/** * @param key * 7 or 8 byte DES key * @return DES cipher in encryption mode */ public static Cipher getDES ( byte[] key ) { if ( key.length == 7 ) { return getDES(des7to8(key)); } try { Cipher c = Cipher.getInstance("DES/ECB/NoPadding"); c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "DES")); return c; } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException e ) { throw new CIFSUnsupportedCryptoException(e); } }
static byte[] computeResponse ( byte[] responseKey, byte[] serverChallenge, byte[] clientData, int offset, int length ) { MessageDigest hmac = Crypto.getHMACT64(responseKey); hmac.update(serverChallenge); hmac.update(clientData, offset, length); byte[] mac = hmac.digest(); byte[] ret = new byte[mac.length + clientData.length]; System.arraycopy(mac, 0, ret, 0, mac.length); System.arraycopy(clientData, 0, ret, mac.length, clientData.length); return ret; }
/** * * @param password * @return the calculated hash */ public static byte[] nTOWFv1 ( String password ) { if ( password == null ) throw new NullPointerException("Password parameter is required"); MessageDigest md4 = Crypto.getMD4(); md4.update(Strings.getUNIBytes(password)); return md4.digest(); }
/** * * @param domain * @param username * @param password * * @return the caclulated mac */ public static byte[] nTOWFv2 ( String domain, String username, String password ) { MessageDigest md4 = Crypto.getMD4(); md4.update(Strings.getUNIBytes(password)); MessageDigest hmac = Crypto.getHMACT64(md4.digest()); hmac.update(Strings.getUNIBytes(username.toUpperCase())); hmac.update(Strings.getUNIBytes(domain)); return hmac.digest(); }
System.arraycopy(clientChallenge, 0, sessionNonce, 8, 8); MessageDigest md4 = Crypto.getMD4(); md4.update(responseKeyNT); byte[] userSessionKey = md4.digest(); MessageDigest hmac = Crypto.getHMACT64(userSessionKey); hmac.update(sessionNonce); byte[] ntlm2SessionKey = hmac.digest(); Cipher arcfour = Crypto.getArcfour(ntlm2SessionKey); arcfour.update(this.masterKey, 0, 16, exchangedKey, 0); setEncryptedSessionKey(exchangedKey); MessageDigest hmac = Crypto.getHMACT64(responseKeyNT); hmac.update(this.ntResponse, 0, 16); // only first 16 bytes of ntResponse byte[] userSessionKey = hmac.digest(); Cipher rc4 = Crypto.getArcfour(userSessionKey); rc4.update(this.masterKey, 0, 16, encryptedKey, 0); setEncryptedSessionKey(encryptedKey);
/** * Construct a digest with a non-zero starting sequence number * * @param macSigningKey * @param initialSequence */ public SMB1SigningDigest ( byte[] macSigningKey, int initialSequence ) { this.digest = Crypto.getMD5(); this.macSigningKey = macSigningKey; this.signSequence = initialSequence; }
static void E ( byte[] key, byte[] data, byte[] e ) throws ShortBufferException { byte[] key7 = new byte[7]; byte[] e8 = new byte[8]; for ( int i = 0; i < key.length / 7; i++ ) { System.arraycopy(key, i * 7, key7, 0, 7); Cipher des = Crypto.getDES(key7); des.update(data, 0, data.length, e8); System.arraycopy(e8, 0, e, i * 8, 8); } }
protected void initSessionSecurity ( byte[] mk ) { this.signKey = deriveKey(mk, C2S_SIGN_CONSTANT); this.verifyKey = deriveKey(mk, S2C_SIGN_CONSTANT); if ( log.isDebugEnabled() ) { log.debug("Sign key is " + Hexdump.toHexString(this.signKey)); log.debug("Verify key is " + Hexdump.toHexString(this.verifyKey)); } this.sealClientKey = deriveKey(mk, C2S_SEAL_CONSTANT); this.sealClientHandle = Crypto.getArcfour(this.sealClientKey); if ( log.isDebugEnabled() ) { log.debug("Seal key is " + Hexdump.toHexString(this.sealClientKey)); } this.sealServerKey = deriveKey(mk, S2C_SEAL_CONSTANT); this.sealServerHandle = Crypto.getArcfour(this.sealServerKey); if ( log.isDebugEnabled() ) { log.debug("Server seal key is " + Hexdump.toHexString(this.sealServerKey)); } }
byte[] calculatePreauthHash ( byte[] input, int off, int len, byte[] oldHash ) throws CIFSException { if ( !this.smb2 || this.negotiated == null ) { throw new SmbUnsupportedOperationException(); } Smb2NegotiateResponse resp = (Smb2NegotiateResponse) this.negotiated; if ( !resp.getSelectedDialect().atLeast(DialectVersion.SMB311) ) { throw new SmbUnsupportedOperationException(); } MessageDigest dgst; switch ( resp.getSelectedPreauthHash() ) { case 1: dgst = Crypto.getSHA512(); break; default: throw new SmbUnsupportedOperationException(); } if ( oldHash != null ) { dgst.update(oldHash); } dgst.update(input, off, len); return dgst.digest(); }
/** * * @param domain * @param username * @param password * * @return the caclulated mac */ public static byte[] nTOWFv2 ( String domain, String username, String password ) { MessageDigest md4 = Crypto.getMD4(); md4.update(Strings.getUNIBytes(password)); MessageDigest hmac = Crypto.getHMACT64(md4.digest()); hmac.update(Strings.getUNIBytes(username.toUpperCase())); hmac.update(Strings.getUNIBytes(domain)); return hmac.digest(); }
System.arraycopy(clientChallenge, 0, sessionNonce, 8, 8); MessageDigest md4 = Crypto.getMD4(); md4.update(responseKeyNT); byte[] userSessionKey = md4.digest(); MessageDigest hmac = Crypto.getHMACT64(userSessionKey); hmac.update(sessionNonce); byte[] ntlm2SessionKey = hmac.digest(); Cipher arcfour = Crypto.getArcfour(ntlm2SessionKey); arcfour.update(this.masterKey, 0, 16, exchangedKey, 0); setEncryptedSessionKey(exchangedKey); MessageDigest hmac = Crypto.getHMACT64(responseKeyNT); hmac.update(this.ntResponse, 0, 16); // only first 16 bytes of ntResponse byte[] userSessionKey = hmac.digest(); Cipher rc4 = Crypto.getArcfour(userSessionKey); rc4.update(this.masterKey, 0, 16, encryptedKey, 0); setEncryptedSessionKey(encryptedKey);
/** * Construct a digest with a non-zero starting sequence number * * @param macSigningKey * @param initialSequence */ public SMB1SigningDigest ( byte[] macSigningKey, int initialSequence ) { this.digest = Crypto.getMD5(); this.macSigningKey = macSigningKey; this.signSequence = initialSequence; }
static void E ( byte[] key, byte[] data, byte[] e ) throws ShortBufferException { byte[] key7 = new byte[7]; byte[] e8 = new byte[8]; for ( int i = 0; i < key.length / 7; i++ ) { System.arraycopy(key, i * 7, key7, 0, 7); Cipher des = Crypto.getDES(key7); des.update(data, 0, data.length, e8); System.arraycopy(e8, 0, e, i * 8, 8); } }
protected void initSessionSecurity ( byte[] mk ) { this.signKey = deriveKey(mk, C2S_SIGN_CONSTANT); this.verifyKey = deriveKey(mk, S2C_SIGN_CONSTANT); if ( log.isDebugEnabled() ) { log.debug("Sign key is " + Hexdump.toHexString(this.signKey)); log.debug("Verify key is " + Hexdump.toHexString(this.verifyKey)); } this.sealClientKey = deriveKey(mk, C2S_SEAL_CONSTANT); this.sealClientHandle = Crypto.getArcfour(this.sealClientKey); if ( log.isDebugEnabled() ) { log.debug("Seal key is " + Hexdump.toHexString(this.sealClientKey)); } this.sealServerKey = deriveKey(mk, S2C_SEAL_CONSTANT); this.sealServerHandle = Crypto.getArcfour(this.sealServerKey); if ( log.isDebugEnabled() ) { log.debug("Server seal key is " + Hexdump.toHexString(this.sealServerKey)); } }
byte[] calculatePreauthHash ( byte[] input, int off, int len, byte[] oldHash ) throws CIFSException { if ( !this.smb2 || this.negotiated == null ) { throw new SmbUnsupportedOperationException(); } Smb2NegotiateResponse resp = (Smb2NegotiateResponse) this.negotiated; if ( !resp.getSelectedDialect().atLeast(DialectVersion.SMB311) ) { throw new SmbUnsupportedOperationException(); } MessageDigest dgst; switch ( resp.getSelectedPreauthHash() ) { case 1: dgst = Crypto.getSHA512(); break; default: throw new SmbUnsupportedOperationException(); } if ( oldHash != null ) { dgst.update(oldHash); } dgst.update(input, off, len); return dgst.digest(); }
byte[] response = new byte[24]; MessageDigest md4 = Crypto.getMD4(); md4.update(Strings.getUNIBytes(password)); MessageDigest hmac = Crypto.getHMACT64(md4.digest()); hmac.update(Strings.getUNIBytes(user.toUpperCase())); hmac.update(Strings.getUNIBytes(domain.toUpperCase())); hmac = Crypto.getHMACT64(hmac.digest()); hmac.update(challenge); hmac.update(clientChallenge);
/** * This constructor used to instance a SigningDigest object for * signing/verifying SMB using kerberos session key. * The MAC Key = concat(Session Key, Digest of Challenge); * Because of Kerberos Authentication don't have challenge, * The MAC Key = Session Key * * @param macSigningKey * The MAC key used to sign or verify SMB. */ public SMB1SigningDigest ( byte[] macSigningKey ) { this.digest = Crypto.getMD5(); this.macSigningKey = macSigningKey; }
static byte[] computeResponse ( byte[] responseKey, byte[] serverChallenge, byte[] clientData, int offset, int length ) { MessageDigest hmac = Crypto.getHMACT64(responseKey); hmac.update(serverChallenge); hmac.update(clientData, offset, length); byte[] mac = hmac.digest(); byte[] ret = new byte[mac.length + clientData.length]; System.arraycopy(mac, 0, ret, 0, mac.length); System.arraycopy(clientData, 0, ret, mac.length, clientData.length); return ret; }
/** * @param key * 7 or 8 byte DES key * @return DES cipher in encryption mode */ public static Cipher getDES ( byte[] key ) { if ( key.length == 7 ) { return getDES(des7to8(key)); } try { Cipher c = Cipher.getInstance("DES/ECB/NoPadding"); c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "DES")); return c; } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException e ) { throw new CIFSUnsupportedCryptoException(e); } }
/** * * @param password * @return the calculated hash */ public static byte[] nTOWFv1 ( String password ) { if ( password == null ) throw new NullPointerException("Password parameter is required"); MessageDigest md4 = Crypto.getMD4(); md4.update(Strings.getUNIBytes(password)); return md4.digest(); }