1
/*
2
 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in the
17
 *    documentation and/or other materials provided with the distribution.
18
 *
19
 * 3. Neither the name of the Institute nor the names of its contributors
20
 *    may be used to endorse or promote products derived from this software
21
 *    without specific prior written permission.
22
 *
23
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33
 * SUCH DAMAGE.
34
 */
35

36
#include <config.h>
37

38
#include <stdio.h>
39
#include <stdlib.h>
40
#include <assert.h>
41
#include <string.h>
42
#include <ctype.h>
43
#include <errno.h>
44
#include <limits.h>
45

46
#include <roken.h>
47
#include <parse_units.h>
48
#include <krb5.h>
49

50
#define HC_DEPRECATED_CRYPTO
51

52
#include "krb5-types.h"
53
#include "crypto-headers.h"
54

55
#include <heimntlm.h>
56

57
/*! \mainpage Heimdal NTLM library
58
 *
59
 * \section intro Introduction
60
 *
61
 * Heimdal libheimntlm library is a implementation of the NTLM
62
 * protocol, both version 1 and 2. The GSS-API mech that uses this
63
 * library adds support for transport encryption and integrity
64
 * checking.
65
 *
66
 * NTLM is a protocol for mutual authentication, its still used in
67
 * many protocol where Kerberos is not support, one example is
68
 * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
69
 *
70
 * This is a support library for the core protocol, its used in
71
 * Heimdal to implement and GSS-API mechanism. There is also support
72
 * in the KDC to do remote digest authenticiation, this to allow
73
 * services to authenticate users w/o direct access to the users ntlm
74
 * hashes (same as Kerberos arcfour enctype keys).
75
 *
76
 * More information about the NTLM protocol can found here
77
 * http://davenport.sourceforge.net/ntlm.html .
78
 *
79
 * The Heimdal projects web page: http://www.h5l.org/
80
 *
81
 * @section ntlm_example NTLM Example
82
 *
83
 * Example to to use @ref test_ntlm.c .
84
 *
85
 * @example test_ntlm.c
86
 *
87
 * Example how to use the NTLM primitives.
88
 *
89
 */
90

91
/** @defgroup ntlm_core Heimdal NTLM library
92
 *
93
 * The NTLM core functions implement the string2key generation
94
 * function, message encode and decode function, and the hash function
95
 * functions.
96
 */
97

98
struct sec_buffer {
99
    uint16_t length;
100
    uint16_t allocated;
101
    uint32_t offset;
102
};
103

104
static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
105

106
/*
107
 *
108
 */
109

110
#define CHECK(f, e)							\
111
    do {								\
112
	ret = f;							\
113
	if (ret != (ssize_t)(e)) {					\
114
	    ret = HNTLM_ERR_DECODE;					\
115
	    goto out;							\
116
	}								\
117
    } while(/*CONSTCOND*/0)
118

119
static struct units ntlm_flag_units[] = {
120
#define ntlm_flag(x) { #x, NTLM_##x }
121
    ntlm_flag(ENC_56),
122
    ntlm_flag(NEG_KEYEX),
123
    ntlm_flag(ENC_128),
124
    ntlm_flag(MBZ1),
125
    ntlm_flag(MBZ2),
126
    ntlm_flag(MBZ3),
127
    ntlm_flag(NEG_VERSION),
128
    ntlm_flag(MBZ4),
129
    ntlm_flag(NEG_TARGET_INFO),
130
    ntlm_flag(NON_NT_SESSION_KEY),
131
    ntlm_flag(MBZ5),
132
    ntlm_flag(NEG_IDENTIFY),
133
    ntlm_flag(NEG_NTLM2),
134
    ntlm_flag(TARGET_SHARE),
135
    ntlm_flag(TARGET_SERVER),
136
    ntlm_flag(TARGET_DOMAIN),
137
    ntlm_flag(NEG_ALWAYS_SIGN),
138
    ntlm_flag(MBZ6),
139
    ntlm_flag(OEM_SUPPLIED_WORKSTATION),
140
    ntlm_flag(OEM_SUPPLIED_DOMAIN),
141
    ntlm_flag(NEG_ANONYMOUS),
142
    ntlm_flag(NEG_NT_ONLY),
143
    ntlm_flag(NEG_NTLM),
144
    ntlm_flag(MBZ8),
145
    ntlm_flag(NEG_LM_KEY),
146
    ntlm_flag(NEG_DATAGRAM),
147
    ntlm_flag(NEG_SEAL),
148
    ntlm_flag(NEG_SIGN),
149
    ntlm_flag(MBZ9),
150
    ntlm_flag(NEG_TARGET),
151
    ntlm_flag(NEG_OEM),
152
    ntlm_flag(NEG_UNICODE),
153
#undef ntlm_flag
154
    {NULL, 0}
155
};
156

157
size_t
158
heim_ntlm_unparse_flags(uint32_t flags, char *s, size_t len)
159
{
160
    return unparse_flags(flags, ntlm_flag_units, s, len);
161
}
162

163

164
/**
165
 * heim_ntlm_free_buf frees the ntlm buffer
166
 *
167
 * @param p buffer to be freed
168
 *
169
 * @ingroup ntlm_core
170
 */
171

172
void
173
heim_ntlm_free_buf(struct ntlm_buf *p)
174
{
175
    if (p->data)
176
	free(p->data);
177
    p->data = NULL;
178
    p->length = 0;
179
}
180

181

182
static int
183
ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
184
{
185
    unsigned char *p;
186
    size_t len, i;
187

188
    len = strlen(string);
189
    if (len / 2 > UINT_MAX)
190
	return ERANGE;
191

192
    buf->length = len * 2;
193
    buf->data = malloc(buf->length);
194
    if (buf->data == NULL && len != 0) {
195
	heim_ntlm_free_buf(buf);
196
	return ENOMEM;
197
    }
198

199
    p = buf->data;
200
    for (i = 0; i < len; i++) {
201
	unsigned char t = (unsigned char)string[i];
202
	if (t & 0x80) {
203
	    heim_ntlm_free_buf(buf);
204
	    return EINVAL;
205
	}
206
	if (up)
207
	    t = toupper(t);
208
	p[(i * 2) + 0] = t;
209
	p[(i * 2) + 1] = 0;
210
    }
211
    return 0;
212
}
213

214
/*
215
 *
216
 */
217

218
static krb5_error_code
219
ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
220
{
221
    krb5_error_code ret;
222
    CHECK(krb5_ret_uint16(sp, &buf->length), 0);
223
    CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
224
    CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
225
out:
226
    return ret;
227
}
228

229
static krb5_error_code
230
store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
231
{
232
    krb5_error_code ret;
233
    CHECK(krb5_store_uint16(sp, buf->length), 0);
234
    CHECK(krb5_store_uint16(sp, buf->allocated), 0);
235
    CHECK(krb5_store_uint32(sp, buf->offset), 0);
236
out:
237
    return ret;
238
}
239

240
/*
241
 * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
242
 * wire, but using utf8 in memory.
243
 */
244

245
static krb5_error_code
246
len_string(int ucs2, const char *s)
247
{
248
    size_t len = strlen(s);
249
    if (ucs2)
250
	len *= 2;
251
    return len;
252
}
253

254
/*
255
 *
256
 */
257

258
static krb5_error_code
259
ret_string(krb5_storage *sp, int ucs2, size_t len, char **s)
260
{
261
    krb5_error_code ret;
262

263
    *s = malloc(len + 1);
264
    if (*s == NULL)
265
	return ENOMEM;
266
    CHECK(krb5_storage_read(sp, *s, len), len);
267

268
    (*s)[len] = '\0';
269

270
    if (ucs2) {
271
	size_t i;
272
	for (i = 0; i < len / 2; i++) {
273
	    (*s)[i] = (*s)[i * 2];
274
	    if ((*s)[i * 2 + 1]) {
275
		free(*s);
276
		*s = NULL;
277
		return EINVAL;
278
	    }
279
	}
280
	(*s)[i] = '\0';
281
    }
282
    ret = 0;
283
 out:
284
    return ret;
285
}
286

287

288

289
static krb5_error_code
290
ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
291
{
292
    krb5_error_code ret = 0;
293
    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
294
    CHECK(ret_string(sp, ucs2, desc->length, s), 0);
295
 out:
296
    return ret;
297
}
298

299
static krb5_error_code
300
put_string(krb5_storage *sp, int ucs2, const char *s)
301
{
302
    krb5_error_code ret;
303
    struct ntlm_buf buf;
304

305
    if (ucs2) {
306
	ret = ascii2ucs2le(s, 0, &buf);
307
	if (ret)
308
	    return ret;
309
    } else {
310
	buf.data = rk_UNCONST(s);
311
	buf.length = strlen(s);
312
    }
313

314
    CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
315
    if (ucs2)
316
	heim_ntlm_free_buf(&buf);
317
    ret = 0;
318
out:
319
    return ret;
320
}
321

322
/*
323
 *
324
 */
325

326
static krb5_error_code
327
ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
328
{
329
    krb5_error_code ret;
330

331
    buf->data = malloc(desc->length);
332
    buf->length = desc->length;
333
    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
334
    CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
335
    ret = 0;
336
out:
337
    return ret;
338
}
339

340
static krb5_error_code
341
put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
342
{
343
    krb5_error_code ret;
344
    CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
345
    ret = 0;
346
out:
347
    return ret;
348
}
349

350
/**
351
 * Frees the ntlm_targetinfo message
352
 *
353
 * @param ti targetinfo to be freed
354
 *
355
 * @ingroup ntlm_core
356
 */
357

358
void
359
heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
360
{
361
    free(ti->servername);
362
    free(ti->domainname);
363
    free(ti->dnsdomainname);
364
    free(ti->dnsservername);
365
    free(ti->dnstreename);
366
    memset(ti, 0, sizeof(*ti));
367
}
368

369
static int
370
encode_ti_string(krb5_storage *out, uint16_t type, int ucs2, char *s)
371
{
372
    krb5_error_code ret;
373
    CHECK(krb5_store_uint16(out, type), 0);
374
    CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
375
    CHECK(put_string(out, ucs2, s), 0);
376
out:
377
    return ret;
378
}
379

380
/**
381
 * Encodes a ntlm_targetinfo message.
382
 *
383
 * @param ti the ntlm_targetinfo message to encode.
384
 * @param ucs2 ignored
385
 * @param data is the return buffer with the encoded message, should be
386
 * freed with heim_ntlm_free_buf().
387
 *
388
 * @return In case of success 0 is return, an errors, a errno in what
389
 * went wrong.
390
 *
391
 * @ingroup ntlm_core
392
 */
393

394
int
395
heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
396
			    int ucs2,
397
			    struct ntlm_buf *data)
398
{
399
    krb5_error_code ret;
400
    krb5_storage *out;
401

402
    data->data = NULL;
403
    data->length = 0;
404

405
    out = krb5_storage_emem();
406
    if (out == NULL)
407
	return ENOMEM;
408

409
    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
410

411
    if (ti->servername)
412
	CHECK(encode_ti_string(out, 1, ucs2, ti->servername), 0);
413
    if (ti->domainname)
414
	CHECK(encode_ti_string(out, 2, ucs2, ti->domainname), 0);
415
    if (ti->dnsservername)
416
	CHECK(encode_ti_string(out, 3, ucs2, ti->dnsservername), 0);
417
    if (ti->dnsdomainname)
418
	CHECK(encode_ti_string(out, 4, ucs2, ti->dnsdomainname), 0);
419
    if (ti->dnstreename)
420
	CHECK(encode_ti_string(out, 5, ucs2, ti->dnstreename), 0);
421
    if (ti->avflags) {
422
	CHECK(krb5_store_uint16(out, 6), 0);
423
	CHECK(krb5_store_uint16(out, 4), 0);
424
	CHECK(krb5_store_uint32(out, ti->avflags), 0);
425
    }
426

427
    /* end tag */
428
    CHECK(krb5_store_int16(out, 0), 0);
429
    CHECK(krb5_store_int16(out, 0), 0);
430

431
    {
432
	krb5_data d;
433
	ret = krb5_storage_to_data(out, &d);
434
	data->data = d.data;
435
	data->length = d.length;
436
    }
437
out:
438
    krb5_storage_free(out);
439
    return ret;
440
}
441

442
/**
443
 * Decodes an NTLM targetinfo message
444
 *
445
 * @param data input data buffer with the encode NTLM targetinfo message
446
 * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
447
 * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
448
 *
449
 * @return In case of success 0 is return, an errors, a errno in what
450
 * went wrong.
451
 *
452
 * @ingroup ntlm_core
453
 */
454

455
int
456
heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
457
			    int ucs2,
458
			    struct ntlm_targetinfo *ti)
459
{
460
    uint16_t type, len;
461
    krb5_storage *in;
462
    int ret = 0, done = 0;
463

464
    memset(ti, 0, sizeof(*ti));
465

466
    if (data->length == 0)
467
	return 0;
468

469
    in = krb5_storage_from_readonly_mem(data->data, data->length);
470
    if (in == NULL)
471
	return ENOMEM;
472
    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
473

474
    while (!done) {
475
	CHECK(krb5_ret_uint16(in, &type), 0);
476
	CHECK(krb5_ret_uint16(in, &len), 0);
477

478
	switch (type) {
479
	case 0:
480
	    done = 1;
481
	    break;
482
	case 1:
483
	    CHECK(ret_string(in, ucs2, len, &ti->servername), 0);
484
	    break;
485
	case 2:
486
	    CHECK(ret_string(in, ucs2, len, &ti->domainname), 0);
487
	    break;
488
	case 3:
489
	    CHECK(ret_string(in, ucs2, len, &ti->dnsservername), 0);
490
	    break;
491
	case 4:
492
	    CHECK(ret_string(in, ucs2, len, &ti->dnsdomainname), 0);
493
	    break;
494
	case 5:
495
	    CHECK(ret_string(in, ucs2, len, &ti->dnstreename), 0);
496
	    break;
497
	case 6:
498
	    CHECK(krb5_ret_uint32(in, &ti->avflags), 0);
499
	    break;
500
	default:
501
	    krb5_storage_seek(in, len, SEEK_CUR);
502
	    break;
503
	}
504
    }
505
 out:
506
    if (in)
507
	krb5_storage_free(in);
508
    return ret;
509
}
510

511
/**
512
 * Frees the ntlm_type1 message
513
 *
514
 * @param data message to be freed
515
 *
516
 * @ingroup ntlm_core
517
 */
518

519
void
520
heim_ntlm_free_type1(struct ntlm_type1 *data)
521
{
522
    if (data->domain)
523
	free(data->domain);
524
    if (data->hostname)
525
	free(data->hostname);
526
    memset(data, 0, sizeof(*data));
527
}
528

529
int
530
heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
531
{
532
    krb5_error_code ret;
533
    unsigned char sig[8];
534
    uint32_t type;
535
    struct sec_buffer domain, hostname;
536
    krb5_storage *in;
537

538
    memset(data, 0, sizeof(*data));
539

540
    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
541
    if (in == NULL) {
542
	ret = ENOMEM;
543
	goto out;
544
    }
545
    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
546

547
    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
548
    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
549
    CHECK(krb5_ret_uint32(in, &type), 0);
550
    CHECK(type, 1);
551
    CHECK(krb5_ret_uint32(in, &data->flags), 0);
552
    if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
553
	CHECK(ret_sec_buffer(in, &domain), 0);
554
    if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION)
555
	CHECK(ret_sec_buffer(in, &hostname), 0);
556
#if 0
557
    if (domain.offset > 32) {
558
	CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
559
	CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
560
    }
561
#endif
562
    if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
563
	CHECK(ret_sec_string(in, 0, &domain, &data->domain), 0);
564
    if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION)
565
	CHECK(ret_sec_string(in, 0, &hostname, &data->hostname), 0);
566

567
out:
568
    if (in)
569
	krb5_storage_free(in);
570
    if (ret)
571
	heim_ntlm_free_type1(data);
572

573
    return ret;
574
}
575

576
/**
577
 * Encodes an ntlm_type1 message.
578
 *
579
 * @param type1 the ntlm_type1 message to encode.
580
 * @param data is the return buffer with the encoded message, should be
581
 * freed with heim_ntlm_free_buf().
582
 *
583
 * @return In case of success 0 is return, an errors, a errno in what
584
 * went wrong.
585
 *
586
 * @ingroup ntlm_core
587
 */
588

589
int
590
heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
591
{
592
    krb5_error_code ret;
593
    struct sec_buffer domain, hostname;
594
    krb5_storage *out;
595
    uint32_t base, flags;
596

597
    flags = type1->flags;
598
    base = 16;
599

600
    if (type1->domain) {
601
	base += 8;
602
	flags |= NTLM_OEM_SUPPLIED_DOMAIN;
603
    }
604
    if (type1->hostname) {
605
	base += 8;
606
	flags |= NTLM_OEM_SUPPLIED_WORKSTATION;
607
    }
608
    if (type1->os[0])
609
	base += 8;
610

611
    domain.offset = base;
612
    if (type1->domain) {
613
	domain.length = len_string(0, type1->domain);
614
	domain.allocated = domain.length;
615
    } else {
616
	domain.length = 0;
617
	domain.allocated = 0;
618
    }
619

620
    hostname.offset = domain.allocated + domain.offset;
621
    if (type1->hostname) {
622
	hostname.length = len_string(0, type1->hostname);
623
	hostname.allocated = hostname.length;
624
    } else {
625
	hostname.length = 0;
626
	hostname.allocated = 0;
627
    }
628

629
    out = krb5_storage_emem();
630
    if (out == NULL)
631
	return ENOMEM;
632

633
    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
634
    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
635
	  sizeof(ntlmsigature));
636
    CHECK(krb5_store_uint32(out, 1), 0);
637
    CHECK(krb5_store_uint32(out, flags), 0);
638

639
    CHECK(store_sec_buffer(out, &domain), 0);
640
    CHECK(store_sec_buffer(out, &hostname), 0);
641
#if 0
642
	CHECK(krb5_store_uint32(out, type1->os[0]), 0);
643
	CHECK(krb5_store_uint32(out, type1->os[1]), 0);
644
#endif
645
    if (type1->domain)
646
	CHECK(put_string(out, 0, type1->domain), 0);
647
    if (type1->hostname)
648
	CHECK(put_string(out, 0, type1->hostname), 0);
649

650
    {
651
	krb5_data d;
652
	ret = krb5_storage_to_data(out, &d);
653
	data->data = d.data;
654
	data->length = d.length;
655
    }
656
out:
657
    krb5_storage_free(out);
658

659
    return ret;
660
}
661

662
/**
663
 * Frees the ntlm_type2 message
664
 *
665
 * @param data message to be freed
666
 *
667
 * @ingroup ntlm_core
668
 */
669

670
void
671
heim_ntlm_free_type2(struct ntlm_type2 *data)
672
{
673
    if (data->targetname)
674
	free(data->targetname);
675
    heim_ntlm_free_buf(&data->targetinfo);
676
    memset(data, 0, sizeof(*data));
677
}
678

679
int
680
heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
681
{
682
    krb5_error_code ret;
683
    unsigned char sig[8];
684
    uint32_t type, ctx[2];
685
    struct sec_buffer targetname, targetinfo;
686
    krb5_storage *in;
687
    int ucs2 = 0;
688

689
    memset(type2, 0, sizeof(*type2));
690

691
    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
692
    if (in == NULL) {
693
	ret = ENOMEM;
694
	goto out;
695
    }
696
    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
697

698
    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
699
    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
700
    CHECK(krb5_ret_uint32(in, &type), 0);
701
    CHECK(type, 2);
702

703
    CHECK(ret_sec_buffer(in, &targetname), 0);
704
    CHECK(krb5_ret_uint32(in, &type2->flags), 0);
705
    if (type2->flags & NTLM_NEG_UNICODE)
706
	ucs2 = 1;
707
    CHECK(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)),
708
	  sizeof(type2->challenge));
709
    CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
710
    CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
711
    CHECK(ret_sec_buffer(in, &targetinfo), 0);
712
    /* os version */
713
    if (type2->flags & NTLM_NEG_VERSION) {
714
	CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
715
	CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
716
    }
717

718
    CHECK(ret_sec_string(in, ucs2, &targetname, &type2->targetname), 0);
719
    CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
720
    ret = 0;
721

722
out:
723
    if (in)
724
	krb5_storage_free(in);
725
    if (ret)
726
	heim_ntlm_free_type2(type2);
727

728
    return ret;
729
}
730

731
/**
732
 * Encodes an ntlm_type2 message.
733
 *
734
 * @param type2 the ntlm_type2 message to encode.
735
 * @param data is the return buffer with the encoded message, should be
736
 * freed with heim_ntlm_free_buf().
737
 *
738
 * @return In case of success 0 is return, an errors, a errno in what
739
 * went wrong.
740
 *
741
 * @ingroup ntlm_core
742
 */
743

744
int
745
heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
746
{
747
    struct sec_buffer targetname, targetinfo;
748
    krb5_error_code ret;
749
    krb5_storage *out = NULL;
750
    uint32_t base;
751
    int ucs2 = 0;
752

753
    base = 48;
754

755
    if (type2->flags & NTLM_NEG_VERSION)
756
	base += 8;
757

758
    if (type2->flags & NTLM_NEG_UNICODE)
759
	ucs2 = 1;
760

761
    targetname.offset = base;
762
    targetname.length = len_string(ucs2, type2->targetname);
763
    targetname.allocated = targetname.length;
764

765
    targetinfo.offset = targetname.allocated + targetname.offset;
766
    targetinfo.length = type2->targetinfo.length;
767
    targetinfo.allocated = type2->targetinfo.length;
768

769
    out = krb5_storage_emem();
770
    if (out == NULL)
771
	return ENOMEM;
772

773
    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
774
    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
775
	  sizeof(ntlmsigature));
776
    CHECK(krb5_store_uint32(out, 2), 0);
777
    CHECK(store_sec_buffer(out, &targetname), 0);
778
    CHECK(krb5_store_uint32(out, type2->flags), 0);
779
    CHECK(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)),
780
	  sizeof(type2->challenge));
781
    CHECK(krb5_store_uint32(out, 0), 0); /* context */
782
    CHECK(krb5_store_uint32(out, 0), 0);
783
    CHECK(store_sec_buffer(out, &targetinfo), 0);
784
    /* os version */
785
    if (type2->flags & NTLM_NEG_VERSION) {
786
	CHECK(krb5_store_uint32(out, type2->os[0]), 0);
787
	CHECK(krb5_store_uint32(out, type2->os[1]), 0);
788
    }
789
    CHECK(put_string(out, ucs2, type2->targetname), 0);
790
    CHECK(krb5_storage_write(out, type2->targetinfo.data,
791
			     type2->targetinfo.length),
792
	  type2->targetinfo.length);
793

794
    {
795
	krb5_data d;
796
	ret = krb5_storage_to_data(out, &d);
797
	data->data = d.data;
798
	data->length = d.length;
799
    }
800

801
out:
802
    krb5_storage_free(out);
803

804
    return ret;
805
}
806

807
/**
808
 * Frees the ntlm_type3 message
809
 *
810
 * @param data message to be freed
811
 *
812
 * @ingroup ntlm_core
813
 */
814

815
void
816
heim_ntlm_free_type3(struct ntlm_type3 *data)
817
{
818
    heim_ntlm_free_buf(&data->lm);
819
    heim_ntlm_free_buf(&data->ntlm);
820
    if (data->targetname)
821
	free(data->targetname);
822
    if (data->username)
823
	free(data->username);
824
    if (data->ws)
825
	free(data->ws);
826
    heim_ntlm_free_buf(&data->sessionkey);
827
    memset(data, 0, sizeof(*data));
828
}
829

830
/*
831
 *
832
 */
833

834
int
835
heim_ntlm_decode_type3(const struct ntlm_buf *buf,
836
		       int ucs2,
837
		       struct ntlm_type3 *type3)
838
{
839
    krb5_error_code ret;
840
    unsigned char sig[8];
841
    uint32_t type;
842
    krb5_storage *in;
843
    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
844
    uint32_t min_offset = 72;
845

846
    memset(type3, 0, sizeof(*type3));
847
    memset(&sessionkey, 0, sizeof(sessionkey));
848

849
    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
850
    if (in == NULL) {
851
	ret = ENOMEM;
852
	goto out;
853
    }
854
    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
855

856
    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
857
    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
858
    CHECK(krb5_ret_uint32(in, &type), 0);
859
    CHECK(type, 3);
860
    CHECK(ret_sec_buffer(in, &lm), 0);
861
    if (lm.allocated)
862
	min_offset = min(min_offset, lm.offset);
863
    CHECK(ret_sec_buffer(in, &ntlm), 0);
864
    if (ntlm.allocated)
865
	min_offset = min(min_offset, ntlm.offset);
866
    CHECK(ret_sec_buffer(in, &target), 0);
867
    if (target.allocated)
868
	min_offset = min(min_offset, target.offset);
869
    CHECK(ret_sec_buffer(in, &username), 0);
870
    if (username.allocated)
871
	min_offset = min(min_offset, username.offset);
872
    CHECK(ret_sec_buffer(in, &ws), 0);
873
    if (ws.allocated)
874
	min_offset = min(min_offset, ws.offset);
875

876
    if (min_offset > 52) {
877
	CHECK(ret_sec_buffer(in, &sessionkey), 0);
878
	min_offset = max(min_offset, sessionkey.offset);
879
	CHECK(krb5_ret_uint32(in, &type3->flags), 0);
880
    }
881
    if (min_offset > 52 + 8 + 4 + 8) {
882
	CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
883
	CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
884
    }
885
    CHECK(ret_buf(in, &lm, &type3->lm), 0);
886
    CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
887
    CHECK(ret_sec_string(in, ucs2, &target, &type3->targetname), 0);
888
    CHECK(ret_sec_string(in, ucs2, &username, &type3->username), 0);
889
    CHECK(ret_sec_string(in, ucs2, &ws, &type3->ws), 0);
890
    if (sessionkey.offset)
891
	CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
892

893
out:
894
    if (in)
895
	krb5_storage_free(in);
896
    if (ret)
897
	heim_ntlm_free_type3(type3);
898

899
    return ret;
900
}
901

902
/**
903
 * Encodes an ntlm_type3 message.
904
 *
905
 * @param type3 the ntlm_type3 message to encode.
906
 * @param data is the return buffer with the encoded message, should be
907
 * freed with heim_ntlm_free_buf().
908
 *
909
 * @return In case of success 0 is return, an errors, a errno in what
910
 * went wrong.
911
 *
912
 * @ingroup ntlm_core
913
 */
914

915
int
916
heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
917
{
918
    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
919
    krb5_error_code ret;
920
    krb5_storage *out = NULL;
921
    uint32_t base;
922
    int ucs2 = 0;
923

924
    memset(&lm, 0, sizeof(lm));
925
    memset(&ntlm, 0, sizeof(ntlm));
926
    memset(&target, 0, sizeof(target));
927
    memset(&username, 0, sizeof(username));
928
    memset(&ws, 0, sizeof(ws));
929
    memset(&sessionkey, 0, sizeof(sessionkey));
930

931
    base = 52;
932

933
    base += 8; /* sessionkey sec buf */
934
    base += 4; /* flags */
935

936
    if (type3->os[0]) {
937
	base += 8;
938
    }
939

940
    if (type3->flags & NTLM_NEG_UNICODE)
941
	ucs2 = 1;
942

943
    target.offset = base;
944
    target.length = len_string(ucs2, type3->targetname);
945
    target.allocated = target.length;
946

947
    username.offset = target.offset + target.allocated;
948
    username.length = len_string(ucs2, type3->username);
949
    username.allocated = username.length;
950

951
    ws.offset = username.offset + username.allocated;
952
    ws.length = len_string(ucs2, type3->ws);
953
    ws.allocated = ws.length;
954

955
    lm.offset = ws.offset + ws.allocated;
956
    lm.length = type3->lm.length;
957
    lm.allocated = type3->lm.length;
958

959
    ntlm.offset = lm.offset + lm.allocated;
960
    ntlm.length = type3->ntlm.length;
961
    ntlm.allocated = ntlm.length;
962

963
    sessionkey.offset = ntlm.offset + ntlm.allocated;
964
    sessionkey.length = type3->sessionkey.length;
965
    sessionkey.allocated = type3->sessionkey.length;
966

967
    out = krb5_storage_emem();
968
    if (out == NULL)
969
	return ENOMEM;
970

971
    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
972
    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
973
	  sizeof(ntlmsigature));
974
    CHECK(krb5_store_uint32(out, 3), 0);
975

976
    CHECK(store_sec_buffer(out, &lm), 0);
977
    CHECK(store_sec_buffer(out, &ntlm), 0);
978
    CHECK(store_sec_buffer(out, &target), 0);
979
    CHECK(store_sec_buffer(out, &username), 0);
980
    CHECK(store_sec_buffer(out, &ws), 0);
981
    CHECK(store_sec_buffer(out, &sessionkey), 0);
982
    CHECK(krb5_store_uint32(out, type3->flags), 0);
983

984
#if 0
985
    CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
986
    CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
987
#endif
988

989
    CHECK(put_string(out, ucs2, type3->targetname), 0);
990
    CHECK(put_string(out, ucs2, type3->username), 0);
991
    CHECK(put_string(out, ucs2, type3->ws), 0);
992
    CHECK(put_buf(out, &type3->lm), 0);
993
    CHECK(put_buf(out, &type3->ntlm), 0);
994
    CHECK(put_buf(out, &type3->sessionkey), 0);
995

996
    {
997
	krb5_data d;
998
	ret = krb5_storage_to_data(out, &d);
999
	data->data = d.data;
1000
	data->length = d.length;
1001
    }
1002

1003
out:
1004
    krb5_storage_free(out);
1005

1006
    return ret;
1007
}
1008

1009

1010
/*
1011
 *
1012
 */
1013

1014
static int
1015
splitandenc(unsigned char *hash,
1016
	    unsigned char *challenge,
1017
	    unsigned char *answer)
1018
{
1019
    EVP_CIPHER_CTX *ctx;
1020
    unsigned char key[8];
1021

1022
    key[0] =  hash[0];
1023
    key[1] = (hash[0] << 7) | (hash[1] >> 1);
1024
    key[2] = (hash[1] << 6) | (hash[2] >> 2);
1025
    key[3] = (hash[2] << 5) | (hash[3] >> 3);
1026
    key[4] = (hash[3] << 4) | (hash[4] >> 4);
1027
    key[5] = (hash[4] << 3) | (hash[5] >> 5);
1028
    key[6] = (hash[5] << 2) | (hash[6] >> 6);
1029
    key[7] = (hash[6] << 1);
1030

1031
    ctx = EVP_CIPHER_CTX_new();
1032
    if (ctx == NULL)
1033
	return ENOMEM;
1034

1035
    EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL, key, NULL, 1);
1036
    EVP_Cipher(ctx, answer, challenge, 8);
1037
    EVP_CIPHER_CTX_free(ctx);
1038
    memset(key, 0, sizeof(key));
1039
    return 0;
1040
}
1041

1042
/**
1043
 * Calculate the NTLM key, the password is assumed to be in UTF8.
1044
 *
1045
 * @param password password to calcute the key for.
1046
 * @param key calcuted key, should be freed with heim_ntlm_free_buf().
1047
 *
1048
 * @return In case of success 0 is return, an errors, a errno in what
1049
 * went wrong.
1050
 *
1051
 * @ingroup ntlm_core
1052
 */
1053

1054
int
1055
heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
1056
{
1057
    struct ntlm_buf buf;
1058
    EVP_MD_CTX *m;
1059
    int ret;
1060

1061
    key->data = malloc(MD5_DIGEST_LENGTH);
1062
    if (key->data == NULL)
1063
	return ENOMEM;
1064
    key->length = MD5_DIGEST_LENGTH;
1065

1066
    ret = ascii2ucs2le(password, 0, &buf);
1067
    if (ret) {
1068
	heim_ntlm_free_buf(key);
1069
	return ret;
1070
    }
1071

1072
    m = EVP_MD_CTX_create();
1073
    if (m == NULL) {
1074
	heim_ntlm_free_buf(key);
1075
	heim_ntlm_free_buf(&buf);
1076
	return ENOMEM;
1077
    }
1078

1079
    EVP_DigestInit_ex(m, EVP_md4(), NULL);
1080
    EVP_DigestUpdate(m, buf.data, buf.length);
1081
    EVP_DigestFinal_ex(m, key->data, NULL);
1082
    EVP_MD_CTX_destroy(m);
1083

1084
    heim_ntlm_free_buf(&buf);
1085
    return 0;
1086
}
1087

1088
/**
1089
 * Calculate NTLMv1 response hash
1090
 *
1091
 * @param key the ntlm v1 key
1092
 * @param len length of key
1093
 * @param challenge sent by the server
1094
 * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
1095
 *
1096
 * @return In case of success 0 is return, an errors, a errno in what
1097
 * went wrong.
1098
 *
1099
 * @ingroup ntlm_core
1100
 */
1101

1102
int
1103
heim_ntlm_calculate_ntlm1(void *key, size_t len,
1104
			  unsigned char challenge[8],
1105
			  struct ntlm_buf *answer)
1106
{
1107
    unsigned char res[21];
1108
    int ret;
1109

1110
    if (len != MD4_DIGEST_LENGTH)
1111
	return HNTLM_ERR_INVALID_LENGTH;
1112

1113
    memcpy(res, key, len);
1114
    memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
1115

1116
    answer->data = malloc(24);
1117
    if (answer->data == NULL)
1118
	return ENOMEM;
1119
    answer->length = 24;
1120

1121
    ret = splitandenc(&res[0],  challenge, ((unsigned char *)answer->data) + 0);
1122
    if (ret)
1123
	goto out;
1124
    ret = splitandenc(&res[7],  challenge, ((unsigned char *)answer->data) + 8);
1125
    if (ret)
1126
	goto out;
1127
    ret = splitandenc(&res[14], challenge, ((unsigned char *)answer->data) + 16);
1128
    if (ret)
1129
	goto out;
1130

1131
    return 0;
1132

1133
out:
1134
    heim_ntlm_free_buf(answer);
1135
    return ret;
1136
}
1137

1138
int
1139
heim_ntlm_v1_base_session(void *key, size_t len,
1140
			  struct ntlm_buf *session)
1141
{
1142
    EVP_MD_CTX *m;
1143

1144
    session->length = MD4_DIGEST_LENGTH;
1145
    session->data = malloc(session->length);
1146
    if (session->data == NULL) {
1147
	session->length = 0;
1148
	return ENOMEM;
1149
    }
1150

1151
    m = EVP_MD_CTX_create();
1152
    if (m == NULL) {
1153
	heim_ntlm_free_buf(session);
1154
	return ENOMEM;
1155
    }
1156
    EVP_DigestInit_ex(m, EVP_md4(), NULL);
1157
    EVP_DigestUpdate(m, key, len);
1158
    EVP_DigestFinal_ex(m, session->data, NULL);
1159
    EVP_MD_CTX_destroy(m);
1160

1161
    return 0;
1162
}
1163

1164
int
1165
heim_ntlm_v2_base_session(void *key, size_t len,
1166
			  struct ntlm_buf *ntlmResponse,
1167
			  struct ntlm_buf *session)
1168
{
1169
    unsigned int hmaclen;
1170
    HMAC_CTX *c;
1171

1172
    if (ntlmResponse->length <= 16)
1173
        return HNTLM_ERR_INVALID_LENGTH;
1174

1175
    session->data = malloc(16);
1176
    if (session->data == NULL)
1177
	return ENOMEM;
1178
    session->length = 16;
1179

1180
    /* Note: key is the NTLMv2 key */
1181
    c = HMAC_CTX_new();
1182
    if (c == NULL) {
1183
	heim_ntlm_free_buf(session);
1184
	return ENOMEM;
1185
    }
1186
    HMAC_Init_ex(c, key, len, EVP_md5(), NULL);
1187
    HMAC_Update(c, ntlmResponse->data, 16);
1188
    HMAC_Final(c, session->data, &hmaclen);
1189
    HMAC_CTX_free(c);
1190

1191
    return 0;
1192
}
1193

1194

1195
int
1196
heim_ntlm_keyex_wrap(struct ntlm_buf *base_session,
1197
		     struct ntlm_buf *session,
1198
		     struct ntlm_buf *encryptedSession)
1199
{
1200
    EVP_CIPHER_CTX *c;
1201
    int ret;
1202

1203
    session->length = MD4_DIGEST_LENGTH;
1204
    session->data = malloc(session->length);
1205
    if (session->data == NULL) {
1206
	session->length = 0;
1207
	return ENOMEM;
1208
    }
1209
    encryptedSession->length = MD4_DIGEST_LENGTH;
1210
    encryptedSession->data = malloc(encryptedSession->length);
1211
    if (encryptedSession->data == NULL) {
1212
	heim_ntlm_free_buf(session);
1213
	encryptedSession->length = 0;
1214
	return ENOMEM;
1215
    }
1216

1217
    c = EVP_CIPHER_CTX_new();
1218
    if (c == NULL) {
1219
	heim_ntlm_free_buf(encryptedSession);
1220
	heim_ntlm_free_buf(session);
1221
	return ENOMEM;
1222
    }
1223

1224
    ret = EVP_CipherInit_ex(c, EVP_rc4(), NULL, base_session->data, NULL, 1);
1225
    if (ret != 1) {
1226
	EVP_CIPHER_CTX_free(c);
1227
	heim_ntlm_free_buf(encryptedSession);
1228
	heim_ntlm_free_buf(session);
1229
	return HNTLM_ERR_CRYPTO;
1230
    }
1231

1232
    if (RAND_bytes(session->data, session->length) != 1) {
1233
	EVP_CIPHER_CTX_free(c);
1234
	heim_ntlm_free_buf(encryptedSession);
1235
	heim_ntlm_free_buf(session);
1236
	return HNTLM_ERR_RAND;
1237
    }
1238

1239
    EVP_Cipher(c, encryptedSession->data, session->data, encryptedSession->length);
1240
    EVP_CIPHER_CTX_free(c);
1241

1242
    return 0;
1243

1244

1245

1246
}
1247

1248

1249

1250
/**
1251
 * Generates an NTLMv1 session random with assosited session master key.
1252
 *
1253
 * @param key the ntlm v1 key
1254
 * @param len length of key
1255
 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1256
 * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
1257
 *
1258
 * @return In case of success 0 is return, an errors, a errno in what
1259
 * went wrong.
1260
 *
1261
 * @ingroup ntlm_core
1262
 */
1263

1264
int
1265
heim_ntlm_build_ntlm1_master(void *key, size_t len,
1266
			     struct ntlm_buf *session,
1267
			     struct ntlm_buf *master)
1268
{
1269
    struct ntlm_buf sess;
1270
    int ret;
1271

1272
    ret = heim_ntlm_v1_base_session(key, len, &sess);
1273
    if (ret)
1274
	return ret;
1275

1276
    ret = heim_ntlm_keyex_wrap(&sess, session, master);
1277
    heim_ntlm_free_buf(&sess);
1278

1279
    return ret;
1280
}
1281

1282
/**
1283
 * Generates an NTLMv2 session random with associated session master key.
1284
 *
1285
 * @param key the NTLMv2 key
1286
 * @param len length of key
1287
 * @param blob the NTLMv2 "blob"
1288
 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1289
 * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
1290
 *
1291
 * @return In case of success 0 is return, an errors, a errno in what
1292
 * went wrong.
1293
 *
1294
 * @ingroup ntlm_core
1295
 */
1296

1297

1298
int
1299
heim_ntlm_build_ntlm2_master(void *key, size_t len,
1300
			     struct ntlm_buf *blob,
1301
			     struct ntlm_buf *session,
1302
			     struct ntlm_buf *master)
1303
{
1304
    struct ntlm_buf sess;
1305
    int ret;
1306

1307
    ret = heim_ntlm_v2_base_session(key, len, blob, &sess);
1308
    if (ret)
1309
	return ret;
1310

1311
    ret = heim_ntlm_keyex_wrap(&sess, session, master);
1312
    heim_ntlm_free_buf(&sess);
1313

1314
    return ret;
1315
}
1316

1317
/**
1318
 * Given a key and encrypted session, unwrap the session key
1319
 *
1320
 * @param baseKey the sessionBaseKey
1321
 * @param encryptedSession encrypted session, type3.session field.
1322
 * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
1323
 *
1324
 * @return In case of success 0 is return, an errors, a errno in what
1325
 * went wrong.
1326
 *
1327
 * @ingroup ntlm_core
1328
 */
1329

1330
int
1331
heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey,
1332
		       struct ntlm_buf *encryptedSession,
1333
		       struct ntlm_buf *session)
1334
{
1335
    EVP_CIPHER_CTX *c;
1336

1337
    memset(session, 0, sizeof(*session));
1338

1339
    if (baseKey->length != MD4_DIGEST_LENGTH)
1340
	return HNTLM_ERR_INVALID_LENGTH;
1341

1342
    session->length = MD4_DIGEST_LENGTH;
1343
    session->data = malloc(session->length);
1344
    if (session->data == NULL) {
1345
	session->length = 0;
1346
	return ENOMEM;
1347
    }
1348
    c = EVP_CIPHER_CTX_new();
1349
    if (c == NULL) {
1350
	heim_ntlm_free_buf(session);
1351
	return ENOMEM;
1352
    }
1353

1354
    if (EVP_CipherInit_ex(c, EVP_rc4(), NULL, baseKey->data, NULL, 0) != 1) {
1355
	EVP_CIPHER_CTX_free(c);
1356
	heim_ntlm_free_buf(session);
1357
	return HNTLM_ERR_CRYPTO;
1358
    }
1359

1360
    EVP_Cipher(c, session->data, encryptedSession->data, session->length);
1361
    EVP_CIPHER_CTX_free(c);
1362

1363
    return 0;
1364
}
1365

1366

1367
/**
1368
 * Generates an NTLMv2 session key.
1369
 *
1370
 * @param key the ntlm key
1371
 * @param len length of key
1372
 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1373
 * @param target the name of the target, assumed to be in UTF8.
1374
 * @param ntlmv2 the ntlmv2 session key
1375
 *
1376
 * @return 0 on success, or an error code on failure.
1377
 *
1378
 * @ingroup ntlm_core
1379
 */
1380

1381
int
1382
heim_ntlm_ntlmv2_key(const void *key, size_t len,
1383
		     const char *username,
1384
		     const char *target,
1385
		     unsigned char ntlmv2[16])
1386
{
1387
    int ret;
1388
    unsigned int hmaclen;
1389
    HMAC_CTX *c;
1390

1391
    c = HMAC_CTX_new();
1392
    if (c == NULL)
1393
	return ENOMEM;
1394
    HMAC_Init_ex(c, key, len, EVP_md5(), NULL);
1395
    {
1396
	struct ntlm_buf buf;
1397
	/* uppercase username and turn it into ucs2-le */
1398
	ret = ascii2ucs2le(username, 1, &buf);
1399
	if (ret)
1400
	    goto out;
1401
	HMAC_Update(c, buf.data, buf.length);
1402
	free(buf.data);
1403
	/* uppercase target and turn into ucs2-le */
1404
	ret = ascii2ucs2le(target, 1, &buf);
1405
	if (ret)
1406
	    goto out;
1407
	HMAC_Update(c, buf.data, buf.length);
1408
	free(buf.data);
1409
    }
1410
    HMAC_Final(c, ntlmv2, &hmaclen);
1411
 out:
1412
    HMAC_CTX_free(c);
1413

1414
    return ret;
1415
}
1416

1417
/*
1418
 *
1419
 */
1420

1421
#define NTTIME_EPOCH 0x019DB1DED53E8000LL
1422

1423
static uint64_t
1424
unix2nttime(time_t unix_time)
1425
{
1426
    long long wt;
1427
    wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
1428
    return wt;
1429
}
1430

1431
static time_t
1432
nt2unixtime(uint64_t t)
1433
{
1434
    t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
1435
    if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1))
1436
	return 0;
1437
    return (time_t)t;
1438
}
1439

1440
/**
1441
 * Calculate LMv2 response
1442
 *
1443
 * @param key the ntlm key
1444
 * @param len length of key
1445
 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1446
 * @param target the name of the target, assumed to be in UTF8.
1447
 * @param serverchallenge challenge as sent by the server in the type2 message.
1448
 * @param ntlmv2 calculated session key
1449
 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1450
 *
1451
 * @return In case of success 0 is return, an errors, a errno in what
1452
 * went wrong.
1453
 *
1454
 * @ingroup ntlm_core
1455
 */
1456

1457
int
1458
heim_ntlm_calculate_lm2(const void *key, size_t len,
1459
			const char *username,
1460
			const char *target,
1461
			const unsigned char serverchallenge[8],
1462
			unsigned char ntlmv2[16],
1463
			struct ntlm_buf *answer)
1464
{
1465
    unsigned char clientchallenge[8];
1466
    int ret;
1467

1468
    if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
1469
	return HNTLM_ERR_RAND;
1470

1471
    /* calculate ntlmv2 key */
1472

1473
    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1474

1475
    answer->data = malloc(24);
1476
    if (answer->data == NULL)
1477
        return ENOMEM;
1478
    answer->length = 24;
1479

1480
    ret = heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8,
1481
				serverchallenge, answer->data);
1482
    if (ret)
1483
	return ret;
1484

1485
    memcpy(((uint8_t *)answer->data) + 16, clientchallenge, 8);
1486

1487
    return 0;
1488
}
1489

1490

1491
/**
1492
 * Calculate NTLMv2 response
1493
 *
1494
 * @param key the ntlm key
1495
 * @param len length of key
1496
 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1497
 * @param target the name of the target, assumed to be in UTF8.
1498
 * @param serverchallenge challenge as sent by the server in the type2 message.
1499
 * @param infotarget infotarget as sent by the server in the type2 message.
1500
 * @param ntlmv2 calculated session key
1501
 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1502
 *
1503
 * @return In case of success 0 is return, an errors, a errno in what
1504
 * went wrong.
1505
 *
1506
 * @ingroup ntlm_core
1507
 */
1508

1509
int
1510
heim_ntlm_calculate_ntlm2(const void *key, size_t len,
1511
			  const char *username,
1512
			  const char *target,
1513
			  const unsigned char serverchallenge[8],
1514
			  const struct ntlm_buf *infotarget,
1515
			  unsigned char ntlmv2[16],
1516
			  struct ntlm_buf *answer)
1517
{
1518
    krb5_error_code ret;
1519
    krb5_data data;
1520
    unsigned char ntlmv2answer[16];
1521
    krb5_storage *sp;
1522
    unsigned char clientchallenge[8];
1523
    uint64_t t;
1524
    int code;
1525

1526
    t = unix2nttime(time(NULL));
1527

1528
    if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
1529
	return HNTLM_ERR_RAND;
1530

1531
    /* calculate ntlmv2 key */
1532

1533
    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1534

1535
    /* calculate and build ntlmv2 answer */
1536

1537
    sp = krb5_storage_emem();
1538
    if (sp == NULL)
1539
	return ENOMEM;
1540
    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1541

1542
    CHECK(krb5_store_uint32(sp, 0x00000101), 0);
1543
    CHECK(krb5_store_uint32(sp, 0), 0);
1544
    /* timestamp le 64 bit ts */
1545
    CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
1546
    CHECK(krb5_store_uint32(sp, t >> 32), 0);
1547

1548
    CHECK(krb5_storage_write(sp, clientchallenge, 8), 8);
1549

1550
    CHECK(krb5_store_uint32(sp, 0), 0);  /* unknown but zero will work */
1551
    CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
1552
	  infotarget->length);
1553
    CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
1554

1555
    CHECK(krb5_storage_to_data(sp, &data), 0);
1556
    krb5_storage_free(sp);
1557
    sp = NULL;
1558

1559
    code = heim_ntlm_derive_ntlm2_sess(ntlmv2, data.data, data.length, serverchallenge, ntlmv2answer);
1560
    if (code) {
1561
	krb5_data_free(&data);
1562
	return code;
1563
    }
1564

1565
    sp = krb5_storage_emem();
1566
    if (sp == NULL) {
1567
	krb5_data_free(&data);
1568
	return ENOMEM;
1569
    }
1570

1571
    CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
1572
    CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
1573
    krb5_data_free(&data);
1574

1575
    CHECK(krb5_storage_to_data(sp, &data), 0);
1576
    krb5_storage_free(sp);
1577
    sp = NULL;
1578

1579
    answer->data = data.data;
1580
    answer->length = data.length;
1581

1582
    return 0;
1583
out:
1584
    if (sp)
1585
	krb5_storage_free(sp);
1586
    return ret;
1587
}
1588

1589
static const int authtimediff = 3600 * 2; /* 2 hours */
1590

1591
/**
1592
 * Verify NTLMv2 response.
1593
 *
1594
 * @param key the ntlm key
1595
 * @param len length of key
1596
 * @param username name of the user, as sent in the message, assumed to be in UTF8.
1597
 * @param target the name of the target, assumed to be in UTF8.
1598
 * @param now the time now (0 if the library should pick it up itself)
1599
 * @param serverchallenge challenge as sent by the server in the type2 message.
1600
 * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
1601
 * @param infotarget infotarget as sent by the server in the type2 message.
1602
 * @param ntlmv2 calculated session key
1603
 *
1604
 * @return In case of success 0 is return, an errors, a errno in what
1605
 * went wrong.
1606
 *
1607
 * @ingroup ntlm_core
1608
 */
1609

1610
int
1611
heim_ntlm_verify_ntlm2(const void *key, size_t len,
1612
		       const char *username,
1613
		       const char *target,
1614
		       time_t now,
1615
		       const unsigned char serverchallenge[8],
1616
		       const struct ntlm_buf *answer,
1617
		       struct ntlm_buf *infotarget,
1618
		       unsigned char ntlmv2[16])
1619
{
1620
    krb5_error_code ret;
1621
    unsigned char clientanswer[16];
1622
    unsigned char clientnonce[8];
1623
    unsigned char serveranswer[16];
1624
    krb5_storage *sp;
1625
    time_t authtime;
1626
    uint32_t temp;
1627
    uint64_t t;
1628
    int code;
1629

1630
    infotarget->length = 0;
1631
    infotarget->data = NULL;
1632

1633
    if (answer->length < 16)
1634
	return HNTLM_ERR_INVALID_LENGTH;
1635

1636
    if (now == 0)
1637
	now = time(NULL);
1638

1639
    /* calculate ntlmv2 key */
1640

1641
    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
1642

1643
    /* calculate and build ntlmv2 answer */
1644

1645
    sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
1646
    if (sp == NULL)
1647
	return ENOMEM;
1648
    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1649

1650
    CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
1651

1652
    CHECK(krb5_ret_uint32(sp, &temp), 0);
1653
    CHECK(temp, 0x00000101);
1654
    CHECK(krb5_ret_uint32(sp, &temp), 0);
1655
    CHECK(temp, 0);
1656
    /* timestamp le 64 bit ts */
1657
    CHECK(krb5_ret_uint32(sp, &temp), 0);
1658
    t = temp;
1659
    CHECK(krb5_ret_uint32(sp, &temp), 0);
1660
    t |= ((uint64_t)temp)<< 32;
1661

1662
    authtime = nt2unixtime(t);
1663

1664
    if (abs((int)(authtime - now)) > authtimediff) {
1665
	ret = HNTLM_ERR_TIME_SKEW;
1666
	goto out;
1667
    }
1668

1669
    /* client challenge */
1670
    CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
1671

1672
    CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
1673

1674
    /* should really unparse the infotarget, but lets pick up everything */
1675
    infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
1676
    infotarget->data = malloc(infotarget->length);
1677
    if (infotarget->data == NULL) {
1678
	ret = ENOMEM;
1679
	goto out;
1680
    }
1681
    CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
1682
	  infotarget->length);
1683
    /* XXX remove the unknown ?? */
1684
    krb5_storage_free(sp);
1685
    sp = NULL;
1686

1687
    if (answer->length < 16) {
1688
	ret = HNTLM_ERR_INVALID_LENGTH;
1689
	goto out;
1690
    }
1691

1692
    ret = heim_ntlm_derive_ntlm2_sess(ntlmv2,
1693
				((unsigned char *)answer->data) + 16, answer->length - 16,
1694
				serverchallenge,
1695
				serveranswer);
1696
    if (ret)
1697
	goto out;
1698

1699
    if (memcmp(serveranswer, clientanswer, 16) != 0) {
1700
	heim_ntlm_free_buf(infotarget);
1701
	return HNTLM_ERR_AUTH;
1702
    }
1703

1704
    return 0;
1705
out:
1706
    heim_ntlm_free_buf(infotarget);
1707
    if (sp)
1708
	krb5_storage_free(sp);
1709
    return ret;
1710
}
1711

1712

1713
/*
1714
 * Calculate the NTLM2 Session Response
1715
 *
1716
 * @param clnt_nonce client nonce
1717
 * @param svr_chal server challage
1718
 * @param ntlm2_hash ntlm hash
1719
 * @param lm The LM response, should be freed with heim_ntlm_free_buf().
1720
 * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
1721
 *
1722
 * @return In case of success 0 is return, an errors, a errno in what
1723
 * went wrong.
1724
 *
1725
 * @ingroup ntlm_core
1726
 */
1727

1728
int
1729
heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
1730
			       const unsigned char svr_chal[8],
1731
			       const unsigned char ntlm_hash[16],
1732
			       struct ntlm_buf *lm,
1733
			       struct ntlm_buf *ntlm)
1734
{
1735
    unsigned char ntlm2_sess_hash[8];
1736
    unsigned char res[21], *resp;
1737
    int code;
1738

1739
    code = heim_ntlm_calculate_ntlm2_sess_hash(clnt_nonce, svr_chal,
1740
					       ntlm2_sess_hash);
1741
    if (code) {
1742
	return code;
1743
    }
1744

1745
    lm->data = malloc(24);
1746
    if (lm->data == NULL) {
1747
	return ENOMEM;
1748
    }
1749
    lm->length = 24;
1750

1751
    ntlm->data = malloc(24);
1752
    if (ntlm->data == NULL) {
1753
	free(lm->data);
1754
	lm->data = NULL;
1755
	return ENOMEM;
1756
    }
1757
    ntlm->length = 24;
1758

1759
    /* first setup the lm resp */
1760
    memset(lm->data, 0, 24);
1761
    memcpy(lm->data, clnt_nonce, 8);
1762

1763
    memset(res, 0, sizeof(res));
1764
    memcpy(res, ntlm_hash, 16);
1765

1766
    resp = ntlm->data;
1767
    code = splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
1768
    if (code)
1769
	goto out;
1770
    code = splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
1771
    if (code)
1772
	goto out;
1773
    code = splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
1774
    if (code)
1775
	goto out;
1776

1777
    return 0;
1778

1779
out:
1780
    heim_ntlm_free_buf(ntlm);
1781
    heim_ntlm_free_buf(lm);
1782
    return code;
1783
}
1784

1785

1786
/*
1787
 * Calculate the NTLM2 Session "Verifier"
1788
 *
1789
 * @param clnt_nonce client nonce
1790
 * @param svr_chal server challage
1791
 * @param hash The NTLM session verifier
1792
 *
1793
 * @return In case of success 0 is return, an errors, a errno in what
1794
 * went wrong.
1795
 *
1796
 * @ingroup ntlm_core
1797
 */
1798

1799
int
1800
heim_ntlm_calculate_ntlm2_sess_hash(const unsigned char clnt_nonce[8],
1801
				    const unsigned char svr_chal[8],
1802
				    unsigned char verifier[8])
1803
{
1804
    unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
1805
    EVP_MD_CTX *m;
1806

1807
    m = EVP_MD_CTX_create();
1808
    if (m == NULL)
1809
	return ENOMEM;
1810

1811
    EVP_DigestInit_ex(m, EVP_md5(), NULL);
1812
    EVP_DigestUpdate(m, svr_chal, 8); /* session nonce part 1 */
1813
    EVP_DigestUpdate(m, clnt_nonce, 8); /* session nonce part 2 */
1814
    EVP_DigestFinal_ex(m, ntlm2_sess_hash, NULL); /* will only use first 8 bytes */
1815
    EVP_MD_CTX_destroy(m);
1816

1817
    memcpy(verifier, ntlm2_sess_hash, 8);
1818

1819
    return 0;
1820
}
1821

1822

1823
/*
1824
 * Derive a NTLM2 session key
1825
 *
1826
 * @param sessionkey session key from domain controller
1827
 * @param clnt_nonce client nonce
1828
 * @param svr_chal server challenge
1829
 * @param derivedkey salted session key
1830
 *
1831
 * @return In case of success 0 is return, an errors, a errno in what
1832
 * went wrong.
1833
 *
1834
 * @ingroup ntlm_core
1835
 */
1836

1837
int
1838
heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
1839
			    const unsigned char *clnt_nonce, size_t clnt_nonce_length,
1840
			    const unsigned char svr_chal[8],
1841
			    unsigned char derivedkey[16])
1842
{
1843
    unsigned int hmaclen;
1844
    HMAC_CTX *c;
1845

1846
    /* HMAC(Ksession, serverchallenge || clientchallenge) */
1847
    c = HMAC_CTX_new();
1848
    if (c == NULL)
1849
	return ENOMEM;
1850
    HMAC_Init_ex(c, sessionkey, 16, EVP_md5(), NULL);
1851
    HMAC_Update(c, svr_chal, 8);
1852
    HMAC_Update(c, clnt_nonce, clnt_nonce_length);
1853
    HMAC_Final(c, derivedkey, &hmaclen);
1854
    HMAC_CTX_free(c);
1855
    return 0;
1856
}
1857

1858

1859