summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-07-07 07:00:15 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-07-07 07:00:15 +0000
commit7be19ad10fc30fab199653facd11496170219e1b (patch)
tree2d4e14c153cc19e5bf893b47f28a4e8c4799277c /source3/libsmb
parent1c3c9952210346aff1138a4417ff3ceff3ecd9c3 (diff)
downloadsamba-7be19ad10fc30fab199653facd11496170219e1b.tar.gz
samba-7be19ad10fc30fab199653facd11496170219e1b.tar.bz2
samba-7be19ad10fc30fab199653facd11496170219e1b.zip
Add backend encryption support for NTLMv2.
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing it accross to HEAD. The MD5 implementation is seperatly derived, and does not have the copyright problems that the one in TNG has. Also add const to a few places where it makes sence. Andrew Bartlett (This used to be commit 8df8e841445dfe09fc7a06bb55d12adc3fecb345)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/smbdes.c8
-rw-r--r--source3/libsmb/smbencrypt.c97
2 files changed, 100 insertions, 5 deletions
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 7e8a9a5b89..c5dbbdf99a 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -259,7 +259,7 @@ static void dohash(char *out, char *in, char *key, int forw)
permute(out, rl, perm6, 64);
}
-static void str_to_key(unsigned char *str,unsigned char *key)
+static void str_to_key(const unsigned char *str,unsigned char *key)
{
int i;
@@ -277,7 +277,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
}
-static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
+static void smbhash(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
{
int i;
char outb[64];
@@ -305,14 +305,14 @@ static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, i
}
}
-void E_P16(unsigned char *p14,unsigned char *p16)
+void E_P16(const unsigned char *p14,unsigned char *p16)
{
unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
smbhash(p16, sp8, p14, 1);
smbhash(p16+8, sp8, p14+7, 1);
}
-void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24)
+void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24)
{
smbhash(p24, c8, p21, 1);
smbhash(p24+8, c8, p21+7, 1);
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 4cc8261e66..e7ebd4c000 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -4,6 +4,8 @@
SMB parameters and setup
Copyright (C) Andrew Tridgell 1992-1998
Modified by Jeremy Allison 1995.
+ Copyright (C) Jeremy Allison 1995-2000.
+ Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -83,6 +85,24 @@ static int _my_mbstowcs(int16 *dst, uchar *src, int len)
return i;
}
+static int _my_mbstowcsupper(int16 * dst, const uchar * src, int len)
+{
+ int i;
+ int16 val;
+
+ for (i = 0; i < len; i++)
+ {
+ val = toupper(*src);
+ SSVAL(dst, 0, val);
+ dst++;
+ src++;
+ if (val == 0)
+ break;
+ }
+ return i;
+}
+
+
/*
* Creates the MD4 Hash of the users password in NT UNICODE.
*/
@@ -141,8 +161,36 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
memset(passwd, '\0', sizeof(passwd));
}
+/* Does both the NTLMv2 owfs of a user's password */
+void ntv2_owf_gen(const uchar owf[16],
+ const char *user_n, const char *domain_n, uchar kr_buf[16])
+{
+ pstring user_u;
+ pstring dom_u;
+ HMACMD5Context ctx;
+
+ int user_l = strlen(user_n);
+ int domain_l = strlen(domain_n);
+
+ _my_mbstowcsupper((int16 *) user_u, user_n, user_l * 2);
+ _my_mbstowcsupper((int16 *) dom_u, domain_n, domain_l * 2);
+
+ hmac_md5_init_limK_to_64(owf, 16, &ctx);
+ hmac_md5_update(user_u, user_l * 2, &ctx);
+ hmac_md5_update(dom_u, domain_l * 2, &ctx);
+ hmac_md5_final(kr_buf, &ctx);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
+ dump_data(100, user_u, user_l * 2);
+ dump_data(100, dom_u, domain_l * 2);
+ dump_data(100, owf, 16);
+ dump_data(100, kr_buf, 16);
+#endif
+}
+
/* Does the des encryption from the NT or LM MD4 hash. */
-void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
+void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24])
{
uchar p21[21];
@@ -220,6 +268,53 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
return True;
}
+/* Does the md5 encryption from the NT hash for NTLMv2. */
+void SMBOWFencrypt_ntv2(const uchar kr[16],
+ const uchar * srv_chal, int srv_chal_len,
+ const uchar * cli_chal, int cli_chal_len,
+ char resp_buf[16])
+{
+ HMACMD5Context ctx;
+
+ hmac_md5_init_limK_to_64(kr, 16, &ctx);
+ hmac_md5_update(srv_chal, srv_chal_len, &ctx);
+ hmac_md5_update(cli_chal, cli_chal_len, &ctx);
+ hmac_md5_final(resp_buf, &ctx);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
+ dump_data(100, srv_chal, srv_chal_len);
+ dump_data(100, cli_chal, cli_chal_len);
+ dump_data(100, resp_buf, 16);
+#endif
+}
+
+void SMBsesskeygen_ntv2(const uchar kr[16],
+ const uchar * nt_resp, char sess_key[16])
+{
+ HMACMD5Context ctx;
+
+ hmac_md5_init_limK_to_64(kr, 16, &ctx);
+ hmac_md5_update(nt_resp, 16, &ctx);
+ hmac_md5_final(sess_key, &ctx);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
+ dump_data(100, sess_key, 16);
+#endif
+}
+
+void SMBsesskeygen_ntv1(const uchar kr[16],
+ const uchar * nt_resp, char sess_key[16])
+{
+ mdfour(sess_key, kr, 16);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
+ dump_data(100, sess_key, 16);
+#endif
+}
+
/***********************************************************
encode a password buffer
************************************************************/