private void UpdateContext(KerberosTgsResponse response)
 {
     if (response.Response != null)
     {
         if (response.Response.padata != null && response.Response.padata.Elements != null)
         {
             foreach (PA_DATA paData in response.Response.padata.Elements)
             {
                 var parsedPaData = PaDataParser.ParseRepPaData(paData);
                 if (parsedPaData is PaFxFastRep)
                 {
                     var armoredRep = ((PaFxFastRep)parsedPaData).GetArmoredRep();
                     var kerbRep    = ((PaFxFastRep)parsedPaData).GetKerberosFastRep(Context.FastArmorkey);
                     var strKey     = kerbRep.FastResponse.strengthen_key;
                     Context.ReplyKey = KerberosUtility.KrbFxCf2(strKey, Context.ReplyKey, "strengthenkey", "replykey");
                 }
             }
         }
         KeyUsageNumber usage =
             Context.Subkey == null ? KeyUsageNumber.TGS_REP_encrypted_part : KeyUsageNumber.TGS_REP_encrypted_part_subkey;
         response.DecryptTgsResponse(Context.ReplyKey.keyvalue.ByteArrayValue, usage);
         Context.SessionKey = response.EncPart.key;
         //Fix me: when hide-client-names is set to true, response.Response.cname is not the real CName.
         Context.Ticket        = new KerberosTicket(response.Response.ticket, response.Response.cname, response.EncPart.key);
         Context.SelectedEType = (EncryptionType)Context.Ticket.Ticket.enc_part.etype.Value;
     }
 }
 public void DecryptTgsResponse(byte[] key, KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part)
 {
     var encryptType = (EncryptionType)Response.enc_part.etype.Value;
     var encPartRawData = KerberosUtility.Decrypt(
         encryptType,
         key,
         Response.enc_part.cipher.ByteArrayValue,
         (int)usage);
     EncPart = new EncTGSRepPart();
     EncPart.BerDecode(new Asn1DecodingBuffer(encPartRawData));
     KerberosUtility.OnDumpMessage("KRB5:TGS-REP(enc-part)",
         "Encrypted part of TGS-REP",
         KerberosUtility.DumpLevel.PartialMessage,
         encPartRawData);
 }
        public void DecryptTgsResponse(byte[] key, KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part)
        {
            var encryptType    = (EncryptionType)Response.enc_part.etype.Value;
            var encPartRawData = KerberosUtility.Decrypt(
                encryptType,
                key,
                Response.enc_part.cipher.ByteArrayValue,
                (int)usage);

            EncPart = new EncTGSRepPart();
            EncPart.BerDecode(new Asn1DecodingBuffer(encPartRawData));
            KerberosUtility.OnDumpMessage("KRB5:TGS-REP(enc-part)",
                                          "Encrypted part of TGS-REP",
                                          KerberosUtility.DumpLevel.PartialMessage,
                                          encPartRawData);
        }
示例#4
0
        private KerberosTgsResponse ExpectTgsResponse(KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part)
        {
            var response = this.client.ExpectPdu(KerberosConstValue.TIMEOUT_DEFAULT, typeof(KerberosTgsResponse));

            if (response == null || !(response is KerberosTgsResponse))
            {
                throw new Exception("Expected KerberosAsResponse data is null");
            }

            KerberosTgsResponse tgsResponse = response as KerberosTgsResponse;

            if (this.Context.ReplyKey == null)
            {
                throw new Exception("Reply key is null");
            }

            tgsResponse.DecryptTgsResponse(this.Context.ReplyKey.keyvalue.ByteArrayValue, usage);
            return(tgsResponse);
        }
        /// <summary>
        /// Create an instance.
        /// </summary>
        public KerberosApRequest(long pvno, APOptions ap_options, KerberosTicket ticket, Authenticator authenticator, KeyUsageNumber keyUsageNumber)
        {
            Asn1BerEncodingBuffer asnBuffPlainAuthenticator = new Asn1BerEncodingBuffer();
            authenticator.BerEncode(asnBuffPlainAuthenticator, true);
            KerberosUtility.OnDumpMessage("KRB5:Authenticator",
                "Authenticator in AP-REQ structure",
                 KerberosUtility.DumpLevel.PartialMessage,
                 asnBuffPlainAuthenticator.Data);
            byte[] encAsnEncodedAuth = KerberosUtility.Encrypt((EncryptionType)ticket.SessionKey.keytype.Value,
                                    ticket.SessionKey.keyvalue.ByteArrayValue,
                                    asnBuffPlainAuthenticator.Data,
                                    (int)keyUsageNumber);
            var encrypted = new EncryptedData();
            encrypted.etype = new KerbInt32(ticket.SessionKey.keytype.Value);
            encrypted.cipher = new Asn1OctetString(encAsnEncodedAuth);

            long msg_type = (long)MsgType.KRB_AP_REQ;
            Request = new AP_REQ(new Asn1Integer(pvno), new Asn1Integer(msg_type), ap_options, ticket.Ticket, encrypted);
            Authenticator = authenticator;
        }
示例#6
0
        private KerberosApRequest CreateApRequest(APOptions option, KerberosTicket ticket, EncryptionKey subKey, AuthorizationData data, KeyUsageNumber keyUsageNumber, ChecksumType checksumType, byte[] checksumBody)
        {
            Authenticator     authenticator = CreateAuthenticator(ticket, data, subKey, checksumType, checksumBody);
            KerberosApRequest apRequest     = new KerberosApRequest(Context.Pvno, option, ticket, authenticator, keyUsageNumber);

            return(apRequest);
        }
示例#7
0
        /// <summary>
        /// Create an instance.
        /// </summary>
        public KerberosApRequest(long pvno, APOptions ap_options, KerberosTicket ticket, Authenticator authenticator, KeyUsageNumber keyUsageNumber)
        {
            Asn1BerEncodingBuffer asnBuffPlainAuthenticator = new Asn1BerEncodingBuffer();

            authenticator.BerEncode(asnBuffPlainAuthenticator, true);
            KerberosUtility.OnDumpMessage("KRB5:Authenticator",
                                          "Authenticator in AP-REQ structure",
                                          KerberosUtility.DumpLevel.PartialMessage,
                                          asnBuffPlainAuthenticator.Data);
            byte[] encAsnEncodedAuth = KerberosUtility.Encrypt((EncryptionType)ticket.SessionKey.keytype.Value,
                                                               ticket.SessionKey.keyvalue.ByteArrayValue,
                                                               asnBuffPlainAuthenticator.Data,
                                                               (int)keyUsageNumber);
            var encrypted = new EncryptedData();

            encrypted.etype  = new KerbInt32(ticket.SessionKey.keytype.Value);
            encrypted.cipher = new Asn1OctetString(encAsnEncodedAuth);

            long msg_type = (long)MsgType.KRB_AP_REQ;

            Request       = new AP_REQ(new Asn1Integer(pvno), new Asn1Integer(msg_type), ap_options, ticket.Ticket, encrypted);
            Authenticator = authenticator;
        }
 private KerberosApRequest CreateApRequest(APOptions option, KerberosTicket ticket, EncryptionKey subkey, AuthorizationData data, KeyUsageNumber keyUsageNumber, ChecksumType checksumType, byte[] checksumBody)
 {
     Authenticator authenticator = CreateAuthenticator(ticket, data, subkey, checksumType, checksumBody);
     KerberosApRequest apReq = new KerberosApRequest(Context.Pvno, option, ticket, authenticator, keyUsageNumber);
     return apReq;
 }
 /// <summary>
 /// Receive a TGS response
 /// </summary>
 /// <param name="usage">Key usage number to decrypt TGS response</param>
 /// <returns></returns>
 public KerberosTgsResponse ExpectTgsResponse(KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part)
 {
     var response = this.ExpectPdu(KerberosConstValue.TIMEOUT_DEFAULT, typeof(KerberosTgsResponse));
     this.testSite.Assert.IsNotNull(response, "Response should not be null");
     this.testSite.Assert.IsInstanceOfType(response, typeof(KerberosTgsResponse), "Response type mismatch");
     KerberosTgsResponse tgsResponse = response as KerberosTgsResponse;
     this.testSite.Log.Add(LogEntryKind.Debug, "Receive TGS response.");
     this.testSite.Assume.IsNotNull(Context.ReplyKey, "Reply key should not be null.");
     tgsResponse.DecryptTgsResponse(Context.ReplyKey.keyvalue.ByteArrayValue, usage);
     return tgsResponse;
 }