-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathntlmv1.go
392 lines (330 loc) · 12 KB
/
ntlmv1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
//Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information
package ntlm
import (
"bytes"
rc4P "crypto/rc4"
"errors"
"log"
"strings"
)
/*******************************
Shared Session Data and Methods
*******************************/
type V1Session struct {
SessionData
}
func (n *V1Session) SetUserInfo(username string, password string, domain string) {
n.user = username
n.password = password
n.userDomain = domain
}
func (n *V1Session) GetUserInfo() (string, string, string) {
return n.user, n.password, n.userDomain
}
func (n *V1Session) SetMode(mode Mode) {
n.mode = mode
}
func (n *V1Session) Version() int {
return 1
}
func (n *V1Session) fetchResponseKeys() (err error) {
n.responseKeyLM, err = lmowfv1(n.password)
if err != nil {
return err
}
n.responseKeyNT = ntowfv1(n.password)
return
}
func (n *V1Session) computeExpectedResponses() (err error) {
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8])
if err != nil {
return err
}
n.lmChallengeResponse = concat(n.clientChallenge, make([]byte, 16))
} else {
n.ntChallengeResponse, err = desL(n.responseKeyNT, n.serverChallenge)
if err != nil {
return err
}
// NoLMResponseNTLMv1: A Boolean setting that controls using the NTLM response for the LM
// response to the server challenge when NTLMv1 authentication is used.<30>
// <30> Section 3.1.1.1: The default value of this state variable is TRUE. Windows NT Server 4.0 SP3
// does not support providing NTLM instead of LM responses.
noLmResponseNtlmV1 := false
if noLmResponseNtlmV1 {
n.lmChallengeResponse = n.ntChallengeResponse
} else {
n.lmChallengeResponse, err = desL(n.responseKeyLM, n.serverChallenge)
if err != nil {
return err
}
}
}
return nil
}
func (n *V1Session) computeSessionBaseKey() (err error) {
n.sessionBaseKey = md4(n.responseKeyNT)
return
}
func (n *V1Session) computeKeyExchangeKey() (err error) {
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8]))
} else {
n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM)
}
return
}
func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
// This lovely piece of code comes courtesy of an the excellent Open Document support system from MSFT
// In order to calculate the keys correctly when the client has set the NTLMRevisionCurrent to 0xF (15)
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document
if ntlmRevisionCurrent == 15 {
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
}
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
n.ServerSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Server")
n.ClientSealingKey = sealKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
n.ServerSealingKey = sealKey(n.NegotiateFlags, n.exportedSessionKey, "Server")
return
}
func (n *V1Session) Seal(message []byte) ([]byte, error) {
return nil, nil
}
func (n *V1Session) Sign(message []byte) ([]byte, error) {
return nil, nil
}
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
// TODO: Need to keep track of the sequence number for connection oriented NTLM
if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
} else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
handle, _ = rc4Init(sealingKey)
}
sig := mac(NegotiateFlags, handle, signingKey, uint32(sequenceNumber), message)
return sig.Bytes()
}
func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.NegotiateFlags)
return mac, nil
}
func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.NegotiateFlags)
return mac, nil
}
func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
mac := ntlmV1Mac(message, sequenceNumber, n.clientHandle, n.ClientSealingKey, n.ClientSigningKey, n.NegotiateFlags)
return MacsEqual(mac, expectedMac), nil
}
func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error) {
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.ServerSealingKey, n.ServerSigningKey, n.NegotiateFlags)
return MacsEqual(mac, expectedMac), nil
}
/**************
Server Session
**************/
type V1ServerSession struct {
V1Session
}
func (n *V1ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) {
n.negotiateMessage = nm
return
}
func (n *V1ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) {
// TODO: Generate this challenge message
return
}
func (n *V1ServerSession) SetServerChallenge(challenge []byte) {
n.serverChallenge = challenge
}
func (n *V1ServerSession) GetSessionData() *SessionData {
return &n.SessionData
}
func (n *V1ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
n.authenticateMessage = am
n.NegotiateFlags = am.NegotiateFlags
n.clientChallenge = am.ClientChallenge()
n.encryptedRandomSessionKey = am.EncryptedRandomSessionKey.Payload
// Ignore the values used in SetUserInfo and use these instead from the authenticate message
// They should always be correct (I hope)
n.user = am.UserName.String()
n.userDomain = am.DomainName.String()
log.Printf("(ProcessAuthenticateMessage)NTLM v1 User %s Domain %s", n.user, n.userDomain)
err = n.fetchResponseKeys()
if err != nil {
return err
}
err = n.computeExpectedResponses()
if err != nil {
return err
}
err = n.computeSessionBaseKey()
if err != nil {
return err
}
err = n.computeKeyExchangeKey()
if err != nil {
return err
}
if !bytes.Equal(am.NtChallengeResponseFields.Payload, n.ntChallengeResponse) {
// There is a bug with the steps in MS-NLMP. In section 3.2.5.1.2 it says you should fall through
// to compare the lmChallengeResponse if the ntChallengeRepsonse fails, but with extended session security
// this would *always* pass because the lmChallengeResponse and expectedLmChallengeRepsonse will always
// be the same
if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
return errors.New("Could not authenticate")
}
}
n.mic = am.Mic
am.Mic = zeroBytes(16)
err = n.computeExportedSessionKey()
if err != nil {
return err
}
if am.Version == nil {
//UGH not entirely sure how this could possibly happen, going to put this in for now
//TODO investigate if this ever is really happening
am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
log.Printf("Nil version in ntlmv1")
}
err = n.calculateKeys(am.Version.NTLMRevisionCurrent)
if err != nil {
return err
}
n.clientHandle, err = rc4Init(n.ClientSealingKey)
if err != nil {
return err
}
n.serverHandle, err = rc4Init(n.ServerSealingKey)
if err != nil {
return err
}
return nil
}
func (n *V1ServerSession) computeExportedSessionKey() (err error) {
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
if err != nil {
return err
}
// TODO: Calculate mic correctly. This calculation is not producing the right results now
// n.calculatedMic = HmacMd5(n.exportedSessionKey, concat(n.challengeMessage.Payload, n.authenticateMessage.Bytes))
} else {
n.exportedSessionKey = n.keyExchangeKey
// TODO: Calculate mic correctly. This calculation is not producing the right results now
// n.calculatedMic = HmacMd5(n.keyExchangeKey, concat(n.challengeMessage.Payload, n.authenticateMessage.Bytes))
}
return nil
}
/*************
Client Session
**************/
type V1ClientSession struct {
V1Session
}
func (n *V1ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) {
return nil, nil
}
func (n *V1ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) {
n.challengeMessage = cm
n.serverChallenge = cm.ServerChallenge
n.clientChallenge = randomBytes(8)
// Set up the default flags for processing the response. These are the flags that we will return
// in the authenticate message
flags := uint32(0)
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
// NOTE: Unsetting this flag in order to get the server to generate the signatures we can recognize
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = NTLMSSP_REQUEST_TARGET.Set(flags)
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
n.NegotiateFlags = flags
err = n.fetchResponseKeys()
if err != nil {
return err
}
err = n.computeExpectedResponses()
if err != nil {
return err
}
err = n.computeSessionBaseKey()
if err != nil {
return err
}
err = n.computeKeyExchangeKey()
if err != nil {
return err
}
err = n.computeEncryptedSessionKey()
if err != nil {
return err
}
err = n.calculateKeys(cm.Version.NTLMRevisionCurrent)
if err != nil {
return err
}
n.clientHandle, err = rc4Init(n.ClientSealingKey)
if err != nil {
return err
}
n.serverHandle, err = rc4Init(n.ServerSealingKey)
if err != nil {
return err
}
return nil
}
func (n *V1ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) {
am = new(AuthenticateMessage)
am.Signature = []byte("NTLMSSP\x00")
am.MessageType = uint32(3)
am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)
am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse)
am.DomainName, _ = CreateStringPayload(n.userDomain)
am.UserName, _ = CreateStringPayload(n.user)
am.Workstation, _ = CreateStringPayload("SQUAREMILL")
am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey)
am.NegotiateFlags = n.NegotiateFlags
am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
return am, nil
}
func (n *V1ClientSession) computeEncryptedSessionKey() (err error) {
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey = randomBytes(16)
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
if err != nil {
return err
}
} else {
n.encryptedRandomSessionKey = n.keyExchangeKey
}
return nil
}
/********************************
NTLM V1 Password hash functions
*********************************/
func ntowfv1(passwd string) []byte {
return md4(utf16FromString(passwd))
}
// ConcatenationOf( DES( UpperCase( Passwd)[0..6],"KGS!@#$%"), DES( UpperCase( Passwd)[7..13],"KGS!@#$%"))
func lmowfv1(passwd string) ([]byte, error) {
asciiPassword := []byte(strings.ToUpper(passwd))
keyBytes := zeroPaddedBytes(asciiPassword, 0, 14)
first, err := des(keyBytes[0:7], []byte("KGS!@#$%"))
if err != nil {
return nil, err
}
second, err := des(keyBytes[7:14], []byte("KGS!@#$%"))
if err != nil {
return nil, err
}
return append(first, second...), nil
}