53 #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) 58 # include <openssl/des.h> 59 # ifndef OPENSSL_NO_MD4 60 # include <openssl/md4.h> 62 # include <openssl/md5.h> 63 # include <openssl/ssl.h> 64 # include <openssl/rand.h> 67 # ifndef OPENSSL_NO_MD4 74 # if (OPENSSL_VERSION_NUMBER < 0x00907001L) 75 # define DES_key_schedule des_key_schedule 76 # define DES_cblock des_cblock 77 # define DES_set_odd_parity des_set_odd_parity 78 # define DES_set_key des_set_key 79 # define DES_ecb_encrypt des_ecb_encrypt 81 # define DESKEYARG(x) x 83 # define DESKEYARG(x) *x 87 #elif defined(USE_GNUTLS_NETTLE) 89 # include <nettle/des.h> 90 # include <nettle/md4.h> 92 #elif defined(USE_GNUTLS) 95 # define MD5_DIGEST_LENGTH 16 96 # define MD4_DIGEST_LENGTH 16 98 #elif defined(USE_NSS) 101 # include <pk11pub.h> 104 # define MD5_DIGEST_LENGTH MD5_LENGTH 106 #elif defined(USE_MBEDTLS) 108 # include <mbedtls/des.h> 109 # include <mbedtls/md4.h> 110 # if !defined(MBEDTLS_MD4_C) 114 #elif defined(USE_DARWINSSL) 116 # include <CommonCrypto/CommonCryptor.h> 117 # include <CommonCrypto/CommonDigest.h> 119 #elif defined(USE_OS400CRYPTO) 120 # include "cipher.mih" 122 #elif defined(USE_WIN32_CRYPTO) 123 # include <wincrypt.h> 125 # error "Can't compile NTLM support without a crypto library." 142 #define NTLM_HMAC_MD5_LEN (16) 143 #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" 144 #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) 149 static void extend_key_56_to_64(
const unsigned char *key_56,
char *
key)
152 key[1] = (
unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
153 key[2] = (
unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
154 key[3] = (
unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
155 key[4] = (
unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
156 key[5] = (
unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
157 key[6] = (
unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
158 key[7] = (
unsigned char) ((key_56[6] << 1) & 0xFF);
166 static void setup_des_key(
const unsigned char *key_56,
167 DES_key_schedule DESKEYARG(ks))
172 extend_key_56_to_64(key_56, (
char *) &key);
181 #elif defined(USE_GNUTLS_NETTLE) 183 static void setup_des_key(
const unsigned char *key_56,
189 extend_key_56_to_64(key_56, key);
192 Curl_des_set_odd_parity((
unsigned char *) key,
sizeof(key));
195 des_set_key(des, (
const uint8_t *) key);
198 #elif defined(USE_GNUTLS) 203 static void setup_des_key(
const unsigned char *key_56,
204 gcry_cipher_hd_t *des)
209 extend_key_56_to_64(key_56, key);
212 Curl_des_set_odd_parity((
unsigned char *) key,
sizeof(key));
215 gcry_cipher_setkey(*des, key,
sizeof(key));
218 #elif defined(USE_NSS) 225 static bool encrypt_des(
const unsigned char *in,
unsigned char *out,
226 const unsigned char *key_56)
228 const CK_MECHANISM_TYPE mech = CKM_DES_ECB;
229 PK11SlotInfo *slot = NULL;
232 PK11SymKey *symkey = NULL;
233 SECItem *
param = NULL;
234 PK11Context *ctx = NULL;
239 slot = PK11_GetInternalKeySlot();
244 extend_key_56_to_64(key_56, key);
247 Curl_des_set_odd_parity((
unsigned char *) key,
sizeof(key));
250 key_item.data = (
unsigned char *)key;
251 key_item.len =
sizeof(
key);
252 symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
258 param = PK11_ParamFromIV(mech, NULL);
261 ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
266 if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, 8,
267 (
unsigned char *)in, 8)
268 && SECSuccess == PK11_Finalize(ctx))
274 PK11_DestroyContext(ctx, PR_TRUE);
276 PK11_FreeSymKey(symkey);
278 SECITEM_FreeItem(param, PR_TRUE);
283 #elif defined(USE_MBEDTLS) 285 static bool encrypt_des(
const unsigned char *in,
unsigned char *out,
286 const unsigned char *key_56)
288 mbedtls_des_context ctx;
292 extend_key_56_to_64(key_56, key);
295 mbedtls_des_key_set_parity((
unsigned char *) key);
298 mbedtls_des_init(&ctx);
299 mbedtls_des_setkey_enc(&ctx, (
unsigned char *) key);
300 return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
303 #elif defined(USE_DARWINSSL) 305 static bool encrypt_des(
const unsigned char *in,
unsigned char *out,
306 const unsigned char *key_56)
313 extend_key_56_to_64(key_56, key);
316 Curl_des_set_odd_parity((
unsigned char *) key,
sizeof(key));
319 err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
320 kCCKeySizeDES, NULL, in, 8 , out,
323 return err == kCCSuccess;
326 #elif defined(USE_OS400CRYPTO) 328 static bool encrypt_des(
const unsigned char *in,
unsigned char *out,
329 const unsigned char *key_56)
332 _CIPHER_Control_T ctl;
335 ctl.Func_ID = ENCRYPT_ONLY;
336 ctl.Data_Len =
sizeof(
key);
339 extend_key_56_to_64(key_56, ctl.Crypto_Key);
342 Curl_des_set_odd_parity((
unsigned char *) ctl.Crypto_Key, ctl.Data_Len);
345 _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in);
350 #elif defined(USE_WIN32_CRYPTO) 352 static bool encrypt_des(
const unsigned char *in,
unsigned char *out,
353 const unsigned char *key_56)
365 if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
366 CRYPT_VERIFYCONTEXT))
370 memset(&blob, 0,
sizeof(blob));
371 blob.hdr.bType = PLAINTEXTKEYBLOB;
372 blob.hdr.bVersion = 2;
373 blob.hdr.aiKeyAlg = CALG_DES;
374 blob.len =
sizeof(blob.key);
377 extend_key_56_to_64(key_56, blob.key);
380 Curl_des_set_odd_parity((
unsigned char *) blob.key,
sizeof(blob.key));
383 if(!CryptImportKey(hprov, (
BYTE *) &blob,
sizeof(blob), 0, 0, &hkey)) {
384 CryptReleaseContext(hprov, 0);
392 CryptEncrypt(hkey, 0,
FALSE, 0, out, &len, len);
394 CryptDestroyKey(hkey);
395 CryptReleaseContext(hprov, 0);
407 void Curl_ntlm_core_lm_resp(
const unsigned char *keys,
408 const unsigned char *plaintext,
409 unsigned char *results)
414 setup_des_key(keys, DESKEY(ks));
416 DESKEY(ks), DES_ENCRYPT);
418 setup_des_key(keys + 7, DESKEY(ks));
420 DESKEY(ks), DES_ENCRYPT);
422 setup_des_key(keys + 14, DESKEY(ks));
424 DESKEY(ks), DES_ENCRYPT);
425 #elif defined(USE_GNUTLS_NETTLE) 427 setup_des_key(keys, &des);
428 des_encrypt(&des, 8, results, plaintext);
429 setup_des_key(keys + 7, &des);
430 des_encrypt(&des, 8, results + 8, plaintext);
431 setup_des_key(keys + 14, &des);
432 des_encrypt(&des, 8, results + 16, plaintext);
433 #elif defined(USE_GNUTLS) 434 gcry_cipher_hd_t des;
436 gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
437 setup_des_key(keys, &des);
438 gcry_cipher_encrypt(des, results, 8, plaintext, 8);
439 gcry_cipher_close(des);
441 gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
442 setup_des_key(keys + 7, &des);
443 gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
444 gcry_cipher_close(des);
446 gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
447 setup_des_key(keys + 14, &des);
448 gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
449 gcry_cipher_close(des);
450 #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ 451 || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) 452 encrypt_des(plaintext, results, keys);
453 encrypt_des(plaintext, results + 8, keys + 7);
454 encrypt_des(plaintext, results + 16, keys + 14);
463 unsigned char *lmbuffer )
466 unsigned char pw[14];
467 static const unsigned char magic[] = {
468 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25
470 size_t len =
CURLMIN(strlen(password), 14);
473 memset(&pw[len], 0, 14 - len);
489 setup_des_key(pw, DESKEY(ks));
491 DESKEY(ks), DES_ENCRYPT);
493 setup_des_key(pw + 7, DESKEY(ks));
495 DESKEY(ks), DES_ENCRYPT);
496 #elif defined(USE_GNUTLS_NETTLE) 498 setup_des_key(pw, &des);
499 des_encrypt(&des, 8, lmbuffer, magic);
500 setup_des_key(pw + 7, &des);
501 des_encrypt(&des, 8, lmbuffer + 8, magic);
502 #elif defined(USE_GNUTLS) 503 gcry_cipher_hd_t des;
505 gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
506 setup_des_key(pw, &des);
507 gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
508 gcry_cipher_close(des);
510 gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
511 setup_des_key(pw + 7, &des);
512 gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
513 gcry_cipher_close(des);
514 #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ 515 || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) 516 encrypt_des(magic, lmbuffer, pw);
517 encrypt_des(magic, lmbuffer + 8, pw + 7);
520 memset(lmbuffer + 16, 0, 21 - 16);
526 #ifdef USE_NTRESPONSES 527 static void ascii_to_unicode_le(
unsigned char *dest,
const char *src,
531 for(i = 0; i < srclen; i++) {
532 dest[2 *
i] = (
unsigned char)src[i];
533 dest[2 * i + 1] =
'\0';
537 #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) 539 static void ascii_uppercase_to_unicode_le(
unsigned char *dest,
540 const char *src,
size_t srclen)
543 for(i = 0; i < srclen; i++) {
545 dest[2 * i + 1] =
'\0';
556 const char *password,
557 unsigned char *ntbuffer )
559 size_t len = strlen(password);
560 unsigned char *pw =
malloc(len * 2);
565 ascii_to_unicode_le(pw, password, len);
582 #elif defined(USE_GNUTLS_NETTLE) 583 struct md4_ctx MD4pw;
585 md4_update(&MD4pw, (
unsigned int)(2 * len), pw);
586 md4_digest(&MD4pw, MD4_DIGEST_SIZE, ntbuffer);
587 #elif defined(USE_GNUTLS) 589 gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
590 gcry_md_write(MD4pw, pw, 2 * len);
591 memcpy(ntbuffer, gcry_md_read(MD4pw, 0), MD4_DIGEST_LENGTH);
592 gcry_md_close(MD4pw);
593 #elif defined(USE_NSS) 594 Curl_md4it(ntbuffer, pw, 2 * len);
595 #elif defined(USE_MBEDTLS) 596 #if defined(MBEDTLS_MD4_C) 597 mbedtls_md4(pw, 2 * len, ntbuffer);
599 Curl_md4it(ntbuffer, pw, 2 * len);
601 #elif defined(USE_DARWINSSL) 602 (void)CC_MD4(pw, (CC_LONG)(2 *
len), ntbuffer);
603 #elif defined(USE_OS400CRYPTO) 604 Curl_md4it(ntbuffer, pw, 2 * len);
605 #elif defined(USE_WIN32_CRYPTO) 607 if(CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
608 CRYPT_VERIFYCONTEXT)) {
610 if(CryptCreateHash(hprov, CALG_MD4, 0, 0, &hhash)) {
612 CryptHashData(hhash, pw, (
unsigned int)len * 2, 0);
613 CryptGetHashParam(hhash, HP_HASHVAL, ntbuffer, &length, 0);
614 CryptDestroyHash(hhash);
616 CryptReleaseContext(hprov, 0);
620 memset(ntbuffer + 16, 0, 21 - 16);
628 #if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) 631 CURLcode Curl_hmac_md5(
const unsigned char *key,
unsigned int keylen,
632 const unsigned char *data,
unsigned int datalen,
652 CURLcode Curl_ntlm_core_mk_ntlmv2_hash(
const char *user,
size_t userlen,
653 const char *domain,
size_t domlen,
654 unsigned char *ntlmhash,
655 unsigned char *ntlmv2hash)
658 size_t identity_len = (userlen + domlen) * 2;
659 unsigned char *identity =
malloc(identity_len);
665 ascii_uppercase_to_unicode_le(identity, user, userlen);
666 ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
668 result = Curl_hmac_md5(ntlmhash, 16, identity,
curlx_uztoui(identity_len),
693 CURLcode Curl_ntlm_core_mk_ntlmv2_resp(
unsigned char *ntlmv2hash,
694 unsigned char *challenge_client,
695 struct ntlmdata *ntlm,
696 unsigned char **ntresp,
697 unsigned int *ntresp_len)
714 unsigned int len = 0;
715 unsigned char *
ptr = NULL;
716 unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
721 #if CURL_SIZEOF_CURL_OFF_T < 8 722 #error "this section needs 64bit support to work" 727 char *force_timestamp =
getenv(
"CURL_FORCETIME");
735 len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
745 snprintf((
char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
748 NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1],
749 NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3],
752 Curl_write64_le(tw, ptr + 24);
753 memcpy(ptr + 32, challenge_client, 8);
754 memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
757 memcpy(ptr + 8, &ntlm->nonce[0], 8);
758 result = Curl_hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8,
759 NTLMv2_BLOB_LEN + 8, hmac_output);
766 memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN);
789 CURLcode Curl_ntlm_core_mk_lmv2_resp(
unsigned char *ntlmv2hash,
790 unsigned char *challenge_client,
791 unsigned char *challenge_server,
792 unsigned char *lmresp)
794 unsigned char data[16];
795 unsigned char hmac_output[16];
798 memcpy(&data[0], challenge_server, 8);
799 memcpy(&data[8], challenge_client, 8);
801 result = Curl_hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output);
806 memcpy(lmresp, hmac_output, 16);
807 memcpy(lmresp + 16, challenge_client, 8);
bool param(const std::string ¶m_name, T ¶m_val, const T &default_val)
const HMAC_params Curl_HMAC_MD5[1]
UNITTEST_START char * ptr
int Curl_HMAC_final(HMAC_context *context, unsigned char *result)
#define DES_set_odd_parity
UNITTEST_START int result
void Curl_strntoupper(char *dest, const char *src, size_t n)
memcpy(filename, filename1, strlen(filename1))
UNITTEST_START char * output
#define CURL_OFF_T_C(Val)
int Curl_HMAC_update(HMAC_context *context, const unsigned char *data, unsigned int len)
#define Curl_convert_to_network(a, b, c)
CURL_TYPEOF_CURL_OFF_T curl_off_t
unsigned int curlx_uztoui(size_t uznum)
HMAC_context * Curl_HMAC_init(const HMAC_params *hashparams, const unsigned char *key, unsigned int keylen)
TFSIMD_FORCE_INLINE tfScalar length(const Quaternion &q)
char Curl_raw_toupper(char in)