コード例 #1
0
        public static byte[] Decrypt(byte[] bytes, Dictionary<ulong, Smb2CryptoInfo> cryptoInfoTable, Smb2Role role)
        {
            Transform_Header transformHeader = Smb2Utility.UnmarshalStructure<Transform_Header>(bytes);

            if (transformHeader.SessionId == 0 || !cryptoInfoTable.ContainsKey(transformHeader.SessionId))
                throw new InvalidOperationException("Invalid SessionId in TRANSFORM_HEADER.");

            Smb2CryptoInfo cryptoInfo = cryptoInfoTable[transformHeader.SessionId];

            using (var bcrypt = new BCryptAlgorithm("AES"))
            {
                int nonceLength = 0;
                BCryptCipherMode mode = BCryptCipherMode.NotAvailable;
                GetCryptoParams(cryptoInfo, CryptoOperationType.Decrypt, out mode, out nonceLength);
                bcrypt.Mode = mode;
                bcrypt.Key = role == Smb2Role.Server ? cryptoInfo.ServerInKey : cryptoInfo.ServerOutKey;
                return bcrypt.Decrypt(bytes.Skip(52).ToArray(), transformHeader.Nonce.ToByteArray().Take(nonceLength).ToArray(), bytes.Skip(20).Take(32).ToArray(), transformHeader.Signature);
            }
        }
コード例 #2
0
        /// <summary>
        /// Decrypt a byte array. 
        /// Many data in NRPC struct is required to be encrypted.
        /// </summary>
        /// <param name="isAesNegotiated">
        /// Is AES negotiated during secure channel setup. 
        /// If AES is not negotiated, use RC4 to decrypt.
        /// </param>
        /// <param name="sessionKey">
        /// Session key.
        /// </param>
        /// <param name="buffer">
        /// Buffer to decrypt.
        /// </param>
        /// <returns>
        /// Decrypted buffer.
        /// </returns>
        /// <exception cref="ArgumentNullException">
        /// Thrown when sessionKey or buffer is null.
        /// </exception>
        /// <exception cref="ArgumentException">
        /// Thrown when session key length is incorrect.
        /// </exception>
        public static byte[] DecryptBuffer(
            bool isAesNegotiated,
            byte[] sessionKey,
            byte[] buffer)
        {
            if (sessionKey == null)
            {
                throw new ArgumentNullException("sessionKey");
            }
            if (buffer == null)
            {
                throw new ArgumentNullException("buffer");
            }
            if (sessionKey.Length != NETLOGON_SESSION_KEY_LENGTH)
            {
                throw new ArgumentException("Session key length is incorrect.", "sessionKey");
            }

            if (isAesNegotiated)
            {
                using (BCryptAlgorithm aes = new BCryptAlgorithm("AES"))
                {
                    aes.Mode = BCryptCipherMode.CFB;
                    aes.Key = sessionKey;
                    aes.IV = new byte[aes.BlockSize];
                    return aes.Decrypt(buffer);
                }
            }
            else
            {
                using (RC4 rc4 = RC4.Create())
                {
                    rc4.Key = sessionKey;
                    return rc4.CreateDecryptor().TransformFinalBlock(buffer, 0, buffer.Length);
                }
            }
        }
コード例 #3
0
        /// <summary>
        /// validate netlogon signature token when AES is negotiated
        /// </summary>
        /// <param name="sequenceNumber">sequence number</param>
        /// <param name="sessionKey">session key</param>
        /// <param name="requestConfidentiality">confidentiality is required or not</param>
        /// <param name="isClientSideOutbound">Is client side outbound message.</param>
        /// <param name="securityBuffers">
        /// Security buffer, contains plain-text if requestConfidentiality is false; 
        /// or cipher-text if requestConfidentiality is true; 
        /// and signature.
        /// </param>
        /// <returns>true if validate success; otherwise, false.</returns>
        private static bool ValidateNetlogonSignatureTokenWhenAesIsNegotiated(
            ref ulong sequenceNumber,
            byte[] sessionKey,
            bool requestConfidentiality,
            bool isClientSideOutbound,
            SecurityBuffer[] securityBuffers)
        {
            byte[] plainText;
            byte[] cipherText;
            byte[] token;

            //If AES is negotiated, a server receives an NL_AUTH_SHA2_SIGNATURE structure
            token = SspiUtility.ConcatenateSecurityBuffers(securityBuffers, SecurityBufferType.Token);
            NL_AUTH_SHA2_SIGNATURE nlAuthSha2Sign = TypeMarshal.ToStruct<NL_AUTH_SHA2_SIGNATURE>(token);

            //The SignatureAlgorithm bytes MUST be verified to ensure:
            //If AES is negotiated, the first byte is set to 0x13.
            //The second byte is set to 0x00
            if (nlAuthSha2Sign.SignatureAlgorithm != NL_AUTH_SHA2_SIGNATURE_SignatureAlgorithm_Values.HMACSHA256)
            {
                return false;
            }

            if (requestConfidentiality)
            {
                //If the Confidentiality option is requested from the application,
                //then the SealAlgorithm MUST be verified to ensure that
                //if AES is negotiated, the first byte is set to 0x1A;
                //The second byte is set to 0x00.
                if (nlAuthSha2Sign.SealAlgorithm != NL_AUTH_SHA2_SIGNATURE_SealAlgorithm_Values.AES128)
                {
                    return false;
                }
            }
            else
            {
                //If the Confidentiality option is not requested,
                //then the SealAlgorithm MUST be verified to contain all 0xff bytes.
                if (nlAuthSha2Sign.SealAlgorithm != NL_AUTH_SHA2_SIGNATURE_SealAlgorithm_Values.NotEncrypted)
                {
                    return false;
                }
            }

            //The Pad MUST be verified to contain all 0xff bytes.
            if (nlAuthSha2Sign.Pad != NL_AUTH_SHA2_SIGNATURE_Pad_Values.V1)
            {
                return false;
            }

            //The Flags data MAY be<86> disregarded.

            //The SequenceNumber MUST be decrypted.
            //If AES is negotiated, then the server MUST use the AES128 algorithm
            //and a key of SessionKey and an initialization vector constructed
            //by concatenating the checksum with itself (thus getting 16 bytes of data).
            using (BCryptAlgorithm aes = new BCryptAlgorithm("AES"))
            {
                aes.Mode = BCryptCipherMode.CFB;
                aes.Key = sessionKey;
                aes.IV = ArrayUtility.ConcatenateArrays(
                    nlAuthSha2Sign.Checksum,
                    nlAuthSha2Sign.Checksum);
                nlAuthSha2Sign.SequenceNumber = aes.Decrypt(nlAuthSha2Sign.SequenceNumber);
            }

            //A local copy of SequenceNumber MUST be computed using the following algorithm.
            byte[] copySequenceNumber = ComputeCopySequenceNumber(sequenceNumber, isClientSideOutbound);

            //The SequenceNumber MUST be compared to CopySeqNumber.
            if (!ArrayUtility.CompareArrays(
                    copySequenceNumber,
                    nlAuthSha2Sign.SequenceNumber))
            {
                return false;
            }

            //ServerSequenceNumber MUST be incremented.
            sequenceNumber += 1;

            if (requestConfidentiality)
            {
                //If the Confidentiality option is requested,
                //the Confounder and the data MUST be decrypted.
                byte[] aesEncryptionKey = ComputeEncryptionKeyWhenAesIsNegotiated(sessionKey);

                using (BCryptAlgorithm aes = new BCryptAlgorithm("AES"))
                {
                    aes.Mode = BCryptCipherMode.CFB;
                    aes.Key = aesEncryptionKey;
                    aes.IV = ArrayUtility.ConcatenateArrays(
                        nlAuthSha2Sign.SequenceNumber,
                        nlAuthSha2Sign.SequenceNumber);
                    nlAuthSha2Sign.Confounder = aes.Decrypt(nlAuthSha2Sign.Confounder);

                    cipherText = SspiUtility.ConcatenateReadWriteSecurityBuffers(
                        securityBuffers,
                        SecurityBufferType.Data);
                    plainText = aes.Decrypt(cipherText);
                }

                SspiUtility.UpdateSecurityBuffers(securityBuffers, SecurityBufferType.Data, plainText);
            }

            //Compute signature
            plainText = ConcatenateSecurityBuffersForChecksum(securityBuffers);
            byte[] checksum = ComputeSignatureWhenAesIsNegotiated(
                nlAuthSha2Sign,
                sessionKey,
                requestConfidentiality,
                plainText);

            //The first 8 bytes of the computed signature MUST be compared to the checksum.
            if (checksum != null
                && checksum.Length >= NL_AUTH_SIGNATURE_CHECKSUM_LENGTH
                && nlAuthSha2Sign.Checksum != null
                && nlAuthSha2Sign.Checksum.Length >= NL_AUTH_SIGNATURE_CHECKSUM_LENGTH)
            {
                for (int i = 0; i < NL_AUTH_SIGNATURE_CHECKSUM_LENGTH; i++)
                {
                    if (checksum[i] != nlAuthSha2Sign.Checksum[i])
                    {
                        return false;
                    }
                }
            }

            return true;
        }