/// <summary>
/// Find a key based on various parameters.
/// </summary>
/// <param name="enc_type">The encryption type.</param>
/// <param name="name_type">The name type.</param>
/// <param name="principal">The principal.</param>
/// <param name="key_version">The key version.</param>
/// <returns></returns>
public KerberosKey FindKey(KerberosEncryptionType enc_type, KerberosNameType name_type, string principal, int key_version)
{
return(Keys.Where(k => k.KeyEncryption == enc_type &&
k.NameType == name_type &&
k.Principal.Equals(principal, StringComparison.OrdinalIgnoreCase) &&
k.Version == (uint)key_version).FirstOrDefault());
}
/// <summary>
/// Derive a key from a password.
/// </summary>
/// <remarks>Not all encryption types are supported.</remarks>
/// <param name="key_encryption">The key encryption to use.</param>
/// <param name="password">The password to derice from.</param>
/// <param name="iterations">Iterations for the password derivation.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="salt">Salt for the key.</param>
/// <param name="version">Key Version Number (KVNO).</param>
/// <returns></returns>
public static KerberosAuthenticationKey DeriveKey(KerberosEncryptionType key_encryption, string password,
int iterations, KerberosNameType name_type, string principal, string salt, uint version)
{
if (principal is null)
{
throw new ArgumentNullException(nameof(principal));
}
byte[] key;
switch (key_encryption)
{
case KerberosEncryptionType.ARCFOUR_HMAC_MD5:
case KerberosEncryptionType.ARCFOUR_HMAC_MD5_56:
case KerberosEncryptionType.ARCFOUR_HMAC_OLD:
case KerberosEncryptionType.ARCFOUR_HMAC_OLD_EXP:
key = MD4.CalculateHash(Encoding.Unicode.GetBytes(password));
break;
case KerberosEncryptionType.AES128_CTS_HMAC_SHA1_96:
key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 16);
break;
case KerberosEncryptionType.AES256_CTS_HMAC_SHA1_96:
key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 32);
break;
default:
throw new ArgumentException($"Unsupported key type {key_encryption}", nameof(key_encryption));
}
return(new KerberosAuthenticationKey(key_encryption, key, name_type, principal, DateTime.Now, version));
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="realm">The Realm for the key.</param>
/// <param name="components">The name components for the key.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string realm, string[] components, DateTime timestamp, uint version)
{
KeyEncryption = key_encryption;
_key = key;
NameType = name_type;
Realm = realm;
Components = components;
Timestamp = timestamp;
Version = version;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="realm">The Realm for the key.</param>
/// <param name="components">The name components for the key.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string realm, IEnumerable <string> components, DateTime timestamp, uint version)
{
KeyEncryption = key_encryption;
_key = (byte[])key.Clone();
NameType = name_type;
Realm = realm;
Components = components.ToArray();
Timestamp = timestamp;
Version = version;
}
private static KerberosPrincipalName ParseName(IntPtr ptr)
{
if (ptr == IntPtr.Zero)
{
return(new KerberosPrincipalName());
}
KerberosNameType name_type = (KerberosNameType)Marshal.ReadInt16(ptr, 0);
int count = Marshal.ReadInt16(ptr, 2);
if (count == 0)
{
return(new KerberosPrincipalName(name_type, new string[0]));
}
var name = new SafeStructureInOutBuffer <KERB_EXTERNAL_NAME>(ptr, Marshal.SizeOf(typeof(KERB_EXTERNAL_NAME))
+ Marshal.SizeOf(typeof(UnicodeStringOut)) * count, false);
UnicodeStringOut[] names = new UnicodeStringOut[count];
name.Data.ReadArray(0, names, 0, count);
return(new KerberosPrincipalName(name_type, names.Select(u => u.ToString())));
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="name_type">The type of the principal name.</param>
/// <param name="names">The list of names for the principal.</param>
public KerberosPrincipalName(KerberosNameType name_type,
IEnumerable <string> names)
{
NameType = name_type;
Names = new List <string>(names).AsReadOnly();
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key as a hex string.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, string key, KerberosNameType name_type,
string principal, DateTime timestamp, uint version)
: this(key_encryption, GetKey(key), name_type, principal, timestamp, version)
{
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string principal, DateTime timestamp, uint version)
: this(key_encryption, key, name_type, GetRealm(principal),
GetComponents(principal), timestamp, version)
{
}
