3.4.5.1 KXKEY

If NTLM v1 is used and extended session security is not negotiated, the 128-bit key exchange key value is calculated as follows:

 -- Input:     
 --   SessionBaseKey - A session key calculated from the user's
      password.
 --   LmChallengeResponse - The LM response to the server challenge.
      Computed by the client. 
 --   NegFlg - Defined in section 3.1.1.
 --
 -- Output:     
 --   KeyExchangeKey - The Key Exchange Key. 
 --
 -- Functions used: 
 --   ConcatenationOf() - Defined in Section 6.
 --   DES() - Defined in Section 6.
  
 Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
 If ( NTLMSSP_NEGOTIATE_LMKEY flag is set in NegFlg) 
      Set KeyExchangeKey to ConcatenationOf(DES(LMOWF[0..6],
      LmChallengeResponse[0..7]), 
      DES(ConcatenationOf(LMOWF[7], 0xBDBDBDBDBDBD),  
      LmChallengeResponse[0..7]))  
 Else
      If ( NTLMSSP_REQUEST_NON_NT_SESSION_KEY flag is set in NegFlg) 
         Set KeyExchangeKey to ConcatenationOf(LMOWF[0..7], Z(8)), 
      Else
         Set KeyExchangeKey to SessionBaseKey
      Endif
 Endif
 EndDefine

If NTLM v1 is used and extended session security is negotiated, the key exchange key value is calculated as follows:

 -- Input:     
 --   SessionBaseKey - A session key calculated from the user's
      password.
 --   ServerChallenge - The 8-byte challenge message
      generated by the server. 
 --   LmChallengeResponse - The LM response to the server challenge.
      Computed by the client. 
 --
 -- Output:     
 --   KeyExchangeKey - The Key Exchange Key. 
 --
 -- Functions used: 
 --   ConcatenationOf() - Defined in Section 6.
 --   HMAC_MD5() - Defined in Section 6.
  
 Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
      Set KeyExchangeKey to HMAC_MD5(SessionBaseKey, ConcatenationOf(ServerChallenge, LmChallengeResponse [0..7]))
 EndDefine

If NTLM v2 is used, KeyExchangeKey MUST be set to the given 128-bit SessionBaseKey value.