private KrbKdcDHKeyInfo ValidateDHReply(KrbPaPkAsRep pkRep)
{
var signed = new SignedCms();
signed.Decode(pkRep.DHInfo.DHSignedData.ToArray());
VerifyKdcSignature(signed);
return(KrbKdcDHKeyInfo.Decode(signed.ContentInfo.Content));
}
private async Task <ReadOnlyMemory <byte> > SignDHResponseAsync(KrbKdcDHKeyInfo keyInfo)
{
var signed = new SignedCms(
new ContentInfo(
IdPkInitDHKeyData,
keyInfo.Encode().ToArray()
)
);
var Certificate = await Service.Principals.RetrieveKdcCertificate();
signed.ComputeSignature(new CmsSigner(Certificate));
return(signed.Encode());
}
public void ParsePaPkAsRep_SignedDHRep_KDCDHKeyInfo()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
SignedCms signed = new SignedCms();
signed.Decode(asrep.DHInfo.DHSignedData.ToArray());
signed.CheckSignature(verifySignatureOnly: true);
KrbKdcDHKeyInfo keyInfo = KrbKdcDHKeyInfo.Decode(signed.ContentInfo.Content);
Assert.IsNotNull(keyInfo);
}
private ReadOnlyMemory <byte> SignDHResponse(KrbKdcDHKeyInfo keyInfo)
{
var signed = new SignedCms(
new ContentInfo(
IdPkInitDHKeyData,
keyInfo.Encode().ToArray()
)
);
var certificate = this.Service.Principals.RetrieveKdcCertificate();
var signer = new CmsSigner(certificate)
{
IncludeOption = this.IncludeOption
};
signed.ComputeSignature(signer);
return(signed.Encode());
}
public override async Task <KrbPaData> Validate(KrbKdcReq asReq, PreAuthenticationContext preauth)
{
var paPk = asReq.PaData.FirstOrDefault(p => p.Type == PaDataType.PA_PK_AS_REQ);
if (paPk == null)
{
return(null);
}
var pkreq = KrbPaPkAsReq.Decode(paPk.Value);
var authPack = await ValidateAuthPack(preauth.Principal, pkreq);
ValidateAuthenticator(authPack.PKAuthenticator, asReq.Body);
var requestAlg = authPack.ClientPublicValue?.Algorithm?.Algorithm;
IKeyAgreement agreement;
if (requestAlg?.Value == EllipticCurveDiffieHellman.Value)
{
agreement = FromEllipticCurveDomainParameters(authPack.ClientPublicValue);
}
else if (requestAlg?.Value == DiffieHellman.Value)
{
agreement = await FromDiffieHellmanDomainParametersAsync(authPack.ClientPublicValue);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
var derivedKey = agreement.GenerateAgreement();
var etype = asReq.Body.EType.First();
var transform = CryptoService.CreateTransform(etype);
ReadOnlyMemory <byte> clientDHNonce = authPack.ClientDHNonce.GetValueOrDefault();
ReadOnlyMemory <byte> serverDHNonce = default;
if (clientDHNonce.Length > 0)
{
serverDHNonce = transform.GenerateRandomBytes(agreement.PublicKey.KeyLength);
await Service.Principals.CacheKey(agreement.PrivateKey);
}
var keyInfo = new KrbKdcDHKeyInfo {
SubjectPublicKey = agreement.PublicKey.EncodePublicKey()
};
if (agreement.PublicKey.CacheExpiry.HasValue)
{
keyInfo.DHKeyExpiration = agreement.PublicKey.CacheExpiry;
keyInfo.Nonce = authPack.PKAuthenticator.Nonce;
}
var sessionKey = PKInitString2Key.String2Key(
derivedKey.Span,
transform.KeySize,
clientDHNonce.Span,
serverDHNonce.Span
);
var paPkRep = new KrbPaPkAsRep
{
DHInfo = new KrbDHReplyInfo
{
DHSignedData = await SignDHResponseAsync(keyInfo),
ServerDHNonce = serverDHNonce
}
};
preauth.PaData = new[]
{
new KrbPaData
{
Type = PaDataType.PA_PK_AS_REP,
Value = paPkRep.Encode()
}
};
preauth.EncryptedPartKey = new KerberosKey(key: sessionKey.ToArray(), etype: etype);
return(null);
}
public override KrbPaData Validate(KrbKdcReq asReq, PreAuthenticationContext preauth)
{
if (asReq == null)
{
throw new ArgumentNullException(nameof(asReq));
}
if (preauth == null)
{
throw new ArgumentNullException(nameof(preauth));
}
if (!preauth.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState) ||
!(paState is PkInitState state))
{
return(null);
}
var authPack = ValidateAuthPack(preauth, state);
this.ValidateAuthenticator(authPack.PKAuthenticator, asReq.Body);
var requestAlg = authPack.ClientPublicValue?.Algorithm?.Algorithm;
IKeyAgreement agreement;
if (requestAlg?.Value == EllipticCurveDiffieHellman.Value)
{
agreement = this.FromEllipticCurveDomainParameters(authPack.ClientPublicValue);
}
else if (requestAlg?.Value == DiffieHellman.Value)
{
agreement = this.FromDiffieHellmanDomainParameters(authPack.ClientPublicValue);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
var derivedKey = agreement.GenerateAgreement();
var preferredEType = GetPreferredEType(
asReq.Body.EType,
this.Service.Configuration.Defaults.PermittedEncryptionTypes,
this.Service.Configuration.Defaults.AllowWeakCrypto
);
if (preferredEType is null)
{
throw new InvalidOperationException("Cannot find a common EType");
}
var etype = preferredEType.Value;
var transform = CryptoService.CreateTransform(etype);
ReadOnlyMemory <byte> clientDHNonce = authPack.ClientDHNonce.GetValueOrDefault();
ReadOnlyMemory <byte> serverDHNonce = default;
if (clientDHNonce.Length > 0)
{
serverDHNonce = transform.GenerateRandomBytes(agreement.PublicKey.KeyLength);
this.Service.Principals.CacheKey(agreement.PrivateKey);
}
var keyInfo = new KrbKdcDHKeyInfo {
SubjectPublicKey = agreement.PublicKey.EncodePublicKey()
};
if (agreement.PublicKey.CacheExpiry.HasValue)
{
keyInfo.DHKeyExpiration = agreement.PublicKey.CacheExpiry;
keyInfo.Nonce = authPack.PKAuthenticator.Nonce;
}
var sessionKey = PKInitString2Key.String2Key(
derivedKey.Span,
transform.KeySize,
clientDHNonce.Span,
serverDHNonce.Span
);
var paPkRep = new KrbPaPkAsRep
{
DHInfo = new KrbDHReplyInfo
{
DHSignedData = this.SignDHResponse(keyInfo),
ServerDHNonce = serverDHNonce
}
};
preauth.PaData = new[]
{
new KrbPaData
{
Type = PaDataType.PA_PK_AS_REP,
Value = paPkRep.Encode()
}
};
preauth.EncryptedPartKey = new KerberosKey(key: sessionKey.ToArray(), etype: etype);
preauth.ClientAuthority = PaDataType.PA_PK_AS_REQ;
return(null);
}
