mirror of
https://github.com/reactos/wine.git
synced 2024-11-28 06:00:45 +00:00
secur32: Use NTLM2 instead of NTLMv2.
In the current code NTLMv2 is used when talking about second generation NTLM crypto algorithms. Most other publiations call this NTLM2, and use NTLMv2 to describe a different crypto handshake that can be used by either NTLM1 or NTLM2 crypto.
This commit is contained in:
parent
92a44884c7
commit
9dd206d28e
@ -16,7 +16,7 @@
|
||||
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*
|
||||
* This file implements RFC 2104 (HMAC) for the MD5 provider.
|
||||
* It is needed for NTLMv2 signing and sealing.
|
||||
* It is needed for NTLM2 signing and sealing.
|
||||
*/
|
||||
|
||||
#include "hmac_md5.h"
|
||||
|
@ -593,15 +593,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||
MultiByteToWideChar(CP_ACP, 0, password ? password : ntlm_cred->password,
|
||||
password ? pwlen : ntlm_cred->pwlen, unicode_password, passwd_lenW);
|
||||
|
||||
SECUR32_CreateNTLMv1SessionKey((PBYTE)unicode_password,
|
||||
passwd_lenW * sizeof(SEC_WCHAR), helper->session_key);
|
||||
SECUR32_CreateNTLM1SessionKey((PBYTE)unicode_password,
|
||||
passwd_lenW * sizeof(SEC_WCHAR), helper->session_key);
|
||||
|
||||
HeapFree(GetProcessHeap(), 0, unicode_password);
|
||||
}
|
||||
else
|
||||
memset(helper->session_key, 0, 16);
|
||||
|
||||
/* Allocate space for a maximal string of
|
||||
/* Allocate space for a maximal string of
|
||||
* "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
|
||||
* NTLMSSP_FEATURE_SESSION_KEY"
|
||||
*/
|
||||
@ -913,7 +913,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
||||
helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
|
||||
SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
|
||||
helper->crypt.ntlm.seq_num = 0l;
|
||||
SECUR32_CreateNTLMv2SubKeys(helper);
|
||||
SECUR32_CreateNTLM2SubKeys(helper);
|
||||
helper->crypt.ntlm2.send_a4i = SECUR32_arc4Alloc();
|
||||
helper->crypt.ntlm2.recv_a4i = SECUR32_arc4Alloc();
|
||||
SECUR32_arc4Init(helper->crypt.ntlm2.send_a4i,
|
||||
@ -1471,7 +1471,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContex
|
||||
/***********************************************************************
|
||||
* ntlm_CreateSignature
|
||||
* As both MakeSignature and VerifySignature need this, but different keys
|
||||
* are needed for NTLMv2, the logic goes into a helper function.
|
||||
* are needed for NTLM2, the logic goes into a helper function.
|
||||
* To ensure maximal reusability, we can specify the direction as NTLM_SEND for
|
||||
* signing/encrypting and NTLM_RECV for verfying/decrypting. When encrypting,
|
||||
* the signature is encrypted after the message was encrypted, so
|
||||
|
@ -138,7 +138,7 @@ void cleanup_helper(PNegoHelper helper);
|
||||
void check_version(PNegoHelper helper);
|
||||
|
||||
/* Functions from base64_codec.c used elsewhere */
|
||||
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
|
||||
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
|
||||
int max_len, int *out_len);
|
||||
|
||||
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
|
||||
@ -146,8 +146,8 @@ SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
|
||||
|
||||
/* Functions from util.c */
|
||||
ULONG ComputeCrc32(const BYTE *pData, INT iLen, ULONG initial_crc);
|
||||
SECURITY_STATUS SECUR32_CreateNTLMv1SessionKey(PBYTE password, int len, PBYTE session_key);
|
||||
SECURITY_STATUS SECUR32_CreateNTLMv2SubKeys(PNegoHelper helper);
|
||||
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key);
|
||||
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper);
|
||||
arc4_info *SECUR32_arc4Alloc(void);
|
||||
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen);
|
||||
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length);
|
||||
|
@ -121,7 +121,7 @@ ULONG ComputeCrc32(const BYTE *pData, INT iLen, ULONG initial_crc)
|
||||
return ~crc;
|
||||
}
|
||||
|
||||
SECURITY_STATUS SECUR32_CreateNTLMv1SessionKey(PBYTE password, int len, PBYTE session_key)
|
||||
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key)
|
||||
{
|
||||
MD4_CTX ctx;
|
||||
BYTE ntlm_hash[16];
|
||||
@ -143,7 +143,7 @@ SECURITY_STATUS SECUR32_CreateNTLMv1SessionKey(PBYTE password, int len, PBYTE se
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
static void SECUR32_CalcNTLMv2Subkey(const BYTE *session_key, const char *magic, PBYTE subkey)
|
||||
static void SECUR32_CalcNTLM2Subkey(const BYTE *session_key, const char *magic, PBYTE subkey)
|
||||
{
|
||||
MD5_CTX ctx;
|
||||
|
||||
@ -155,7 +155,7 @@ static void SECUR32_CalcNTLMv2Subkey(const BYTE *session_key, const char *magic,
|
||||
}
|
||||
|
||||
/* This assumes we do have a valid NTLM2 user session key */
|
||||
SECURITY_STATUS SECUR32_CreateNTLMv2SubKeys(PNegoHelper helper)
|
||||
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper)
|
||||
{
|
||||
helper->crypt.ntlm2.send_sign_key = HeapAlloc(GetProcessHeap(), 0, 16);
|
||||
helper->crypt.ntlm2.send_seal_key = HeapAlloc(GetProcessHeap(), 0, 16);
|
||||
@ -164,24 +164,24 @@ SECURITY_STATUS SECUR32_CreateNTLMv2SubKeys(PNegoHelper helper)
|
||||
|
||||
if(helper->mode == NTLM_CLIENT)
|
||||
{
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, client_to_server_sign_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
|
||||
helper->crypt.ntlm2.send_sign_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, client_to_server_seal_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
|
||||
helper->crypt.ntlm2.send_seal_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, server_to_client_sign_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
|
||||
helper->crypt.ntlm2.recv_sign_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, server_to_client_seal_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
|
||||
helper->crypt.ntlm2.recv_seal_key);
|
||||
}
|
||||
else
|
||||
{
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, server_to_client_sign_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
|
||||
helper->crypt.ntlm2.send_sign_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, server_to_client_seal_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
|
||||
helper->crypt.ntlm2.send_seal_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, client_to_server_sign_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
|
||||
helper->crypt.ntlm2.recv_sign_key);
|
||||
SECUR32_CalcNTLMv2Subkey(helper->session_key, client_to_server_seal_constant,
|
||||
SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
|
||||
helper->crypt.ntlm2.recv_seal_key);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user