public void ParsePaPkAsReq_SignedAuthPack_ParseAuthPack() { KrbPaPkAsReq asreq = KrbPaPkAsReq.Decode(signedPkAsReq); SignedCms signedCms = new SignedCms(); signedCms.Decode(asreq.SignedAuthPack.ToArray()); signedCms.CheckSignature(verifySignatureOnly: true); KrbAuthPack authPack = KrbAuthPack.Decode(signedCms.ContentInfo.Content); Assert.IsNotNull(authPack); var param = authPack.ClientPublicValue.Algorithm.Parameters.Value; var b64 = Convert.ToBase64String(param.ToArray()); var domainParams = KrbDiffieHellmanDomainParameters.DecodeSpecial(param); Assert.IsNotNull(domainParams); var special = domainParams.EncodeSpecial(); Assert.IsTrue(special.Span.SequenceEqual(param.ToArray())); var decodedPk = CryptEncode.CryptDecodePublicParameter(authPack.ClientPublicValue.SubjectPublicKey).Slice(16); }
private static KrbAuthPack ValidateAuthPack(PreAuthenticationContext preauth, PkInitState state) { state.Cms.CheckSignature(verifySignatureOnly: true); preauth.Principal.Validate(state.Cms.Certificates); var authPack = KrbAuthPack.Decode(state.Cms.ContentInfo.Content); return(authPack); }
private static async Task <KrbAuthPack> ValidateAuthPack(IKerberosPrincipal principal, KrbPaPkAsReq pkreq) { SignedCms signedCms = new SignedCms(); signedCms.Decode(pkreq.SignedAuthPack.ToArray()); signedCms.CheckSignature(verifySignatureOnly: true); await principal.Validate(signedCms.Certificates); var authPack = KrbAuthPack.Decode(signedCms.ContentInfo.Content); return(authPack); }
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body) { using (var sha1 = CryptoPal.Platform.Sha1()) { var encoded = body.Encode(); var paChecksum = sha1.ComputeHash(encoded.Span); var parametersAreCached = this.CacheKeyAgreementParameters(this.agreement); if (parametersAreCached) { var etype = GetPreferredEType(body.EType, this.Configuration.Defaults.AllowWeakCrypto); if (etype is null) { throw new InvalidOperationException("Cannot find a common EType"); } this.clientDHNonce = GenerateNonce(etype.Value, this.agreement.PublicKey.KeyLength); } var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(this.agreement); var authPack = new KrbAuthPack { PKAuthenticator = new KrbPKAuthenticator { Nonce = body.Nonce, PaChecksum = paChecksum }, ClientPublicValue = new KrbSubjectPublicKeyInfo { Algorithm = new KrbAlgorithmIdentifier { Algorithm = DiffieHellman, Parameters = domainParams.EncodeSpecial() }, SubjectPublicKey = this.agreement.PublicKey.EncodePublicKey() }, ClientDHNonce = this.clientDHNonce }; return(authPack); } }
private KrbAuthPack CreateDiffieHellmanAuthPack(KrbKdcReqBody body) { using (var sha1 = CryptoPal.Platform.Sha1()) { var encoded = body.Encode(); var paChecksum = sha1.ComputeHash(encoded.Span); var parametersAreCached = CacheKeyAgreementParameters(agreement); if (parametersAreCached) { clientDHNonce = GenerateNonce(body.EType.First(), agreement.PublicKey.KeyLength); } var domainParams = KrbDiffieHellmanDomainParameters.FromKeyAgreement(agreement); var authPack = new KrbAuthPack { PKAuthenticator = new KrbPKAuthenticator { Nonce = body.Nonce, PaChecksum = paChecksum }, ClientPublicValue = new KrbSubjectPublicKeyInfo { Algorithm = new KrbAlgorithmIdentifier { Algorithm = DiffieHellman, Parameters = domainParams.EncodeSpecial() }, SubjectPublicKey = agreement.PublicKey.EncodePublicKey() }, ClientDHNonce = clientDHNonce }; return(authPack); } }