Implement message integrity (ntlmssp_mic and mechListMic) (#772)

* Implement message integrity (ntlmssp_mic and mechListMic)

* Upgrade github workflows

Signed-off-by: Jeroen van Erp <[email protected]>

* Make codacy happy

Signed-off-by: Jeroen van Erp <[email protected]>

* Fix sonatype warnings

---------

Signed-off-by: Jeroen van Erp <[email protected]>

.github/workflows/codeql-analysis.yml

@@ -36,13 +36,13 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/gradle.yml

@@ -15,13 +15,14 @@ jobs:
     name: Build with Java 11
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up JDK 11
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v2
       with:
+        distribution: 'zulu'
         java-version: 11
     - name: Cache Gradle packages
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.gradle/caches
         key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
@@ -33,13 +34,14 @@ jobs:
     needs: [java11]
     runs-on: [ubuntu-latest]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up JDK 11
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v2
       with:
+        distribution: 'zulu'
         java-version: 11
     - name: Cache Gradle packages
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.gradle/caches
         key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}

.github/workflows/release.yml

@@ -13,12 +13,13 @@ jobs:
     name: Build with Java 12
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 12
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'zulu'
           java-version: 12
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
@@ -29,11 +30,12 @@ jobs:
     needs: [java12]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
+          distribution: 'zulu'
           java-version: 12
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew

src/it/docker-image/smb.conf

@@ -14,10 +14,10 @@ server string = %h server (Samba, Ubuntu)
 dns proxy = no
 interfaces = 192.168.2.0/24 eth0
 bind interfaces only = yes
-log level = 5
-log file = /var/log/samba/log.%m
-max log size = 1000
-syslog = 0
+log level = 5 auth:10
+log file = /var/log/samba.log
+max log size = 20480
+syslog = 1
 panic action = /usr/share/samba/panic-action %d
 server role = standalone server
 passdb backend = tdbsam

src/it/docker-image/supervisord.conf

@@ -5,10 +5,10 @@ loglevel=info
 
 [program:smbd]
 /* command=/usr/sbin/smbd -i --daemon --foreground --log-stdout */
-command=/usr/sbin/smbd --daemon --foreground --log-stdout
-redirect_stderr=true
+command=/usr/sbin/smbd --daemon --foreground --configfile=/etc/samba/smb.conf
+/*redirect_stderr=true*/
 
 [program:nmbd]
 /* command=/usr/sbin/nmbd -i --daemon --foreground --log-stdout */
-command=/usr/sbin/nmbd --daemon --foreground --log-stdout
-redirect_stderr=true
+command=/usr/sbin/nmbd --daemon --foreground
+/*redirect_stderr=true*/

src/main/java/com/hierynomus/ntlm/NtlmConfig.java

@@ -75,7 +75,7 @@ public static class Builder {
         public Builder(Random r) {
             config = new NtlmConfig();
             config.windowsVersion = new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 7600, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3);
-            config.integrity = false;
+            config.integrity = true;
             config.omitVersion = false;
             config.machineID = new byte[32];
             r.nextBytes(config.machineID);

src/main/java/com/hierynomus/ntlm/functions/NtlmFunctions.java

@@ -22,6 +22,8 @@
 import com.hierynomus.ntlm.NtlmException;
 import com.hierynomus.protocol.commons.Charsets;
 import com.hierynomus.security.Cipher;
+import com.hierynomus.security.Mac;
+import com.hierynomus.security.MessageDigest;
 import com.hierynomus.security.SecurityException;
 import com.hierynomus.security.SecurityProvider;
 
@@ -68,7 +70,7 @@ public static String oem(byte[] bytes) {
      */
     static byte[] md4(SecurityProvider securityProvider, byte[] m) {
         try {
-            com.hierynomus.security.MessageDigest md4 = securityProvider.getDigest("MD4");
+            MessageDigest md4 = securityProvider.getDigest("MD4");
             md4.update(m);
             return md4.digest();
         } catch (SecurityException e) {
@@ -86,7 +88,7 @@ static byte[] md4(SecurityProvider securityProvider, byte[] m) {
     @SuppressWarnings("PMD.MethodNamingConventions")
     public static byte[] hmac_md5(SecurityProvider securityProvider, byte[] key, byte[]... message) {
         try {
-            com.hierynomus.security.Mac hmacMD5 = securityProvider.getMac("HmacMD5");
+            Mac hmacMD5 = securityProvider.getMac("HMACT64");
             hmacMD5.init(key);
             for (byte[] aMessage : message) {
                 hmacMD5.update(aMessage);
@@ -97,6 +99,18 @@ public static byte[] hmac_md5(SecurityProvider securityProvider, byte[] key, byt
         }
     }
 
+    public static byte[] md5(SecurityProvider securityProvider, byte[]... message) {
+        try {
+            MessageDigest md5 = securityProvider.getDigest("MD5");
+            for (byte[] aMessage : message) {
+                md5.update(aMessage);
+            }
+            return md5.digest();
+        } catch (SecurityException e) {
+            throw new NtlmException(e);
+        }
+    }
+
     /**
      * [MS-NLMP].pdf 6 Appendix A: Cryptographic Operations Reference
      * (RC4K(K, D)).

src/main/java/com/hierynomus/ntlm/messages/NtlmAuthenticate.java

@@ -39,8 +39,6 @@ public class NtlmAuthenticate extends NtlmMessage {
     private byte[] workstation;
     private byte[] encryptedRandomSessionKey;
     private byte[] mic;
-    private boolean integrityEnabled;
-    private boolean omitVersion;
 
     public NtlmAuthenticate(
         byte[] lmResponse, byte[] ntResponse,

src/main/java/com/hierynomus/ntlm/messages/WindowsVersion.java

@@ -123,4 +123,8 @@ public boolean equals(Object o) {
     public int hashCode() {
         return Objects.hash(majorVersion, minorVersion, productBuild, ntlmRevision);
     }
+
+    public NtlmRevisionCurrent getNtlmRevision() {
+        return ntlmRevision;
+    }
 }

src/main/java/com/hierynomus/security/MessageDigest.java

@@ -16,8 +16,12 @@
 package com.hierynomus.security;
 
 public interface MessageDigest {
+    void update(byte b);
+
     void update(byte[] bytes);
 
+    void update(byte[] bytes, int offset, int len);
+
     byte[] digest();
 
     void reset();

src/main/java/com/hierynomus/security/SecurityException.java

@@ -17,6 +17,10 @@
 
 @SuppressWarnings("serial")
 public class SecurityException extends Exception {
+    public SecurityException(String message) {
+        super(message);
+    }
+
     public SecurityException(Exception e) {
         super(e);
     }

src/main/java/com/hierynomus/security/bc/BCMessageDigest.java

@@ -19,6 +19,7 @@
 import com.hierynomus.security.MessageDigest;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.MD4Digest;
+import org.bouncycastle.crypto.digests.MD5Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA512Digest;
 
@@ -47,6 +48,12 @@ public Digest create() {
                 return new MD4Digest();
             }
         });
+        lookup.put("MD5", new Factory<Digest>() {
+            @Override
+            public Digest create() {
+                return new MD5Digest();
+            }
+        });
     }
 
     private final Digest digest;
@@ -63,11 +70,21 @@ private Digest getDigest(String name) {
         return digestFactory.create();
     }
 
+    @Override
+    public void update(byte b) {
+        digest.update(b);
+    }
+
     @Override
     public void update(byte[] bytes) {
         digest.update(bytes, 0, bytes.length);
     }
 
+    @Override
+    public void update(byte[] bytes, int offset, int len) {
+        digest.update(bytes, offset, len);
+    }
+
     @Override
     public byte[] digest() {
         byte[] output = new byte[digest.getDigestSize()];

src/main/java/com/hierynomus/security/bc/BCSecurityProvider.java

@@ -15,12 +15,15 @@
  */
 package com.hierynomus.security.bc;
 
+import java.util.Objects;
+
 import com.hierynomus.security.AEADBlockCipher;
 import com.hierynomus.security.Cipher;
 import com.hierynomus.security.DerivationFunction;
 import com.hierynomus.security.Mac;
 import com.hierynomus.security.MessageDigest;
 import com.hierynomus.security.SecurityProvider;
+import com.hierynomus.security.mac.HmacT64;
 
 /**
  * Generic BouncyCastle abstraction, in order to use Bouncy Castle directly when available.
@@ -35,6 +38,9 @@ public MessageDigest getDigest(String name) {
 
     @Override
     public Mac getMac(String name) {
+        if (Objects.equals(name, "HMACT64")) {
+            return new HmacT64(getDigest("MD5"));
+        }
         return new BCMac(name);
     }
 

src/main/java/com/hierynomus/security/jce/JceMessageDigest.java

@@ -46,11 +46,21 @@ public class JceMessageDigest implements MessageDigest {
         }
     }
 
+    @Override
+    public void update(byte b) {
+        md.update(b);
+    }
+
     @Override
     public void update(byte[] bytes) {
         md.update(bytes);
     }
 
+    @Override
+    public void update(byte[] bytes, int offset, int len) {
+        md.update(bytes, offset, len);
+    }
+
     @Override
     public byte[] digest() {
         return md.digest();

src/main/java/com/hierynomus/security/jce/JceSecurityProvider.java

@@ -17,8 +17,10 @@
 
 import com.hierynomus.security.*;
 import com.hierynomus.security.SecurityException;
+import com.hierynomus.security.mac.HmacT64;
 
 import java.security.Provider;
+import java.util.Objects;
 
 public class JceSecurityProvider implements SecurityProvider {
     private final Provider jceProvider;
@@ -46,6 +48,9 @@ public MessageDigest getDigest(String name) throws SecurityException {
 
     @Override
     public Mac getMac(String name) throws SecurityException {
+        if (Objects.equals(name, "HMACT64")) {
+            return new HmacT64(getDigest("MD5"));
+        }
         return new JceMac(name, jceProvider, providerName);
     }