Class: Rex::Proto::Kerberos::Crypto::Des3CbcSha1

Inherits:
BlockCipherBase show all
Includes:
Asn1Utils
Defined in:
lib/rex/proto/kerberos/crypto/des3_cbc_sha1.rb

Constant Summary collapse

SEED_SIZE =
21
BLOCK_SIZE =
8
PADDING_SIZE =
8
MAC_SIZE =
20
HASH_FUNCTION =
'SHA1'

Instance Method Summary collapse

Methods included from Asn1Utils

#truncate_nulls_after_asn1

Methods inherited from BlockCipherBase

#add_ones_complement, #checksum, #decrypt, #encrypt, #gss_unwrap, #gss_wrap, #rotate_right

Instance Method Details

#decrypt_asn1(ciphertext, key, msg_type) ⇒ Object



32
33
34
35
# File 'lib/rex/proto/kerberos/crypto/des3_cbc_sha1.rb', line 32

def decrypt_asn1(ciphertext, key, msg_type)
  result = decrypt(ciphertext, key, msg_type)
  padding_removed = truncate_nulls_after_asn1(result)
end

#expand(seed) ⇒ Object



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/rex/proto/kerberos/crypto/des3_cbc_sha1.rb', line 63

def expand(seed)
  def parity(b)
    # Return b with the low-order bit set to yield odd parity.
    b &= ~1
    b | (b.digits(2).count(1) + 1) % 2
  end
  
  raise Rex::Proto::Kerberos::Model::Error::KerberosError unless seed.length == 7
        
  firstbytes = seed.map {|b| parity(b & ~1)}
  tmp = 7.times.map { |i| (seed[i] & 1) << i+1 }
  lastbyte = parity(tmp.sum)
  keybytes = firstbytes + [lastbyte]
  if _is_weak_des_key(keybytes)
    keybytes[7] = keybytes[7] ^ 0xF0
  end
  
  keybytes
end

#parity(b) ⇒ Object



64
65
66
67
68
# File 'lib/rex/proto/kerberos/crypto/des3_cbc_sha1.rb', line 64

def parity(b)
  # Return b with the low-order bit set to yield odd parity.
  b &= ~1
  b | (b.digits(2).count(1) + 1) % 2
end

#string_to_key(string, salt, params: nil) ⇒ String

Derive an encryption key based on a password and salt for the given cipher type

Parameters:

  • string (Stringl The password to use as the basis for key generation)

    tring [Stringl The password to use as the basis for key generation

  • salt (String)

    A salt (usually based on domain and username)

  • params (String) (defaults to: nil)

    Unused for this encryption type

Returns:

  • (String)

    The derived key

Raises:



22
23
24
25
26
27
28
29
30
# File 'lib/rex/proto/kerberos/crypto/des3_cbc_sha1.rb', line 22

def string_to_key(string, salt, params: nil)
  raise Rex::Proto::Kerberos::Model::Error::KerberosError, 'Params not supported for DES' unless params == nil
  utf8_encoded = (string + salt).encode('UTF-8').bytes
  k = random_to_key(nfold(utf8_encoded, 21))
  k = k.pack('C*')
  result = derive(k, 'kerberos'.encode('UTF-8'))

  result
end