forked from Psiphon-Labs/psiphon-tunnel-core
/
keys.go
70 lines (62 loc) · 2.32 KB
/
keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
//Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information
package ntlm
// Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) {
if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
var part1, part2 []byte
part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8])
if err != nil {
return nil, err
}
key := append([]byte{lmnowf[7]}, []byte{0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD}...)
part2, err = des(key, lmChallengeResponse[0:8])
if err != nil {
return nil, err
}
keyExchangeKey = concat(part1, part2)
} else if NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) {
keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8))
} else {
keyExchangeKey = sessionBaseKey
}
return
}
// Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as
func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) {
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
if mode == "Client" {
signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00")))
} else {
signKey = md5(concat(randomSessionKey, []byte("session key to server-to-client signing key magic constant\x00")))
}
} else {
signKey = nil
}
return
}
// Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as
func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) {
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
if NTLMSSP_NEGOTIATE_128.IsSet(flags) {
sealKey = randomSessionKey
} else if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
sealKey = randomSessionKey[0:7]
} else {
sealKey = randomSessionKey[0:5]
}
if mode == "Client" {
sealKey = md5(concat(sealKey, []byte("session key to client-to-server sealing key magic constant\x00")))
} else {
sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00")))
}
} else if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
sealKey = concat(randomSessionKey[0:7], []byte{0xA0})
} else {
sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0})
}
} else {
sealKey = randomSessionKey
}
return
}