aboutsummaryrefslogtreecommitdiff
path: root/crypto/heimdal/kuser/kdigest.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kuser/kdigest.c')
-rw-r--r--crypto/heimdal/kuser/kdigest.c213
1 files changed, 117 insertions, 96 deletions
diff --git a/crypto/heimdal/kuser/kdigest.c b/crypto/heimdal/kuser/kdigest.c
index 418aedb71441..f15b661a0dce 100644
--- a/crypto/heimdal/kuser/kdigest.c
+++ b/crypto/heimdal/kuser/kdigest.c
@@ -1,38 +1,40 @@
/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
+#define HC_DEPRECATED_CRYPTO
+
#include "kuser_locl.h"
-RCSID("$Id: kdigest.c 22158 2007-12-04 20:04:01Z lha $");
+
#include <kdigest-commands.h>
#include <hex.h>
#include <base64.h>
@@ -98,7 +100,7 @@ digest_server_init(struct digest_server_init_options *opt,
krb5_err(context, 1, ret, "krb5_digest_set_type");
if (opt->cb_type_string && opt->cb_value_string) {
- ret = krb5_digest_set_server_cb(context, digest,
+ ret = krb5_digest_set_server_cb(context, digest,
opt->cb_type_string,
opt->cb_value_string);
if (ret)
@@ -112,7 +114,7 @@ digest_server_init(struct digest_server_init_options *opt,
krb5_err(context, 1, ret, "krb5_digest_init_request");
printf("type=%s\n", opt->type_string);
- printf("server-nonce=%s\n",
+ printf("server-nonce=%s\n",
krb5_digest_get_server_nonce(context, digest));
{
const char *s = krb5_digest_get_identifier(context, digest);
@@ -121,11 +123,13 @@ digest_server_init(struct digest_server_init_options *opt,
}
printf("opaque=%s\n", krb5_digest_get_opaque(context, digest));
+ krb5_digest_free(digest);
+
return 0;
}
int
-digest_server_request(struct digest_server_request_options *opt,
+digest_server_request(struct digest_server_request_options *opt,
int argc, char **argv)
{
krb5_error_code ret;
@@ -150,7 +154,7 @@ digest_server_request(struct digest_server_request_options *opt,
if (opt->server_identifier_string == NULL)
errx(1, "server identifier missing");
- ret = krb5_digest_set_identifier(context, digest,
+ ret = krb5_digest_set_identifier(context, digest,
opt->server_identifier_string);
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_type");
@@ -164,13 +168,13 @@ digest_server_request(struct digest_server_request_options *opt,
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_username");
- ret = krb5_digest_set_server_nonce(context, digest,
+ ret = krb5_digest_set_server_nonce(context, digest,
opt->server_nonce_string);
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_server_nonce");
if(opt->client_nonce_string) {
- ret = krb5_digest_set_client_nonce(context, digest,
+ ret = krb5_digest_set_client_nonce(context, digest,
opt->client_nonce_string);
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_client_nonce");
@@ -181,7 +185,7 @@ digest_server_request(struct digest_server_request_options *opt,
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_opaque");
- ret = krb5_digest_set_responseData(context, digest,
+ ret = krb5_digest_set_responseData(context, digest,
opt->client_response_string);
if (ret)
krb5_err(context, 1, ret, "krb5_digest_set_responseData");
@@ -213,6 +217,8 @@ digest_server_request(struct digest_server_request_options *opt,
free(key);
}
+ krb5_digest_free(digest);
+
return 0;
}
@@ -221,15 +227,19 @@ client_chap(const void *server_nonce, size_t snoncelen,
unsigned char server_identifier,
const char *password)
{
- MD5_CTX ctx;
+ EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *h;
- MD5_Init(&ctx);
- MD5_Update(&ctx, &server_identifier, 1);
- MD5_Update(&ctx, password, strlen(password));
- MD5_Update(&ctx, server_nonce, snoncelen);
- MD5_Final(md, &ctx);
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+
+ EVP_DigestUpdate(ctx, &server_identifier, 1);
+ EVP_DigestUpdate(ctx, password, strlen(password));
+ EVP_DigestUpdate(ctx, server_nonce, snoncelen);
+ EVP_DigestFinal_ex(ctx, md, NULL);
+
+ EVP_MD_CTX_destroy(ctx);
hex_encode(md, 16, &h);
@@ -262,27 +272,31 @@ client_mschapv2(const void *server_nonce, size_t snoncelen,
const char *username,
const char *password)
{
- SHA_CTX ctx;
- MD4_CTX hctx;
- unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
+ EVP_MD_CTX *hctx, *ctx;
+ unsigned char md[SHA_DIGEST_LENGTH], challenge[SHA_DIGEST_LENGTH];
unsigned char hmd[MD4_DIGEST_LENGTH];
struct ntlm_buf answer;
int i, len, ret;
char *h;
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, client_nonce, cnoncelen);
- SHA1_Update(&ctx, server_nonce, snoncelen);
- SHA1_Update(&ctx, username, strlen(username));
- SHA1_Final(md, &ctx);
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+
+ EVP_DigestUpdate(ctx, client_nonce, cnoncelen);
+ EVP_DigestUpdate(ctx, server_nonce, snoncelen);
+ EVP_DigestUpdate(ctx, username, strlen(username));
+ EVP_DigestFinal_ex(ctx, md, NULL);
- MD4_Init(&hctx);
+
+ hctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(hctx, EVP_md4(), NULL);
len = strlen(password);
for (i = 0; i < len; i++) {
- MD4_Update(&hctx, &password[i], 1);
- MD4_Update(&hctx, &password[len], 1);
- }
- MD4_Final(hmd, &hctx);
+ EVP_DigestUpdate(hctx, &password[i], 1);
+ EVP_DigestUpdate(hctx, &password[len], 1);
+ }
+ EVP_DigestFinal_ex(hctx, hmd, NULL);
+
/* ChallengeResponse */
ret = heim_ntlm_calculate_ntlm1(hmd, sizeof(hmd), md, &answer);
@@ -294,51 +308,55 @@ client_mschapv2(const void *server_nonce, size_t snoncelen,
free(h);
/* PasswordHash */
- MD4_Init(&hctx);
- MD4_Update(&hctx, hmd, sizeof(hmd));
- MD4_Final(hmd, &hctx);
+ EVP_DigestInit_ex(hctx, EVP_md4(), NULL);
+ EVP_DigestUpdate(hctx, hmd, sizeof(hmd));
+ EVP_DigestFinal_ex(hctx, hmd, NULL);
+
/* GenerateAuthenticatorResponse */
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, hmd, sizeof(hmd));
- SHA1_Update(&ctx, answer.data, answer.length);
- SHA1_Update(&ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1));
- SHA1_Final(md, &ctx);
-
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, hmd, sizeof(hmd));
+ EVP_DigestUpdate(ctx, answer.data, answer.length);
+ EVP_DigestUpdate(ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1));
+ EVP_DigestFinal_ex(ctx, md, NULL);
+
/* ChallengeHash */
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, client_nonce, cnoncelen);
- SHA1_Update(&ctx, server_nonce, snoncelen);
- SHA1_Update(&ctx, username, strlen(username));
- SHA1_Final(challange, &ctx);
-
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, md, sizeof(md));
- SHA1_Update(&ctx, challange, 8);
- SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
- SHA1_Final(md, &ctx);
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, client_nonce, cnoncelen);
+ EVP_DigestUpdate(ctx, server_nonce, snoncelen);
+ EVP_DigestUpdate(ctx, username, strlen(username));
+ EVP_DigestFinal_ex(ctx, challenge, NULL);
+
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, md, sizeof(md));
+ EVP_DigestUpdate(ctx, challenge, 8);
+ EVP_DigestUpdate(ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
+ EVP_DigestFinal_ex(ctx, md, NULL);
hex_encode(md, sizeof(md), &h);
printf("AuthenticatorResponse=%s\n", h);
free(h);
/* get_master, rfc 3079 3.4 */
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, hmd, sizeof(hmd));
- SHA1_Update(&ctx, answer.data, answer.length);
- SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
- SHA1_Final(md, &ctx);
+ EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctx, hmd, sizeof(hmd));
+ EVP_DigestUpdate(ctx, answer.data, answer.length);
+ EVP_DigestUpdate(ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
+ EVP_DigestFinal_ex(ctx, md, NULL);
free(answer.data);
hex_encode(md, 16, &h);
printf("session-key=%s\n", h);
free(h);
+
+ EVP_MD_CTX_destroy(hctx);
+ EVP_MD_CTX_destroy(ctx);
}
int
-digest_client_request(struct digest_client_request_options *opt,
+digest_client_request(struct digest_client_request_options *opt,
int argc, char **argv)
{
char *server_nonce, *client_nonce = NULL, server_identifier;
@@ -358,7 +376,7 @@ digest_client_request(struct digest_client_request_options *opt,
errx(1, "server_nonce");
snoncelen = hex_decode(opt->server_nonce_string, server_nonce, snoncelen);
- if (snoncelen <= 0)
+ if (snoncelen <= 0)
errx(1, "server nonce wrong");
if (opt->client_nonce_string) {
@@ -366,10 +384,10 @@ digest_client_request(struct digest_client_request_options *opt,
client_nonce = malloc(cnoncelen);
if (client_nonce == NULL)
errx(1, "client_nonce");
-
- cnoncelen = hex_decode(opt->client_nonce_string,
+
+ cnoncelen = hex_decode(opt->client_nonce_string,
client_nonce, cnoncelen);
- if (cnoncelen <= 0)
+ if (cnoncelen <= 0)
errx(1, "client nonce wrong");
}
@@ -385,7 +403,7 @@ digest_client_request(struct digest_client_request_options *opt,
if (opt->server_identifier_string == NULL)
errx(1, "server identifier missing");
- client_chap(server_nonce, snoncelen, server_identifier,
+ client_chap(server_nonce, snoncelen, server_identifier,
opt->password_string);
} else if (strcasecmp(opt->type_string, "MS-CHAP-V2") == 0) {
@@ -395,11 +413,13 @@ digest_client_request(struct digest_client_request_options *opt,
errx(1, "client nonce missing");
client_mschapv2(server_nonce, snoncelen,
- client_nonce, cnoncelen,
+ client_nonce, cnoncelen,
opt->username_string,
opt->password_string);
}
-
+ if (client_nonce)
+ free(client_nonce);
+ free(server_nonce);
return 0;
}
@@ -413,9 +433,10 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
krb5_error_code ret;
krb5_ntlm ntlm;
struct ntlm_type2 type2;
- krb5_data challange, opaque;
+ krb5_data challenge, opaque;
struct ntlm_buf data;
char *s;
+ static char zero2[] = "\x00\x00";
memset(&type2, 0, sizeof(type2));
@@ -423,7 +444,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
if (ret)
krb5_err(context, 1, ret, "krb5_ntlm_alloc");
- ret = krb5_ntlm_init_request(context,
+ ret = krb5_ntlm_init_request(context,
ntlm,
opt->kerberos_realm_string,
id,
@@ -437,29 +458,29 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
*
*/
- ret = krb5_ntlm_init_get_challange(context, ntlm, &challange);
+ ret = krb5_ntlm_init_get_challange(context, ntlm, &challenge);
if (ret)
krb5_err(context, 1, ret, "krb5_ntlm_init_get_challange");
- if (challange.length != sizeof(type2.challange))
- krb5_errx(context, 1, "ntlm challange have wrong length");
- memcpy(type2.challange, challange.data, sizeof(type2.challange));
- krb5_data_free(&challange);
+ if (challenge.length != sizeof(type2.challenge))
+ krb5_errx(context, 1, "ntlm challenge have wrong length");
+ memcpy(type2.challenge, challenge.data, sizeof(type2.challenge));
+ krb5_data_free(&challenge);
ret = krb5_ntlm_init_get_flags(context, ntlm, &type2.flags);
if (ret)
krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags");
krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname);
- type2.targetinfo.data = "\x00\x00";
+ type2.targetinfo.data = zero2;
type2.targetinfo.length = 2;
-
+
ret = heim_ntlm_encode_type2(&type2, &data);
if (ret)
krb5_errx(context, 1, "heim_ntlm_encode_type2");
free(type2.targetname);
-
+
/*
*
*/
@@ -519,7 +540,7 @@ main(int argc, char **argv)
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
-
+
if (help_flag)
usage (0);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 09:40:30 +0000