github.com/psiphon-labs/psiphon-tunnel-core@v2.0.28+incompatible/psiphon/upstreamproxy/go-ntlm/ntlm/keys.go

github.com/psiphon-labs/psiphon-tunnel-core@v2.0.28+incompatible/psiphon/upstreamproxy/go-ntlm/ntlm/keys.go (about)

     1  //Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information
     2  
     3  package ntlm
     4  
     5  // Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
     6  func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) {
     7  	if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
     8  		var part1, part2 []byte
     9  		part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8])
    10  		if err != nil {
    11  			return nil, err
    12  		}
    13  
    14  		key := append([]byte{lmnowf[7]}, []byte{0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD}...)
    15  		part2, err = des(key, lmChallengeResponse[0:8])
    16  		if err != nil {
    17  			return nil, err
    18  		}
    19  
    20  		keyExchangeKey = concat(part1, part2)
    21  	} else if NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) {
    22  		keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8))
    23  	} else {
    24  		keyExchangeKey = sessionBaseKey
    25  	}
    26  
    27  	return
    28  }
    29  
    30  // Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as
    31  func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) {
    32  	if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
    33  		if mode == "Client" {
    34  			signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00")))
    35  		} else {
    36  			signKey = md5(concat(randomSessionKey, []byte("session key to server-to-client signing key magic constant\x00")))
    37  		}
    38  	} else {
    39  		signKey = nil
    40  	}
    41  	return
    42  }
    43  
    44  // 	Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as
    45  func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) {
    46  	if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
    47  		if NTLMSSP_NEGOTIATE_128.IsSet(flags) {
    48  			sealKey = randomSessionKey
    49  		} else if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
    50  			sealKey = randomSessionKey[0:7]
    51  		} else {
    52  			sealKey = randomSessionKey[0:5]
    53  		}
    54  		if mode == "Client" {
    55  			sealKey = md5(concat(sealKey, []byte("session key to client-to-server sealing key magic constant\x00")))
    56  		} else {
    57  			sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00")))
    58  		}
    59  	} else if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
    60  		if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
    61  			sealKey = concat(randomSessionKey[0:7], []byte{0xA0})
    62  		} else {
    63  			sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0})
    64  		}
    65  	} else {
    66  		sealKey = randomSessionKey
    67  	}
    68  
    69  	return
    70  }