/// <summary> /// initialize the response of challenge /// </summary> /// <param name="flags">the flag for challenge</param> /// <param name="challenge">the challenge packet</param> /// <param name="targetInfo">the target info of avpairs</param> /// <param name="responseKeyLM">the response lm key</param> /// <param name="lmChallengeResponse">the challenge lm response</param> /// <param name="ntChallengeResponse">the nt challenge response</param> private void InitializeChallengeResponse( NegotiateTypes flags, NlmpChallengePacket challenge, ICollection <AV_PAIR> targetInfo, out byte[] responseKeyLM, out byte[] lmChallengeResponse, out byte[] ntChallengeResponse ) { // responseKeyNT byte[] responseKeyNT = NlmpUtility.GetResponseKeyNt( this.client.Config.Version, this.currentActiveCredential.DomainName, this.currentActiveCredential.AccountName, this.currentActiveCredential.Password); // responseKeyLM responseKeyLM = NlmpUtility.GetResponseKeyLm( this.client.Config.Version, this.currentActiveCredential.DomainName, this.currentActiveCredential.AccountName, this.currentActiveCredential.Password); // lmChallengeResponse lmChallengeResponse = null; // ntChallengeResponse ntChallengeResponse = null; ComputeResponse( flags, challenge.Payload.ServerChallenge, targetInfo, responseKeyNT, responseKeyLM, out lmChallengeResponse, out ntChallengeResponse); UpdateLmChallengeResponse(targetInfo, ref lmChallengeResponse); }
/// <summary> /// calculate the base keys to initialize the other keys /// </summary> /// <param name="clientChallenge">the challenge generated by client</param> /// <param name="time">the time generated by client</param> /// <param name="serverName">the server name from the authenticate packet</param> /// <param name="domainName">the domain name from the authenticate packet</param> /// <param name="userName">the user name from the authenticate packet</param> /// <param name="userPassword">the user password from the authenticate packet</param> /// <param name="responseKeyLm">output the lm key</param> /// <param name="expectedNtChallengeResponse">output the expected nt challenge response of server</param> /// <param name="expectedLmChallengeResponse">output the expected lm challenge response of server</param> /// <param name="sessionBaseKey">output the session base key of server</param> /// <param name="keyExchangeKey">output the key exchange key of server</param> private void CalculateBaseKeys( ulong clientChallenge, ulong time, byte[] serverName, string domainName, string userName, string userPassword, out byte[] responseKeyLm, out byte[] expectedNtChallengeResponse, out byte[] expectedLmChallengeResponse, out byte[] sessionBaseKey, out byte[] keyExchangeKey) { // calculate the response key nt and lm byte[] responseKeyNt = NlmpUtility.GetResponseKeyNt(this.version, domainName, userName, userPassword); responseKeyLm = NlmpUtility.GetResponseKeyLm(this.version, domainName, userName, userPassword); // calcute the expected key expectedNtChallengeResponse = null; expectedLmChallengeResponse = null; sessionBaseKey = null; NlmpUtility.ComputeResponse(this.version, this.nlmpServer.Context.NegFlg, responseKeyNt, responseKeyLm, this.challenge.Payload.ServerChallenge, clientChallenge, time, serverName, out expectedNtChallengeResponse, out expectedLmChallengeResponse, out sessionBaseKey); // update session key this.nlmpServer.Context.SessionBaseKey = new byte[sessionBaseKey.Length]; Array.Copy(sessionBaseKey, this.nlmpServer.Context.SessionBaseKey, sessionBaseKey.Length); // key exchange key keyExchangeKey = NlmpUtility.KXKey( this.version, sessionBaseKey, this.authenticate.Payload.LmChallengeResponse, this.challenge.Payload.ServerChallenge, this.nlmpServer.Context.NegFlg, responseKeyLm); }
public void GetSecurityToken( NlmpVersion ntlmVersion, string domainName, string userName, string password, ulong serverTime, ulong serverChallenge, out byte[] caseInsensitivePassword, out byte[] caseSensitivePassword) { if (ntlmVersion != NlmpVersion.v1 && ntlmVersion != NlmpVersion.v2) { throw new ArgumentException( string.Format("the ntlmVersion({0}) must be valid NlmpVersion value", ntlmVersion), "ntlmVersion"); } caseInsensitivePassword = null; caseSensitivePassword = null; #region Prepare the TargetInfo byte[] targetInfo = null; List <AV_PAIR> pairs = new List <AV_PAIR>(); NlmpUtility.AddAVPair(pairs, AV_PAIR_IDs.MsvAvEOL, 0x00, null); targetInfo = NlmpUtility.AvPairCollectionGetBytes(pairs); #endregion #region Prepare the Nlmp Negotiate Flags // the flags for negotiate NegotiateTypes nlmpFlags = NegotiateTypes.NTLMSSP_NEGOTIATE_NTLM | NegotiateTypes.NTLM_NEGOTIATE_OEM; #endregion // exported to application for the SessionKey. byte[] sessionBaseKey = null; #region Prepare the keys // responseKeyNT byte[] responseKeyNT = NlmpUtility.GetResponseKeyNt(ntlmVersion, domainName, userName, password); // responseKeyLM byte[] responseKeyLM = NlmpUtility.GetResponseKeyLm(ntlmVersion, domainName, userName, password); #endregion #region Compute Response // clientChallenge, a 8 bytes random number. ulong clientChallenge = BitConverter.ToUInt64(NlmpUtility.Nonce(8), 0); // compute response NlmpUtility.ComputeResponse( ntlmVersion, nlmpFlags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge, serverTime, targetInfo, out caseSensitivePassword, out caseInsensitivePassword, out sessionBaseKey); #endregion }