62 #define FSTRING_LEN 256 67 static const uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9,
68 1, 58, 50, 42, 34, 26, 18,
69 10, 2, 59, 51, 43, 35, 27,
70 19, 11, 3, 60, 52, 44, 36,
71 63, 55, 47, 39, 31, 23, 15,
72 7, 62, 54, 46, 38, 30, 22,
73 14, 6, 61, 53, 45, 37, 29,
74 21, 13, 5, 28, 20, 12, 4};
76 static const uchar perm2[48] = {14, 17, 11, 24, 1, 5,
80 41, 52, 31, 37, 47, 55,
81 30, 40, 51, 45, 33, 48,
82 44, 49, 39, 56, 34, 53,
83 46, 42, 50, 36, 29, 32};
85 static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
86 60, 52, 44, 36, 28, 20, 12, 4,
87 62, 54, 46, 38, 30, 22, 14, 6,
88 64, 56, 48, 40, 32, 24, 16, 8,
89 57, 49, 41, 33, 25, 17, 9, 1,
90 59, 51, 43, 35, 27, 19, 11, 3,
91 61, 53, 45, 37, 29, 21, 13, 5,
92 63, 55, 47, 39, 31, 23, 15, 7};
94 static const uchar perm4[48] = { 32, 1, 2, 3, 4, 5,
97 12, 13, 14, 15, 16, 17,
98 16, 17, 18, 19, 20, 21,
99 20, 21, 22, 23, 24, 25,
100 24, 25, 26, 27, 28, 29,
101 28, 29, 30, 31, 32, 1};
103 static const uchar perm5[32] = { 16, 7, 20, 21,
113 static const uchar perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
114 39, 7, 47, 15, 55, 23, 63, 31,
115 38, 6, 46, 14, 54, 22, 62, 30,
116 37, 5, 45, 13, 53, 21, 61, 29,
117 36, 4, 44, 12, 52, 20, 60, 28,
118 35, 3, 43, 11, 51, 19, 59, 27,
119 34, 2, 42, 10, 50, 18, 58, 26,
120 33, 1, 41, 9, 49, 17, 57, 25};
123 static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
125 static const uchar sbox[8][4][16] = {
126 {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
127 {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
128 {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
129 {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
131 {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
132 {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
133 {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
134 {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
136 {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
137 {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
138 {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
139 {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
141 {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
142 {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
143 {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
144 {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
146 {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
147 {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
148 {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
149 {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
151 {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
152 {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
153 {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
154 {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
156 {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
157 {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
158 {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
159 {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
161 {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
162 {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
163 {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
164 {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
166 static void permute(
char *out,
char *in,
const uchar *p,
int n)
173 static void lshift(
char *d,
int count,
int n)
178 out[i] = d[(i+count)%n];
183 static void concat(
char *out,
char *in1,
char *in2,
int l1,
int l2)
191 static void xor(
char *out,
char *in1,
char *in2,
int n)
195 out[i] = in1[i] ^ in2[i];
198 static void dohash(
char *out,
char *in,
char *key,
int forw)
210 permute(pk1, key, perm1, 56);
218 lshift(c, sc[i], 28);
219 lshift(d, sc[i], 28);
221 concat(cd, c, d, 28, 28);
222 permute(ki[i], cd, perm2, 48);
225 permute(pd1, in, perm3, 64);
240 permute(er, r, perm4, 48);
242 xor(erk, er, ki[forw ? i : 15 - i], 48);
246 b[j][k] = erk[j*6 + k];
250 m = (b[j][0]<<1) | b[j][5];
252 n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
255 b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
261 permute(pcb, cb, perm5, 32);
272 concat(rl, r, l, 32, 32);
274 permute(out, rl, perm6, 64);
277 static void str_to_key(
const uchar *str,
uchar *key)
282 key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
283 key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
284 key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
285 key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
286 key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
287 key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
288 key[7] = str[6]&0x7F;
290 key[i] = (key[i]<<1);
303 str_to_key(key, key2);
306 inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
307 keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
311 dohash(outb, inb, keyb, forw);
319 out[i/8] |= (1<<(7-(i%8)));
325 uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
334 smbhash(p24+16, c8, p21+14, 1);
345 if (
val == 1) len = 516;
346 if (
val == 0) len = 16;
347 if (
val == 3) len = 8;
348 if (
val == 2) len = 68;
349 if (
val == 4) len = 32;
354 for (ind = 0; ind < 256; ind++)
356 hash[ind] = (
uchar)ind;
359 for( ind = 0; ind < 256; ind++)
363 j += (hash[ind] + key[ind%16]);
369 for( ind = 0; ind < len; ind++)
375 index_j += hash[index_i];
378 hash[index_i] = hash[index_j];
381 t = hash[index_i] + hash[index_j];
382 data[ind] = data[ind] ^ hash[t];
402 memcpy(p21, passwd, 16);
411 memcpy(p21, lm_hash, 16);
422 memcpy(p21, nt_hash, 16);
429 uchar partial_lm_hash[16];
431 memcpy(partial_lm_hash, lm_hash, 8);
432 memset(partial_lm_hash + 8, 0xbd, 8);
434 memcpy(sess_key, p24, 16);
452 dpass = g_utf8_strup (passwd, pass_len);
453 memcpy (dospwd, dpass, pass_len);
457 E_P16((
unsigned char *)dospwd, p16);
459 if (strlen(dospwd) > 14) {
486 uchar client_chal[8];
487 uint8_t *response = g_malloc0 (28 + address_list_len);
489 int header = 0x00000101;
490 int zeros = 0x00000000;
495 SIVAL(response, 0, header);
496 SIVAL(response, 4, zeros);
497 memcpy(response+4+4, long_date, 8);
498 memcpy(response+4+4+
sizeof(long_date), client_chal, 8);
499 SIVAL(response, 24, zeros);
500 for(i=0; i<address_list_len;i++)
502 *(response+28+i) = *(addr_list+i);
510 const char *server_chal,
511 const char *address_list,
int address_list_len, uint8_t *nt_response)
513 uchar ntlmv2_response[16];
514 uint8_t * ntlmv2_client_data;
522 int client_data_len = 28 + address_list_len;
524 memcpy(nt_response, ntlmv2_response,
sizeof(ntlmv2_response));
525 memcpy(nt_response+
sizeof(ntlmv2_response),ntlmv2_client_data, client_data_len);
529 const char *server_chal, uint8_t *lm_response)
531 uchar lmv2_response[16];
532 uint8_t lmv2_client_data[8];
540 memcpy(lm_response, lmv2_response,
sizeof(lmv2_response));
544 memcpy(lm_response+
sizeof(lmv2_response), lmv2_client_data,
sizeof(lmv2_client_data));
548 const char *server_chal,
549 const char *address_list,
int address_list_len,
550 uint8_t *lm_response, uint8_t *nt_response,
551 uint8_t *user_session_key)
uint8_t * NTLMv2_generate_client_data_ntlmssp(const char *addr_list, int address_list_len)
void smbhash(uchar *out, const uchar *in, const uchar *key, int forw)
char fstring[FSTRING_LEN]
void SamOEMhash(uchar *data, const uchar *key, int val)
void E_P16(uchar *p14, uchar *p16)
void SMBOWFencrypt_ntlmssp(const uchar passwd[16], const uchar *c8, uchar p24[24])
void LMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, uint8_t *lm_response)
void hmac_md5_init_limK_to_64(const uchar *key, int key_len, HMACMD5Context *ctx)
The microsoft version of hmac_md5 initialisation.
#define SIVAL(buf, pos, val)
bool E_deshash_ntlmssp(const char *passwd, uint8_t pass_len, uchar p16[16])
void mdfour_ntlmssp(unsigned char *out, const unsigned char *in, int n)
void SMBNTLMv2encrypt_hash_ntlmssp(const char *user, const char *domain, uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *lm_response, uint8_t *nt_response, uint8_t *user_session_key)
void generate_random_buffer_ntlmssp(unsigned char *out, int len)
void SMBOWFencrypt_ntv2_ntlmssp(const uchar kr[16], const uint8_t *srv_chal, int srv_chal_len, const uint8_t *cli_chal, int cli_chal_len, uchar resp_buf[16])
void SMBencrypt_hash_ntlmssp(const uchar lm_hash[16], const uchar *c8, uchar p24[24])
void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
Finish off hmac_md5 "inner" buffer and generate outer one.
void put_long_date_ntlmssp(char *p, time_t t)
void hmac_md5_update(const uchar *text, int text_len, HMACMD5Context *ctx)
Update hmac_md5 "inner" buffer.
void SMBsesskeygen_ntv2_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
void NTLMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16], const char *server_chal, const char *address_list, int address_list_len, uint8_t *nt_response)
void SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16], const uchar *nt_resp, uint8 sess_key[16])
void E_P24(const uchar *p21, const uchar *c8, uchar *p24)
void SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16], const uchar lm_resp[24], uint8 sess_key[16])
void SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16], uchar *c8, uchar *p24)