Remove MessageIntegrityCheck from context.

2018-04-17 15:03:27 +02:00 · 2018-04-17 15:03:27 +02:00 · 509afe252d
commit 509afe252d
parent fe37fede50
4 changed files with 15 additions and 11 deletions
--- a/winpr/libwinpr/sspi/NTLM/ntlm.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.h
@ -250,6 +250,7 @@ struct _NTLM_CONTEXT
 	NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
 	NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
 	NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
+	UINT32 MessageIntegrityCheckOffset;
 	SecBuffer NegotiateMessage;
 	SecBuffer ChallengeMessage;
 	SecBuffer AuthenticateMessage;
@ -272,8 +273,6 @@ struct _NTLM_CONTEXT
 	BYTE ClientSealingKey[16];
 	BYTE ServerSigningKey[16];
 	BYTE ServerSealingKey[16];
-	BYTE MessageIntegrityCheck[16];
-	UINT32 MessageIntegrityCheckOffset;
 	psPeerComputeNtlmHash HashCallback;
 	void* HashCallbackArg;
 };
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@ -21,6 +21,8 @@
 #include "config.h"
 #endif

+#include <assert.h>
+
 #include "ntlm.h"
 #include "../sspi.h"

@ -721,7 +723,7 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
 	}
 }

-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size)
 {
 	/*
 	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
@ -729,6 +731,8 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
 	 */
 	WINPR_HMAC_CTX* hmac = winpr_HMAC_New();

+	assert(size >= WINPR_MD5_DIGEST_LENGTH);
+
 	if (!hmac)
 		return;

@ -740,7 +744,7 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
 		                  context->ChallengeMessage.cbBuffer);
 		winpr_HMAC_Update(hmac, (BYTE*) context->AuthenticateMessage.pvBuffer,
 		                  context->AuthenticateMessage.cbBuffer);
-		winpr_HMAC_Final(hmac, context->MessageIntegrityCheck, WINPR_MD5_DIGEST_LENGTH);
+		winpr_HMAC_Final(hmac, mic, WINPR_MD5_DIGEST_LENGTH);
 	}

 	winpr_HMAC_Free(hmac);
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
@ -57,6 +57,6 @@ void ntlm_generate_client_sealing_key(NTLM_CONTEXT* context);
 void ntlm_generate_server_sealing_key(NTLM_CONTEXT* context);
 void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context);

-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context);
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size);

 #endif /* WINPR_AUTH_NTLM_COMPUTE_H */
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@ -917,9 +917,9 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
 	if (context->UseMIC)
 	{
 		/* Message Integrity Check */
-		ntlm_compute_message_integrity_check(context);
+		ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck, 16);
 		Stream_SetPosition(s, context->MessageIntegrityCheckOffset);
-		Stream_Write(s, context->MessageIntegrityCheck, 16);
+		Stream_Write(s, message->MessageIntegrityCheck, 16);
 		Stream_SetPosition(s, length);
 	}

@ -947,7 +947,7 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
 	if (context->UseMIC)
 	{
 		WLog_DBG(TAG, "MessageIntegrityCheck (length = 16)");
-		winpr_HexDump(TAG, WLOG_DEBUG, context->MessageIntegrityCheck, 16);
+		winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
 	}

 #endif
@ -961,6 +961,7 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
 	UINT32 flags = 0;
 	NTLM_AV_PAIR* AvFlags = NULL;
 	NTLM_AUTHENTICATE_MESSAGE* message;
+	BYTE messageIntegrityCheck[16];

 	if (context->state != NTLM_STATE_COMPLETION)
 		return SEC_E_OUT_OF_SEQUENCE;
@ -988,15 +989,15 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
 	{
 		ZeroMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
 		           16);
-		ntlm_compute_message_integrity_check(context);
+		ntlm_compute_message_integrity_check(context, &messageIntegrityCheck, sizeof(messageIntegrityCheck));
 		CopyMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
 		           message->MessageIntegrityCheck, 16);

-		if (memcmp(context->MessageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
+		if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
 		{
 			WLog_ERR(TAG, "Message Integrity Check (MIC) verification failed!");
 			WLog_ERR(TAG, "Expected MIC:");
-			winpr_HexDump(TAG, WLOG_ERROR, context->MessageIntegrityCheck, 16);
+			winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck, 16);
 			WLog_ERR(TAG, "Actual MIC:");
 			winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck, 16);
 			return SEC_E_MESSAGE_ALTERED;