OpenVAS Scanner 23.40.3
ntlmssp.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 */
5
11
12#include "ntlmssp.h"
13
14#include <glib.h>
15
16#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
17
18void
19ntlmssp_genauth_ntlmv2 (char *user, char *domain, char *address_list,
20 int address_list_len, char *challenge_data,
21 uint8_t *lm_response, uint8_t *nt_response,
22 uint8_t *session_key, unsigned char *ntlmv2_hash)
23{
24 SMBNTLMv2encrypt_hash_ntlmssp (user, domain, ntlmv2_hash, challenge_data,
25 address_list, address_list_len, lm_response,
26 nt_response, session_key);
27}
28
29void
30ntlmssp_genauth_ntlm2 (char *password, uint8_t pass_len, uint8_t *lm_response,
31 uint8_t *nt_response, uint8_t *session_key,
32 char *challenge_data, unsigned char *nt_hash)
33{
34 unsigned char lm_hash[16];
35
36 E_deshash_ntlmssp (password, pass_len, lm_hash);
37
38 struct MD5Context md5_session_nonce_ctx;
39 uchar session_nonce_hash[16];
40 uchar session_nonce[16];
41 uchar user_session_key[16];
42
43 generate_random_buffer_ntlmssp (lm_response, 8);
44 memset (lm_response + 8, 0, 16);
45
46 memcpy (session_nonce, challenge_data, 8);
47 memcpy (&session_nonce[8], lm_response, 8);
48
49 MD5Init (&md5_session_nonce_ctx);
50 MD5Update (&md5_session_nonce_ctx, (unsigned char const *) challenge_data, 8);
51 MD5Update (&md5_session_nonce_ctx, (unsigned char const *) lm_response, 8);
52 MD5Final (session_nonce_hash, &md5_session_nonce_ctx);
53
54 SMBNTencrypt_hash_ntlmssp (nt_hash, session_nonce_hash, nt_response);
55 SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, user_session_key);
56 hmac_md5 (user_session_key, session_nonce, sizeof (session_nonce),
57 session_key);
58}
59
60void
61ntlmssp_genauth_ntlm (char *password, uint8_t pass_len, uint8_t *lm_response,
62 uint8_t *nt_response, uint8_t *session_key,
63 char *challenge_data, unsigned char *nt_hash,
64 int neg_flags)
65{
66 unsigned char lm_hash[16];
67
68 E_deshash_ntlmssp (password, pass_len, lm_hash);
69
70 SMBencrypt_hash_ntlmssp (lm_hash, (const uchar *) challenge_data,
71 lm_response);
72 SMBNTencrypt_hash_ntlmssp (nt_hash, (uchar *) challenge_data, nt_response);
73
74 if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
75 {
76 SMBsesskeygen_lm_sess_key_ntlmssp (lm_hash, lm_response, session_key);
77 }
78 else
79 {
80 SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, session_key);
81 }
82}
83
84uint8_t *
85ntlmssp_genauth_keyexchg (uint8_t *session_key, char *challenge_data,
86 unsigned char *nt_hash, uint8_t *new_sess_key)
87{
88 /* Make up a new session key */
89 uint8 client_session_key[16];
90
91 (void) challenge_data;
92 (void) nt_hash;
93 generate_random_buffer_ntlmssp (client_session_key,
94 sizeof (client_session_key));
95 /* Encrypt the new session key with the old one */
96
97 size_t length = sizeof (client_session_key);
98 uint8_t *encrypted_session_key = g_malloc0 (length);
99
100 memcpy (encrypted_session_key, client_session_key, length);
101 SamOEMhash (encrypted_session_key, session_key, length);
102 memcpy (new_sess_key, client_session_key, 16);
103 return encrypted_session_key;
104}
uint8
#define uint8
Definition charcnv.c:45
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition genrand.c:170
hmac_md5
void hmac_md5(uchar key[16], uchar *data, int data_len, uchar *digest)
Function to calculate an HMAC MD5 digest from data. Use the microsoft hmacmd5 init method because the...
Definition hmacmd5.c:82
uchar
#define uchar
Definition hmacmd5.h:22
MD5Init
void MD5Init(struct MD5Context *ctx)
Definition md5.c:55
MD5Final
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
Definition md5.c:123
MD5Update
void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
Definition md5.c:71
length
u_short length
Definition nasl_packet_forgery.c:4
ntlmssp_genauth_ntlm
void ntlmssp_genauth_ntlm(char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, int neg_flags)
Definition ntlmssp.c:61
ntlmssp_genauth_ntlm2
void ntlmssp_genauth_ntlm2(char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash)
Definition ntlmssp.c:30
ntlmssp_genauth_ntlmv2
void ntlmssp_genauth_ntlmv2(char *user, char *domain, char *address_list, int address_list_len, char *challenge_data, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, unsigned char *ntlmv2_hash)
Definition ntlmssp.c:19
NTLMSSP_NEGOTIATE_LM_KEY
#define NTLMSSP_NEGOTIATE_LM_KEY
Definition ntlmssp.c:16
ntlmssp_genauth_keyexchg
uint8_t * ntlmssp_genauth_keyexchg(uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, uint8_t *new_sess_key)
Definition ntlmssp.c:85
ntlmssp.h
Functions to support Authentication(type3 message) for NTLMSSP (NTLMv2, NTLM2, NTLM,...
SMBencrypt_hash_ntlmssp
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
Definition smb_crypt.c:394
SMBNTencrypt_hash_ntlmssp
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)
Definition smb_crypt.c:406
SamOEMhash
void SamOEMhash(uchar *data, const uchar *key, int val)
Definition smb_crypt.c:318
SMBsesskeygen_ntv1_ntlmssp
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition smb_crypt.c:373
SMBsesskeygen_lm_sess_key_ntlmssp
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
Definition smb_crypt.c:416
SMBNTLMv2encrypt_hash_ntlmssp
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
Definition smb_crypt.c:557
E_deshash_ntlmssp
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
Definition smb_crypt.c:437