/// <summary>
/// compute response
/// </summary>
/// <param name="flags">the flags for challenge</param>
/// <param name="serverChallenge">the server challenge</param>
/// <param name="targetInfo">the target info contains avpairs</param>
/// <param name="responseKeyNT">the response nt key</param>
/// <param name="responseKeyLM">the response lm key</param>
/// <param name="lmChallengeResponse">the challenge response lm</param>
/// <param name="ntChallengeResponse">the challenge response nt</param>
private void ComputeResponse(
NegotiateTypes flags,
ulong serverChallenge,
ICollection <AV_PAIR> targetInfo,
byte[] responseKeyNT,
byte[] responseKeyLM,
out byte[] lmChallengeResponse,
out byte[] ntChallengeResponse
)
{
// clientChallenge, a random 8 bytes.
ulong clientChallenge = NlmpUtility.BytesToSecurityUInt64(NlmpUtility.Nonce(8));
// time
ulong time = 0;
if (!NlmpUtility.IsNtlmV1(this.client.Config.Version))
{
time = NlmpUtility.GetTime(targetInfo);
}
byte[] sessionBaseKey = null;
// compute response
NlmpUtility.ComputeResponse(
this.client.Config.Version, flags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge,
time, NlmpUtility.AvPairCollectionGetBytes(targetInfo), out ntChallengeResponse,
out lmChallengeResponse, out sessionBaseKey);
// save key to context
this.client.Context.SessionBaseKey = sessionBaseKey;
}
/// <summary>
/// calculate the base keys to initialize the other keys
/// </summary>
/// <param name="clientChallenge">the challenge generated by client</param>
/// <param name="time">the time generated by client</param>
/// <param name="serverName">the server name from the authenticate packet</param>
/// <param name="domainName">the domain name from the authenticate packet</param>
/// <param name="userName">the user name from the authenticate packet</param>
/// <param name="userPassword">the user password from the authenticate packet</param>
/// <param name="responseKeyLm">output the lm key</param>
/// <param name="expectedNtChallengeResponse">output the expected nt challenge response of server</param>
/// <param name="expectedLmChallengeResponse">output the expected lm challenge response of server</param>
/// <param name="sessionBaseKey">output the session base key of server</param>
/// <param name="keyExchangeKey">output the key exchange key of server</param>
private void CalculateBaseKeys(
ulong clientChallenge,
ulong time,
byte[] serverName,
string domainName,
string userName,
string userPassword,
out byte[] responseKeyLm,
out byte[] expectedNtChallengeResponse,
out byte[] expectedLmChallengeResponse,
out byte[] sessionBaseKey,
out byte[] keyExchangeKey)
{
// calculate the response key nt and lm
byte[] responseKeyNt = NlmpUtility.GetResponseKeyNt(this.version, domainName, userName, userPassword);
responseKeyLm = NlmpUtility.GetResponseKeyLm(this.version, domainName, userName, userPassword);
// calcute the expected key
expectedNtChallengeResponse = null;
expectedLmChallengeResponse = null;
sessionBaseKey = null;
NlmpUtility.ComputeResponse(this.version, this.nlmpServer.Context.NegFlg, responseKeyNt, responseKeyLm,
this.challenge.Payload.ServerChallenge, clientChallenge, time, serverName,
out expectedNtChallengeResponse, out expectedLmChallengeResponse, out sessionBaseKey);
// update session key
this.nlmpServer.Context.SessionBaseKey = new byte[sessionBaseKey.Length];
Array.Copy(sessionBaseKey, this.nlmpServer.Context.SessionBaseKey, sessionBaseKey.Length);
// key exchange key
keyExchangeKey = NlmpUtility.KXKey(
this.version, sessionBaseKey,
this.authenticate.Payload.LmChallengeResponse,
this.challenge.Payload.ServerChallenge,
this.nlmpServer.Context.NegFlg, responseKeyLm);
}
public void GetSecurityToken(
NlmpVersion ntlmVersion,
string domainName,
string userName,
string password,
ulong serverTime,
ulong serverChallenge,
out byte[] caseInsensitivePassword,
out byte[] caseSensitivePassword)
{
if (ntlmVersion != NlmpVersion.v1 && ntlmVersion != NlmpVersion.v2)
{
throw new ArgumentException(
string.Format("the ntlmVersion({0}) must be valid NlmpVersion value", ntlmVersion), "ntlmVersion");
}
caseInsensitivePassword = null;
caseSensitivePassword = null;
#region Prepare the TargetInfo
byte[] targetInfo = null;
List <AV_PAIR> pairs = new List <AV_PAIR>();
NlmpUtility.AddAVPair(pairs, AV_PAIR_IDs.MsvAvEOL, 0x00, null);
targetInfo = NlmpUtility.AvPairCollectionGetBytes(pairs);
#endregion
#region Prepare the Nlmp Negotiate Flags
// the flags for negotiate
NegotiateTypes nlmpFlags = NegotiateTypes.NTLMSSP_NEGOTIATE_NTLM | NegotiateTypes.NTLM_NEGOTIATE_OEM;
#endregion
// exported to application for the SessionKey.
byte[] sessionBaseKey = null;
#region Prepare the keys
// responseKeyNT
byte[] responseKeyNT = NlmpUtility.GetResponseKeyNt(ntlmVersion, domainName, userName, password);
// responseKeyLM
byte[] responseKeyLM = NlmpUtility.GetResponseKeyLm(ntlmVersion, domainName, userName, password);
#endregion
#region Compute Response
// clientChallenge, a 8 bytes random number.
ulong clientChallenge = BitConverter.ToUInt64(NlmpUtility.Nonce(8), 0);
// compute response
NlmpUtility.ComputeResponse(
ntlmVersion, nlmpFlags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge, serverTime,
targetInfo, out caseSensitivePassword, out caseInsensitivePassword, out sessionBaseKey);
#endregion
}
