Export (0) Print
Expand All

3.3.2 NTLM v2 Authentication

The following pseudocode defines the details of the algorithms used to calculate the keys used in NTLM v2 authentication.

Note  The NTLM authentication version is not negotiated by the protocol. It MUST be configured on both the client and the server prior to authentication. The NTOWF v2 and LMOWF v2 functions defined in this section are NTLM version-dependent and are used only by NTLM v2.

NTLM clients SHOULD use UserDom for calculating ResponseKeyNT and ResponseKeyLM.

The NT and LM response keys MUST be encoded using the following specific one-way functions where all strings are encoded as RPC_UNICODE_STRING ([MS-DTYP] section 2.3.10).

-- Explanation of message fields and variables:
--   NegFlg, User, UserDom - Defined in section 3.1.1.
--   Passwd - Password of the user.
--   LmChallengeResponse - The LM response to the server challenge.
     Computed by the client. 
--   NTChallengeResponse - The NT response to the server challenge.
     Computed  by the client.
--   ClientChallenge - The 8-byte challenge message generated by the
     client. 
--   CHALLENGE_MESSAGE.ServerChallenge - The 8-byte challenge message
     generated by the server. 
--   ResponseKeyNT - Temporary variable to hold the results of
     calling NTOWF().
--   ResponseKeyLM - Temporary variable to hold the results of
     calling LMGETKEY.
--   ServerName - The 
     NtChallengeResponseFields.NTLMv2_RESPONSE.NTLMv2_CLIENT_CHALLENGE.AvPairs 
     field structure of the AUTHENTICATE_MESSAGE payload.
--   KeyExchangeKey - Temporary variable to hold the results of
     calling KXKEY. 
--   HiResponserversion - The 1-byte highest response version
     understood by the client.  Currently set to 1.
--   Responserversion - The 1-byte response version. Currently set
     to 1.
--  Time - The 8-byte little-endian time in GMT.
--
-- Functions Used:
--   Z(M) - Defined in section 6.

Define NTOWFv2(Passwd, User, UserDom) as HMAC_MD5( 
MD4(UNICODE(Passwd)), UNICODE(ConcatenationOf( Uppercase(User), 
UserDom ) ) )
EndDefine

Define LMOWFv2(Passwd, User, UserDom) as NTOWFv2(Passwd, User, 
UserDom)
EndDefine

Set ResponseKeyNT to NTOWFv2(Passwd, User, UserDom)
Set ResponseKeyLM to LMOWFv2(Passwd, User, UserDom)

Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM,
CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)
As
If (User is set to "" && Passwd is set to "")
    -- Special case for anonymous authentication
    Set NtChallengeResponseLen to 0
    Set NtChallengeResponseMaxLen to 0
    Set NtChallengeResponseBufferOffset to 0
    Set LmChallengeResponse to Z(1)
Else
    Set temp to ConcatenationOf(Responserversion, HiResponserversion,
    Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4))
    Set NTProofStr to HMAC_MD5(ResponseKeyNT, 
    ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge,temp))
    Set NtChallengeResponse to ConcatenationOf(NTProofStr, temp)
    Set LmChallengeResponse to ConcatenationOf(HMAC_MD5(ResponseKeyLM, 
    ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge)),
    ClientChallenge )
EndIf

Set SessionBaseKey to HMAC_MD5(ResponseKeyNT, NTProofStr)
EndDefine

On the server, if the user account to be authenticated is hosted in Active Directory, the challenge-response pair SHOULD be sent to the DC to verify ([MS-APDS]).

The DC calculates the expected value of the response using the NTOWF v2 and/or LMOWF v2, and matches it against the response provided. If the response values match, it MUST send back the SessionBaseKey; otherwise, it MUST return an error to the calling application. The server MUST return an error to the calling application if the DC returns an error. If the DC returns STATUS_NTLM_BLOCKED then the server MUST return STATUS_NOT_SUPPORTED.

If the user account to be authenticated is hosted locally on the server, the server calculates the expected NTOWF v2 and/or LMOWF v2 value of the response using the NTOWF and/or LMOWF stored locally, and matches it against the response provided. If the response values match, it MUST calculate KeyExchangeKey; otherwise, it MUST return an error to the calling application.<73>

 
Show:
© 2014 Microsoft