NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
+ UINT32 MessageIntegrityCheckOffset;
SecBuffer NegotiateMessage;
SecBuffer ChallengeMessage;
SecBuffer AuthenticateMessage;
BYTE ClientSealingKey[16];
BYTE ServerSigningKey[16];
BYTE ServerSealingKey[16];
- BYTE MessageIntegrityCheck[16];
- UINT32 MessageIntegrityCheckOffset;
psPeerComputeNtlmHash HashCallback;
void* HashCallbackArg;
};
#include "config.h"
#endif
+#include <assert.h>
+
#include "ntlm.h"
#include "../sspi.h"
}
}
-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size)
{
/*
* Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
*/
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
+ assert(size >= WINPR_MD5_DIGEST_LENGTH);
+
if (!hmac)
return;
context->ChallengeMessage.cbBuffer);
winpr_HMAC_Update(hmac, (BYTE*) context->AuthenticateMessage.pvBuffer,
context->AuthenticateMessage.cbBuffer);
- winpr_HMAC_Final(hmac, context->MessageIntegrityCheck, WINPR_MD5_DIGEST_LENGTH);
+ winpr_HMAC_Final(hmac, mic, WINPR_MD5_DIGEST_LENGTH);
}
winpr_HMAC_Free(hmac);
if (context->UseMIC)
{
/* Message Integrity Check */
- ntlm_compute_message_integrity_check(context);
+ ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck, 16);
Stream_SetPosition(s, context->MessageIntegrityCheckOffset);
- Stream_Write(s, context->MessageIntegrityCheck, 16);
+ Stream_Write(s, message->MessageIntegrityCheck, 16);
Stream_SetPosition(s, length);
}
if (context->UseMIC)
{
WLog_DBG(TAG, "MessageIntegrityCheck (length = 16)");
- winpr_HexDump(TAG, WLOG_DEBUG, context->MessageIntegrityCheck, 16);
+ winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
}
#endif
UINT32 flags = 0;
NTLM_AV_PAIR* AvFlags = NULL;
NTLM_AUTHENTICATE_MESSAGE* message;
+ BYTE messageIntegrityCheck[16];
if (context->state != NTLM_STATE_COMPLETION)
return SEC_E_OUT_OF_SEQUENCE;
{
ZeroMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
16);
- ntlm_compute_message_integrity_check(context);
+ ntlm_compute_message_integrity_check(context, &messageIntegrityCheck, sizeof(messageIntegrityCheck));
CopyMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
message->MessageIntegrityCheck, 16);
- if (memcmp(context->MessageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
+ if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
{
WLog_ERR(TAG, "Message Integrity Check (MIC) verification failed!");
WLog_ERR(TAG, "Expected MIC:");
- winpr_HexDump(TAG, WLOG_ERROR, context->MessageIntegrityCheck, 16);
+ winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck, 16);
WLog_ERR(TAG, "Actual MIC:");
winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck, 16);
return SEC_E_MESSAGE_ALTERED;