private protected KerberosEncryptedData(KerberosEncryptionType type, int?key_version, byte[] cipher_text) { EncryptionType = type; KeyVersion = key_version; CipherText = cipher_text; }
/// <summary> /// Find a key based on various parameters. /// </summary> /// <param name="enc_type">The encryption type.</param> /// <param name="name_type">The name type.</param> /// <param name="principal">The principal.</param> /// <param name="key_version">The key version.</param> /// <returns></returns> public KerberosKey FindKey(KerberosEncryptionType enc_type, KerberosNameType name_type, string principal, int key_version) { return(Keys.Where(k => k.KeyEncryption == enc_type && k.NameType == name_type && k.Principal.Equals(principal, StringComparison.OrdinalIgnoreCase) && k.Version == (uint)key_version).FirstOrDefault()); }
/// <summary> /// Derive a key from a password. /// </summary> /// <remarks>Not all encryption types are supported.</remarks> /// <param name="key_encryption">The key encryption to use.</param> /// <param name="password">The password to derice from.</param> /// <param name="iterations">Iterations for the password derivation.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="salt">Salt for the key.</param> /// <param name="version">Key Version Number (KVNO).</param> /// <returns></returns> public static KerberosAuthenticationKey DeriveKey(KerberosEncryptionType key_encryption, string password, int iterations, KerberosNameType name_type, string principal, string salt, uint version) { if (principal is null) { throw new ArgumentNullException(nameof(principal)); } byte[] key; switch (key_encryption) { case KerberosEncryptionType.ARCFOUR_HMAC_MD5: case KerberosEncryptionType.ARCFOUR_HMAC_MD5_56: case KerberosEncryptionType.ARCFOUR_HMAC_OLD: case KerberosEncryptionType.ARCFOUR_HMAC_OLD_EXP: key = MD4.CalculateHash(Encoding.Unicode.GetBytes(password)); break; case KerberosEncryptionType.AES128_CTS_HMAC_SHA1_96: key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 16); break; case KerberosEncryptionType.AES256_CTS_HMAC_SHA1_96: key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 32); break; default: throw new ArgumentException($"Unsupported key type {key_encryption}", nameof(key_encryption)); } return(new KerberosAuthenticationKey(key_encryption, key, name_type, principal, DateTime.Now, version)); }
internal KerberosTicketCacheInfo(KERB_TICKET_CACHE_INFO info) { ServerName = info.ServerName.ToString(); RealmName = info.RealmName.ToString(); StartTime = info.StartTime.ToDateTime(); EndTime = info.EndTime.ToDateTime(); RenewTime = info.RenewTime.ToDateTime(); EncryptionType = info.EncryptionType; TicketFlags = (KerberosTicketFlags)info.TicketFlags.SwapEndian(); }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="realm">The Realm for the key.</param> /// <param name="components">The name components for the key.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string realm, string[] components, DateTime timestamp, uint version) { KeyEncryption = key_encryption; _key = key; NameType = name_type; Realm = realm; Components = components; Timestamp = timestamp; Version = version; }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="realm">The Realm for the key.</param> /// <param name="components">The name components for the key.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string realm, IEnumerable <string> components, DateTime timestamp, uint version) { KeyEncryption = key_encryption; _key = (byte[])key.Clone(); NameType = name_type; Realm = realm; Components = components.ToArray(); Timestamp = timestamp; Version = version; }
internal static KerberosAuthenticationKey Parse(DERValue value, string realm, KerberosPrincipalName name) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosEncryptionType enc_type = 0; byte[] key = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: enc_type = (KerberosEncryptionType)next.ReadChildInteger(); break; case 1: key = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (enc_type == 0 || key == null) { throw new InvalidDataException(); } return(new KerberosAuthenticationKey(enc_type, key, name.NameType, realm, name.Names.ToArray(), DateTime.Now, 0)); }
/// <summary> /// Get keys which match the encryption type. /// </summary> /// <param name="enc_type">The encryption type.</param> /// <returns>The list of keys which match the encryption type.</returns> public IEnumerable <KerberosKey> GetKeysForEncryption(KerberosEncryptionType enc_type) { return(Keys.Where(k => k.KeyEncryption == enc_type)); }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key as a hex string.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, string key, KerberosNameType name_type, string principal, DateTime timestamp, uint version) : this(key_encryption, GetKey(key), name_type, principal, timestamp, version) { }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string principal, DateTime timestamp, uint version) : this(key_encryption, key, name_type, GetRealm(principal), GetComponents(principal), timestamp, version) { }