public NTTransactCreateRequest(byte[] parameters, byte[] data, bool isUnicode) { int parametersOffset = 0; Flags = (NTCreateFlags)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); RootDirectoryFID = LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); DesiredAccess = (AccessMask)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); AllocationSize = LittleEndianReader.ReadInt64(parameters, ref parametersOffset); ExtFileAttributes = (ExtendedFileAttributes)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); ShareAccess = (ShareAccess)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); CreateDisposition = (CreateDisposition)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); CreateOptions = (CreateOptions)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); uint securityDescriptiorLength = LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); _ = LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); uint nameLength = LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); ImpersonationLevel = (ImpersonationLevel)LittleEndianReader.ReadUInt32(parameters, ref parametersOffset); SecurityFlags = (SecurityFlags)ByteReader.ReadByte(parameters, ref parametersOffset); if (isUnicode) { parametersOffset++; } Name = SMB1Helper.ReadFixedLengthString(parameters, ref parametersOffset, isUnicode, (int)nameLength); if (securityDescriptiorLength > 0) { SecurityDescriptor = new SecurityDescriptor(data, 0); } ExtendedAttributes = FileFullEAInformation.ReadList(data, (int)securityDescriptiorLength); }
public Fingerprint(string identityID, byte identityFlag, SecurityFlags securityFlag, string sha) { this.IdentityID = identityID; this.IdentityFlag = identityFlag; this.SecurityFlag = securityFlag; this.SHA = sha; }
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { Reserved = ByteReader.ReadByte(this.SMBParameters, 4); NameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5); Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7); RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11); DesiredAccess = (FileAccessMask)LittleEndianConverter.ToUInt32(this.SMBParameters, 15); AllocationSize = LittleEndianConverter.ToInt64(this.SMBParameters, 19); ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43); SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47); int dataOffset = 0; if (isUnicode) { // A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header. // Note: SMBData starts at an odd offset. dataOffset = 1; } FileName = SMB1Helper.ReadSMBString(this.SMBData, dataOffset, isUnicode); }
/// <summary> /// Initializes a new instance of the SecurityOptions class. /// </summary> /// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param> /// <param name="cert">A <see cref="Certificate"/> instance.</param> /// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param> /// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param> /// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param> /// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param> /// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param> /// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param> /// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param> public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; }
// Default constructor public Security() { m_value_x = 0; m_value_g = 0; m_value_p = 0; m_value_A = 0; m_value_B = 0; m_value_K = 0; m_seed_count = 0; m_crc_seed = 0; m_initial_blowfish_key = 0; m_handshake_blowfish_key = 0; m_count_byte_seeds = new byte[3]; m_count_byte_seeds[0] = 0; m_count_byte_seeds[1] = 0; m_count_byte_seeds[2] = 0; m_client_key = 0; m_challenge_key = 0; m_client_security = false; m_security_flag = 0; m_security_flags = new SecurityFlags(); m_accepted_handshake = false; m_started_handshake = false; m_identity_flag = 0; m_identity_name = "SR_Client"; m_outgoing_packets = new List<Packet>(); m_incoming_packets = new List<Packet>(); m_enc_opcodes = new List<ushort>(); m_enc_opcodes.Add(0x2001); m_enc_opcodes.Add(0x6100); m_enc_opcodes.Add(0x6101); m_enc_opcodes.Add(0x6102); m_enc_opcodes.Add(0x6103); m_enc_opcodes.Add(0x6107); m_blowfish = new Blowfish(); m_recv_buffer = new TransferBuffer(8192); // must be at minimal 2 bytes! m_current_buffer = null; /* Chernobyl: Fix massive msg fragmentation m_massive_count = 0; m_massive_packet = null; */ m_class_lock = new object(); }
internal SslConnectionListener(SecurityAssociationOptions requiredOptions, SecurityAssociationOptions supportedOptions, IServerSideAuthentication serverAuth, omg.org.IOP.Codec codec) { m_codec = codec; if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) && (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))) { throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client"); } SecureProtocol protocol = SecureProtocol.None; SslAlgorithms allowedCiphers = SslAlgorithms.ALL; if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3; allowedCiphers = SslAlgorithms.SECURE_CIPHERS; m_isSecured = true; } CredentialVerification clientVerification = CredentialVerification.None; CertVerifyEventHandler verifyClient = null; SecurityFlags authFlags = SecurityFlags.Default; if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) || ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { clientVerification = CredentialVerification.Manual; verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer); } if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) { authFlags = SecurityFlags.MutualAuthentication; } m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server, clientVerification, verifyClient, null, authFlags, allowedCiphers, null); m_serverAuth = serverAuth; m_supportedOptions = supportedOptions; m_requiredOptions = requiredOptions; }
public TCPServer(string ip, int port, SecurityFlags flags) { m_blConnectionAllowed = false; m_SecurityFlags = flags; m_Socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); m_SocketContextPool = new ObjectPool <SocketContext>(() => new SocketContext(), () => m_SocketContextPool.Count > 200); try { IPEndPoint endPoint = new IPEndPoint(IPAddress.Parse(ip), port); m_Socket.Bind(endPoint); m_Socket.Listen(1000); } catch (SocketException) { Console.WriteLine("Cannot listen socket ({0}:{1})", ip, port); } }
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert, ConnectionEnd entity, IEnumerable <string> knownProtocols, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; this.KnownProtocols = knownProtocols; this.Extensions = extensions; this.ExtensionList = FormExtsList(extensions); }
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { Reserved = ByteReader.ReadByte(this.SMBParameters, 4); ushort nameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5); Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7); RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11); DesiredAccess = (DesiredAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 15); AllocationSize = LittleEndianConverter.ToUInt64(this.SMBParameters, 19); ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43); SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47); int dataOffset = 0; if (isUnicode) { dataOffset = 1; // 1 byte padding for 2 byte alignment } FileName = SMBHelper.ReadSMBString(this.SMBData, dataOffset, isUnicode); }
// Returns a SecurityFlags object from a byte. static SecurityFlags ToSecurityFlags(byte value) { SecurityFlags flags = new SecurityFlags(); flags.none = (byte)(value & 1); value >>= 1; flags.blowfish = (byte)(value & 1); value >>= 1; flags.security_bytes = (byte)(value & 1); value >>= 1; flags.handshake = (byte)(value & 1); value >>= 1; flags.handshake_response = (byte)(value & 1); value >>= 1; flags._6 = (byte)(value & 1); value >>= 1; flags._7 = (byte)(value & 1); value >>= 1; flags._8 = (byte)(value & 1); value >>= 1; return flags; }
void GenerateSecurity(SecurityFlags flags) { m_security_flag = FromSecurityFlags(flags); m_security_flags = flags; m_client_security = true; //don't need about solving problem CA2000 Packet response = new Packet(0x5000); response.WriteUInt8(m_security_flag); if (m_security_flags.blowfish == 1) { m_initial_blowfish_key = NextUInt64(); m_blowfish.Initialize(BitConverter.GetBytes(m_initial_blowfish_key)); response.WriteUInt64(m_initial_blowfish_key); } if (m_security_flags.security_bytes == 1) { m_seed_count = NextUInt8(); SetupCountByte(m_seed_count); m_crc_seed = NextUInt8(); response.WriteUInt32(m_seed_count); response.WriteUInt32(m_crc_seed); } if (m_security_flags.handshake == 1) { m_handshake_blowfish_key = NextUInt64(); m_value_x = NextUInt32() & 0x7FFFFFFF; m_value_g = NextUInt32() & 0x7FFFFFFF; m_value_p = NextUInt32() & 0x7FFFFFFF; m_value_A = G_pow_X_mod_P(m_value_p, m_value_x, m_value_g); response.WriteUInt64(m_handshake_blowfish_key); response.WriteUInt32(m_value_g); response.WriteUInt32(m_value_p); response.WriteUInt32(m_value_A); } m_outgoing_packets.Add(response); }
static SecurityFlags CopySecurityFlags(SecurityFlags flags) { SecurityFlags copy = new SecurityFlags(); copy.none = flags.none; copy.blowfish = flags.blowfish; copy.security_bytes = flags.security_bytes; copy.handshake = flags.handshake; copy.handshake_response = flags.handshake_response; copy._6 = flags._6; copy._7 = flags._7; copy._8 = flags._8; return copy; }
// Returns a byte from a SecurityFlags object. static byte FromSecurityFlags(SecurityFlags flags) { return (byte)(flags.none | flags.blowfish << 1 | flags.security_bytes << 2 | flags.handshake << 3 | flags.handshake_response << 4 | flags._6 << 5 | flags._7 << 6 | flags._8 << 7); }
// Generates the security settings. This should only be called if the security object // is being used to process an incoming connection's data (server). public void GenerateSecurity(bool blowfish, bool security_bytes, bool handshake) { lock (m_class_lock) { SecurityFlags flags = new SecurityFlags(); if (blowfish) { flags.none = 0; flags.blowfish = 1; } if (security_bytes) { flags.none = 0; flags.security_bytes = 1; } if (handshake) { flags.none = 0; flags.handshake = 1; } if (!blowfish && !security_bytes && !handshake) { flags.none = 1; } GenerateSecurity(flags); } }
void Handshake(ushort packet_opcode, PacketReader packet_data, bool packet_encrypted) { if (packet_encrypted) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical (encrypted) handshake packet.")); } if (m_client_security) { // If this object does not need a handshake if (m_security_flags.handshake == 0) { // Client should only accept it then if (packet_opcode == 0x9000) { if (m_accepted_handshake) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (duplicate 0x9000).")); } m_accepted_handshake = true; // Otherwise, all good here return; } // Client should not send any 0x5000s! else if (packet_opcode == 0x5000) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (0x5000 with no handshake).")); } // Programmer made a mistake in calling this function else { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (programmer error).")); } } else { // Client accepts the handshake if (packet_opcode == 0x9000) { // Can't accept it before it's started! if (!m_started_handshake) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (out of order 0x9000).")); } if (m_accepted_handshake) // Client error { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (duplicate 0x9000).")); } // Otherwise, all good here m_accepted_handshake = true; return; } // Client sends a handshake response else if (packet_opcode == 0x5000) { if (m_started_handshake) // Client error { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (duplicate 0x5000).")); } m_started_handshake = true; } // Programmer made a mistake in calling this function else { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (programmer error).")); } } ulong key_array = 0; byte[] tmp_bytes; m_value_B = packet_data.ReadUInt32(); m_client_key = packet_data.ReadUInt64(); m_value_K = G_pow_X_mod_P(m_value_p, m_value_x, m_value_B); key_array = MAKELONGLONG_(m_value_A, m_value_B); KeyTransformValue(ref key_array, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_K)) & 0x03)); m_blowfish.Initialize(BitConverter.GetBytes(key_array)); tmp_bytes = m_blowfish.Decode(BitConverter.GetBytes(m_client_key)); m_client_key = BitConverter.ToUInt64(tmp_bytes, 0); key_array = MAKELONGLONG_(m_value_B, m_value_A); KeyTransformValue(ref key_array, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_B)) & 0x07)); if (m_client_key != key_array) { throw (new Exception("[SecurityAPI::Handshake] Client signature error.")); } key_array = MAKELONGLONG_(m_value_A, m_value_B); KeyTransformValue(ref key_array, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_K)) & 0x03)); m_blowfish.Initialize(BitConverter.GetBytes(key_array)); m_challenge_key = MAKELONGLONG_(m_value_A, m_value_B); KeyTransformValue(ref m_challenge_key, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_A)) & 0x07)); tmp_bytes = m_blowfish.Encode(BitConverter.GetBytes(m_challenge_key)); m_challenge_key = BitConverter.ToUInt64(tmp_bytes, 0); KeyTransformValue(ref m_handshake_blowfish_key, m_value_K, 0x3); m_blowfish.Initialize(BitConverter.GetBytes(m_handshake_blowfish_key)); SecurityFlags tmp_flags = new SecurityFlags(); tmp_flags.handshake_response = 1; byte tmp_flag = FromSecurityFlags(tmp_flags); //CA2000 dont care Packet response = new Packet(0x5000); response.WriteUInt8(tmp_flag); response.WriteUInt64(m_challenge_key); m_outgoing_packets.Add(response); } else { if (packet_opcode != 0x5000) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (programmer error).")); } byte flag = packet_data.ReadByte(); SecurityFlags flags = ToSecurityFlags(flag); if (m_security_flag == 0) { m_security_flag = flag; m_security_flags = flags; } if (flags.blowfish == 1) { m_initial_blowfish_key = packet_data.ReadUInt64(); m_blowfish.Initialize(BitConverter.GetBytes(m_initial_blowfish_key)); } if (flags.security_bytes == 1) { m_seed_count = packet_data.ReadUInt32(); m_crc_seed = packet_data.ReadUInt32(); SetupCountByte(m_seed_count); } if (flags.handshake == 1) { m_handshake_blowfish_key = packet_data.ReadUInt64(); m_value_g = packet_data.ReadUInt32(); m_value_p = packet_data.ReadUInt32(); m_value_A = packet_data.ReadUInt32(); m_value_x = NextUInt32() & 0x7FFFFFFF; m_value_B = G_pow_X_mod_P(m_value_p, m_value_x, m_value_g); m_value_K = G_pow_X_mod_P(m_value_p, m_value_x, m_value_A); ulong key_array = MAKELONGLONG_(m_value_A, m_value_B); KeyTransformValue(ref key_array, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_K)) & 0x03)); m_blowfish.Initialize(BitConverter.GetBytes(key_array)); m_client_key = MAKELONGLONG_(m_value_B, m_value_A); KeyTransformValue(ref m_client_key, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_B)) & 0x07)); byte[] tmp_bytes = m_blowfish.Encode(BitConverter.GetBytes(m_client_key)); m_client_key = BitConverter.ToUInt64(tmp_bytes, 0); } if (flags.handshake_response == 1) { m_challenge_key = packet_data.ReadUInt64(); ulong expected_challenge_key = MAKELONGLONG_(m_value_A, m_value_B); KeyTransformValue(ref expected_challenge_key, m_value_K, (byte)(LOBYTE_(LOWORD_(m_value_A)) & 0x07)); byte[] tmp_bytes = m_blowfish.Encode(BitConverter.GetBytes(expected_challenge_key)); expected_challenge_key = BitConverter.ToUInt64(tmp_bytes, 0); if (m_challenge_key != expected_challenge_key) { throw (new Exception("[SecurityAPI::Handshake] Server signature error.")); } KeyTransformValue(ref m_handshake_blowfish_key, m_value_K, 0x3); m_blowfish.Initialize(BitConverter.GetBytes(m_handshake_blowfish_key)); } // Generate the outgoing packet now if (flags.handshake == 1 && flags.handshake_response == 0) { // Check to see if we already started a handshake if (m_started_handshake || m_accepted_handshake) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (duplicate 0x5000).")); } // Handshake challenge //CA2000 dont care Packet response = new Packet(0x5000); response.WriteUInt32(m_value_B); response.WriteUInt64(m_client_key); m_outgoing_packets.Insert(0, response); // The handshake has started m_started_handshake = true; } else { // Check to see if we already accepted a handshake if (m_accepted_handshake) { throw (new Exception("[SecurityAPI::Handshake] Received an illogical handshake packet (duplicate 0x5000).")); } // Handshake accepted //CA2000 dont care Packet response1 = new Packet(0x9000); // Identify //CA2000 dont care Packet response2 = new Packet(0x2001, true, false); response2.WriteAscii(m_identity_name); response2.WriteUInt8(m_identity_flag); // Insert at the front, we want 0x9000 first, then 0x2001 m_outgoing_packets.Insert(0, response2); m_outgoing_packets.Insert(0, response1); // Mark the handshake as accepted now m_started_handshake = true; m_accepted_handshake = true; } } }
/// <summary> /// Sets the security /// </summary> /// <param name="flags"></param> public void SetSecurity(SecurityFlags flags) { m_Security = new Security(); m_Security.GenerateSecurity(flags.HasFlag(SecurityFlags.Blowfish), flags.HasFlag(SecurityFlags.SecurityBytes), flags.HasFlag(SecurityFlags.Handshake)); m_Security.ChangeIdentity("GatewayServer", 0); }
public SocketContext(Socket client, SecurityFlags flags) : this() { SetSocket(client); SetSecurity(flags); }
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert, ConnectionEnd entity, IEnumerable<string> knownProtocols, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; this.KnownProtocols = knownProtocols; this.Extensions = extensions; this.ExtensionList = FormExtsList(extensions); }