OpenVAS Scanner  7.0.0~git
ntlmssp.c
Go to the documentation of this file.
1 /* Copyright (C) 2010-2019 Greenbone Networks GmbH
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 
26 #include "ntlmssp.h"
27 
28 #include <glib.h>
29 
30 #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
31 
32 void
33 ntlmssp_genauth_ntlmv2 (char *user, char *domain, char *address_list,
34  int address_list_len, char *challenge_data,
35  uint8_t *lm_response, uint8_t *nt_response,
36  uint8_t *session_key, unsigned char *ntlmv2_hash)
37 {
38  SMBNTLMv2encrypt_hash_ntlmssp (user, domain, ntlmv2_hash, challenge_data,
39  address_list, address_list_len, lm_response,
40  nt_response, session_key);
41 }
42 
43 void
44 ntlmssp_genauth_ntlm2 (char *password, uint8_t pass_len, uint8_t *lm_response,
45  uint8_t *nt_response, uint8_t *session_key,
46  char *challenge_data, unsigned char *nt_hash)
47 {
48  unsigned char lm_hash[16];
49 
50  E_deshash_ntlmssp (password, pass_len, lm_hash);
51 
52  struct MD5Context md5_session_nonce_ctx;
53  uchar session_nonce_hash[16];
54  uchar session_nonce[16];
55  uchar user_session_key[16];
56 
57  generate_random_buffer_ntlmssp (lm_response, 8);
58  memset (lm_response + 8, 0, 16);
59 
60  memcpy (session_nonce, challenge_data, 8);
61  memcpy (&session_nonce[8], lm_response, 8);
62 
63  MD5Init (&md5_session_nonce_ctx);
64  MD5Update (&md5_session_nonce_ctx, (unsigned char const *) challenge_data, 8);
65  MD5Update (&md5_session_nonce_ctx, (unsigned char const *) lm_response, 8);
66  MD5Final (session_nonce_hash, &md5_session_nonce_ctx);
67 
68  SMBNTencrypt_hash_ntlmssp (nt_hash, session_nonce_hash, nt_response);
69  SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, user_session_key);
70  hmac_md5 (user_session_key, session_nonce, sizeof (session_nonce),
71  session_key);
72 }
73 
74 void
75 ntlmssp_genauth_ntlm (char *password, uint8_t pass_len, uint8_t *lm_response,
76  uint8_t *nt_response, uint8_t *session_key,
77  char *challenge_data, unsigned char *nt_hash,
78  int neg_flags)
79 {
80  unsigned char lm_hash[16];
81 
82  E_deshash_ntlmssp (password, pass_len, lm_hash);
83 
84  SMBencrypt_hash_ntlmssp (lm_hash, (const uchar *) challenge_data,
85  lm_response);
86  SMBNTencrypt_hash_ntlmssp (nt_hash, (uchar *) challenge_data, nt_response);
87 
88  if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
89  {
90  SMBsesskeygen_lm_sess_key_ntlmssp (lm_hash, lm_response, session_key);
91  }
92  else
93  {
94  SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, session_key);
95  }
96 }
97 
98 uint8_t *
99 ntlmssp_genauth_keyexchg (uint8_t *session_key, char *challenge_data,
100  unsigned char *nt_hash, uint8_t *new_sess_key)
101 {
102  /* Make up a new session key */
103  uint8 client_session_key[16];
104 
105  (void) challenge_data;
106  (void) nt_hash;
107  generate_random_buffer_ntlmssp (client_session_key,
108  sizeof (client_session_key));
109  /* Encrypt the new session key with the old one */
110 
111  size_t length = sizeof (client_session_key);
112  uint8_t *encrypted_session_key = g_malloc0 (length);
113 
114  memcpy (encrypted_session_key, client_session_key, length);
115  SamOEMhash (encrypted_session_key, session_key, length);
116  memcpy (new_sess_key, client_session_key, 16);
117  return encrypted_session_key;
118 }
uchar
#define uchar
Definition: hmacmd5.h:35
uint8
#define uint8
Definition: charcnv.c:58
ntlmssp_genauth_keyexchg
uint8_t * ntlmssp_genauth_keyexchg(uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, uint8_t *new_sess_key)
Definition: ntlmssp.c:99
SMBencrypt_hash_ntlmssp
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
Definition: smb_crypt.c:407
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition: genrand.c:184
SMBNTLMv2encrypt_hash_ntlmssp
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
Definition: smb_crypt.c:568
SMBNTencrypt_hash_ntlmssp
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)
Definition: smb_crypt.c:419
MD5Update
void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
Definition: md5.c:66
SMBsesskeygen_lm_sess_key_ntlmssp
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
Definition: smb_crypt.c:429
ntlmssp.h
Functions to support Authentication(type3 message) for NTLMSSP (NTLMv2, NTLM2, NTLM,...
ntlmssp_genauth_ntlm2
void ntlmssp_genauth_ntlm2(char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash)
Definition: ntlmssp.c:44
SamOEMhash
void SamOEMhash(uchar *data, const uchar *key, int val)
Definition: smb_crypt.c:331
ntlmssp_genauth_ntlm
void ntlmssp_genauth_ntlm(char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, int neg_flags)
Definition: ntlmssp.c:75
E_deshash_ntlmssp
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
Definition: smb_crypt.c:450
NTLMSSP_NEGOTIATE_LM_KEY
#define NTLMSSP_NEGOTIATE_LM_KEY
Definition: ntlmssp.c:30
MD5Init
void MD5Init(struct MD5Context *ctx)
Definition: md5.c:50
SMBsesskeygen_ntv1_ntlmssp
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition: smb_crypt.c:386
hmac_md5
void hmac_md5(uchar key[16], uchar *data, int data_len, uchar *digest)
Function to calculate an HMAC MD5 digest from data. Use the microsoft hmacmd5 init method because the...
Definition: hmacmd5.c:95
MD5Context
Definition: md5.h:46
MD5Final
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
Definition: md5.c:118
ntlmssp_genauth_ntlmv2
void ntlmssp_genauth_ntlmv2(char *user, char *domain, char *address_list, int address_list_len, char *challenge_data, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, unsigned char *ntlmv2_hash)
Definition: ntlmssp.c:33