Mercurial > pidgin
comparison libpurple/ntlm.c @ 15373:5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
author | Sean Egan <seanegan@gmail.com> |
---|---|
date | Sat, 20 Jan 2007 02:32:10 +0000 |
parents | |
children | 32c366eeeb99 |
comparison
equal
deleted
inserted
replaced
15372:f79e0f4df793 | 15373:5fe8042783c1 |
---|---|
1 /** | |
2 * @file ntlm.c | |
3 * | |
4 * gaim | |
5 * | |
6 * Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de> | |
7 * | |
8 * hashing done according to description of NTLM on | |
9 * http://www.innovation.ch/java/ntlm.html | |
10 * | |
11 * This program is free software; you can redistribute it and/or modify | |
12 * it under the terms of the GNU General Public License as published by | |
13 * the Free Software Foundation; either version 2 of the License, or | |
14 * (at your option) any later version. | |
15 * | |
16 * This program is distributed in the hope that it will be useful, | |
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 * GNU General Public License for more details. | |
20 * | |
21 * You should have received a copy of the GNU General Public License | |
22 * along with this program; if not, write to the Free Software | |
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
24 */ | |
25 | |
26 #include <glib.h> | |
27 #include <stdlib.h> | |
28 #include "util.h" | |
29 #include "ntlm.h" | |
30 #include "cipher.h" | |
31 #include <string.h> | |
32 | |
33 #define NTLM_NEGOTIATE_NTLM2_KEY 0x00080000 | |
34 | |
35 struct type1_message { | |
36 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */ | |
37 guint32 type; /* 0x00000001 */ | |
38 guint32 flags; /* 0x0000b203 */ | |
39 | |
40 short dom_len1; /* domain string length */ | |
41 short dom_len2; /* domain string length */ | |
42 guint32 dom_off; /* domain string offset */ | |
43 | |
44 short host_len1; /* host string length */ | |
45 short host_len2; /* host string length */ | |
46 guint32 host_off; /* host string offset (always 0x00000020) */ | |
47 | |
48 #if 0 | |
49 guint8 host[*]; /* host string (ASCII) */ | |
50 guint8 dom[*]; /* domain string (ASCII) */ | |
51 #endif | |
52 }; | |
53 | |
54 struct type2_message { | |
55 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/ | |
56 guint32 type; /* 0x00000002 */ | |
57 | |
58 short msg_len1; /* target name length */ | |
59 short msg_len2; /* target name length */ | |
60 guint32 msg_off; /* target name offset (always 0x00000048) */ | |
61 | |
62 guint32 flags; /* 0x00008201 */ | |
63 | |
64 guint8 nonce[8]; /* nonce */ | |
65 guint8 context[8]; | |
66 }; | |
67 | |
68 struct type3_message { | |
69 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/ | |
70 guint32 type; /* 0x00000003 */ | |
71 | |
72 short lm_resp_len1; /* LanManager response length (always 0x18)*/ | |
73 short lm_resp_len2; /* LanManager response length (always 0x18)*/ | |
74 guint32 lm_resp_off; /* LanManager response offset */ | |
75 | |
76 short nt_resp_len1; /* NT response length (always 0x18) */ | |
77 short nt_resp_len2; /* NT response length (always 0x18) */ | |
78 guint32 nt_resp_off; /* NT response offset */ | |
79 | |
80 short dom_len1; /* domain string length */ | |
81 short dom_len2; /* domain string length */ | |
82 guint32 dom_off; /* domain string offset (always 0x00000040) */ | |
83 | |
84 short user_len1; /* username string length */ | |
85 short user_len2; /* username string length */ | |
86 guint32 user_off; /* username string offset */ | |
87 | |
88 short host_len1; /* host string length */ | |
89 short host_len2; /* host string length */ | |
90 guint32 host_off; /* host string offset */ | |
91 | |
92 short sess_len1; | |
93 short sess_len2; | |
94 guint32 sess_off; /* message length */ | |
95 | |
96 guint32 flags; /* 0x00008201 */ | |
97 /* guint32 flags2; */ /* unknown, used in windows messenger */ | |
98 /* guint32 flags3; */ | |
99 | |
100 #if 0 | |
101 guint8 dom[*]; /* domain string (unicode UTF-16LE) */ | |
102 guint8 user[*]; /* username string (unicode UTF-16LE) */ | |
103 guint8 host[*]; /* host string (unicode UTF-16LE) */ | |
104 guint8 lm_resp[*]; /* LanManager response */ | |
105 guint8 nt_resp[*]; /* NT response */ | |
106 #endif | |
107 }; | |
108 | |
109 /* TODO: Will this work on both little-endian and big-endian machines? */ | |
110 gchar * | |
111 gaim_ntlm_gen_type1(const gchar *hostname, const gchar *domain) | |
112 { | |
113 int hostnamelen; | |
114 int domainlen; | |
115 unsigned char *msg; | |
116 struct type1_message *tmsg; | |
117 gchar *tmp; | |
118 | |
119 hostnamelen = strlen(hostname); | |
120 domainlen = strlen(domain); | |
121 msg = g_malloc0(sizeof(struct type1_message) + hostnamelen + domainlen); | |
122 tmsg = (struct type1_message*)msg; | |
123 tmsg->protocol[0] = 'N'; | |
124 tmsg->protocol[1] = 'T'; | |
125 tmsg->protocol[2] = 'L'; | |
126 tmsg->protocol[3] = 'M'; | |
127 tmsg->protocol[4] = 'S'; | |
128 tmsg->protocol[5] = 'S'; | |
129 tmsg->protocol[6] = 'P'; | |
130 tmsg->protocol[7] = '\0'; | |
131 tmsg->type = 0x00000001; | |
132 tmsg->flags = 0x0000b202; | |
133 tmsg->dom_len1 = tmsg->dom_len2 = domainlen; | |
134 tmsg->dom_off = sizeof(struct type1_message) + hostnamelen; | |
135 tmsg->host_len1 = tmsg->host_len2 = hostnamelen; | |
136 tmsg->host_off = sizeof(struct type1_message); | |
137 memcpy(msg + tmsg->host_off, hostname, hostnamelen); | |
138 memcpy(msg + tmsg->dom_off, domain, domainlen); | |
139 | |
140 tmp = gaim_base64_encode(msg, sizeof(struct type1_message) + hostnamelen + domainlen); | |
141 g_free(msg); | |
142 | |
143 return tmp; | |
144 } | |
145 | |
146 guint8 * | |
147 gaim_ntlm_parse_type2(const gchar *type2, guint32 *flags) | |
148 { | |
149 gsize retlen; | |
150 struct type2_message *tmsg; | |
151 static guint8 nonce[8]; | |
152 | |
153 tmsg = (struct type2_message*)gaim_base64_decode(type2, &retlen); | |
154 memcpy(nonce, tmsg->nonce, 8); | |
155 if (flags != NULL) | |
156 *flags = tmsg->flags; | |
157 g_free(tmsg); | |
158 | |
159 return nonce; | |
160 } | |
161 | |
162 /** | |
163 * Create a 64bit DES key by taking a 56bit key and adding | |
164 * a parity bit after every 7th bit. | |
165 */ | |
166 static void | |
167 setup_des_key(const guint8 key_56[], guint8 *key) | |
168 { | |
169 key[0] = key_56[0]; | |
170 key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); | |
171 key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); | |
172 key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); | |
173 key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); | |
174 key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); | |
175 key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); | |
176 key[7] = (key_56[6] << 1) & 0xFF; | |
177 } | |
178 | |
179 /* | |
180 * helper function for gaim cipher.c | |
181 */ | |
182 static void | |
183 des_ecb_encrypt(const guint8 *plaintext, guint8 *result, const guint8 *key) | |
184 { | |
185 GaimCipher *cipher; | |
186 GaimCipherContext *context; | |
187 gsize outlen; | |
188 | |
189 cipher = gaim_ciphers_find_cipher("des"); | |
190 context = gaim_cipher_context_new(cipher, NULL); | |
191 gaim_cipher_context_set_key(context, key); | |
192 gaim_cipher_context_encrypt(context, plaintext, 8, result, &outlen); | |
193 gaim_cipher_context_destroy(context); | |
194 } | |
195 | |
196 /* | |
197 * takes a 21 byte array and treats it as 3 56-bit DES keys. The | |
198 * 8 byte plaintext is encrypted with each key and the resulting 24 | |
199 * bytes are stored in the results array. | |
200 */ | |
201 static void | |
202 calc_resp(guint8 *keys, const guint8 *plaintext, unsigned char *results) | |
203 { | |
204 guint8 key[8]; | |
205 setup_des_key(keys, key); | |
206 des_ecb_encrypt(plaintext, results, key); | |
207 | |
208 setup_des_key(keys + 7, key); | |
209 des_ecb_encrypt(plaintext, results + 8, key); | |
210 | |
211 setup_des_key(keys + 14, key); | |
212 des_ecb_encrypt(plaintext, results + 16, key); | |
213 } | |
214 | |
215 static void | |
216 gensesskey(char *buffer, const char *oldkey) | |
217 { | |
218 int i = 0; | |
219 if(oldkey == NULL) { | |
220 for(i=0; i<16; i++) { | |
221 buffer[i] = (char)(rand() & 0xff); | |
222 } | |
223 } else { | |
224 memcpy(buffer, oldkey, 16); | |
225 } | |
226 } | |
227 | |
228 gchar * | |
229 gaim_ntlm_gen_type3(const gchar *username, const gchar *passw, const gchar *hostname, const gchar *domain, const guint8 *nonce, guint32 *flags) | |
230 { | |
231 char lm_pw[14]; | |
232 unsigned char lm_hpw[21]; | |
233 char sesskey[16]; | |
234 guint8 key[8]; | |
235 int domainlen; | |
236 int usernamelen; | |
237 int hostnamelen; | |
238 int msglen; | |
239 struct type3_message *tmsg; | |
240 int passwlen, lennt; | |
241 unsigned char lm_resp[24], nt_resp[24]; | |
242 unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; | |
243 unsigned char nt_hpw[21]; | |
244 char nt_pw[128]; | |
245 GaimCipher *cipher; | |
246 GaimCipherContext *context; | |
247 char *tmp; | |
248 int idx; | |
249 gchar *ucs2le; | |
250 | |
251 domainlen = strlen(domain) * 2; | |
252 usernamelen = strlen(username) * 2; | |
253 hostnamelen = strlen(hostname) * 2; | |
254 msglen = sizeof(struct type3_message) + domainlen + | |
255 usernamelen + hostnamelen + 0x18 + 0x18 + ((flags) ? 0x10 : 0); | |
256 tmsg = g_malloc0(msglen); | |
257 passwlen = strlen(passw); | |
258 | |
259 /* type3 message initialization */ | |
260 tmsg->protocol[0] = 'N'; | |
261 tmsg->protocol[1] = 'T'; | |
262 tmsg->protocol[2] = 'L'; | |
263 tmsg->protocol[3] = 'M'; | |
264 tmsg->protocol[4] = 'S'; | |
265 tmsg->protocol[5] = 'S'; | |
266 tmsg->protocol[6] = 'P'; | |
267 tmsg->type = 0x00000003; | |
268 tmsg->lm_resp_len1 = tmsg->lm_resp_len2 = 0x18; | |
269 tmsg->lm_resp_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen; | |
270 tmsg->nt_resp_len1 = tmsg->nt_resp_len2 = 0x18; | |
271 tmsg->nt_resp_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18; | |
272 | |
273 tmsg->dom_len1 = tmsg->dom_len2 = domainlen; | |
274 tmsg->dom_off = sizeof(struct type3_message); | |
275 | |
276 tmsg->user_len1 = tmsg->user_len2 = usernamelen; | |
277 tmsg->user_off = sizeof(struct type3_message) + domainlen; | |
278 | |
279 tmsg->host_len1 = tmsg->host_len2 = hostnamelen; | |
280 tmsg->host_off = sizeof(struct type3_message) + domainlen + usernamelen; | |
281 | |
282 if(flags) { | |
283 tmsg->sess_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18 + 0x18; | |
284 tmsg->sess_len1 = tmsg->sess_len2 = 0x0010; | |
285 } | |
286 | |
287 tmsg->flags = 0x00008200; | |
288 | |
289 tmp = (char *)tmsg + sizeof(struct type3_message); | |
290 | |
291 ucs2le = g_convert(domain, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL); | |
292 memcpy(tmp, ucs2le, domainlen); | |
293 g_free(ucs2le); | |
294 tmp += domainlen; | |
295 | |
296 ucs2le = g_convert(username, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL); | |
297 memcpy(tmp, ucs2le, usernamelen); | |
298 g_free(ucs2le); | |
299 tmp += usernamelen; | |
300 | |
301 ucs2le = g_convert(hostname, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL); | |
302 memcpy(tmp, ucs2le, hostnamelen); | |
303 g_free(ucs2le); | |
304 tmp += hostnamelen; | |
305 | |
306 /* LM */ | |
307 if (passwlen > 14) | |
308 passwlen = 14; | |
309 | |
310 for (idx = 0; idx < passwlen; idx++) | |
311 lm_pw[idx] = g_ascii_toupper(passw[idx]); | |
312 for (; idx < 14; idx++) | |
313 lm_pw[idx] = 0; | |
314 | |
315 setup_des_key((unsigned char*)lm_pw, key); | |
316 des_ecb_encrypt(magic, lm_hpw, key); | |
317 | |
318 setup_des_key((unsigned char*)(lm_pw + 7), key); | |
319 des_ecb_encrypt(magic, lm_hpw + 8, key); | |
320 | |
321 memset(lm_hpw + 16, 0, 5); | |
322 calc_resp(lm_hpw, nonce, lm_resp); | |
323 memcpy(tmp, lm_resp, 0x18); | |
324 tmp += 0x18; | |
325 | |
326 /* NTLM */ | |
327 /* Convert the password to UCS-2LE */ | |
328 lennt = strlen(passw); | |
329 for (idx = 0; idx < lennt; idx++) | |
330 { | |
331 nt_pw[2 * idx] = passw[idx]; | |
332 nt_pw[2 * idx + 1] = 0; | |
333 } | |
334 | |
335 cipher = gaim_ciphers_find_cipher("md4"); | |
336 context = gaim_cipher_context_new(cipher, NULL); | |
337 gaim_cipher_context_append(context, (guint8 *)nt_pw, 2 * lennt); | |
338 gaim_cipher_context_digest(context, 21, nt_hpw, NULL); | |
339 gaim_cipher_context_destroy(context); | |
340 | |
341 memset(nt_hpw + 16, 0, 5); | |
342 calc_resp(nt_hpw, nonce, nt_resp); | |
343 memcpy(tmp, nt_resp, 0x18); | |
344 tmp += 0x18; | |
345 | |
346 /* LCS Stuff */ | |
347 if (flags) { | |
348 tmsg->flags = 0x409082d4; | |
349 gensesskey(sesskey, NULL); | |
350 memcpy(tmp, sesskey, 0x10); | |
351 } | |
352 | |
353 /*tmsg->flags2 = 0x0a280105; | |
354 tmsg->flags3 = 0x0f000000;*/ | |
355 | |
356 tmp = gaim_base64_encode((guchar *)tmsg, msglen); | |
357 g_free(tmsg); | |
358 | |
359 return tmp; | |
360 } |