~ubuntu-branches/ubuntu/quantal/pidgin/quantal : contents of libpurple/ntlm.c at revision 72

~ubuntu-branches/ubuntu/quantal/pidgin/quantal : (revision 72)

1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	1	/**
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	2	* @file ntlm.c
1.1.5 by Sebastien Bacher Import upstream version 2.2.1	3	*/
	4
	5	/* purple
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	6	*
	7	* Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de>
	8	*
	9	* hashing done according to description of NTLM on
	10	* http://www.innovation.ch/java/ntlm.html
	11	*
	12	* This program is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU General Public License as published by
	14	* the Free Software Foundation; either version 2 of the License, or
	15	* (at your option) any later version.
	16	*
	17	* This program is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU General Public License for more details.
	21	*
	22	* You should have received a copy of the GNU General Public License
	23	* along with this program; if not, write to the Free Software
1.1.4 by Sebastien Bacher Import upstream version 2.2.0	24	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	25	*/
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	26
1.1.2 by Sebastien Bacher Import upstream version 2.1.0	27	#include "internal.h"
1.1.2 by Sebastien Bacher Import upstream version 2.1.0	28
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	29	#include "util.h"
	30	#include "ntlm.h"
	31	#include "cipher.h"
1.1.9 by Pedro Fragoso Import upstream version 2.4.1	32	#include "debug.h"
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	33	#include <string.h>
	34
	35	#define NTLM_NEGOTIATE_NTLM2_KEY 0x00080000
	36
	37	struct type1_message {
	38	guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */
	39	guint32 type; /* 0x00000001 */
	40	guint32 flags; /* 0x0000b203 */
	41
1.3.3 by Ari Pollak Import upstream version 2.6.1	42	guint16 dom_len1; /* domain string length */
1.3.3 by Ari Pollak Import upstream version 2.6.1	43	guint16 dom_len2; /* domain string length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	44	guint32 dom_off; /* domain string offset */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	45
1.3.3 by Ari Pollak Import upstream version 2.6.1	46	guint16 host_len1; /* host string length */
1.3.3 by Ari Pollak Import upstream version 2.6.1	47	guint16 host_len2; /* host string length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	48	guint32 host_off; /* host string offset (always 0x00000020) */
	49
	50	#if 0
	51	guint8 host[]; / host string (ASCII) */
	52	guint8 dom[]; / domain string (ASCII) */
	53	#endif
	54	};
	55
	56	struct type2_message {
	57	guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
	58	guint32 type; /* 0x00000002 */
	59
1.3.3 by Ari Pollak Import upstream version 2.6.1	60	guint32 zero;
	61	guint16 msg_len1; /* target name length */
	62	guint16 msg_len2; /* target name length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	63
	64	guint32 flags; /* 0x00008201 */
	65
	66	guint8 nonce[8]; /* nonce */
1.3.3 by Ari Pollak Import upstream version 2.6.1	67	guint8 context[8];
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	68	};
	69
	70	struct type3_message {
	71	guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
	72	guint32 type; /* 0x00000003 */
	73
1.3.3 by Ari Pollak Import upstream version 2.6.1	74	guint16 lm_resp_len1; /* LanManager response length (always 0x18)*/
1.3.3 by Ari Pollak Import upstream version 2.6.1	75	guint16 lm_resp_len2; /* LanManager response length (always 0x18)*/
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	76	guint32 lm_resp_off; /* LanManager response offset */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	77
1.3.3 by Ari Pollak Import upstream version 2.6.1	78	guint16 nt_resp_len1; /* NT response length (always 0x18) */
1.3.3 by Ari Pollak Import upstream version 2.6.1	79	guint16 nt_resp_len2; /* NT response length (always 0x18) */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	80	guint32 nt_resp_off; /* NT response offset */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	81
1.3.3 by Ari Pollak Import upstream version 2.6.1	82	guint16 dom_len1; /* domain string length */
1.3.3 by Ari Pollak Import upstream version 2.6.1	83	guint16 dom_len2; /* domain string length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	84	guint32 dom_off; /* domain string offset (always 0x00000040) */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	85
1.3.3 by Ari Pollak Import upstream version 2.6.1	86	guint16 user_len1; /* username string length */
1.3.3 by Ari Pollak Import upstream version 2.6.1	87	guint16 user_len2; /* username string length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	88	guint32 user_off; /* username string offset */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	89
1.3.3 by Ari Pollak Import upstream version 2.6.1	90	guint16 host_len1; /* host string length */
1.3.3 by Ari Pollak Import upstream version 2.6.1	91	guint16 host_len2; /* host string length */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	92	guint32 host_off; /* host string offset */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	93
1.3.3 by Ari Pollak Import upstream version 2.6.1	94	guint16 sess_len1;
1.3.3 by Ari Pollak Import upstream version 2.6.1	95	guint16 sess_len2;
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	96	guint32 sess_off; /* message length */
	97
	98	guint32 flags; /* 0x00008201 */
	99	/* guint32 flags2; / / unknown, used in windows messenger */
1.3.3 by Ari Pollak Import upstream version 2.6.1	100	/* guint32 flags3; */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	101
	102	#if 0
	103	guint8 dom[]; / domain string (unicode UTF-16LE) */
	104	guint8 user[]; / username string (unicode UTF-16LE) */
	105	guint8 host[]; / host string (unicode UTF-16LE) */
	106	guint8 lm_resp[]; / LanManager response */
	107	guint8 nt_resp[]; / NT response */
	108	#endif
	109	};
	110
	111	gchar *
	112	purple_ntlm_gen_type1(const gchar hostname, const gchar domain)
	113	{
	114	int hostnamelen;
	115	int domainlen;
	116	unsigned char *msg;
	117	struct type1_message *tmsg;
	118	gchar *tmp;
	119
	120	hostnamelen = strlen(hostname);
	121	domainlen = strlen(domain);
	122	msg = g_malloc0(sizeof(struct type1_message) + hostnamelen + domainlen);
	123	tmsg = (struct type1_message*)msg;
	124	tmsg->protocol[0] = 'N';
	125	tmsg->protocol[1] = 'T';
	126	tmsg->protocol[2] = 'L';
	127	tmsg->protocol[3] = 'M';
	128	tmsg->protocol[4] = 'S';
	129	tmsg->protocol[5] = 'S';
	130	tmsg->protocol[6] = 'P';
	131	tmsg->protocol[7] = '\0';
1.3.3 by Ari Pollak Import upstream version 2.6.1	132	tmsg->type = GUINT32_TO_LE(0x00000001);
	133	tmsg->flags = GUINT32_TO_LE(0x0000b203);
	134	tmsg->dom_len1 = tmsg->dom_len2 = GUINT16_TO_LE(domainlen);
	135	tmsg->dom_off = GUINT32_TO_LE(sizeof(struct type1_message) + hostnamelen);
	136	tmsg->host_len1 = tmsg->host_len2 = GUINT16_TO_LE(hostnamelen);
	137	tmsg->host_off = GUINT32_TO_LE(sizeof(struct type1_message));
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	138	memcpy(msg + tmsg->host_off, hostname, hostnamelen);
	139	memcpy(msg + tmsg->dom_off, domain, domainlen);
	140
	141	tmp = purple_base64_encode(msg, sizeof(struct type1_message) + hostnamelen + domainlen);
	142	g_free(msg);
	143
	144	return tmp;
	145	}
	146
	147	guint8 *
	148	purple_ntlm_parse_type2(const gchar type2, guint32 flags)
	149	{
	150	gsize retlen;
	151	struct type2_message *tmsg;
	152	static guint8 nonce[8];
	153
	154	tmsg = (struct type2_message*)purple_base64_decode(type2, &retlen);
1.3.13 by Ari Pollak Import upstream version 2.7.4	155	if (tmsg != NULL && retlen >= (sizeof(struct type2_message) - 1)) {
	156	memcpy(nonce, tmsg->nonce, 8);
	157	if (flags != NULL)
	158	*flags = GUINT16_FROM_LE(tmsg->flags);
	159	} else {
	160	purple_debug_error("ntlm", "Unable to parse type2 message - returning empty nonce.\n");
	161	memset(nonce, 0, 8);
	162	}
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	163	g_free(tmsg);
	164
	165	return nonce;
	166	}
	167
	168	/**
	169	* Create a 64bit DES key by taking a 56bit key and adding
	170	* a parity bit after every 7th bit.
	171	*/
	172	static void
	173	setup_des_key(const guint8 key_56[], guint8 *key)
	174	{
	175	key[0] = key_56[0];
	176	key[1] = ((key_56[0] << 7) & 0xFF) \| (key_56[1] >> 1);
	177	key[2] = ((key_56[1] << 6) & 0xFF) \| (key_56[2] >> 2);
	178	key[3] = ((key_56[2] << 5) & 0xFF) \| (key_56[3] >> 3);
	179	key[4] = ((key_56[3] << 4) & 0xFF) \| (key_56[4] >> 4);
	180	key[5] = ((key_56[4] << 3) & 0xFF) \| (key_56[5] >> 5);
	181	key[6] = ((key_56[5] << 2) & 0xFF) \| (key_56[6] >> 6);
	182	key[7] = (key_56[6] << 1) & 0xFF;
	183	}
	184
	185	/*
	186	* helper function for purple cipher.c
	187	*/
	188	static void
	189	des_ecb_encrypt(const guint8 plaintext, guint8 result, const guint8 *key)
	190	{
	191	PurpleCipher *cipher;
	192	PurpleCipherContext *context;
1.1.7 by Pedro Fragoso Import upstream version 2.3.1	193	size_t outlen;
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	194
	195	cipher = purple_ciphers_find_cipher("des");
	196	context = purple_cipher_context_new(cipher, NULL);
	197	purple_cipher_context_set_key(context, key);
	198	purple_cipher_context_encrypt(context, plaintext, 8, result, &outlen);
	199	purple_cipher_context_destroy(context);
	200	}
	201
	202	/*
	203	* takes a 21 byte array and treats it as 3 56-bit DES keys. The
	204	* 8 byte plaintext is encrypted with each key and the resulting 24
	205	* bytes are stored in the results array.
	206	*/
	207	static void
	208	calc_resp(guint8 keys, const guint8 plaintext, unsigned char *results)
	209	{
	210	guint8 key[8];
	211	setup_des_key(keys, key);
	212	des_ecb_encrypt(plaintext, results, key);
	213
	214	setup_des_key(keys + 7, key);
	215	des_ecb_encrypt(plaintext, results + 8, key);
	216
	217	setup_des_key(keys + 14, key);
	218	des_ecb_encrypt(plaintext, results + 16, key);
	219	}
	220
	221	static void
	222	gensesskey(char buffer, const char oldkey)
	223	{
	224	int i = 0;
	225	if(oldkey == NULL) {
	226	for(i=0; i<16; i++) {
	227	buffer[i] = (char)(rand() & 0xff);
	228	}
	229	} else {
	230	memcpy(buffer, oldkey, 16);
	231	}
	232	}
	233
	234	gchar *
	235	purple_ntlm_gen_type3(const gchar username, const gchar passw, const gchar hostname, const gchar domain, const guint8 nonce, guint32 flags)
	236	{
	237	char lm_pw[14];
	238	unsigned char lm_hpw[21];
	239	char sesskey[16];
	240	guint8 key[8];
	241	int domainlen;
	242	int usernamelen;
	243	int hostnamelen;
	244	int msglen;
	245	struct type3_message *tmsg;
	246	int passwlen, lennt;
	247	unsigned char lm_resp[24], nt_resp[24];
	248	unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
	249	unsigned char nt_hpw[21];
	250	char nt_pw[128];
	251	PurpleCipher *cipher;
	252	PurpleCipherContext *context;
	253	char *tmp;
	254	int idx;
	255	gchar *ucs2le;
	256
	257	domainlen = strlen(domain) * 2;
258	usernamelen = strlen(username) * 2;
259	hostnamelen = strlen(hostname) * 2;
260	msglen = sizeof(struct type3_message) + domainlen +
261	usernamelen + hostnamelen + 0x18 + 0x18 + ((flags) ? 0x10 : 0);
262	tmsg = g_malloc0(msglen);
263	passwlen = strlen(passw);
264
265	/* type3 message initialization */
266	tmsg->protocol[0] = 'N';
267	tmsg->protocol[1] = 'T';
268	tmsg->protocol[2] = 'L';
269	tmsg->protocol[3] = 'M';
270	tmsg->protocol[4] = 'S';
271	tmsg->protocol[5] = 'S';
272	tmsg->protocol[6] = 'P';
1.3.3 by Ari Pollak Import upstream version 2.6.1	273	tmsg->type = GUINT32_TO_LE(0x00000003);
	274	tmsg->lm_resp_len1 = tmsg->lm_resp_len2 = GUINT16_TO_LE(0x18);
	275	tmsg->lm_resp_off = GUINT32_TO_LE(sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen);
	276	tmsg->nt_resp_len1 = tmsg->nt_resp_len2 = GUINT16_TO_LE(0x18);
	277	tmsg->nt_resp_off = GUINT32_TO_LE(sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18);
	278
	279	tmsg->dom_len1 = tmsg->dom_len2 = GUINT16_TO_LE(domainlen);
	280	tmsg->dom_off = GUINT32_TO_LE(sizeof(struct type3_message));
	281
	282	tmsg->user_len1 = tmsg->user_len2 = GUINT16_TO_LE(usernamelen);
	283	tmsg->user_off = GUINT32_TO_LE(sizeof(struct type3_message) + domainlen);
	284
	285	tmsg->host_len1 = tmsg->host_len2 = GUINT16_TO_LE(hostnamelen);
	286	tmsg->host_off = GUINT32_TO_LE(sizeof(struct type3_message) + domainlen + usernamelen);
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	287
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	288	if(flags) {
1.3.3 by Ari Pollak Import upstream version 2.6.1	289	tmsg->sess_off = GUINT32_TO_LE(sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18 + 0x18);
1.3.3 by Ari Pollak Import upstream version 2.6.1	290	tmsg->sess_len1 = tmsg->sess_len2 = GUINT16_TO_LE(0x0010);
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	291	}
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	292
1.3.3 by Ari Pollak Import upstream version 2.6.1	293	tmsg->flags = GUINT32_TO_LE(0x00008201);
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	294
	295	tmp = (char *)tmsg + sizeof(struct type3_message);
	296
1.1.9 by Pedro Fragoso Import upstream version 2.4.1	297	ucs2le = g_convert(domain, -1, "UTF-16LE", "UTF-8", NULL, NULL, NULL);
	298	if (ucs2le != NULL) {
	299	memcpy(tmp, ucs2le, domainlen);
	300	g_free(ucs2le);
	301	tmp += domainlen;
	302	} else {
	303	purple_debug_info("ntlm", "Unable to encode domain in UTF-16LE.\n");
	304	}
	305
	306	ucs2le = g_convert(username, -1, "UTF-16LE", "UTF-8", NULL, NULL, NULL);
	307	if (ucs2le != NULL) {
	308	memcpy(tmp, ucs2le, usernamelen);
	309	g_free(ucs2le);
	310	tmp += usernamelen;
	311	} else {
	312	purple_debug_info("ntlm", "Unable to encode username in UTF-16LE.\n");
	313	}
	314
	315	ucs2le = g_convert(hostname, -1, "UTF-16LE", "UTF-8", NULL, NULL, NULL);
	316	if (ucs2le != NULL) {
	317	memcpy(tmp, ucs2le, hostnamelen);
	318	g_free(ucs2le);
	319	tmp += hostnamelen;
	320	} else {
	321	purple_debug_info("ntlm", "Unable to encode hostname in UTF-16LE.\n");
	322	}
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	323
	324	/* LM */
	325	if (passwlen > 14)
	326	passwlen = 14;
	327
	328	for (idx = 0; idx < passwlen; idx++)
	329	lm_pw[idx] = g_ascii_toupper(passw[idx]);
	330	for (; idx < 14; idx++)
	331	lm_pw[idx] = 0;
	332
	333	setup_des_key((unsigned char*)lm_pw, key);
	334	des_ecb_encrypt(magic, lm_hpw, key);
	335
	336	setup_des_key((unsigned char*)(lm_pw + 7), key);
	337	des_ecb_encrypt(magic, lm_hpw + 8, key);
	338
	339	memset(lm_hpw + 16, 0, 5);
	340	calc_resp(lm_hpw, nonce, lm_resp);
	341	memcpy(tmp, lm_resp, 0x18);
	342	tmp += 0x18;
	343
	344	/* NTLM */
1.1.9 by Pedro Fragoso Import upstream version 2.4.1	345	/* Convert the password to UTF-16LE */
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	346	lennt = strlen(passw);
	347	for (idx = 0; idx < lennt; idx++)
	348	{
	349	nt_pw[2 * idx] = passw[idx];
	350	nt_pw[2 * idx + 1] = 0;
	351	}
	352
	353	cipher = purple_ciphers_find_cipher("md4");
	354	context = purple_cipher_context_new(cipher, NULL);
	355	purple_cipher_context_append(context, (guint8 )nt_pw, 2 lennt);
	356	purple_cipher_context_digest(context, 21, nt_hpw, NULL);
	357	purple_cipher_context_destroy(context);
	358
	359	memset(nt_hpw + 16, 0, 5);
	360	calc_resp(nt_hpw, nonce, nt_resp);
	361	memcpy(tmp, nt_resp, 0x18);
	362	tmp += 0x18;
	363
	364	/* LCS Stuff */
	365	if (flags) {
1.3.3 by Ari Pollak Import upstream version 2.6.1	366	tmsg->flags = GUINT32_TO_LE(0x409082d4);
1 by Ari Pollak Import upstream version 2.0.0+dfsg.1	367	gensesskey(sesskey, NULL);
	368	memcpy(tmp, sesskey, 0x10);
	369	}
	370
	371	/*tmsg->flags2 = 0x0a280105;
	372	tmsg->flags3 = 0x0f000000;*/
	373
	374	tmp = purple_base64_encode((guchar *)tmsg, msglen);
	375	g_free(tmsg);
	376
	377	return tmp;
	378	}