125 lines
2.8 KiB
Go
125 lines
2.8 KiB
Go
package passwd
|
|
|
|
import (
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"unicode/utf16"
|
|
"unicode/utf8"
|
|
|
|
"golang.org/x/crypto/md4"
|
|
)
|
|
|
|
type NTHash struct {
|
|
Passwd
|
|
}
|
|
|
|
// Make NTHash password interface.
|
|
func NewNTPasswd() PasswdInterface {
|
|
m := new(NTHash)
|
|
m.Magic = NT_HASH_MAGIC
|
|
// NT hashes has no salt, so we disable it.
|
|
m.SaltLength = -1
|
|
// Set the interface to allow parents to call overriden functions.
|
|
m.i = m
|
|
return m
|
|
}
|
|
|
|
// Encode UTF-8 bytes to UCS-2LE bytes.
|
|
// The NT hash uses UCS-2LE, so we need to convert for compatibility.
|
|
func (a *NTHash) UTF8ToUCS2LE(src []byte) []byte {
|
|
// If there is no source data, return nil.
|
|
if len(src) == 0 {
|
|
return nil
|
|
}
|
|
|
|
// Convert bytes to UTF-8 runes.
|
|
var runes []rune
|
|
for len(src) > 0 {
|
|
r, size := utf8.DecodeRune(src)
|
|
runes = append(runes, r)
|
|
src = src[size:]
|
|
}
|
|
|
|
// Re-encode UTF-8 to UTF-16.
|
|
u := utf16.Encode(runes)
|
|
|
|
// Setup new byte array to match length of UCS-2LE.
|
|
dst := make([]byte, len(u)*2)
|
|
|
|
// Index for inserting new bytes.
|
|
i := 0
|
|
|
|
// Convert each UTF-16 byte to UCS-2LE.
|
|
for _, r := range u {
|
|
binary.LittleEndian.PutUint16(dst[i:], r)
|
|
i += 2
|
|
}
|
|
return dst
|
|
}
|
|
|
|
// Hash an NT compatible hash.
|
|
func (a *NTHash) Hash(password []byte) (hash []byte) {
|
|
// Convert to UCS-2.
|
|
ucsPw := a.UTF8ToUCS2LE(password)
|
|
|
|
// Encoe MD4 hash with UCS-2LE bytes.
|
|
h := md4.New()
|
|
h.Write(ucsPw)
|
|
buf := h.Sum(nil)
|
|
|
|
// Hex encode MD4 hash.
|
|
dst := make([]byte, hex.EncodedLen(len(buf)))
|
|
hex.Encode(dst, buf)
|
|
|
|
// Make crypt compatible hash from encoded hash.
|
|
hash = append([]byte(a.Magic), '$')
|
|
hash = append(hash, dst...)
|
|
return
|
|
}
|
|
|
|
// Override the hash with salt function with one that encodes the NT hash, ignoring the salt.
|
|
func (a *NTHash) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
|
|
hash = a.Hash(password)
|
|
return
|
|
}
|
|
|
|
// Hash an password using default parameters with NT.
|
|
func HashNTPassword(password []byte) (hash []byte, err error) {
|
|
passwd := NewNTPasswd()
|
|
hash, err = passwd.HashPassword(password)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password with salt using default parameters with NT.
|
|
func HashNTPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
|
|
passwd := NewNTPasswd()
|
|
hash, err = passwd.HashPasswordWithSalt(password, salt)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password string using default parameters with NT.
|
|
func SHashNTPassword(password string) (hash string, err error) {
|
|
passwd := NewNTPasswd()
|
|
hash, err = passwd.SHashPassword(password)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password string with salt using default parameters with NT.
|
|
func SHashNTPasswordWithSalt(password string, salt string) (hash string, err error) {
|
|
passwd := NewNTPasswd()
|
|
hash, err = passwd.SHashPasswordWithSalt(salt, salt)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|