Export (0) Print
Expand All

3.4.5.1 KXKEY

If NTLM v1 is used and extended session security is not negotiated, the 128-bit key exchange key value is calculated as follows:

-- Input:     
--   SessionBaseKey - A session key calculated from the user's
     password.
--   LmChallengeResponse - The LM response to the server challenge.
     Computed by the client. 
--   NegFlg - Defined in section 3.1.1.
--
-- Output:     
--   KeyExchangeKey - The Key Exchange Key. 
--
-- Functions used: 
--   ConcatenationOf() - Defined in Section 6.
--   DES() - Defined in Section 6.

Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
If ( NTLMSSP_NEGOTIATE_LMKEY flag is set in NegFlg) 
     Set KeyExchangeKey to ConcatenationOf(DES(LMOWF[0..6],
     LmChallengeResponse[0..7]), 
     DES(ConcatenationOf(LMOWF[7], 0xBDBDBDBDBDBD),  
     LmChallengeResponse[0..7]))  
Else
     If ( NTLMSSP_REQUEST_NON_NT_SESSION_KEY flag is set in NegFlg) 
        Set KeyExchangeKey to ConcatenationOf(LMOWF[0..7], Z(8)), 
     Else
        Set KeyExchangeKey to SessionBaseKey
     Endif
Endif
EndDefine

If NTLM v1 is used and extended session security is negotiated, the key exchange key value is calculated as follows:

-- Input:     
--   SessionBaseKey - A session key calculated from the user's
     password.
--   ServerChallenge - The 8-byte challenge message
     generated by the server. 
--   LmChallengeResponse - The LM response to the server challenge.
     Computed by the client. 
--
-- Output:     
--   KeyExchangeKey - The Key Exchange Key. 
--
-- Functions used: 
--   ConcatenationOf() - Defined in Section 6.
--   HMAC_MD5() - Defined in Section 6.

Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
     Set KeyExchangeKey to HMAC_MD5(SessionBaseKey, ConcatenationOf(ServerChallenge, LmChallengeResponse [0..7]))
EndDefine

If NTLM v2 is used, the key exchange key MUST be the 128-bit session base key.

 
Show:
© 2015 Microsoft