IndySockets · JPeterMugaas · Aug 5, 2024 · Aug 5, 2024 · Aug 5, 2024 · Aug 6, 2024
diff --git a/IdCompilerDefines.inc b/IdCompilerDefines.inc
diff --git a/IdNTLMOpenSSL.pas b/IdNTLMOpenSSL.pas
@@ -0,0 +1,160 @@
+{
+  This file is part of the Indy (Internet Direct) project, and is offered
+  under the dual-licensing agreement described on the Indy website.
+  (http://www.indyproject.org/)
+
+  Copyright:
+   (c) 1993-2024, Chad Z. Hower and the Indy Pit Crew. All rights reserved.
+}
+
+unit IdNTLMOpenSSL;
+
+interface
+
+implementation
+
+uses
+  IdGlobal, IdFIPS, IdSSLOpenSSLHeaders, IdHashMessageDigest,
+  SysUtils;
+
+{$I IdCompilerDefines.inc}
+
+function LoadOpenSSL: Boolean;
+begin
+  Result := IdSSLOpenSSLHeaders.Load;
+end;
+
+function IsNTLMFuncsAvail: Boolean;
+begin
+  Result := Assigned(DES_set_odd_parity) and
+    Assigned(DES_set_key) and
+    Assigned(DES_ecb_encrypt);
+end;
+
+type
+  Pdes_key_schedule = ^des_key_schedule;
+
+{/*
+ * turns a 56 bit key into the 64 bit, odd parity key and sets the key.
+ * The key schedule ks is also set.
+ */}
+procedure setup_des_key(key_56: des_cblock; Var ks: des_key_schedule);
+Var
+  key: des_cblock;
+begin
+  key[0] := key_56[0];
+
+  key[1] := ((key_56[0] SHL 7) and $FF) or (key_56[1] SHR 1);
+  key[2] := ((key_56[1] SHL 6) and $FF) or (key_56[2] SHR 2);
+  key[3] := ((key_56[2] SHL 5) and $FF) or (key_56[3] SHR 3);
+  key[4] := ((key_56[3] SHL 4) and $FF) or (key_56[4] SHR 4);
+  key[5] := ((key_56[4] SHL 3) and $FF) or (key_56[5] SHR 5);
+  key[6] := ((key_56[5] SHL 2) and $FF) or (key_56[6] SHR 6);
+  key[7] :=  (key_56[6] SHL 1) and $FF;
+
+  DES_set_odd_parity(@key);
+  DES_set_key(@key, ks);
+end;
+
+{/*
+ * takes a 21 byte array and treats it as 3 56-bit DES keys. The
+ * 8 byte plaintext is encrypted with each key and the resulting 24
+ * bytes are stored in the results array.
+ */}
+procedure calc_resp(keys: PDES_cblock; const ANonce: TIdBytes; results: Pdes_key_schedule);
+Var
+  ks: des_key_schedule;
+  nonce: des_cblock;
+begin
+  setup_des_key(keys^, ks);
+  Move(ANonce[0], nonce, 8);
+  des_ecb_encrypt(@nonce, Pconst_DES_cblock(results), ks, DES_ENCRYPT);
+
+  setup_des_key(PDES_cblock(PtrUInt(keys) + 7)^, ks);
+  des_ecb_encrypt(@nonce, Pconst_DES_cblock(PtrUInt(results) + 8), ks, DES_ENCRYPT);
+
+  setup_des_key(PDES_cblock(PtrUInt(keys) + 14)^, ks);
+  des_ecb_encrypt(@nonce, Pconst_DES_cblock(PtrUInt(results) + 16), ks, DES_ENCRYPT);
+end;
+
+Const
+  Magic: des_cblock = ($4B, $47, $53, $21, $40, $23, $24, $25 );
+
+//* setup LanManager password */
+function SetupLanManagerPassword(const APassword: String; const ANonce: TIdBytes): TIdBytes;
+var
+  lm_hpw: array[0..20] of Byte;
+  lm_pw: array[0..13] of Byte;
+  idx, len: Integer;
+  ks: des_key_schedule;
+  lm_resp: array [0..23] of Byte;
+  lPassword: {$IFDEF STRING_IS_UNICODE}TIdBytes{$ELSE}AnsiString{$ENDIF};
+begin
+  {$IFDEF STRING_IS_UNICODE}
+  lPassword := IndyTextEncoding_OSDefault.GetBytes(UpperCase(APassword));
+  {$ELSE}
+  lPassword := UpperCase(APassword);
+  {$ENDIF}
+
+  len := IndyMin(Length(lPassword), 14);
+  if len > 0 then begin
+    Move(lPassword[{$IFDEF STRING_IS_UNICODE}0{$ELSE}1{$ENDIF}], lm_pw[0], len);
+  end;
+  if len < 14 then begin
+    for idx := len to 13 do begin
+      lm_pw[idx] := $0;
+    end;
+  end;
+
+  //* create LanManager hashed password */
+
+  setup_des_key(pdes_cblock(@lm_pw[0])^, ks);
+  des_ecb_encrypt(@magic, Pconst_DES_cblock(@lm_hpw[0]), ks, DES_ENCRYPT);
+
+  setup_des_key(pdes_cblock(PtrUInt(@lm_pw[0]) + 7)^, ks);
+  des_ecb_encrypt(@magic, Pconst_DES_cblock(PtrUInt(@lm_hpw[0]) + 8), ks, DES_ENCRYPT);
+
+  FillChar(lm_hpw[16], 5, 0);
+
+  calc_resp(PDes_cblock(@lm_hpw[0]), ANonce, Pdes_key_schedule(@lm_resp[0]));
+
+  SetLength(Result, SizeOf(lm_resp));
+  Move(lm_resp[0], Result[0], SizeOf(lm_resp));
+end;
+
+//* create NT hashed password */
+function CreateNTPassword(const APassword: String; const ANonce: TIdBytes): TIdBytes;
+var
+  nt_hpw: array [1..21] of Byte;
+  nt_hpw128: TIdBytes;
+  nt_resp: array [1..24] of Byte;
+  LMD4: TIdHashMessageDigest4;
+begin
+  CheckMD4Permitted;
+  LMD4 := TIdHashMessageDigest4.Create;
+  try
+    {$IFDEF STRING_IS_UNICODE}
+    nt_hpw128 := LMD4.HashString(APassword, IndyTextEncoding_UTF16LE);
+    {$ELSE}
+    nt_hpw128 := LMD4.HashBytes(BuildUnicode(APassword));
+    {$ENDIF}
+  finally
+    LMD4.Free;
+  end;
+
+  Move(nt_hpw128[0], nt_hpw[1], 16);
+  FillChar(nt_hpw[17], 5, 0);
+
+  calc_resp(pdes_cblock(@nt_hpw[1]), ANonce, Pdes_key_schedule(@nt_resp[1]));
+
+  SetLength(Result, SizeOf(nt_resp));
+  Move(nt_resp[1], Result[0], SizeOf(nt_resp));
+end;
+
+initialization
+  IdFIPS.LoadNTLMLibrary := LoadOpenSSL;
+  IdFIPS.IsNTLMFuncsAvail := IsNTLMFuncsAvail;
+  IdFIPS.NTLMGetLmChallengeResponse := SetupLanManagerPassword;
+  IdFIPS.NTLMGetNtChallengeResponse := CreateNTPassword;
+
+end.
diff --git a/IdRegisterOpenSSL.dcr b/IdRegisterOpenSSL.dcr
diff --git a/IdRegisterOpenSSL.lrs b/IdRegisterOpenSSL.lrs
@@ -0,0 +1,54 @@
+LazarusResources.Add('TIdServerIOHandlerSSLOpenSSL','XPM',[
+  '/* XPM */'#13#10'static char *Pixmap[] = {'#13#10'"24 24 16 2",'#13#10'"00 c'
+  +' black",'#13#10'"01 c #800000",'#13#10'"02 c #008000",'#13#10'"03 c #808000'
+  +'",'#13#10'"04 c #000080",'#13#10'"05 c none",'#13#10'"06 c #008080",'#13#10
+  +'"07 c #808080",'#13#10'"08 c #C0C0C0",'#13#10'"09 c red",'#13#10'"10 c gree'
+  +'n",'#13#10'"11 c yellow",'#13#10'"12 c blue",'#13#10'"13 c magenta",'#13#10
+  +'"14 c cyan",'#13#10'"15 c Gray100",'#13#10'"0505000000000000000505050505050'
+  +'50505050505050505",'#13#10'"05050015151515150004040404040404040404040404040'
+  +'5",'#13#10'"050400151414141500151515151515151515151515150404",'#13#10'"0504'
+  +'00151414141500151515151515151515151515150404",'#13#10'"05040015070707070015'
+  +'1515151515151515151515150404",'#13#10'"050400000000000000151500000000151515'
+  +'151515150404",'#13#10'"000000151508080800000008080808001515151515150404",'
+  +#13#10'"001515080808080808070000000008070715151515150404",'#13#10'"001507070'
+  +'707070707070015151500080015151515150404",'#13#10'"0000000000000000000000151'
+  +'51500080015151515150404",'#13#10'"05041515151515150008001515150008001515151'
+  +'5150404",'#13#10'"050415151515150000000000000000000000151515150404",'#13#10
+  +'"050415151515000808080808080808080808001515150404",'#13#10'"050415151515000'
+  +'707070700000007070707001515150404",'#13#10'"0504151515150008080808000000080'
+  +'80808001515150404",'#13#10'"05041515151500070707080800080807070700151515040'
+  +'4",'#13#10'"050415151515000808080807000708080808001515150404",'#13#10'"0504'
+  +'15151515150007070807000708070700151515150404",'#13#10'"05041515151515150000'
+  +'0808080808000015151515150404",'#13#10'"050415151515151515150000000000151515'
+  +'151515150404",'#13#10'"050415151515151515151515151515151515151515150404",'
+  +#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"050404040'
+  +'404040404040404040404040404040404040404",'#13#10'"0505040404040404040404040'
+  +'40404040404040404040405"'#13#10'};'#13#10
+]);
+LazarusResources.Add('TIdSSLIOHandlerSocketOpenSSL','XPM',[
+  '/* XPM */'#13#10'static char *Pixmap[] = {'#13#10'"24 24 16 2",'#13#10'"00 c'
+  +' black",'#13#10'"01 c #800000",'#13#10'"02 c #008000",'#13#10'"03 c #808000'
+  +'",'#13#10'"04 c #000080",'#13#10'"05 c none",'#13#10'"06 c #008080",'#13#10
+  +'"07 c #C0C0C0",'#13#10'"08 c #808080",'#13#10'"09 c red",'#13#10'"10 c gree'
+  +'n",'#13#10'"11 c yellow",'#13#10'"12 c blue",'#13#10'"13 c magenta",'#13#10
+  +'"14 c cyan",'#13#10'"15 c Gray100",'#13#10'"0505050505050505050505050505050'
+  +'50505050505050505",'#13#10'"05050404040404040404040404040404040404040404040'
+  +'5",'#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"0504'
+  +'15151515151515151515151515151515151515150404",'#13#10'"05041515151515151515'
+  +'1515151515151515151515150404",'#13#10'"050415151515151515150000000000151515'
+  +'151515150404",'#13#10'"050415151515151515000707070707001515151515150404",'
+  +#13#10'"050415151515151508080700000007080815151515150404",'#13#10'"050415151'
+  +'515151500070015151500070015151515150404",'#13#10'"0504151515151515000700151'
+  +'51500070015151515150404",'#13#10'"05041515151515150007001515150007001515151'
+  +'5150404",'#13#10'"050415151515150000000000000000000000151515150404",'#13#10
+  +'"050415151515000707070707070707070707001515150404",'#13#10'"050415151515000'
+  +'808080800000008080808001515150404",'#13#10'"0504151515150007070707000000070'
+  +'70707001515150404",'#13#10'"05041515151500080808070700070708080800151515040'
+  +'4",'#13#10'"050415151515000707070708000807070707001515150404",'#13#10'"0504'
+  +'15151515150008080708000807080800151515150404",'#13#10'"05041515151515150000'
+  +'0707070707000015151515150404",'#13#10'"050415151515151515150000000000151515'
+  +'151515150404",'#13#10'"050415151515151515151515151515151515151515150404",'
+  +#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"050404040'
+  +'404040404040404040404040404040404040404",'#13#10'"0505040404040404040404040'
+  +'40404040404040404040405"'#13#10'};'#13#10
+]);
diff --git a/IdResourceStringsOpenSSL.pas b/IdResourceStringsOpenSSL.pas
@@ -15,6 +15,8 @@ interface
   RSOSSLConnectionDropped = 'SSL connection has dropped.';
   RSOSSLCertificateLookup = 'SSL certificate request error.';
   RSOSSLInternal = 'SSL library internal error.';
+  RSOSSLCouldNotSetMinProtocolVersion = 'Could not set min protocol version';
+  RSOSSLCouldNotSetMaxProtocolVersion = 'Could not set max protocol version';
   //callback where strings
   RSOSSLAlert =  '%s Alert';
   RSOSSLReadAlert =  '%s Read Alert';