Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/proto/kerberos/crypto.rb
33084 views
1
# -*- coding: binary -*-

2
# frozen_string_literal: true

3


4
require 'rex/proto/kerberos/crypto/rc4_hmac'

5
require 'rex/proto/kerberos/crypto/rsa_md5'

6


7
module Rex

8
  module Proto

9
    module Kerberos

10
      module Crypto

11
        # https://datatracker.ietf.org/doc/html/rfc4120#section-7.5.1 - A unique number used as part of encryption to make certain types of

12
        # cryptographic attacks harder

13
        module KeyUsage

14
          AS_REQ_PA_ENC_TIMESTAMP                        = 1

15
          KDC_REP_TICKET                                 = 2

16
          AS_REP_ENCPART                                 = 3

17
          TGS_REQ_KDC_REQ_BODY_AUTHDATA_SESSION_KEY      = 4

18
          TGS_REQ_KDC_REQ_BODY_AUTHDATA_SUB_KEY          = 5

19
          TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR_CHKSUM = 6

20
          TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR        = 7

21
          TGS_REP_ENCPART_SESSION_KEY                    = 8

22
          TGS_REP_ENCPART_AUTHENTICATOR_SUB_KEY          = 9

23
          AP_REQ_AUTHENTICATOR_CHKSUM                    = 10

24
          AP_REQ_AUTHENTICATOR                           = 11

25
          AP_REP_ENCPART                                 = 12

26
          KRB_PRIV_ENCPART                               = 13

27
          KRB_CRED_ENCPART                               = 14

28
          KRB_SAFE_CHKSUM                                = 15

29
          KERB_NON_KERB_SALT                             = 16

30
          KERB_NON_KERB_CKSUM_SALT                       = 17

31
          GSS_ACCEPTOR_SEAL                              = 22

32
          GSS_ACCEPTOR_SIGN                              = 23

33
          GSS_INITIATOR_SEAL                             = 24

34
          GSS_INITIATOR_SIGN                             = 25

35
          PA_S4U_X509_USER                               = 26

36
        end

37


38
        module Checksum

39
          RSA_MD5 = 7

40
          MD5_DES = 8

41
          SHA1_DES3 = 12

42
          SHA1_AES128 = 15

43
          SHA1_AES256 = 16

44
          HMAC_MD5 = -138

45


46
          def self.from_checksum_type(ctype)

47
            checksummers = {

48
              RSA_MD5     => Rex::Proto::Kerberos::Crypto::RsaMd5,

49
              MD5_DES     => Rex::Proto::Kerberos::Crypto::DesCbcMd5,

50
              SHA1_DES3   => Rex::Proto::Kerberos::Crypto::Des3CbcSha1,

51
              SHA1_AES128 => Rex::Proto::Kerberos::Crypto::Aes128CtsSha1,

52
              SHA1_AES256 => Rex::Proto::Kerberos::Crypto::Aes256CtsSha1,

53
              HMAC_MD5    => Rex::Proto::Kerberos::Crypto::Rc4Hmac,

54
              0xffffff76  => Rex::Proto::Kerberos::Crypto::Rc4Hmac, # Negative 138 two's complement

55
            }

56
            result = checksummers[ctype]

57
            raise ::NotImplementedError, 'Checksum type is not supported' if result == nil

58


59
            result.new

60
          end

61


62
        end

63


64
        # https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml

65
        module Encryption

66
          DES_CBC_CRC = 1

67
          DES_CBC_MD4 = 2

68
          DES_CBC_MD5 = 3

69
          DES3_CBC_SHA1 = 16

70
          AES128 = 17

71
          AES256 = 18

72
          RC4_HMAC = 23

73


74
          # Mapping of encryption type numbers to the human readable text description by IANA

75
          # https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml

76
          IANA_NAMES = {

77
            DES_CBC_CRC => 'des-cbc-crc',

78
            DES_CBC_MD4 => 'des-cbc-md4',

79
            DES_CBC_MD5 => 'des-cbc-md5',

80
            DES3_CBC_SHA1 => 'des3-cbc-sha1-kd',

81
            AES128 => 'aes128-cts-hmac-sha1-96',

82
            AES256 => 'aes256-cts-hmac-sha1-96',

83
            RC4_HMAC => 'rc4-hmac'

84
          }

85


86
          # The default etypes to offer to the Kerberos server when none is provided

87
          DefaultOfferedEtypes = [AES256, AES128, RC4_HMAC, DES_CBC_MD5, DES3_CBC_SHA1]

88
          PkinitEtypes = [AES256, AES128]

89


90
          # The individual etype used by an encryptor when none is provided

91
          DefaultEncryptionType = RC4_HMAC

92


93
          ENCRYPTORS = {

94
            DES_CBC_MD5 =>   Rex::Proto::Kerberos::Crypto::DesCbcMd5,

95
            DES3_CBC_SHA1 => Rex::Proto::Kerberos::Crypto::Des3CbcSha1,

96
            RC4_HMAC =>      Rex::Proto::Kerberos::Crypto::Rc4Hmac,

97
            AES128 =>        Rex::Proto::Kerberos::Crypto::Aes128CtsSha1,

98
            AES256 =>        Rex::Proto::Kerberos::Crypto::Aes256CtsSha1,

99
          }

100
          private_constant :ENCRYPTORS

101


102
          SUPPORTED_ENCRYPTIONS = ENCRYPTORS.keys

103


104
          #

105
          # Return a string representation of the constant for a number

106
          #

107
          # @param [Integer] code

108
          def self.const_name(code)

109
            (self.constants - [:DefaultEncryptionType]).each do |c|

110
              return c.to_s if self.const_get(c) == code

111
            end

112
            return nil

113
          end

114


115
          # Return a integer value for the given encryption const name

116
          #

117
          # @param [String] const_name

118
          def self.value_for(const_name)

119
            self.const_get(const_name)

120
          end

121


122
          # @param [Integer] etype

123
          # @return [Rex::Proto::Kerberos::Crypto::BlockCipherBase]

124
          def self.from_etype(etype)

125
            result = ENCRYPTORS[etype]

126
            raise ::NotImplementedError, "EncryptedData schema #{etype.inspect} is not supported" if result == nil

127


128
            result.new

129
          end

130
        end

131
      end

132
    end

133
  end

134
end

135


136