ntlm/ntlmBlobPriv.h

   1 /*
   2  * Copyright (c) 2000-2004,2006-2008,2010,2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * ntlmBlobPriv.h - Private routines used by NtlmGenerator module.
  26  */
  27
  28 #ifndef _NTLM_BLOB_PRIV_H_
  29 #define _NTLM_BLOB_PRIV_H_
  30
  31 #include <CoreFoundation/CFData.h>
  32 #include <CoreFoundation/CFString.h>
  33 #include <stdint.h>
  34 #include <Security/SecBase.h>
  35 #include <Security/SecBasePriv.h>
  36 #include <libkern/OSByteOrder.h>
  37
  38 #ifdef  __cplusplus
  39 extern "C" {
  40 #endif
  41
  42 #ifndef NDEBUG
  43
  44 #include <stdio.h>
  45
  46 #define dprintf(args...) printf(args)
  47 #else
  48 #define dprintf(args...)
  49 #endif
  50
  51 /*
  52  * Common error returns.
  53  *
  54  * This one for "I don't understand the server blob".
  55  */
  56 #define NTLM_ERR_PARSE_ERR                      errSecParam
  57
  58 /*
  59  * This one for protocol variant mismatch (e.g., app requires NTLMv2 but server
  60  * doesn't accept that).
  61  */
  62 #define NTLM_ERR_PROTOCOL_MISMATCH  errSecAuthFailed
  63
  64 /*
  65  * For debugging using fixed pamaters via sourceforge "test vectors".
  66  */
  67 #define DEBUG_FIXED_CHALLENGE   0
  68
  69 /* handy portable NULL-tolerant free() */
  70 #define CFREE(p)                if(p != NULL) { free(p); }
  71
  72 #define NTLM_SIGNATURE                          "NTLMSSP"
  73 #define NTLM_SIGNATURE_LEN                      8                       /* including NULL! */
  74
  75 #define NTLM_MSG_MARKER_TYPE1           1                       /* first client msg */
  76 #define NTLM_MSG_MARKER_TYPE2           2                       /* server challenge */
  77 #define NTLM_MSG_MARKER_TYPE3           3                       /* client response */
  78
  79 /* Size of a security buffer */
  80 #define NTLM_SIZEOF_SEC_BUF             (sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t))
  81
  82 /* length of server challenge in bytes */
  83 #define NTLM_CHALLENGE_LEN                      8
  84
  85 /* length of client nonce in bytes */
  86 #define NTLM_CLIENT_NONCE_LEN           8
  87
  88 /* length of LM and NTLM responses */
  89 #define NTLM_LM_RESPONSE_LEN            24
  90
  91 /* foreced length of LM-style uppper case password */
  92 #define NTLM_LM_PASSWORD_LEN            14
  93
  94 /* max lenght of flattenedString we are willing to consider */
  95 #define NTLM_MAX_STRING_LEN         2048
  96
  97 /*
  98  * Flags - defined here in native endianness; sent over the wire little-endian
  99  */
 100 #define NTLM_NegotiateUnicode           0x00000001
 101 #define NTLM_NegotiateOEM                       0x00000002
 102 #define NTLM_RequestTarget                      0x00000004
 103 #define NTLM_Unknown1                           0x00000008
 104 #define NTLM_NegotiateSign                      0x00000010
 105 #define NTLM_NegotiateSeal                      0x00000020
 106 #define NTLM_NegotiateDatagram          0x00000040
 107 #define NTLM_NegotiateLMKey                     0x00000080
 108 #define NTLM_NegotiateNetware           0x00000100
 109 #define NTLM_NegotiateNTLM                      0x00000200
 110 #define NTLM_Unknown2                           0x00000400
 111 #define NTLM_Unknown3                           0x00000800
 112 #define NTLM_DomainSupplied                     0x00001000
 113 #define NTLM_WorkstationSupplies        0x00002000
 114 #define NTLM_LocalCall                          0x00004000
 115 #define NTLM_AlwaysSign                         0x00008000
 116 #define NTLM_TargetTypeDomain           0x00010000
 117 #define NTLM_TargetTypeServer           0x00020000
 118 #define NTLM_TargetTypeShare            0x00040000
 119 #define NTLM_NegotiateNTLM2Key          0x00080000
 120 #define NTLM_RequestInitResp            0x00100000
 121 #define NTLM_RequestAcceptResp          0x00200000
 122 #define NTLM_RequestNonNTSessionKey 0x00400000
 123 #define NTLM_NegotiateTargetInfo        0x00800000
 124 #define NTLM_Unknown4                           0x01000000
 125 #define NTLM_Unknown5                           0x02000000
 126 #define NTLM_Unknown6                           0x04000000
 127 #define NTLM_Unknown7                           0x08000000
 128 #define NTLM_Unknown8                           0x10000000
 129 #define NTLM_Negotiate128Bit            0x20000000
 130 #define NTLM_NegotiateKeyExchange   0x40000000
 131 #define NTLM_Negotiate56Bit                     0x80000000
 132
 133
 134 /* write a 64-bit word, little endian */
 135 void appendUint64(
 136         CFMutableDataRef        buf,
 137         uint64_t                        word);
 138
 139 /* write a 32-bit word, little endian */
 140 void appendUint32(
 141         CFMutableDataRef        buf,
 142         uint32_t                        word);
 143
 144 /* write a 16-bit word, little endian */
 145 void appendUint16(
 146         CFMutableDataRef        buf,
 147         uint16_t                        word);
 148
 149 /*
 150  * Write a security buffer, providing the index into the CFData at which
 151  * this security buffer's offset is located. Just before the actual data is written,
 152  * go back and update the offset with the start of that data using secBufOffset().
 153  */
 154 void appendSecBuf(
 155         CFMutableDataRef        buf,
 156         uint16_t                        len,
 157         CFIndex                         *offsetIndex);
 158
 159 /*
 160  * Update a security buffer's offset to be the current end of data in a CFData.
 161  */
 162 void secBufOffset(
 163         CFMutableDataRef        buf,
 164         CFIndex                         offsetIndex);           /* obtained from appendSecBuf() */
 165
 166 /*
 167  * Parse/validate a security buffer. Verifies that supplied offset/length don't go
 168  * past end of avaialble data. Returns ptr to actual data and its length. Returns
 169  * errSecParam on bogus values.
 170  */
 171 OSStatus ntlmParseSecBuffer(
 172         const unsigned char *cp,                        /* start of security buffer */
 173         const unsigned char *bufStart,          /* start of whole msg buffer */
 174         unsigned bufLen,                                        /* # of valid bytes starting at bufStart */
 175         const unsigned char **data,                     /* RETURNED, start of actual data */
 176         uint16_t *dataLen);                                     /* RETURNED, length of actual data */
 177
 178 /* random number generator */
 179 void ntlmRand(
 180         unsigned                len,
 181         void                    *buf);                          /* allocated by caller, random data RETURNED */
 182
 183 /* Obtain host name in appropriate encoding */
 184 OSStatus ntlmHostName(
 185         bool                    unicode,
 186         unsigned char   **flat,                         // mallocd and RETURNED
 187         unsigned                *flatLen);                      // RETURNED
 188
 189 void ntlmAppendTimestamp(
 190         CFMutableDataRef ntlmV2Blob);
 191
 192 /*
 193  * Convert CFString to little-endian unicode.
 194  */
 195 OSStatus ntlmStringToLE(
 196         CFStringRef             pwd,
 197         unsigned char   **ucode,                // mallocd and RETURNED
 198         unsigned                *ucodeLen);             // RETURNED
 199
 200 /*
 201  * Convert a CFStringRef into a mallocd array of chars suitable for the specified
 202  * encoding. This might return an error if the string can't be converted
 203  * appropriately.
 204  */
 205 OSStatus ntlmStringFlatten(
 206         CFStringRef str,
 207         bool unicode,
 208         unsigned char **flat,                           // mallocd and RETURNED
 209         unsigned *flatLen);                                     // RETURNED
 210
 211 /* MD4 and MD5 hash */
 212 #define NTLM_DIGEST_LENGTH   16
 213 void md4Hash(
 214         const unsigned char *data,
 215         unsigned                        dataLen,
 216         unsigned char           *digest);               // caller-supplied, NTLM_DIGEST_LENGTH */
 217 void md5Hash(
 218         const unsigned char *data,
 219         unsigned                        dataLen,
 220         unsigned char           *digest);               // caller-supplied, NTLM_DIGEST_LENGTH */
 221
 222 /*
 223  * Calculate NTLM password hash (MD4 on a unicode password).
 224  */
 225 OSStatus ntlmPasswordHash(
 226         CFStringRef                     pwd,
 227         unsigned char           *digest);               // caller-supplied, NTLM_DIGEST_LENGTH
 228
 229 /*
 230  * NTLM response: DES with three different keys.
 231  */
 232 OSStatus lmv2Response(
 233         const unsigned char *digest,            // NTLM_DIGEST_LENGTH bytes
 234         const unsigned char *challenge,         // actually challenge or session hash
 235         unsigned char           *ntlmResp);             // caller-supplied NTLM_LM_RESPONSE_LEN
 236
 237 /* DES-related consts */
 238 #define DES_BLOCK_SIZE          8
 239 #define DES_RAW_KEY_SIZE        7
 240 #define DES_KEY_SIZE            8
 241
 242 /*
 243  * Given 7 bytes, create 8-byte DES key. Our implementation ignores the
 244  * parity bit (lsb), which simplifies this somewhat.
 245  */
 246 void ntlmMakeDesKey(
 247         const unsigned char *inKey,                     // DES_RAW_KEY_SIZE bytes
 248         unsigned char *outKey);                         // DES_KEY_SIZE bytes
 249
 250 /*
 251  * single block DES encrypt.
 252  * This would really benefit from a DES implementation in CommonCrypto.
 253  */
 254 OSStatus ntlmDesCrypt(
 255         const unsigned char *key,                       // DES_KEY_SIZE bytes
 256         const unsigned char *inData,            // DES_BLOCK_SIZE bytes
 257         unsigned char *outData);                        // DES_BLOCK_SIZE bytes
 258
 259 /*
 260  * HMAC/MD5.
 261  */
 262 OSStatus ntlmHmacMD5(
 263         const unsigned char *key,
 264         unsigned                        keyLen,
 265         const unsigned char *inData,
 266         unsigned                        inDataLen,
 267         unsigned char           *mac);                  // caller provided, NTLM_DIGEST_LENGTH
 268
 269 #if NTLM_DUMP
 270 void ntlmPrintFlags(
 271         const char *whereFrom,
 272         uint32_t flags);
 273 #else
 274 #define ntlmPrintFlags(w, f)
 275 #endif
 276
 277 #ifdef  __cplusplus
 278 }
 279 #endif
 280
 281 #endif  /* _NTLM_BLOB_PRIV_H_ */