OpenVAS Scanner 23.40.3
smb_crypt.h File Reference

Unix SMB/Netbios implementation. Version 1.9. More...

#include "byteorder.h"
#include "charset.h"
#include "hmacmd5.h"
#include "md4.h"
#include "md5.h"
Include dependency graph for smb_crypt.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define uint8   uint8_t
#define False   0
#define True   1

Functions

void E_P24 (const uchar *p21, const uchar *c8, uchar *p24)
void E_P16 (uchar *p14, uchar *p16)
int strupper_w (smb_ucs2_t *s)
void SMBsesskeygen_lm_sess_key_ntlmssp (const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
void SMBsesskeygen_ntv1_ntlmssp (const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
void SMBOWFencrypt_ntlmssp (const uchar passwd[16], const uchar *c8, uchar p24[24])
void SMBencrypt_hash_ntlmssp (const uchar lm_hash[16], const uchar *c8, uchar p24[24])
void SMBNTencrypt_hash_ntlmssp (const uchar nt_hash[16], uchar *c8, uchar *p24)
bool E_deshash_ntlmssp (const char *passwd, uint8_t pass_len, uchar p16[16])
void SamOEMhash (uchar *data, const uchar *key, int val)
void SMBOWFencrypt_ntv2_ntlmssp (const uchar *kr, const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])
void SMBsesskeygen_ntv2_ntlmssp (const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
uint8_t * NTLMv2_generate_client_data_ntlmssp (const char *addr_list, int address_list_len)
void NTLMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
void LMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
void SMBNTLMv2encrypt_hash_ntlmssp (const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, unsigned char *lm_response, unsigned char *nt_response, unsigned char *user_session_key)

Detailed Description

Unix SMB/Netbios implementation. Version 1.9.

a partial implementation of DES designed for use in the SMB authentication protocol

Definition in file smb_crypt.h.

Macro Definition Documentation

◆ False

#define False   0

Definition at line 32 of file smb_crypt.h.

◆ True

#define True   1

Definition at line 33 of file smb_crypt.h.

◆ uint8

#define uint8   uint8_t

Definition at line 28 of file smb_crypt.h.

Function Documentation

◆ E_deshash_ntlmssp()

bool E_deshash_ntlmssp ( const char * passwd,
uint8_t pass_len,
uchar p16[16] )

Creates the DES forward-only Hash of the users password in DOS ASCII charset

Parameters
passwdpassword in 'unix' charset.
p16return password hashed with DES, caller allocated 16 byte buffer
Returns
False if password was > 14 characters, and therefore may be incorrect, otherwise True
Note
p16 is filled in regardless

Definition at line 437 of file smb_crypt.c.

438{
439 bool ret = True;
440 fstring dospwd;
441 ZERO_STRUCT (dospwd);
442 char *dpass;
443
444 /* Password must be converted to DOS charset - null terminated, uppercase. */
445 dpass = g_utf8_strup (passwd, pass_len);
446 memcpy (dospwd, dpass, pass_len);
447 g_free (dpass);
448
449 /* Only the first 14 chars are considered, password need not be null
450 * terminated. */
451 E_P16 ((unsigned char *) dospwd, p16);
452
453 if (strlen (dospwd) > 14)
454 {
455 ret = False;
456 }
457
458 ZERO_STRUCT (dospwd);
459
460 return ret;
461}
False
#define False
Definition charcnv.c:63
True
#define True
Definition charcnv.c:64
ZERO_STRUCT
#define ZERO_STRUCT(x)
Definition genrand.c:56
E_P16
void E_P16(uchar *p14, uchar *p16)
Definition smb_crypt.c:302
fstring
char fstring[FSTRING_LEN]
Definition smb_crypt.c:55

References E_P16(), False, True, uchar, and ZERO_STRUCT.

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ E_P16()

void E_P16 ( uchar * p14,
uchar * p16 )

Definition at line 302 of file smb_crypt.c.

303{
304 uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
305 smbhash (p16, sp8, p14, 1);
306 smbhash (p16 + 8, sp8, p14 + 7, 1);
307}
uchar
#define uchar
Definition hmacmd5.h:22
smbhash
static void smbhash(uchar *out, const uchar *in, const uchar *key, int forw)
Definition smb_crypt.c:270

References smbhash(), and uchar.

Referenced by E_deshash_ntlmssp(), and nasl_lm_owf_gen().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ E_P24()

void E_P24 ( const uchar * p21,
const uchar * c8,
uchar * p24 )

Definition at line 310 of file smb_crypt.c.

311{
312 smbhash (p24, c8, p21, 1);
313 smbhash (p24 + 8, c8, p21 + 7, 1);
314 smbhash (p24 + 16, c8, p21 + 14, 1);
315}

References smbhash(), and uchar.

Referenced by nasl_ntlmv1_hash(), and SMBOWFencrypt_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ LMv2_generate_response_ntlmssp()

void LMv2_generate_response_ntlmssp ( const uchar ntlm_v2_hash[16],
const char * server_chal,
uint8_t * lm_response )

Definition at line 534 of file smb_crypt.c.

536{
537 uchar lmv2_response[16];
538 uint8_t lmv2_client_data[8];
539
540 /* LMv2 */
541 /* client-supplied random data */
542 generate_random_buffer_ntlmssp (lmv2_client_data, sizeof (lmv2_client_data));
543
544 /* Given that data, and the challenge from the server, generate a response */
545 SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
546 lmv2_client_data, sizeof (lmv2_client_data),
547 lmv2_response);
548 memcpy (lm_response, lmv2_response, sizeof (lmv2_response));
549
550 /* after the first 16 bytes is the random data we generated above,
551 so the server can verify us with it */
552 memcpy (lm_response + sizeof (lmv2_response), lmv2_client_data,
553 sizeof (lmv2_client_data));
554}
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition genrand.c:170
SMBOWFencrypt_ntv2_ntlmssp
void SMBOWFencrypt_ntv2_ntlmssp(const uchar *kr, const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])

References generate_random_buffer_ntlmssp(), SMBOWFencrypt_ntv2_ntlmssp(), and uchar.

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ NTLMv2_generate_client_data_ntlmssp()

uint8_t * NTLMv2_generate_client_data_ntlmssp ( const char * addr_list,
int address_list_len )

Definition at line 476 of file smb_crypt.c.

478{
479 int i = 0;
480 /*length of response
481 *header-4, reserved-4, date-8, client chal-8, unknown-4, addr_list-size sent
482 *in arguments
483 */
484 uchar client_chal[8];
485 uint8_t *response = g_malloc0 (28 + address_list_len);
486 char long_date[8];
487 int header = 0x00000101;
488 int zeros = 0x00000000;
489
490 generate_random_buffer_ntlmssp (client_chal, sizeof (client_chal));
491
492 put_long_date_ntlmssp (long_date, time (NULL));
493 SIVAL (response, 0, header);
494 SIVAL (response, 4, zeros);
495 memcpy (response + 4 + 4, long_date, 8);
496 memcpy (response + 4 + 4 + sizeof (long_date), client_chal, 8);
497 SIVAL (response, 24, zeros);
498 for (i = 0; i < address_list_len; i++)
499 {
500 *(response + 28 + i) = *(addr_list + i);
501 }
502
503 return response;
504}
SIVAL
#define SIVAL(buf, pos, val)
Definition byteorder.h:117
put_long_date_ntlmssp
void put_long_date_ntlmssp(char *p, time_t t)
Definition time.c:111

References generate_random_buffer_ntlmssp(), put_long_date_ntlmssp(), SIVAL, and uchar.

Referenced by NTLMv2_generate_response_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ NTLMv2_generate_response_ntlmssp()

void NTLMv2_generate_response_ntlmssp ( const uchar ntlm_v2_hash[16],
const char * server_chal,
const char * address_list,
int address_list_len,
uint8_t * nt_response )

Definition at line 507 of file smb_crypt.c.

511{
512 uchar ntlmv2_response[16];
513 uint8_t *ntlmv2_client_data;
514
515 /* NTLMv2 */
516 /* generate some data to pass into the response function - including
517 the hostname and domain name of the server */
518 ntlmv2_client_data =
519 NTLMv2_generate_client_data_ntlmssp (address_list, address_list_len);
520
521 /* Given that data, and the challenge from the server, generate a response */
522 int client_data_len = 28 + address_list_len;
523 SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
524 ntlmv2_client_data, client_data_len,
525 ntlmv2_response);
526 memcpy (nt_response, ntlmv2_response, sizeof (ntlmv2_response));
527 memcpy (nt_response + sizeof (ntlmv2_response), ntlmv2_client_data,
528 client_data_len);
529
530 g_free (ntlmv2_client_data);
531}
NTLMv2_generate_client_data_ntlmssp
uint8_t * NTLMv2_generate_client_data_ntlmssp(const char *addr_list, int address_list_len)
Definition smb_crypt.c:476

References NTLMv2_generate_client_data_ntlmssp(), SMBOWFencrypt_ntv2_ntlmssp(), and uchar.

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SamOEMhash()

void SamOEMhash ( uchar * data,
const uchar * key,
int val )

Definition at line 318 of file smb_crypt.c.

319{
320 uchar hash[256];
321 uchar index_i = 0;
322 uchar index_j = 0;
323 uchar j = 0;
324 int ind;
325 int len = 0;
326 if (val == 1)
327 len = 516;
328 if (val == 0)
329 len = 16;
330 if (val == 3)
331 len = 8;
332 if (val == 2)
333 len = 68;
334 if (val == 4)
335 len = 32;
336
337 if (val >= 8)
338 len = val;
339
340 for (ind = 0; ind < 256; ind++)
341 {
342 hash[ind] = (uchar) ind;
343 }
344
345 for (ind = 0; ind < 256; ind++)
346 {
347 uchar tc;
348
349 j += (hash[ind] + key[ind % 16]);
350
351 tc = hash[ind];
352 hash[ind] = hash[j];
353 hash[j] = tc;
354 }
355 for (ind = 0; ind < len; ind++)
356 {
357 uchar tc;
358 uchar t;
359
360 index_i++;
361 index_j += hash[index_i];
362
363 tc = hash[index_i];
364 hash[index_i] = hash[index_j];
365 hash[index_j] = tc;
366
367 t = hash[index_i] + hash[index_j];
368 data[ind] = data[ind] ^ hash[t];
369 }
370}
val
const char * val
Definition nasl_init.c:441
len
uint8_t len
Definition nasl_packet_forgery.c:1

References len, uchar, and val.

Referenced by ntlmssp_genauth_keyexchg().

Here is the caller graph for this function:

◆ SMBencrypt_hash_ntlmssp()

void SMBencrypt_hash_ntlmssp ( const uchar lm_hash[16],
const uchar * c8,
uchar p24[24] )

Definition at line 394 of file smb_crypt.c.

396{
397 uchar p21[21];
398
399 memset (p21, '\0', 21);
400 memcpy (p21, lm_hash, 16);
401 SMBOWFencrypt_ntlmssp (p21, c8, p24);
402}
SMBOWFencrypt_ntlmssp
void SMBOWFencrypt_ntlmssp(const uchar passwd[16], const uchar *c8, uchar p24[24])
Definition smb_crypt.c:384

References SMBOWFencrypt_ntlmssp(), and uchar.

Referenced by ntlmssp_genauth_ntlm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBNTencrypt_hash_ntlmssp()

void SMBNTencrypt_hash_ntlmssp ( const uchar nt_hash[16],
uchar * c8,
uchar * p24 )

Definition at line 406 of file smb_crypt.c.

407{
408 uchar p21[21];
409
410 memset (p21, '\0', 21);
411 memcpy (p21, nt_hash, 16);
412 SMBOWFencrypt_ntlmssp (p21, c8, p24);
413}

References SMBOWFencrypt_ntlmssp(), and uchar.

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBNTLMv2encrypt_hash_ntlmssp()

void SMBNTLMv2encrypt_hash_ntlmssp ( const char * user,
const char * domain,
uchar ntlm_v2_hash[16],
const char * server_chal,
const char * address_list,
int address_list_len,
unsigned char * lm_response,
unsigned char * nt_response,
unsigned char * user_session_key )

References uchar.

◆ SMBOWFencrypt_ntlmssp()

void SMBOWFencrypt_ntlmssp ( const uchar passwd[16],
const uchar * c8,
uchar p24[24] )

Definition at line 384 of file smb_crypt.c.

385{
386 uchar p21[21];
387
388 ZERO_STRUCT (p21);
389 memcpy (p21, passwd, 16);
390 E_P24 (p21, c8, p24);
391}
E_P24
void E_P24(const uchar *p21, const uchar *c8, uchar *p24)
Definition smb_crypt.c:310

References E_P24(), uchar, and ZERO_STRUCT.

Referenced by SMBencrypt_hash_ntlmssp(), SMBNTencrypt_hash_ntlmssp(), and SMBsesskeygen_lm_sess_key_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBOWFencrypt_ntv2_ntlmssp()

void SMBOWFencrypt_ntv2_ntlmssp ( const uchar * kr,
const uint8_t * srv_chal,
int srv_chal_len,
const uint8_t * cli_chal,
int cli_chal_len,
uchar resp_buf[16] )

References uchar, and uint8.

Referenced by LMv2_generate_response_ntlmssp(), nasl_ntlmv2_hash(), and NTLMv2_generate_response_ntlmssp().

Here is the caller graph for this function:

◆ SMBsesskeygen_lm_sess_key_ntlmssp()

void SMBsesskeygen_lm_sess_key_ntlmssp ( const uchar lm_hash[16],
const uchar lm_resp[24],
uint8 sess_key[16] )

Definition at line 416 of file smb_crypt.c.

418{
419 uchar p24[24];
420 uchar partial_lm_hash[16];
421
422 memcpy (partial_lm_hash, lm_hash, 8);
423 memset (partial_lm_hash + 8, 0xbd, 8);
424 SMBOWFencrypt_ntlmssp (partial_lm_hash, lm_resp, p24);
425 memcpy (sess_key, p24, 16);
426}

References SMBOWFencrypt_ntlmssp(), uchar, and uint8.

Referenced by ntlmssp_genauth_ntlm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBsesskeygen_ntv1_ntlmssp()

void SMBsesskeygen_ntv1_ntlmssp ( const uchar kr[16],
const uchar * nt_resp,
uint8 sess_key[16] )

Definition at line 373 of file smb_crypt.c.

375{
376 /* yes, this session key does not change - yes, this
377 is a problem - but it is 128 bits */
378 (void) nt_resp;
379 mdfour_ntlmssp ((unsigned char *) sess_key, kr, 16);
380}
mdfour_ntlmssp
void mdfour_ntlmssp(unsigned char *out, const unsigned char *in, int n)
Definition md4.c:165

References mdfour_ntlmssp(), uchar, and uint8.

Referenced by ntlmssp_genauth_ntlm(), and ntlmssp_genauth_ntlm2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SMBsesskeygen_ntv2_ntlmssp()

void SMBsesskeygen_ntv2_ntlmssp ( const uchar kr[16],
const uchar * nt_resp,
uint8 sess_key[16] )

Definition at line 463 of file smb_crypt.c.

465{
466 /* a very nice, 128 bit, variable session key */
467
468 HMACMD5Context ctx;
469
470 hmac_md5_init_limK_to_64 (kr, 16, &ctx);
471 hmac_md5_update (nt_resp, 16, &ctx);
472 hmac_md5_final ((unsigned char *) sess_key, &ctx);
473}
hmac_md5_final
void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
Finish off hmac_md5 "inner" buffer and generate outer one.
Definition hmacmd5.c:64
hmac_md5_update
void hmac_md5_update(const uchar *text, int text_len, HMACMD5Context *ctx)
Update hmac_md5 "inner" buffer.
Definition hmacmd5.c:55
hmac_md5_init_limK_to_64
void hmac_md5_init_limK_to_64(const uchar *key, int key_len, HMACMD5Context *ctx)
The microsoft version of hmac_md5 initialisation.
Definition hmacmd5.c:24

References hmac_md5_final(), hmac_md5_init_limK_to_64(), hmac_md5_update(), uchar, and uint8.

Referenced by SMBNTLMv2encrypt_hash_ntlmssp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ strupper_w()

int strupper_w ( smb_ucs2_t * s)

Definition at line 35 of file smb_crypt2.c.

36{
37 int ret = 0;
38 while (*s)
39 {
40 smb_ucs2_t v = toupper_w (*s);
41 if (v != *s)
42 {
43 *s = v;
44 ret = 1;
45 }
46 s++;
47 }
48 return ret;
49}
smb_ucs2_t
uint16 smb_ucs2_t
Definition hmacmd5.h:52
toupper_w
static smb_ucs2_t toupper_w(smb_ucs2_t val)
Definition smb_crypt2.c:25

References toupper_w().

Referenced by nasl_ntv2_owf_gen().

Here is the call graph for this function:
Here is the caller graph for this function: