/**
* Calculates a response to a server challenge for a given credential hash.
*
* @param HashCredentialInterface $hash_credential The authentication
* credential hash to compute the response for.
* @param string $data The binary string containing the previously
* calculated data to encrypt, depending on the session strategy.
* @return string The calculated challenge response data as a binary string.
*/
public function calculateChallengeResponseData(HashCredentialInterface $hash_credential, $data)
{
// Nul pad the credential hash to the full key size
$padded_hash = str_pad($hash_credential->getValue(), static::DESL_FULL_KEY_LENGTH, static::NULL_PAD_CHARACTER);
$key_blocks = str_split($padded_hash, static::DESL_KEY_BLOCK_SEGMENT_LENGTH);
$binary_data = array_reduce($key_blocks, function ($result, $key_block) use($data) {
return $result . $this->des_encrypter->encrypt($key_block, $data, CipherMode::ECB, '');
}, '');
return $binary_data;
}
/**
* Calculates the NT "proof" string (known as "NtProofStr" in the official
* documentation).
*
* @param HashCredentialInterface $hash_credential The user's authentication
* NT hash credential.
* @param string $server_challenge_nonce The 64-bit (8-byte) unsigned
* server-sent "nonce" (number used once) represented as a binary string.
* @param string $blob The binary encoded "blob" string.
* @return string The calculated NT "proof" string as a binary string.
*/
public function calculateNtProofString(HashCredentialInterface $hash_credential, $server_challenge_nonce, $blob)
{
$data_to_hash = $server_challenge_nonce . $blob;
$keyed_hasher = $this->crypt_hasher_factory->build(static::KEYED_HASHER_ALGORITHM, $hash_credential->getValue());
return $keyed_hasher->update($data_to_hash)->digest();
}
