OpenVAS Scanner  22.7.9
ntlmssp.c File Reference

Functions to support Authentication(type3 message) for NTLMSSP (NTLMv2, NTLM2, NTLM, KEY GEN) More...

#include "ntlmssp.h"
#include <glib.h>
Include dependency graph for ntlmssp.c:

Go to the source code of this file.

Macros

#define NTLMSSP_NEGOTIATE_LM_KEY   0x00000080
 

Functions

void ntlmssp_genauth_ntlmv2 (char *user, char *domain, char *address_list, int address_list_len, char *challenge_data, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, unsigned char *ntlmv2_hash)
 
void ntlmssp_genauth_ntlm2 (char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash)
 
void ntlmssp_genauth_ntlm (char *password, uint8_t pass_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, int neg_flags)
 
uint8_t * ntlmssp_genauth_keyexchg (uint8_t *session_key, char *challenge_data, unsigned char *nt_hash, uint8_t *new_sess_key)
 

Detailed Description

Functions to support Authentication(type3 message) for NTLMSSP (NTLMv2, NTLM2, NTLM, KEY GEN)

Definition in file ntlmssp.c.

Macro Definition Documentation

◆ NTLMSSP_NEGOTIATE_LM_KEY

#define NTLMSSP_NEGOTIATE_LM_KEY   0x00000080

Definition at line 16 of file ntlmssp.c.

Function Documentation

◆ ntlmssp_genauth_keyexchg()

uint8_t* ntlmssp_genauth_keyexchg ( uint8_t *  session_key,
char *  challenge_data,
unsigned char *  nt_hash,
uint8_t *  new_sess_key 
)

Definition at line 85 of file ntlmssp.c.

87 {
88  /* Make up a new session key */
89  uint8 client_session_key[16];
90 
91  (void) challenge_data;
92  (void) nt_hash;
93  generate_random_buffer_ntlmssp (client_session_key,
94  sizeof (client_session_key));
95  /* Encrypt the new session key with the old one */
96 
97  size_t length = sizeof (client_session_key);
98  uint8_t *encrypted_session_key = g_malloc0 (length);
99 
100  memcpy (encrypted_session_key, client_session_key, length);
101  SamOEMhash (encrypted_session_key, session_key, length);
102  memcpy (new_sess_key, client_session_key, 16);
103  return encrypted_session_key;
104 }

References generate_random_buffer_ntlmssp(), length, SamOEMhash(), and uint8.

Referenced by nasl_keyexchg().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ ntlmssp_genauth_ntlm()

void ntlmssp_genauth_ntlm ( char *  password,
uint8_t  pass_len,
uint8_t *  lm_response,
uint8_t *  nt_response,
uint8_t *  session_key,
char *  challenge_data,
unsigned char *  nt_hash,
int  neg_flags 
)

Definition at line 61 of file ntlmssp.c.

65 {
66  unsigned char lm_hash[16];
67 
68  E_deshash_ntlmssp (password, pass_len, lm_hash);
69 
70  SMBencrypt_hash_ntlmssp (lm_hash, (const uchar *) challenge_data,
71  lm_response);
72  SMBNTencrypt_hash_ntlmssp (nt_hash, (uchar *) challenge_data, nt_response);
73 
74  if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
75  {
76  SMBsesskeygen_lm_sess_key_ntlmssp (lm_hash, lm_response, session_key);
77  }
78  else
79  {
80  SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, session_key);
81  }
82 }

References E_deshash_ntlmssp(), NTLMSSP_NEGOTIATE_LM_KEY, SMBencrypt_hash_ntlmssp(), SMBNTencrypt_hash_ntlmssp(), SMBsesskeygen_lm_sess_key_ntlmssp(), SMBsesskeygen_ntv1_ntlmssp(), and uchar.

Referenced by nasl_ntlm_response().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ ntlmssp_genauth_ntlm2()

void ntlmssp_genauth_ntlm2 ( char *  password,
uint8_t  pass_len,
uint8_t *  lm_response,
uint8_t *  nt_response,
uint8_t *  session_key,
char *  challenge_data,
unsigned char *  nt_hash 
)

Definition at line 30 of file ntlmssp.c.

33 {
34  unsigned char lm_hash[16];
35 
36  E_deshash_ntlmssp (password, pass_len, lm_hash);
37 
38  struct MD5Context md5_session_nonce_ctx;
39  uchar session_nonce_hash[16];
40  uchar session_nonce[16];
41  uchar user_session_key[16];
42 
43  generate_random_buffer_ntlmssp (lm_response, 8);
44  memset (lm_response + 8, 0, 16);
45 
46  memcpy (session_nonce, challenge_data, 8);
47  memcpy (&session_nonce[8], lm_response, 8);
48 
49  MD5Init (&md5_session_nonce_ctx);
50  MD5Update (&md5_session_nonce_ctx, (unsigned char const *) challenge_data, 8);
51  MD5Update (&md5_session_nonce_ctx, (unsigned char const *) lm_response, 8);
52  MD5Final (session_nonce_hash, &md5_session_nonce_ctx);
53 
54  SMBNTencrypt_hash_ntlmssp (nt_hash, session_nonce_hash, nt_response);
55  SMBsesskeygen_ntv1_ntlmssp (nt_hash, NULL, user_session_key);
56  hmac_md5 (user_session_key, session_nonce, sizeof (session_nonce),
57  session_key);
58 }

References E_deshash_ntlmssp(), generate_random_buffer_ntlmssp(), hmac_md5(), MD5Final(), MD5Init(), MD5Update(), SMBNTencrypt_hash_ntlmssp(), SMBsesskeygen_ntv1_ntlmssp(), and uchar.

Referenced by nasl_ntlm2_response().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ ntlmssp_genauth_ntlmv2()

void ntlmssp_genauth_ntlmv2 ( char *  user,
char *  domain,
char *  address_list,
int  address_list_len,
char *  challenge_data,
uint8_t *  lm_response,
uint8_t *  nt_response,
uint8_t *  session_key,
unsigned char *  ntlmv2_hash 
)

Definition at line 19 of file ntlmssp.c.

23 {
24  SMBNTLMv2encrypt_hash_ntlmssp (user, domain, ntlmv2_hash, challenge_data,
25  address_list, address_list_len, lm_response,
26  nt_response, session_key);
27 }

References SMBNTLMv2encrypt_hash_ntlmssp().

Referenced by nasl_ntlmv2_response().

Here is the call graph for this function:
Here is the caller graph for this function:
uchar
#define uchar
Definition: hmacmd5.h:22
uint8
#define uint8
Definition: charcnv.c:45
SMBencrypt_hash_ntlmssp
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
Definition: smb_crypt.c:394
generate_random_buffer_ntlmssp
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
Definition: genrand.c:170
SMBNTLMv2encrypt_hash_ntlmssp
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
Definition: smb_crypt.c:557
SMBNTencrypt_hash_ntlmssp
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)
Definition: smb_crypt.c:406
MD5Update
void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
Definition: md5.c:71
SMBsesskeygen_lm_sess_key_ntlmssp
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
Definition: smb_crypt.c:416
SamOEMhash
void SamOEMhash(uchar *data, const uchar *key, int val)
Definition: smb_crypt.c:318
E_deshash_ntlmssp
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
Definition: smb_crypt.c:437
NTLMSSP_NEGOTIATE_LM_KEY
#define NTLMSSP_NEGOTIATE_LM_KEY
Definition: ntlmssp.c:16
MD5Init
void MD5Init(struct MD5Context *ctx)
Definition: md5.c:55
SMBsesskeygen_ntv1_ntlmssp
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
Definition: smb_crypt.c:373
hmac_md5
void hmac_md5(uchar key[16], uchar *data, int data_len, uchar *digest)
Function to calculate an HMAC MD5 digest from data. Use the microsoft hmacmd5 init method because the...
Definition: hmacmd5.c:82
MD5Context
Definition: md5.h:52
MD5Final
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
Definition: md5.c:123
length
u_short length
Definition: nasl_packet_forgery.c:4