ntlm

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

README

NTLM Implementation for Go

This is a native implementation of NTLM for Go that was implemented using the Microsoft MS-NLMP documentation available at http://msdn.microsoft.com/en-us/library/cc236621.aspx. The library is currently in use and has been tested with connectionless NTLMv1 and v2 with and without extended session security.

Usage Notes

Currently the implementation only supports connectionless (datagram) oriented NTLM. We did not need connection oriented NTLM for our usage and so it is not implemented. However it should be extremely straightforward to implement connection oriented NTLM as all the operations required are present in the library. The major missing piece is the negotiation of capabilities between the client and the server, for our use we hardcoded a supported set of negotiation flags.

Sample Usage as NTLM Client

import "ntlm"
import "ntlm/messages"

session = ntlm.NewClientSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")

negotiate := session.GenerateNegotiateMessage()

<send negotiate to server>

challenge, err := messages.ParseChallengeMessage(challengeBytes)
session.ProcessChallengeMessage(challenge)

authenticate := session.GenerateAuthenticateMessage()

<send authenticate message to server>

Sample Usage as NTLM Server

session = ntlm.NewServerSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")

challenge := session.GenerateChallengeMessage()

<send challenge to client>

<receive authentication bytes>

auth, err := messages.ParseAuthentiateMessage(authenticateBytes)
session.ProcessAuthenticateMessage(auth)

Generating a message MAC

Once a session is created you can generate the Mac for a message using:

message := "this is some message to sign"
sequenceNumber := 100
signature, err := session.Mac([]byte(message), sequenceNumber)

License

Copyright Thomson Reuters Global Resources 2013 Apache License

Documentation

Overview

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2. To create NTLM v1 or v2 sessions you would use CreateClientSession and create ClientServerSession.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Receve an Authenticate message and authenticate the user

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Receve an Authenticate message and authenticate the user

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MacsEqual 

func MacsEqual(slice1, slice2 []byte) bool

func NtlmV2Mac 

func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

func NtlmVCommonMac 

func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

Mildly ghetto that we expose this

Types

type ClientSession 

type ClientSession interface {
	SetUserInfo(username string, password string, domain string)
	SetMode(mode Mode)

	GenerateNegotiateMessage() (*messages.Negotiate, error)
	ProcessChallengeMessage(*messages.Challenge) error
	GenerateAuthenticateMessage() (*messages.Authenticate, error)

	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateClientSession 

func CreateClientSession(version Version, mode Mode) (n ClientSession, err error)

Creates an NTLM v1 or v2 client mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type Mode 

type Mode int
const (
	ConnectionlessMode Mode = iota
	ConnectionOrientedMode
)

type NtlmsspMessageSignature 

type NtlmsspMessageSignature struct {
	ByteData []byte
	// A 32-bit unsigned integer that contains the signature version. This field MUST be 0x00000001.
	Version []byte
	// A 4-byte array that contains the random pad for the message.
	RandomPad []byte
	// A 4-byte array that contains the checksum for the message.
	CheckSum []byte
	// A 32-bit unsigned integer that contains the NTLM sequence number for this application message.
	SeqNum []byte
}

func (*NtlmsspMessageSignature) Bytes 

func (n *NtlmsspMessageSignature) Bytes() []byte

func (*NtlmsspMessageSignature) String 

func (n *NtlmsspMessageSignature) String() string

type ServerSession 

type ServerSession interface {
	SetUserInfo(username string, password string, domain string)
	GetUserInfo() (string, string, string)

	SetMode(mode Mode)
	SetServerChallenge(challege []byte)

	ProcessNegotiateMessage(*messages.Negotiate) error
	GenerateChallengeMessage() (*messages.Challenge, error)
	ProcessAuthenticateMessage(*messages.Authenticate) error

	GetSessionData() *SessionData

	Version() int
	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateServerSession 

func CreateServerSession(version Version, mode Mode) (n ServerSession, err error)

Creates an NTLM v1 or v2 server mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type SessionData 

type SessionData struct {
	NegotiateFlags uint32

	ClientSigningKey []byte
	ServerSigningKey []byte
	ClientSealingKey []byte
	ServerSealingKey []byte
	// contains filtered or unexported fields
}

This struct collects NTLM data structures and keys that are used across all types of NTLM requests

type V1ClientSession 

type V1ClientSession struct {
	V1Session
}

func (*V1ClientSession) GenerateAuthenticateMessage 

func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error)

func (*V1ClientSession) GenerateNegotiateMessage 

func (n *V1ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error)

func (*V1ClientSession) Mac 

func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ClientSession) ProcessChallengeMessage 

func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error)

func (*V1ClientSession) VerifyMac 

func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1ServerSession 

type V1ServerSession struct {
	V1Session
}

func (*V1ServerSession) GenerateChallengeMessage 

func (n *V1ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error)

func (*V1ServerSession) GetSessionData 

func (n *V1ServerSession) GetSessionData() *SessionData

func (*V1ServerSession) Mac 

func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ServerSession) ProcessAuthenticateMessage 

func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error)

func (*V1ServerSession) ProcessNegotiateMessage 

func (n *V1ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error)

func (*V1ServerSession) SetServerChallenge 

func (n *V1ServerSession) SetServerChallenge(challenge []byte)

func (*V1ServerSession) VerifyMac 

func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1Session 

type V1Session struct {
	SessionData
}

func (*V1Session) GetUserInfo 

func (n *V1Session) GetUserInfo() (string, string, string)

func (*V1Session) Seal 

func (n *V1Session) Seal(message []byte) ([]byte, error)

func (*V1Session) SetMode 

func (n *V1Session) SetMode(mode Mode)

func (*V1Session) SetUserInfo 

func (n *V1Session) SetUserInfo(username string, password string, domain string)

func (*V1Session) Sign 

func (n *V1Session) Sign(message []byte) ([]byte, error)

func (*V1Session) Version 

func (n *V1Session) Version() int

type V2ClientSession 

type V2ClientSession struct {
	V2Session
}

func (*V2ClientSession) GenerateAuthenticateMessage 

func (n *V2ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error)

func (*V2ClientSession) GenerateNegotiateMessage 

func (n *V2ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error)

func (*V2ClientSession) Mac 

func (n *V2ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ClientSession) ProcessChallengeMessage 

func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error)

func (*V2ClientSession) VerifyMac 

func (n *V2ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2ServerSession 

type V2ServerSession struct {
	V2Session
}

func (*V2ServerSession) GenerateChallengeMessage 

func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error)

func (*V2ServerSession) GetSessionData 

func (n *V2ServerSession) GetSessionData() *SessionData

func (*V2ServerSession) Mac 

func (n *V2ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ServerSession) ProcessAuthenticateMessage 

func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error)

func (*V2ServerSession) ProcessNegotiateMessage 

func (n *V2ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error)

func (*V2ServerSession) SetServerChallenge 

func (n *V2ServerSession) SetServerChallenge(challenge []byte)

func (*V2ServerSession) VerifyMac 

func (n *V2ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2Session 

type V2Session struct {
	SessionData
}

func (*V2Session) GetUserInfo 

func (n *V2Session) GetUserInfo() (string, string, string)

func (*V2Session) Seal 

func (n *V2Session) Seal(message []byte) ([]byte, error)

func (*V2Session) SetMode 

func (n *V2Session) SetMode(mode Mode)

func (*V2Session) SetUserInfo 

func (n *V2Session) SetUserInfo(username string, password string, domain string)

func (*V2Session) Sign 

func (n *V2Session) Sign(message []byte) ([]byte, error)

func (*V2Session) Version 

func (n *V2Session) Version() int

type Version 

type Version int
const (
	Version1 Version = 1
	Version2 Version = 2
)

Source Files

View all Source files

Directories

Path Synopsis
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
 Package md4 implements the MD4 hash algorithm as defined in RFC 1320.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.