Browse Source

[ntlm] Add support for NTLM authentication mechanism

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 7 years ago
parent
commit
fc2f0dd930
5 changed files with 847 additions and 0 deletions
  1. 334
    0
      src/crypto/ntlm.c
  2. 1
    0
      src/include/ipxe/errfile.h
  3. 199
    0
      src/include/ipxe/ntlm.h
  4. 312
    0
      src/tests/ntlm_test.c
  5. 1
    0
      src/tests/tests.c

+ 334
- 0
src/crypto/ntlm.c View File

@@ -0,0 +1,334 @@
1
+/*
2
+ * Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17
+ * 02110-1301, USA.
18
+ *
19
+ * You can also choose to distribute this program under the terms of
20
+ * the Unmodified Binary Distribution Licence (as given in the file
21
+ * COPYING.UBDL), provided that you have satisfied its requirements.
22
+ */
23
+
24
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
+
26
+/** @file
27
+ *
28
+ * NT LAN Manager (NTLM) authentication
29
+ *
30
+ */
31
+
32
+#include <stdlib.h>
33
+#include <string.h>
34
+#include <ctype.h>
35
+#include <errno.h>
36
+#include <byteswap.h>
37
+#include <ipxe/md4.h>
38
+#include <ipxe/md5.h>
39
+#include <ipxe/hmac.h>
40
+#include <ipxe/ntlm.h>
41
+
42
+/** Negotiate message
43
+ *
44
+ * This message content is fixed since there is no need to specify the
45
+ * calling workstation name or domain name, and the set of flags is
46
+ * mandated by the MS-NLMP specification.
47
+ */
48
+const struct ntlm_negotiate ntlm_negotiate = {
49
+	.header = {
50
+		.magic = NTLM_MAGIC,
51
+		.type = cpu_to_le32 ( NTLM_NEGOTIATE ),
52
+	},
53
+	.flags = cpu_to_le32 ( NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY |
54
+			       NTLM_NEGOTIATE_ALWAYS_SIGN |
55
+			       NTLM_NEGOTIATE_NTLM |
56
+			       NTLM_REQUEST_TARGET |
57
+			       NTLM_NEGOTIATE_UNICODE ),
58
+};
59
+
60
+/**
61
+ * Parse NTLM Challenge
62
+ *
63
+ * @v challenge		Challenge message
64
+ * @v len		Length of Challenge message
65
+ * @v info		Challenge information to fill in
66
+ * @ret rc		Return status code
67
+ */
68
+int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len,
69
+		     struct ntlm_challenge_info *info ) {
70
+	size_t offset;
71
+
72
+	DBGC ( challenge, "NTLM challenge message:\n" );
73
+	DBGC_HDA ( challenge, 0, challenge, len );
74
+
75
+	/* Sanity checks */
76
+	if ( len < sizeof ( *challenge ) ) {
77
+		DBGC ( challenge, "NTLM underlength challenge (%zd bytes)\n",
78
+		       len );
79
+		return -EINVAL;
80
+	}
81
+
82
+	/* Extract nonce */
83
+	info->nonce = &challenge->nonce;
84
+	DBGC ( challenge, "NTLM challenge nonce:\n" );
85
+	DBGC_HDA ( challenge, 0, info->nonce, sizeof ( *info->nonce ) );
86
+
87
+	/* Extract target information */
88
+	info->len = le16_to_cpu ( challenge->info.len );
89
+	offset = le32_to_cpu ( challenge->info.offset );
90
+	if ( ( offset > len ) ||
91
+	     ( info->len > ( len - offset ) ) ) {
92
+		DBGC ( challenge, "NTLM target information outside "
93
+		       "challenge\n" );
94
+		DBGC_HDA ( challenge, 0, challenge, len );
95
+		return -EINVAL;
96
+	}
97
+	info->target = ( ( ( void * ) challenge ) + offset );
98
+	DBGC ( challenge, "NTLM challenge target information:\n" );
99
+	DBGC_HDA ( challenge, 0, info->target, info->len );
100
+
101
+	return 0;
102
+}
103
+
104
+/**
105
+ * Calculate NTLM verification key
106
+ *
107
+ * @v domain		Domain name (or NULL)
108
+ * @v username		User name (or NULL)
109
+ * @v password		Password (or NULL)
110
+ * @v key		Key to fill in
111
+ *
112
+ * This is the NTOWFv2() function as defined in MS-NLMP.
113
+ */
114
+void ntlm_key ( const char *domain, const char *username,
115
+		const char *password, struct ntlm_key *key ) {
116
+	struct digest_algorithm *md4 = &md4_algorithm;
117
+	struct digest_algorithm *md5 = &md5_algorithm;
118
+	union {
119
+		uint8_t md4[MD4_CTX_SIZE];
120
+		uint8_t md5[MD5_CTX_SIZE];
121
+	} ctx;
122
+	uint8_t digest[MD4_DIGEST_SIZE];
123
+	size_t digest_len;
124
+	uint8_t c;
125
+	uint16_t wc;
126
+
127
+	/* Use empty usernames/passwords if not specified */
128
+	if ( ! domain )
129
+		domain = "";
130
+	if ( ! username )
131
+		username = "";
132
+	if ( ! password )
133
+		password = "";
134
+
135
+	/* Construct MD4 digest of (Unicode) password */
136
+	digest_init ( md4, ctx.md4 );
137
+	while ( ( c = *(password++) ) ) {
138
+		wc = cpu_to_le16 ( c );
139
+		digest_update ( md4, ctx.md4, &wc, sizeof ( wc ) );
140
+	}
141
+	digest_final ( md4, ctx.md4, digest );
142
+
143
+	/* Construct HMAC-MD5 of (Unicode) upper-case username */
144
+	digest_len = sizeof ( digest );
145
+	hmac_init ( md5, ctx.md5, digest, &digest_len );
146
+	while ( ( c = *(username++) ) ) {
147
+		wc = cpu_to_le16 ( toupper ( c ) );
148
+		hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) );
149
+	}
150
+	while ( ( c = *(domain++) ) ) {
151
+		wc = cpu_to_le16 ( c );
152
+		hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) );
153
+	}
154
+	hmac_final ( md5, ctx.md5, digest, &digest_len, key->raw );
155
+	DBGC ( key, "NTLM key:\n" );
156
+	DBGC_HDA ( key, 0, key, sizeof ( *key ) );
157
+}
158
+
159
+/**
160
+ * Construct NTLM responses
161
+ *
162
+ * @v info		Challenge information
163
+ * @v key		Verification key
164
+ * @v nonce		Nonce, or NULL to use a random nonce
165
+ * @v lm		LAN Manager response to fill in
166
+ * @v nt		NT response to fill in
167
+ */
168
+void ntlm_response ( struct ntlm_challenge_info *info, struct ntlm_key *key,
169
+		     struct ntlm_nonce *nonce, struct ntlm_lm_response *lm,
170
+		     struct ntlm_nt_response *nt ) {
171
+	struct digest_algorithm *md5 = &md5_algorithm;
172
+	struct ntlm_nonce tmp_nonce;
173
+	uint8_t ctx[MD5_CTX_SIZE];
174
+	size_t key_len = sizeof ( *key );
175
+	unsigned int i;
176
+
177
+	/* Generate random nonce, if needed */
178
+	if ( ! nonce ) {
179
+		for ( i = 0 ; i < sizeof ( tmp_nonce ) ; i++ )
180
+			tmp_nonce.raw[i] = random();
181
+		nonce = &tmp_nonce;
182
+	}
183
+
184
+	/* Construct LAN Manager response */
185
+	memcpy ( &lm->nonce, nonce, sizeof ( lm->nonce ) );
186
+	hmac_init ( md5, ctx, key->raw, &key_len );
187
+	hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) );
188
+	hmac_update ( md5, ctx, &lm->nonce, sizeof ( lm->nonce ) );
189
+	hmac_final ( md5, ctx, key->raw, &key_len, lm->digest );
190
+	DBGC ( key, "NTLM LAN Manager response:\n" );
191
+	DBGC_HDA ( key, 0, lm, sizeof ( *lm ) );
192
+
193
+	/* Construct NT response */
194
+	memset ( nt, 0, sizeof ( *nt ) );
195
+	nt->version = NTLM_VERSION_NTLMV2;
196
+	nt->high = NTLM_VERSION_NTLMV2;
197
+	memcpy ( &nt->nonce, nonce, sizeof ( nt->nonce ) );
198
+	hmac_init ( md5, ctx, key->raw, &key_len );
199
+	hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) );
200
+	hmac_update ( md5, ctx, &nt->version,
201
+		      ( sizeof ( *nt ) -
202
+			offsetof ( typeof ( *nt ), version ) ) );
203
+	hmac_update ( md5, ctx, info->target, info->len );
204
+	hmac_update ( md5, ctx, &nt->zero, sizeof ( nt->zero ) );
205
+	hmac_final ( md5, ctx, key->raw, &key_len, nt->digest );
206
+	DBGC ( key, "NTLM NT response prefix:\n" );
207
+	DBGC_HDA ( key, 0, nt, sizeof ( *nt ) );
208
+}
209
+
210
+/**
211
+ * Append data to NTLM message
212
+ *
213
+ * @v header		Message header, or NULL to only calculate next payload
214
+ * @v data		Data descriptor
215
+ * @v payload		Data payload
216
+ * @v len		Length of data
217
+ * @ret payload		Next data payload
218
+ */
219
+static void * ntlm_append ( struct ntlm_header *header, struct ntlm_data *data,
220
+			    void *payload, size_t len ) {
221
+
222
+	/* Populate data descriptor */
223
+	if ( header ) {
224
+		data->offset = cpu_to_le32 ( payload - ( ( void * ) header ) );
225
+		data->len = data->max_len = cpu_to_le16 ( len );
226
+	}
227
+
228
+	return ( payload + len );
229
+}
230
+
231
+/**
232
+ * Append Unicode string data to NTLM message
233
+ *
234
+ * @v header		Message header, or NULL to only calculate next payload
235
+ * @v data		Data descriptor
236
+ * @v payload		Data payload
237
+ * @v string		String to append, or NULL
238
+ * @ret payload		Next data payload
239
+ */
240
+static void * ntlm_append_string ( struct ntlm_header *header,
241
+				   struct ntlm_data *data, void *payload,
242
+				   const char *string ) {
243
+	uint16_t *tmp = payload;
244
+	uint8_t c;
245
+
246
+	/* Convert string to Unicode */
247
+	for ( tmp = payload ; ( string && ( c = *(string++) ) ) ; tmp++ ) {
248
+		if ( header )
249
+			*tmp = cpu_to_le16 ( c );
250
+	}
251
+
252
+	/* Append string data */
253
+	return ntlm_append ( header, data, payload,
254
+			     ( ( ( void * ) tmp ) - payload ) );
255
+}
256
+
257
+/**
258
+ * Construct NTLM Authenticate message
259
+ *
260
+ * @v info		Challenge information
261
+ * @v domain		Domain name, or NULL
262
+ * @v username		User name, or NULL
263
+ * @v workstation	Workstation name, or NULL
264
+ * @v lm		LAN Manager response
265
+ * @v nt		NT response
266
+ * @v auth		Message to fill in, or NULL to only calculate length
267
+ * @ret len		Length of message
268
+ */
269
+size_t ntlm_authenticate ( struct ntlm_challenge_info *info, const char *domain,
270
+			   const char *username, const char *workstation,
271
+			   struct ntlm_lm_response *lm,
272
+			   struct ntlm_nt_response *nt,
273
+			   struct ntlm_authenticate *auth ) {
274
+	void *tmp;
275
+	size_t nt_len;
276
+	size_t len;
277
+
278
+	/* Construct response header */
279
+	if ( auth ) {
280
+		memset ( auth, 0, sizeof ( *auth ) );
281
+		memcpy ( auth->header.magic, ntlm_negotiate.header.magic,
282
+			 sizeof ( auth->header.magic ) );
283
+		auth->header.type = cpu_to_le32 ( NTLM_AUTHENTICATE );
284
+		auth->flags = ntlm_negotiate.flags;
285
+	}
286
+	tmp = ( ( ( void * ) auth ) + sizeof ( *auth ) );
287
+
288
+	/* Construct LAN Manager response */
289
+	if ( auth )
290
+		memcpy ( tmp, lm, sizeof ( *lm ) );
291
+	tmp = ntlm_append ( &auth->header, &auth->lm, tmp, sizeof ( *lm ) );
292
+
293
+	/* Construct NT response */
294
+	nt_len = ( sizeof ( *nt ) + info->len + sizeof ( nt->zero ) );
295
+	if ( auth ) {
296
+		memcpy ( tmp, nt, sizeof ( *nt ) );
297
+		memcpy ( ( tmp + sizeof ( *nt ) ), info->target, info->len );
298
+		memset ( ( tmp + sizeof ( *nt ) + info->len ), 0,
299
+			 sizeof ( nt->zero ) );
300
+	}
301
+	tmp = ntlm_append ( &auth->header, &auth->nt, tmp, nt_len );
302
+
303
+	/* Populate domain, user, and workstation names */
304
+	tmp = ntlm_append_string ( &auth->header, &auth->domain, tmp, domain );
305
+	tmp = ntlm_append_string ( &auth->header, &auth->user, tmp, username );
306
+	tmp = ntlm_append_string ( &auth->header, &auth->workstation, tmp,
307
+				   workstation );
308
+
309
+	/* Calculate length */
310
+	len = ( tmp - ( ( void * ) auth ) );
311
+	if ( auth ) {
312
+		DBGC ( auth, "NTLM authenticate message:\n" );
313
+		DBGC_HDA ( auth, 0, auth, len );
314
+	}
315
+
316
+	return len;
317
+}
318
+
319
+/**
320
+ * Calculate NTLM Authenticate message length
321
+ *
322
+ * @v info		Challenge information
323
+ * @v domain		Domain name, or NULL
324
+ * @v username		User name, or NULL
325
+ * @v workstation	Workstation name, or NULL
326
+ * @ret len		Length of Authenticate message
327
+ */
328
+size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info,
329
+			       const char *domain, const char *username,
330
+			       const char *workstation ) {
331
+
332
+	return ntlm_authenticate ( info, domain, username, workstation,
333
+				   NULL, NULL, NULL );
334
+}

+ 1
- 0
src/include/ipxe/errfile.h View File

@@ -370,6 +370,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
370 370
 #define ERRFILE_efi_entropy	      ( ERRFILE_OTHER | 0x004e0000 )
371 371
 #define ERRFILE_cert_cmd	      ( ERRFILE_OTHER | 0x004f0000 )
372 372
 #define ERRFILE_acpi_settings	      ( ERRFILE_OTHER | 0x00500000 )
373
+#define ERRFILE_ntlm		      ( ERRFILE_OTHER | 0x00510000 )
373 374
 
374 375
 /** @} */
375 376
 

+ 199
- 0
src/include/ipxe/ntlm.h View File

@@ -0,0 +1,199 @@
1
+#ifndef _IPXE_NTLM_H
2
+#define _IPXE_NTLM_H
3
+
4
+/** @file
5
+ *
6
+ * NT LAN Manager (NTLM) authentication
7
+ *
8
+ */
9
+
10
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11
+
12
+#include <stdint.h>
13
+#include <ipxe/crypto.h>
14
+#include <ipxe/md5.h>
15
+
16
+/** A message header */
17
+struct ntlm_header {
18
+	/** Magic signature */
19
+	uint8_t magic[8];
20
+	/** Message type */
21
+	uint32_t type;
22
+} __attribute__ (( packed ));
23
+
24
+/** Magic signature */
25
+#define NTLM_MAGIC { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' }
26
+
27
+/** Message types */
28
+enum ntlm_type {
29
+	/** Negotiate message type */
30
+	NTLM_NEGOTIATE = 0x00000001UL,
31
+	/** Challenge message type */
32
+	NTLM_CHALLENGE = 0x00000002UL,
33
+	/** Authenticate message */
34
+	NTLM_AUTHENTICATE = 0x00000003UL,
35
+};
36
+
37
+/** Negotiation flags */
38
+enum ntlm_flags {
39
+	/** Negotiate key exchange */
40
+	NTLM_NEGOTIATE_KEY_EXCH = 0x20000000UL,
41
+	/** Negotiate extended security */
42
+	NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000UL,
43
+	/** Negotiate always sign */
44
+	NTLM_NEGOTIATE_ALWAYS_SIGN = 0x00008000UL,
45
+	/** Negotiate NTLM key */
46
+	NTLM_NEGOTIATE_NTLM = 0x00000200UL,
47
+	/** Request target name and information */
48
+	NTLM_REQUEST_TARGET = 0x00000004UL,
49
+	/** Negotiate Unicode character encoding */
50
+	NTLM_NEGOTIATE_UNICODE = 0x00000001UL,
51
+};
52
+
53
+/** A version descriptor */
54
+struct ntlm_version {
55
+	/** Product major version */
56
+	uint8_t major;
57
+	/** Product minor version */
58
+	uint8_t minor;
59
+	/** Product build number */
60
+	uint16_t build;
61
+	/** Reserved */
62
+	uint8_t reserved[3];
63
+	/** NTLMSSP revision */
64
+	uint8_t revision;
65
+} __attribute__ (( packed ));
66
+
67
+/** A nonce */
68
+struct ntlm_nonce {
69
+	/** Raw bytes */
70
+	uint8_t raw[8];
71
+} __attribute__ (( packed ));
72
+
73
+/** A variable-length data descriptor */
74
+struct ntlm_data {
75
+	/** Length (in bytes) */
76
+	uint16_t len;
77
+	/** Maximum length (in bytes)
78
+	 *
79
+	 * Should always be set equal to the length; this field is
80
+	 * entirely superfluous.
81
+	 */
82
+	uint16_t max_len;
83
+	/** Offset from start of message header */
84
+	uint32_t offset;
85
+} __attribute__ (( packed ));
86
+
87
+/** A Negotiate message */
88
+struct ntlm_negotiate {
89
+	/** Message header */
90
+	struct ntlm_header header;
91
+	/** Negotiation flags */
92
+	uint32_t flags;
93
+	/** Domain name */
94
+	struct ntlm_data domain;
95
+	/** Workstation name */
96
+	struct ntlm_data workstation;
97
+} __attribute__ (( packed ));
98
+
99
+/** A Challenge message */
100
+struct ntlm_challenge {
101
+	/** Message header */
102
+	struct ntlm_header header;
103
+	/** Target name */
104
+	struct ntlm_data name;
105
+	/** Negotiation flags */
106
+	uint32_t flags;
107
+	/** Server nonce */
108
+	struct ntlm_nonce nonce;
109
+	/** Reserved */
110
+	uint8_t reserved[8];
111
+	/** Target information */
112
+	struct ntlm_data info;
113
+} __attribute__ (( packed ));
114
+
115
+/** An Authenticate message */
116
+struct ntlm_authenticate {
117
+	/** Message header */
118
+	struct ntlm_header header;
119
+	/** LAN Manager response */
120
+	struct ntlm_data lm;
121
+	/** NT response */
122
+	struct ntlm_data nt;
123
+	/** Domain name */
124
+	struct ntlm_data domain;
125
+	/** User name */
126
+	struct ntlm_data user;
127
+	/** Workstation name */
128
+	struct ntlm_data workstation;
129
+	/** Session key */
130
+	struct ntlm_data session;
131
+	/** Negotiation flags */
132
+	uint32_t flags;
133
+} __attribute__ (( packed ));
134
+
135
+/** A LAN Manager response */
136
+struct ntlm_lm_response {
137
+	/** HMAC-MD5 digest */
138
+	uint8_t digest[MD5_DIGEST_SIZE];
139
+	/** Client nonce */
140
+	struct ntlm_nonce nonce;
141
+} __attribute__ (( packed ));
142
+
143
+/** An NT response */
144
+struct ntlm_nt_response {
145
+	/** HMAC-MD5 digest */
146
+	uint8_t digest[MD5_DIGEST_SIZE];
147
+	/** Response version */
148
+	uint8_t version;
149
+	/** Highest response version */
150
+	uint8_t high;
151
+	/** Reserved */
152
+	uint8_t reserved_a[6];
153
+	/** Current time */
154
+	uint64_t time;
155
+	/** Client nonce */
156
+	struct ntlm_nonce nonce;
157
+	/** Must be zero */
158
+	uint32_t zero;
159
+} __attribute__ (( packed ));
160
+
161
+/** NTLM version */
162
+#define NTLM_VERSION_NTLMV2 0x01
163
+
164
+/** NTLM challenge information */
165
+struct ntlm_challenge_info {
166
+	/** Server nonce */
167
+	struct ntlm_nonce *nonce;
168
+	/** Target information */
169
+	void *target;
170
+	/** Length of target information */
171
+	size_t len;
172
+};
173
+
174
+/** An NTLM verification key */
175
+struct ntlm_key {
176
+	/** Raw bytes */
177
+	uint8_t raw[MD5_DIGEST_SIZE];
178
+};
179
+
180
+extern const struct ntlm_negotiate ntlm_negotiate;
181
+extern int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len,
182
+			    struct ntlm_challenge_info *info );
183
+extern void ntlm_key ( const char *domain, const char *username,
184
+		       const char *password, struct ntlm_key *key );
185
+extern void ntlm_response ( struct ntlm_challenge_info *info,
186
+			    struct ntlm_key *key, struct ntlm_nonce *nonce,
187
+			    struct ntlm_lm_response *lm,
188
+			    struct ntlm_nt_response *nt );
189
+extern size_t ntlm_authenticate ( struct ntlm_challenge_info *info,
190
+				  const char *domain, const char *username,
191
+				  const char *workstation,
192
+				  struct ntlm_lm_response *lm,
193
+				  struct ntlm_nt_response *nt,
194
+				  struct ntlm_authenticate *auth );
195
+extern size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info,
196
+				      const char *domain, const char *username,
197
+				      const char *workstation );
198
+
199
+#endif /* _IPXE_NTLM_H */

+ 312
- 0
src/tests/ntlm_test.c View File

@@ -0,0 +1,312 @@
1
+/*
2
+ * Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17
+ * 02110-1301, USA.
18
+ *
19
+ * You can also choose to distribute this program under the terms of
20
+ * the Unmodified Binary Distribution Licence (as given in the file
21
+ * COPYING.UBDL), provided that you have satisfied its requirements.
22
+ */
23
+
24
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
+
26
+/** @file
27
+ *
28
+ * NTLM authentication self-tests
29
+ *
30
+ * The test vectors are taken from the MS-NLMP specification document.
31
+ *
32
+ */
33
+
34
+/* Forcibly enable assertions */
35
+#undef NDEBUG
36
+
37
+#include <stdlib.h>
38
+#include <string.h>
39
+#include <byteswap.h>
40
+#include <ipxe/ntlm.h>
41
+#include <ipxe/test.h>
42
+
43
+/** A key generation test */
44
+struct ntlm_key_test {
45
+	/** Domain name (or NULL) */
46
+	const char *domain;
47
+	/** User name (or NULL) */
48
+	const char *username;
49
+	/** Password (or NULL) */
50
+	const char *password;
51
+	/** Expected key */
52
+	struct ntlm_key expected;
53
+};
54
+
55
+/** An authentication test */
56
+struct ntlm_authenticate_test {
57
+	/** Domain name (or NULL) */
58
+	const char *domain;
59
+	/** User name (or NULL) */
60
+	const char *username;
61
+	/** Password (or NULL) */
62
+	const char *password;
63
+	/** Workstation (or NULL) */
64
+	const char *workstation;
65
+	/** Nonce */
66
+	struct ntlm_nonce nonce;
67
+	/** Challenge message */
68
+	struct ntlm_challenge *challenge;
69
+	/** Length of Challenge message */
70
+	size_t challenge_len;
71
+	/** Expected Authenticate message */
72
+	struct ntlm_authenticate *expected;
73
+	/** Expected length of Authenticate message */
74
+	size_t expected_len;
75
+};
76
+
77
+/** Define inline message data */
78
+#define DATA(...) { __VA_ARGS__ }
79
+
80
+/** Define a key generation digest test */
81
+#define KEY_TEST( name, DOMAIN, USERNAME, PASSWORD, EXPECTED )		\
82
+	static struct ntlm_key_test name = {				\
83
+		.domain = DOMAIN,					\
84
+		.username = USERNAME,					\
85
+		.password = PASSWORD,					\
86
+		.expected = {						\
87
+			.raw = EXPECTED,				\
88
+		},							\
89
+	};
90
+
91
+/** Define an authentication test */
92
+#define AUTHENTICATE_TEST( name, DOMAIN, USERNAME, PASSWORD,		\
93
+			   WORKSTATION, NONCE, CHALLENGE, EXPECTED )	\
94
+	static const uint8_t name ## _challenge[] = CHALLENGE;		\
95
+	static const uint8_t name ## _expected[] = EXPECTED;		\
96
+	static struct ntlm_authenticate_test name = {			\
97
+		.domain = DOMAIN,					\
98
+		.username = USERNAME,					\
99
+		.password = PASSWORD,					\
100
+		.workstation = WORKSTATION,				\
101
+		.nonce = {						\
102
+			.raw = NONCE,					\
103
+		},							\
104
+		.challenge = ( ( void * ) name ## _challenge ),		\
105
+		.challenge_len = sizeof ( name ## _challenge ),		\
106
+		.expected = ( ( void * ) name ## _expected ),		\
107
+		.expected_len = sizeof ( name ## _expected ),		\
108
+	};
109
+
110
+/** NTOWFv2() test from MS-NLMP specification */
111
+KEY_TEST ( msnlmp_ntowfv2, "Domain", "User", "Password",
112
+	DATA ( 0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 0xa3, 0x00,
113
+	       0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f ) );
114
+
115
+/** Authentication test from MS-NLMP specification */
116
+AUTHENTICATE_TEST ( msnlmp_authenticate,
117
+	"Domain", "User", "Password", "COMPUTER",
118
+	DATA ( 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa ),
119
+	DATA ( 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00,
120
+	       0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00,
121
+	       0x33, 0x82, 0x8a, 0xe2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
122
+	       0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123
+	       0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00, 0x06, 0x00,
124
+	       0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00,
125
+	       0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x02, 0x00,
126
+	       0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
127
+	       0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00,
128
+	       0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
129
+	       0x00, 0x00, 0x00, 0x00 ),
130
+	DATA ( 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00,
131
+	       0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x6c, 0x00, 0x00, 0x00,
132
+	       0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00,
133
+	       0x0c, 0x00, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00,
134
+	       0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x5c, 0x00,
135
+	       0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00,
136
+	       0x35, 0x82, 0x88, 0xe2, 0x05, 0x01, 0x28, 0x0a, 0x00, 0x00,
137
+	       0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
138
+	       0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00,
139
+	       0x72, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x50, 0x00,
140
+	       0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3,
141
+	       0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a,
142
+	       0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
143
+	       0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96,
144
+	       0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01,
145
+	       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146
+	       0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
147
+	       0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00,
148
+	       0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00,
149
+	       0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00,
150
+	       0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00,
151
+	       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54,
152
+	       0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9,
153
+	       0xd0, 0x3e ) );
154
+
155
+/**
156
+ * Report key generation test result
157
+ *
158
+ * @v test		Key generation test
159
+ * @v file		Test code file
160
+ * @v line		Test code line
161
+ */
162
+static void ntlm_key_okx ( struct ntlm_key_test *test,
163
+			   const char *file, unsigned int line ) {
164
+	struct ntlm_key key;
165
+
166
+	ntlm_key ( test->domain, test->username, test->password, &key );
167
+	okx ( memcmp ( &key, &test->expected, sizeof ( key ) ) == 0,
168
+	      file, line );
169
+}
170
+#define ntlm_key_ok( test )						\
171
+	ntlm_key_okx ( test, __FILE__, __LINE__ )
172
+
173
+/**
174
+ * Report NTLM variable-length data test result
175
+ *
176
+ * @v msg		Message header
177
+ * @v msg_len		Length of message
178
+ * @v data		Variable-length data descriptor
179
+ * @v expected		Expected message header
180
+ * @v expected_data	Expected variable-length data descriptor
181
+ * @v field		Field name
182
+ * @v file		Test code file
183
+ * @v line		Test code line
184
+ */
185
+static void ntlm_data_okx ( struct ntlm_header *msg, size_t msg_len,
186
+			    struct ntlm_data *data,
187
+			    struct ntlm_header *expected,
188
+			    struct ntlm_data *expected_data,
189
+			    const char *field, const char *file,
190
+			    unsigned int line ) {
191
+	size_t offset;
192
+	size_t len;
193
+	void *raw;
194
+	void *expected_raw;
195
+
196
+	/* Verify data lies within message */
197
+	okx ( data->len == data->max_len, file, line );
198
+	offset = le32_to_cpu ( data->offset );
199
+	len = le16_to_cpu ( data->len );
200
+	okx ( offset <= msg_len, file, line );
201
+	okx ( len <= ( msg_len - offset ), file, line );
202
+
203
+	/* Verify content matches expected content */
204
+	raw = ( ( ( void * ) msg ) + offset );
205
+	expected_raw = ( ( ( void * ) expected ) +
206
+			 le32_to_cpu ( expected_data->offset ) );
207
+	DBGC ( msg, "NTLM %s expected:\n", field );
208
+	DBGC_HDA ( msg, 0, expected_raw, le16_to_cpu ( expected_data->len ) );
209
+	DBGC ( msg, "NTLM %s actual:\n", field );
210
+	DBGC_HDA ( msg, 0, raw, len );
211
+	okx ( data->len == expected_data->len, file, line );
212
+	okx ( memcmp ( raw, expected_raw, len ) == 0, file, line );
213
+}
214
+#define ntlm_data_ok( msg, msg_len, data, expected, expected_data )	\
215
+	ntlm_data_okx ( msg, msg_len, data, expected, expected_data,	\
216
+			__FILE__, __LINE__ )
217
+
218
+/**
219
+ * Report NTLM authentication test result
220
+ *
221
+ * @v test		Authentication test
222
+ * @v file		Test code file
223
+ * @v line		Test code line
224
+ */
225
+static void ntlm_authenticate_okx ( struct ntlm_authenticate_test *test,
226
+				    const char *file, unsigned int line ) {
227
+	struct ntlm_authenticate *expected = test->expected;
228
+	struct ntlm_challenge_info info;
229
+	struct ntlm_authenticate *auth;
230
+	struct ntlm_key key;
231
+	struct ntlm_lm_response lm;
232
+	struct ntlm_nt_response nt;
233
+	size_t len;
234
+
235
+	/* Parse Challenge message */
236
+	okx ( ntlm_challenge ( test->challenge, test->challenge_len,
237
+			       &info ) == 0, file, line );
238
+
239
+	/* Generate key */
240
+	ntlm_key ( test->domain, test->username, test->password, &key );
241
+
242
+	/* Generate responses */
243
+	ntlm_response ( &info, &key, &test->nonce, &lm, &nt );
244
+
245
+	/* Allocate buffer for Authenticate message */
246
+	len = ntlm_authenticate_len ( &info, test->domain, test->username,
247
+				      test->workstation );
248
+	okx ( len >= sizeof ( *auth ), file, line );
249
+	auth = malloc ( len );
250
+	okx ( auth != NULL, file, line );
251
+
252
+	/* Construct Authenticate message */
253
+	okx ( ntlm_authenticate ( &info, test->domain, test->username,
254
+				  test->workstation, &lm, &nt, auth ) == len,
255
+	      file, line );
256
+
257
+	/* Verify header */
258
+	okx ( memcmp ( &auth->header, &expected->header,
259
+		       sizeof ( auth->header ) ) == 0, file, line );
260
+
261
+	/* Verify LAN Manager response */
262
+	ntlm_data_okx ( &auth->header, len, &auth->lm, &expected->header,
263
+			&expected->lm, "LM", file, line );
264
+
265
+	/* Verify NT response */
266
+	ntlm_data_okx ( &auth->header, len, &auth->nt, &expected->header,
267
+			&expected->nt, "NT", file, line );
268
+
269
+	/* Verify domain name */
270
+	ntlm_data_okx ( &auth->header, len, &auth->domain, &expected->header,
271
+			&expected->domain, "domain", file, line );
272
+
273
+	/* Verify user name */
274
+	ntlm_data_okx ( &auth->header, len, &auth->user, &expected->header,
275
+			&expected->user, "user", file, line );
276
+
277
+	/* Verify workstation name */
278
+	ntlm_data_okx ( &auth->header, len, &auth->workstation,
279
+			&expected->header, &expected->workstation,
280
+			"workstation",file, line );
281
+
282
+	/* Verify session key */
283
+	if ( auth->flags & NTLM_NEGOTIATE_KEY_EXCH ) {
284
+		ntlm_data_okx ( &auth->header, len, &auth->session,
285
+				&expected->header, &expected->session,
286
+				"session", file, line );
287
+	}
288
+
289
+	/* Free Authenticate message */
290
+	free ( auth );
291
+}
292
+#define ntlm_authenticate_ok( test )					\
293
+	ntlm_authenticate_okx ( test, __FILE__, __LINE__ )
294
+
295
+/**
296
+ * Perform NTLM self-test
297
+ *
298
+ */
299
+static void ntlm_test_exec ( void ) {
300
+
301
+	/* Verify key generation */
302
+	ntlm_key_ok ( &msnlmp_ntowfv2 );
303
+
304
+	/* Verify authentication response */
305
+	ntlm_authenticate_ok ( &msnlmp_authenticate );
306
+}
307
+
308
+/** NTLM self-test */
309
+struct self_test ntlm_test __self_test = {
310
+	.name = "ntlm",
311
+	.exec = ntlm_test_exec,
312
+};

+ 1
- 0
src/tests/tests.c View File

@@ -72,3 +72,4 @@ REQUIRE_OBJECT ( iobuf_test );
72 72
 REQUIRE_OBJECT ( bitops_test );
73 73
 REQUIRE_OBJECT ( der_test );
74 74
 REQUIRE_OBJECT ( pem_test );
75
+REQUIRE_OBJECT ( ntlm_test );

Loading…
Cancel
Save