1/*
2 *  ntlm proxy support for OpenVPN
3 *
4 *  Copyright (C) 2004 William Preston
5 *
6 *  *NTLMv2 support and domain name parsing by Miroslav Zajic, Nextsoft s.r.o.*
7 *
8 *  This program is free software; you can redistribute it and/or modify
9 *  it under the terms of the GNU General Public License as published by
10 *  the Free Software Foundation; either version 2 of the License, or
11 *  (at your option) any later version.
12 *
13 *  This program is distributed in the hope that it will be useful,
14 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 *  GNU General Public License for more details.
17 *
18 *  You should have received a copy of the GNU General Public License
19 *  along with this program (see the file COPYING included with this
20 *  distribution); if not, write to the Free Software Foundation, Inc.,
21 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22 */
23
24#ifdef HAVE_CONFIG_H
25#include "config.h"
26#elif defined(_MSC_VER)
27#include "config-msvc.h"
28#endif
29
30#include "syshead.h"
31
32#if NTLM
33
34#include "common.h"
35#include "buffer.h"
36#include "misc.h"
37#include "socket.h"
38#include "fdmisc.h"
39#include "proxy.h"
40#include "ntlm.h"
41#include "base64.h"
42#include "crypto.h"
43
44#include "memdbg.h"
45
46
47/* 64bit datatype macros */
48#ifdef _MSC_VER
49	/* MS compilers */
50#	define UINTEGER64 __int64
51#	define UINT64(c) c ## Ui64
52#else
53	/* Non MS compilers */
54#	define UINTEGER64 unsigned long long
55#	define UINT64(c) c ## LL
56#endif
57
58
59
60
61static void
62create_des_keys(const unsigned char *hash, unsigned char *key)
63{
64  key[0] = hash[0];
65  key[1] = ((hash[0]&1)<<7)|(hash[1]>>1);
66  key[2] = ((hash[1]&3)<<6)|(hash[2]>>2);
67  key[3] = ((hash[2]&7)<<5)|(hash[3]>>3);
68  key[4] = ((hash[3]&15)<<4)|(hash[4]>>4);
69  key[5] = ((hash[4]&31)<<3)|(hash[5]>>5);
70  key[6] = ((hash[5]&63)<<2)|(hash[6]>>6);
71  key[7] = ((hash[6]&127)<<1);
72  key_des_fixup(key, 8, 1);
73}
74
75static void
76gen_md4_hash (const char* data, int data_len, char *result)
77{
78  /* result is 16 byte md4 hash */
79  const md_kt_t *md4_kt = md_kt_get("MD4");
80  char md[MD4_DIGEST_LENGTH];
81
82  md_full(md4_kt, data, data_len, md);
83  memcpy (result, md, MD4_DIGEST_LENGTH);
84}
85
86static void
87gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char *result)
88{
89	const md_kt_t *md5_kt = md_kt_get("MD5");
90	hmac_ctx_t hmac_ctx;
91	CLEAR(hmac_ctx);
92
93	hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt);
94	hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
95	hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
96	hmac_ctx_cleanup(&hmac_ctx);
97}
98
99static void
100gen_timestamp (unsigned char *timestamp)
101{
102	/* Copies 8 bytes long timestamp into "timestamp" buffer.
103	 * Timestamp is Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601.
104	 */
105
106	UINTEGER64 timestamp_ull;
107
108	timestamp_ull = openvpn_time(NULL);
109	timestamp_ull = (timestamp_ull + UINT64(11644473600)) * UINT64(10000000);
110
111	/* store little endian value */
112	timestamp[0]= timestamp_ull & UINT64(0xFF);
113	timestamp[1]= (timestamp_ull  >> 8)  & UINT64(0xFF);
114	timestamp[2]= (timestamp_ull  >> 16) & UINT64(0xFF);
115	timestamp[3]= (timestamp_ull  >> 24) & UINT64(0xFF);
116	timestamp[4]= (timestamp_ull  >> 32) & UINT64(0xFF);
117	timestamp[5]= (timestamp_ull  >> 40) & UINT64(0xFF);
118	timestamp[6]= (timestamp_ull  >> 48) & UINT64(0xFF);
119	timestamp[7]= (timestamp_ull  >> 56) & UINT64(0xFF);
120}
121
122static void
123gen_nonce (unsigned char *nonce)
124{
125	/* Generates 8 random bytes to be used as client nonce */
126	int i;
127
128	for(i=0;i<8;i++){
129		nonce[i] = (unsigned char)get_random();
130	}
131}
132
133unsigned char *my_strupr(unsigned char *str)
134{
135	/* converts string to uppercase in place */
136	unsigned char *tmp = str;;
137
138	do *str = toupper(*str); while (*(++str));
139	return tmp;
140}
141
142static int
143unicodize (char *dst, const char *src)
144{
145  /* not really unicode... */
146  int i = 0;
147  do
148    {
149      dst[i++] = *src;
150      dst[i++] = 0;
151    }
152  while (*src++);
153
154  return i;
155}
156
157static void
158add_security_buffer(int sb_offset, void *data, int length, unsigned char *msg_buf, int *msg_bufpos)
159{
160	/* Adds security buffer data to a message and sets security buffer's offset and length */
161	msg_buf[sb_offset] = (unsigned char)length;
162	msg_buf[sb_offset + 2] = msg_buf[sb_offset];
163	msg_buf[sb_offset + 4] = (unsigned char)(*msg_bufpos & 0xff);
164	msg_buf[sb_offset + 5] = (unsigned char)((*msg_bufpos >> 8) & 0xff);
165	memcpy(&msg_buf[*msg_bufpos], data, msg_buf[sb_offset]);
166	*msg_bufpos += length;
167}
168
169const char *
170ntlm_phase_1 (const struct http_proxy_info *p, struct gc_arena *gc)
171{
172  struct buffer out = alloc_buf_gc (96, gc);
173  /* try a minimal NTLM handshake
174   *
175   * http://davenport.sourceforge.net/ntlm.html
176   *
177   * This message contains only the NTLMSSP signature,
178   * the NTLM message type,
179   * and the minimal set of flags (Negotiate NTLM and Negotiate OEM).
180   *
181   */
182  buf_printf (&out, "%s", "TlRMTVNTUAABAAAAAgIAAA==");
183  return (BSTR (&out));
184}
185
186const char *
187ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_arena *gc)
188{
189	/* NTLM handshake
190	 *
191	 * http://davenport.sourceforge.net/ntlm.html
192	 *
193	 */
194
195  char pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */
196  char buf2[128]; /* decoded reply from proxy */
197  unsigned char phase3[464];
198
199  char md4_hash[MD4_DIGEST_LENGTH+5];
200  char challenge[8], ntlm_response[24];
201  int i, ret_val;
202
203	char ntlmv2_response[144];
204	char userdomain_u[256]; /* for uppercase unicode username and domain */
205	char userdomain[128];   /* the same as previous but ascii */
206	char ntlmv2_hash[MD5_DIGEST_LENGTH];
207	char ntlmv2_hmacmd5[16];
208	char *ntlmv2_blob = ntlmv2_response + 16; /* inside ntlmv2_response, length: 128 */
209	int ntlmv2_blob_size=0;
210	int phase3_bufpos = 0x40; /* offset to next security buffer data to be added */
211	size_t len;
212
213	char domain[128];
214	char username[128];
215	char *separator;
216
217	bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2);
218
219  CLEAR (buf2);
220
221  ASSERT (strlen (p->up.username) > 0);
222  ASSERT (strlen (p->up.password) > 0);
223
224	/* username parsing */
225	separator = strchr(p->up.username, '\\');
226	if (separator == NULL) {
227		strncpy(username, p->up.username, sizeof(username)-1);
228		username[sizeof(username)-1]=0;
229		domain[0]=0;
230	} else {
231		strncpy(username, separator+1, sizeof(username)-1);
232		username[sizeof(username)-1]=0;
233		len = separator - p->up.username;
234		if (len > sizeof(domain) - 1) len = sizeof(domain) - 1;
235		strncpy(domain, p->up.username,  len);
236		domain[len]=0;
237	}
238
239
240  /* fill 1st 16 bytes with md4 hash, disregard terminating null */
241  gen_md4_hash (pwbuf, unicodize (pwbuf, p->up.password) - 2, md4_hash);
242
243  /* pad to 21 bytes */
244  memset(md4_hash + MD4_DIGEST_LENGTH, 0, 5);
245
246  ret_val = openvpn_base64_decode( phase_2, (void *)buf2, -1);
247  if (ret_val < 0)
248    return NULL;
249
250  /* we can be sure that phase_2 is less than 128
251   * therefore buf2 needs to be (3/4 * 128) */
252
253  /* extract the challenge from bytes 24-31 */
254  for (i=0; i<8; i++)
255  {
256    challenge[i] = buf2[i+24];
257  }
258
259	if (ntlmv2_enabled){ /* Generate NTLMv2 response */
260	        int tib_len;
261
262		/* NTLMv2 hash */
263	        my_strupr((unsigned char *)strcpy(userdomain, username));
264		if (strlen(username) + strlen(domain) < sizeof(userdomain))
265			strcat(userdomain, domain);
266		else
267			msg (M_INFO, "Warning: Username or domain too long");
268		unicodize (userdomain_u, userdomain);
269		gen_hmac_md5(userdomain_u, 2 * strlen(userdomain), md4_hash, MD5_DIGEST_LENGTH, ntlmv2_hash);
270
271		/* NTLMv2 Blob */
272		memset(ntlmv2_blob, 0, 128);                /* Clear blob buffer */
273		ntlmv2_blob[0x00]=1;                        /* Signature */
274		ntlmv2_blob[0x01]=1;                        /* Signature */
275		ntlmv2_blob[0x04]=0;                        /* Reserved */
276		gen_timestamp((unsigned char *)&ntlmv2_blob[0x08]);          /* 64-bit Timestamp */
277		gen_nonce((unsigned char *)&ntlmv2_blob[0x10]);              /* 64-bit Client Nonce */
278		ntlmv2_blob[0x18]=0;                        /* Unknown, zero should work */
279
280		/* Add target information block to the blob */
281		if (( *((long *)&buf2[0x14]) & 0x00800000) == 0x00800000){ /* Check for Target Information block */
282			tib_len = buf2[0x28];/* Get Target Information block size */
283			if (tib_len > 96) tib_len = 96;
284			{
285			  char *tib_ptr = buf2 + buf2[0x2c]; /* Get Target Information block pointer */
286			  memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len); /* Copy Target Information block into the blob */
287			}
288		} else {
289			tib_len = 0;
290		}
291
292		ntlmv2_blob[0x1c + tib_len] = 0;            /* Unknown, zero works */
293
294		/* Get blob length */
295		ntlmv2_blob_size = 0x20 + tib_len;
296
297		/* Add challenge from message 2 */
298		memcpy(&ntlmv2_response[8], challenge, 8);
299
300		/* hmac-md5 */
301		gen_hmac_md5(&ntlmv2_response[8], ntlmv2_blob_size + 8, ntlmv2_hash, MD5_DIGEST_LENGTH, ntlmv2_hmacmd5);
302
303		/* Add hmac-md5 result to the blob */
304		memcpy(ntlmv2_response, ntlmv2_hmacmd5, MD5_DIGEST_LENGTH); /* Note: This overwrites challenge previously written at ntlmv2_response[8..15] */
305
306	} else { /* Generate NTLM response */
307		unsigned char key1[DES_KEY_LENGTH], key2[DES_KEY_LENGTH], key3[DES_KEY_LENGTH];
308
309		create_des_keys ((unsigned char *)md4_hash, key1);
310		cipher_des_encrypt_ecb (key1, challenge, ntlm_response);
311
312		create_des_keys ((unsigned char *)&(md4_hash[DES_KEY_LENGTH-1]), key2);
313		cipher_des_encrypt_ecb (key2, challenge, &ntlm_response[DES_KEY_LENGTH]);
314
315		create_des_keys ((unsigned char *)&(md4_hash[2*(DES_KEY_LENGTH-1)]), key3);
316		cipher_des_encrypt_ecb (key3, challenge, &ntlm_response[DES_KEY_LENGTH*2]);
317	}
318
319
320	memset (phase3, 0, sizeof (phase3)); /* clear reply */
321
322	strcpy ((char *)phase3, "NTLMSSP\0"); /* signature */
323	phase3[8] = 3; /* type 3 */
324
325	if (ntlmv2_enabled){ /* NTLMv2 response */
326		add_security_buffer(0x14, ntlmv2_response, ntlmv2_blob_size + 16, phase3, &phase3_bufpos);
327	}else{ /* NTLM response */
328		add_security_buffer(0x14, ntlm_response, 24, phase3, &phase3_bufpos);
329	}
330
331	/* username in ascii */
332	add_security_buffer(0x24, username, strlen (username), phase3, &phase3_bufpos);
333
334	/* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */
335	add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos);
336
337
338	/* other security buffers will be empty */
339	phase3[0x10] = phase3_bufpos; /* lm not used */
340	phase3[0x30] = phase3_bufpos; /* no workstation name supplied */
341	phase3[0x38] = phase3_bufpos; /* no session key */
342
343	/* flags */
344  phase3[0x3c] = 0x02; /* negotiate oem */
345  phase3[0x3d] = 0x02; /* negotiate ntlm */
346
347  return ((const char *)make_base64_string2 ((unsigned char *)phase3, phase3_bufpos, gc));
348}
349
350#else
351static void dummy(void) {}
352#endif
353