mbedtls: Added support for NTLM
This commit is contained in:
Родитель
db3887632c
Коммит
497e7c9d34
|
@ -3697,8 +3697,8 @@ fi
|
||||||
|
|
||||||
if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
|
if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
|
||||||
if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
|
if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
|
||||||
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
|
-o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
|
||||||
-o "x$DARWINSSL_ENABLED" = "x1"; then
|
-o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then
|
||||||
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
|
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
|
||||||
|
|
||||||
if test "x$CURL_DISABLE_HTTP" != "x1" -a \
|
if test "x$CURL_DISABLE_HTTP" != "x1" -a \
|
||||||
|
@ -3770,8 +3770,8 @@ fi
|
||||||
if test "x$CURL_DISABLE_SMB" != "x1" \
|
if test "x$CURL_DISABLE_SMB" != "x1" \
|
||||||
-a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
|
-a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
|
||||||
-a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
|
-a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
|
||||||
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
|
-o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
|
||||||
-o "x$DARWINSSL_ENABLED" = "x1" \); then
|
-o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then
|
||||||
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
|
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
|
||||||
if test "x$SSL_ENABLED" = "x1"; then
|
if test "x$SSL_ENABLED" = "x1"; then
|
||||||
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
|
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
|
||||||
|
|
4
docs/FAQ
4
docs/FAQ
|
@ -968,8 +968,8 @@ FAQ
|
||||||
|
|
||||||
4.9 Curl can't authenticate to the server that requires NTLM?
|
4.9 Curl can't authenticate to the server that requires NTLM?
|
||||||
|
|
||||||
NTLM support requires OpenSSL, GnuTLS, NSS, Secure Transport, or Microsoft
|
NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or
|
||||||
Windows libraries at build-time to provide this functionality.
|
Microsoft Windows libraries at build-time to provide this functionality.
|
||||||
|
|
||||||
NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
|
NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
|
||||||
should not use such ones.
|
should not use such ones.
|
||||||
|
|
|
@ -195,8 +195,8 @@ FOOTNOTES
|
||||||
*7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for
|
*7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for
|
||||||
example, only supports SSLv3 and TLSv1
|
example, only supports SSLv3 and TLSv1
|
||||||
*8 = requires libssh2
|
*8 = requires libssh2
|
||||||
*9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
|
*9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI
|
||||||
Windows)
|
(native Windows)
|
||||||
*10 = requires any of the SSL libraries in (*1) above other than axTLS, which
|
*10 = requires any of the SSL libraries in (*1) above other than axTLS, which
|
||||||
does not support SSLv3
|
does not support SSLv3
|
||||||
*11 = requires libidn or Windows
|
*11 = requires libidn or Windows
|
||||||
|
|
|
@ -76,6 +76,11 @@
|
||||||
# define MD5_DIGEST_LENGTH 16
|
# define MD5_DIGEST_LENGTH 16
|
||||||
# define MD4_DIGEST_LENGTH 16
|
# define MD4_DIGEST_LENGTH 16
|
||||||
|
|
||||||
|
#elif defined(USE_MBEDTLS)
|
||||||
|
|
||||||
|
# include <mbedtls/des.h>
|
||||||
|
# include <mbedtls/md4.h>
|
||||||
|
|
||||||
#elif defined(USE_NSS)
|
#elif defined(USE_NSS)
|
||||||
|
|
||||||
# include <nss.h>
|
# include <nss.h>
|
||||||
|
@ -188,6 +193,26 @@ static void setup_des_key(const unsigned char *key_56,
|
||||||
gcry_cipher_setkey(*des, key, sizeof(key));
|
gcry_cipher_setkey(*des, key, sizeof(key));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#elif defined(USE_MBEDTLS)
|
||||||
|
|
||||||
|
static bool encrypt_des(const unsigned char *in, unsigned char *out,
|
||||||
|
const unsigned char *key_56)
|
||||||
|
{
|
||||||
|
mbedtls_des_context ctx;
|
||||||
|
char key[8];
|
||||||
|
|
||||||
|
/* Expand the 56-bit key to 64-bits */
|
||||||
|
extend_key_56_to_64(key_56, key);
|
||||||
|
|
||||||
|
/* Set the key parity to odd */
|
||||||
|
mbedtls_des_key_set_parity((unsigned char *) key);
|
||||||
|
|
||||||
|
/* Perform the encryption */
|
||||||
|
mbedtls_des_init(&ctx);
|
||||||
|
mbedtls_des_setkey_enc(&ctx, (unsigned char *) key);
|
||||||
|
return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
|
||||||
|
}
|
||||||
|
|
||||||
#elif defined(USE_NSS)
|
#elif defined(USE_NSS)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -400,8 +425,8 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
|
||||||
setup_des_key(keys + 14, &des);
|
setup_des_key(keys + 14, &des);
|
||||||
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
|
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
|
||||||
gcry_cipher_close(des);
|
gcry_cipher_close(des);
|
||||||
#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \
|
#elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \
|
||||||
|| defined(USE_WIN32_CRYPTO)
|
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
|
||||||
encrypt_des(plaintext, results, keys);
|
encrypt_des(plaintext, results, keys);
|
||||||
encrypt_des(plaintext, results + 8, keys + 7);
|
encrypt_des(plaintext, results + 8, keys + 7);
|
||||||
encrypt_des(plaintext, results + 16, keys + 14);
|
encrypt_des(plaintext, results + 16, keys + 14);
|
||||||
|
@ -464,8 +489,8 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
|
||||||
setup_des_key(pw + 7, &des);
|
setup_des_key(pw + 7, &des);
|
||||||
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
|
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
|
||||||
gcry_cipher_close(des);
|
gcry_cipher_close(des);
|
||||||
#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \
|
#elif defined(USE_MBEDTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) \
|
||||||
|| defined(USE_WIN32_CRYPTO)
|
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
|
||||||
encrypt_des(magic, lmbuffer, pw);
|
encrypt_des(magic, lmbuffer, pw);
|
||||||
encrypt_des(magic, lmbuffer + 8, pw + 7);
|
encrypt_des(magic, lmbuffer + 8, pw + 7);
|
||||||
#endif
|
#endif
|
||||||
|
@ -543,6 +568,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
|
||||||
gcry_md_write(MD4pw, pw, 2 * len);
|
gcry_md_write(MD4pw, pw, 2 * len);
|
||||||
memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
|
memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
|
||||||
gcry_md_close(MD4pw);
|
gcry_md_close(MD4pw);
|
||||||
|
#elif defined(USE_MBEDTLS)
|
||||||
|
mbedtls_md4(pw, 2 * len, ntbuffer);
|
||||||
#elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
|
#elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
|
||||||
Curl_md4it(ntbuffer, pw, 2 * len);
|
Curl_md4it(ntbuffer, pw, 2 * len);
|
||||||
#elif defined(USE_DARWINSSL)
|
#elif defined(USE_DARWINSSL)
|
||||||
|
|
|
@ -634,8 +634,9 @@ int netware_init(void);
|
||||||
/* Single point where USE_NTLM definition might be defined */
|
/* Single point where USE_NTLM definition might be defined */
|
||||||
#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
||||||
#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
|
#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
|
||||||
defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \
|
defined(USE_GNUTLS) || defined(USE_MBEDTLS) || defined(USE_NSS) || \
|
||||||
defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
|
defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) || \
|
||||||
|
defined(USE_WIN32_CRYPTO)
|
||||||
|
|
||||||
#define USE_NTLM
|
#define USE_NTLM
|
||||||
#endif
|
#endif
|
||||||
|
|
Загрузка…
Ссылка в новой задаче