コード例 #1
0
        /// <summary>
        /// Decode a Gss_Wrap token from security buffers
        /// </summary>
        /// <param name="context">The context of decoding</param>
        /// <param name="securityBuffers">Security buffers</param>
        /// <returns>The decoded Gss_Wrap token.</returns>
        internal static KerberosPdu GssUnWrapEx(KerberosContext context, SecurityBuffer[] securityBuffers)
        {
            KerberosPdu   pdu = null;
            EncryptionKey key = context.ContextKey;

            switch ((EncryptionType)key.keytype.Value)
            {
            case EncryptionType.AES128_CTS_HMAC_SHA1_96:
            case EncryptionType.AES256_CTS_HMAC_SHA1_96:
                var token4121Pdu = new Token4121(context);
                token4121Pdu.FromSecurityBuffers(securityBuffers);
                pdu = token4121Pdu;
                break;

            case EncryptionType.DES_CBC_CRC:
            case EncryptionType.DES_CBC_MD5:
            case EncryptionType.RC4_HMAC:
            case EncryptionType.RC4_HMAC_EXP:
                var token1964or4757Pdu = new Token1964_4757(context);
                token1964or4757Pdu.FromSecurityBuffers(securityBuffers);
                pdu = token1964or4757Pdu;
                break;

            default:
                throw new NotSupportedException("The Encryption Type can only be AES128_CTS_HMAC_SHA1_96, "
                                                + "AES256_CTS_HMAC_SHA1_96, DES_CBC_CRC, DES_CBC_MD5, RC4_HMAC or RC4_HMAC_EXP.");
            }

            return(pdu);
        }
コード例 #2
0
        internal static bool GssVerifyMicEx(KerberosContext context, SecurityBuffer[] securityBuffers, out KerberosPdu pdu)
        {
            pdu = null;
            bool          isVerified = true;
            EncryptionKey key        = context.ContextKey;

            switch ((EncryptionType)key.keytype.Value)
            {
            case EncryptionType.AES128_CTS_HMAC_SHA1_96:
            case EncryptionType.AES256_CTS_HMAC_SHA1_96:
                var micPdu4121 = new Token4121(context);
                try
                {
                    micPdu4121.FromSecurityBuffers(securityBuffers);
                }
                catch (FormatException)
                {
                    isVerified = false;
                }
                pdu = micPdu4121;
                break;

            case EncryptionType.DES_CBC_CRC:
            case EncryptionType.DES_CBC_MD5:
            case EncryptionType.RC4_HMAC:
            case EncryptionType.RC4_HMAC_EXP:
                var micPdu1964_4757 = new Token1964_4757(context);
                try
                {
                    micPdu1964_4757.FromSecurityBuffers(securityBuffers);
                }
                catch (FormatException)
                {
                    isVerified = false;
                }
                pdu = micPdu1964_4757;
                break;

            default:
                throw new NotSupportedException("The Encryption Type can only be AES128_CTS_HMAC_SHA1_96, "
                                                + "AES256_CTS_HMAC_SHA1_96, DES_CBC_CRC, DES_CBC_MD5, RC4_HMAC or RC4_HMAC_EXP.");
            }

            return(isVerified);
        }
コード例 #3
0
        /// <summary>
        /// This takes the given byte array, decrypts it, and returns
        /// the original, unencrypted byte array.
        /// </summary>
        /// <param name="kileRole">Represents client or server</param>
        /// <param name="securityBuffers">The security buffers to decrypt.</param>
        /// <exception cref="System.ArgumentException">Thrown when the data or token is not valid.</exception>
        internal static bool Decrypt(KileRole kileRole, params SecurityBuffer[] securityBuffers)
        {
            KilePdu pdu = kileRole.GssUnWrapEx(securityBuffers);

            byte[] decryptedMessage = null;

            if (pdu.GetType() == typeof(Token4121))
            {
                decryptedMessage = ((Token4121)pdu).Data;
            }
            else if (pdu.GetType() == typeof(Token1964_4757))
            {
                Token1964_4757 tokenData = (Token1964_4757)pdu;
                decryptedMessage = tokenData.Data;
                SspiUtility.UpdateSecurityBuffers(securityBuffers, SecurityBufferType.Padding, tokenData.paddingData);
            }
            // else do nothing

            return(true);
        }
コード例 #4
0
        /// <summary>
        /// Decrypt a request or response
        /// </summary>
        /// <param name="token">A token containing encrypted data.</param>
        /// <param name="sentFromClient">True if the token is a request, false is a response</param>
        /// <returns>Plain-text data.</returns>
        private byte[] Decrypt(byte[] token, bool sentFromClient)
        {
            KileContext context = sentFromClient ? (KileContext)kileDecoder.serverContext : (KileContext)kileDecoder.clientContext;
            KilePdu     pdu     = KileRole.GssUnWrap(context, token);

            Token4121 token4121Pdu = pdu as Token4121;

            if (token4121Pdu != null)
            {
                return(token4121Pdu.Data);
            }

            Token1964_4757 token1964or4757Pdu = pdu as Token1964_4757;

            if (token1964or4757Pdu != null)
            {
                return(token1964or4757Pdu.Data);
            }

            throw new InvalidOperationException("Token type is not supported.");
        }
コード例 #5
0
        private Token1964_4757 WrapToken1964_4757(GssTokenType tokenType, byte[] message, bool isEncrypted, SGN_ALG signAlgorithm)
        {
            var token = new Token1964_4757(Context);
            TokenHeader1964_4757 tokenHeader = new TokenHeader1964_4757();

            tokenHeader.filler  = KerberosConstValue.TOKEN_FILLER_2_BYTE;
            tokenHeader.sng_alg = signAlgorithm;

            switch (tokenType)
            {
            case GssTokenType.Wrap4757:
            {
                tokenHeader.tok_id   = TOK_ID.Wrap1964_4757;
                tokenHeader.seal_alg = isEncrypted ? SEAL_ALG.RC4 : SEAL_ALG.NONE;
            }
            break;

            case GssTokenType.Wrap1964:
            {
                tokenHeader.tok_id   = TOK_ID.Wrap1964_4757;
                tokenHeader.seal_alg = isEncrypted ? SEAL_ALG.DES : SEAL_ALG.NONE;
            }
            break;

            case GssTokenType.Mic1964_4757:
            {
                tokenHeader.tok_id   = TOK_ID.Mic1964_4757;
                tokenHeader.seal_alg = SEAL_ALG.NONE;
            }
            break;
            }
            token.TokenHeader = tokenHeader;
            token.Data        = message;

            return(token);
        }