2012-06-03 02:21:04 +04:00
|
|
|
/**
|
|
|
|
* WinPR: Windows Portable Runtime
|
|
|
|
* NTLM Utils
|
|
|
|
*
|
|
|
|
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-08-15 01:20:53 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2012-06-03 02:21:04 +04:00
|
|
|
#include <winpr/ntlm.h>
|
|
|
|
|
|
|
|
#include <winpr/crt.h>
|
2015-10-09 22:57:41 +03:00
|
|
|
#include <winpr/crypto.h>
|
2012-06-03 02:21:04 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Define NTOWFv1(Password, User, Domain) as
|
|
|
|
* MD4(UNICODE(Password))
|
|
|
|
* EndDefine
|
|
|
|
*/
|
|
|
|
|
|
|
|
BYTE* NTOWFv1W(LPWSTR Password, UINT32 PasswordLength, BYTE* NtHash)
|
|
|
|
{
|
2015-10-09 22:57:41 +03:00
|
|
|
WINPR_MD4_CTX md4;
|
|
|
|
|
2012-06-03 02:21:04 +04:00
|
|
|
if (!Password)
|
|
|
|
return NULL;
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!NtHash && !(NtHash = malloc(16)))
|
|
|
|
return NULL;
|
2012-06-03 02:21:04 +04:00
|
|
|
|
2015-10-09 22:57:41 +03:00
|
|
|
winpr_MD4_Init(&md4);
|
|
|
|
winpr_MD4_Update(&md4, (BYTE*) Password, (size_t) PasswordLength);
|
|
|
|
winpr_MD4_Final(&md4, NtHash);
|
2012-06-03 02:21:04 +04:00
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|
|
|
|
|
|
|
|
BYTE* NTOWFv1A(LPSTR Password, UINT32 PasswordLength, BYTE* NtHash)
|
|
|
|
{
|
|
|
|
LPWSTR PasswordW = NULL;
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!(PasswordW = (LPWSTR) malloc(PasswordLength * 2)))
|
|
|
|
return NULL;
|
|
|
|
|
2012-06-03 02:21:04 +04:00
|
|
|
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
|
|
|
|
|
2012-07-23 07:23:23 +04:00
|
|
|
NtHash = NTOWFv1W(PasswordW, PasswordLength * 2, NtHash);
|
2012-06-03 02:21:04 +04:00
|
|
|
|
|
|
|
free(PasswordW);
|
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Define NTOWFv2(Password, User, Domain) as
|
|
|
|
* HMAC_MD5(MD4(UNICODE(Password)),
|
|
|
|
* UNICODE(ConcatenationOf(UpperCase(User), Domain)))
|
|
|
|
* EndDefine
|
|
|
|
*/
|
|
|
|
|
|
|
|
BYTE* NTOWFv2W(LPWSTR Password, UINT32 PasswordLength, LPWSTR User,
|
|
|
|
UINT32 UserLength, LPWSTR Domain, UINT32 DomainLength, BYTE* NtHash)
|
|
|
|
{
|
|
|
|
BYTE* buffer;
|
|
|
|
BYTE NtHashV1[16];
|
|
|
|
|
|
|
|
if ((!User) || (!Password))
|
|
|
|
return NULL;
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!NtHash && !(NtHash = (BYTE*) malloc(16)))
|
|
|
|
return NULL;
|
2012-06-03 02:21:04 +04:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!NTOWFv1W(Password, PasswordLength, NtHashV1))
|
|
|
|
{
|
|
|
|
free(NtHash);
|
|
|
|
return NULL;
|
|
|
|
}
|
2012-06-03 02:21:04 +04:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!(buffer = (BYTE*) malloc(UserLength + DomainLength)))
|
|
|
|
{
|
|
|
|
free(NtHash);
|
|
|
|
return NULL;
|
|
|
|
}
|
2012-06-03 02:21:04 +04:00
|
|
|
|
|
|
|
/* Concatenate(UpperCase(User), Domain) */
|
|
|
|
|
|
|
|
CopyMemory(buffer, User, UserLength);
|
|
|
|
CharUpperBuffW((LPWSTR) buffer, UserLength / 2);
|
|
|
|
CopyMemory(&buffer[UserLength], Domain, DomainLength);
|
|
|
|
|
|
|
|
/* Compute the HMAC-MD5 hash of the above value using the NTLMv1 hash as the key, the result is the NTLMv2 hash */
|
2015-10-09 22:57:41 +03:00
|
|
|
winpr_HMAC(WINPR_MD_MD5, NtHashV1, 16, buffer, UserLength + DomainLength, NtHash);
|
2012-06-03 02:21:04 +04:00
|
|
|
|
|
|
|
free(buffer);
|
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|
|
|
|
|
|
|
|
BYTE* NTOWFv2A(LPSTR Password, UINT32 PasswordLength, LPSTR User,
|
|
|
|
UINT32 UserLength, LPSTR Domain, UINT32 DomainLength, BYTE* NtHash)
|
|
|
|
{
|
|
|
|
LPWSTR UserW = NULL;
|
|
|
|
LPWSTR DomainW = NULL;
|
|
|
|
LPWSTR PasswordW = NULL;
|
|
|
|
|
|
|
|
UserW = (LPWSTR) malloc(UserLength * 2);
|
|
|
|
DomainW = (LPWSTR) malloc(DomainLength * 2);
|
|
|
|
PasswordW = (LPWSTR) malloc(PasswordLength * 2);
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!UserW || !DomainW || !PasswordW)
|
|
|
|
goto out_fail;
|
|
|
|
|
2012-06-03 02:21:04 +04:00
|
|
|
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
|
|
|
|
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
|
|
|
|
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
|
|
|
|
|
|
|
|
NtHash = NTOWFv2W(PasswordW, PasswordLength * 2, UserW, UserLength * 2, DomainW, DomainLength * 2, NtHash);
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
out_fail:
|
2012-06-03 02:21:04 +04:00
|
|
|
free(UserW);
|
|
|
|
free(DomainW);
|
|
|
|
free(PasswordW);
|
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|
|
|
|
|
2012-07-23 07:23:23 +04:00
|
|
|
BYTE* NTOWFv2FromHashW(BYTE* NtHashV1, LPWSTR User, UINT32 UserLength, LPWSTR Domain, UINT32 DomainLength, BYTE* NtHash)
|
|
|
|
{
|
|
|
|
BYTE* buffer;
|
|
|
|
|
|
|
|
if (!User)
|
|
|
|
return NULL;
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!NtHash && !(NtHash = (BYTE*) malloc(16)))
|
|
|
|
return NULL;
|
2012-07-23 07:23:23 +04:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!(buffer = (BYTE*) malloc(UserLength + DomainLength)))
|
|
|
|
{
|
|
|
|
free(NtHash);
|
|
|
|
return NULL;
|
|
|
|
}
|
2012-07-23 07:23:23 +04:00
|
|
|
|
|
|
|
/* Concatenate(UpperCase(User), Domain) */
|
|
|
|
|
|
|
|
CopyMemory(buffer, User, UserLength);
|
|
|
|
CharUpperBuffW((LPWSTR) buffer, UserLength / 2);
|
2012-08-23 09:18:47 +04:00
|
|
|
|
|
|
|
if (DomainLength > 0)
|
|
|
|
{
|
|
|
|
CopyMemory(&buffer[UserLength], Domain, DomainLength);
|
|
|
|
}
|
2012-07-23 07:23:23 +04:00
|
|
|
|
|
|
|
/* Compute the HMAC-MD5 hash of the above value using the NTLMv1 hash as the key, the result is the NTLMv2 hash */
|
2015-10-09 22:57:41 +03:00
|
|
|
winpr_HMAC(WINPR_MD_MD5, NtHashV1, 16, buffer, UserLength + DomainLength, NtHash);
|
2012-07-23 07:23:23 +04:00
|
|
|
|
|
|
|
free(buffer);
|
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|
|
|
|
|
|
|
|
BYTE* NTOWFv2FromHashA(BYTE* NtHashV1, LPSTR User, UINT32 UserLength, LPSTR Domain, UINT32 DomainLength, BYTE* NtHash)
|
|
|
|
{
|
|
|
|
LPWSTR UserW = NULL;
|
|
|
|
LPWSTR DomainW = NULL;
|
|
|
|
|
|
|
|
UserW = (LPWSTR) malloc(UserLength * 2);
|
|
|
|
DomainW = (LPWSTR) malloc(DomainLength * 2);
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!UserW || !DomainW)
|
|
|
|
goto out_fail;
|
|
|
|
|
2012-07-23 07:23:23 +04:00
|
|
|
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
|
|
|
|
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
|
|
|
|
|
|
|
|
NtHash = NTOWFv2FromHashW(NtHashV1, UserW, UserLength * 2, DomainW, DomainLength * 2, NtHash);
|
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
out_fail:
|
2012-07-23 07:23:23 +04:00
|
|
|
free(UserW);
|
|
|
|
free(DomainW);
|
|
|
|
|
|
|
|
return NtHash;
|
|
|
|
}
|