// methods protected override void Decode(byte[] message) { base.Decode(message); short targetNameSize = BitConverterLE.ToInt16(message, 12); int targetNameOffset = BitConverterLE.ToInt32(message, 16); Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20); Buffer.BlockCopy(message, 24, _nonce, 0, 8); if (Version == NtlmVersion.Version1) { return; } Buffer.BlockCopy(message, 32, _context, 0, 8); short targetInfoSize = BitConverterLE.ToInt16(message, 40); int targetInfoOffset = BitConverterLE.ToInt32(message, 44); if (Version == NtlmVersion.Version3) { Buffer.BlockCopy(OSVersion, 0, message, 48, OSVersion.Length); } Encoding enc = (Flags & NtlmFlags.NegotiateUnicode) != 0 ? Encoding.Unicode : Encoding.UTF8; if (targetNameSize > 0) { TargetName = enc.GetString(message, targetNameOffset, targetNameSize); } _target.Decode(message, targetInfoOffset, targetInfoSize); }
public override void FromXmlString(string xmlString) { if (xmlString == null) { throw new ArgumentNullException("xmlString"); } DSAParameters dsaParams = new DSAParameters(); try { dsaParams.P = GetNamedParam(xmlString, "P"); dsaParams.Q = GetNamedParam(xmlString, "Q"); dsaParams.G = GetNamedParam(xmlString, "G"); dsaParams.J = GetNamedParam(xmlString, "J"); dsaParams.Y = GetNamedParam(xmlString, "Y"); dsaParams.X = GetNamedParam(xmlString, "X"); dsaParams.Seed = GetNamedParam(xmlString, "Seed"); byte[] counter = GetNamedParam(xmlString, "PgenCounter"); if (counter != null) { byte[] counter4b = new byte [4]; // always 4 bytes Buffer.BlockCopy(counter, 0, counter4b, 0, counter.Length); dsaParams.Counter = BitConverterLE.ToInt32(counter4b, 0); } ImportParameters(dsaParams); } catch { ZeroizePrivateKey(dsaParams); throw; } finally { ZeroizePrivateKey(dsaParams); } }
internal int ProcessFirstBlock() { if (this.fs == null) { return(1); } this.fs.Position = 0L; this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length); this.blockNo = 1; if (this.blockLength < 0x40) { return(2); } if (BitConverterLE.ToUInt16(this.fileblock, 0) != 0x5a4d) { return(3); } this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60); if (this.peOffset > this.fileblock.Length) { throw new NotSupportedException(string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length)); } if (this.peOffset > this.fs.Length) { return(4); } if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 0x4550) { return(5); } this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x98); this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x9c); this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12); return(0); }
internal int ProcessFirstBlock() { if (fs == null) { return(1); } fs.Position = 0; // read first block - it will include (100% sure) // the MZ header and (99.9% sure) the PE header blockLength = fs.Read(fileblock, 0, fileblock.Length); blockNo = 1; if (blockLength < 64) { return(2); // invalid PE file } // 1. Validate the MZ header informations // 1.1. Check for magic MZ at start of header if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D) { return(3); } // 1.2. Find the offset of the PE header peOffset = BitConverterLE.ToInt32(fileblock, 60); if (peOffset > fileblock.Length) { // just in case (0.1%) this can actually happen string msg = String.Format( "Размер заголовка слишком большой (> {0} байт).", fileblock.Length); throw new NotSupportedException(msg); } if (peOffset > fs.Length) { return(4); } // 2. Read between DOS header and first part of PE header // 2.1. Check for magic PE at start of header // PE - NT header ('P' 'E' 0x00 0x00) if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550) { return(5); } // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size) dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156); // COFF symbol tables are deprecated - we'll strip them if we see them! // (otherwise the signature won't work on MS and we don't want to support COFF for that) coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12); return(0); }
private bool Decode(byte[] pvk, string password) { if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758u) { return(false); } if (BitConverterLE.ToUInt32(pvk, 4) != 0u) { return(false); } this.keyType = BitConverterLE.ToInt32(pvk, 8); this.encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1u); int num = BitConverterLE.ToInt32(pvk, 16); int num2 = BitConverterLE.ToInt32(pvk, 20); byte[] array = new byte[num2]; Buffer.BlockCopy(pvk, 24 + num, array, 0, num2); if (num > 0) { if (password == null) { return(false); } byte[] array2 = new byte[num]; Buffer.BlockCopy(pvk, 24, array2, 0, num); byte[] array3 = this.DeriveKey(array2, password); RC4 rc = RC4.Create(); ICryptoTransform cryptoTransform = rc.CreateDecryptor(array3, null); cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8); try { this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); this.weak = false; } catch (CryptographicException) { this.weak = true; Buffer.BlockCopy(pvk, 24 + num, array, 0, num2); Array.Clear(array3, 5, 11); RC4 rc2 = RC4.Create(); cryptoTransform = rc2.CreateDecryptor(array3, null); cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8); this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); } Array.Clear(array3, 0, array3.Length); } else { this.weak = true; this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); Array.Clear(array, 0, array.Length); } Array.Clear(pvk, 0, pvk.Length); return(this.rsa != null); }
public JSImplGuid(byte[] b) { JSImplGuid.CheckArray(b, 16); this._a = BitConverterLE.ToInt32(b, 0); this._b = BitConverterLE.ToInt16(b, 4); this._c = BitConverterLE.ToInt16(b, 6); this._d = b[8]; this._e = b[9]; this._f = b[10]; this._g = b[11]; this._h = b[12]; this._i = b[13]; this._j = b[14]; this._k = b[15]; }
private bool Decode(byte[] pvk, string password) { if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758U || BitConverterLE.ToUInt32(pvk, 4) != 0U) { return(false); } this.keyType = BitConverterLE.ToInt32(pvk, 8); this.encrypted = BitConverterLE.ToUInt32(pvk, 12) == 1U; int int32_1 = BitConverterLE.ToInt32(pvk, 16); int int32_2 = BitConverterLE.ToInt32(pvk, 20); byte[] numArray = new byte[int32_2]; Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2); if (int32_1 > 0) { if (password == null) { return(false); } byte[] salt = new byte[int32_1]; Buffer.BlockCopy((Array)pvk, 24, (Array)salt, 0, int32_1); byte[] rgbKey = this.DeriveKey(salt, password); RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8); try { this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); this.weak = false; } catch (CryptographicException) { this.weak = true; Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2); Array.Clear((Array)rgbKey, 5, 11); RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8); this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); } Array.Clear((Array)rgbKey, 0, rgbKey.Length); } else { this.weak = true; this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); Array.Clear((Array)numArray, 0, numArray.Length); } Array.Clear((Array)pvk, 0, pvk.Length); return(this.rsa != null); }
internal bool ReadFirstBlock() { if (this.fs == null) { return(false); } this.fs.Position = 0L; this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length); this.blockNo = 1; if (this.blockLength < 64) { return(false); } if (BitConverterLE.ToUInt16(this.fileblock, 0) != 23117) { return(false); } this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60); if (this.peOffset > this.fileblock.Length) { string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length); throw new NotSupportedException(message); } if ((long)this.peOffset > this.fs.Length) { return(false); } if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 17744u) { return(false); } this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 152); this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 156); this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12); return(true); }
/// <summary>Reconstructs a <see cref="T:System.Security.Cryptography.DSA" /> object from an XML string.</summary> /// <param name="xmlString">The XML string to use to reconstruct the <see cref="T:System.Security.Cryptography.DSA" /> object. </param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="xmlString" /> parameter is null. </exception> /// <exception cref="T:System.Security.Cryptography.CryptographicException">The format of the <paramref name="xmlString" /> parameter is not valid. </exception> public override void FromXmlString(string xmlString) { if (xmlString == null) { throw new ArgumentNullException("xmlString"); } DSAParameters parameters = default(DSAParameters); try { parameters.P = AsymmetricAlgorithm.GetNamedParam(xmlString, "P"); parameters.Q = AsymmetricAlgorithm.GetNamedParam(xmlString, "Q"); parameters.G = AsymmetricAlgorithm.GetNamedParam(xmlString, "G"); parameters.J = AsymmetricAlgorithm.GetNamedParam(xmlString, "J"); parameters.Y = AsymmetricAlgorithm.GetNamedParam(xmlString, "Y"); parameters.X = AsymmetricAlgorithm.GetNamedParam(xmlString, "X"); parameters.Seed = AsymmetricAlgorithm.GetNamedParam(xmlString, "Seed"); byte[] namedParam = AsymmetricAlgorithm.GetNamedParam(xmlString, "PgenCounter"); if (namedParam != null) { byte[] array = new byte[4]; Buffer.BlockCopy(namedParam, 0, array, 0, namedParam.Length); parameters.Counter = BitConverterLE.ToInt32(array, 0); } this.ImportParameters(parameters); } catch { this.ZeroizePrivateKey(parameters); throw; } finally { this.ZeroizePrivateKey(parameters); } }
internal int ProcessFirstBlock() { if (fs == null) { return(1); } fs.Position = 0L; blockLength = fs.Read(fileblock, 0, fileblock.Length); blockNo = 1; if (blockLength < 64) { return(2); } if (BitConverterLE.ToUInt16(fileblock, 0) != 23117) { return(3); } peOffset = BitConverterLE.ToInt32(fileblock, 60); if (peOffset > fileblock.Length) { string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), fileblock.Length); throw new NotSupportedException(message); } if (peOffset > fs.Length) { return(4); } if (BitConverterLE.ToUInt32(fileblock, peOffset) != 17744) { return(5); } dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156); coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12); return(0); }
private bool Decode(byte[] pvk, string password) { // DWORD magic if (BitConverterLE.ToUInt32(pvk, 0) != magic) { return(false); } // DWORD reserved if (BitConverterLE.ToUInt32(pvk, 4) != 0x0) { return(false); } // DWORD keytype keyType = BitConverterLE.ToInt32(pvk, 8); // DWORD encrypted encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1); // DWORD saltlen int saltlen = BitConverterLE.ToInt32(pvk, 16); // DWORD keylen int keylen = BitConverterLE.ToInt32(pvk, 20); byte[] keypair = new byte [keylen]; Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen); // read salt (if present) if (saltlen > 0) { if (password == null) { return(false); } byte[] salt = new byte [saltlen]; Buffer.BlockCopy(pvk, 24, salt, 0, saltlen); // first try with full (128) bits byte[] key = DeriveKey(salt, password); // decrypt in place and try this RC4 rc4 = RC4.Create(); ICryptoTransform dec = rc4.CreateDecryptor(key, null); dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8); try { rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair); weak = false; } catch (CryptographicException) { weak = true; // second chance using weak crypto Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen); // truncate the key to 40 bits Array.Clear(key, 5, 11); // decrypt RC4 rc4b = RC4.Create(); dec = rc4b.CreateDecryptor(key, null); dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8); rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair); } Array.Clear(key, 0, key.Length); } else { weak = true; // read unencrypted keypair rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair); Array.Clear(keypair, 0, keypair.Length); } // zeroize pvk (which could contain the unencrypted private key) Array.Clear(pvk, 0, pvk.Length); return(rsa != null); }
internal int ProcessFirstBlock() { if (fs == null) { return(1); } fs.Position = 0; // read first block - it will include (100% sure) // the MZ header and (99.9% sure) the PE header blockLength = fs.Read(fileblock, 0, fileblock.Length); blockNo = 1; if (blockLength < 64) { return(2); // invalid PE file } // 1. Validate the MZ header informations // 1.1. Check for magic MZ at start of header if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D) { return(3); } // 1.2. Find the offset of the PE header peOffset = BitConverterLE.ToInt32(fileblock, 60); if (peOffset > fileblock.Length) { // just in case (0.1%) this can actually happen // FIXME This does not mean the file is invalid, // just that this code cannot handle it. // FIXME Read the entire file into memory. // See earlier comments. string msg = String.Format(Locale.GetText( "Header size too big (> {0} bytes)."), fileblock.Length); throw new NotSupportedException(msg); } // FIXME This verifies that PE starts within the file, // but not that it fits. if (peOffset > fs.Length) { return(4); } // 2. Read between DOS header and first part of PE header // 2.1. Check for magic PE at start of header // PE - NT header ('P' 'E' 0x00 0x00) if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550) { return(5); } // PE signature is followed by 20 byte file header, and // then 2 byte magic 0x10B for PE32 or 0x20B for PE32+, // or 0x107 for the obscure ROM case. // FIXME The code historically ignored this magic value // entirely, so we only treat 0x20B differently to maintain // this dubious behavior. // FIXME The code also lacks range checks in a number of places, // and will access arrays out of bounds for valid files. ushort magic = BitConverterLE.ToUInt16(fileblock, peOffset + 24); const int IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B; pe64 = magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC; // FIXME This fails to validate NumberOfRvasAndSizes. // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size) // These offsets are from the documentation, but add 24 for // PE signature and file header. if (pe64) { dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 168); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 168 + 4); } else { dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156); } // FIXME Remove this code and the dependency on it. coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12); return(0); }