From d960dfe90e0db1b03344a503394b8a7d0b1cd071 Mon Sep 17 00:00:00 2001 From: Matthew Kanwisher Date: Sat, 11 May 2013 17:09:54 -0400 Subject: [PATCH] exporting fields so they can be serialized --- src/ntlm/ntlm.go | 10 ++++++---- src/ntlm/ntlmv1.go | 30 +++++++++++++++++------------- src/ntlm/ntlmv1_test.go | 4 ++-- src/ntlm/ntlmv2.go | 30 +++++++++++++++++------------- src/ntlm/ntlmv2_test.go | 4 ++-- 5 files changed, 44 insertions(+), 34 deletions(-) diff --git a/src/ntlm/ntlm.go b/src/ntlm/ntlm.go index 11283e7..62ec446 100644 --- a/src/ntlm/ntlm.go +++ b/src/ntlm/ntlm.go @@ -80,6 +80,8 @@ type ServerSession interface { GenerateChallengeMessage() (*messages.Challenge, error) ProcessAuthenticateMessage(*messages.Authenticate) error + GetSessionData() *SessionData + Version() int Seal(message []byte) ([]byte, error) Sign(message []byte) ([]byte, error) @@ -114,10 +116,10 @@ type SessionData struct { sessionBaseKey []byte mic []byte - clientSigningKey []byte - serverSigningKey []byte - clientSealingKey []byte - serverSealingKey []byte + ClientSigningKey []byte + ServerSigningKey []byte + ClientSealingKey []byte + ServerSealingKey []byte clientHandle *rc4P.Cipher serverHandle *rc4P.Cipher diff --git a/src/ntlm/ntlmv1.go b/src/ntlm/ntlmv1.go index a855faf..759a44e 100644 --- a/src/ntlm/ntlmv1.go +++ b/src/ntlm/ntlmv1.go @@ -98,10 +98,10 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) { n.negotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.negotiateFlags) } - n.clientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client") - n.serverSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server") - n.clientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client") - n.serverSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server") + n.ClientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client") + n.ServerSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server") + n.ClientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client") + n.ServerSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server") return } @@ -118,7 +118,7 @@ func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negotiateFlags) { handle, _ = reinitSealingKey(sealingKey, sequenceNumber) } else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) { - // CONOR: Reinitializing the rc4 cipher on every requst, but not using the + // CONOR: Reinitializing the rc4 cipher on every requst, but not using the // algorithm as described in the MS-NTLM document. Just reinitialize it directly. handle, _ = rc4Init(sealingKey) } @@ -127,22 +127,22 @@ func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK } func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) { - mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags) + mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags) return mac, nil } func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) { - mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags) + mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags) return mac, nil } func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) { - mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags) + mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags) return macsEqual(mac, expectedMac), nil } func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) { - mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags) + mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags) return macsEqual(mac, expectedMac), nil } @@ -168,6 +168,10 @@ func (n *V1ServerSession) SetServerChallenge(challenge []byte) { n.serverChallenge = challenge } +func (n *V1ServerSession) GetSessionData() *SessionData { + return &n.SessionData +} + func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) { n.authenticateMessage = am n.negotiateFlags = am.NegotiateFlags @@ -218,11 +222,11 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) return err } - n.clientHandle, err = rc4Init(n.clientSealingKey) + n.clientHandle, err = rc4Init(n.ClientSealingKey) if err != nil { return err } - n.serverHandle, err = rc4Init(n.serverSealingKey) + n.serverHandle, err = rc4Init(n.ServerSealingKey) if err != nil { return err } @@ -311,11 +315,11 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e return err } - n.clientHandle, err = rc4Init(n.clientSealingKey) + n.clientHandle, err = rc4Init(n.ClientSealingKey) if err != nil { return err } - n.serverHandle, err = rc4Init(n.serverSealingKey) + n.serverHandle, err = rc4Init(n.ServerSealingKey) if err != nil { return err } diff --git a/src/ntlm/ntlmv1_test.go b/src/ntlm/ntlmv1_test.go index 43577b9..1ff3f9c 100644 --- a/src/ntlm/ntlmv1_test.go +++ b/src/ntlm/ntlmv1_test.go @@ -203,6 +203,6 @@ func TestNTLMv1WithClientChallenge(t *testing.T) { t.Errorf("Could not process authenticate message: %s", err) } - checkV1Value(t, "SealKey", server.clientSealingKey, "04dd7f014d8504d265a25cc86a3a7c06", nil) - checkV1Value(t, "SignKey", server.clientSigningKey, "60e799be5c72fc92922ae8ebe961fb8d", nil) + checkV1Value(t, "SealKey", server.ClientSealingKey, "04dd7f014d8504d265a25cc86a3a7c06", nil) + checkV1Value(t, "SignKey", server.ClientSigningKey, "60e799be5c72fc92922ae8ebe961fb8d", nil) } diff --git a/src/ntlm/ntlmv2.go b/src/ntlm/ntlmv2.go index 59e4626..541b333 100644 --- a/src/ntlm/ntlmv2.go +++ b/src/ntlm/ntlmv2.go @@ -46,6 +46,10 @@ func (n *V2Session) fetchResponseKeys() (err error) { return } +func (n *V2ServerSession) GetSessionData() *SessionData { + return &n.SessionData +} + // Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM, CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName) // ServerNameBytes - The NtChallengeResponseFields.NTLMv2_RESPONSE.NTLMv2_CLIENT_CHALLENGE.AvPairs field structure of the AUTHENTICATE_MESSAGE payload. func (n *V2Session) computeExpectedResponses(timestamp []byte, avPairBytes []byte) (err error) { @@ -71,10 +75,10 @@ func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) { n.negotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.negotiateFlags) } - n.clientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client") - n.serverSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server") - n.clientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client") - n.serverSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server") + n.ClientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client") + n.ServerSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server") + n.ClientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client") + n.ServerSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server") return } @@ -90,7 +94,7 @@ func ntlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negotiateFlags) { handle, _ = reinitSealingKey(sealingKey, sequenceNumber) } else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) { - // CONOR: Reinitializing the rc4 cipher on every requst, but not using the + // CONOR: Reinitializing the rc4 cipher on every requst, but not using the // algorithm as described in the MS-NTLM document. Just reinitialize it directly. handle, _ = rc4Init(sealingKey) } @@ -99,22 +103,22 @@ func ntlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK } func (n *V2ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) { - mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags) + mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags) return mac, nil } func (n *V2ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) { - mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags) + mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags) return macsEqual(mac, expectedMac), nil } func (n *V2ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) { - mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags) + mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags) return mac, nil } func (n *V2ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) { - mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags) + mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags) return macsEqual(mac, expectedMac), nil } @@ -224,11 +228,11 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) return err } - n.clientHandle, err = rc4Init(n.clientSealingKey) + n.clientHandle, err = rc4Init(n.ClientSealingKey) if err != nil { return err } - n.serverHandle, err = rc4Init(n.serverSealingKey) + n.serverHandle, err = rc4Init(n.ServerSealingKey) if err != nil { return err } @@ -313,11 +317,11 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e return err } - n.clientHandle, err = rc4Init(n.clientSealingKey) + n.clientHandle, err = rc4Init(n.ClientSealingKey) if err != nil { return err } - n.serverHandle, err = rc4Init(n.serverSealingKey) + n.serverHandle, err = rc4Init(n.ServerSealingKey) if err != nil { return err } diff --git a/src/ntlm/ntlmv2_test.go b/src/ntlm/ntlmv2_test.go index 0c1126d..5b0e593 100644 --- a/src/ntlm/ntlmv2_test.go +++ b/src/ntlm/ntlmv2_test.go @@ -113,8 +113,8 @@ func TestNTLMv2(t *testing.T) { checkV2Value(t, "NTChallengeResponse", server.ntChallengeResponse[0:16], "68cd0ab851e51c96aabc927bebef6a1c", nil) checkV2Value(t, "LMChallengeResponse", server.lmChallengeResponse, "86c35097ac9cec102554764a57cccc19aaaaaaaaaaaaaaaa", nil) - checkV2Value(t, "client seal key", server.clientSealingKey, "59f600973cc4960a25480a7c196e4c58", nil) - checkV2Value(t, "client signing key", server.clientSigningKey, "4788dc861b4782f35d43fd98fe1a2d39", nil) + checkV2Value(t, "client seal key", server.ClientSealingKey, "59f600973cc4960a25480a7c196e4c58", nil) + checkV2Value(t, "client signing key", server.ClientSigningKey, "4788dc861b4782f35d43fd98fe1a2d39", nil) // Have the server generate an initial challenge message challenge, err := server.GenerateChallengeMessage()