1 /* Copyright (C) Andrew Tridgell 1998-2000
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 /**
21 * @file smb_crypt.c
22 * @brief Unix SMB/Netbios implementation. Version 1.9.
23 *
24 * a partial implementation of DES designed for use in the
25 * SMB authentication protocol
26 */
27
28 /* NOTES:
29
30 This code makes no attempt to be fast! In fact, it is a very
31 slow implementation
32
33 This code is NOT a complete DES implementation. It implements only
34 the minimum necessary for SMB authentication, as used by all SMB
35 products (including every copy of Microsoft Windows95 ever sold)
36
37 In particular, it can only do a unchained forward DES pass. This
38 means it is not possible to use this code for encryption/decryption
39 of data, instead it is only useful as a "hash" algorithm.
40
41 There is no entry point into this code that allows normal DES operation.
42
43 I believe this means that this code does not come under ITAR
44 regulations but this is NOT a legal opinion. If you are concerned
45 about the applicability of ITAR regulations to this code then you
46 should confirm it for yourself (and maybe let me know if you come
47 up with a different answer to the one above)
48
49 MODIFICATION: support for NTLMSSP feature in OpenVAS
50 Modified By Preeti Subramanian <spreeti@secpod.com>
51 * BOOL is replaced by bool
52 * SMBNTLMv2encrypt_hash function body is modified - does not compute
53 ntv2_owf_gen, rather ntv2_owf_gen value is passed to this function
54 and this function returns void,
55 * SMBNTLMv2encrypt_hash, LMv2_generate_response, NTLMv2_generate_response,
56 NTLMv2_generate_client_data functions' signatures are modified.
57 */
58
59 #include "smb_crypt.h"
60
61 #include "proto.h"
62
63 #include <glib.h> /* for g_malloc0() */
64 #define int16 1
65
66 #ifndef FSTRING_LEN
67 #define FSTRING_LEN 256
68 typedef char fstring[FSTRING_LEN];
69 #endif
70
71 static const uchar perm1[56] = {
72 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43,
73 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54,
74 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4};
75
76 static const uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
77 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
78 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
79 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32};
80
81 static const uchar perm3[64] = {
82 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
83 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
84 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
85 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7};
86
87 static const uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
88 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
89 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
90 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1};
91
92 static const uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23,
93 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27,
94 3, 9, 19, 13, 30, 6, 22, 11, 4, 25};
95
96 static const uchar perm6[64] = {
97 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
98 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
99 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
100 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25};
101
102 static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
103
104 static const uchar sbox[8][4][16] = {
105 {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
106 {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
107 {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
108 {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
109
110 {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
111 {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
112 {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
113 {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
114
115 {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
116 {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
117 {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
118 {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
119
120 {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
121 {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
122 {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
123 {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
124
125 {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
126 {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
127 {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
128 {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
129
130 {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
131 {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
132 {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
133 {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
134
135 {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
136 {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
137 {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
138 {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
139
140 {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
141 {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
142 {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
143 {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
144
145 static void
permute(char * out,char * in,const uchar * p,int n)146 permute (char *out, char *in, const uchar *p, int n)
147 {
148 int i;
149 for (i = 0; i < n; i++)
150 out[i] = in[p[i] - 1];
151 }
152
153 static void
lshift(char * d,int count,int n)154 lshift (char *d, int count, int n)
155 {
156 char out[64];
157 int i;
158 for (i = 0; i < n; i++)
159 out[i] = d[(i + count) % n];
160 for (i = 0; i < n; i++)
161 d[i] = out[i];
162 }
163
164 static void
concat(char * out,char * in1,char * in2,int l1,int l2)165 concat (char *out, char *in1, char *in2, int l1, int l2)
166 {
167 while (l1--)
168 *out++ = *in1++;
169 while (l2--)
170 *out++ = *in2++;
171 }
172
xor(char * out,char * in1,char * in2,int n)173 static void xor(char *out, char *in1, char *in2, int n)
174 {
175 int i;
176 for (i=0;i<n;i++)
177 out[i] = in1[i] ^ in2[i];
178 }
179
dohash(char * out,char * in,char * key,int forw)180 static void dohash(char *out, char *in, char *key, int forw)
181 {
182 int i, j, k;
183 char pk1[56];
184 char c[28];
185 char d[28];
186 char cd[56];
187 char ki[16][48];
188 char pd1[64];
189 char l[32], r[32];
190 char rl[64];
191
192 permute (pk1, key, perm1, 56);
193
194 for (i = 0; i < 28; i++)
195 c[i] = pk1[i];
196 for (i = 0; i < 28; i++)
197 d[i] = pk1[i + 28];
198
199 for (i = 0; i < 16; i++)
200 {
201 lshift (c, sc[i], 28);
202 lshift (d, sc[i], 28);
203
204 concat (cd, c, d, 28, 28);
205 permute (ki[i], cd, perm2, 48);
206 }
207
208 permute (pd1, in, perm3, 64);
209
210 for (j = 0; j < 32; j++)
211 {
212 l[j] = pd1[j];
213 r[j] = pd1[j + 32];
214 }
215
216 for (i = 0; i < 16; i++)
217 {
218 char er[48];
219 char erk[48];
220 char b[8][6];
221 char cb[32];
222 char pcb[32];
223 char r2[32];
224
225 permute (er, r, perm4, 48);
226
227 xor(erk, er, ki[forw ? i : 15 - i], 48);
228
229 for (j = 0; j < 8; j++)
230 for (k = 0; k < 6; k++)
231 b[j][k] = erk[j * 6 + k];
232
233 for (j = 0; j < 8; j++)
234 {
235 int m, n;
236 m = (b[j][0] << 1) | b[j][5];
237
238 n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4];
239
240 for (k = 0; k < 4; k++)
241 b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0;
242 }
243
244 for (j = 0; j < 8; j++)
245 for (k = 0; k < 4; k++)
246 cb[j * 4 + k] = b[j][k];
247 permute (pcb, cb, perm5, 32);
248
249 xor(r2, l, pcb, 32);
250
251 for (j = 0; j < 32; j++)
252 l[j] = r[j];
253
254 for (j = 0; j < 32; j++)
255 r[j] = r2[j];
256 }
257
258 concat (rl, r, l, 32, 32);
259
260 permute (out, rl, perm6, 64);
261 }
262
263 static void
str_to_key(const uchar * str,uchar * key)264 str_to_key (const uchar *str, uchar *key)
265 {
266 int i;
267
268 key[0] = str[0] >> 1;
269 key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
270 key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
271 key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
272 key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
273 key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
274 key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
275 key[7] = str[6] & 0x7F;
276 for (i = 0; i < 8; i++)
277 {
278 key[i] = (key[i] << 1);
279 }
280 }
281
282 void
smbhash(uchar * out,const uchar * in,const uchar * key,int forw)283 smbhash (uchar *out, const uchar *in, const uchar *key, int forw)
284 {
285 int i;
286 char outb[64];
287 char inb[64];
288 char keyb[64];
289 uchar key2[8];
290
291 str_to_key (key, key2);
292
293 for (i = 0; i < 64; i++)
294 {
295 inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
296 keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
297 outb[i] = 0;
298 }
299
300 dohash (outb, inb, keyb, forw);
301
302 for (i = 0; i < 8; i++)
303 {
304 out[i] = 0;
305 }
306
307 for (i = 0; i < 64; i++)
308 {
309 if (outb[i])
310 out[i / 8] |= (1 << (7 - (i % 8)));
311 }
312 }
313
314 void
E_P16(uchar * p14,uchar * p16)315 E_P16 (uchar *p14, uchar *p16)
316 {
317 uchar sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
318 smbhash (p16, sp8, p14, 1);
319 smbhash (p16 + 8, sp8, p14 + 7, 1);
320 }
321
322 void
E_P24(const uchar * p21,const uchar * c8,uchar * p24)323 E_P24 (const uchar *p21, const uchar *c8, uchar *p24)
324 {
325 smbhash (p24, c8, p21, 1);
326 smbhash (p24 + 8, c8, p21 + 7, 1);
327 smbhash (p24 + 16, c8, p21 + 14, 1);
328 }
329
330 void
SamOEMhash(uchar * data,const uchar * key,int val)331 SamOEMhash (uchar *data, const uchar *key, int val)
332 {
333 uchar hash[256];
334 uchar index_i = 0;
335 uchar index_j = 0;
336 uchar j = 0;
337 int ind;
338 int len = 0;
339 if (val == 1)
340 len = 516;
341 if (val == 0)
342 len = 16;
343 if (val == 3)
344 len = 8;
345 if (val == 2)
346 len = 68;
347 if (val == 4)
348 len = 32;
349
350 if (val >= 8)
351 len = val;
352
353 for (ind = 0; ind < 256; ind++)
354 {
355 hash[ind] = (uchar) ind;
356 }
357
358 for (ind = 0; ind < 256; ind++)
359 {
360 uchar tc;
361
362 j += (hash[ind] + key[ind % 16]);
363
364 tc = hash[ind];
365 hash[ind] = hash[j];
366 hash[j] = tc;
367 }
368 for (ind = 0; ind < len; ind++)
369 {
370 uchar tc;
371 uchar t;
372
373 index_i++;
374 index_j += hash[index_i];
375
376 tc = hash[index_i];
377 hash[index_i] = hash[index_j];
378 hash[index_j] = tc;
379
380 t = hash[index_i] + hash[index_j];
381 data[ind] = data[ind] ^ hash[t];
382 }
383 }
384
385 void
SMBsesskeygen_ntv1_ntlmssp(const uchar kr[16],const uchar * nt_resp,uint8 sess_key[16])386 SMBsesskeygen_ntv1_ntlmssp (const uchar kr[16], const uchar *nt_resp,
387 uint8 sess_key[16])
388 {
389 /* yes, this session key does not change - yes, this
390 is a problem - but it is 128 bits */
391 (void) nt_resp;
392 mdfour_ntlmssp ((unsigned char *) sess_key, kr, 16);
393 }
394
395 /* Does the des encryption from the NT or LM MD4 hash. */
396 void
SMBOWFencrypt_ntlmssp(const uchar passwd[16],const uchar * c8,uchar p24[24])397 SMBOWFencrypt_ntlmssp (const uchar passwd[16], const uchar *c8, uchar p24[24])
398 {
399 uchar p21[21];
400
401 ZERO_STRUCT (p21);
402 memcpy (p21, passwd, 16);
403 E_P24 (p21, c8, p24);
404 }
405
406 void
SMBencrypt_hash_ntlmssp(const uchar lm_hash[16],const uchar * c8,uchar p24[24])407 SMBencrypt_hash_ntlmssp (const uchar lm_hash[16], const uchar *c8,
408 uchar p24[24])
409 {
410 uchar p21[21];
411
412 memset (p21, '\0', 21);
413 memcpy (p21, lm_hash, 16);
414 SMBOWFencrypt_ntlmssp (p21, c8, p24);
415 }
416
417 /* Does the des encryption. */
418 void
SMBNTencrypt_hash_ntlmssp(const uchar nt_hash[16],uchar * c8,uchar * p24)419 SMBNTencrypt_hash_ntlmssp (const uchar nt_hash[16], uchar *c8, uchar *p24)
420 {
421 uchar p21[21];
422
423 memset (p21, '\0', 21);
424 memcpy (p21, nt_hash, 16);
425 SMBOWFencrypt_ntlmssp (p21, c8, p24);
426 }
427
428 void
SMBsesskeygen_lm_sess_key_ntlmssp(const uchar lm_hash[16],const uchar lm_resp[24],uint8 sess_key[16])429 SMBsesskeygen_lm_sess_key_ntlmssp (const uchar lm_hash[16],
430 const uchar lm_resp[24], uint8 sess_key[16])
431 {
432 uchar p24[24];
433 uchar partial_lm_hash[16];
434
435 memcpy (partial_lm_hash, lm_hash, 8);
436 memset (partial_lm_hash + 8, 0xbd, 8);
437 SMBOWFencrypt_ntlmssp (partial_lm_hash, lm_resp, p24);
438 memcpy (sess_key, p24, 16);
439 }
440
441 /**
442 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
443 * @param passwd password in 'unix' charset.
444 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
445 * @return False if password was > 14 characters, and therefore may be
446 *incorrect, otherwise True
447 * @note p16 is filled in regardless
448 **/
449 bool
E_deshash_ntlmssp(const char * passwd,uint8_t pass_len,uchar p16[16])450 E_deshash_ntlmssp (const char *passwd, uint8_t pass_len, uchar p16[16])
451 {
452 bool ret = True;
453 fstring dospwd;
454 ZERO_STRUCT (dospwd);
455 char *dpass;
456
457 /* Password must be converted to DOS charset - null terminated, uppercase. */
458 dpass = g_utf8_strup (passwd, pass_len);
459 memcpy (dospwd, dpass, pass_len);
460 g_free (dpass);
461
462 /* Only the first 14 chars are considered, password need not be null
463 * terminated. */
464 E_P16 ((unsigned char *) dospwd, p16);
465
466 if (strlen (dospwd) > 14)
467 {
468 ret = False;
469 }
470
471 ZERO_STRUCT (dospwd);
472
473 return ret;
474 }
475 void
SMBsesskeygen_ntv2_ntlmssp(const uchar kr[16],const uchar * nt_resp,uint8 sess_key[16])476 SMBsesskeygen_ntv2_ntlmssp (const uchar kr[16], const uchar *nt_resp,
477 uint8 sess_key[16])
478 {
479 /* a very nice, 128 bit, variable session key */
480
481 HMACMD5Context ctx;
482
483 hmac_md5_init_limK_to_64 (kr, 16, &ctx);
484 hmac_md5_update (nt_resp, 16, &ctx);
485 hmac_md5_final ((unsigned char *) sess_key, &ctx);
486 }
487
488 uint8_t *
NTLMv2_generate_client_data_ntlmssp(const char * addr_list,int address_list_len)489 NTLMv2_generate_client_data_ntlmssp (const char *addr_list,
490 int address_list_len)
491 {
492 int i = 0;
493 /*length of response
494 *header-4, reserved-4, date-8, client chal-8, unknown-4, addr_list-size sent
495 *in arguments
496 */
497 uchar client_chal[8];
498 uint8_t *response = g_malloc0 (28 + address_list_len);
499 char long_date[8];
500 int header = 0x00000101;
501 int zeros = 0x00000000;
502
503 generate_random_buffer_ntlmssp (client_chal, sizeof (client_chal));
504
505 put_long_date_ntlmssp (long_date, time (NULL));
506 SIVAL (response, 0, header);
507 SIVAL (response, 4, zeros);
508 memcpy (response + 4 + 4, long_date, 8);
509 memcpy (response + 4 + 4 + sizeof (long_date), client_chal, 8);
510 SIVAL (response, 24, zeros);
511 for (i = 0; i < address_list_len; i++)
512 {
513 *(response + 28 + i) = *(addr_list + i);
514 }
515
516 return response;
517 }
518
519 void
NTLMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16],const char * server_chal,const char * address_list,int address_list_len,uint8_t * nt_response)520 NTLMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16],
521 const char *server_chal,
522 const char *address_list,
523 int address_list_len, uint8_t *nt_response)
524 {
525 uchar ntlmv2_response[16];
526 uint8_t *ntlmv2_client_data;
527
528 /* NTLMv2 */
529 /* generate some data to pass into the response function - including
530 the hostname and domain name of the server */
531 ntlmv2_client_data =
532 NTLMv2_generate_client_data_ntlmssp (address_list, address_list_len);
533
534 /* Given that data, and the challenge from the server, generate a response */
535 int client_data_len = 28 + address_list_len;
536 SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
537 ntlmv2_client_data, client_data_len,
538 ntlmv2_response);
539 memcpy (nt_response, ntlmv2_response, sizeof (ntlmv2_response));
540 memcpy (nt_response + sizeof (ntlmv2_response), ntlmv2_client_data,
541 client_data_len);
542
543 g_free (ntlmv2_client_data);
544 }
545
546 void
LMv2_generate_response_ntlmssp(const uchar ntlm_v2_hash[16],const char * server_chal,uint8_t * lm_response)547 LMv2_generate_response_ntlmssp (const uchar ntlm_v2_hash[16],
548 const char *server_chal, uint8_t *lm_response)
549 {
550 uchar lmv2_response[16];
551 uint8_t lmv2_client_data[8];
552
553 /* LMv2 */
554 /* client-supplied random data */
555 generate_random_buffer_ntlmssp (lmv2_client_data, sizeof (lmv2_client_data));
556
557 /* Given that data, and the challenge from the server, generate a response */
558 SMBOWFencrypt_ntv2_ntlmssp (ntlm_v2_hash, (const uchar *) server_chal, 8,
559 lmv2_client_data, sizeof (lmv2_client_data),
560 lmv2_response);
561 memcpy (lm_response, lmv2_response, sizeof (lmv2_response));
562
563 /* after the first 16 bytes is the random data we generated above,
564 so the server can verify us with it */
565 memcpy (lm_response + sizeof (lmv2_response), lmv2_client_data,
566 sizeof (lmv2_client_data));
567 }
568
569 void
SMBNTLMv2encrypt_hash_ntlmssp(const char * user,const char * domain,uchar ntlm_v2_hash[16],const char * server_chal,const char * address_list,int address_list_len,uint8_t * lm_response,uint8_t * nt_response,uint8_t * user_session_key)570 SMBNTLMv2encrypt_hash_ntlmssp (const char *user, const char *domain,
571 uchar ntlm_v2_hash[16], const char *server_chal,
572 const char *address_list, int address_list_len,
573 uint8_t *lm_response, uint8_t *nt_response,
574 uint8_t *user_session_key)
575 {
576 (void) user;
577 (void) domain;
578 NTLMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, address_list,
579 address_list_len, nt_response);
580
581 /* The NTLMv2 calculations also provide a session key, for signing etc later
582 */
583 /* use only the first 16 bytes of nt_response for session key */
584 SMBsesskeygen_ntv2_ntlmssp (ntlm_v2_hash, nt_response, user_session_key);
585
586 LMv2_generate_response_ntlmssp (ntlm_v2_hash, server_chal, lm_response);
587 }
588