public PaEncTimeStamp(string timeStamp, int usec, EncryptionType eType, string password, string salt) { this.TimeStamp = timeStamp; this.Usec = usec; byte[] key = KeyGenerator.MakeKey(eType, password, salt); this.Key = new EncryptionKey(new KerbInt32((long)eType), new Asn1OctetString(key)); // create a timestamp PA_ENC_TS_ENC paEncTsEnc = new PA_ENC_TS_ENC(new KerberosTime(this.TimeStamp), new Microseconds(this.Usec)); Asn1BerEncodingBuffer currTimeStampBuffer = new Asn1BerEncodingBuffer(); paEncTsEnc.BerEncode(currTimeStampBuffer); var rawData = currTimeStampBuffer.Data; KerberosUtility.OnDumpMessage("KRB5:PA-ENC-TS-ENC", "Encrypted Timestamp Pre-authentication", KerberosUtility.DumpLevel.PartialMessage, rawData); // encrypt the timestamp byte[] encTimeStamp = KerberosUtility.Encrypt((EncryptionType)this.Key.keytype.Value, this.Key.keyvalue.ByteArrayValue, rawData, (int)KeyUsageNumber.PA_ENC_TIMESTAMP); // create an encrypted timestamp PA_ENC_TIMESTAMP paEncTimeStamp = new PA_ENC_TIMESTAMP(new KerbInt32(this.Key.keytype.Value), null, new Asn1OctetString(encTimeStamp)); Asn1BerEncodingBuffer paEncTimestampBuffer = new Asn1BerEncodingBuffer(); paEncTimeStamp.BerEncode(paEncTimestampBuffer, true); Data = new PA_DATA(new KerbInt32((long)PaDataType.PA_ENC_TIMESTAMP), new Asn1OctetString(paEncTimestampBuffer.Data)); }
private void DecryptTicket(EncryptionType type, byte[] sessionKey) { var ticketEncPartRawData = KerberosUtility.Decrypt( type, sessionKey, Response.ticket.enc_part.cipher.ByteArrayValue, (int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket); TicketEncPart = new EncTicketPart(); TicketEncPart.BerDecode(new Asn1DecodingBuffer(ticketEncPartRawData)); KerberosUtility.OnDumpMessage("KRB5:TicketEncPart", "Encrypted Ticket in TGS-REP", KerberosUtility.DumpLevel.PartialMessage, ticketEncPartRawData); }
/// <summary> /// Decode TGS Response from bytes /// </summary> /// <param name="buffer">byte array to be decoded</param> /// <exception cref="System.ArgumentNullException">thrown when input buffer is null</exception> public override void FromBytes(byte[] buffer) { if (null == buffer) { throw new ArgumentNullException("buffer"); } KerberosUtility.OnDumpMessage("KRB5:KrbMessage", "Kerberos Message", KerberosUtility.DumpLevel.WholeMessage, buffer); // Decode TGS Response Asn1DecodingBuffer decodeBuffer = new Asn1DecodingBuffer(buffer); Response.BerDecode(decodeBuffer); }
public void DecryptTgsResponse(byte[] key, KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part) { var encryptType = (EncryptionType)Response.enc_part.etype.Value; var encPartRawData = KerberosUtility.Decrypt( encryptType, key, Response.enc_part.cipher.ByteArrayValue, (int)usage); EncPart = new EncTGSRepPart(); EncPart.BerDecode(new Asn1DecodingBuffer(encPartRawData)); KerberosUtility.OnDumpMessage("KRB5:TGS-REP(enc-part)", "Encrypted part of TGS-REP", KerberosUtility.DumpLevel.PartialMessage, encPartRawData); }
/// <summary> /// Decode the Krb Error from bytes /// </summary> /// <param name="buffer">The byte array to be decoded.</param> /// <exception cref="System.ArgumentNullException">thrown when input buffer is null</exception> public override void FromBytes(byte[] buffer) { if (null == buffer) { throw new ArgumentNullException("buffer"); } KerberosUtility.OnDumpMessage("KRB5:KrbMessage", "Kerberos Message", KerberosUtility.DumpLevel.WholeMessage, buffer); // Decode Krb Error Asn1DecodingBuffer decodeBuffer = new Asn1DecodingBuffer(buffer); this.KrbError.BerDecode(decodeBuffer); ErrorCode = (KRB_ERROR_CODE)KrbError.error_code.Value; }
/// <summary> /// Decode AS Response from bytes /// </summary> /// <param name="buffer">the byte array to be decoded</param> /// <exception cref="System.ArgumentNullException">thrown when input buffer is null</exception> public override void FromBytes(byte[] buffer) { if (null == buffer) { throw new ArgumentNullException("buffer"); } KerberosUtility.OnDumpMessage("KRB5:KrbMessage", "Kerberos Message", KerberosUtility.DumpLevel.WholeMessage, buffer); // Decode AS Response Asn1DecodingBuffer decodeBuffer = new Asn1DecodingBuffer(buffer); this.Response.BerDecode(decodeBuffer); // Get the current encryption type, cipher data, session key EncryptionType encryptType = (EncryptionType)this.Response.enc_part.etype.Value; }
/// <summary> /// Encode this class into byte array. /// </summary> /// <returns>The byte array of the class.</returns> public override byte[] ToBytes() { Asn1BerEncodingBuffer tgsBerBuffer = new Asn1BerEncodingBuffer(); this.Request.BerEncode(tgsBerBuffer, true); KerberosUtility.OnDumpMessage("KRB5:KrbMessage", "Kerberos Message", KerberosUtility.DumpLevel.WholeMessage, tgsBerBuffer.Data); if (transportType == TransportType.TCP) { return(KerberosUtility.WrapLength(tgsBerBuffer.Data, true)); } else { return(tgsBerBuffer.Data); } }
public KerberosFastResponse GetKerberosFastRep(EncryptionKey key) { var armoredRep = GetArmoredRep(); var decrypted = KerberosUtility.Decrypt((EncryptionType)key.keytype.Value, key.keyvalue.ByteArrayValue, armoredRep.enc_fast_rep.cipher.ByteArrayValue, (int)KeyUsageNumber.FAST_REP ); KerberosUtility.OnDumpMessage("KRB5:KrbFastArmoredRep(enc-fast-req)", "An encrypted KrbFastRep in PA_FX_FAST_REPLY", KerberosUtility.DumpLevel.PartialMessage, decrypted); KrbFastResponse fastrep = new KrbFastResponse(); fastrep.BerDecode(new Asn1DecodingBuffer(decrypted)); return(new KerberosFastResponse(fastrep)); }
public void Decrypt(byte[] key) { var encryptType = (EncryptionType)Response.enc_part.etype.Value; var decoded = KerberosUtility.Decrypt( encryptType, key, Response.enc_part.cipher.ByteArrayValue, (int)KeyUsageNumber.AP_REP_EncAPRepPart); KerberosUtility.OnDumpMessage("KRB5:PA-ENC-TS-ENC", "Encrypted Timestamp Pre-authentication", KerberosUtility.DumpLevel.PartialMessage, decoded); ApEncPart = new EncAPRepPart(); ApEncPart.BerDecode(new Asn1DecodingBuffer(decoded)); KerberosUtility.OnDumpMessage("KRB5:AP-REP(enc-part)", "Encrypted part of AS-REP", KerberosUtility.DumpLevel.PartialMessage, decoded); }
private void DecryptAsResponse(byte[] key) { var encryptType = (EncryptionType)Response.enc_part.etype.Value; int keyUsage = (int)KeyUsageNumber.AS_REP_ENCRYPTEDPART; if (encryptType == EncryptionType.RC4_HMAC) { keyUsage = (int)KeyUsageNumber.TGS_REP_encrypted_part; } var encPartRawData = KerberosUtility.Decrypt( encryptType, key, Response.enc_part.cipher.ByteArrayValue, keyUsage); Asn1DecodingBuffer buf = new Asn1DecodingBuffer(encPartRawData); Asn1Tag tag = null; Asn1StandardProcedure.TagBerDecode(buf, out tag); //Some implementations unconditionally send an encrypted EncTGSRepPart in the field //regardless of whether the reply is an AS-REP or a TGS-REP.([RFC4120] Section 5.4.2) if (tag.TagValue == 25) //EncAsRepPart { EncPart = new EncASRepPart(); } else if (tag.TagValue == 26) //EncTgsRepPart { EncPart = new EncTGSRepPart(); } else { throw new Exception("Unknown tag number"); } EncPart.BerDecode(new Asn1DecodingBuffer(encPartRawData)); KerberosUtility.OnDumpMessage("KRB5:AS-REP(enc-part)", "Encrypted part of AS-REP", KerberosUtility.DumpLevel.PartialMessage, encPartRawData); }
/// <summary> /// Create an instance. /// </summary> public KerberosApRequest(long pvno, APOptions ap_options, KerberosTicket ticket, Authenticator authenticator, KeyUsageNumber keyUsageNumber) { Asn1BerEncodingBuffer asnBuffPlainAuthenticator = new Asn1BerEncodingBuffer(); authenticator.BerEncode(asnBuffPlainAuthenticator, true); KerberosUtility.OnDumpMessage("KRB5:Authenticator", "Authenticator in AP-REQ structure", KerberosUtility.DumpLevel.PartialMessage, asnBuffPlainAuthenticator.Data); byte[] encAsnEncodedAuth = KerberosUtility.Encrypt((EncryptionType)ticket.SessionKey.keytype.Value, ticket.SessionKey.keyvalue.ByteArrayValue, asnBuffPlainAuthenticator.Data, (int)keyUsageNumber); var encrypted = new EncryptedData(); encrypted.etype = new KerbInt32(ticket.SessionKey.keytype.Value); encrypted.cipher = new Asn1OctetString(encAsnEncodedAuth); long msg_type = (long)MsgType.KRB_AP_REQ; Request = new AP_REQ(new Asn1Integer(pvno), new Asn1Integer(msg_type), ap_options, ticket.Ticket, encrypted); Authenticator = authenticator; }
public PaEncryptedChallenge(EncryptionType type, string timeStamp, int usec, EncryptionKey armorKey, EncryptionKey userLongTermKey) { this.TimeStamp = timeStamp; this.Usec = usec; var keyvalue = KeyGenerator.KrbFxCf2( (EncryptionType)armorKey.keytype.Value, armorKey.keyvalue.ByteArrayValue, userLongTermKey.keyvalue.ByteArrayValue, "clientchallengearmor", "challengelongterm"); switch (type) { case EncryptionType.AES256_CTS_HMAC_SHA1_96: { var key = new EncryptionKey(new KerbInt32((long)EncryptionType.AES256_CTS_HMAC_SHA1_96), new Asn1OctetString(keyvalue)); this.Key = key; break; } case EncryptionType.RC4_HMAC: { var key = new EncryptionKey(new KerbInt32((long)EncryptionType.RC4_HMAC), new Asn1OctetString(keyvalue)); this.Key = key; break; } default: throw new ArgumentException("Unsupported encryption type."); } // create a timestamp PA_ENC_TS_ENC paEncTsEnc = new PA_ENC_TS_ENC(new KerberosTime(this.TimeStamp), new Microseconds(this.Usec)); Asn1BerEncodingBuffer currTimeStampBuffer = new Asn1BerEncodingBuffer(); paEncTsEnc.BerEncode(currTimeStampBuffer); var rawData = currTimeStampBuffer.Data; KerberosUtility.OnDumpMessage("KRB5:PA-ENC-TS-ENC", "Encrypted Timestamp Pre-authentication", KerberosUtility.DumpLevel.PartialMessage, rawData); // encrypt the timestamp byte[] encTimeStamp = KerberosUtility.Encrypt((EncryptionType)this.Key.keytype.Value, this.Key.keyvalue.ByteArrayValue, rawData, (int)KeyUsageNumber.ENC_CHALLENGE_CLIENT); EncryptedChallenge encryptedChallenge = new EncryptedChallenge(new KerbInt32((long)this.Key.keytype.Value), null, new Asn1OctetString(encTimeStamp)); Asn1BerEncodingBuffer paEncTimestampBuffer = new Asn1BerEncodingBuffer(); encryptedChallenge.BerEncode(paEncTimestampBuffer, true); Data = new PA_DATA(new KerbInt32((long)PaDataType.PA_ENCRYPTED_CHALLENGE), new Asn1OctetString(paEncTimestampBuffer.Data)); }