/// <summary>
        /// Update session key according to section 5.3.7 Session Key Updates.
        /// </summary>
        internal void UpdateSessionKey()
            if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT ||
                encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT ||
                encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT)
                currentClientEncryptKey = UpdateKey(initialClientEncryptKey,

                currentClientDecryptKey = UpdateKey(initialClientDecryptKey,

                currentServerEncryptKey = UpdateKey(initialServerEncryptKey,

                currentServerDecryptKey = UpdateKey(initialServerDecryptKey,

                RC4 rc4Enc = RC4.Create();
                rc4Encrypt       = rc4Enc.CreateEncryptor(currentClientEncryptKey, null);
                rc4EncryptServer = rc4Enc.CreateEncryptor(currentServerEncryptKey, null);

                RC4 rc4Dec = RC4.Create();
                rc4Decrypt       = rc4Dec.CreateDecryptor(currentClientDecryptKey, null);
                rc4DecryptServer = rc4Dec.CreateDecryptor(currentServerDecryptKey, null);
            // else in other cases we don't need to update session key
        public static _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB CreateTrustedDomainAuthorizedBlob(
            _LSAPR_AUTH_INFORMATION[] currentOutgoingAuthInfos,
            _LSAPR_AUTH_INFORMATION[] previousOutgoingAuthInfos,
            _LSAPR_AUTH_INFORMATION[] currentIncomingAuthInfos,
            _LSAPR_AUTH_INFORMATION[] previousIncomingAuthInfos,
            byte[] sessionKey)
            LsaTrustedDomainAuthBlob        blob   = new LsaTrustedDomainAuthBlob();
            Random random = new Random();

            blob.randomData = new byte[BLOB_AUTH_RANDOM_LENGTH]; //leads with 512 bytes of random data
            blob.CurrentOutgoingAuthInfos  = MarshalAuthInfos(currentOutgoingAuthInfos);
            blob.PreviousOutgoingAuthInfos = MarshalAuthInfos(previousOutgoingAuthInfos);
            blob.CurrentIncomingAuthInfos  = MarshalAuthInfos(currentIncomingAuthInfos);
            blob.PreviousIncomingAuthInfos = MarshalAuthInfos(previousIncomingAuthInfos);

            blob.CountOutgoingAuthInfos = (uint)(currentOutgoingAuthInfos == null ? 0 : currentOutgoingAuthInfos.Length);
            //blob.ByteOffsetCurrentOutgoingAuthInfo is the sum of sizeof CountOutgoingAuthInfos,
            //sizeof ByteOffsetCurrentOutgoingAuthInfo ,sizeof ByteOffsetCurrentOutgoingAuthInfo;
            blob.ByteOffsetCurrentOutgoingAuthInfo = (uint)(Marshal.SizeOf(blob.CountOutgoingAuthInfos) + Marshal.SizeOf(
                                                                blob.ByteOffsetCurrentOutgoingAuthInfo) + Marshal.SizeOf(blob.ByteOffsetPreviousOutgoingAuthInfo));
            blob.ByteOffsetPreviousOutgoingAuthInfo = (uint)(blob.ByteOffsetCurrentOutgoingAuthInfo
                                                             + blob.CurrentOutgoingAuthInfos.Length);
            blob.CountIncomingAuthInfos = (uint)(currentIncomingAuthInfos == null ? 0 : currentIncomingAuthInfos.Length);
            //same as blob.ByteOffsetCurrentOutgoingAuthInfo
            blob.ByteOffsetCurrentIncomingAuthInfo = (uint)(Marshal.SizeOf(blob.CountIncomingAuthInfos) + Marshal.SizeOf(
                                                                blob.ByteOffsetCurrentIncomingAuthInfo) + Marshal.SizeOf(blob.ByteOffsetPreviousIncomingAuthInfo));
            blob.ByteOffsetPreviousIncomingAuthInfo = (uint)(blob.ByteOffsetCurrentIncomingAuthInfo
                                                             + blob.CurrentIncomingAuthInfos.Length);
            blob.OutgoingAuthInfoSize = (uint)(blob.ByteOffsetPreviousOutgoingAuthInfo
                                               + blob.PreviousOutgoingAuthInfos.Length);
            blob.IncomingAuthInfoSize = (uint)(blob.ByteOffsetPreviousIncomingAuthInfo
                                               + blob.PreviousIncomingAuthInfos.Length);

            byte[] input = ArrayUtility.ConcatenateArrays(

            using (RC4 rc4 = RC4.Create())
                rc4.Key         = sessionKey;
                retVal.AuthBlob = rc4.CreateEncryptor().TransformFinalBlock(input, 0, input.Length);
            retVal.AuthSize = (uint)(retVal.AuthBlob.Length);

        /// <summary>
        /// Encrypts input data with RC4
        /// </summary>
        /// <param name="input">The input data to be encrypted</param>
        /// <param name="inputOffset">Offset of input from which the data will be encrypted </param>
        /// <param name="inputLength">Length of data to be encrypted</param>
        /// <param name="key">The encryption key</param>
        private static byte[] RC4Encrypt(byte[] input, int inputOffset, int inputLength, byte[] key)
            RC4 rc4 = RC4.Create();
            ICryptoTransform crypto = rc4.CreateEncryptor(key, null);

            byte[] output = crypto.TransformFinalBlock(input, inputOffset, inputLength);

Beispiel #4
 /// <summary>
 /// An example of encryption/decryption from one file to another.
 /// </summary>
 /// <param name="key">The secret key to use for the algorithm.</param>
 /// <param name="sourcePath">File path to read.</param>
 /// <param name="targetPath">File path to write.</param>
 public static void EncoderWrite(byte[] key, string sourcePath, string targetPath)
     using (var rc4 = RC4.Create())
         using (var source = new FileStream(sourcePath, FileMode.Open, FileAccess.Read))
             using (var target = new FileStream(targetPath, FileMode.Create, FileAccess.ReadWrite))
                 using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
Beispiel #5
        private bool Decode(byte[] pvk, string password)
            if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758u)
            if (BitConverterLE.ToUInt32(pvk, 4) != 0u)
            this.keyType   = BitConverterLE.ToInt32(pvk, 8);
            this.encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1u);
            int num  = BitConverterLE.ToInt32(pvk, 16);
            int num2 = BitConverterLE.ToInt32(pvk, 20);

            byte[] array = new byte[num2];
            Buffer.BlockCopy(pvk, 24 + num, array, 0, num2);
            if (num > 0)
                if (password == null)
                byte[] array2 = new byte[num];
                Buffer.BlockCopy(pvk, 24, array2, 0, num);
                byte[]           array3          = this.DeriveKey(array2, password);
                RC4              rc              = RC4.Create();
                ICryptoTransform cryptoTransform = rc.CreateDecryptor(array3, null);
                cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
                    this.rsa  = CryptoConvert.FromCapiPrivateKeyBlob(array);
                    this.weak = false;
                catch (CryptographicException)
                    this.weak = true;
                    Buffer.BlockCopy(pvk, 24 + num, array, 0, num2);
                    Array.Clear(array3, 5, 11);
                    RC4 rc2 = RC4.Create();
                    cryptoTransform = rc2.CreateDecryptor(array3, null);
                    cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
                    this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array);
                Array.Clear(array3, 0, array3.Length);
                this.weak = true;
                this.rsa  = CryptoConvert.FromCapiPrivateKeyBlob(array);
                Array.Clear(array, 0, array.Length);
            Array.Clear(pvk, 0, pvk.Length);
            return(this.rsa != null);
Beispiel #6
 /// <summary>
 /// An example of encryption/decryption from byte array to another
 /// </summary>
 /// <param name="key"></param>
 /// <param name="sourceArray"></param>
 /// <returns></returns>
 public static byte[] EncoderRead(byte[] key, byte[] sourceArray)
     using (var rc4 = RC4.Create())
         using (var source = new MemoryStream(sourceArray))
             using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                 using (var target = new MemoryStream())
Beispiel #7
 /// <summary>
 /// An example of encryption/decryption from file to byte array.
 /// </summary>
 /// <param name="key">The secret key to use for the algorithm.</param>
 /// <param name="sourcePath">File path to read.</param>
 /// <returns></returns>
 public static byte[] EncoderRead(byte[] key, string sourcePath)
     using (var rc4 = RC4.Create())
         using (var source = new FileStream(sourcePath, FileMode.Open, FileAccess.Read))
             using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                 using (var target = new MemoryStream())
Beispiel #8
 /// <summary>
 /// An example of encryption/decryption from one array to another.
 /// </summary>
 /// <param name="key">The secret key to use for the algorithm.</param>
 /// <param name="sourceArray">The byte array to encrypt/decrypt.</param>
 /// <param name="targetArray">The byte array with the resulting data.</param>
 public static void EncoderWrite(byte[] key, byte[] sourceArray, out byte[] targetArray)
     using (var rc4 = RC4.Create())
         using (var source = new MemoryStream(sourceArray))
             using (var target = new MemoryStream())
                 using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                     targetArray = target.ToArray();
Beispiel #9
 /// <summary>
 /// An example of file encryption/decryption directly.
 /// </summary>
 /// <param name="key">The secret key to use for the algorithm.</param>
 /// <param name="sourcePath">File path to read/write</param>
 public static void EncoderWrite(byte[] key, string sourcePath)
     using (var rc4 = RC4.Create())
         using (var source = new FileStream(sourcePath, FileMode.Open, FileAccess.ReadWrite))
             using (var target = new MemoryStream())
                 using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                     source.Seek(0, SeekOrigin.Begin);
                     target.Seek(0, SeekOrigin.Begin);
Beispiel #10
 /// <summary>
 /// An example of byte array encryption/decryption directly.
 /// </summary>
 /// <param name="key">The secret key to use for the algorithm.</param>
 /// <param name="sourceArray">The byte array to encrypt/decrypt.</param>
 public static void EncoderWrite(byte[] key, byte[] sourceArray)
     using (var rc4 = RC4.Create())
         using (var source = new MemoryStream(sourceArray))
             using (var target = new MemoryStream())
                 using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                     source.Seek(0, SeekOrigin.Begin);
                     target.Seek(0, SeekOrigin.Begin);
        /// <summary>
        /// Update session key for Non-FIPS according to section 5.3.7 Session Key Updates.
        /// </summary>
        /// <param name="initialKey">The initial session key.</param>
        /// <param name="currentKey">The current session key.</param>
        /// <param name="encryptionMethod">The current encryption method.</param>
        /// <returns>The new session key.</returns>
        private static byte[] UpdateKey(byte[] initialKey, byte[] currentKey, EncryptionMethods encryptionMethod)
            byte[] pad1   = ConstValue.NON_FIPS_PAD1;
            byte[] pad2   = ConstValue.NON_FIPS_PAD2;
            byte[] newKey = null;

            // SHAComponent = SHA(InitialEncryptKey + Pad1 + CurrentEncryptKey)
            byte[] shaComponentBuffer = RdpbcgrUtility.ConcatenateArrays(initialKey, pad1, currentKey);
            byte[] shaComponent       = ShaHash(shaComponentBuffer);

            // TempKey128 = MD5(InitialEncryptKey + Pad2 + SHAComponent)
            byte[] tempKey128Buffer = RdpbcgrUtility.ConcatenateArrays(initialKey, pad2, shaComponent);
            byte[] tempKey128       = MD5Hash(tempKey128Buffer);

            if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT)
                // S-TableEncrypt = InitRC4(TempKey128)
                RC4 rc4 = RC4.Create();
                ICryptoTransform ict = rc4.CreateEncryptor(tempKey128, null);

                // NewEncryptKey128 = RC4(TempKey128, S-TableEncrypt)
                newKey = ict.TransformFinalBlock(tempKey128, 0, tempKey128.Length);
            else if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT ||
                     encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT)
                // TempKey64 = First64Bits(TempKey128)
                byte[] tempKey64 = GetFirstNBits(64, tempKey128);

                // S-TableEncrypt = InitRC4(TempKey64)
                RC4 rc4 = RC4.Create();
                ICryptoTransform ict = rc4.CreateEncryptor(tempKey64, null);

                // PreSaltKey = RC4(TempKey64, S-TableEncrypt)
                byte[] preSaltKey = ict.TransformFinalBlock(tempKey64, 0, tempKey64.Length);

                if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT)
                    // NewEncryptKey40 = 0xD1269E + Last40Bits(PreSaltKey)
                    newKey = RdpbcgrUtility.ConcatenateArrays(ConstValue.NON_FIPS_SALT_40BIT, GetLastNBits(40, preSaltKey));
                    // NewEncryptKey56 = 0xD1 + Last56Bits(PreSaltKey)
                    newKey = RdpbcgrUtility.ConcatenateArrays(ConstValue.NON_FIPS_SALT_56BIT, GetLastNBits(56, preSaltKey));
            // else do nothing

Beispiel #12
        private bool Decode(byte[] pvk, string password)
            if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758U || BitConverterLE.ToUInt32(pvk, 4) != 0U)
            this.keyType   = BitConverterLE.ToInt32(pvk, 8);
            this.encrypted = BitConverterLE.ToUInt32(pvk, 12) == 1U;
            int int32_1 = BitConverterLE.ToInt32(pvk, 16);
            int int32_2 = BitConverterLE.ToInt32(pvk, 20);

            byte[] numArray = new byte[int32_2];
            Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2);
            if (int32_1 > 0)
                if (password == null)
                byte[] salt = new byte[int32_1];
                Buffer.BlockCopy((Array)pvk, 24, (Array)salt, 0, int32_1);
                byte[] rgbKey = this.DeriveKey(salt, password);
                RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8);
                    this.rsa  = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
                    this.weak = false;
                catch (CryptographicException)
                    this.weak = true;
                    Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2);
                    Array.Clear((Array)rgbKey, 5, 11);
                    RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8);
                    this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
                Array.Clear((Array)rgbKey, 0, rgbKey.Length);
                this.weak = true;
                this.rsa  = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
                Array.Clear((Array)numArray, 0, numArray.Length);
            Array.Clear((Array)pvk, 0, pvk.Length);
            return(this.rsa != null);
Beispiel #13
    // =========================加密相关===================================
    // 加密通讯
    public void Encrypt(Int32 send_seed, Int32 receive_seed)
        Byte[] _send = BitConverter.GetBytes(send_seed);
        if (BitConverter.IsLittleEndian)
        Byte[] _recv = BitConverter.GetBytes(receive_seed);
        if (BitConverter.IsLittleEndian)
        string key1;
        string key2;

        Byte[]     _key1 = dhEnc.DecryptKeyExchange(_send);
        BigInteger bi1   = new BigInteger(_key1);

        key1 = Config.SALT + bi1.ToString();

        Byte[]     _key2 = dhDec.DecryptKeyExchange(_recv);
        BigInteger bi2   = new BigInteger(_key2);

        key2 = Config.SALT + bi2.ToString();

        RC4 rc4enc = RC4.Create();
        RC4 rc4dec = RC4.Create();

        Byte[] seed1 = Encoding.ASCII.GetBytes(key1);
        Byte[] seed2 = Encoding.ASCII.GetBytes(key2);

        // en/decryptor不为null时自动启动加密

        // Get an encryptor.
        encryptor = rc4enc.CreateEncryptor(seed1, null);
        // Get a decryptor.
        decryptor = rc4dec.CreateDecryptor(seed2, null);
Beispiel #14
        public void Save(string filename, string password)
            if (filename == null)
                throw new ArgumentNullException(nameof(filename));
            byte[]     numArray1  = (byte[])null;
            FileStream fileStream = File.Open(filename, FileMode.Create, FileAccess.Write);

                byte[] buffer = new byte[4];
                byte[] bytes1 = BitConverterLE.GetBytes(2964713758U);
                fileStream.Write(bytes1, 0, 4);
                fileStream.Write(buffer, 0, 4);
                byte[] bytes2 = BitConverterLE.GetBytes(this.keyType);
                fileStream.Write(bytes2, 0, 4);
                this.encrypted = password != null;
                numArray1      = CryptoConvert.ToCapiPrivateKeyBlob(this.rsa);
                if (this.encrypted)
                    byte[] bytes3 = BitConverterLE.GetBytes(1);
                    fileStream.Write(bytes3, 0, 4);
                    byte[] bytes4 = BitConverterLE.GetBytes(16);
                    fileStream.Write(bytes4, 0, 4);
                    byte[] bytes5 = BitConverterLE.GetBytes(numArray1.Length);
                    fileStream.Write(bytes5, 0, 4);
                    byte[] numArray2 = new byte[16];
                    RC4    rc4       = RC4.Create();
                    byte[] rgbKey    = (byte[])null;
                        fileStream.Write(numArray2, 0, numArray2.Length);
                        rgbKey = this.DeriveKey(numArray2, password);
                        if (this.Weak)
                            Array.Clear((Array)rgbKey, 5, 11);
                        rc4.CreateEncryptor(rgbKey, (byte[])null).TransformBlock(numArray1, 8, numArray1.Length - 8, numArray1, 8);
                        Array.Clear((Array)numArray2, 0, numArray2.Length);
                        Array.Clear((Array)rgbKey, 0, rgbKey.Length);
                    fileStream.Write(buffer, 0, 4);
                    fileStream.Write(buffer, 0, 4);
                    byte[] bytes3 = BitConverterLE.GetBytes(numArray1.Length);
                    fileStream.Write(bytes3, 0, 4);
                fileStream.Write(numArray1, 0, numArray1.Length);
                Array.Clear((Array)numArray1, 0, numArray1.Length);
Beispiel #15
        /// <summary>
        /// Initializes a new instance of the <see cref="NtlmAuthenticateMessageGenerator"/> class,
        /// which generates an NTLM authentication Authenticate (or Type 3) message.
        /// </summary>
        /// <param name="random">A <see cref="Random"/> object used to generate pseudorandom numbers for generating random keys.</param>
        /// <param name="currentTime"></param>
        /// <param name="domain">The domain against which to authenticate.</param>
        /// <param name="host">The host against which to authenticate.</param>
        /// <param name="user">The user name to use in authenticating.</param>
        /// <param name="password">The password to use in authenticating.</param>
        /// <param name="nonce">The random byte array sent by the server as part of the challenge message.</param>
        /// <param name="negotiatedOptionFlags">The <see cref="NtlmNegotiateFlags"/> sent by the server as part of the challenge message.</param>
        /// <param name="target">The target sent by the server as part of the challenge message.</param>
        /// <param name="targetInformation">The target information structure as an array of bytes sent by the server as part of the challenge message.</param>
        /// <param name="peerServerCertificate">An <see cref="X509Certificate"/> used to cryptographically sign communication between the server and client.</param>
        /// <param name="type1Message">A byte array containing the Negotiate (or Type 1) message used in the handshake.</param>
        /// <param name="type2Message">A byte array containing the Challenge (or Type 2) message used in the handshake.</param>
        public NtlmAuthenticateMessageGenerator(Random random, DateTime currentTime, string domain, string host, string user, string password, byte[] nonce, NtlmNegotiateFlags negotiatedOptionFlags, string target, byte[] targetInformation, X509Certificate peerServerCertificate, byte[] type1Message, byte[] type2Message)
            if (random == null)
                throw new NtlmAuthorizationGenerationException("Random generator not available");

            // Save the flags
            this.negotiatedOptionFlags = negotiatedOptionFlags;
            this.type1Message          = type1Message;
            this.type2Message          = type2Message;

            // Strip off domain name from the host!
            string unqualifiedHost = ConvertHost(host);

            // Use only the base domain name!
            string unqualifiedDomain = ConvertDomain(domain);

            byte[] responseTargetInformation = targetInformation;
            if (peerServerCertificate != null)
                responseTargetInformation      = AddGssMessageIntegrityCodeAttributeValuesToTargetInfo(targetInformation, peerServerCertificate);
                isMessageIntegrityCodeRequired = true;
                isMessageIntegrityCodeRequired = false;

            // Create a cipher generator class.
            // N.B., Use original domain value (before modification).
            CipherGen gen = new CipherGen(random, currentTime, unqualifiedDomain, user, password, nonce, target, responseTargetInformation);

            // Use the new code to calculate the responses, including v2 if that
            // seems warranted.
            byte[] userSessionKey;
                // This conditional may not work on Windows Server 2008 R2 and above,
                // where it has not yet been tested
                if (((negotiatedOptionFlags & NtlmNegotiateFlags.RequestTargetInfo) != 0) && targetInformation != null && target != null)
                    // NTLMv2
                    ntlmResponse = gen.GetNtlmV2Response();
                    lmResponse   = gen.GetLmV2Response();
                    if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestLanManagerKey) != 0)
                        userSessionKey = gen.GetLanManagerSessionKey();
                        userSessionKey = gen.GetNtlmV2UserSessionKey();
                    // NTLMv1
                    if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestNtlmV2Session) != 0)
                        // NTLM2 session stuff is requested
                        ntlmResponse = gen.GetNtlm2SessionResponse();
                        lmResponse   = gen.GetLm2SessionResponse();
                        if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestLanManagerKey) != 0)
                            userSessionKey = gen.GetLanManagerSessionKey();
                            userSessionKey = gen.GetNtlm2SessionResponseUserSessionKey();
                        ntlmResponse = gen.GetNtlmResponse();
                        lmResponse   = gen.GetLmResponse();
                        if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestLanManagerKey) != 0)
                            userSessionKey = gen.GetLanManagerSessionKey();
                            userSessionKey = gen.GetNtlmUserSessionKey();
            catch (NtlmAuthorizationGenerationException)
                // This likely means we couldn't find the MD4 hash algorithm -
                // fail back to just using LM
                ntlmResponse = new byte[0];
                lmResponse   = gen.GetLmResponse();
                if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestLanManagerKey) != 0)
                    userSessionKey = gen.GetLanManagerSessionKey();
                    userSessionKey = gen.GetLmUserSessionKey();

            if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestSign) != 0)
                if ((negotiatedOptionFlags & NtlmNegotiateFlags.RequestKeyExchange) != 0)
                    exportedSessionKey = gen.GetSecondaryKey();
                    using (var rc4 = RC4.Create())
                        rc4.Key    = exportedSessionKey;
                        sessionKey = rc4.CreateEncryptor().TransformFinalBlock(userSessionKey, 0, userSessionKey.Length);
                    sessionKey         = userSessionKey;
                    exportedSessionKey = sessionKey;
                if (isMessageIntegrityCodeRequired)
                    throw new NtlmAuthorizationGenerationException("Cannot sign/seal: no exported session key");

                sessionKey         = null;
                exportedSessionKey = null;

            Encoding charset = GetCharset(negotiatedOptionFlags);

            if (unqualifiedHost != null)
                hostBytes = charset.GetBytes(unqualifiedHost);

            if (unqualifiedDomain != null)
                domainBytes = charset.GetBytes(unqualifiedDomain.ToUpperInvariant());

            userBytes = charset.GetBytes(user);
Beispiel #16
        public void Save(string filename, string password)
            if (filename == null)
                throw new ArgumentNullException("filename");
            byte[]     array      = null;
            FileStream fileStream = File.Open(filename, FileMode.Create, FileAccess.Write);

                byte[] array2 = new byte[4];
                byte[] bytes  = BitConverterLE.GetBytes(2964713758u);
                fileStream.Write(bytes, 0, 4);
                fileStream.Write(array2, 0, 4);
                bytes = BitConverterLE.GetBytes(this.keyType);
                fileStream.Write(bytes, 0, 4);
                this.encrypted = (password != null);
                array          = CryptoConvert.ToCapiPrivateKeyBlob(this.rsa);
                if (this.encrypted)
                    bytes = BitConverterLE.GetBytes(1);
                    fileStream.Write(bytes, 0, 4);
                    bytes = BitConverterLE.GetBytes(16);
                    fileStream.Write(bytes, 0, 4);
                    bytes = BitConverterLE.GetBytes(array.Length);
                    fileStream.Write(bytes, 0, 4);
                    byte[] array3 = new byte[16];
                    RC4    rc     = RC4.Create();
                    byte[] array4 = null;
                        RandomNumberGenerator randomNumberGenerator = RandomNumberGenerator.Create();
                        fileStream.Write(array3, 0, array3.Length);
                        array4 = this.DeriveKey(array3, password);
                        if (this.Weak)
                            Array.Clear(array4, 5, 11);
                        ICryptoTransform cryptoTransform = rc.CreateEncryptor(array4, null);
                        cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
                        Array.Clear(array3, 0, array3.Length);
                        Array.Clear(array4, 0, array4.Length);
                    fileStream.Write(array2, 0, 4);
                    fileStream.Write(array2, 0, 4);
                    bytes = BitConverterLE.GetBytes(array.Length);
                    fileStream.Write(bytes, 0, 4);
                fileStream.Write(array, 0, array.Length);
                Array.Clear(array, 0, array.Length);
Beispiel #17
        static void Main(string[] args)
            // Put in the "Debug" folder of this Project "source.txt" file for debugging...
            byte[] key   = Encoding.ASCII.GetBytes("SecREt01pAssW0rd");
            string path1 = @"source.txt";
            string path2 = @"encoded.txt";
            string path3 = @"decoded.txt";

            // Example without reuse Encryptor (ICryptoTransform).
            // Allows you to get the same results every time you encrypt the same file.
            // To decrypt the result, you need to apply the algorithm again.
            byte[][] encoded1;
            using (RC4 rc4 = RC4.Create())
                encoded1 = new byte[3][];
                for (int i = 0; i < 3; i++)
                    using (var source = new FileStream(path1, FileMode.Open, FileAccess.Read))
                        using (var crypto = new CryptoStream(source, rc4.CreateEncryptor(key, null), CryptoStreamMode.Read))
                            using (var target = new MemoryStream())
                                encoded1[i] = target.ToArray();

            // Example with reuse Encryptor (ICryptoTransform).
            // Allows you to get different results when encrypting even the same file.
            // To decrypt each file, you need to re-apply the algorithm in the same order.
            byte[][] encoded2;
            using (RC4 rc4 = RC4.Create())
                ICryptoTransform encryptor = rc4.CreateEncryptor(key, null);
                encoded2 = new byte[3][];
                for (int i = 0; i < 3; i++)
                    using (var source = new FileStream(path1, FileMode.Open, FileAccess.Read))
                        using (var crypto = new CryptoStream(source, encryptor, CryptoStreamMode.Read))
                            using (var target = new MemoryStream())
                                encoded2[i] = target.ToArray();

            // All sorts of templates for encryption/decryption.

            // Encryption path1 to path2
            EncoderWrite(key, path1, path2);
            Console.WriteLine($"The contents of file {path1} is encrypted in file {path2}.");
            Console.WriteLine("Press any key...");
            // Decryption path2 to path3
            EncoderWrite(key, path2, path3);
            Console.WriteLine($"The contents of file {path2} is decrypted in file {path3}.");
            Console.WriteLine("Press any key...");
            // Encryption path3
            EncoderWrite(key, path3);
            Console.WriteLine($"The contents of file {path3} is encrypted.");
            Console.WriteLine("Press any key...");
            // Decryption path3
            EncoderWrite(key, path3);
            Console.WriteLine($"The contents of file {path3} is decrypted.");
            Console.WriteLine("Press any key...");
            // Encryption path1 to buffer
            byte[] buffer = EncoderRead(key, path1);
            Console.WriteLine($"The contents of file {path1} is encrypted in the buffer.");
            Console.WriteLine("Press any key...");
            // Decryption buffer
            EncoderWrite(key, buffer);
            Console.WriteLine($"The contents of buffer is decrypted.");
            Console.WriteLine("Press any key...");
            // Encryption buffer to buffer2
            byte[] buffer2 = new byte[123];
            EncoderWrite(key, buffer, out buffer2);
            Console.WriteLine($"The contents of buffer is encrypted in the buffer2.");
            Console.WriteLine("Press any key...");
            // Decryption buffer2 to path3
            EncoderWrite(key, buffer2, path3);
            Console.WriteLine($"The contents of buffer2 is decrypted in file {path3}.");
            Console.WriteLine("Press any key...");
        private bool Decode(byte[] pvk, string password)
            // DWORD magic
            if (BitConverterLE.ToUInt32(pvk, 0) != magic)
            // DWORD reserved
            if (BitConverterLE.ToUInt32(pvk, 4) != 0x0)
            // DWORD keytype
            keyType = BitConverterLE.ToInt32(pvk, 8);
            // DWORD encrypted
            encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1);
            // DWORD saltlen
            int saltlen = BitConverterLE.ToInt32(pvk, 16);
            // DWORD keylen
            int keylen = BitConverterLE.ToInt32(pvk, 20);

            byte[] keypair = new byte [keylen];
            Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen);
            // read salt (if present)
            if (saltlen > 0)
                if (password == null)

                byte[] salt = new byte [saltlen];
                Buffer.BlockCopy(pvk, 24, salt, 0, saltlen);
                // first try with full (128) bits
                byte[] key = DeriveKey(salt, password);
                // decrypt in place and try this
                RC4 rc4 = RC4.Create();
                ICryptoTransform dec = rc4.CreateDecryptor(key, null);
                dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8);
                    rsa  = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
                    weak = false;
                catch (CryptographicException)
                    weak = true;
                    // second chance using weak crypto
                    Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen);
                    // truncate the key to 40 bits
                    Array.Clear(key, 5, 11);
                    // decrypt
                    RC4 rc4b = RC4.Create();
                    dec = rc4b.CreateDecryptor(key, null);
                    dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8);
                    rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
                Array.Clear(key, 0, key.Length);
                weak = true;
                // read unencrypted keypair
                rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
                Array.Clear(keypair, 0, keypair.Length);

            // zeroize pvk (which could contain the unencrypted private key)
            Array.Clear(pvk, 0, pvk.Length);

            return(rsa != null);
        public void Save(string filename, string password)
            if (filename == null)
                throw new ArgumentNullException("filename");

            byte[]     blob = null;
            FileStream fs   = File.Open(filename, FileMode.Create, FileAccess.Write);

                // header
                byte[] empty = new byte [4];
                byte[] data  = BitConverterLE.GetBytes(magic);
                fs.Write(data, 0, 4);   // magic
                fs.Write(empty, 0, 4);  // reserved
                data = BitConverterLE.GetBytes(keyType);
                fs.Write(data, 0, 4);   // key type

                encrypted = (password != null);
                blob      = CryptoConvert.ToCapiPrivateKeyBlob(rsa);
                if (encrypted)
                    data = BitConverterLE.GetBytes(1);
                    fs.Write(data, 0, 4); // encrypted
                    data = BitConverterLE.GetBytes(16);
                    fs.Write(data, 0, 4); // saltlen
                    data = BitConverterLE.GetBytes(blob.Length);
                    fs.Write(data, 0, 4); // keylen

                    byte[] salt = new byte [16];
                    RC4    rc4  = RC4.Create();
                    byte[] key  = null;
                        // generate new salt (16 bytes)
                        RandomNumberGenerator rng = RandomNumberGenerator.Create();
                        fs.Write(salt, 0, salt.Length);
                        key = DeriveKey(salt, password);
                        if (Weak)
                            Array.Clear(key, 5, 11);
                        ICryptoTransform enc = rc4.CreateEncryptor(key, null);
                        // we don't encrypt the header part of the BLOB
                        enc.TransformBlock(blob, 8, blob.Length - 8, blob, 8);
                        Array.Clear(salt, 0, salt.Length);
                        Array.Clear(key, 0, key.Length);
                    fs.Write(empty, 0, 4); // encrypted
                    fs.Write(empty, 0, 4); // saltlen
                    data = BitConverterLE.GetBytes(blob.Length);
                    fs.Write(data, 0, 4);  // keylen

                fs.Write(blob, 0, blob.Length);
                // BLOB may include an uncrypted keypair
                Array.Clear(blob, 0, blob.Length);
        internal void GenerateSessionKey(byte[] clientRandom, byte[] serverRandom)
            if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT ||
                encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT ||
                encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT)
                byte[] mackey       = null;
                byte[] clientEncKey = null;
                byte[] clientDecKey = null;

                GenerateNonFIPSSessionKey(clientRandom, serverRandom, out mackey, out clientEncKey, out clientDecKey);
                if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT)
                    // MACKey40 = 0xD1269E + Last40Bits(First64Bits(MACKey128))
                    byte[] salt  = ConstValue.NON_FIPS_SALT_40BIT;
                    byte[] first = GetFirstNBits(64, mackey);
                    byte[] last  = GetLastNBits(40, first);
                    macKey = RdpbcgrUtility.ConcatenateArrays(salt, last);

                    // InitialClientEncryptKey40 = 0xD1269E + Last40Bits(First64Bits(InitialClientEncryptKey128))
                    first = GetFirstNBits(64, clientEncKey);
                    last  = GetLastNBits(40, first);
                    currentClientEncryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                    currentServerDecryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);

                    // InitialClientDecryptKey40 = 0xD1269E + Last40Bits(First64Bits(InitialClientDecryptKey128))
                    first = GetFirstNBits(64, clientDecKey);
                    last  = GetLastNBits(40, first);
                    currentClientDecryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                    currentServerEncryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                else if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT)
                    // MACKey56 = 0xD1 + Last56Bits(First64Bits(MACKey128))
                    byte[] salt  = ConstValue.NON_FIPS_SALT_56BIT;
                    byte[] first = GetFirstNBits(64, mackey);
                    byte[] last  = GetLastNBits(56, first);
                    macKey = RdpbcgrUtility.ConcatenateArrays(salt, last);

                    // InitialClientEncryptKey56 = 0xD1 + Last56Bits(First64Bits(InitialClientEncryptKey128))
                    first = GetFirstNBits(64, clientEncKey);
                    last  = GetLastNBits(56, first);
                    currentClientEncryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                    currentServerDecryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);

                    // InitialClientDecryptKey56 = 0xD1 + Last56Bits(First64Bits(InitialClientDecryptKey128))
                    first = GetFirstNBits(64, clientDecKey);
                    last  = GetLastNBits(56, first);
                    currentClientDecryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                    currentServerEncryptKey = RdpbcgrUtility.ConcatenateArrays(salt, last);
                else // encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT
                    macKey = mackey;
                    currentClientEncryptKey = clientEncKey;
                    currentServerDecryptKey = clientEncKey;
                    currentClientDecryptKey = clientDecKey;
                    currentServerEncryptKey = clientDecKey;

                initialClientDecryptKey = currentClientDecryptKey;
                initialClientEncryptKey = currentClientEncryptKey;
                initialServerEncryptKey = currentServerEncryptKey;
                initialServerDecryptKey = currentServerDecryptKey;
                RC4 rc4Enc = RC4.Create();
                rc4Encrypt       = rc4Enc.CreateEncryptor(currentClientEncryptKey, null);
                rc4EncryptServer = rc4Enc.CreateEncryptor(currentServerEncryptKey, null);
                RC4 rc4Dec = RC4.Create();
                rc4Decrypt       = rc4Dec.CreateDecryptor(currentClientDecryptKey, null);
                rc4DecryptServer = rc4Dec.CreateDecryptor(currentServerDecryptKey, null);
            else if (encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_FIPS)
                GenerateFIPSSessionKey(clientRandom, serverRandom, out macKey,
                                       out currentClientEncryptKey, out currentClientDecryptKey,
                                       out currentServerEncryptKey, out currentServerDecryptKey);
                initialClientDecryptKey = currentClientDecryptKey;
                initialClientEncryptKey = currentClientEncryptKey;
                initialServerDecryptKey = currentServerDecryptKey;
                initialServerEncryptKey = currentServerEncryptKey;

                // suppress "CA5353:TripleDESCannotBeUsed" message, since TripleDES is used according protocol definition in MS-RDPBCGR
                desEncrypt      = new TripleDESCryptoServiceProvider();
                desEncrypt.IV   = ConstValue.TRPLE_DES_IV;
                desEncrypt.Key  = currentClientEncryptKey;
                desEncrypt.Mode = CipherMode.CBC;

                desDecrypt      = new TripleDESCryptoServiceProvider();
                desDecrypt.IV   = ConstValue.TRPLE_DES_IV;
                desDecrypt.Key  = currentClientDecryptKey;
                desDecrypt.Mode = CipherMode.CBC;

                desEncryptServer      = new TripleDESCryptoServiceProvider();
                desEncryptServer.IV   = ConstValue.TRPLE_DES_IV;
                desEncryptServer.Key  = currentServerEncryptKey;
                desEncryptServer.Mode = CipherMode.CBC;

                desDecryptServer      = new TripleDESCryptoServiceProvider();
                desDecryptServer.IV   = ConstValue.TRPLE_DES_IV;
                desDecryptServer.Key  = currentServerDecryptKey;
                desDecryptServer.Mode = CipherMode.CBC;
            else  // the encryption method is ENCRYPTION_METHOD_NONE or error
                macKey = null;
                initialClientEncryptKey = null;
                initialClientDecryptKey = null;
                currentClientEncryptKey = null;
                currentClientDecryptKey = null;
                initialServerEncryptKey = null;
                initialServerDecryptKey = null;
                currentServerEncryptKey = null;
                currentServerDecryptKey = null;
                rc4Encrypt       = null;
                rc4Decrypt       = null;
                rc4EncryptServer = null;
                rc4DecryptServer = null;
                desEncrypt       = null;
                desDecrypt       = null;
                desEncryptServer = null;
                desDecryptServer = null;

            // the cumulative encryption/decryption count
            // indicating how many encryptions/decryptions have been carried out.
            encryptionCount = 0;  // the first encryption start with 0
            decryptionCount = -1; // after the first decryption, decryptionCount++ up to 0