int ret;
+
+    ret = ntlm_compute_lm_response(lm_key, ext_sec,
+                                   server_chal, client_chal,
+                                   &expected_response);
+    if (ret) return ret;
+
+    ret = EINVAL;
+    if (memcmp(lm_response->data, expected_response.data, 24) == 0) {
+        ret = 0;
+    }
+
+    return ret;
+}
+
 int ntlmv2_verify_nt_response(struct ntlm_buffer *nt_response,
                               struct ntlm_key *ntlmv2_key,
                               uint8_t server_chal[8])
-- 
cgit