exporting fields so they can be serialized
This commit is contained in:
Matthew Kanwisher
parent
e9221087f7
commit
d960dfe90e
@ -80,6 +80,8 @@ type ServerSession interface {
|
||||
GenerateChallengeMessage() (*messages.Challenge, error)
|
||||
ProcessAuthenticateMessage(*messages.Authenticate) error
|
||||
|
||||
GetSessionData() *SessionData
|
||||
|
||||
Version() int
|
||||
Seal(message []byte) ([]byte, error)
|
||||
Sign(message []byte) ([]byte, error)
|
||||
@ -114,10 +116,10 @@ type SessionData struct {
|
||||
sessionBaseKey []byte
|
||||
mic []byte
|
||||
|
||||
clientSigningKey []byte
|
||||
serverSigningKey []byte
|
||||
clientSealingKey []byte
|
||||
serverSealingKey []byte
|
||||
ClientSigningKey []byte
|
||||
ServerSigningKey []byte
|
||||
ClientSealingKey []byte
|
||||
ServerSealingKey []byte
|
||||
|
||||
clientHandle *rc4P.Cipher
|
||||
serverHandle *rc4P.Cipher
|
||||
|
||||
@ -98,10 +98,10 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
|
||||
n.negotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.negotiateFlags)
|
||||
}
|
||||
|
||||
n.clientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.serverSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.clientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.serverSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
return
|
||||
}
|
||||
|
||||
@ -127,22 +127,22 @@ func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
@ -168,6 +168,10 @@ func (n *V1ServerSession) SetServerChallenge(challenge []byte) {
|
||||
n.serverChallenge = challenge
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) GetSessionData() *SessionData {
|
||||
return &n.SessionData
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) {
|
||||
n.authenticateMessage = am
|
||||
n.negotiateFlags = am.NegotiateFlags
|
||||
@ -218,11 +222,11 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
return err
|
||||
}
|
||||
|
||||
n.clientHandle, err = rc4Init(n.clientSealingKey)
|
||||
n.clientHandle, err = rc4Init(n.ClientSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n.serverHandle, err = rc4Init(n.serverSealingKey)
|
||||
n.serverHandle, err = rc4Init(n.ServerSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -311,11 +315,11 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
return err
|
||||
}
|
||||
|
||||
n.clientHandle, err = rc4Init(n.clientSealingKey)
|
||||
n.clientHandle, err = rc4Init(n.ClientSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n.serverHandle, err = rc4Init(n.serverSealingKey)
|
||||
n.serverHandle, err = rc4Init(n.ServerSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -203,6 +203,6 @@ func TestNTLMv1WithClientChallenge(t *testing.T) {
|
||||
t.Errorf("Could not process authenticate message: %s", err)
|
||||
}
|
||||
|
||||
checkV1Value(t, "SealKey", server.clientSealingKey, "04dd7f014d8504d265a25cc86a3a7c06", nil)
|
||||
checkV1Value(t, "SignKey", server.clientSigningKey, "60e799be5c72fc92922ae8ebe961fb8d", nil)
|
||||
checkV1Value(t, "SealKey", server.ClientSealingKey, "04dd7f014d8504d265a25cc86a3a7c06", nil)
|
||||
checkV1Value(t, "SignKey", server.ClientSigningKey, "60e799be5c72fc92922ae8ebe961fb8d", nil)
|
||||
}
|
||||
|
||||
@ -46,6 +46,10 @@ func (n *V2Session) fetchResponseKeys() (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) GetSessionData() *SessionData {
|
||||
return &n.SessionData
|
||||
}
|
||||
|
||||
// Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM, CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)
|
||||
// ServerNameBytes - The NtChallengeResponseFields.NTLMv2_RESPONSE.NTLMv2_CLIENT_CHALLENGE.AvPairs field structure of the AUTHENTICATE_MESSAGE payload.
|
||||
func (n *V2Session) computeExpectedResponses(timestamp []byte, avPairBytes []byte) (err error) {
|
||||
@ -71,10 +75,10 @@ func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
|
||||
n.negotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.negotiateFlags)
|
||||
}
|
||||
|
||||
n.clientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.serverSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.clientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.serverSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSigningKey = signKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
n.ClientSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Client")
|
||||
n.ServerSealingKey = sealKey(n.negotiateFlags, n.exportedSessionKey, "Server")
|
||||
return
|
||||
}
|
||||
|
||||
@ -99,22 +103,22 @@ func ntlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.clientSealingKey, n.clientSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.negotiateFlags)
|
||||
return mac, nil
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags)
|
||||
mac := ntlmV2Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.negotiateFlags)
|
||||
return macsEqual(mac, expectedMac), nil
|
||||
}
|
||||
|
||||
@ -224,11 +228,11 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
return err
|
||||
}
|
||||
|
||||
n.clientHandle, err = rc4Init(n.clientSealingKey)
|
||||
n.clientHandle, err = rc4Init(n.ClientSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n.serverHandle, err = rc4Init(n.serverSealingKey)
|
||||
n.serverHandle, err = rc4Init(n.ServerSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -313,11 +317,11 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
return err
|
||||
}
|
||||
|
||||
n.clientHandle, err = rc4Init(n.clientSealingKey)
|
||||
n.clientHandle, err = rc4Init(n.ClientSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n.serverHandle, err = rc4Init(n.serverSealingKey)
|
||||
n.serverHandle, err = rc4Init(n.ServerSealingKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -113,8 +113,8 @@ func TestNTLMv2(t *testing.T) {
|
||||
checkV2Value(t, "NTChallengeResponse", server.ntChallengeResponse[0:16], "68cd0ab851e51c96aabc927bebef6a1c", nil)
|
||||
checkV2Value(t, "LMChallengeResponse", server.lmChallengeResponse, "86c35097ac9cec102554764a57cccc19aaaaaaaaaaaaaaaa", nil)
|
||||
|
||||
checkV2Value(t, "client seal key", server.clientSealingKey, "59f600973cc4960a25480a7c196e4c58", nil)
|
||||
checkV2Value(t, "client signing key", server.clientSigningKey, "4788dc861b4782f35d43fd98fe1a2d39", nil)
|
||||
checkV2Value(t, "client seal key", server.ClientSealingKey, "59f600973cc4960a25480a7c196e4c58", nil)
|
||||
checkV2Value(t, "client signing key", server.ClientSigningKey, "4788dc861b4782f35d43fd98fe1a2d39", nil)
|
||||
|
||||
// Have the server generate an initial challenge message
|
||||
challenge, err := server.GenerateChallengeMessage()
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user