private KrbKdcDHKeyInfo ValidateDHReply(KrbPaPkAsRep pkRep)
{
var signed = new SignedCms();
signed.Decode(pkRep.DHInfo.DHSignedData.ToArray());
VerifyKdcSignature(signed);
return(KrbKdcDHKeyInfo.Decode(signed.ContentInfo.Content));
}
public void ParsePaPkAsRep_SignedDHRep()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
SignedCms signed = new SignedCms();
signed.Decode(asrep.DHInfo.DHSignedData.ToArray());
signed.CheckSignature(verifySignatureOnly: true);
}
public void ParsePaPkAsRep_SignedDHRep_KDCDHKeyInfo()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
SignedCms signed = new SignedCms();
signed.Decode(asrep.DHInfo.DHSignedData.ToArray());
signed.CheckSignature(verifySignatureOnly: true);
KrbKdcDHKeyInfo keyInfo = KrbKdcDHKeyInfo.Decode(signed.ContentInfo.Content);
Assert.IsNotNull(keyInfo);
}
private ReadOnlyMemory <byte> DeriveDHKeyAgreement(KrbKdcRep kdcRep, KrbPaPkAsRep pkRep)
{
var dhKeyInfo = ValidateDHReply(pkRep);
var kdcPublicKey = DiffieHellmanKey.ParsePublicKey(dhKeyInfo.SubjectPublicKey, agreement.PublicKey.KeyLength);
agreement.ImportPartnerKey(kdcPublicKey);
var derivedKey = agreement.GenerateAgreement();
ReadOnlySpan <byte> serverDHNonce = default;
if (pkRep.DHInfo.ServerDHNonce.HasValue)
{
serverDHNonce = pkRep.DHInfo.ServerDHNonce.Value.Span;
}
var transform = CryptoService.CreateTransform(kdcRep.EncPart.EType);
return(PKInitString2Key.String2Key(derivedKey.Span, transform.KeySize, clientDHNonce.Span, serverDHNonce));
}
/// <summary>
/// Decrypts the response from the KDC using credential-supplied secrets.
/// </summary>
/// <typeparam name="T">The return type</typeparam>
/// <param name="kdcRep">The response from the KDC to decrypt</param>
/// <param name="keyUsage">The KeyUsage salt used to decrypt the response</param>
/// <param name="func">The parsing function to process the decrypted response</param>
/// <returns>Returns <typeparamref name="T"/> after decryption</returns>
public override T DecryptKdcRep <T>(KrbKdcRep kdcRep, KeyUsage keyUsage, Func <ReadOnlyMemory <byte>, T> func)
{
var paPkRep = kdcRep?.PaData?.FirstOrDefault(a => a.Type == PaDataType.PA_PK_AS_REP);
if (paPkRep == null)
{
throw new KerberosProtocolException("PA-Data doesn't contain PA-PK-AS-REP");
}
var pkRep = KrbPaPkAsRep.Decode(paPkRep.Value);
if (pkRep.DHInfo != null)
{
sharedSecret = DeriveDHKeyAgreement(kdcRep, pkRep);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
return(base.DecryptKdcRep(kdcRep, keyUsage, func));
}
public override async Task <KrbPaData> Validate(KrbKdcReq asReq, PreAuthenticationContext preauth)
{
var paPk = asReq.PaData.FirstOrDefault(p => p.Type == PaDataType.PA_PK_AS_REQ);
if (paPk == null)
{
return(null);
}
var pkreq = KrbPaPkAsReq.Decode(paPk.Value);
var authPack = await ValidateAuthPack(preauth.Principal, pkreq);
ValidateAuthenticator(authPack.PKAuthenticator, asReq.Body);
var requestAlg = authPack.ClientPublicValue?.Algorithm?.Algorithm;
IKeyAgreement agreement;
if (requestAlg?.Value == EllipticCurveDiffieHellman.Value)
{
agreement = FromEllipticCurveDomainParameters(authPack.ClientPublicValue);
}
else if (requestAlg?.Value == DiffieHellman.Value)
{
agreement = await FromDiffieHellmanDomainParametersAsync(authPack.ClientPublicValue);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
var derivedKey = agreement.GenerateAgreement();
var etype = asReq.Body.EType.First();
var transform = CryptoService.CreateTransform(etype);
ReadOnlyMemory <byte> clientDHNonce = authPack.ClientDHNonce.GetValueOrDefault();
ReadOnlyMemory <byte> serverDHNonce = default;
if (clientDHNonce.Length > 0)
{
serverDHNonce = transform.GenerateRandomBytes(agreement.PublicKey.KeyLength);
await Service.Principals.CacheKey(agreement.PrivateKey);
}
var keyInfo = new KrbKdcDHKeyInfo {
SubjectPublicKey = agreement.PublicKey.EncodePublicKey()
};
if (agreement.PublicKey.CacheExpiry.HasValue)
{
keyInfo.DHKeyExpiration = agreement.PublicKey.CacheExpiry;
keyInfo.Nonce = authPack.PKAuthenticator.Nonce;
}
var sessionKey = PKInitString2Key.String2Key(
derivedKey.Span,
transform.KeySize,
clientDHNonce.Span,
serverDHNonce.Span
);
var paPkRep = new KrbPaPkAsRep
{
DHInfo = new KrbDHReplyInfo
{
DHSignedData = await SignDHResponseAsync(keyInfo),
ServerDHNonce = serverDHNonce
}
};
preauth.PaData = new[]
{
new KrbPaData
{
Type = PaDataType.PA_PK_AS_REP,
Value = paPkRep.Encode()
}
};
preauth.EncryptedPartKey = new KerberosKey(key: sessionKey.ToArray(), etype: etype);
return(null);
}
public override KrbPaData Validate(KrbKdcReq asReq, PreAuthenticationContext preauth)
{
if (asReq == null)
{
throw new ArgumentNullException(nameof(asReq));
}
if (preauth == null)
{
throw new ArgumentNullException(nameof(preauth));
}
if (!preauth.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState) ||
!(paState is PkInitState state))
{
return(null);
}
var authPack = ValidateAuthPack(preauth, state);
this.ValidateAuthenticator(authPack.PKAuthenticator, asReq.Body);
var requestAlg = authPack.ClientPublicValue?.Algorithm?.Algorithm;
IKeyAgreement agreement;
if (requestAlg?.Value == EllipticCurveDiffieHellman.Value)
{
agreement = this.FromEllipticCurveDomainParameters(authPack.ClientPublicValue);
}
else if (requestAlg?.Value == DiffieHellman.Value)
{
agreement = this.FromDiffieHellmanDomainParameters(authPack.ClientPublicValue);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
var derivedKey = agreement.GenerateAgreement();
var preferredEType = GetPreferredEType(
asReq.Body.EType,
this.Service.Configuration.Defaults.PermittedEncryptionTypes,
this.Service.Configuration.Defaults.AllowWeakCrypto
);
if (preferredEType is null)
{
throw new InvalidOperationException("Cannot find a common EType");
}
var etype = preferredEType.Value;
var transform = CryptoService.CreateTransform(etype);
ReadOnlyMemory <byte> clientDHNonce = authPack.ClientDHNonce.GetValueOrDefault();
ReadOnlyMemory <byte> serverDHNonce = default;
if (clientDHNonce.Length > 0)
{
serverDHNonce = transform.GenerateRandomBytes(agreement.PublicKey.KeyLength);
this.Service.Principals.CacheKey(agreement.PrivateKey);
}
var keyInfo = new KrbKdcDHKeyInfo {
SubjectPublicKey = agreement.PublicKey.EncodePublicKey()
};
if (agreement.PublicKey.CacheExpiry.HasValue)
{
keyInfo.DHKeyExpiration = agreement.PublicKey.CacheExpiry;
keyInfo.Nonce = authPack.PKAuthenticator.Nonce;
}
var sessionKey = PKInitString2Key.String2Key(
derivedKey.Span,
transform.KeySize,
clientDHNonce.Span,
serverDHNonce.Span
);
var paPkRep = new KrbPaPkAsRep
{
DHInfo = new KrbDHReplyInfo
{
DHSignedData = this.SignDHResponse(keyInfo),
ServerDHNonce = serverDHNonce
}
};
preauth.PaData = new[]
{
new KrbPaData
{
Type = PaDataType.PA_PK_AS_REP,
Value = paPkRep.Encode()
}
};
preauth.EncryptedPartKey = new KerberosKey(key: sessionKey.ToArray(), etype: etype);
preauth.ClientAuthority = PaDataType.PA_PK_AS_REQ;
return(null);
}
public void ParsePaPkAsRep()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
}
