/// <summary> /// Find a key based on various parameters. /// </summary> /// <param name="enc_type">The encryption type.</param> /// <param name="name_type">The name type.</param> /// <param name="principal">The principal.</param> /// <param name="key_version">The key version.</param> /// <returns></returns> public KerberosKey FindKey(KerberosEncryptionType enc_type, KerberosNameType name_type, string principal, int key_version) { return(Keys.Where(k => k.KeyEncryption == enc_type && k.NameType == name_type && k.Principal.Equals(principal, StringComparison.OrdinalIgnoreCase) && k.Version == (uint)key_version).FirstOrDefault()); }
/// <summary> /// Derive a key from a password. /// </summary> /// <remarks>Not all encryption types are supported.</remarks> /// <param name="key_encryption">The key encryption to use.</param> /// <param name="password">The password to derice from.</param> /// <param name="iterations">Iterations for the password derivation.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="salt">Salt for the key.</param> /// <param name="version">Key Version Number (KVNO).</param> /// <returns></returns> public static KerberosAuthenticationKey DeriveKey(KerberosEncryptionType key_encryption, string password, int iterations, KerberosNameType name_type, string principal, string salt, uint version) { if (principal is null) { throw new ArgumentNullException(nameof(principal)); } byte[] key; switch (key_encryption) { case KerberosEncryptionType.ARCFOUR_HMAC_MD5: case KerberosEncryptionType.ARCFOUR_HMAC_MD5_56: case KerberosEncryptionType.ARCFOUR_HMAC_OLD: case KerberosEncryptionType.ARCFOUR_HMAC_OLD_EXP: key = MD4.CalculateHash(Encoding.Unicode.GetBytes(password)); break; case KerberosEncryptionType.AES128_CTS_HMAC_SHA1_96: key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 16); break; case KerberosEncryptionType.AES256_CTS_HMAC_SHA1_96: key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 32); break; default: throw new ArgumentException($"Unsupported key type {key_encryption}", nameof(key_encryption)); } return(new KerberosAuthenticationKey(key_encryption, key, name_type, principal, DateTime.Now, version)); }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="realm">The Realm for the key.</param> /// <param name="components">The name components for the key.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string realm, string[] components, DateTime timestamp, uint version) { KeyEncryption = key_encryption; _key = key; NameType = name_type; Realm = realm; Components = components; Timestamp = timestamp; Version = version; }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="realm">The Realm for the key.</param> /// <param name="components">The name components for the key.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string realm, IEnumerable <string> components, DateTime timestamp, uint version) { KeyEncryption = key_encryption; _key = (byte[])key.Clone(); NameType = name_type; Realm = realm; Components = components.ToArray(); Timestamp = timestamp; Version = version; }
private static KerberosPrincipalName ParseName(IntPtr ptr) { if (ptr == IntPtr.Zero) { return(new KerberosPrincipalName()); } KerberosNameType name_type = (KerberosNameType)Marshal.ReadInt16(ptr, 0); int count = Marshal.ReadInt16(ptr, 2); if (count == 0) { return(new KerberosPrincipalName(name_type, new string[0])); } var name = new SafeStructureInOutBuffer <KERB_EXTERNAL_NAME>(ptr, Marshal.SizeOf(typeof(KERB_EXTERNAL_NAME)) + Marshal.SizeOf(typeof(UnicodeStringOut)) * count, false); UnicodeStringOut[] names = new UnicodeStringOut[count]; name.Data.ReadArray(0, names, 0, count); return(new KerberosPrincipalName(name_type, names.Select(u => u.ToString()))); }
/// <summary> /// Constructor. /// </summary> /// <param name="name_type">The type of the principal name.</param> /// <param name="names">The list of names for the principal.</param> public KerberosPrincipalName(KerberosNameType name_type, IEnumerable <string> names) { NameType = name_type; Names = new List <string>(names).AsReadOnly(); }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key as a hex string.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, string key, KerberosNameType name_type, string principal, DateTime timestamp, uint version) : this(key_encryption, GetKey(key), name_type, principal, timestamp, version) { }
/// <summary> /// Constructor. /// </summary> /// <param name="key_encryption">The Key encryption type.</param> /// <param name="key">The key.</param> /// <param name="name_type">The key name type.</param> /// <param name="principal">Principal for key, in form TYPE/name@realm.</param> /// <param name="timestamp">Timestamp when key was created.</param> /// <param name="version">Key Version Number (KVNO).</param> public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type, string principal, DateTime timestamp, uint version) : this(key_encryption, key, name_type, GetRealm(principal), GetComponents(principal), timestamp, version) { }