mbedtls: Added support for NTLM

This commit is contained in:
Bill Nagel 2016-07-07 08:40:45 -07:00 коммит произвёл Steve Holme
Родитель db3887632c
Коммит 497e7c9d34
5 изменённых файлов: 42 добавлений и 14 удалений

Просмотреть файл

@ -3697,8 +3697,8 @@ fi
if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
-o "x$DARWINSSL_ENABLED" = "x1"; then -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
if test "x$CURL_DISABLE_HTTP" != "x1" -a \ if test "x$CURL_DISABLE_HTTP" != "x1" -a \
@ -3770,8 +3770,8 @@ fi
if test "x$CURL_DISABLE_SMB" != "x1" \ if test "x$CURL_DISABLE_SMB" != "x1" \
-a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
-o "x$DARWINSSL_ENABLED" = "x1" \); then -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
if test "x$SSL_ENABLED" = "x1"; then if test "x$SSL_ENABLED" = "x1"; then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"

Просмотреть файл

@ -968,8 +968,8 @@ FAQ
4.9 Curl can't authenticate to the server that requires NTLM? 4.9 Curl can't authenticate to the server that requires NTLM?
NTLM support requires OpenSSL, GnuTLS, NSS, Secure Transport, or Microsoft NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or
Windows libraries at build-time to provide this functionality. Microsoft Windows libraries at build-time to provide this functionality.
NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
should not use such ones. should not use such ones.

Просмотреть файл

@ -195,8 +195,8 @@ FOOTNOTES
*7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for
example, only supports SSLv3 and TLSv1 example, only supports SSLv3 and TLSv1
*8 = requires libssh2 *8 = requires libssh2
*9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI
Windows) (native Windows)
*10 = requires any of the SSL libraries in (*1) above other than axTLS, which *10 = requires any of the SSL libraries in (*1) above other than axTLS, which
does not support SSLv3 does not support SSLv3
*11 = requires libidn or Windows *11 = requires libidn or Windows

Просмотреть файл

@ -76,6 +76,11 @@
# define MD5_DIGEST_LENGTH 16 # define MD5_DIGEST_LENGTH 16
# define MD4_DIGEST_LENGTH 16 # define MD4_DIGEST_LENGTH 16
#elif defined(USE_MBEDTLS)
# include <mbedtls/des.h>
# include <mbedtls/md4.h>
#elif defined(USE_NSS) #elif defined(USE_NSS)
# include <nss.h> # include <nss.h>
@ -188,6 +193,26 @@ static void setup_des_key(const unsigned char *key_56,
gcry_cipher_setkey(*des, key, sizeof(key)); gcry_cipher_setkey(*des, key, sizeof(key));
} }
#elif defined(USE_MBEDTLS)
static bool encrypt_des(const unsigned char *in, unsigned char *out,
const unsigned char *key_56)
{
mbedtls_des_context ctx;
char key[8];
/* Expand the 56-bit key to 64-bits */
extend_key_56_to_64(key_56, key);
/* Set the key parity to odd */
mbedtls_des_key_set_parity((unsigned char *) key);
/* Perform the encryption */
mbedtls_des_init(&ctx);
mbedtls_des_setkey_enc(&ctx, (unsigned char *) key);
return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
}
#elif defined(USE_NSS) #elif defined(USE_NSS)
/* /*
@ -400,8 +425,8 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
setup_des_key(keys + 14, &des); setup_des_key(keys + 14, &des);
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \ #elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \
|| defined(USE_WIN32_CRYPTO) || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results, keys);
encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 8, keys + 7);
encrypt_des(plaintext, results + 16, keys + 14); encrypt_des(plaintext, results + 16, keys + 14);
@ -464,8 +489,8 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
setup_des_key(pw + 7, &des); setup_des_key(pw + 7, &des);
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \ #elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \
|| defined(USE_WIN32_CRYPTO) || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer, pw);
encrypt_des(magic, lmbuffer + 8, pw + 7); encrypt_des(magic, lmbuffer + 8, pw + 7);
#endif #endif
@ -543,6 +568,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
gcry_md_write(MD4pw, pw, 2 * len); gcry_md_write(MD4pw, pw, 2 * len);
memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH); memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
gcry_md_close(MD4pw); gcry_md_close(MD4pw);
#elif defined(USE_MBEDTLS)
mbedtls_md4(pw, 2 * len, ntbuffer);
#elif defined(USE_NSS) || defined(USE_OS400CRYPTO) #elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
Curl_md4it(ntbuffer, pw, 2 * len); Curl_md4it(ntbuffer, pw, 2 * len);
#elif defined(USE_DARWINSSL) #elif defined(USE_DARWINSSL)

Просмотреть файл

@ -634,8 +634,9 @@ int netware_init(void);
/* Single point where USE_NTLM definition might be defined */ /* Single point where USE_NTLM definition might be defined */
#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH) #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \ #if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \ defined(USE_GNUTLS) || defined(USE_MBEDTLS) || defined(USE_NSS) || \
defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) || \
defined(USE_WIN32_CRYPTO)
#define USE_NTLM #define USE_NTLM
#endif #endif