internal static bool Parse(byte[] data, out KerberosAuthorizationDataEncryptionNegotiation entry) { entry = null; DERValue[] values = DERParser.ParseData(data, 0); if (!values.CheckValueSequence()) { return(false); } List <KerberosEncryptionType> enc_types = new List <KerberosEncryptionType>(); try { foreach (var next in values[0].Children) { if (!next.CheckPrimitive(UniversalTag.INTEGER)) { return(false); } enc_types.Add((KerberosEncryptionType)next.ReadInteger()); } } catch (InvalidDataException) { return(false); } entry = new KerberosAuthorizationDataEncryptionNegotiation(data, enc_types.AsReadOnly()); return(true); }
internal static bool TryParse(KERB_EXTERNAL_TICKET ticket, out KerberosExternalTicket result) { result = null; try { var ret = new KerberosExternalTicket(); ret.ServiceName = ParseName(ticket.ServiceName); ret.TargetName = ParseName(ticket.TargetName); ret.ClientName = ParseName(ticket.ClientName); ret.DomainName = ticket.DomainName.ToString(); ret.TargetDomainName = ticket.TargetDomainName.ToString(); ret.AltTargetDomainName = ticket.AltTargetDomainName.ToString(); ret.SessionKey = ParseKey(ret.ServiceName, ret.DomainName, ticket.SessionKey); ret.TicketFlags = (KerberosTicketFlags)ticket.TicketFlags.SwapEndian(); ret.Flags = ticket.Flags; ret.KeyExpirationTime = ticket.KeyExpirationTime.ToDateTime(); ret.StartTime = ticket.StartTime.ToDateTime(); ret.EndTime = ticket.EndTime.ToDateTime(); ret.RenewUntil = ticket.RenewUntil.ToDateTime(); ret.TimeSkew = new TimeSpan(ticket.TimeSkew.QuadPart); byte[] ticket_data = ticket.ReadTicket(); DERValue[] values = DERParser.ParseData(ticket_data, 0); if (values.Length != 1) { return(false); } ret.Ticket = KerberosTicket.Parse(values[0], ticket_data); result = ret; return(true); } catch (InvalidDataException) { return(false); } }
internal static NtResult <AuthenticodeCertificate> Parse(byte[] data, bool throw_on_error) { try { var cms = new SignedCms(); cms.Decode(data); if (cms.ContentInfo.ContentType.Value != SPC_INDIRECT_DATA_OBJID) { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <AuthenticodeCertificate>(throw_on_error)); } var values = DERParser.ParseData(cms.ContentInfo.Content, 0); if (values.Length < 1) { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <AuthenticodeCertificate>(throw_on_error)); } return(new AuthenticodeCertificate(cms.Certificates.Cast <X509Certificate2>(), CheckForPageHash(values[0])).CreateResult()); } catch (EndOfStreamException) { return(NtStatus.STATUS_END_OF_FILE.CreateResultFromError <AuthenticodeCertificate>(throw_on_error)); } catch (CryptographicException) { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <AuthenticodeCertificate>(throw_on_error)); } catch (InvalidDataException) { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <AuthenticodeCertificate>(throw_on_error)); } }
internal static bool Parse(KerberosEncryptedData orig_data, byte[] decrypted, out KerberosEncryptedData ticket) { ticket = null; try { DERValue[] values = DERParser.ParseData(decrypted, 0); if (values.Length != 1) { return(false); } DERValue value = values[0]; if (!value.CheckApplication(27) || !value.HasChildren()) { return(false); } if (!value.Children[0].CheckSequence()) { return(false); } var ret = new KerberosAPReplyEncryptedPart(orig_data); foreach (var next in value.Children[0].Children) { if (next.Type != DERTagType.ContextSpecific) { return(false); } switch (next.Tag) { case 0: ret.ClientTime = next.ReadChildGeneralizedTime(); break; case 1: ret.ClientUSec = next.ReadChildInteger(); break; case 2: if (!next.HasChildren()) { return(false); } ret.SubKey = KerberosAuthenticationKey.Parse(next.Children[0], string.Empty, new KerberosPrincipalName()); break; case 3: ret.SequenceNumber = next.ReadChildInteger(); break; default: return(false); } } ticket = ret; } catch (InvalidDataException) { return(false); } catch (EndOfStreamException) { return(false); } return(true); }
private static bool CheckForPageHash(DERValue root) { if (!root.CheckSequence() || !root.HasChildren()) { return(false); } root = root.Children[0]; if (!root.CheckSequence() || !root.HasChildren()) { return(false); } if (root.Children.Length < 2 || root.ReadChildObjID() != SPC_PE_IMAGE_DATAOBJ || !root.Children[1].CheckSequence()) { return(false); } root = root.Children[1]; if (root.Children.Length < 2 || !root.Children[0].CheckPrimitive(UniversalTag.BIT_STRING) || !root.Children[1].CheckContext(0)) { return(false); } root = root.Children[1]; if (root.Children.Length < 1 || !root.Children[0].CheckContext(1)) { return(false); } root = root.Children[0]; if (root.Children.Length < 2 || !root.Children[0].CheckPrimitive(UniversalTag.OCTET_STRING) || !root.Children[1].CheckPrimitive(UniversalTag.OCTET_STRING)) { return(false); } if (root.Children[0].Data.Length != 16) { return(false); } if (new Guid(root.Children[0].Data) != SPCSERIALIZED_OBJECT) { return(false); } DERValue[] values = DERParser.ParseData(root.Children[1].Data, 0); if (values.Length < 1) { return(false); } var objid = values[0].GetChild(0)?.GetChild(0); if (!objid?.CheckPrimitive(UniversalTag.OBJECT_IDENTIFIER) ?? false) { return(false); } string objid_value = objid.Value.ReadObjID(); return(objid_value == SPC_PE_IMAGE_PAGE_HASHES_V1_OBJID || objid_value == SPC_PE_IMAGE_PAGE_HASHES_V2_OBJID); }
internal static bool Parse(byte[] data, out KerberosAuthorizationDataRestrictionEntry entry) { entry = null; DERValue[] values = DERParser.ParseData(data, 0); if (!values.CheckValueSequence()) { return(false); } values = values[0].Children; if (!values.CheckValueSequence()) { return(false); } byte[] lsap_data = null; try { foreach (var next in values[0].Children) { if (next.Type != DERTagType.ContextSpecific) { return(false); } switch (next.Tag) { case 0: // Ignore, should always be 0. break; case 1: lsap_data = next.ReadChildOctetString(); break; } } } catch (InvalidDataException) { return(false); } if (lsap_data == null || lsap_data.Length != 40) { return(false); } int flags = BitConverter.ToInt32(lsap_data, 0); int il = BitConverter.ToInt32(lsap_data, 4); byte[] machine_id = new byte[32]; Buffer.BlockCopy(lsap_data, 8, machine_id, 0, 32); entry = new KerberosAuthorizationDataRestrictionEntry(data, (KerberosRestrictionEntryFlags)flags, (TokenIntegrityLevel)il, machine_id); return(true); }
/// <summary> /// Try and parse data into an Negotiate authentication token. /// </summary> /// <param name="data">The data to parse.</param> /// <param name="token">The Negotiate authentication token.</param> /// <param name="client">True if this is a token from a client.</param> /// <param name="token_count">The token count number.</param> /// <returns>True if parsed successfully.</returns> internal static bool TryParse(byte[] data, int token_count, bool client, out NegotiateAuthenticationToken token) { token = null; try { byte[] token_data; if (GSSAPIUtils.TryParse(data, out token_data, out string oid)) { if (oid != OIDValues.SPNEGO) { return(false); } } else { token_data = data; } DERValue[] values = DERParser.ParseData(token_data, 0); if (values.Length != 1 || values[0].Type != DERTagType.ContextSpecific) { return(false); } if (values[0].CheckContext(0)) { return(ParseInit(data, values[0].Children, token_count, client, out token)); } else if (values[0].CheckContext(1)) { return(ParseResp(data, values[0].Children, token_count, client, out token)); } else { return(false); } } catch (EndOfStreamException) { } catch (InvalidDataException) { } return(false); }
internal static bool Parse(byte[] data, out KerberosChecksum checksum) { checksum = null; try { KerberosChecksumGSSApi ret = new KerberosChecksumGSSApi(KerberosChecksumType.GSSAPI, data); BinaryReader reader = new BinaryReader(new MemoryStream(data)); int binding_length = reader.ReadInt32(); ret.ChannelBinding = reader.ReadAllBytes(binding_length); ret.ContextFlags = (KerberosChecksumGSSApiFlags)reader.ReadInt32(); if (ret.ContextFlags.HasFlagSet(KerberosChecksumGSSApiFlags.Delegate)) { ret.DelegationOptionIdentifier = reader.ReadUInt16(); int cred_length = reader.ReadUInt16(); byte[] cred = reader.ReadAllBytes(cred_length); DERValue[] values = DERParser.ParseData(cred, 0); if (!KerberosCredential.TryParse(cred, values, out KerberosCredential cred_token)) { return(false); } ret.Credentials = cred_token; } if (reader.RemainingLength() > 0) { ret.Extensions = reader.ReadToEnd(); } checksum = ret; return(true); } catch (EndOfStreamException) { } return(false); }
internal static KerberosAuthorizationData Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } return(Parse(values[0].Children[0])); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { return(entry); } } return(new KerberosAuthorizationData(type, data)); }
internal static bool Parse(KerberosTicket orig_ticket, KerberosEncryptedData orig_data, byte[] decrypted, KerberosKeySet keyset, out KerberosEncryptedData ticket) { ticket = null; try { DERValue[] values = DERParser.ParseData(decrypted, 0); if (values.Length != 1) { return(false); } DERValue value = values[0]; if (!value.CheckApplication(2) || !value.HasChildren()) { return(false); } if (!value.Children[0].CheckSequence()) { return(false); } var ret = new KerberosAuthenticator(orig_data); foreach (var next in value.Children[0].Children) { if (next.Type != DERTagType.ContextSpecific) { return(false); } switch (next.Tag) { case 0: if (next.ReadChildInteger() != 5) { return(false); } break; case 1: ret.ClientRealm = next.ReadChildGeneralString(); break; case 2: if (!next.Children[0].CheckSequence()) { return(false); } ret.ClientName = KerberosPrincipalName.Parse(next.Children[0]); break; case 3: if (!next.Children[0].CheckSequence()) { return(false); } ret.Checksum = KerberosChecksum.Parse(next.Children[0]); break; case 4: ret.ClientUSec = next.ReadChildInteger(); break; case 5: ret.ClientTime = next.ReadChildGeneralizedTime(); break; case 6: if (!next.HasChildren()) { return(false); } ret.SubKey = KerberosAuthenticationKey.Parse(next.Children[0], orig_ticket.Realm, orig_ticket.ServerName); break; case 7: ret.SequenceNumber = next.ReadChildInteger(); break; case 8: if (!next.HasChildren()) { return(false); } ret.AuthorizationData = KerberosAuthorizationData.ParseSequence(next.Children[0]); break; default: return(false); } } if (ret.Checksum is KerberosChecksumGSSApi gssapi && gssapi.Credentials != null) { KerberosKeySet tmp_keyset = new KerberosKeySet(keyset.AsEnumerable() ?? new KerberosAuthenticationKey[0]); if (ret.SubKey != null) { tmp_keyset.Add(ret.SubKey); } gssapi.Decrypt(tmp_keyset); } ticket = ret; } catch (InvalidDataException) { return(false); } catch (EndOfStreamException) { return(false); } return(true); }
internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>(); if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } ret.AddRange(values[0].Children.SelectMany(c => Parse(c))); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS) { if (KerberosAuthorizationDataApOptions.Parse(data, out KerberosAuthorizationDataApOptions entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME) { if (KerberosAuthorizationDataTargetName.Parse(data, out KerberosAuthorizationDataTargetName entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.KERB_LOCAL) { if (KerberosAuthorizationDataKerbLocal.Parse(data, out KerberosAuthorizationDataKerbLocal entry)) { ret.Add(entry); } } if (ret.Count == 0) { ret.Add(new KerberosAuthorizationData(type, data)); } return(ret); }
internal static bool Parse(KerberosTicket orig_ticket, byte[] decrypted, KerberosKeySet keyset, out KerberosTicket ticket) { ticket = null; try { DERValue[] values = DERParser.ParseData(decrypted, 0); if (values.Length != 1) { return(false); } DERValue value = values[0]; if (!value.CheckApplication(3) || !value.HasChildren()) { return(false); } if (!value.Children[0].CheckSequence()) { return(false); } var ret = new KerberosTicketDecrypted(orig_ticket); foreach (var next in value.Children[0].Children) { if (next.Type != DERTagType.ContextSpecific) { return(false); } switch (next.Tag) { case 0: ret.Flags = ConvertTicketFlags(next.ReadChildBitString()); break; case 1: if (!next.HasChildren()) { return(false); } ret.Key = KerberosAuthenticationKey.Parse(next.Children[0], orig_ticket.Realm, orig_ticket.ServerName); keyset.Add(ret.Key); break; case 2: ret.ClientRealm = next.ReadChildGeneralString(); break; case 3: if (!next.Children[0].CheckSequence()) { return(false); } ret.ClientName = KerberosPrincipalName.Parse(next.Children[0]); break; case 4: if (!next.HasChildren()) { return(false); } ret.TransitedType = KerberosTransitedEncoding.Parse(next.Children[0]); break; case 5: ret.AuthTime = next.ReadChildGeneralizedTime(); break; case 6: ret.StartTime = next.ReadChildGeneralizedTime(); break; case 7: ret.EndTime = next.ReadChildGeneralizedTime(); break; case 8: ret.RenewTill = next.ReadChildGeneralizedTime(); break; case 9: if (!next.HasChildren()) { return(false); } ret.HostAddresses = KerberosHostAddress.ParseSequence(next.Children[0]); break; case 10: if (!next.HasChildren()) { return(false); } ret.AuthorizationData = KerberosAuthorizationData.ParseSequence(next.Children[0]); break; default: return(false); } } ticket = ret; } catch (InvalidDataException) { return(false); } catch (EndOfStreamException) { return(false); } return(true); }
private protected ASN1AuthenticationToken(byte[] data) : this(data, DERParser.ParseData(data, 0)) { }