NT LAN Manager (NTLM) authentication. More...

#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <byteswap.h>
#include <ipxe/md4.h>
#include <ipxe/md5.h>
#include <ipxe/hmac.h>
#include <ipxe/ntlm.h>

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)

int	ntlm_challenge (struct ntlm_challenge challenge, size_t len, struct ntlm_challenge_info info)
	Parse NTLM Challenge. More...

void	ntlm_key (const char domain, const char username, const char password, struct ntlm_key key)
	Calculate NTLM verification key. More...

void	ntlm_response (struct ntlm_challenge_info info, struct ntlm_key key, struct ntlm_nonce nonce, struct ntlm_lm_response lm, struct ntlm_nt_response *nt)
	Construct NTLM responses. More...

static void *	ntlm_append (struct ntlm_header header, struct ntlm_data data, void *payload, size_t len)
	Append data to NTLM message. More...

static void *	ntlm_append_string (struct ntlm_header header, struct ntlm_data data, void payload, const char string)
	Append Unicode string data to NTLM message. More...

size_t	ntlm_authenticate (struct ntlm_challenge_info info, const char domain, const char username, const char workstation, struct ntlm_lm_response lm, struct ntlm_nt_response nt, struct ntlm_authenticate *auth)
	Construct NTLM Authenticate message. More...

size_t	ntlm_authenticate_len (struct ntlm_challenge_info info, const char domain, const char username, const char workstation)
	Calculate NTLM Authenticate message length. More...

Variables
const struct ntlm_negotiate	ntlm_negotiate
	Negotiate message. More...

Detailed Description

NT LAN Manager (NTLM) authentication.

Definition in file ntlm.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ ntlm_challenge()

int ntlm_challenge	(	struct ntlm_challenge *	challenge,
		size_t	len,
		struct ntlm_challenge_info *	info
	)

Parse NTLM Challenge.

Parameters

challenge	Challenge message
len	Length of Challenge message
info	Challenge information to fill in

Return values

rc	Return status code

Definition at line 68 of file ntlm.c.

                                                         {
         size_t offset;
 
         DBGC ( challenge, "NTLM challenge message:\n" );
         DBGC_HDA ( challenge, 0, challenge, len );
 
         /* Sanity checks */
         if ( len < sizeof ( *challenge ) ) {
                 DBGC ( challenge, "NTLM underlength challenge (%zd bytes)\n",
                        len );
                 return -EINVAL;
         }
 
         /* Extract nonce */
         info->nonce = &challenge->nonce;
         DBGC ( challenge, "NTLM challenge nonce:\n" );
         DBGC_HDA ( challenge, 0, info->nonce, sizeof ( *info->nonce ) );
 
         /* Extract target information */
         info->len = le16_to_cpu ( challenge->info.len );
         offset = le32_to_cpu ( challenge->info.offset );
         if ( ( offset > len ) ||
              ( info->len > ( len - offset ) ) ) {
                 DBGC ( challenge, "NTLM target information outside "
                        "challenge\n" );
                 DBGC_HDA ( challenge, 0, challenge, len );
                 return -EINVAL;
         }
         info->target = ( ( ( void * ) challenge ) + offset );
         DBGC ( challenge, "NTLM challenge target information:\n" );
         DBGC_HDA ( challenge, 0, info->target, info->len );
 
         return 0;
 }

References DBGC, DBGC_HDA, EINVAL, info, ntlm_challenge::info, le16_to_cpu, le32_to_cpu, len, ntlm_data::len, ntlm_challenge::nonce, ntlm_data::offset, and offset.

◆ ntlm_key()

void ntlm_key	(	const char *	domain,
		const char *	username,
		const char *	password,
		struct ntlm_key *	key
	)

Calculate NTLM verification key.

Parameters

domain	Domain name (or NULL)
username	User name (or NULL)
password	Password (or NULL)
key	Key to fill in

This is the NTOWFv2() function as defined in MS-NLMP.

Definition at line 114 of file ntlm.c.

                                                              {
         struct digest_algorithm *md4 = &md4_algorithm;
         struct digest_algorithm *md5 = &md5_algorithm;
         union {
                 uint8_t md4[MD4_CTX_SIZE];
                 uint8_t md5[ MD5_CTX_SIZE + MD5_BLOCK_SIZE ];
         } ctx;
         uint8_t digest[MD4_DIGEST_SIZE];
         uint8_t c;
         uint16_t wc;
 
         /* Use empty usernames/passwords if not specified */
         if ( ! domain )
                 domain = "";
         if ( ! username )
                 username = "";
         if ( ! password )
                 password = "";
 
         /* Construct MD4 digest of (Unicode) password */
         digest_init ( md4, ctx.md4 );
         while ( ( c = *(password++) ) ) {
                 wc = cpu_to_le16 ( c );
                 digest_update ( md4, ctx.md4, &wc, sizeof ( wc ) );
         }
         digest_final ( md4, ctx.md4, digest );
 
         /* Construct HMAC-MD5 of (Unicode) upper-case username */
         hmac_init ( md5, ctx.md5, digest, sizeof ( digest ) );
         while ( ( c = *(username++) ) ) {
                 wc = cpu_to_le16 ( toupper ( c ) );
                 hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) );
         }
         while ( ( c = *(domain++) ) ) {
                 wc = cpu_to_le16 ( c );
                 hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) );
         }
         hmac_final ( md5, ctx.md5, key->raw );
         DBGC ( key, "NTLM key:\n" );
         DBGC_HDA ( key, 0, key, sizeof ( *key ) );
 }

References c, cpu_to_le16, ctx, DBGC, DBGC_HDA, digest, domain, hmac_final(), hmac_init(), hmac_update(), key, md4_algorithm, MD4_CTX_SIZE, MD4_DIGEST_SIZE, md5_algorithm, MD5_BLOCK_SIZE, MD5_CTX_SIZE, toupper(), and wc.

Referenced by http_ntlm_authenticate(), ntlm_authenticate_okx(), and ntlm_key_okx().

◆ ntlm_response()

void ntlm_response	(	struct ntlm_challenge_info *	info,
		struct ntlm_key *	key,
		struct ntlm_nonce *	nonce,
		struct ntlm_lm_response *	lm,
		struct ntlm_nt_response *	nt
	)

Construct NTLM responses.

Parameters

info	Challenge information
key	Verification key
nonce	Nonce, or NULL to use a random nonce
lm	LAN Manager response to fill in
nt	NT response to fill in

Definition at line 166 of file ntlm.c.

                                                    {
         struct digest_algorithm *md5 = &md5_algorithm;
         struct ntlm_nonce tmp_nonce;
         uint8_t ctx[ MD5_CTX_SIZE + MD5_BLOCK_SIZE ];
         unsigned int i;
 
         /* Generate random nonce, if needed */
         if ( ! nonce ) {
                 for ( i = 0 ; i < sizeof ( tmp_nonce ) ; i++ )
                         tmp_nonce.raw[i] = random();
                 nonce = &tmp_nonce;
         }
 
         /* Construct LAN Manager response */
         memcpy ( &lm->nonce, nonce, sizeof ( lm->nonce ) );
         hmac_init ( md5, ctx, key->raw, sizeof ( *key ) );
         hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) );
         hmac_update ( md5, ctx, &lm->nonce, sizeof ( lm->nonce ) );
         hmac_final ( md5, ctx, lm->digest );
         DBGC ( key, "NTLM LAN Manager response:\n" );
         DBGC_HDA ( key, 0, lm, sizeof ( *lm ) );
 
         /* Construct NT response */
         memset ( nt, 0, sizeof ( *nt ) );
         nt->version = NTLM_VERSION_NTLMV2;
         nt->high = NTLM_VERSION_NTLMV2;
         memcpy ( &nt->nonce, nonce, sizeof ( nt->nonce ) );
         hmac_init ( md5, ctx, key->raw, sizeof ( *key ) );
         hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) );
         hmac_update ( md5, ctx, &nt->version,
                       ( sizeof ( *nt ) -
                         offsetof ( typeof ( *nt ), version ) ) );
         hmac_update ( md5, ctx, info->target, info->len );
         hmac_update ( md5, ctx, &nt->zero, sizeof ( nt->zero ) );
         hmac_final ( md5, ctx, nt->digest );
         DBGC ( key, "NTLM NT response prefix:\n" );
         DBGC_HDA ( key, 0, nt, sizeof ( *nt ) );
 }

References ctx, DBGC, DBGC_HDA, hmac_final(), hmac_init(), hmac_update(), info, key, lm, md5_algorithm, MD5_BLOCK_SIZE, MD5_CTX_SIZE, memcpy(), memset(), nonce, nt, NTLM_VERSION_NTLMV2, offsetof, random(), ntlm_nonce::raw, typeof(), and version.

Referenced by http_ntlm_authenticate(), and ntlm_authenticate_okx().

◆ ntlm_append()

static void* ntlm_append	(	struct ntlm_header *	header,
		struct ntlm_data *	data,
		void *	payload,
		size_t	len
	)

static

Append data to NTLM message.

Parameters

header	Message header, or NULL to only calculate next payload
data	Data descriptor
payload	Data payload
len	Length of data

Return values

payload Next data payload

Definition at line 216 of file ntlm.c.

                                                         {
 
         /* Populate data descriptor */
         if ( header ) {
                 data->offset = cpu_to_le32 ( payload - ( ( void * ) header ) );
                 data->len = data->max_len = cpu_to_le16 ( len );
         }
 
         return ( payload + len );
 }

References cpu_to_le16, cpu_to_le32, data, header, and len.

Referenced by ntlm_append_string(), and ntlm_authenticate().

◆ ntlm_append_string()

static void* ntlm_append_string	(	struct ntlm_header *	header,
		struct ntlm_data *	data,
		void *	payload,
		const char *	string
	)

static

Append Unicode string data to NTLM message.

Parameters

header	Message header, or NULL to only calculate next payload
data	Data descriptor
payload	Data payload
string	String to append, or NULL

Return values

payload Next data payload

Definition at line 237 of file ntlm.c.

                                                         {
         uint16_t *tmp = payload;
         uint8_t c;
 
         /* Convert string to Unicode */
         for ( tmp = payload ; ( string && ( c = *(string++) ) ) ; tmp++ ) {
                 if ( header )
                         *tmp = cpu_to_le16 ( c );
         }
 
         /* Append string data */
         return ntlm_append ( header, data, payload,
                              ( ( ( void * ) tmp ) - payload ) );
 }

References c, cpu_to_le16, data, header, ntlm_append(), and tmp.

Referenced by ntlm_authenticate().

◆ ntlm_authenticate()

size_t ntlm_authenticate	(	struct ntlm_challenge_info *	info,
		const char *	domain,
		const char *	username,
		const char *	workstation,
		struct ntlm_lm_response *	lm,
		struct ntlm_nt_response *	nt,
		struct ntlm_authenticate *	auth
	)

Construct NTLM Authenticate message.

Parameters

info	Challenge information
domain	Domain name, or NULL
username	User name, or NULL
workstation	Workstation name, or NULL
lm	LAN Manager response
nt	NT response
auth	Message to fill in, or NULL to only calculate length

Return values

len	Length of message

Definition at line 266 of file ntlm.c.

                                                             {
         void *tmp;
         size_t nt_len;
         size_t len;
 
         /* Construct response header */
         if ( auth ) {
                 memset ( auth, 0, sizeof ( *auth ) );
                 memcpy ( auth->header.magic, ntlm_negotiate.header.magic,
                          sizeof ( auth->header.magic ) );
                 auth->header.type = cpu_to_le32 ( NTLM_AUTHENTICATE );
                 auth->flags = ntlm_negotiate.flags;
         }
         tmp = ( ( ( void * ) auth ) + sizeof ( *auth ) );
 
         /* Construct LAN Manager response */
         if ( auth )
                 memcpy ( tmp, lm, sizeof ( *lm ) );
         tmp = ntlm_append ( &auth->header, &auth->lm, tmp, sizeof ( *lm ) );
 
         /* Construct NT response */
         nt_len = ( sizeof ( *nt ) + info->len + sizeof ( nt->zero ) );
         if ( auth ) {
                 memcpy ( tmp, nt, sizeof ( *nt ) );
                 memcpy ( ( tmp + sizeof ( *nt ) ), info->target, info->len );
                 memset ( ( tmp + sizeof ( *nt ) + info->len ), 0,
                          sizeof ( nt->zero ) );
         }
         tmp = ntlm_append ( &auth->header, &auth->nt, tmp, nt_len );
 
         /* Populate domain, user, and workstation names */
         tmp = ntlm_append_string ( &auth->header, &auth->domain, tmp, domain );
         tmp = ntlm_append_string ( &auth->header, &auth->user, tmp, username );
         tmp = ntlm_append_string ( &auth->header, &auth->workstation, tmp,
                                    workstation );
 
         /* Calculate length */
         len = ( tmp - ( ( void * ) auth ) );
         if ( auth ) {
                 DBGC ( auth, "NTLM authenticate message:\n" );
                 DBGC_HDA ( auth, 0, auth, len );
         }
 
         return len;
 }

References auth, cpu_to_le32, DBGC, DBGC_HDA, domain, ntlm_negotiate::flags, ntlm_negotiate::header, info, len, lm, ntlm_header::magic, memcpy(), memset(), nt, ntlm_append(), ntlm_append_string(), NTLM_AUTHENTICATE, tmp, and workstation.

Referenced by http_format_ntlm_auth(), and ntlm_authenticate_len().

◆ ntlm_authenticate_len()

size_t ntlm_authenticate_len	(	struct ntlm_challenge_info *	info,
		const char *	domain,
		const char *	username,
		const char *	workstation
	)

Calculate NTLM Authenticate message length.

Parameters

info	Challenge information
domain	Domain name, or NULL
username	User name, or NULL
workstation	Workstation name, or NULL

Return values

len	Length of Authenticate message

Definition at line 325 of file ntlm.c.

                                                          {
 
         return ntlm_authenticate ( info, domain, username, workstation,
                                    NULL, NULL, NULL );
 }

References domain, info, ntlm_authenticate(), NULL, and workstation.

Referenced by http_ntlm_authenticate(), and ntlm_authenticate_okx().

Variable Documentation

◆ ntlm_negotiate

const struct ntlm_negotiate ntlm_negotiate

Initial value:

= {
        .header = {
                .magic = NTLM_MAGIC,
                .type = cpu_to_le32 ( NTLM_NEGOTIATE ),
        },
        .flags = cpu_to_le32 ( NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY |
                               NTLM_NEGOTIATE_ALWAYS_SIGN |
                               NTLM_NEGOTIATE_NTLM |
                               NTLM_REQUEST_TARGET |
                               NTLM_NEGOTIATE_UNICODE ),
}

Negotiate message.

This message content is fixed since there is no need to specify the calling workstation name or domain name, and the set of flags is mandated by the MS-NLMP specification.

Definition at line 48 of file ntlm.c.

Functions

Variables

Detailed Description

Function Documentation

◆ FILE_LICENCE()

◆ ntlm_challenge()

◆ ntlm_key()

◆ ntlm_response()

◆ ntlm_append()

◆ ntlm_append_string()

◆ ntlm_authenticate()

◆ ntlm_authenticate_len()

Variable Documentation

◆ ntlm_negotiate