Skip to main content

NtlmSession

Struct NtlmSession

pub struct NtlmSession { /* private fields */ }

Expand description

NTLM session state for message encryption/decryption after authentication.

Derived from the NTLMv2 authentication exchange per MS-NLMP section 3.4.4. Provides seal (encrypt+sign) and unseal (decrypt+verify) for WinRM message-level encryption over HTTP.

§Usage

After completing the NTLM handshake with create_authenticate_message_with_key, use the returned exported session key to create an NtlmSession:

let (type3_msg, session_key) = create_authenticate_message_with_key(...);
let mut session = NtlmSession::from_auth(&session_key);
let sealed = session.seal(b"plaintext payload");

The actual integration into the HTTP transport (MIME multipart framing for encrypted payloads) is deferred to a future release.

Implementations§

impl NtlmSession

pub fn from_auth(exported_session_key: &[u8; 16]) -> Self

Derive a session from the exported session key produced during the NTLMv2 authentication exchange.

Computes the four session keys (client/server seal/sign) per MS-NLMP section 3.4.4 and initializes the RC4 cipher handles.

pub fn seal(&mut self, plaintext: &[u8]) -> Vec<u8> ⓘ

Seal (encrypt + sign) a message for sending to the server.

Returns signature (16 bytes) || ciphertext. The signature contains:

Version (4 bytes, always 1)
Encrypted HMAC-MD5 checksum (8 bytes)
Sequence number (4 bytes, little-endian)

pub fn sign(&mut self, data: &[u8]) -> [u8; 16]

Compute an NTLM signature over data (no encryption of payload). Returns the 16-byte NTLMSSP_MESSAGE_SIGNATURE per MS-NLMP 3.4.4.1 (with extended session security + key exchange). Consumes 8 bytes of the client RC4 keystream and increments the client sequence number.

pub fn unseal(&mut self, sealed: &[u8]) -> Result<Vec<u8>, NtlmError>

Unseal (decrypt + verify) a message received from the server.

Expects sealed to be signature (16 bytes) || ciphertext. Verifies the signature version and sequence number. Returns the decrypted plaintext.

§Errors

Returns NtlmError::InvalidMessage if:

The message is shorter than 16 bytes
The signature version is not 1
The sequence number does not match the expected value
The HMAC-MD5 checksum does not match the expected value

Auto Trait Implementations§

impl Freeze for NtlmSession

impl RefUnwindSafe for NtlmSession

impl Send for NtlmSession

impl Sync for NtlmSession

impl Unpin for NtlmSession

impl UnsafeUnpin for NtlmSession

impl UnwindSafe for NtlmSession

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more