2
* Authentication module for the Micr$oft NTLM mechanism.
4
* This file is part of libESMTP, a library for submission of RFC 2822
5
* formatted electronic mail messages using the SMTP protocol described
8
* Copyright (C) 2002 Brian Stafford <brian@stafford.uklinux.net>
10
* This library is free software; you can redistribute it and/or
11
* modify it under the terms of the GNU Lesser General Public
12
* License as published by the Free Software Foundation; either
13
* version 2.1 of the License, or (at your option) any later version.
15
* This library is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
* Lesser General Public License for more details.
20
* You should have received a copy of the GNU Lesser General Public
21
* License along with this library; if not, write to the Free Software
22
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27
#include <openssl/des.h>
28
#include <openssl/md4.h>
33
lm_deshash (void *result, const_des_cblock *iv, const void *secret)
37
unsigned char key_56[8];
40
/* copy and pad the secret */
41
len = strlen (secret);
42
if (len > sizeof key_56)
44
memcpy (key_56, secret, len);
45
if (sizeof key_56 - len > 0)
46
memset (key_56 + len, 0, sizeof key_56 - len);
48
/* convert 56 bit key to the 64 bit */
50
key[1] = (key_56[0] << 7) | (key_56[1] >> 1);
51
key[2] = (key_56[1] << 6) | (key_56[2] >> 2);
52
key[3] = (key_56[2] << 5) | (key_56[3] >> 3);
53
key[4] = (key_56[3] << 4) | (key_56[4] >> 4);
54
key[5] = (key_56[4] << 3) | (key_56[5] >> 5);
55
key[6] = (key_56[5] << 2) | (key_56[6] >> 6);
56
key[7] = (key_56[6] << 1);
58
des_set_odd_parity (&key);
59
des_set_key (&key, ks);
60
des_ecb_encrypt (iv, result, ks, DES_ENCRYPT);
63
memset (key, 0, sizeof key);
64
memset (ks, 0, sizeof ks);
67
/* Copy and convert to upper case. If supplied string is shorter than the
68
destination, zero pad the remainder. */
70
lm_uccpy (char *dst, size_t dstlen, const char *src)
75
if ((len = strlen (src)) > dstlen)
77
for (p = dst; len > 0; p++, src++, len--)
80
memset (p, 0, dst + dstlen - p);
84
/* create LanManager hashed password */
86
lm_hash_password (unsigned char *hash, const char *pass)
88
static const_des_cblock iv = { 0x4B, 0x47, 0x53, 0x21,
89
0x40, 0x23, 0x24, 0x25 };
92
lm_uccpy (lmpass, sizeof lmpass, pass);
93
lm_deshash (hash, &iv, lmpass);
94
lm_deshash (hash + 8, &iv, lmpass + 7);
95
memset (lmpass, 0, sizeof lmpass);
98
/* convert to unicode */
100
nt_unicode (const char *string, size_t len)
102
unsigned char *uni, *pp;
104
uni = malloc (len * 2);
105
if ((pp = uni) != NULL)
108
*pp++ = (unsigned char) *string++;
115
nt_hash_password (unsigned char *hash, const char *pass)
118
unsigned char *nt_pw;
122
if ((nt_pw = nt_unicode (pass, len)) == NULL)
126
MD4_Update (&context, nt_pw, 2 * len);
127
MD4_Final (hash, &context);
128
memset (&context, 0, sizeof context);
129
memset (nt_pw, 0, 2 * len);
133
/* Use the server's 8 octet nonce and the secret to create the 24 octet
134
LanManager and NT responses. */
136
ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp,
137
const unsigned char *challenge, const char *secret)
139
unsigned char hash[21];
142
memcpy (&nonce, challenge, sizeof nonce);
144
lm_hash_password (hash, secret);
145
memset (hash + 16, 0, 5);
146
lm_deshash (lm_resp, &nonce, hash);
147
lm_deshash (lm_resp + 8, &nonce, hash + 7);
148
lm_deshash (lm_resp + 16, &nonce, hash + 14);
150
nt_hash_password (hash, secret);
151
memset (hash + 16, 0, 5);
152
lm_deshash (nt_resp, &nonce, hash);
153
lm_deshash (nt_resp + 8, &nonce, hash + 7);
154
lm_deshash (nt_resp + 16, &nonce, hash + 14);
155
memset (hash, 0, sizeof hash);