OpenVAS Scanner  22.7.9
smb_crypt.c
Go to the documentation of this file.
1 /* SPDX-FileCopyrightText: 2023 Greenbone AG
2  * SPDX-FileCopyrightText: 1998-2000 Andrew Tridgell
3  *
4  * SPDX-License-Identifier: GPL-2.0-or-later
5  */
6 
15 /* NOTES:
16 
17  This code makes no attempt to be fast! In fact, it is a very
18  slow implementation
19 
20  This code is NOT a complete DES implementation. It implements only
21  the minimum necessary for SMB authentication, as used by all SMB
22  products (including every copy of Microsoft Windows95 ever sold)
23 
24  In particular, it can only do a unchained forward DES pass. This
25  means it is not possible to use this code for encryption/decryption
26  of data, instead it is only useful as a "hash" algorithm.
27 
28  There is no entry point into this code that allows normal DES operation.
29 
30  I believe this means that this code does not come under ITAR
31  regulations but this is NOT a legal opinion. If you are concerned
32  about the applicability of ITAR regulations to this code then you
33  should confirm it for yourself (and maybe let me know if you come
34  up with a different answer to the one above)
35 
36  MODIFICATION: support for NTLMSSP feature in OpenVAS
37  Modified By Preeti Subramanian <spreeti@secpod.com>
38  * BOOL is replaced by bool
39  * SMBNTLMv2encrypt_hash function body is modified - does not compute
40  ntv2_owf_gen, rather ntv2_owf_gen value is passed to this function
41  and this function returns void,
42  * SMBNTLMv2encrypt_hash, LMv2_generate_response, NTLMv2_generate_response,
43  NTLMv2_generate_client_data functions' signatures are modified.
44 */
45 
46 #include "smb_crypt.h"
47 
48 #include "proto.h"
49 
50 #include <glib.h> /* for g_malloc0() */
51 #define int16 1
52 
53 #ifndef FSTRING_LEN
54 #define FSTRING_LEN 256
55 typedef char fstring[FSTRING_LEN];
56 #endif
57 
58 static const uchar perm1[56] = {
59  57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43,
60  35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54,
61  46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4};
62 
63 static const uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
64  23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
65  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
66  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32};
67 
68 static const uchar perm3[64] = {
69  58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
70  62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
71  57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
72  61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7};
73 
74 static const uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
75  8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
76  16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
77  24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1};
78 
79 static const uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23,
80  26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27,
81  3, 9, 19, 13, 30, 6, 22, 11, 4, 25};
82 
83 static const uchar perm6[64] = {
84  40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
85  38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
86  36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
87  34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25};
88 
89 static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
90 
91 static const uchar sbox[8][4][16] = {
92  {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
93  {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
94  {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
95  {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
96 
97  {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
98  {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
99  {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
100  {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
101 
102  {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
103  {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
104  {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
105  {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
106 
107  {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
108  {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
109  {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
110  {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
111 
112  {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
113  {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
114  {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
115  {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
116 
117  {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
118  {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
119  {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
120  {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
121 
122  {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
123  {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
124  {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
125  {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
126 
127  {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
128  {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
129  {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
130  {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
131 
132 static void
133 permute (char *out, char *in, const uchar *p, int n)
134 {
135  int i;
136  for (i = 0; i < n; i++)
137  out[i] = in[p[i] - 1];
138 }
139 
140 static void
141 lshift (char *d, int count, int n)
142 {
143  char out[64];
144  int i;
145  for (i = 0; i < n; i++)
146  out[i] = d[(i + count) % n];
147  for (i = 0; i < n; i++)
148  d[i] = out[i];
149 }
150 
151 static void
152 concat (char *out, char *in1, char *in2, int l1, int l2)
153 {
154  while (l1--)
155  *out++ = *in1++;
156  while (l2--)
157  *out++ = *in2++;
158 }
159 
160 static void xor(char *out, char *in1, char *in2, int n)
161 {
162  int i;
163  for (i=0;i<n;i++)
164  out[i] = in1[i] ^ in2[i];
165 }
166 
167 static void dohash(char *out, char *in, char *key, int forw)
168 {
169  int i, j, k;
170  char pk1[56];
171  char c[28];
172  char d[28];
173  char cd[56];
174  char ki[16][48];
175  char pd1[64];
176  char l[32], r[32];
177  char rl[64];
178 
179  permute (pk1, key, perm1, 56);
180 
181  for (i = 0; i < 28; i++)
182  c[i] = pk1[i];
183  for (i = 0; i < 28; i++)
184  d[i] = pk1[i + 28];
185 
186  for (i = 0; i < 16; i++)
187  {
188  lshift (c, sc[i], 28);
189  lshift (d, sc[i], 28);
190 
191  concat (cd, c, d, 28, 28);
192  permute (ki[i], cd, perm2, 48);
193  }
194 
195  permute (pd1, in, perm3, 64);
196 
197  for (j = 0; j < 32; j++)
198  {
199  l[j] = pd1[j];
200  r[j] = pd1[j + 32];
201  }
202 
203  for (i = 0; i < 16; i++)
204  {
205  char er[48];
206  char erk[48];
207  char b[8][6];
208  char cb[32];
209  char pcb[32];
210  char r2[32];
211 
212  permute (er, r, perm4, 48);
213 
214  xor(erk, er, ki[forw ? i : 15 - i], 48);
215 
216  for (j = 0; j < 8; j++)
217  for (k = 0; k < 6; k++)
218  b[j][k] = erk[j * 6 + k];
219 
220  for (j = 0; j < 8; j++)
221  {
222  int m, n;
223  m = (b[j][0] << 1) | b[j][5];
224 
225  n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4];
226 
227  for (k = 0; k < 4; k++)
228  b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0;
229  }
230 
231  for (j = 0; j < 8; j++)
232  for (k = 0; k < 4; k++)
233  cb[j * 4 + k] = b[j][k];
234  permute (pcb, cb, perm5, 32);
235 
236  xor(r2, l, pcb, 32);
237 
238  for (j = 0; j < 32; j++)
239  l[j] = r[j];
240 
241  for (j = 0; j < 32; j++)
242  r[j] = r2[j];
243  }
244 
245  concat (rl, r, l, 32, 32);
246 
247  permute (out, rl, perm6, 64);
248 }
249 
250 static void
251 str_to_key (const uchar *str, uchar *key)
252 {
253  int i;
254 
255  key[0] = str[0] >> 1;
256  key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
257  key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
258  key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
259  key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
260  key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
261  key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
262  key[7] = str[6] & 0x7F;
263  for (i = 0; i < 8; i++)
264  {
265  key[i] = (key[i] << 1);
266  }
267 }
268 
269 static void
270 smbhash (uchar *out, const uchar *in, const uchar *key, int forw)
271 {
272  int i;
273  char outb[64];
274  char inb[64];
275  char keyb[64];
276  uchar key2[8];
277 
278  str_to_key (key, key2);
279 
280  for (i = 0; i < 64; i++)
281  {
282  inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
283  keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
284  outb[i] = 0;
285  }
286 
287  dohash (outb, inb, keyb, forw);
288 
289  for (i = 0; i < 8; i++)
290  {
291  out[i] = 0;
292  }
293 
294  for (i = 0; i < 64; i++)
295  {
296  if (outb[i])
297  out[i / 8] |= (1 << (7 - (i % 8)));
298  }
299 }
300 
301 void
302 E_P16 (uchar *p14, uchar *p16)
303 {
304  uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
305  smbhash (p16, sp8, p14, 1);
306  smbhash (p16 + 8, sp8, p14 + 7, 1);
307 }
308 
309 void
310 E_P24 (const uchar *p21, const uchar *c8, uchar *p24)
311 {
312  smbhash (p24, c8, p21, 1);
313  smbhash (p24 + 8, c8, p21 + 7, 1);
314  smbhash (p24 + 16, c8, p21 + 14, 1);
315 }
316 
317 void
318 SamOEMhash (uchar *data, const uchar *key, int val)
319 {
320  uchar hash[256];
321  uchar index_i = 0;
322  uchar index_j = 0;
323  uchar j = 0;
324  int ind;
325  int len = 0;
326  if (val == 1)
327  len = 516;
328  if (val == 0)
329  len = 16;
330  if (val == 3)
331  len = 8;
332  if (val == 2)
333  len = 68;
334  if (val == 4)
335  len = 32;
336 
337  if (val >= 8)
338  len = val;
339 
340  for (ind = 0; ind < 256; ind++)
341  {
342  hash[ind] = (uchar) ind;
343  }
344 
345  for (ind = 0; ind < 256; ind++)
346  {
347  uchar tc;
348 
349  j += (hash[ind] + key[ind % 16]);
350 
351  tc = hash[ind];
352  hash[ind] = hash[j];
353  hash[j] = tc;
354  }
355  for (ind = 0; ind < len; ind++)
356  {
357  uchar tc;
358  uchar t;
359 
360  index_i++;
361  index_j += hash[index_i];
362 
363  tc = hash[index_i];
364  hash[index_i] = hash[index_j];
365  hash[index_j] = tc;
366 
367  t = hash[index_i] + hash[index_j];
368  data[ind] = data[ind] ^ hash[t];
369  }
370 }
371 
372 void
373 SMBsesskeygen_ntv1_ntlmssp (const uchar kr[16], const uchar *nt_resp,
374  uint8 sess_key[16])
375 {
376  /* yes, this session key does not change - yes, this
377  is a problem - but it is 128 bits */
378  (void) nt_resp;
379  mdfour_ntlmssp ((unsigned char *) sess_key, kr, 16);
380 }
381 
382 /* Does the des encryption from the NT or LM MD4 hash. */
383 void
384 SMBOWFencrypt_ntlmssp (const uchar passwd[16], const uchar *c8, uchar p24[24])
385 {
386  uchar p21[21];
387 
388  ZERO_STRUCT (p21);
389  memcpy (p21, passwd, 16);
390  E_P24 (p21, c8, p24);
391 }
392 
393 void
394 SMBencrypt_hash_ntlmssp (const uchar lm_hash[16], const uchar *c8,
395  uchar p24[24])
396 {
397  uchar p21[21];
398 
399  memset (p21, '\0', 21);
400  memcpy (p21, lm_hash, 16);
401  SMBOWFencrypt_ntlmssp (p21, c8, p24);
402 }
403 
404 /* Does the des encryption. */
405 void
406 SMBNTencrypt_hash_ntlmssp (const uchar nt_hash[16], uchar *c8, uchar *p24)
407 {
408  uchar p21[21];
409 
410  memset (p21, '\0', 21);
411  memcpy (p21, nt_hash, 16);
412  SMBOWFencrypt_ntlmssp (p21, c8, p24);
413 }
414 
415 void
417  const uchar lm_resp[24], uint8 sess_key[16])
418 {
419  uchar p24[24];
420  uchar partial_lm_hash[16];
421 
422  memcpy (partial_lm_hash, lm_hash, 8);
423  memset (partial_lm_hash + 8, 0xbd, 8);
424  SMBOWFencrypt_ntlmssp (partial_lm_hash, lm_resp, p24);
425  memcpy (sess_key, p24, 16);
426 }
427 
436 bool
437 E_deshash_ntlmssp (const char *passwd, uint8_t pass_len, uchar p16[16])
438 {
439  bool ret = True;
440  fstring dospwd;
441  ZERO_STRUCT (dospwd);
442  char *dpass;
443 
444  /* Password must be converted to DOS charset - null terminated, uppercase. */
445  dpass = g_utf8_strup (passwd, pass_len);
446  memcpy (dospwd, dpass, pass_len);
447  g_free (dpass);
448 
449  /* Only the first 14 chars are considered, password need not be null
450  * terminated. */
451  E_P16 ((unsigned char *) dospwd, p16);
452 
453  if (strlen (dospwd) > 14)
454  {
455  ret = False;
456  }
457 
458  ZERO_STRUCT (dospwd);
459 
460  return ret;
461 }
462 void
463 SMBsesskeygen_ntv2_ntlmssp (const uchar kr[16], const uchar *nt_resp,
464  uint8 sess_key[16])
465 {
466  /* a very nice, 128 bit, variable session key */
467 
468  HMACMD5Context ctx;
469 
470  hmac_md5_init_limK_to_64 (kr, 16, &ctx);
471  hmac_md5_update (nt_resp, 16, &ctx);
472  hmac_md5_final ((unsigned char *) sess_key, &ctx);
473 }
474 
475 uint8_t *
476 NTLMv2_generate_client_data_ntlmssp (const char *addr_list,
477  int address_list_len)
478 {
479  int i = 0;
480  /*length of response
481  *header-4, reserved-4, date-8, client chal-8, unknown-4, addr_list-size sent
482  *in arguments
483  */
484  uchar client_chal[8];
485  uint8_t *response = g_malloc0 (28 + address_list_len);
486  char long_date[8];
487  int header = 0x00000101;
488  int zeros = 0x00000000;
489 
490  generate_random_buffer_ntlmssp (client_chal, sizeof (client_chal));
491 
492  put_long_date_ntlmssp (long_date, time (NULL));
493  SIVAL (response, 0, header);
494  SIVAL (response, 4, zeros);
495  memcpy (response + 4 + 4, long_date, 8);
496  memcpy (response + 4 + 4 + sizeof (long_date), client_chal, 8);
497  SIVAL (response, 24, zeros);
498  for (i = 0; i < address_list_len; i++)
499  {
500  *(response + 28 + i) = *(addr_list + i);
501  }
502 
503  return response;
504 }
505 
506 void
507 NTLMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16],
508  const char *server_chal,
509  const char *address_list,
510  int address_list_len, uint8_t *nt_response)
511 {
512  uchar ntlmv2_response[16];
513  uint8_t *ntlmv2_client_data;
514 
515  /* NTLMv2 */
516  /* generate some data to pass into the response function - including
517  the hostname and domain name of the server */
518  ntlmv2_client_data =
519  NTLMv2_generate_client_data_ntlmssp (address_list, address_list_len);
520 
521  /* Given that data, and the challenge from the server, generate a response */
522  int client_data_len = 28 + address_list_len;
523  SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
524  ntlmv2_client_data, client_data_len,
525  ntlmv2_response);
526  memcpy (nt_response, ntlmv2_response, sizeof (ntlmv2_response));
527  memcpy (nt_response + sizeof (ntlmv2_response), ntlmv2_client_data,
528  client_data_len);
529 
530  g_free (ntlmv2_client_data);
531 }
532 
533 void
534 LMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16],
535  const char *server_chal, uint8_t *lm_response)
536 {
537  uchar lmv2_response[16];
538  uint8_t lmv2_client_data[8];
539 
540  /* LMv2 */
541  /* client-supplied random data */
542  generate_random_buffer_ntlmssp (lmv2_client_data, sizeof (lmv2_client_data));
543 
544  /* Given that data, and the challenge from the server, generate a response */
545  SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
546  lmv2_client_data, sizeof (lmv2_client_data),
547  lmv2_response);
548  memcpy (lm_response, lmv2_response, sizeof (lmv2_response));
549 
550  /* after the first 16 bytes is the random data we generated above,
551  so the server can verify us with it */
552  memcpy (lm_response + sizeof (lmv2_response), lmv2_client_data,
553  sizeof (lmv2_client_data));
554 }
555 
556 void
557 SMBNTLMv2encrypt_hash_ntlmssp (const char *user, const char *domain,
558  uchar ntlm_v2_hash[16], const char *server_chal,
559  const char *address_list, int address_list_len,
560  uint8_t *lm_response, uint8_t *nt_response,
561  uint8_t *user_session_key)
562 {
563  (void) user;
564  (void) domain;
565  NTLMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, address_list,
566  address_list_len, nt_response);
567 
568  /* The NTLMv2 calculations also provide a session key, for signing etc later
569  */
570  /* use only the first 16 bytes of nt_response for session key */
571  SMBsesskeygen_ntv2_ntlmssp (ntlm_v2_hash, nt_response, user_session_key);
572 
573  LMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, lm_response);
574 }
HMACMD5Context
Definition: hmacmd5.h:29
E_P24
void E_P24(const uchar *p21, const uchar *c8, uchar *p24)
Definition: smb_crypt.c:310
FSTRING_LEN
#define FSTRING_LEN
Definition: smb_crypt.c:54
ZERO_STRUCT
#define ZERO_STRUCT(x)
Definition: genrand.c:56
uchar
#define uchar
Definition: hmacmd5.h:22
uint8
#define uint8
Definition: charcnv.c:45
mdfour_ntlmssp
void mdfour_ntlmssp(unsigned char *out, const unsigned char *in, int n)
Definition: md4.c:165
perm3
static const uchar perm3[64]
Definition: smb_crypt.c:68
LMv2_generate_response_ntlmssp
void LMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
Definition: smb_crypt.c:534
SMBOWFencrypt_ntv2_ntlmssp
void SMBOWFencrypt_ntv2_ntlmssp(const uchar *kr, const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])
SMBencrypt_hash_ntlmssp
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
Definition: smb_crypt.c:394
fstring
char fstring[FSTRING_LEN]
Definition: smb_crypt.c:55
E_P16
void E_P16(uchar *p14, uchar *p16)
Definition: smb_crypt.c:302
SIVAL
#define SIVAL(buf, pos, val)
Definition: byteorder.h:117
NTLMv2_generate_response_ntlmssp
void NTLMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
Definition: smb_crypt.c:507
perm2
static const uchar perm2[48]
Definition: smb_crypt.c:63
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition: genrand.c:170
hmac_md5_init_limK_to_64
void hmac_md5_init_limK_to_64(const uchar *key, int key_len, HMACMD5Context *ctx)
The microsoft version of hmac_md5 initialisation.
Definition: hmacmd5.c:24
perm5
static const uchar perm5[32]
Definition: smb_crypt.c:79
SMBOWFencrypt_ntlmssp
void SMBOWFencrypt_ntlmssp(const uchar passwd[16], const uchar *c8, uchar p24[24])
Definition: smb_crypt.c:384
SMBNTLMv2encrypt_hash_ntlmssp
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
Definition: smb_crypt.c:557
proto.h
SMBNTencrypt_hash_ntlmssp
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)
Definition: smb_crypt.c:406
str_to_key
static void str_to_key(const uchar *str, uchar *key)
Definition: smb_crypt.c:251
len
uint8_t len
Definition: nasl_packet_forgery.c:1
SMBsesskeygen_lm_sess_key_ntlmssp
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
Definition: smb_crypt.c:416
hmac_md5_update
void hmac_md5_update(const uchar *text, int text_len, HMACMD5Context *ctx)
Update hmac_md5 "inner" buffer.
Definition: hmacmd5.c:55
put_long_date_ntlmssp
void put_long_date_ntlmssp(char *p, time_t t)
Definition: time.c:110
NTLMv2_generate_client_data_ntlmssp
uint8_t * NTLMv2_generate_client_data_ntlmssp(const char *addr_list, int address_list_len)
Definition: smb_crypt.c:476
permute
static void permute(char *out, char *in, const uchar *p, int n)
Definition: smb_crypt.c:133
perm1
static const uchar perm1[56]
Definition: smb_crypt.c:58
perm4
static const uchar perm4[48]
Definition: smb_crypt.c:74
concat
static void concat(char *out, char *in1, char *in2, int l1, int l2)
Definition: smb_crypt.c:152
smbhash
static void smbhash(uchar *out, const uchar *in, const uchar *key, int forw)
Definition: smb_crypt.c:270
SamOEMhash
void SamOEMhash(uchar *data, const uchar *key, int val)
Definition: smb_crypt.c:318
E_deshash_ntlmssp
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
Definition: smb_crypt.c:437
xor
static void xor(char *out, char *in1, char *in2, int n)
Definition: smb_crypt.c:160
hmac_md5_final
void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
Finish off hmac_md5 "inner" buffer and generate outer one.
Definition: hmacmd5.c:64
False
#define False
Definition: charcnv.c:63
True
#define True
Definition: charcnv.c:64
SMBsesskeygen_ntv2_ntlmssp
void SMBsesskeygen_ntv2_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition: smb_crypt.c:463
val
const char * val
Definition: nasl_init.c:412
sc
static const uchar sc[16]
Definition: smb_crypt.c:89
lshift
static void lshift(char *d, int count, int n)
Definition: smb_crypt.c:141
SMBsesskeygen_ntv1_ntlmssp
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition: smb_crypt.c:373
dohash
static void dohash(char *out, char *in, char *key, int forw)
Definition: smb_crypt.c:167
sbox
static const uchar sbox[8][4][16]
Definition: smb_crypt.c:91
smb_crypt.h
Unix SMB/Netbios implementation. Version 1.9.
perm6
static const uchar perm6[64]
Definition: smb_crypt.c:83