Merge pull request #21 from jlee-r7/feature/surface-exported-session-key

zenchild · zenchild · commit 9d2e57ee0bb2 · 2015-06-17T18:10:06.000-05:00
Make the session key available to clients
diff --git a/lib/net/ntlm/client.rb b/lib/net/ntlm/client.rb
@@ -42,6 +42,10 @@ def session
         @session
       end
 
+      def session_key
+        @session.exported_session_key
+      end
+
       private
 
       # @return [Message::Type1]
diff --git a/lib/net/ntlm/client/session.rb b/lib/net/ntlm/client/session.rb
@@ -38,13 +38,24 @@ def authenticate!
           rc4 = OpenSSL::Cipher::Cipher.new("rc4")
           rc4.encrypt
           rc4.key = user_session_key
-          sk = rc4.update master_key
+          sk = rc4.update exported_session_key
           sk << rc4.final
           t3.session_key = sk
         end
         t3
       end
 
+      def exported_session_key
+        @exported_session_key ||=
+          begin
+            if negotiate_key_exchange?
+              OpenSSL::Cipher.new("rc4").random_key
+            else
+              user_session_key
+            end
+          end
+      end
+
       def sign_message(message)
         seq = sequence
         sig = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, client_sign_key, "#{seq}#{message}")[0..7]
@@ -75,24 +86,13 @@ def unseal_message(emessage)
         message + server_cipher.final
       end
 
-
       private
 
 
       def user_session_key
         @user_session_key ||=  nil
       end
 
-      def master_key
-        @master_key ||= begin
-                          if negotiate_key_exchange?
-                            OpenSSL::Cipher.new("rc4").random_key
-                          else
-                            user_session_key
-                          end
-                        end
-      end
-
       def sequence
         [raw_sequence].pack("V*")
       end
@@ -106,19 +106,19 @@ def raw_sequence
       end
 
       def client_sign_key
-        @client_sign_key ||= OpenSSL::Digest::MD5.digest "#{master_key}#{CLIENT_TO_SERVER_SIGNING}"
+        @client_sign_key ||= OpenSSL::Digest::MD5.digest "#{exported_session_key}#{CLIENT_TO_SERVER_SIGNING}"
       end
 
       def server_sign_key
-        @server_sign_key ||= OpenSSL::Digest::MD5.digest "#{master_key}#{SERVER_TO_CLIENT_SIGNING}"
+        @server_sign_key ||= OpenSSL::Digest::MD5.digest "#{exported_session_key}#{SERVER_TO_CLIENT_SIGNING}"
       end
 
       def client_seal_key
-        @client_seal_key ||= OpenSSL::Digest::MD5.digest "#{master_key}#{CLIENT_TO_SERVER_SEALING}"
+        @client_seal_key ||= OpenSSL::Digest::MD5.digest "#{exported_session_key}#{CLIENT_TO_SERVER_SEALING}"
       end
 
       def server_seal_key
-        @server_seal_key ||= OpenSSL::Digest::MD5.digest "#{master_key}#{SERVER_TO_CLIENT_SEALING}"
+        @server_seal_key ||= OpenSSL::Digest::MD5.digest "#{exported_session_key}#{SERVER_TO_CLIENT_SEALING}"
       end
 
       def client_cipher
diff --git a/spec/lib/net/ntlm/client/session_spec.rb b/spec/lib/net/ntlm/client/session_spec.rb
@@ -51,17 +51,17 @@
     end
   end
 
-  describe "#master_key" do
+  describe "#exported_session_key" do
     it "returns a random 16-byte key when negotiate_key_exchange? is true" do
       expect(inst).to receive(:negotiate_key_exchange?).and_return(true)
       expect(inst).not_to receive(:user_session_key)
-      inst.send :master_key
+      inst.exported_session_key
     end
 
     it "returns the user_session_key when negotiate_key_exchange? is false" do
       expect(inst).to receive(:negotiate_key_exchange?).and_return(false)
       expect(inst).to receive(:user_session_key).and_return(user_session_key)
-      inst.send :master_key
+      inst.exported_session_key
     end
   end
 
