Class: Rex::Proto::Gss::Kerberos::MessageEncryptor

Inherits:

Object

• Object
• Rex::Proto::Gss::Kerberos::MessageEncryptor

Defined in:

lib/rex/proto/gss/kerberos/message_encryptor.rb

Overview

Encrypt messages according to RFC4121 (Kerberos with GSS) Performs wrapping of tokens in the GSS structure, filler bytes, rotation and sequence number tracking and verification.

Instance Attribute Summary

• #decrypt_sequence_number ⇒ Object

  The sequence number we expect to see after decrypting, which is expected to be incremented for each message.

• #encrypt_sequence_number ⇒ Object

  The sequence number to use when we are encrypting, which should be incremented for each message.

• #encryptor ⇒ Object

  Rex::Proto::Kerberos::Crypto::*

  Encryption class for encrypting/decrypting messages.

• #is_initiator ⇒ Object

  Are we (the encryptor) also the initiator in this interaction (vs being the Acceptor) This refers to the term used in RFC2743/RFC4121.

• #key ⇒ Object

  Rex::Proto::Kerberos::Model::EncryptionKey

  The encryption key to use for encryption and decryption.

• #use_acceptor_subkey ⇒ Object

  Boolean

  Whether the acceptor subkey is used for these operations.

Instance Method Summary

• #decrypt_and_verify(data) ⇒ Object

  Decrypt a ciphertext, and verify its validity.

• #encrypt_and_increment(data) ⇒ String, Integer

  Encrypt the message, wrapping it in GSS structures, and increment the sequence number.

• #initialize(key, encrypt_sequence_number, decrypt_sequence_number, is_initiator: true, use_acceptor_subkey: true) ⇒ MessageEncryptor constructor

  A new instance of MessageEncryptor.

Constructor Details

#initialize(key, encrypt_sequence_number, decrypt_sequence_number, is_initiator: true, use_acceptor_subkey: true) ⇒ MessageEncryptor

Returns a new instance of MessageEncryptor.

Parameters:

• key (Rex::Proto::Kerberos::Model::EncryptionKey) —

  The encryption key used to perform encryption and decryption

• encrypt_sequence_number (Integer) —

  The starting sequence number used to encrypt messages

• decrypt_sequence_number (Integer) —

  The starting sequence number we expect to see when we decrypt messages

• is_initiator (Boolean) (defaults to: true) —

  Are we the initiator in this communication (used for setting flags and key usage values)

• use_acceptor_subkey (Boolean) (defaults to: true) —

  Are we using the subkey provided by the acceptor? (used for setting appropriate flags)

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 17

def initialize(key, encrypt_sequence_number, decrypt_sequence_number, is_initiator: true, use_acceptor_subkey: true)
  @key = key
  @encrypt_sequence_number = encrypt_sequence_number
  @decrypt_sequence_number = decrypt_sequence_number
  @is_initiator = is_initiator
  @use_acceptor_subkey = use_acceptor_subkey
  @encryptor = Rex::Proto::Kerberos::Crypto::Encryption::from_etype(key.type)
end

Instance Attribute Details

#decrypt_sequence_number ⇒ Object

The sequence number we expect to see after decrypting, which is expected to be incremented for each message

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 55

def decrypt_sequence_number
  @decrypt_sequence_number
end

#encrypt_sequence_number ⇒ Object

The sequence number to use when we are encrypting, which should be incremented for each message

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 50

def encrypt_sequence_number
  @encrypt_sequence_number
end

#encryptor ⇒ Object

Rex::Proto::Kerberos::Crypto::*

Encryption class for encrypting/decrypting messages

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 76

def encryptor
  @encryptor
end

#is_initiator ⇒ Object

Are we (the encryptor) also the initiator in this interaction (vs being the Acceptor) This refers to the term used in RFC2743/RFC4121

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 66

def is_initiator
  @is_initiator
end

#key ⇒ Object

Rex::Proto::Kerberos::Model::EncryptionKey

The encryption key to use for encryption and decryption

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 60

def key
  @key
end

#use_acceptor_subkey ⇒ Object

Boolean

Whether the acceptor subkey is used for these operations

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 71

def use_acceptor_subkey
  @use_acceptor_subkey
end

Instance Method Details

#decrypt_and_verify(data) ⇒ Object

Decrypt a ciphertext, and verify its validity

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 40

def decrypt_and_verify(data)
  result = encryptor.gss_unwrap(data, @key, @decrypt_sequence_number, @is_initiator, use_acceptor_subkey: @use_acceptor_subkey)
  @decrypt_sequence_number += 1

  result
end

#encrypt_and_increment(data) ⇒ String, Integer

Encrypt the message, wrapping it in GSS structures, and increment the sequence number

Returns:

• (String, Integer, Integer) —

  The encrypted data, the length of its header, and the length of padding added to it prior to encryption

# File 'lib/rex/proto/gss/kerberos/message_encryptor.rb', line 30

def encrypt_and_increment(data)
  result = encryptor.gss_wrap(data, @key, @encrypt_sequence_number, @is_initiator, use_acceptor_subkey: @use_acceptor_subkey)
  @encrypt_sequence_number += 1  
  
  result
end