/* This file is part of the KDE libraries Copyright (c) 2004 Szombathelyi Gy�gy The implementation is based on the documentation and sample code at http://davenport.sourceforge.net/ntlm.html The DES encryption functions are from libntlm at http://josefsson.org/libntlm/ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License version 2 as published by the Free Software Foundation. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #include "kntlm.h" #include "des.h" #include #include #include #include #include #include static const char NTLM_SIGNATURE[] = "NTLMSSP"; static QByteArray QString2UnicodeLE (const QString &target) { QByteArray unicode (target.length() * 2, 0); for (int i = 0; i < target.length(); i++) { ((quint16 *) unicode.data()) [ i ] = qToLittleEndian (target[i].unicode()); } return unicode; } static QString UnicodeLE2QString (const QChar *data, uint len) { QString ret; for (uint i = 0; i < len; i++) { ret += qFromLittleEndian (data[ i ].unicode()); } return ret; } static QByteArray getBuf (const QByteArray &buf, const KNTLM::SecBuf &secbuf) { quint32 offset = qFromLittleEndian ( (quint32) secbuf.offset); quint16 len = qFromLittleEndian (secbuf.len); //watch for buffer overflows if (offset > (quint32) buf.size() || offset + len > (quint32) buf.size()) { return QByteArray(); } return QByteArray (buf.data() + offset, buf.size()); } static void addBuf (QByteArray &buf, KNTLM::SecBuf &secbuf, const QByteArray &data) { quint32 offset = (buf.size() + 1) & 0xfffffffe; quint16 len = data.size(); quint16 maxlen = data.size(); secbuf.offset = qToLittleEndian ( (quint32) offset); secbuf.len = qToLittleEndian (len); secbuf.maxlen = qToLittleEndian (maxlen); buf.resize (offset + len); memcpy (buf.data() + offset, data.data(), data.size()); } static QString getString (const QByteArray &buf, const KNTLM::SecBuf &secbuf, bool unicode) { //watch for buffer overflows quint32 offset = qFromLittleEndian ( (quint32) secbuf.offset); quint16 len = qFromLittleEndian (secbuf.len); if (offset > (quint32) buf.size() || offset + len > (quint32) buf.size()) { return QString(); } const char *c = buf.data() + offset; if (unicode) { return UnicodeLE2QString ( (QChar *) c, len >> 1); } return QString::fromLatin1 (c, len); } static void addString (QByteArray &buf, KNTLM::SecBuf &secbuf, const QString &str, bool unicode = false) { if (unicode) { addBuf (buf, secbuf, QString2UnicodeLE (str)); return; } addBuf (buf, secbuf, str.toLatin1()); } /* * turns a 56 bit key into the 64 bit, odd parity key and sets the key. * The key schedule ks is also set. */ static void convertKey (unsigned char *key_56, void *ks) { unsigned char key[8]; key[0] = key_56[0]; key[1] = ( (key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); key[2] = ( (key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); key[3] = ( (key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); key[4] = ( (key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); key[5] = ( (key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); key[6] = ( (key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); key[7] = (key_56[6] << 1) & 0xFF; for (uint i = 0; i < 8; i++) { unsigned char b = key[i]; bool needsParity = ((((b >> 7) ^ (b >> 6) ^ (b >> 5) ^ (b >> 4) ^ (b >> 3) ^ (b >> 2) ^ (b >> 1)) & 0x01) == 0); if (needsParity) { key[i] |= 0x01; } else { key[i] &= 0xfe; } } ntlm_des_set_key ( (DES_KEY *) ks, (char *) &key, sizeof (key)); memset (&key, 0, sizeof (key)); } static QByteArray createBlob (const QByteArray &targetinfo) { QByteArray blob (sizeof (KNTLM::Blob) + 4 + targetinfo.size(), 0); KNTLM::Blob *bl = (KNTLM::Blob *) blob.data(); bl->signature = qToBigEndian ( (quint32) 0x01010000); quint64 now = QDateTime::currentDateTime().toTime_t(); now += (quint64) 3600 * (quint64) 24 * (quint64) 134774; now *= (quint64) 10000000; bl->timestamp = qToLittleEndian (now); for (uint i = 0; i < 8; i++) { bl->challenge[i] = KRandom::random() % 0xff; } memcpy (blob.data() + sizeof (KNTLM::Blob), targetinfo.data(), targetinfo.size()); return blob; } static QByteArray hmacMD5 (const QByteArray &data, const QByteArray &key) { quint8 ipad[64], opad[64]; QByteArray ret; memset (ipad, 0x36, sizeof (ipad)); memset (opad, 0x5c, sizeof (opad)); for (int i = key.size() - 1; i >= 0; i--) { ipad[i] ^= key[i]; opad[i] ^= key[i]; } QByteArray content (data.size() + 64, 0); memcpy (content.data(), ipad, 64); memcpy (content.data() + 64, data.data(), data.size()); QCryptographicHash md5 (QCryptographicHash::Md5); md5.addData (content); content.resize (64); memcpy (content.data(), opad, 64); content += md5.result(); md5.reset(); md5.addData (content); return md5.result(); } /*************************************** KNTLM implementation ***************************************/ bool KNTLM::getNegotiate (QByteArray &negotiate, const QString &domain, const QString &workstation, quint32 flags) { QByteArray rbuf (sizeof (Negotiate), 0); memcpy (rbuf.data(), NTLM_SIGNATURE, sizeof (NTLM_SIGNATURE)); ((Negotiate *) rbuf.data())->msgType = qToLittleEndian ( (quint32) 1); if (!domain.isEmpty()) { flags |= Negotiate_Domain_Supplied; addString (rbuf, ((Negotiate *) rbuf.data())->domain, domain); } if (!workstation.isEmpty()) { flags |= Negotiate_WS_Supplied; addString (rbuf, ((Negotiate *) rbuf.data())->workstation, workstation); } ((Negotiate *) rbuf.data())->flags = qToLittleEndian (flags); negotiate = rbuf; return true; } bool KNTLM::getAuth (QByteArray &auth, const QByteArray &challenge, const QString &user, const QString &password, const QString &domain, const QString &workstation, AuthFlags authflags) { QByteArray rbuf (sizeof (Auth), 0); Challenge *ch = (Challenge *) challenge.data(); QByteArray response; uint chsize = challenge.size(); bool unicode = false; QString dom; //challenge structure too small if (chsize < 32) { return false; } unicode = qFromLittleEndian (ch->flags) & Negotiate_Unicode; if (domain.isEmpty()) { dom = getString (challenge, ch->targetName, unicode); } else { dom = domain; } memcpy (rbuf.data(), NTLM_SIGNATURE, sizeof (NTLM_SIGNATURE)); ((Auth *) rbuf.data())->msgType = qToLittleEndian ( (quint32) 3); ((Auth *) rbuf.data())->flags = ch->flags; QByteArray targetInfo = getBuf (challenge, ch->targetInfo); if (!(authflags & Force_V1) && ((authflags & Force_V2) || (!targetInfo.isEmpty() && (qFromLittleEndian(ch->flags) & Negotiate_Target_Info))) /* may support NTLMv2 */) { bool ret = false; if (qFromLittleEndian (ch->flags) & Negotiate_NTLM) { if (targetInfo.isEmpty()) return false; response = getNTLMv2Response (dom, user, password, targetInfo, ch->challengeData); addBuf (rbuf, ((Auth *) rbuf.data())->ntResponse, response); ret = true; } if (authflags & Add_LM) { response = getLMv2Response (dom, user, password, ch->challengeData); addBuf (rbuf, ((Auth *) rbuf.data())->lmResponse, response); ret = true; } if (!ret) { return false; } } else { //if no targetinfo structure and NTLMv2 or LMv2 not forced, or v1 forced, try the older methods bool ret = false; if (qFromLittleEndian (ch->flags) & Negotiate_NTLM) { response = getNTLMResponse (password, ch->challengeData); addBuf (rbuf, ((Auth *) rbuf.data())->ntResponse, response); ret = true; } if (authflags & Add_LM) { response = getLMResponse (password, ch->challengeData); addBuf (rbuf, ((Auth *) rbuf.data())->lmResponse, response); ret = true; } if (!ret) { return false; } } if (!dom.isEmpty()) { addString (rbuf, ((Auth *) rbuf.data())->domain, dom, unicode); } addString (rbuf, ((Auth *) rbuf.data())->user, user, unicode); if (!workstation.isEmpty()) { addString (rbuf, ((Auth *) rbuf.data())->workstation, workstation, unicode); } auth = rbuf; return true; } QByteArray KNTLM::getLMResponse (const QString &password, const unsigned char *challenge) { QByteArray hash, answer; hash = lmHash (password); hash.resize (21); memset (hash.data() + 16, 0, 5); answer = lmResponse (hash, challenge); hash.fill (0); return answer; } QByteArray KNTLM::lmHash (const QString &password) { QByteArray keyBytes (14, 0); QByteArray hash (16, 0); DES_KEY ks; const char *magic = "KGS!@#$%"; strncpy (keyBytes.data(), password.toUpper().toLatin1(), 14); convertKey ( (unsigned char *) keyBytes.data(), &ks); ntlm_des_ecb_encrypt (magic, 8, &ks, (unsigned char *) hash.data()); convertKey ( (unsigned char *) keyBytes.data() + 7, &ks); ntlm_des_ecb_encrypt (magic, 8, &ks, (unsigned char *) hash.data() + 8); keyBytes.fill (0); memset (&ks, 0, sizeof (ks)); return hash; } QByteArray KNTLM::lmResponse (const QByteArray &hash, const unsigned char *challenge) { DES_KEY ks; QByteArray answer (24, 0); convertKey ( (unsigned char *) hash.data(), &ks); ntlm_des_ecb_encrypt (challenge, 8, &ks, (unsigned char *) answer.data()); convertKey ( (unsigned char *) hash.data() + 7, &ks); ntlm_des_ecb_encrypt (challenge, 8, &ks, (unsigned char *) answer.data() + 8); convertKey ( (unsigned char *) hash.data() + 14, &ks); ntlm_des_ecb_encrypt (challenge, 8, &ks, (unsigned char *) answer.data() + 16); memset (&ks, 0, sizeof (ks)); return answer; } QByteArray KNTLM::getNTLMResponse (const QString &password, const unsigned char *challenge) { QByteArray hash = ntlmHash (password); hash.resize (21); memset (hash.data() + 16, 0, 5); QByteArray answer = lmResponse (hash, challenge); hash.fill (0); return answer; } QByteArray KNTLM::ntlmHash (const QString &password) { QByteArray unicode; unicode = QString2UnicodeLE (password); return QCryptographicHash::hash (unicode, QCryptographicHash::Md4); } QByteArray KNTLM::getNTLMv2Response (const QString &target, const QString &user, const QString &password, const QByteArray &targetInformation, const unsigned char *challenge) { QByteArray hash = ntlmv2Hash (target, user, password); QByteArray blob = createBlob (targetInformation); return lmv2Response (hash, blob, challenge); } QByteArray KNTLM::getLMv2Response (const QString &target, const QString &user, const QString &password, const unsigned char *challenge) { QByteArray hash = ntlmv2Hash (target, user, password); QByteArray clientChallenge (8, 0); for (uint i = 0; i < 8; i++) { clientChallenge.data() [i] = KRandom::random() % 0xff; } return lmv2Response (hash, clientChallenge, challenge); } QByteArray KNTLM::ntlmv2Hash (const QString &target, const QString &user, const QString &password) { const QByteArray hash = ntlmHash (password); const QByteArray key = QString2UnicodeLE (user.toUpper() + target); return hmacMD5 (key, hash); } QByteArray KNTLM::lmv2Response (const QByteArray &hash, const QByteArray &clientData, const unsigned char *challenge) { QByteArray data (8 + clientData.size(), 0); memcpy (data.data(), challenge, 8); memcpy (data.data() + 8, clientData.data(), clientData.size()); QByteArray mac = hmacMD5 (data, hash); mac.resize (16 + clientData.size()); memcpy (mac.data() + 16, clientData.data(), clientData.size()); return mac; }