Mercurial > pidgin.yaz

comparison src/ntlm.c @ 11375:7e98b3bf2fdf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 13601] ntlm api committer: Tailor Script <tailor@pidgin.im>
author Thomas Butter <tbutter>
date Tue, 30 Aug 2005 18:22:28 +0000
parents
children e2ebebcae270
comparison
equal deleted inserted replaced
11374:6d3d44c60a86 11375:7e98b3bf2fdf
1 /**
2 * @file ntlm.c
3 *
4 * gaim
5 *
6 * Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de>
7 *
8 * hashing done according to description of NTLM on
9 * http://www.innovation.ch/java/ntlm.html
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 */
25
26 #include <glib.h>
27 #include <stdlib.h>
28 #include "util.h"
29 #include "ntlm.h"
30 #include "cipher.h"
31 #include <string.h>
32
33 struct type1_message {
34 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */
35 guint8 type; /* 0x01 */
36 guint8 zero1[3];
37 short flags; /* 0xb203 */
38 guint8 zero2[2];
39
40 short dom_len1; /* domain string length */
41 short dom_len2; /* domain string length */
42 short dom_off; /* domain string offset */
43 guint8 zero3[2];
44
45 short host_len1; /* host string length */
46 short host_len2; /* host string length */
47 short host_off; /* host string offset (always 0x20) */
48 guint8 zero4[2];
49
50 /* guint8 host[*]; // host string (ASCII)
51 guint8 dom[*]; // domain string (ASCII) */
52 };
53
54 struct type2_message {
55 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
56 guint8 type; /* 0x02 */
57 guint8 zero1[7];
58 short msg_len; /* 0x28 */
59 guint8 zero2[2];
60 short flags; /* 0x8201 */
61 guint8 zero3[2];
62
63 guint8 nonce[8]; /* nonce */
64 guint8 zero[8];
65 };
66
67 struct type3_message {
68 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
69 guint8 type; /* 0x03 */
70 guint8 zero1[3];
71
72 short lm_resp_len1; /* LanManager response length (always 0x18)*/
73 short lm_resp_len2; /* LanManager response length (always 0x18)*/
74 short lm_resp_off; /* LanManager response offset */
75 guint8 zero2[2];
76
77 short nt_resp_len1; /* NT response length (always 0x18) */
78 short nt_resp_len2; /* NT response length (always 0x18) */
79 short nt_resp_off; /* NT response offset */
80 guint8 zero3[2];
81
82 short dom_len1; /* domain string length */
83 short dom_len2; /* domain string length */
84 short dom_off; /* domain string offset (always 0x40) */
85 guint8 zero4[2];
86
87 short user_len1; /* username string length */
88 short user_len2; /* username string length */
89 short user_off; /* username string offset */
90 guint8 zero5[2];
91
92 short host_len1; /* host string length */
93 short host_len2; /* host string length */
94 short host_off; /* host string offset */
95 guint8 zero6[6];
96
97 short msg_len; /* message length */
98 guint8 zero7[2];
99
100 short flags; /* 0x8201 */
101 guint8 zero8[2];
102
103 /* guint8 dom[*]; // domain string (unicode UTF-16LE)
104 guint8 user[*]; // username string (unicode UTF-16LE)
105 guint8 host[*]; // host string (unicode UTF-16LE)
106 guint8 lm_resp[*]; // LanManager response
107 guint8 nt_resp[*]; // NT response*/
108 };
109
110 gchar *gaim_ntlm_gen_type1(gchar *hostname, gchar *domain) {
111 char *msg = g_malloc0(sizeof(struct type1_message) + strlen(hostname) + strlen(domain));
112 struct type1_message *tmsg = (struct type1_message*)msg;
113 tmsg->protocol[0] = 'N';
114 tmsg->protocol[1] = 'T';
115 tmsg->protocol[2] = 'L';
116 tmsg->protocol[3] = 'M';
117 tmsg->protocol[4] = 'S';
118 tmsg->protocol[5] = 'S';
119 tmsg->protocol[6] = 'P';
120 tmsg->protocol[7] = '\0';
121 tmsg->type= 0x01;
122 tmsg->flags = 0xb202;
123 tmsg->dom_len1 = tmsg->dom_len2 = strlen(domain);
124 tmsg->dom_off = 32+strlen(hostname);
125 tmsg->host_len1 = tmsg->host_len2 = strlen(hostname);
126 tmsg->host_off= 32;
127 memcpy(msg+sizeof(struct type1_message),hostname,strlen(hostname));
128 memcpy(msg+sizeof(struct type1_message)+strlen(hostname),domain,strlen(domain));
129
130 return gaim_base64_encode(msg, sizeof(struct type1_message) + strlen(hostname) + strlen(domain));
131 }
132
133 gchar *gaim_ntlm_parse_type2(gchar *type2) {
134 int retlen;
135 static gchar nonce[8];
136 struct type2_message *tmsg = (struct type2_message*)gaim_base64_decode(type2, &retlen);
137 memcpy(nonce, tmsg->nonce, 8);
138 g_free(tmsg);
139 return nonce;
140 }
141
142 static void setup_des_key(unsigned char key_56[], char *key)
143 {
144 key[0] = key_56[0];
145 key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
146 key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
147 key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
148 key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
149 key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
150 key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
151 key[7] = (key_56[6] << 1) & 0xFF;
152 }
153
154 /*
155 * helper function for gaim cipher.c
156 */
157 static void des_ecb_encrypt(char *plaintext, char *result, char *key) {
158 GaimCipher *cipher;
159 GaimCipherContext *context;
160 int outlen;
161
162 cipher = gaim_ciphers_find_cipher("des");
163 context = gaim_cipher_context_new(cipher, NULL);
164 gaim_cipher_context_set_key(context, key);
165 gaim_cipher_context_encrypt(context, plaintext, 8, result, &outlen);
166 gaim_cipher_context_destroy(context);
167 }
168
169 /*
170 * takes a 21 byte array and treats it as 3 56-bit DES keys. The
171 * 8 byte plaintext is encrypted with each key and the resulting 24
172 * bytes are stored in the results array.
173 */
174 static void calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
175 {
176 gchar key[8];
177 setup_des_key(keys, key);
178 des_ecb_encrypt(plaintext, results, key);
179
180 setup_des_key(keys+7, key);
181 des_ecb_encrypt(plaintext, (results+8), key);
182
183 setup_des_key(keys+14, key);
184 des_ecb_encrypt(plaintext, (results+16), key);
185 }
186
187 gchar *gaim_ntlm_gen_type3(gchar *username, gchar *passw, gchar *hostname, gchar *domain, gchar *nonce) {
188 char lm_pw[14];
189 unsigned char lm_hpw[21];
190 gchar key[8];
191 struct type3_message *tmsg = g_malloc0(sizeof(struct type3_message)+
192 strlen(domain) + strlen(username) + strlen(hostname) + 24 +24);
193 int len = strlen(passw);
194 unsigned char lm_resp[24], nt_resp[24];
195 unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
196 unsigned char nt_hpw[21];
197 int lennt;
198 char nt_pw[128];
199 GaimCipher *cipher;
200 GaimCipherContext *context;
201 char *tmp = 0;
202 int idx = 0;
203
204 /* type3 message initialization */
205 tmsg->protocol[0] = 'N';
206 tmsg->protocol[1] = 'T';
207 tmsg->protocol[2] = 'L';
208 tmsg->protocol[3] = 'M';
209 tmsg->protocol[4] = 'S';
210 tmsg->protocol[5] = 'S';
211 tmsg->protocol[6] = 'P';
212 tmsg->type = 0x03;
213 tmsg->lm_resp_len1 = tmsg->lm_resp_len2 = 0x18;
214 tmsg->lm_resp_off = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname);
215 tmsg->nt_resp_len1 = tmsg->nt_resp_len2 = 0x18;
216 tmsg->nt_resp_off = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname) + 0x18;
217
218 tmsg->dom_len1 = tmsg->dom_len2 = strlen(domain);
219 tmsg->dom_off = 0x40;
220
221 tmsg->user_len1 = tmsg->user_len2 = strlen(username);
222 tmsg->user_off = sizeof(struct type3_message) + strlen(domain);
223
224 tmsg->host_len1 = tmsg->host_len2 = strlen(hostname);
225 tmsg->host_off = sizeof(struct type3_message) + strlen(domain) + strlen(username);
226
227 tmsg->msg_len = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname) + 0x18 + 0x18;
228 tmsg->flags = 0x8200;
229
230 tmp = ((char*) tmsg) + sizeof(struct type3_message);
231 strcpy(tmp, domain);
232 tmp += strlen(domain);
233 strcpy(tmp, username);
234 tmp += strlen(username);
235 strcpy(tmp, hostname);
236 tmp += strlen(hostname);
237
238 if (len > 14) len = 14;
239
240 for (idx=0; idx<len; idx++)
241 lm_pw[idx] = g_ascii_toupper(passw[idx]);
242 for (; idx<14; idx++)
243 lm_pw[idx] = 0;
244
245 setup_des_key(lm_pw, key);
246 des_ecb_encrypt(magic, lm_hpw, key);
247
248 setup_des_key(lm_pw+7, key);
249 des_ecb_encrypt(magic, lm_hpw+8, key);
250
251 memset(lm_hpw+16, 0, 5);
252
253
254 lennt = strlen(passw);
255 for (idx=0; idx<lennt; idx++)
256 {
257 nt_pw[2*idx] = passw[idx];
258 nt_pw[2*idx+1] = 0;
259 }
260
261 cipher = gaim_ciphers_find_cipher("md4");
262 context = gaim_cipher_context_new(cipher, NULL);
263 gaim_cipher_context_append(context, nt_pw, 2*lennt);
264 gaim_cipher_context_digest(context, 21, nt_hpw, NULL);
265 gaim_cipher_context_destroy(context);
266
267 memset(nt_hpw+16, 0, 5);
268
269
270 calc_resp(lm_hpw, nonce, lm_resp);
271 calc_resp(nt_hpw, nonce, nt_resp);
272 memcpy(tmp, lm_resp, 0x18);
273 memcpy(tmp+0x18, nt_resp, 0x18);
274 tmp = gaim_base64_encode((guchar*) tmsg, tmsg->msg_len);
275 g_free(tmsg);
276 return tmp;
277 }