iPXE
ntlm.h
Go to the documentation of this file.
1 #ifndef _IPXE_NTLM_H
2 #define _IPXE_NTLM_H
3 
4 /** @file
5  *
6  * NT LAN Manager (NTLM) authentication
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <ipxe/crypto.h>
14 #include <ipxe/md5.h>
15 
16 /** A message header */
17 struct ntlm_header {
18  /** Magic signature */
20  /** Message type */
22 } __attribute__ (( packed ));
23 
24 /** Magic signature */
25 #define NTLM_MAGIC { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' }
26 
27 /** Message types */
28 enum ntlm_type {
29  /** Negotiate message type */
30  NTLM_NEGOTIATE = 0x00000001UL,
31  /** Challenge message type */
32  NTLM_CHALLENGE = 0x00000002UL,
33  /** Authenticate message */
34  NTLM_AUTHENTICATE = 0x00000003UL,
35 };
36 
37 /** Negotiation flags */
38 enum ntlm_flags {
39  /** Negotiate key exchange */
40  NTLM_NEGOTIATE_KEY_EXCH = 0x20000000UL,
41  /** Negotiate extended security */
43  /** Negotiate always sign */
45  /** Negotiate NTLM key */
46  NTLM_NEGOTIATE_NTLM = 0x00000200UL,
47  /** Request target name and information */
48  NTLM_REQUEST_TARGET = 0x00000004UL,
49  /** Negotiate Unicode character encoding */
50  NTLM_NEGOTIATE_UNICODE = 0x00000001UL,
51 };
52 
53 /** A version descriptor */
54 struct ntlm_version {
55  /** Product major version */
57  /** Product minor version */
59  /** Product build number */
61  /** Reserved */
63  /** NTLMSSP revision */
65 } __attribute__ (( packed ));
66 
67 /** A nonce */
68 struct ntlm_nonce {
69  /** Raw bytes */
71 } __attribute__ (( packed ));
72 
73 /** A variable-length data descriptor */
74 struct ntlm_data {
75  /** Length (in bytes) */
77  /** Maximum length (in bytes)
78  *
79  * Should always be set equal to the length; this field is
80  * entirely superfluous.
81  */
83  /** Offset from start of message header */
85 } __attribute__ (( packed ));
86 
87 /** A Negotiate message */
89  /** Message header */
91  /** Negotiation flags */
93  /** Domain name */
94  struct ntlm_data domain;
95  /** Workstation name */
97 } __attribute__ (( packed ));
98 
99 /** A Challenge message */
101  /** Message header */
103  /** Target name */
104  struct ntlm_data name;
105  /** Negotiation flags */
107  /** Server nonce */
109  /** Reserved */
111  /** Target information */
112  struct ntlm_data info;
113 } __attribute__ (( packed ));
114 
115 /** An Authenticate message */
117  /** Message header */
119  /** LAN Manager response */
120  struct ntlm_data lm;
121  /** NT response */
122  struct ntlm_data nt;
123  /** Domain name */
125  /** User name */
126  struct ntlm_data user;
127  /** Workstation name */
129  /** Session key */
131  /** Negotiation flags */
133 } __attribute__ (( packed ));
134 
135 /** A LAN Manager response */
137  /** HMAC-MD5 digest */
139  /** Client nonce */
141 } __attribute__ (( packed ));
142 
143 /** An NT response */
145  /** HMAC-MD5 digest */
147  /** Response version */
149  /** Highest response version */
151  /** Reserved */
153  /** Current time */
155  /** Client nonce */
157  /** Must be zero */
159 } __attribute__ (( packed ));
160 
161 /** NTLM version */
162 #define NTLM_VERSION_NTLMV2 0x01
163 
164 /** NTLM challenge information */
166  /** Server nonce */
167  struct ntlm_nonce *nonce;
168  /** Target information */
169  void *target;
170  /** Length of target information */
171  size_t len;
172 };
173 
174 /** An NTLM verification key */
175 struct ntlm_key {
176  /** Raw bytes */
178 };
179 
180 extern const struct ntlm_negotiate ntlm_negotiate;
181 extern int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len,
182  struct ntlm_challenge_info *info );
183 extern void ntlm_key ( const char *domain, const char *username,
184  const char *password, struct ntlm_key *key );
185 extern void ntlm_response ( struct ntlm_challenge_info *info,
186  struct ntlm_key *key, struct ntlm_nonce *nonce,
187  struct ntlm_lm_response *lm,
188  struct ntlm_nt_response *nt );
189 extern size_t ntlm_authenticate ( struct ntlm_challenge_info *info,
190  const char *domain, const char *username,
191  const char *workstation,
192  struct ntlm_lm_response *lm,
193  struct ntlm_nt_response *nt,
194  struct ntlm_authenticate *auth );
195 extern size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info,
196  const char *domain, const char *username,
197  const char *workstation );
198 
199 #endif /* _IPXE_NTLM_H */
struct ntlm_nonce * nonce
Server nonce.
Definition: ntlm.h:167
int ntlm_challenge(struct ntlm_challenge *challenge, size_t len, struct ntlm_challenge_info *info)
Parse NTLM Challenge.
Definition: ntlm.c:68
unsigned short uint16_t
Definition: stdint.h:11
A variable-length data descriptor.
Definition: ntlm.h:74
uint8_t magic[8]
Magic signature.
Definition: ntlm.h:19
uint8_t major
Product major version.
Definition: ntlm.h:56
uint8_t minor
Product minor version.
Definition: ntlm.h:58
uint8_t digest[MD5_DIGEST_SIZE]
HMAC-MD5 digest.
Definition: ntlm.h:146
struct ntlm_data lm
LAN Manager response.
Definition: ntlm.h:120
uint8_t high
Highest response version.
Definition: ntlm.h:150
uint8_t reserved_a[6]
Reserved.
Definition: ntlm.h:152
size_t ntlm_authenticate(struct ntlm_challenge_info *info, const char *domain, const char *username, const char *workstation, struct ntlm_lm_response *lm, struct ntlm_nt_response *nt, struct ntlm_authenticate *auth)
Construct NTLM Authenticate message.
Definition: ntlm.c:266
enum ntlm_type __attribute__
Negotiate NTLM key.
Definition: ntlm.h:46
unsigned long long uint64_t
Definition: stdint.h:13
ntlm_flags
Negotiation flags.
Definition: ntlm.h:38
Cryptographic API.
size_t len
Length of target information.
Definition: ntlm.h:171
static void void * auth
Definition: crypto.h:264
struct ntlm_header header
Message header.
Definition: ntlm.h:118
uint16_t len
Length (in bytes)
Definition: ntlm.h:76
struct ntlm_data info
Target information.
Definition: ntlm.h:22
Authenticate message.
Definition: ntlm.h:34
uint64_t time
Current time.
Definition: ntlm.h:154
uint8_t reserved[3]
Reserved.
Definition: ntlm.h:62
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
struct ntlm_data nt
NT response.
Definition: ntlm.h:16
uint16_t build
Product build number.
Definition: ntlm.h:60
struct ntlm_data domain
Domain name.
Definition: ntlm.h:94
Negotiate always sign.
Definition: ntlm.h:44
void ntlm_response(struct ntlm_challenge_info *info, struct ntlm_key *key, struct ntlm_nonce *nonce, struct ntlm_lm_response *lm, struct ntlm_nt_response *nt)
Construct NTLM responses.
Definition: ntlm.c:166
uint8_t digest[MD5_DIGEST_SIZE]
HMAC-MD5 digest.
Definition: ntlm.h:138
An Authenticate message.
Definition: ntlm.h:116
uint8_t version
Response version.
Definition: ntlm.h:148
An NTLM verification key.
Definition: ntlm.h:175
ntlm_type
Message types.
Definition: ntlm.h:28
uint16_t len
Length (in bytes)
Definition: ntlm.h:12
struct ntlm_nonce nonce
Client nonce.
Definition: ntlm.h:156
uint32_t flags
Negotiation flags.
Definition: ntlm.h:92
uint16_t max_len
Maximum length (in bytes)
Definition: ntlm.h:82
struct ntlm_data workstation
Workstation name.
Definition: ntlm.h:128
uint32_t flags
Negotiation flags.
Definition: ntlm.h:106
A message header.
Definition: ntlm.h:17
struct ntlm_data domain
Domain name.
Definition: ntlm.h:124
struct ntlm_data lm
LAN Manager response.
Definition: ntlm.h:14
unsigned char uint8_t
Definition: stdint.h:10
Challenge message type.
Definition: ntlm.h:32
struct ntlm_header header
Message header.
Definition: ntlm.h:90
A nonce.
Definition: ntlm.h:68
void * target
Target information.
Definition: ntlm.h:169
struct ntlm_data session
Session key.
Definition: ntlm.h:130
struct ntlm_nonce nonce
Client nonce.
Definition: ntlm.h:140
Negotiate extended security.
Definition: ntlm.h:42
size_t ntlm_authenticate_len(struct ntlm_challenge_info *info, const char *domain, const char *username, const char *workstation)
Calculate NTLM Authenticate message length.
Definition: ntlm.c:325
unsigned int uint32_t
Definition: stdint.h:12
uint32_t zero
Must be zero.
Definition: ntlm.h:158
struct ntlm_data nt
NT response.
Definition: ntlm.h:122
uint32_t flags
Negotiation flags.
Definition: ntlm.h:132
struct ntlm_data name
Target name.
Definition: ntlm.h:104
struct ntlm_data user
User name.
Definition: ntlm.h:126
struct ntlm_data workstation
Workstation name.
Definition: ntlm.h:96
Negotiate key exchange.
Definition: ntlm.h:40
struct ntlm_data info
Target information.
Definition: ntlm.h:112
Negotiate message type.
Definition: ntlm.h:30
struct ntlm_header header
Message header.
Definition: ntlm.h:102
A Challenge message.
Definition: ntlm.h:100
uint8_t raw[MD5_DIGEST_SIZE]
Raw bytes.
Definition: ntlm.h:177
uint8_t reserved[8]
Reserved.
Definition: ntlm.h:110
uint8_t revision
NTLMSSP revision.
Definition: ntlm.h:64
uint32_t offset
Offset from start of message header.
Definition: ntlm.h:84
uint32_t type
Message type.
Definition: ntlm.h:21
uint8_t raw[8]
Raw bytes.
Definition: ntlm.h:70
struct ntlm_data workstation
Workstation name.
Definition: ntlm.h:18
#define MD5_DIGEST_SIZE
MD5 digest size.
Definition: md5.h:72
A version descriptor.
Definition: ntlm.h:54
struct ntlm_nonce nonce
Server nonce.
Definition: ntlm.h:108
NTLM challenge information.
Definition: ntlm.h:165
An NT response.
Definition: ntlm.h:144
MD5 algorithm.
Request target name and information.
Definition: ntlm.h:48
A LAN Manager response.
Definition: ntlm.h:136
Negotiate Unicode character encoding.
Definition: ntlm.h:50
struct ntlm_nonce nonce
Server nonce.
Definition: ntlm.h:18
union @382 key
Sense key.
Definition: crypto.h:284
void ntlm_key(const char *domain, const char *username, const char *password, struct ntlm_key *key)
Calculate NTLM verification key.
Definition: ntlm.c:114
struct ntlm_data domain
Domain name.
Definition: ntlm.h:16
A Negotiate message.
Definition: ntlm.h:88