tree_cell *
nasl_ntlmv1_hash (lex_ctxt * lexic)
{
const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "passhash");
int pass_len = get_var_size_by_name (lexic, "passhash");
unsigned char p21[21];
tree_cell *retc;
uchar *ret;
if (cryptkey == NULL || password == NULL)
{
nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n");
return NULL;
}
bzero (p21, sizeof (p21));
memcpy (p21, password, pass_len < 16 ? pass_len : 16);
ret = emalloc (24);
E_P24 (p21, cryptkey, ret);
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_DATA;
retc->size = 24;
retc->x.str_val = (char *) ret;
return retc;
}
/* Does the des encryption from the NT or LM MD4 hash. */
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24])
{
uint8_t p21[21];
ZERO_STRUCT(p21);
memcpy(p21, passwd, 16);
E_P24(p21, c8, p24);
}
/* Does the des encryption from the NT or LM MD4 hash. */
void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
{
uchar p21[21];
memset(p21,'\0',21);
memcpy(p21, passwd, 16);
E_P24(p21, c8, p24);
}
void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
{
uchar p21[21];
memset(p21,'\0',21);
E_md4hash(passwd, p21);
E_P24(p21, c8, p24);
}
/* Does the des encryption from the NT or LM MD4 hash. */
static void
SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
unsigned char p24[24])
{
unsigned char p21[21];
memset(p21, '\0', 21);
memcpy(p21, passwd, 16);
E_P24(p21, c8, p24);
}
/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
#if 0 /* currently unused */
static void
NTLMSSPOWFencrypt(unsigned char passwd[8],
unsigned char *ntlmchalresp, unsigned char p24[24])
{
unsigned char p21[21];
memset(p21, '\0', 21);
memcpy(p21, passwd, 8);
memset(p21 + 8, 0xbd, 8);
E_P24(p21, ntlmchalresp, p24);
}
/*
This implements the X/Open SMB password encryption
It takes a password, a 8 byte "crypt key" and puts 24 bytes of
encrypted password into p24 */
void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
{
uchar p14[15], p21[21];
memset(p21,'\0',21);
memset(p14,'\0',14);
strlcpy((char *)p14,(char *)passwd,14);
strupper((char *)p14);
E_P16(p14, p21);
E_P24(p21, c8, p24);
}
/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24])
{
uchar p21[21];
memset(p21,'\0',21);
memcpy(p21, passwd, 8);
memset(p21 + 8, 0xbd, 8);
E_P24(p21, ntlmchalresp, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
dump_data(100, (char *)p21, 21);
dump_data(100, (const char *)ntlmchalresp, 8);
dump_data(100, (char *)p24, 24);
#endif
}
/****************************************************************************
core of smb password checking routine.
****************************************************************************/
BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8)
{
/* Finish the encryption of part_passwd. */
unsigned char p21[21];
unsigned char p24[24];
if (part_passwd == NULL)
DEBUG(10,("No password set - allowing access\n"));
/* No password set - always true ! */
if (part_passwd == NULL)
return 1;
memset(p21,'\0',21);
memcpy(p21,part_passwd,16);
E_P24(p21, c8, p24);
#if DEBUG_PASSWORD
{
int i;
DEBUG(100,("Part password (P16) was |"));
for(i = 0; i < 16; i++)
DEBUG(100,("%X ", (unsigned char)part_passwd[i]));
DEBUG(100,("|\n"));
DEBUG(100,("Password from client was |"));
for(i = 0; i < 24; i++)
DEBUG(100,("%X ", (unsigned char)password[i]));
DEBUG(100,("|\n"));
DEBUG(100,("Given challenge was |"));
for(i = 0; i < 8; i++)
DEBUG(100,("%X ", (unsigned char)c8[i]));
DEBUG(100,("|\n"));
DEBUG(100,("Value from encryption was |"));
for(i = 0; i < 24; i++)
DEBUG(100,("%X ", (unsigned char)p24[i]));
DEBUG(100,("|\n"));
}
#endif
return (memcmp(p24, password, 24) == 0);
}
