2 * Unix SMB/CIFS implementation.
4 * NTLMSSP Signing routines
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-2001
6 * Copyright (C) Andrew Bartlett 2003
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software Foundation,
20 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 #define CLI_SIGN "session key to client-to-server signing key magic constant"
26 #define CLI_SEAL "session key to client-to-server sealing key magic constant"
27 #define SRV_SIGN "session key to server-to-client signing key magic constant"
28 #define SRV_SEAL "session key to server-to-client sealing key magic constant"
30 static void NTLMSSPcalc_ap( unsigned char *hash
, unsigned char *data
, int len
)
32 unsigned char index_i
= hash
[256];
33 unsigned char index_j
= hash
[257];
36 for (ind
= 0; ind
< len
; ind
++)
42 index_j
+= hash
[index_i
];
45 hash
[index_i
] = hash
[index_j
];
48 t
= hash
[index_i
] + hash
[index_j
];
49 data
[ind
] = data
[ind
] ^ hash
[t
];
56 static void calc_hash(unsigned char *hash
, const char *k2
, int k2l
)
61 for (ind
= 0; ind
< 256; ind
++)
63 hash
[ind
] = (unsigned char)ind
;
66 for (ind
= 0; ind
< 256; ind
++)
70 j
+= (hash
[ind
] + k2
[ind
%k2l
]);
81 static void calc_ntlmv2_hash(unsigned char hash
[16], char digest
[16],
82 const char encrypted_response
[16],
85 struct MD5Context ctx3
;
88 MD5Update(&ctx3
, encrypted_response
, 5);
89 MD5Update(&ctx3
, constant
, strlen(constant
));
90 MD5Final(digest
, &ctx3
);
92 calc_hash(hash
, digest
, 16);
95 enum ntlmssp_direction
{
100 static NTSTATUS
ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE
*ntlmssp_state
,
101 const uchar
*data
, size_t length
,
102 enum ntlmssp_direction direction
,
105 if (ntlmssp_state
->neg_flags
& NTLMSSP_NEGOTIATE_NTLM2
) {
109 SIVAL(seq_num
, 0, ntlmssp_state
->ntlmssp_seq_num
);
111 hmac_md5_init_limK_to_64(ntlmssp_state
->cli_sign_const
, 16, &ctx
);
112 hmac_md5_update(seq_num
, 4, &ctx
);
113 hmac_md5_update(data
, length
, &ctx
);
114 hmac_md5_final(digest
, &ctx
);
116 if (!msrpc_gen(sig
, "Bd", digest
, sizeof(digest
), ntlmssp_state
->ntlmssp_seq_num
)) {
117 return NT_STATUS_NO_MEMORY
;
121 NTLMSSPcalc_ap(ntlmssp_state
->cli_sign_hash
, sig
->data
, sig
->length
);
123 case NTLMSSP_RECEIVE
:
124 NTLMSSPcalc_ap(ntlmssp_state
->cli_sign_hash
, sig
->data
, sig
->length
);
129 crc
= crc32_calc_buffer(data
, length
);
130 if (!msrpc_gen(sig
, "ddd", 0, crc
, ntlmssp_state
->ntlmssp_seq_num
)) {
131 return NT_STATUS_NO_MEMORY
;
134 NTLMSSPcalc_ap(ntlmssp_state
->ntlmssp_hash
, sig
->data
, sig
->length
);
139 NTSTATUS
ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE
*ntlmssp_state
,
140 const uchar
*data
, size_t length
,
143 ntlmssp_state
->ntlmssp_seq_num
++;
144 return ntlmssp_make_packet_signiture(ntlmssp_state
, data
, length
, NTLMSSP_SEND
, sig
);
148 * Check the signature of an incoming packet
149 * @note caller *must* check that the signature is the size it expects
153 NTSTATUS
ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE
*ntlmssp_state
,
154 const uchar
*data
, size_t length
,
155 const DATA_BLOB
*sig
)
160 if (sig
->length
< 8) {
161 DEBUG(0, ("NTLMSSP packet check failed due to short signiture (%u bytes)!\n",
165 nt_status
= ntlmssp_make_packet_signiture(ntlmssp_state
, data
,
166 length
, NTLMSSP_RECEIVE
, &local_sig
);
168 if (!NT_STATUS_IS_OK(nt_status
)) {
169 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status
)));
173 if (memcmp(sig
->data
, local_sig
.data
, MIN(sig
->length
, local_sig
.length
)) == 0) {
176 DEBUG(5, ("BAD SIG: wanted signature of\n"));
177 dump_data(5, local_sig
.data
, local_sig
.length
);
179 DEBUG(5, ("BAD SIG: got signature of\n"));
180 dump_data(5, sig
->data
, sig
->length
);
182 DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
183 return NT_STATUS_ACCESS_DENIED
;
188 Initialise the state for NTLMSSP signing.
190 NTSTATUS
ntlmssp_client_sign_init(NTLMSSP_CLIENT_STATE
*ntlmssp_state
)
192 unsigned char p24
[24];
193 unsigned char lm_hash
[16];
195 if (!ntlmssp_state
->lm_resp
.data
) {
196 /* can't sign or check signitures yet */
197 return NT_STATUS_UNSUCCESSFUL
;
200 E_deshash(ntlmssp_state
->password
, lm_hash
);
202 NTLMSSPOWFencrypt(lm_hash
, ntlmssp_state
->lm_resp
.data
, p24
);
204 if (ntlmssp_state
->neg_flags
& NTLMSSP_NEGOTIATE_NTLM2
)
206 calc_ntlmv2_hash(ntlmssp_state
->cli_sign_hash
, ntlmssp_state
->cli_sign_const
, p24
, CLI_SIGN
);
207 calc_ntlmv2_hash(ntlmssp_state
->cli_seal_hash
, ntlmssp_state
->cli_seal_const
, p24
, CLI_SEAL
);
208 calc_ntlmv2_hash(ntlmssp_state
->srv_sign_hash
, ntlmssp_state
->srv_sign_const
, p24
, SRV_SIGN
);
209 calc_ntlmv2_hash(ntlmssp_state
->srv_seal_hash
, ntlmssp_state
->srv_seal_const
, p24
, SRV_SEAL
);
219 calc_hash(ntlmssp_state
->ntlmssp_hash
, k2
, 8);
222 ntlmssp_state
->ntlmssp_seq_num
= 0;
224 ZERO_STRUCT(lm_hash
);