public void ParsePaPkAsReq_SignedAuthPack_ParseAuthPack()
{
KrbPaPkAsReq asreq = KrbPaPkAsReq.Decode(signedPkAsReq);
SignedCms signedCms = new SignedCms();
signedCms.Decode(asreq.SignedAuthPack.ToArray());
signedCms.CheckSignature(verifySignatureOnly: true);
KrbAuthPack authPack = KrbAuthPack.Decode(signedCms.ContentInfo.Content);
Assert.IsNotNull(authPack);
var param = authPack.ClientPublicValue.Algorithm.Parameters.Value;
var b64 = Convert.ToBase64String(param.ToArray());
var domainParams = KrbDiffieHellmanDomainParameters.DecodeSpecial(param);
Assert.IsNotNull(domainParams);
var special = domainParams.EncodeSpecial();
Assert.IsTrue(special.Span.SequenceEqual(param.ToArray()));
var decodedPk = CryptEncode.CryptDecodePublicParameter(authPack.ClientPublicValue.SubjectPublicKey).Slice(16);
}
private static KrbAuthPack ValidateAuthPack(PreAuthenticationContext preauth, PkInitState state)
{
state.Cms.CheckSignature(verifySignatureOnly: true);
preauth.Principal.Validate(state.Cms.Certificates);
var authPack = KrbAuthPack.Decode(state.Cms.ContentInfo.Content);
return(authPack);
}
private static async Task <KrbAuthPack> ValidateAuthPack(IKerberosPrincipal principal, KrbPaPkAsReq pkreq)
{
SignedCms signedCms = new SignedCms();
signedCms.Decode(pkreq.SignedAuthPack.ToArray());
signedCms.CheckSignature(verifySignatureOnly: true);
await principal.Validate(signedCms.Certificates);
var authPack = KrbAuthPack.Decode(signedCms.ContentInfo.Content);
return(authPack);
}
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body)
{
using (var sha1 = CryptoPal.Platform.Sha1())
{
var encoded = body.Encode();
var paChecksum = sha1.ComputeHash(encoded.Span);
var parametersAreCached = this.CacheKeyAgreementParameters(this.agreement);
if (parametersAreCached)
{
var etype = GetPreferredEType(body.EType, this.Configuration.Defaults.AllowWeakCrypto);
if (etype is null)
{
throw new InvalidOperationException("Cannot find a common EType");
}
this.clientDHNonce = GenerateNonce(etype.Value, this.agreement.PublicKey.KeyLength);
}
var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(this.agreement);
var authPack = new KrbAuthPack
{
PKAuthenticator = new KrbPKAuthenticator
{
Nonce = body.Nonce,
PaChecksum = paChecksum
},
ClientPublicValue = new KrbSubjectPublicKeyInfo
{
Algorithm = new KrbAlgorithmIdentifier
{
Algorithm = DiffieHellman,
Parameters = domainParams.EncodeSpecial()
},
SubjectPublicKey = this.agreement.PublicKey.EncodePublicKey()
},
ClientDHNonce = this.clientDHNonce
};
return(authPack);
}
}
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body)
{
using (var sha1 = CryptoPal.Platform.Sha1())
{
var encoded = body.Encode();
var paChecksum = sha1.ComputeHash(encoded.Span);
var parametersAreCached = CacheKeyAgreementParameters(agreement);
if (parametersAreCached)
{
clientDHNonce = GenerateNonce(body.EType.First(), agreement.PublicKey.KeyLength);
}
var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(agreement);
var authPack = new KrbAuthPack
{
PKAuthenticator = new KrbPKAuthenticator
{
Nonce = body.Nonce,
PaChecksum = paChecksum
},
ClientPublicValue = new KrbSubjectPublicKeyInfo
{
Algorithm = new KrbAlgorithmIdentifier
{
Algorithm = DiffieHellman,
Parameters = domainParams.EncodeSpecial()
},
SubjectPublicKey = agreement.PublicKey.EncodePublicKey()
},
ClientDHNonce = clientDHNonce
};
return(authPack);
}
}
