1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 #include "curl_setup.h"
24 
25 #if defined(USE_CURL_NTLM_CORE)
26 
27 /*
28  * NTLM details:
29  *
30  * https://davenport.sourceforge.io/ntlm.html
31  * https://www.innovation.ch/java/ntlm.html
32  */
33 
34 /* Please keep the SSL backend-specific #if branches in this order:
35 
36    1. USE_OPENSSL
37    2. USE_GNUTLS_NETTLE
38    3. USE_GNUTLS
39    4. USE_NSS
40    5. USE_MBEDTLS
41    6. USE_SECTRANSP
42    7. USE_OS400CRYPTO
43    8. USE_WIN32_CRYPTO
44 
45    This ensures that:
46    - the same SSL branch gets activated throughout this source
47      file even if multiple backends are enabled at the same time.
48    - OpenSSL and NSS have higher priority than Windows Crypt, due
49      to issues with the latter supporting NTLM2Session responses
50      in NTLM type-3 messages.
51  */
52 
53 #if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
54 
55 #ifdef USE_WOLFSSL
56 #include <wolfssl/options.h>
57 #endif
58 
59 #  include <openssl/des.h>
60 #  include <openssl/md5.h>
61 #  include <openssl/ssl.h>
62 #  include <openssl/rand.h>
63 #  if (defined(OPENSSL_VERSION_NUMBER) && \
64        (OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL)
65 #    define DES_key_schedule des_key_schedule
66 #    define DES_cblock des_cblock
67 #    define DES_set_odd_parity des_set_odd_parity
68 #    define DES_set_key des_set_key
69 #    define DES_ecb_encrypt des_ecb_encrypt
70 #    define DESKEY(x) x
71 #    define DESKEYARG(x) x
72 #  else
73 #    define DESKEYARG(x) *x
74 #    define DESKEY(x) &x
75 #  endif
76 
77 #elif defined(USE_GNUTLS_NETTLE)
78 
79 #  include <nettle/des.h>
80 
81 #elif defined(USE_GNUTLS)
82 
83 #  include <gcrypt.h>
84 
85 #elif defined(USE_NSS)
86 
87 #  include <nss.h>
88 #  include <pk11pub.h>
89 #  include <hasht.h>
90 
91 #elif defined(USE_MBEDTLS)
92 
93 #  include <mbedtls/des.h>
94 #  include "curl_md4.h"
95 
96 #elif defined(USE_SECTRANSP)
97 
98 #  include <CommonCrypto/CommonCryptor.h>
99 #  include <CommonCrypto/CommonDigest.h>
100 
101 #elif defined(USE_OS400CRYPTO)
102 #  include "cipher.mih"  /* mih/cipher */
103 #elif defined(USE_WIN32_CRYPTO)
104 #  include <wincrypt.h>
105 #else
106 #  error "Can't compile NTLM support without a crypto library."
107 #endif
108 
109 #include "urldata.h"
110 #include "non-ascii.h"
111 #include "strcase.h"
112 #include "curl_ntlm_core.h"
113 #include "curl_md5.h"
114 #include "curl_hmac.h"
115 #include "warnless.h"
116 #include "curl_endian.h"
117 #include "curl_des.h"
118 #include "curl_md4.h"
119 /* The last 3 #include files should be in this order */
120 #include "curl_printf.h"
121 #include "curl_memory.h"
122 #include "memdebug.h"
123 
124 #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
125 #define NTLMv2_BLOB_LEN       (44 -16 + ntlm->target_info_len + 4)
126 
127 /*
128 * Turns a 56-bit key into being 64-bit wide.
129 */
extend_key_56_to_64(const unsigned char * key_56,char * key)130 static void extend_key_56_to_64(const unsigned char *key_56, char *key)
131 {
132   key[0] = key_56[0];
133   key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
134   key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
135   key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
136   key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
137   key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
138   key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
139   key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
140 }
141 
142 #if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
143 /*
144  * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
145  * key schedule ks is also set.
146  */
setup_des_key(const unsigned char * key_56,DES_key_schedule DESKEYARG (ks))147 static void setup_des_key(const unsigned char *key_56,
148                           DES_key_schedule DESKEYARG(ks))
149 {
150   DES_cblock key;
151 
152   /* Expand the 56-bit key to 64-bits */
153   extend_key_56_to_64(key_56, (char *) &key);
154 
155   /* Set the key parity to odd */
156   DES_set_odd_parity(&key);
157 
158   /* Set the key */
159   DES_set_key(&key, ks);
160 }
161 
162 #elif defined(USE_GNUTLS_NETTLE)
163 
setup_des_key(const unsigned char * key_56,struct des_ctx * des)164 static void setup_des_key(const unsigned char *key_56,
165                           struct des_ctx *des)
166 {
167   char key[8];
168 
169   /* Expand the 56-bit key to 64-bits */
170   extend_key_56_to_64(key_56, key);
171 
172   /* Set the key parity to odd */
173   Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
174 
175   /* Set the key */
176   des_set_key(des, (const uint8_t *) key);
177 }
178 
179 #elif defined(USE_GNUTLS)
180 
181 /*
182  * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
183  */
setup_des_key(const unsigned char * key_56,gcry_cipher_hd_t * des)184 static void setup_des_key(const unsigned char *key_56,
185                           gcry_cipher_hd_t *des)
186 {
187   char key[8];
188 
189   /* Expand the 56-bit key to 64-bits */
190   extend_key_56_to_64(key_56, key);
191 
192   /* Set the key parity to odd */
193   Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
194 
195   /* Set the key */
196   gcry_cipher_setkey(*des, key, sizeof(key));
197 }
198 
199 #elif defined(USE_NSS)
200 
201 /*
202  * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using
203  * the expanded key.  The caller is responsible for giving 64 bit of valid
204  * data is IN and (at least) 64 bit large buffer as OUT.
205  */
encrypt_des(const unsigned char * in,unsigned char * out,const unsigned char * key_56)206 static bool encrypt_des(const unsigned char *in, unsigned char *out,
207                         const unsigned char *key_56)
208 {
209   const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */
210   char key[8];                                /* expanded 64 bit key */
211   SECItem key_item;
212   PK11SymKey *symkey = NULL;
213   SECItem *param = NULL;
214   PK11Context *ctx = NULL;
215   int out_len;                                /* not used, required by NSS */
216   bool rv = FALSE;
217 
218   /* use internal slot for DES encryption (requires NSS to be initialized) */
219   PK11SlotInfo *slot = PK11_GetInternalKeySlot();
220   if(!slot)
221     return FALSE;
222 
223   /* Expand the 56-bit key to 64-bits */
224   extend_key_56_to_64(key_56, key);
225 
226   /* Set the key parity to odd */
227   Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
228 
229   /* Import the key */
230   key_item.data = (unsigned char *)key;
231   key_item.len = sizeof(key);
232   symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
233                              &key_item, NULL);
234   if(!symkey)
235     goto fail;
236 
237   /* Create the DES encryption context */
238   param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
239   if(!param)
240     goto fail;
241   ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
242   if(!ctx)
243     goto fail;
244 
245   /* Perform the encryption */
246   if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
247                                  (unsigned char *)in, /* inbuflen */ 8)
248       && SECSuccess == PK11_Finalize(ctx))
249     rv = /* all OK */ TRUE;
250 
251 fail:
252   /* cleanup */
253   if(ctx)
254     PK11_DestroyContext(ctx, PR_TRUE);
255   if(symkey)
256     PK11_FreeSymKey(symkey);
257   if(param)
258     SECITEM_FreeItem(param, PR_TRUE);
259   PK11_FreeSlot(slot);
260   return rv;
261 }
262 
263 #elif defined(USE_MBEDTLS)
264 
encrypt_des(const unsigned char * in,unsigned char * out,const unsigned char * key_56)265 static bool encrypt_des(const unsigned char *in, unsigned char *out,
266                         const unsigned char *key_56)
267 {
268   mbedtls_des_context ctx;
269   char key[8];
270 
271   /* Expand the 56-bit key to 64-bits */
272   extend_key_56_to_64(key_56, key);
273 
274   /* Set the key parity to odd */
275   mbedtls_des_key_set_parity((unsigned char *) key);
276 
277   /* Perform the encryption */
278   mbedtls_des_init(&ctx);
279   mbedtls_des_setkey_enc(&ctx, (unsigned char *) key);
280   return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
281 }
282 
283 #elif defined(USE_SECTRANSP)
284 
encrypt_des(const unsigned char * in,unsigned char * out,const unsigned char * key_56)285 static bool encrypt_des(const unsigned char *in, unsigned char *out,
286                         const unsigned char *key_56)
287 {
288   char key[8];
289   size_t out_len;
290   CCCryptorStatus err;
291 
292   /* Expand the 56-bit key to 64-bits */
293   extend_key_56_to_64(key_56, key);
294 
295   /* Set the key parity to odd */
296   Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
297 
298   /* Perform the encryption */
299   err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
300                 kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
301                 8 /* outbuflen */, &out_len);
302 
303   return err == kCCSuccess;
304 }
305 
306 #elif defined(USE_OS400CRYPTO)
307 
encrypt_des(const unsigned char * in,unsigned char * out,const unsigned char * key_56)308 static bool encrypt_des(const unsigned char *in, unsigned char *out,
309                         const unsigned char *key_56)
310 {
311   char key[8];
312   _CIPHER_Control_T ctl;
313 
314   /* Setup the cipher control structure */
315   ctl.Func_ID = ENCRYPT_ONLY;
316   ctl.Data_Len = sizeof(key);
317 
318   /* Expand the 56-bit key to 64-bits */
319   extend_key_56_to_64(key_56, ctl.Crypto_Key);
320 
321   /* Set the key parity to odd */
322   Curl_des_set_odd_parity((unsigned char *) ctl.Crypto_Key, ctl.Data_Len);
323 
324   /* Perform the encryption */
325   _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in);
326 
327   return TRUE;
328 }
329 
330 #elif defined(USE_WIN32_CRYPTO)
331 
encrypt_des(const unsigned char * in,unsigned char * out,const unsigned char * key_56)332 static bool encrypt_des(const unsigned char *in, unsigned char *out,
333                         const unsigned char *key_56)
334 {
335   HCRYPTPROV hprov;
336   HCRYPTKEY hkey;
337   struct {
338     BLOBHEADER hdr;
339     unsigned int len;
340     char key[8];
341   } blob;
342   DWORD len = 8;
343 
344   /* Acquire the crypto provider */
345   if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
346                           CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
347     return FALSE;
348 
349   /* Setup the key blob structure */
350   memset(&blob, 0, sizeof(blob));
351   blob.hdr.bType = PLAINTEXTKEYBLOB;
352   blob.hdr.bVersion = 2;
353   blob.hdr.aiKeyAlg = CALG_DES;
354   blob.len = sizeof(blob.key);
355 
356   /* Expand the 56-bit key to 64-bits */
357   extend_key_56_to_64(key_56, blob.key);
358 
359   /* Set the key parity to odd */
360   Curl_des_set_odd_parity((unsigned char *) blob.key, sizeof(blob.key));
361 
362   /* Import the key */
363   if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) {
364     CryptReleaseContext(hprov, 0);
365 
366     return FALSE;
367   }
368 
369   memcpy(out, in, 8);
370 
371   /* Perform the encryption */
372   CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len);
373 
374   CryptDestroyKey(hkey);
375   CryptReleaseContext(hprov, 0);
376 
377   return TRUE;
378 }
379 
380 #endif /* defined(USE_WIN32_CRYPTO) */
381 
382  /*
383   * takes a 21 byte array and treats it as 3 56-bit DES keys. The
384   * 8 byte plaintext is encrypted with each key and the resulting 24
385   * bytes are stored in the results array.
386   */
Curl_ntlm_core_lm_resp(const unsigned char * keys,const unsigned char * plaintext,unsigned char * results)387 void Curl_ntlm_core_lm_resp(const unsigned char *keys,
388                             const unsigned char *plaintext,
389                             unsigned char *results)
390 {
391 #if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
392   DES_key_schedule ks;
393 
394   setup_des_key(keys, DESKEY(ks));
395   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
396                   DESKEY(ks), DES_ENCRYPT);
397 
398   setup_des_key(keys + 7, DESKEY(ks));
399   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8),
400                   DESKEY(ks), DES_ENCRYPT);
401 
402   setup_des_key(keys + 14, DESKEY(ks));
403   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
404                   DESKEY(ks), DES_ENCRYPT);
405 #elif defined(USE_GNUTLS_NETTLE)
406   struct des_ctx des;
407   setup_des_key(keys, &des);
408   des_encrypt(&des, 8, results, plaintext);
409   setup_des_key(keys + 7, &des);
410   des_encrypt(&des, 8, results + 8, plaintext);
411   setup_des_key(keys + 14, &des);
412   des_encrypt(&des, 8, results + 16, plaintext);
413 #elif defined(USE_GNUTLS)
414   gcry_cipher_hd_t des;
415 
416   gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
417   setup_des_key(keys, &des);
418   gcry_cipher_encrypt(des, results, 8, plaintext, 8);
419   gcry_cipher_close(des);
420 
421   gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
422   setup_des_key(keys + 7, &des);
423   gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
424   gcry_cipher_close(des);
425 
426   gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
427   setup_des_key(keys + 14, &des);
428   gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
429   gcry_cipher_close(des);
430 #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
431   || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
432   encrypt_des(plaintext, results, keys);
433   encrypt_des(plaintext, results + 8, keys + 7);
434   encrypt_des(plaintext, results + 16, keys + 14);
435 #endif
436 }
437 
438 /*
439  * Set up lanmanager hashed password
440  */
Curl_ntlm_core_mk_lm_hash(struct Curl_easy * data,const char * password,unsigned char * lmbuffer)441 CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
442                                    const char *password,
443                                    unsigned char *lmbuffer /* 21 bytes */)
444 {
445   CURLcode result;
446   unsigned char pw[14];
447   static const unsigned char magic[] = {
448     0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
449   };
450   size_t len = CURLMIN(strlen(password), 14);
451 
452   Curl_strntoupper((char *)pw, password, len);
453   memset(&pw[len], 0, 14 - len);
454 
455   /*
456    * The LanManager hashed password needs to be created using the
457    * password in the network encoding not the host encoding.
458    */
459   result = Curl_convert_to_network(data, (char *)pw, 14);
460   if(result)
461     return result;
462 
463   {
464     /* Create LanManager hashed password. */
465 
466 #if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
467     DES_key_schedule ks;
468 
469     setup_des_key(pw, DESKEY(ks));
470     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
471                     DESKEY(ks), DES_ENCRYPT);
472 
473     setup_des_key(pw + 7, DESKEY(ks));
474     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
475                     DESKEY(ks), DES_ENCRYPT);
476 #elif defined(USE_GNUTLS_NETTLE)
477     struct des_ctx des;
478     setup_des_key(pw, &des);
479     des_encrypt(&des, 8, lmbuffer, magic);
480     setup_des_key(pw + 7, &des);
481     des_encrypt(&des, 8, lmbuffer + 8, magic);
482 #elif defined(USE_GNUTLS)
483     gcry_cipher_hd_t des;
484 
485     gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
486     setup_des_key(pw, &des);
487     gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
488     gcry_cipher_close(des);
489 
490     gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
491     setup_des_key(pw + 7, &des);
492     gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
493     gcry_cipher_close(des);
494 #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
495   || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
496     encrypt_des(magic, lmbuffer, pw);
497     encrypt_des(magic, lmbuffer + 8, pw + 7);
498 #endif
499 
500     memset(lmbuffer + 16, 0, 21 - 16);
501   }
502 
503   return CURLE_OK;
504 }
505 
506 #ifdef USE_NTRESPONSES
ascii_to_unicode_le(unsigned char * dest,const char * src,size_t srclen)507 static void ascii_to_unicode_le(unsigned char *dest, const char *src,
508                                 size_t srclen)
509 {
510   size_t i;
511   for(i = 0; i < srclen; i++) {
512     dest[2 * i] = (unsigned char)src[i];
513     dest[2 * i + 1] = '\0';
514   }
515 }
516 
517 #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
518 
ascii_uppercase_to_unicode_le(unsigned char * dest,const char * src,size_t srclen)519 static void ascii_uppercase_to_unicode_le(unsigned char *dest,
520                                           const char *src, size_t srclen)
521 {
522   size_t i;
523   for(i = 0; i < srclen; i++) {
524     dest[2 * i] = (unsigned char)(Curl_raw_toupper(src[i]));
525     dest[2 * i + 1] = '\0';
526   }
527 }
528 
529 #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
530 
531 /*
532  * Set up nt hashed passwords
533  * @unittest: 1600
534  */
Curl_ntlm_core_mk_nt_hash(struct Curl_easy * data,const char * password,unsigned char * ntbuffer)535 CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
536                                    const char *password,
537                                    unsigned char *ntbuffer /* 21 bytes */)
538 {
539   size_t len = strlen(password);
540   unsigned char *pw;
541   CURLcode result;
542   if(len > SIZE_T_MAX/2) /* avoid integer overflow */
543     return CURLE_OUT_OF_MEMORY;
544   pw = len ? malloc(len * 2) : (unsigned char *)strdup("");
545   if(!pw)
546     return CURLE_OUT_OF_MEMORY;
547 
548   ascii_to_unicode_le(pw, password, len);
549 
550   /*
551    * The NT hashed password needs to be created using the password in the
552    * network encoding not the host encoding.
553    */
554   result = Curl_convert_to_network(data, (char *)pw, len * 2);
555   if(result)
556     return result;
557 
558   /* Create NT hashed password. */
559   Curl_md4it(ntbuffer, pw, 2 * len);
560 
561   memset(ntbuffer + 16, 0, 21 - 16);
562 
563   free(pw);
564 
565   return CURLE_OK;
566 }
567 
568 #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
569 
570 /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
571  * (uppercase UserName + Domain) as the data
572  */
Curl_ntlm_core_mk_ntlmv2_hash(const char * user,size_t userlen,const char * domain,size_t domlen,unsigned char * ntlmhash,unsigned char * ntlmv2hash)573 CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
574                                        const char *domain, size_t domlen,
575                                        unsigned char *ntlmhash,
576                                        unsigned char *ntlmv2hash)
577 {
578   /* Unicode representation */
579   size_t identity_len;
580   unsigned char *identity;
581   CURLcode result = CURLE_OK;
582 
583   /* we do the length checks below separately to avoid integer overflow risk
584      on extreme data lengths */
585   if((userlen > SIZE_T_MAX/2) ||
586      (domlen > SIZE_T_MAX/2) ||
587      ((userlen + domlen) > SIZE_T_MAX/2))
588     return CURLE_OUT_OF_MEMORY;
589 
590   identity_len = (userlen + domlen) * 2;
591   identity = malloc(identity_len);
592 
593   if(!identity)
594     return CURLE_OUT_OF_MEMORY;
595 
596   ascii_uppercase_to_unicode_le(identity, user, userlen);
597   ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
598 
599   result = Curl_hmacit(Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len,
600                        ntlmv2hash);
601   free(identity);
602 
603   return result;
604 }
605 
606 /*
607  * Curl_ntlm_core_mk_ntlmv2_resp()
608  *
609  * This creates the NTLMv2 response as set in the ntlm type-3 message.
610  *
611  * Parameters:
612  *
613  * ntlmv2hash       [in] - The ntlmv2 hash (16 bytes)
614  * challenge_client [in] - The client nonce (8 bytes)
615  * ntlm             [in] - The ntlm data struct being used to read TargetInfo
616                            and Server challenge received in the type-2 message
617  * ntresp          [out] - The address where a pointer to newly allocated
618  *                         memory holding the NTLMv2 response.
619  * ntresp_len      [out] - The length of the output message.
620  *
621  * Returns CURLE_OK on success.
622  */
Curl_ntlm_core_mk_ntlmv2_resp(unsigned char * ntlmv2hash,unsigned char * challenge_client,struct ntlmdata * ntlm,unsigned char ** ntresp,unsigned int * ntresp_len)623 CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
624                                        unsigned char *challenge_client,
625                                        struct ntlmdata *ntlm,
626                                        unsigned char **ntresp,
627                                        unsigned int *ntresp_len)
628 {
629 /* NTLMv2 response structure :
630 ------------------------------------------------------------------------------
631 0     HMAC MD5         16 bytes
632 ------BLOB--------------------------------------------------------------------
633 16    Signature        0x01010000
634 20    Reserved         long (0x00000000)
635 24    Timestamp        LE, 64-bit signed value representing the number of
636                        tenths of a microsecond since January 1, 1601.
637 32    Client Nonce     8 bytes
638 40    Unknown          4 bytes
639 44    Target Info      N bytes (from the type-2 message)
640 44+N  Unknown          4 bytes
641 ------------------------------------------------------------------------------
642 */
643 
644   unsigned int len = 0;
645   unsigned char *ptr = NULL;
646   unsigned char hmac_output[HMAC_MD5_LENGTH];
647   curl_off_t tw;
648 
649   CURLcode result = CURLE_OK;
650 
651 #if CURL_SIZEOF_CURL_OFF_T < 8
652 #error "this section needs 64bit support to work"
653 #endif
654 
655   /* Calculate the timestamp */
656 #ifdef DEBUGBUILD
657   char *force_timestamp = getenv("CURL_FORCETIME");
658   if(force_timestamp)
659     tw = CURL_OFF_T_C(11644473600) * 10000000;
660   else
661 #endif
662     tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
663 
664   /* Calculate the response len */
665   len = HMAC_MD5_LENGTH + NTLMv2_BLOB_LEN;
666 
667   /* Allocate the response */
668   ptr = calloc(1, len);
669   if(!ptr)
670     return CURLE_OUT_OF_MEMORY;
671 
672   /* Create the BLOB structure */
673   msnprintf((char *)ptr + HMAC_MD5_LENGTH, NTLMv2_BLOB_LEN,
674             "%c%c%c%c"   /* NTLMv2_BLOB_SIGNATURE */
675             "%c%c%c%c",  /* Reserved = 0 */
676             NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1],
677             NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3],
678             0, 0, 0, 0);
679 
680   Curl_write64_le(tw, ptr + 24);
681   memcpy(ptr + 32, challenge_client, 8);
682   memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
683 
684   /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */
685   memcpy(ptr + 8, &ntlm->nonce[0], 8);
686   result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8,
687                     NTLMv2_BLOB_LEN + 8, hmac_output);
688   if(result) {
689     free(ptr);
690     return result;
691   }
692 
693   /* Concatenate the HMAC MD5 output  with the BLOB */
694   memcpy(ptr, hmac_output, HMAC_MD5_LENGTH);
695 
696   /* Return the response */
697   *ntresp = ptr;
698   *ntresp_len = len;
699 
700   return result;
701 }
702 
703 /*
704  * Curl_ntlm_core_mk_lmv2_resp()
705  *
706  * This creates the LMv2 response as used in the ntlm type-3 message.
707  *
708  * Parameters:
709  *
710  * ntlmv2hash        [in] - The ntlmv2 hash (16 bytes)
711  * challenge_client  [in] - The client nonce (8 bytes)
712  * challenge_client  [in] - The server challenge (8 bytes)
713  * lmresp           [out] - The LMv2 response (24 bytes)
714  *
715  * Returns CURLE_OK on success.
716  */
Curl_ntlm_core_mk_lmv2_resp(unsigned char * ntlmv2hash,unsigned char * challenge_client,unsigned char * challenge_server,unsigned char * lmresp)717 CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
718                                       unsigned char *challenge_client,
719                                       unsigned char *challenge_server,
720                                       unsigned char *lmresp)
721 {
722   unsigned char data[16];
723   unsigned char hmac_output[16];
724   CURLcode result = CURLE_OK;
725 
726   memcpy(&data[0], challenge_server, 8);
727   memcpy(&data[8], challenge_client, 8);
728 
729   result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16,
730                        hmac_output);
731   if(result)
732     return result;
733 
734   /* Concatenate the HMAC MD5 output  with the client nonce */
735   memcpy(lmresp, hmac_output, 16);
736   memcpy(lmresp + 16, challenge_client, 8);
737 
738   return result;
739 }
740 
741 #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
742 
743 #endif /* USE_NTRESPONSES */
744 
745 #endif /* USE_CURL_NTLM_CORE */
746