The Tor Browser: mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/auth/NTLMEngineImpl.java@fc2d59ddac77 (annotated)

mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/auth/NTLMEngineImpl.java@fc2d59ddac77 (annotated)

mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/auth/NTLMEngineImpl.java

Wed, 31 Dec 2014 07:22:50 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 07:22:50 +0100
branch: TOR_BUG_3246
changeset 4: fc2d59ddac77
permissions: -rw-r--r--

Correct previous dual key logic pending first delivery installment.

 /*
  * ====================================================================
  *
  *  Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  * ====================================================================
  *
  * This software consists of voluntary contributions made by many
  * individuals on behalf of the Apache Software Foundation.  For more
  * information on the Apache Software Foundation, please see
  * <http://www.apache.org/>.
  *
  */
 package ch.boye.httpclientandroidlib.impl.auth;
 import java.security.Key;
 import java.security.MessageDigest;
 import java.util.Arrays;
 import javax.crypto.Cipher;
 import javax.crypto.spec.SecretKeySpec;
 import org.mozilla.apache.commons.codec.binary.Base64;
 import ch.boye.httpclientandroidlib.util.EncodingUtils;
 /**
  * Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM
  * authentication protocol.
  *
  * @since 4.1
  */
 final class NTLMEngineImpl implements NTLMEngine {
     // Flags we use
     protected final static int FLAG_UNICODE_ENCODING = 0x00000001;
     protected final static int FLAG_TARGET_DESIRED = 0x00000004;
     protected final static int FLAG_NEGOTIATE_SIGN = 0x00000010;
     protected final static int FLAG_NEGOTIATE_SEAL = 0x00000020;
     protected final static int FLAG_NEGOTIATE_NTLM = 0x00000200;
     protected final static int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000;
     protected final static int FLAG_NEGOTIATE_NTLM2 = 0x00080000;
     protected final static int FLAG_NEGOTIATE_128 = 0x20000000;
     protected final static int FLAG_NEGOTIATE_KEY_EXCH = 0x40000000;
     /** Secure random generator */
     private static final java.security.SecureRandom RND_GEN;
     static {
         java.security.SecureRandom rnd = null;
         try {
             rnd = java.security.SecureRandom.getInstance("SHA1PRNG");
         } catch (Exception e) {
         }
         RND_GEN = rnd;
     }
     /** Character encoding */
     static final String DEFAULT_CHARSET = "ASCII";
     /** The character set to use for encoding the credentials */
     private String credentialCharset = DEFAULT_CHARSET;
     /** The signature string as bytes in the default encoding */
     private static byte[] SIGNATURE;
     static {
         byte[] bytesWithoutNull = EncodingUtils.getBytes("NTLMSSP", "ASCII");
         SIGNATURE = new byte[bytesWithoutNull.length + 1];
         System.arraycopy(bytesWithoutNull, 0, SIGNATURE, 0, bytesWithoutNull.length);
         SIGNATURE[bytesWithoutNull.length] = (byte) 0x00;
     }
     /**
      * Returns the response for the given message.
      *
      * @param message
      *            the message that was received from the server.
      * @param username
      *            the username to authenticate with.
      * @param password
      *            the password to authenticate with.
      * @param host
      *            The host.
      * @param domain
      *            the NT domain to authenticate in.
      * @return The response.
      * @throws HttpException
      *             If the messages cannot be retrieved.
      */
     final String getResponseFor(String message, String username, String password,
             String host, String domain) throws NTLMEngineException {
         final String response;
         if (message == null || message.trim().equals("")) {
             response = getType1Message(host, domain);
         } else {
             Type2Message t2m = new Type2Message(message);
             response = getType3Message(username, password, host, domain, t2m.getChallenge(), t2m
                     .getFlags(), t2m.getTarget(), t2m.getTargetInfo());
         }
         return response;
     }
     /**
      * Creates the first message (type 1 message) in the NTLM authentication
      * sequence. This message includes the user name, domain and host for the
      * authentication session.
      *
      * @param host
      *            the computer name of the host requesting authentication.
      * @param domain
      *            The domain to authenticate with.
      * @return String the message to add to the HTTP request header.
      */
     String getType1Message(String host, String domain) throws NTLMEngineException {
         return new Type1Message(domain, host).getResponse();
     }
     /**
      * Creates the type 3 message using the given server nonce. The type 3
      * message includes all the information for authentication, host, domain,
      * username and the result of encrypting the nonce sent by the server using
      * the user's password as the key.
      *
      * @param user
      *            The user name. This should not include the domain name.
      * @param password
      *            The password.
      * @param host
      *            The host that is originating the authentication request.
      * @param domain
      *            The domain to authenticate within.
      * @param nonce
      *            the 8 byte array the server sent.
      * @return The type 3 message.
      * @throws NTLMEngineException
      *             If {@encrypt(byte[],byte[])} fails.
      */
     String getType3Message(String user, String password, String host, String domain,
             byte[] nonce, int type2Flags, String target, byte[] targetInformation)
             throws NTLMEngineException {
         return new Type3Message(domain, host, user, password, nonce, type2Flags, target,
                 targetInformation).getResponse();
     }
     /**
      * @return Returns the credentialCharset.
      */
     String getCredentialCharset() {
         return credentialCharset;
     }
     /**
      * @param credentialCharset
      *            The credentialCharset to set.
      */
     void setCredentialCharset(String credentialCharset) {
         this.credentialCharset = credentialCharset;
     }
     /** Strip dot suffix from a name */
     private static String stripDotSuffix(String value) {
         int index = value.indexOf(".");
         if (index != -1)
             return value.substring(0, index);
         return value;
     }
     /** Convert host to standard form */
     private static String convertHost(String host) {
         return stripDotSuffix(host);
     }
     /** Convert domain to standard form */
     private static String convertDomain(String domain) {
         return stripDotSuffix(domain);
     }
     private static int readULong(byte[] src, int index) throws NTLMEngineException {
         if (src.length < index + 4)
             throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
         return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
                 | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
     }
     private static int readUShort(byte[] src, int index) throws NTLMEngineException {
         if (src.length < index + 2)
             throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
         return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
     }
     private static byte[] readSecurityBuffer(byte[] src, int index) throws NTLMEngineException {
         int length = readUShort(src, index);
         int offset = readULong(src, index + 4);
         if (src.length < offset + length)
             throw new NTLMEngineException(
                     "NTLM authentication - buffer too small for data item");
         byte[] buffer = new byte[length];
         System.arraycopy(src, offset, buffer, 0, length);
         return buffer;
     }
     /** Calculate a challenge block */
     private static byte[] makeRandomChallenge() throws NTLMEngineException {
         if (RND_GEN == null) {
             throw new NTLMEngineException("Random generator not available");
         }
         byte[] rval = new byte[8];
         synchronized (RND_GEN) {
             RND_GEN.nextBytes(rval);
         }
         return rval;
     }
     /** Calculate an NTLM2 challenge block */
     private static byte[] makeNTLM2RandomChallenge() throws NTLMEngineException {
         if (RND_GEN == null) {
             throw new NTLMEngineException("Random generator not available");
         }
         byte[] rval = new byte[24];
         synchronized (RND_GEN) {
             RND_GEN.nextBytes(rval);
         }
         // 8-byte challenge, padded with zeros to 24 bytes.
         Arrays.fill(rval, 8, 24, (byte) 0x00);
         return rval;
     }
     /**
      * Calculates the LM Response for the given challenge, using the specified
      * password.
      *
      * @param password
      *            The user's password.
      * @param challenge
      *            The Type 2 challenge from the server.
      *
      * @return The LM Response.
      */
     static byte[] getLMResponse(String password, byte[] challenge)
             throws NTLMEngineException {
         byte[] lmHash = lmHash(password);
         return lmResponse(lmHash, challenge);
     }
     /**
      * Calculates the NTLM Response for the given challenge, using the specified
      * password.
      *
      * @param password
      *            The user's password.
      * @param challenge
      *            The Type 2 challenge from the server.
      *
      * @return The NTLM Response.
      */
     static byte[] getNTLMResponse(String password, byte[] challenge)
             throws NTLMEngineException {
         byte[] ntlmHash = ntlmHash(password);
         return lmResponse(ntlmHash, challenge);
     }
     /**
      * Calculates the NTLMv2 Response for the given challenge, using the
      * specified authentication target, username, password, target information
      * block, and client challenge.
      *
      * @param target
      *            The authentication target (i.e., domain).
      * @param user
      *            The username.
      * @param password
      *            The user's password.
      * @param targetInformation
      *            The target information block from the Type 2 message.
      * @param challenge
      *            The Type 2 challenge from the server.
      * @param clientChallenge
      *            The random 8-byte client challenge.
      *
      * @return The NTLMv2 Response.
      */
     static byte[] getNTLMv2Response(String target, String user, String password,
             byte[] challenge, byte[] clientChallenge, byte[] targetInformation)
             throws NTLMEngineException {
         byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
         byte[] blob = createBlob(clientChallenge, targetInformation);
         return lmv2Response(ntlmv2Hash, challenge, blob);
     }
     /**
      * Calculates the LMv2 Response for the given challenge, using the specified
      * authentication target, username, password, and client challenge.
      *
      * @param target
      *            The authentication target (i.e., domain).
      * @param user
      *            The username.
      * @param password
      *            The user's password.
      * @param challenge
      *            The Type 2 challenge from the server.
      * @param clientChallenge
      *            The random 8-byte client challenge.
      *
      * @return The LMv2 Response.
      */
     static byte[] getLMv2Response(String target, String user, String password,
             byte[] challenge, byte[] clientChallenge) throws NTLMEngineException {
         byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
         return lmv2Response(ntlmv2Hash, challenge, clientChallenge);
     }
     /**
      * Calculates the NTLM2 Session Response for the given challenge, using the
      * specified password and client challenge.
      *
      * @param password
      *            The user's password.
      * @param challenge
      *            The Type 2 challenge from the server.
      * @param clientChallenge
      *            The random 8-byte client challenge.
      *
      * @return The NTLM2 Session Response. This is placed in the NTLM response
      *         field of the Type 3 message; the LM response field contains the
      *         client challenge, null-padded to 24 bytes.
      */
     static byte[] getNTLM2SessionResponse(String password, byte[] challenge,
             byte[] clientChallenge) throws NTLMEngineException {
         try {
             byte[] ntlmHash = ntlmHash(password);
             // Look up MD5 algorithm (was necessary on jdk 1.4.2)
             // This used to be needed, but java 1.5.0_07 includes the MD5
             // algorithm (finally)
             // Class x = Class.forName("gnu.crypto.hash.MD5");
             // Method updateMethod = x.getMethod("update",new
             // Class[]{byte[].class});
             // Method digestMethod = x.getMethod("digest",new Class[0]);
             // Object mdInstance = x.newInstance();
             // updateMethod.invoke(mdInstance,new Object[]{challenge});
             // updateMethod.invoke(mdInstance,new Object[]{clientChallenge});
             // byte[] digest = (byte[])digestMethod.invoke(mdInstance,new
             // Object[0]);
             MessageDigest md5 = MessageDigest.getInstance("MD5");
             md5.update(challenge);
             md5.update(clientChallenge);
             byte[] digest = md5.digest();
             byte[] sessionHash = new byte[8];
             System.arraycopy(digest, 0, sessionHash, 0, 8);
             return lmResponse(ntlmHash, sessionHash);
         } catch (Exception e) {
             if (e instanceof NTLMEngineException)
                 throw (NTLMEngineException) e;
             throw new NTLMEngineException(e.getMessage(), e);
         }
     }
     /**
      * Creates the LM Hash of the user's password.
      *
      * @param password
      *            The password.
      *
      * @return The LM Hash of the given password, used in the calculation of the
      *         LM Response.
      */
     private static byte[] lmHash(String password) throws NTLMEngineException {
         try {
             byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
             int length = Math.min(oemPassword.length, 14);
             byte[] keyBytes = new byte[14];
             System.arraycopy(oemPassword, 0, keyBytes, 0, length);
             Key lowKey = createDESKey(keyBytes, 0);
             Key highKey = createDESKey(keyBytes, 7);
             byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
             Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
             des.init(Cipher.ENCRYPT_MODE, lowKey);
             byte[] lowHash = des.doFinal(magicConstant);
             des.init(Cipher.ENCRYPT_MODE, highKey);
             byte[] highHash = des.doFinal(magicConstant);
             byte[] lmHash = new byte[16];
             System.arraycopy(lowHash, 0, lmHash, 0, 8);
             System.arraycopy(highHash, 0, lmHash, 8, 8);
             return lmHash;
         } catch (Exception e) {
             throw new NTLMEngineException(e.getMessage(), e);
         }
     }
     /**
      * Creates the NTLM Hash of the user's password.
      *
      * @param password
      *            The password.
      *
      * @return The NTLM Hash of the given password, used in the calculation of
      *         the NTLM Response and the NTLMv2 and LMv2 Hashes.
      */
     private static byte[] ntlmHash(String password) throws NTLMEngineException {
         try {
             byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
             MD4 md4 = new MD4();
             md4.update(unicodePassword);
             return md4.getOutput();
         } catch (java.io.UnsupportedEncodingException e) {
             throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
         }
     }
     /**
      * Creates the NTLMv2 Hash of the user's password.
      *
      * @param target
      *            The authentication target (i.e., domain).
      * @param user
      *            The username.
      * @param password
      *            The password.
      *
      * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2
      *         Responses.
      */
     private static byte[] ntlmv2Hash(String target, String user, String password)
             throws NTLMEngineException {
         try {
             byte[] ntlmHash = ntlmHash(password);
             HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
             // Upper case username, mixed case target!!
             hmacMD5.update(user.toUpperCase().getBytes("UnicodeLittleUnmarked"));
             hmacMD5.update(target.getBytes("UnicodeLittleUnmarked"));
             return hmacMD5.getOutput();
         } catch (java.io.UnsupportedEncodingException e) {
             throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
         }
     }
     /**
      * Creates the LM Response from the given hash and Type 2 challenge.
      *
      * @param hash
      *            The LM or NTLM Hash.
      * @param challenge
      *            The server challenge from the Type 2 message.
      *
      * @return The response (either LM or NTLM, depending on the provided hash).
      */
     private static byte[] lmResponse(byte[] hash, byte[] challenge) throws NTLMEngineException {
         try {
             byte[] keyBytes = new byte[21];
             System.arraycopy(hash, 0, keyBytes, 0, 16);
             Key lowKey = createDESKey(keyBytes, 0);
             Key middleKey = createDESKey(keyBytes, 7);
             Key highKey = createDESKey(keyBytes, 14);
             Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
             des.init(Cipher.ENCRYPT_MODE, lowKey);
             byte[] lowResponse = des.doFinal(challenge);
             des.init(Cipher.ENCRYPT_MODE, middleKey);
             byte[] middleResponse = des.doFinal(challenge);
             des.init(Cipher.ENCRYPT_MODE, highKey);
             byte[] highResponse = des.doFinal(challenge);
             byte[] lmResponse = new byte[24];
             System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
             System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
             System.arraycopy(highResponse, 0, lmResponse, 16, 8);
             return lmResponse;
         } catch (Exception e) {
             throw new NTLMEngineException(e.getMessage(), e);
         }
     }
     /**
      * Creates the LMv2 Response from the given hash, client data, and Type 2
      * challenge.
      *
      * @param hash
      *            The NTLMv2 Hash.
      * @param clientData
      *            The client data (blob or client challenge).
      * @param challenge
      *            The server challenge from the Type 2 message.
      *
      * @return The response (either NTLMv2 or LMv2, depending on the client
      *         data).
      */
     private static byte[] lmv2Response(byte[] hash, byte[] challenge, byte[] clientData)
             throws NTLMEngineException {
         HMACMD5 hmacMD5 = new HMACMD5(hash);
         hmacMD5.update(challenge);
         hmacMD5.update(clientData);
         byte[] mac = hmacMD5.getOutput();
         byte[] lmv2Response = new byte[mac.length + clientData.length];
         System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
         System.arraycopy(clientData, 0, lmv2Response, mac.length, clientData.length);
         return lmv2Response;
     }
     /**
      * Creates the NTLMv2 blob from the given target information block and
      * client challenge.
      *
      * @param targetInformation
      *            The target information block from the Type 2 message.
      * @param clientChallenge
      *            The random 8-byte client challenge.
      *
      * @return The blob, used in the calculation of the NTLMv2 Response.
      */
     private static byte[] createBlob(byte[] clientChallenge, byte[] targetInformation) {
         byte[] blobSignature = new byte[] { (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00 };
         byte[] reserved = new byte[] { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
         byte[] unknown1 = new byte[] { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
         long time = System.currentTimeMillis();
         time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
         time *= 10000; // tenths of a microsecond.
         // convert to little-endian byte array.
         byte[] timestamp = new byte[8];
         for (int i = 0; i < 8; i++) {
             timestamp[i] = (byte) time;
             time >>>= 8;
         }
         byte[] blob = new byte[blobSignature.length + reserved.length + timestamp.length + 8
                 + unknown1.length + targetInformation.length];
         int offset = 0;
         System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
         offset += blobSignature.length;
         System.arraycopy(reserved, 0, blob, offset, reserved.length);
         offset += reserved.length;
         System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
         offset += timestamp.length;
         System.arraycopy(clientChallenge, 0, blob, offset, 8);
         offset += 8;
         System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
         offset += unknown1.length;
         System.arraycopy(targetInformation, 0, blob, offset, targetInformation.length);
         return blob;
     }
     /**
      * Creates a DES encryption key from the given key material.
      *
      * @param bytes
      *            A byte array containing the DES key material.
      * @param offset
      *            The offset in the given byte array at which the 7-byte key
      *            material starts.
      *
      * @return A DES encryption key created from the key material starting at
      *         the specified offset in the given byte array.
      */
     private static Key createDESKey(byte[] bytes, int offset) {
         byte[] keyBytes = new byte[7];
         System.arraycopy(bytes, offset, keyBytes, 0, 7);
         byte[] material = new byte[8];
         material[0] = keyBytes[0];
         material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
         material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
         material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
         material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
         material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
         material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
         material[7] = (byte) (keyBytes[6] << 1);
         oddParity(material);
         return new SecretKeySpec(material, "DES");
     }
     /**
      * Applies odd parity to the given byte array.
      *
      * @param bytes
      *            The data whose parity bits are to be adjusted for odd parity.
      */
     private static void oddParity(byte[] bytes) {
         for (int i = 0; i < bytes.length; i++) {
             byte b = bytes[i];
             boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^ (b >>> 4) ^ (b >>> 3)
                     ^ (b >>> 2) ^ (b >>> 1)) & 0x01) == 0;
             if (needsParity) {
                 bytes[i] |= (byte) 0x01;
             } else {
                 bytes[i] &= (byte) 0xfe;
             }
         }
     }
     /** NTLM message generation, base class */
     static class NTLMMessage {
         /** The current response */
         private byte[] messageContents = null;
         /** The current output position */
         private int currentOutputPosition = 0;
         /** Constructor to use when message contents are not yet known */
         NTLMMessage() {
         }
         /** Constructor to use when message contents are known */
         NTLMMessage(String messageBody, int expectedType) throws NTLMEngineException {
             messageContents = Base64.decodeBase64(EncodingUtils.getBytes(messageBody,
                     DEFAULT_CHARSET));
             // Look for NTLM message
             if (messageContents.length < SIGNATURE.length)
                 throw new NTLMEngineException("NTLM message decoding error - packet too short");
             int i = 0;
             while (i < SIGNATURE.length) {
                 if (messageContents[i] != SIGNATURE[i])
                     throw new NTLMEngineException(
                             "NTLM message expected - instead got unrecognized bytes");
                 i++;
             }
             // Check to be sure there's a type 2 message indicator next
             int type = readULong(SIGNATURE.length);
             if (type != expectedType)
                 throw new NTLMEngineException("NTLM type " + Integer.toString(expectedType)
                         + " message expected - instead got type " + Integer.toString(type));
             currentOutputPosition = messageContents.length;
         }
         /**
          * Get the length of the signature and flags, so calculations can adjust
          * offsets accordingly.
          */
         protected int getPreambleLength() {
             return SIGNATURE.length + 4;
         }
         /** Get the message length */
         protected int getMessageLength() {
             return currentOutputPosition;
         }
         /** Read a byte from a position within the message buffer */
         protected byte readByte(int position) throws NTLMEngineException {
             if (messageContents.length < position + 1)
                 throw new NTLMEngineException("NTLM: Message too short");
             return messageContents[position];
         }
         /** Read a bunch of bytes from a position in the message buffer */
         protected void readBytes(byte[] buffer, int position) throws NTLMEngineException {
             if (messageContents.length < position + buffer.length)
                 throw new NTLMEngineException("NTLM: Message too short");
             System.arraycopy(messageContents, position, buffer, 0, buffer.length);
         }
         /** Read a ushort from a position within the message buffer */
         protected int readUShort(int position) throws NTLMEngineException {
             return NTLMEngineImpl.readUShort(messageContents, position);
         }
         /** Read a ulong from a position within the message buffer */
         protected int readULong(int position) throws NTLMEngineException {
             return NTLMEngineImpl.readULong(messageContents, position);
         }
         /** Read a security buffer from a position within the message buffer */
         protected byte[] readSecurityBuffer(int position) throws NTLMEngineException {
             return NTLMEngineImpl.readSecurityBuffer(messageContents, position);
         }
         /**
          * Prepares the object to create a response of the given length.
          *
          * @param length
          *            the maximum length of the response to prepare, not
          *            including the type and the signature (which this method
          *            adds).
          */
         protected void prepareResponse(int maxlength, int messageType) {
             messageContents = new byte[maxlength];
             currentOutputPosition = 0;
             addBytes(SIGNATURE);
             addULong(messageType);
         }
         /**
          * Adds the given byte to the response.
          *
          * @param b
          *            the byte to add.
          */
         protected void addByte(byte b) {
             messageContents[currentOutputPosition] = b;
             currentOutputPosition++;
         }
         /**
          * Adds the given bytes to the response.
          *
          * @param bytes
          *            the bytes to add.
          */
         protected void addBytes(byte[] bytes) {
             for (int i = 0; i < bytes.length; i++) {
                 messageContents[currentOutputPosition] = bytes[i];
                 currentOutputPosition++;
             }
         }
         /** Adds a USHORT to the response */
         protected void addUShort(int value) {
             addByte((byte) (value & 0xff));
             addByte((byte) (value >> 8 & 0xff));
         }
         /** Adds a ULong to the response */
         protected void addULong(int value) {
             addByte((byte) (value & 0xff));
             addByte((byte) (value >> 8 & 0xff));
             addByte((byte) (value >> 16 & 0xff));
             addByte((byte) (value >> 24 & 0xff));
         }
         /**
          * Returns the response that has been generated after shrinking the
          * array if required and base64 encodes the response.
          *
          * @return The response as above.
          */
         String getResponse() {
             byte[] resp;
             if (messageContents.length > currentOutputPosition) {
                 byte[] tmp = new byte[currentOutputPosition];
                 for (int i = 0; i < currentOutputPosition; i++) {
                     tmp[i] = messageContents[i];
                 }
                 resp = tmp;
             } else {
                 resp = messageContents;
             }
             return EncodingUtils.getAsciiString(Base64.encodeBase64(resp));
         }
     }
     /** Type 1 message assembly class */
     static class Type1Message extends NTLMMessage {
         protected byte[] hostBytes;
         protected byte[] domainBytes;
         /** Constructor. Include the arguments the message will need */
         Type1Message(String domain, String host) throws NTLMEngineException {
             super();
             try {
                 // Strip off domain name from the host!
                 host = convertHost(host);
                 // Use only the base domain name!
                 domain = convertDomain(domain);
                 hostBytes = host.getBytes("UnicodeLittleUnmarked");
                 domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
             } catch (java.io.UnsupportedEncodingException e) {
                 throw new NTLMEngineException("Unicode unsupported: " + e.getMessage(), e);
             }
         }
         /**
          * Getting the response involves building the message before returning
          * it
          */
         @Override
         String getResponse() {
             // Now, build the message. Calculate its length first, including
             // signature or type.
             int finalLength = 32 + hostBytes.length + domainBytes.length;
             // Set up the response. This will initialize the signature, message
             // type, and flags.
             prepareResponse(finalLength, 1);
             // Flags. These are the complete set of flags we support.
             addULong(FLAG_NEGOTIATE_NTLM | FLAG_NEGOTIATE_NTLM2 | FLAG_NEGOTIATE_SIGN
                     | FLAG_NEGOTIATE_SEAL |
                     /*
                      * FLAG_NEGOTIATE_ALWAYS_SIGN | FLAG_NEGOTIATE_KEY_EXCH |
                      */
                     FLAG_UNICODE_ENCODING | FLAG_TARGET_DESIRED | FLAG_NEGOTIATE_128);
             // Domain length (two times).
             addUShort(domainBytes.length);
             addUShort(domainBytes.length);
             // Domain offset.
             addULong(hostBytes.length + 32);
             // Host length (two times).
             addUShort(hostBytes.length);
             addUShort(hostBytes.length);
             // Host offset (always 32).
             addULong(32);
             // Host String.
             addBytes(hostBytes);
             // Domain String.
             addBytes(domainBytes);
             return super.getResponse();
         }
     }
     /** Type 2 message class */
     static class Type2Message extends NTLMMessage {
         protected byte[] challenge;
         protected String target;
         protected byte[] targetInfo;
         protected int flags;
         Type2Message(String message) throws NTLMEngineException {
             super(message, 2);
             // Parse out the rest of the info we need from the message
             // The nonce is the 8 bytes starting from the byte in position 24.
             challenge = new byte[8];
             readBytes(challenge, 24);
             flags = readULong(20);
             if ((flags & FLAG_UNICODE_ENCODING) == 0)
                 throw new NTLMEngineException(
                         "NTLM type 2 message has flags that make no sense: "
                                 + Integer.toString(flags));
             // Do the target!
             target = null;
             // The TARGET_DESIRED flag is said to not have understood semantics
             // in Type2 messages, so use the length of the packet to decide
             // how to proceed instead
             if (getMessageLength() >= 12 + 8) {
                 byte[] bytes = readSecurityBuffer(12);
                 if (bytes.length != 0) {
                     try {
                         target = new String(bytes, "UnicodeLittleUnmarked");
                     } catch (java.io.UnsupportedEncodingException e) {
                         throw new NTLMEngineException(e.getMessage(), e);
                     }
                 }
             }
             // Do the target info!
             targetInfo = null;
             // TARGET_DESIRED flag cannot be relied on, so use packet length
             if (getMessageLength() >= 40 + 8) {
                 byte[] bytes = readSecurityBuffer(40);
                 if (bytes.length != 0) {
                     targetInfo = bytes;
                 }
             }
         }
         /** Retrieve the challenge */
         byte[] getChallenge() {
             return challenge;
         }
         /** Retrieve the target */
         String getTarget() {
             return target;
         }
         /** Retrieve the target info */
         byte[] getTargetInfo() {
             return targetInfo;
         }
         /** Retrieve the response flags */
         int getFlags() {
             return flags;
         }
     }
     /** Type 3 message assembly class */
     static class Type3Message extends NTLMMessage {
         // Response flags from the type2 message
         protected int type2Flags;
         protected byte[] domainBytes;
         protected byte[] hostBytes;
         protected byte[] userBytes;
         protected byte[] lmResp;
         protected byte[] ntResp;
         /** Constructor. Pass the arguments we will need */
         Type3Message(String domain, String host, String user, String password, byte[] nonce,
                 int type2Flags, String target, byte[] targetInformation)
                 throws NTLMEngineException {
             // Save the flags
             this.type2Flags = type2Flags;
             // Strip off domain name from the host!
             host = convertHost(host);
             // Use only the base domain name!
             domain = convertDomain(domain);
             // Use the new code to calculate the responses, including v2 if that
             // seems warranted.
             try {
                 if (targetInformation != null && target != null) {
                     byte[] clientChallenge = makeRandomChallenge();
                     ntResp = getNTLMv2Response(target, user, password, nonce, clientChallenge,
                             targetInformation);
                     lmResp = getLMv2Response(target, user, password, nonce, clientChallenge);
                 } else {
                     if ((type2Flags & FLAG_NEGOTIATE_NTLM2) != 0) {
                         // NTLM2 session stuff is requested
                         byte[] clientChallenge = makeNTLM2RandomChallenge();
                         ntResp = getNTLM2SessionResponse(password, nonce, clientChallenge);
                         lmResp = clientChallenge;
                         // All the other flags we send (signing, sealing, key
                         // exchange) are supported, but they don't do anything
                         // at all in an
                         // NTLM2 context! So we're done at this point.
                     } else {
                         ntResp = getNTLMResponse(password, nonce);
                         lmResp = getLMResponse(password, nonce);
                     }
                 }
             } catch (NTLMEngineException e) {
                 // This likely means we couldn't find the MD4 hash algorithm -
                 // fail back to just using LM
                 ntResp = new byte[0];
                 lmResp = getLMResponse(password, nonce);
             }
             try {
                 domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
                 hostBytes = host.getBytes("UnicodeLittleUnmarked");
                 userBytes = user.getBytes("UnicodeLittleUnmarked");
             } catch (java.io.UnsupportedEncodingException e) {
                 throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
             }
         }
         /** Assemble the response */
         @Override
         String getResponse() {
             int ntRespLen = ntResp.length;
             int lmRespLen = lmResp.length;
             int domainLen = domainBytes.length;
             int hostLen = hostBytes.length;
             int userLen = userBytes.length;
             // Calculate the layout within the packet
             int lmRespOffset = 64;
             int ntRespOffset = lmRespOffset + lmRespLen;
             int domainOffset = ntRespOffset + ntRespLen;
             int userOffset = domainOffset + domainLen;
             int hostOffset = userOffset + userLen;
             int sessionKeyOffset = hostOffset + hostLen;
             int finalLength = sessionKeyOffset + 0;
             // Start the response. Length includes signature and type
             prepareResponse(finalLength, 3);
             // LM Resp Length (twice)
             addUShort(lmRespLen);
             addUShort(lmRespLen);
             // LM Resp Offset
             addULong(lmRespOffset);
             // NT Resp Length (twice)
             addUShort(ntRespLen);
             addUShort(ntRespLen);
             // NT Resp Offset
             addULong(ntRespOffset);
             // Domain length (twice)
             addUShort(domainLen);
             addUShort(domainLen);
             // Domain offset.
             addULong(domainOffset);
             // User Length (twice)
             addUShort(userLen);
             addUShort(userLen);
             // User offset
             addULong(userOffset);
             // Host length (twice)
             addUShort(hostLen);
             addUShort(hostLen);
             // Host offset
             addULong(hostOffset);
             // 4 bytes of zeros - not sure what this is
             addULong(0);
             // Message length
             addULong(finalLength);
             // Flags. Currently: NEGOTIATE_NTLM + UNICODE_ENCODING +
             // TARGET_DESIRED + NEGOTIATE_128
             addULong(FLAG_NEGOTIATE_NTLM | FLAG_UNICODE_ENCODING | FLAG_TARGET_DESIRED
                     | FLAG_NEGOTIATE_128 | (type2Flags & FLAG_NEGOTIATE_NTLM2)
                     | (type2Flags & FLAG_NEGOTIATE_SIGN) | (type2Flags & FLAG_NEGOTIATE_SEAL)
                     | (type2Flags & FLAG_NEGOTIATE_KEY_EXCH)
                     | (type2Flags & FLAG_NEGOTIATE_ALWAYS_SIGN));
             // Add the actual data
             addBytes(lmResp);
             addBytes(ntResp);
             addBytes(domainBytes);
             addBytes(userBytes);
             addBytes(hostBytes);
             return super.getResponse();
         }
     }
     static void writeULong(byte[] buffer, int value, int offset) {
         buffer[offset] = (byte) (value & 0xff);
         buffer[offset + 1] = (byte) (value >> 8 & 0xff);
         buffer[offset + 2] = (byte) (value >> 16 & 0xff);
         buffer[offset + 3] = (byte) (value >> 24 & 0xff);
     }
     static int F(int x, int y, int z) {
         return ((x & y) | (~x & z));
     }
     static int G(int x, int y, int z) {
         return ((x & y) | (x & z) | (y & z));
     }
     static int H(int x, int y, int z) {
         return (x ^ y ^ z);
     }
     static int rotintlft(int val, int numbits) {
         return ((val << numbits) | (val >>> (32 - numbits)));
     }
     /**
      * Cryptography support - MD4. The following class was based loosely on the
      * RFC and on code found at http://www.cs.umd.edu/~harry/jotp/src/md.java.
      * Code correctness was verified by looking at MD4.java from the jcifs
      * library (http://jcifs.samba.org). It was massaged extensively to the
      * final form found here by Karl Wright (kwright@metacarta.com).
      */
     static class MD4 {
         protected int A = 0x67452301;
         protected int B = 0xefcdab89;
         protected int C = 0x98badcfe;
         protected int D = 0x10325476;
         protected long count = 0L;
         protected byte[] dataBuffer = new byte[64];
         MD4() {
         }
         void update(byte[] input) {
             // We always deal with 512 bits at a time. Correspondingly, there is
             // a buffer 64 bytes long that we write data into until it gets
             // full.
             int curBufferPos = (int) (count & 63L);
             int inputIndex = 0;
             while (input.length - inputIndex + curBufferPos >= dataBuffer.length) {
                 // We have enough data to do the next step. Do a partial copy
                 // and a transform, updating inputIndex and curBufferPos
                 // accordingly
                 int transferAmt = dataBuffer.length - curBufferPos;
                 System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
                 count += transferAmt;
                 curBufferPos = 0;
                 inputIndex += transferAmt;
                 processBuffer();
             }
             // If there's anything left, copy it into the buffer and leave it.
             // We know there's not enough left to process.
             if (inputIndex < input.length) {
                 int transferAmt = input.length - inputIndex;
                 System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
                 count += transferAmt;
                 curBufferPos += transferAmt;
             }
         }
         byte[] getOutput() {
             // Feed pad/length data into engine. This must round out the input
             // to a multiple of 512 bits.
             int bufferIndex = (int) (count & 63L);
             int padLen = (bufferIndex < 56) ? (56 - bufferIndex) : (120 - bufferIndex);
             byte[] postBytes = new byte[padLen + 8];
             // Leading 0x80, specified amount of zero padding, then length in
             // bits.
             postBytes[0] = (byte) 0x80;
             // Fill out the last 8 bytes with the length
             for (int i = 0; i < 8; i++) {
                 postBytes[padLen + i] = (byte) ((count * 8) >>> (8 * i));
             }
             // Update the engine
             update(postBytes);
             // Calculate final result
             byte[] result = new byte[16];
             writeULong(result, A, 0);
             writeULong(result, B, 4);
             writeULong(result, C, 8);
             writeULong(result, D, 12);
             return result;
         }
         protected void processBuffer() {
             // Convert current buffer to 16 ulongs
             int[] d = new int[16];
             for (int i = 0; i < 16; i++) {
                 d[i] = (dataBuffer[i * 4] & 0xff) + ((dataBuffer[i * 4 + 1] & 0xff) << 8)
                         + ((dataBuffer[i * 4 + 2] & 0xff) << 16)
                         + ((dataBuffer[i * 4 + 3] & 0xff) << 24);
             }
             // Do a round of processing
             int AA = A;
             int BB = B;
             int CC = C;
             int DD = D;
             round1(d);
             round2(d);
             round3(d);
             A += AA;
             B += BB;
             C += CC;
             D += DD;
         }
         protected void round1(int[] d) {
             A = rotintlft((A + F(B, C, D) + d[0]), 3);
             D = rotintlft((D + F(A, B, C) + d[1]), 7);
             C = rotintlft((C + F(D, A, B) + d[2]), 11);
             B = rotintlft((B + F(C, D, A) + d[3]), 19);
             A = rotintlft((A + F(B, C, D) + d[4]), 3);
             D = rotintlft((D + F(A, B, C) + d[5]), 7);
             C = rotintlft((C + F(D, A, B) + d[6]), 11);
             B = rotintlft((B + F(C, D, A) + d[7]), 19);
             A = rotintlft((A + F(B, C, D) + d[8]), 3);
             D = rotintlft((D + F(A, B, C) + d[9]), 7);
             C = rotintlft((C + F(D, A, B) + d[10]), 11);
             B = rotintlft((B + F(C, D, A) + d[11]), 19);
             A = rotintlft((A + F(B, C, D) + d[12]), 3);
             D = rotintlft((D + F(A, B, C) + d[13]), 7);
             C = rotintlft((C + F(D, A, B) + d[14]), 11);
             B = rotintlft((B + F(C, D, A) + d[15]), 19);
         }
         protected void round2(int[] d) {
             A = rotintlft((A + G(B, C, D) + d[0] + 0x5a827999), 3);
             D = rotintlft((D + G(A, B, C) + d[4] + 0x5a827999), 5);
             C = rotintlft((C + G(D, A, B) + d[8] + 0x5a827999), 9);
             B = rotintlft((B + G(C, D, A) + d[12] + 0x5a827999), 13);
             A = rotintlft((A + G(B, C, D) + d[1] + 0x5a827999), 3);
             D = rotintlft((D + G(A, B, C) + d[5] + 0x5a827999), 5);
             C = rotintlft((C + G(D, A, B) + d[9] + 0x5a827999), 9);
             B = rotintlft((B + G(C, D, A) + d[13] + 0x5a827999), 13);
             A = rotintlft((A + G(B, C, D) + d[2] + 0x5a827999), 3);
             D = rotintlft((D + G(A, B, C) + d[6] + 0x5a827999), 5);
             C = rotintlft((C + G(D, A, B) + d[10] + 0x5a827999), 9);
             B = rotintlft((B + G(C, D, A) + d[14] + 0x5a827999), 13);
             A = rotintlft((A + G(B, C, D) + d[3] + 0x5a827999), 3);
             D = rotintlft((D + G(A, B, C) + d[7] + 0x5a827999), 5);
             C = rotintlft((C + G(D, A, B) + d[11] + 0x5a827999), 9);
             B = rotintlft((B + G(C, D, A) + d[15] + 0x5a827999), 13);
         }
         protected void round3(int[] d) {
             A = rotintlft((A + H(B, C, D) + d[0] + 0x6ed9eba1), 3);
             D = rotintlft((D + H(A, B, C) + d[8] + 0x6ed9eba1), 9);
             C = rotintlft((C + H(D, A, B) + d[4] + 0x6ed9eba1), 11);
             B = rotintlft((B + H(C, D, A) + d[12] + 0x6ed9eba1), 15);
             A = rotintlft((A + H(B, C, D) + d[2] + 0x6ed9eba1), 3);
             D = rotintlft((D + H(A, B, C) + d[10] + 0x6ed9eba1), 9);
             C = rotintlft((C + H(D, A, B) + d[6] + 0x6ed9eba1), 11);
             B = rotintlft((B + H(C, D, A) + d[14] + 0x6ed9eba1), 15);
             A = rotintlft((A + H(B, C, D) + d[1] + 0x6ed9eba1), 3);
             D = rotintlft((D + H(A, B, C) + d[9] + 0x6ed9eba1), 9);
             C = rotintlft((C + H(D, A, B) + d[5] + 0x6ed9eba1), 11);
             B = rotintlft((B + H(C, D, A) + d[13] + 0x6ed9eba1), 15);
             A = rotintlft((A + H(B, C, D) + d[3] + 0x6ed9eba1), 3);
             D = rotintlft((D + H(A, B, C) + d[11] + 0x6ed9eba1), 9);
             C = rotintlft((C + H(D, A, B) + d[7] + 0x6ed9eba1), 11);
             B = rotintlft((B + H(C, D, A) + d[15] + 0x6ed9eba1), 15);
         }
     }
     /**
      * Cryptography support - HMACMD5 - algorithmically based on various web
      * resources by Karl Wright
      */
     static class HMACMD5 {
         protected byte[] ipad;
         protected byte[] opad;
         protected MessageDigest md5;
         HMACMD5(byte[] key) throws NTLMEngineException {
             try {
                 md5 = MessageDigest.getInstance("MD5");
             } catch (Exception ex) {
                 // Umm, the algorithm doesn't exist - throw an
                 // NTLMEngineException!
                 throw new NTLMEngineException(
                         "Error getting md5 message digest implementation: " + ex.getMessage(), ex);
             }
             // Initialize the pad buffers with the key
             ipad = new byte[64];
             opad = new byte[64];
             int keyLength = key.length;
             if (keyLength > 64) {
                 // Use MD5 of the key instead, as described in RFC 2104
                 md5.update(key);
                 key = md5.digest();
                 keyLength = key.length;
             }
             int i = 0;
             while (i < keyLength) {
                 ipad[i] = (byte) (key[i] ^ (byte) 0x36);
                 opad[i] = (byte) (key[i] ^ (byte) 0x5c);
                 i++;
             }
             while (i < 64) {
                 ipad[i] = (byte) 0x36;
                 opad[i] = (byte) 0x5c;
                 i++;
             }
             // Very important: update the digest with the ipad buffer
             md5.reset();
             md5.update(ipad);
         }
         /** Grab the current digest. This is the "answer". */
         byte[] getOutput() {
             byte[] digest = md5.digest();
             md5.update(opad);
             return md5.digest(digest);
         }
         /** Update by adding a complete array */
         void update(byte[] input) {
             md5.update(input);
         }
         /** Update the algorithm */
         void update(byte[] input, int offset, int length) {
             md5.update(input, offset, length);
         }
     }
     public String generateType1Msg(
             final String domain,
             final String workstation) throws NTLMEngineException {
         return getType1Message(workstation, domain);
     }
     public String generateType3Msg(
             final String username,
             final String password,
             final String domain,
             final String workstation,
             final String challenge) throws NTLMEngineException {
         Type2Message t2m = new Type2Message(challenge);
         return getType3Message(
                 username,
                 password,
                 workstation,
                 domain,
                 t2m.getChallenge(),
                 t2m.getFlags(),
                 t2m.getTarget(),
                 t2m.getTargetInfo());
     }
 }

The Tor Browser / annotate

mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/auth/NTLMEngineImpl.java@fc2d59ddac77 (annotated)

mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/auth/NTLMEngineImpl.java