/* NTLM code.
- Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+ Foundation, Inc.
Contributed by Daniel Stenberg.
This file is part of GNU Wget.
shall include the source code for the parts of OpenSSL used as well
as that of the covered work. */
-#include <config.h>
+#include "wget.h"
/* NTLM details:
-
+
http://davenport.sourceforge.net/ntlm.html
http://www.innovation.ch/java/ntlm.html
#include <string.h>
#include <stdlib.h>
-#include <openssl/des.h>
-#include <openssl/md4.h>
-
-#include "wget.h"
#include "utils.h"
#include "http-ntlm.h"
-#if OPENSSL_VERSION_NUMBER < 0x00907001L
-#define DES_key_schedule des_key_schedule
-#define DES_cblock des_cblock
-#define DES_set_odd_parity des_set_odd_parity
-#define DES_set_key des_set_key
-#define DES_ecb_encrypt des_ecb_encrypt
+#ifdef HAVE_NETTLE
+# include <nettle/md4.h>
+# include <nettle/des.h>
+#else
+# include <openssl/des.h>
+# include <openssl/md4.h>
+# include <openssl/opensslv.h>
+
+# if OPENSSL_VERSION_NUMBER < 0x00907001L
+# define DES_key_schedule des_key_schedule
+# define DES_cblock des_cblock
+# define DES_set_odd_parity des_set_odd_parity
+# define DES_set_key des_set_key
+# define DES_ecb_encrypt des_ecb_encrypt
/* This is how things were done in the old days */
-#define DESKEY(x) x
-#define DESKEYARG(x) x
-#else
+# define DESKEY(x) x
+# define DESKEYARG(x) x
+# else
/* Modern version */
-#define DESKEYARG(x) *x
-#define DESKEY(x) &x
+# define DESKEYARG(x) *x
+# define DESKEY(x) &x
+# endif
+
#endif
/* Define this to make the type-3 message include the NT response message */
return false;
header += 4;
- while (*header && ISSPACE(*header))
+ while (*header && c_isspace(*header))
header++;
if (*header)
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
* key schedule ks is also set.
*/
+#ifdef HAVE_NETTLE
+static void
+setup_des_key(unsigned char *key_56,
+ struct des_ctx *des)
+{
+ unsigned char key[8];
+
+ key[0] = key_56[0];
+ key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
+ key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
+ key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
+ key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
+ key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
+ key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
+ key[7] = (key_56[6] << 1) & 0xFF;
+
+ nettle_des_set_key(des, key);
+}
+#else
static void
setup_des_key(unsigned char *key_56,
DES_key_schedule DESKEYARG(ks))
DES_set_odd_parity(&key);
DES_set_key(&key, ks);
}
+#endif
/*
* takes a 21 byte array and treats it as 3 56-bit DES keys. The
static void
calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
{
+#ifdef HAVE_NETTLE
+ struct des_ctx des;
+
+ setup_des_key(keys, &des);
+ nettle_des_encrypt(&des, 8, results, plaintext);
+
+ setup_des_key(keys + 7, &des);
+ nettle_des_encrypt(&des, 8, results + 8, plaintext);
+
+ setup_des_key(keys + 14, &des);
+ nettle_des_encrypt(&des, 8, results + 16, plaintext);
+#else
DES_key_schedule ks;
setup_des_key(keys, DESKEY(ks));
setup_des_key(keys+14, DESKEY(ks));
DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
DESKEY(ks), DES_ENCRYPT);
+#endif
}
/*
if (len > 14)
len = 14;
-
+
for (i=0; i<len; i++)
- pw[i] = TOUPPER (password[i]);
+ pw[i] = c_toupper (password[i]);
for (; i<14; i++)
pw[i] = 0;
{
/* create LanManager hashed password */
+#ifdef HAVE_NETTLE
+ struct des_ctx des;
+
+ setup_des_key(pw, &des);
+ nettle_des_encrypt(&des, 8, lmbuffer, magic);
+
+ setup_des_key(pw + 7, &des);
+ nettle_des_encrypt(&des, 8, lmbuffer + 8, magic);
+#else
DES_key_schedule ks;
setup_des_key(pw, DESKEY(ks));
DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
DESKEY(ks), DES_ENCRYPT);
-
+
setup_des_key(pw+7, DESKEY(ks));
DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
DESKEY(ks), DES_ENCRYPT);
+#endif
memset(lmbuffer+16, 0, 5);
}
#ifdef USE_NTRESPONSES
{
- /* create NT hashed password */
+#ifdef HAVE_NETTLE
+ struct md4_ctx MD4;
+#else
MD4_CTX MD4;
+#endif
len = strlen(password);
pw[2*i+1] = 0;
}
+#ifdef HAVE_NETTLE
+ nettle_md4_init(&MD4);
+ nettle_md4_update(&MD4, 2*len, pw);
+ nettle_md4_digest(&MD4, MD4_DIGEST_SIZE, ntbuffer);
+#else
+ /* create NT hashed password */
MD4_Init(&MD4);
MD4_Update(&MD4, pw, 2*len);
MD4_Final(ntbuffer, &MD4);
+#endif
memset(ntbuffer+16, 0, 5);
}
if(!passwd)
passwd="";
-
+
switch(ntlm->state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
domoff = hostoff + hostlen;
DEBUGP (("Creating a type-1 NTLM message.\n"));
-
+
/* Create and send a type-1 message:
Index Description Content
output = concat_strings ("NTLM ", base64, (char *) 0);
break;
-
+
case NTLMSTATE_TYPE2:
/* We received the type-2 already, create a type-3 message:
52 (64) start of data block
*/
-
+
{
int lmrespoff;
int ntrespoff;
"%c%c" /* domain allocated space */
"%c%c" /* domain name offset */
"%c%c" /* 2 zeroes */
-
+
"%c%c" /* user length */
"%c%c" /* user allocated space */
"%c%c" /* user offset */
"%c%c" /* 2 zeroes */
-
+
"%c%c" /* host length */
"%c%c" /* host allocated space */
"%c%c" /* host offset */
"%c%c%c%c%c%c" /* 6 zeroes */
-
+
"\xff\xff" /* message length */
"%c%c" /* 2 zeroes */
-
+
"\x01\x82" /* flags */
"%c%c" /* 2 zeroes */
/* Make sure that the user and domain strings fit in the target buffer
before we copy them there. */
- if(size + userlen + domlen >= sizeof(ntlmbuf))
+ if(((size_t) size + userlen + domlen) >= sizeof(ntlmbuf))
return NULL;
-
+
memcpy(&ntlmbuf[size], domain, domlen);
size += domlen;
}
#ifdef USE_NTRESPONSES
- if(size < ((int)sizeof(ntlmbuf) - 0x18)) {
+ if(size < ((int)sizeof(ntlmbuf) - 0x18)) {
memcpy(&ntlmbuf[size], ntresp, 0x18);
size += 0x18;
}