2
* WinPR: Windows Portable Runtime
5
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
7
* Licensed under the Apache License, Version 2.0 (the "License");
8
* you may not use this file except in compliance with the License.
9
* You may obtain a copy of the License at
11
* http://www.apache.org/licenses/LICENSE-2.0
13
* Unless required by applicable law or agreed to in writing, software
14
* distributed under the License is distributed on an "AS IS" BASIS,
15
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
* See the License for the specific language governing permissions and
17
* limitations under the License.
24
#include <winpr/ntlm.h>
26
#include <winpr/crt.h>
27
#include <winpr/windows.h>
31
#include <openssl/ssl.h>
32
#include <openssl/des.h>
33
#include <openssl/md4.h>
34
#include <openssl/md5.h>
35
#include <openssl/rc4.h>
36
#include <openssl/hmac.h>
37
#include <openssl/rand.h>
38
#include <openssl/engine.h>
41
* Define NTOWFv1(Password, User, Domain) as
42
* MD4(UNICODE(Password))
46
BYTE* NTOWFv1W(LPWSTR Password, UINT32 PasswordLength, BYTE* NtHash)
57
MD4_Update(&md4_ctx, Password, PasswordLength);
58
MD4_Final((void*) NtHash, &md4_ctx);
63
BYTE* NTOWFv1A(LPSTR Password, UINT32 PasswordLength, BYTE* NtHash)
65
LPWSTR PasswordW = NULL;
67
PasswordW = (LPWSTR) malloc(PasswordLength * 2);
68
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
70
NtHash = NTOWFv1W(PasswordW, PasswordLength * 2, NtHash);
78
* Define NTOWFv2(Password, User, Domain) as
79
* HMAC_MD5(MD4(UNICODE(Password)),
80
* UNICODE(ConcatenationOf(UpperCase(User), Domain)))
84
BYTE* NTOWFv2W(LPWSTR Password, UINT32 PasswordLength, LPWSTR User,
85
UINT32 UserLength, LPWSTR Domain, UINT32 DomainLength, BYTE* NtHash)
90
if ((!User) || (!Password))
94
NtHash = (BYTE*) malloc(16);
96
NTOWFv1W(Password, PasswordLength, NtHashV1);
98
buffer = (BYTE*) malloc(UserLength + DomainLength);
100
/* Concatenate(UpperCase(User), Domain) */
102
CopyMemory(buffer, User, UserLength);
103
CharUpperBuffW((LPWSTR) buffer, UserLength / 2);
104
CopyMemory(&buffer[UserLength], Domain, DomainLength);
106
/* Compute the HMAC-MD5 hash of the above value using the NTLMv1 hash as the key, the result is the NTLMv2 hash */
107
HMAC(EVP_md5(), (void*) NtHashV1, 16, buffer, UserLength + DomainLength, (void*) NtHash, NULL);
114
BYTE* NTOWFv2A(LPSTR Password, UINT32 PasswordLength, LPSTR User,
115
UINT32 UserLength, LPSTR Domain, UINT32 DomainLength, BYTE* NtHash)
118
LPWSTR DomainW = NULL;
119
LPWSTR PasswordW = NULL;
121
UserW = (LPWSTR) malloc(UserLength * 2);
122
DomainW = (LPWSTR) malloc(DomainLength * 2);
123
PasswordW = (LPWSTR) malloc(PasswordLength * 2);
125
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
126
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
127
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
129
NtHash = NTOWFv2W(PasswordW, PasswordLength * 2, UserW, UserLength * 2, DomainW, DomainLength * 2, NtHash);
138
BYTE* NTOWFv2FromHashW(BYTE* NtHashV1, LPWSTR User, UINT32 UserLength, LPWSTR Domain, UINT32 DomainLength, BYTE* NtHash)
146
NtHash = (BYTE*) malloc(16);
148
buffer = (BYTE*) malloc(UserLength + DomainLength);
150
/* Concatenate(UpperCase(User), Domain) */
152
CopyMemory(buffer, User, UserLength);
153
CharUpperBuffW((LPWSTR) buffer, UserLength / 2);
155
if (DomainLength > 0)
157
CopyMemory(&buffer[UserLength], Domain, DomainLength);
160
/* Compute the HMAC-MD5 hash of the above value using the NTLMv1 hash as the key, the result is the NTLMv2 hash */
161
HMAC(EVP_md5(), (void*) NtHashV1, 16, buffer, UserLength + DomainLength, (void*) NtHash, NULL);
168
BYTE* NTOWFv2FromHashA(BYTE* NtHashV1, LPSTR User, UINT32 UserLength, LPSTR Domain, UINT32 DomainLength, BYTE* NtHash)
171
LPWSTR DomainW = NULL;
172
LPWSTR PasswordW = NULL;
174
UserW = (LPWSTR) malloc(UserLength * 2);
175
DomainW = (LPWSTR) malloc(DomainLength * 2);
177
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
178
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
180
NtHash = NTOWFv2FromHashW(NtHashV1, UserW, UserLength * 2, DomainW, DomainLength * 2, NtHash);