cURL / Mailing Lists / curl-library / Single Mail

curl-library

NTLM and odd parity

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Fri, 2 Jan 2015 19:24:53 +0000

Dear friends,

This is something Bill Nagel raised with my during the SMB development and
not something I have had chance to look at really until now...

The non-OpenSSL encryption routines in curl_ntlm_core.c - setup_des_key()
and encrypt_des() don't appear to be applying the odd parity that is a)
discussed at http://davenport.sourceforge.net/ntlm.html or b) mentioned in
the comment for extend_key_56_to_64() at line 147 which states:

/*
 * Turns a 56 bit key into the 64 bit, odd parity key. Used by GnuTLS and
NSS.
 */

I appreciate the comment is a little out of date as this function is used
for other crypto engines (and not just the one provided by GnuTLS and NSS as
indicated).

Obviously the existing code is working for both the SASL protocols (IMAP,
POP3 and SMTP) as well as SMB.

However, I have just converted the Java code that is given as an example on
the above website into C, and tested it with SMTP (against my Exchange
Server) and SMB and all appears to be good as well. I have debugged the code
to make sure that the parity then gets set as it should.

So, my question is... Should we be applying the odd parity for the
non-OpenSSL encryption functions just as we do for the OpenSSL based
function at line 140?

Kind Regards

Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-02