[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: lanmanager hash algorithm (ITS#899)

To: openldap-its@OpenLDAP.org
Subject: Re: lanmanager hash algorithm (ITS#899)
From: klasen@zdv.uni-tuebingen.de
Date: Wed, 22 Nov 2000 15:47:03 GMT
This is a multi-part message in MIME format.
--------------181FCB38E408D921D1872536
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Kurt,
> The patch includes code based upon Samba 2.0.7.  Samba license
> is such that we cannot accept code derived from Samba.  I
> suggest you look for a public domain or non-restrictive
> implementation of the borrowed code.  You could likely write
> such code from scratch.

Ok, I found a reliable source (rfc2433) and wrote the str_to_key
funktion myself. I also used hash_lanman in chk_lanman to avoid some
redundancy.
You might want to strip the included parts of rfc2422.

-- =

Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universit=E4t T=FCbingen                        fax: +49 7071 29 591=
2
W=E4chterstr. 76, 72074 T=FCbingen              http://www.directory.dfn.=
de
Germany                             norbert.klasen@zdv.uni-tuebingen.de
--------------181FCB38E408D921D1872536
Content-Type: text/plain; charset=us-ascii;
 name="lmhash2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="lmhash2.patch"

--- ../OPENLDAP_HEAD/libraries/liblutil/passwd.c	Wed Oct 18 11:53:53 2000
+++ libraries/liblutil/passwd.c	Wed Nov 22 16:08:57 2000
@@ -22,6 +22,10 @@
 #include <ac/stdlib.h>
 #include <ac/string.h>
 
+#ifdef SLAPD_LMHASH
+#	include <openssl/des.h>
+#endif /* SLAPD_LMHASH */
+
 #ifdef SLAPD_SPASSWD
 #	include <sasl.h>
 #endif
@@ -95,6 +99,13 @@
 	const struct berval *passwd,
 	const struct berval *cred );
 
+#ifdef SLAPD_LMHASH
+static int chk_lanman(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd,
+	const struct berval *cred );
+#endif
+
 #ifdef SLAPD_SPASSWD
 static int chk_sasl(
 	const struct pw_scheme *scheme,
@@ -141,6 +152,12 @@
 	const struct pw_scheme *scheme,
 	const struct berval *passwd );
 
+#ifdef SLAPD_LMHASH
+static struct berval *hash_lanman(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd );
+#endif
+
 #ifdef SLAPD_CRYPT
 static struct berval *hash_crypt(
 	const struct pw_scheme *scheme,
@@ -156,6 +173,10 @@
 	{ {sizeof("{SMD5}")-1, "{SMD5}"},	chk_smd5, hash_smd5 },
 	{ {sizeof("{MD5}")-1, "{MD5}"},		chk_md5, hash_md5 },
 
+#ifdef SLAPD_LMHASH
+	{ {sizeof("{LANMAN}")-1, "{LANMAN}"},	chk_lanman, hash_lanman },
+#endif /* SLAPD_LMHASH */
+
 #ifdef SLAPD_SPASSWD
 	{ {sizeof("{SASL}")-1, "{SASL}"}, chk_sasl, NULL },
 #endif
@@ -569,6 +590,19 @@
 	return rc ? 1 : 0;
 }
 
+#ifdef SLAPD_LMHASH
+static int chk_lanman(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd,
+	const struct berval *cred )
+{
+	struct berval *hash;
+
+	hash = hash_lanman( scheme, cred );
+	return memcmp( &hash->bv_val[scheme->name.bv_len], passwd->bv_val, 32);
+}
+#endif /* SLAPD_LMHASH */
+
 #ifdef SLAPD_SPASSWD
 #ifdef HAVE_CYRUS_SASL
 sasl_conn_t *lutil_passwd_sasl_conn = NULL;
@@ -1010,6 +1044,126 @@
 	return pw_string64( scheme, &digest, NULL );
 ;
 }
+
+#ifdef SLAPD_LMHASH 
+/* pseudocode from RFC2433
+ * A.2 LmPasswordHash()
+ * 
+ *    LmPasswordHash(
+ *    IN  0-to-14-oem-char Password,
+ *    OUT 16-octet         PasswordHash )
+ *    {
+ *       Set UcasePassword to the uppercased Password
+ *       Zero pad UcasePassword to 14 characters
+ * 
+ *       DesHash( 1st 7-octets of UcasePassword,
+ *                giving 1st 8-octets of PasswordHash )
+ * 
+ *       DesHash( 2nd 7-octets of UcasePassword,
+ *                giving 2nd 8-octets of PasswordHash )
+ *    }
+ * 
+ * 
+ * A.3 DesHash()
+ * 
+ *    DesHash(
+ *    IN  7-octet Clear,
+ *    OUT 8-octet Cypher )
+ *    {
+ *        *
+ *        * Make Cypher an irreversibly encrypted form of Clear by
+ *        * encrypting known text using Clear as the secret key.
+ *        * The known text consists of the string
+ *        *
+ *        *              KGS!@#$%
+ *        *
+ * 
+ *       Set StdText to "KGS!@#$%"
+ *       DesEncrypt( StdText, Clear, giving Cypher )
+ *    }
+ * 
+ * 
+ * A.4 DesEncrypt()
+ * 
+ *    DesEncrypt(
+ *    IN  8-octet Clear,
+ *    IN  7-octet Key,
+ *    OUT 8-octet Cypher )
+ *    {
+ *        *
+ *        * Use the DES encryption algorithm [4] in ECB mode [9]
+ *        * to encrypt Clear into Cypher such that Cypher can
+ *        * only be decrypted back to Clear by providing Key.
+ *        * Note that the DES algorithm takes as input a 64-bit
+ *        * stream where the 8th, 16th, 24th, etc.  bits are
+ *        * parity bits ignored by the encrypting algorithm.
+ *        * Unless you write your own DES to accept 56-bit input
+ *        * without parity, you will need to insert the parity bits
+ *        * yourself.
+ *        *
+ *    }
+ */
+
+static struct berval *hash_lanman(
+	const struct pw_scheme *scheme,
+	const struct berval *passwd )
+{
+	static void lmPasswd_to_key(const unsigned char *lmPasswd, des_cblock *key)
+	{
+		/* make room for parity bits */
+		((char *)key)[0] = lmPasswd[0];
+		((char *)key)[1] = ((lmPasswd[0]&0x01)<<7) | (lmPasswd[1]>>1);
+		((char *)key)[2] = ((lmPasswd[1]&0x03)<<6) | (lmPasswd[2]>>2);
+		((char *)key)[3] = ((lmPasswd[2]&0x07)<<5) | (lmPasswd[3]>>3);
+		((char *)key)[4] = ((lmPasswd[3]&0x0F)<<4) | (lmPasswd[4]>>4);
+		((char *)key)[5] = ((lmPasswd[4]&0x1F)<<3) | (lmPasswd[5]>>5);
+		((char *)key)[6] = ((lmPasswd[5]&0x3F)<<2) | (lmPasswd[6]>>6);
+		((char *)key)[7] = ((lmPasswd[6]&0x7F)<<1);
+		
+		des_set_odd_parity( key );
+	}	
+
+	int i;
+	char UcasePassword[15];
+	des_cblock key;
+	des_key_schedule schedule;
+	des_cblock StdText = "KGS!@#$%";
+	des_cblock hash1, hash2;
+	char lmhash[33];
+	struct berval hash;
+	
+	for( i=0; i<passwd->bv_len; i++) {
+		if(passwd->bv_val[i] == '\0') {
+			return NULL;	/* NUL character in password */
+		}
+	}
+	
+	if( passwd->bv_val[i] != '\0' ) {
+		return NULL;	/* passwd must behave like a string */
+	}
+	
+	strncpy( UcasePassword, passwd->bv_val, 14 );
+	UcasePassword[14] = '\0';
+	ldap_pvt_str2upper( UcasePassword );
+	
+	lmPasswd_to_key( UcasePassword, &key );
+	des_set_key_unchecked( &key, schedule );
+	des_ecb_encrypt( &StdText, &hash1, schedule , DES_ENCRYPT );
+	
+	lmPasswd_to_key( &UcasePassword[7], &key );
+	des_set_key_unchecked( &key, schedule );
+	des_ecb_encrypt( &StdText, &hash2, schedule , DES_ENCRYPT );
+	
+	sprintf( lmhash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", 
+		hash1[0],hash1[1],hash1[2],hash1[3],hash1[4],hash1[5],hash1[6],hash1[7],
+		hash2[0],hash2[1],hash2[2],hash2[3],hash2[4],hash2[5],hash2[6],hash2[7] );
+	
+	hash.bv_val = lmhash;
+	hash.bv_len = 32;
+	
+	return pw_string( scheme, &hash );
+}
+#endif /* SLAPD_LMHASH */
 
 #ifdef SLAPD_CRYPT
 static struct berval *hash_crypt(

--------------181FCB38E408D921D1872536--
Prev by Date: Re: lanmanager hash algorithm (ITS#899)
Next by Date: Re: OpenLDAP clients dump core in SSL mode (ITS#889)
Index(es):
- Chronological
- Thread