CKM_MD5_HMAC

Developers
UriY
2012-03-29
2013-03-28
  • UriY
    UriY
    2012-03-29

    Hi
    I am trying to call sip_sec_init_context(&context, &expires, AUTH_TYPE_NTLM, 0 , "domain", "user", "psw", NULL, “challenge”);
    For some reason I receive a segmentation fault in libnss3 in a function called pk11_getKeyFromList()
    I investigated it and found that the PK11SlotInfo that is passed to the function is NULL.
    The function that is responsible to initialize PK11SlotInfo  is PK11_GetSlotList().
    This function is called from sipe_digest_hmac() that passes CKM_MD5_HMAC to it.
    PK11_GetSlotList()is basically a big switch that for some strange reason doesn’t define a case for CKM_MD5_HMAC and returns NULL, causing in the end the segmentation fault.
    Can some on suggest what is going wrong here?
    Appreciate any help on this
    Thanks

    UriY

     
  • Stefan Becker
    Stefan Becker
    2012-03-30

    I'm assuming you are trying to re-use SIPE code in your program. My best guess is that you forgot to call the necessary initialization functions. I would suggest to take a look at sip-sec-ntlm-tests.c.

     
  • UriY
    UriY
    2012-04-01

    Yes you are right.

    I did forget to call
      
       sipe_crypto_init(FALSE);
       sip_sec_init__ntlm();

    and also in the end
       sip_sec_destroy__ntlm();   

    Thanks very much for your help.
    UriY

     
  • UriY
    UriY
    2012-04-02

    It’s now working but  I have noticed something strange, the base64 encoded output token returned from sip_sec_init_context() is always the same.
    I have a process that looks like the following:

            sipe_crypto_init(TRUE);
            sip_sec_init__ntlm();
            char* const response = sip_sec_init_context();
            g_free(response);
            sip_sec_destroy_context(context);
            sip_sec_destroy__ntlm();
            sipe_crypto_shutdown();

    I run this process multiple time using the  same input_toked_base64 (Type2 NTLM message) for all calls.
    The return response is always the same, is this the way it should be ? shouldn’t I expect a different response for every call ?

    Thanks for any insight 
    UriY

     
  • Stefan Becker
    Stefan Becker
    2012-04-03

    If the NTLM challenge, domain, account and password are always the same, then the only random things are the NONCEs for client_challenge and exported_session_key. NONCE() uses rand(), so my guess is you forgot to call srand() to provide a randomized seed. See also "man 3 rand" or sipe-core.c:sipe_core_init().

     
  • UriY
    UriY
    2012-04-04

    Right again
    I Called sipe_core_init() and now as expected I get a different response per each call

    Thanks a lot
    UriY