exposing more functions
This commit is contained in:
Matthew Kanwisher
@@ -46,7 +46,7 @@ func (n *V1Session) fetchResponseKeys() (err error) {
|
||||
}
|
||||
|
||||
func (n *V1Session) computeExpectedResponses() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.negotiateFlags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8])
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -81,10 +81,10 @@ func (n *V1Session) computeSessionBaseKey() (err error) {
|
||||
}
|
||||
|
||||
func (n *V1Session) computeKeyExchangeKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.negotiateFlags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8]))
|
||||
} else {
|
||||
n.keyExchangeKey, err = kxKey(n.negotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM)
|
||||
n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -95,13 +95,13 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
|
||||
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
|
||||
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document
|
||||
if ntlmRevisionCurrent == 15 {
|
||||
n.negotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.negotiateFlags)
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
}
|
||||
|
||||
n.ClientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSealingKey = sealKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSealingKey = sealKey(n.NegotiateFlags, n.exportedSessionKey, "Server")
|
||||
return
|
||||
}
|
||||
|
||||
@@ -113,36 +113,36 @@ func (n *V1Session) Sign(message []byte) ([]byte, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, negotiateFlags uint32) []byte {
|
||||
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
|
||||
// TODO: Need to keep track of the sequence number for connection oriented NTLM
|
||||
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negotiateFlags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
|
||||
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) {
|
||||
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
|
||||
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
|
||||
handle, _ = rc4Init(sealingKey)
|
||||
}
|
||||
sig := mac(negotiateFlags, handle, signingKey, uint32(sequenceNumber), message)
|
||||
sig := mac(NegotiateFlags, handle, signingKey, uint32(sequenceNumber), message)
|
||||
return sig.Bytes()
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.NegotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.NegotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.NegotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.NegotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
@@ -174,7 +174,7 @@ func (n *V1ServerSession) GetSessionData() *SessionData {
|
||||
|
||||
func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) {
|
||||
n.authenticateMessage = am
|
||||
n.negotiateFlags = am.NegotiateFlags
|
||||
n.NegotiateFlags = am.NegotiateFlags
|
||||
n.clientChallenge = am.ClientChallenge()
|
||||
n.encryptedRandomSessionKey = am.EncryptedRandomSessionKey.Payload
|
||||
// Ignore the values used in SetUserInfo and use these instead from the authenticate message
|
||||
@@ -235,7 +235,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) computeExportedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.negotiateFlags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -283,7 +283,7 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
|
||||
n.negotiateFlags = flags
|
||||
n.NegotiateFlags = flags
|
||||
|
||||
err = n.fetchResponseKeys()
|
||||
if err != nil {
|
||||
@@ -337,13 +337,13 @@ func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authentica
|
||||
am.UserName, _ = messages.CreateStringPayload(n.user)
|
||||
am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL")
|
||||
am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey)
|
||||
am.NegotiateFlags = n.negotiateFlags
|
||||
am.NegotiateFlags = n.NegotiateFlags
|
||||
am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
|
||||
return am, nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) computeEncryptedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.negotiateFlags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey = randomBytes(16)
|
||||
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user