class GSSAPIHeader_KRB5_AP_REP(univ.Sequence):
tagSet = univ.Sequence.tagSet.tagImplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0))
componentType = namedtype.NamedTypes(
namedtype.NamedType('tokenOid', univ.ObjectIdentifier()),
# Actualy this is a constant 0x0002, but this decodes as an asn1 integer
namedtype.NamedType('krb5_ap_rep', univ.Integer()),
namedtype.NamedType('apRep', AP_REP()),
)
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet=decoder.decode(
negTokenResp['ResponseToken'][15:], asn1Spec=KRB_ERROR())[0])
except Exception:
pass
else:
raise krbError
ap_rep = decoder.decode(negTokenResp['ResponseToken'],
asn1Spec=AP_REP())[0]
cipherText = ap_rep['enc-part']['cipher']
# Key Usage 12
# AP-REP encrypted part (includes application session
# subkey), encrypted with the application session key
# (Section 5.5.2)
plainText = cipher.decrypt(sessionKey, 12, cipherText)
encAPRepPart = decoder.decode(plainText, asn1Spec=EncAPRepPart())[0]
cipher = _enctype_table[int(encAPRepPart['subkey']['keytype'])]()
sessionKey2 = Key(cipher.enctype,
encAPRepPart['subkey']['keyvalue'].asOctets())
sequenceNumber = int(encAPRepPart['seq-number'])
encAPRepPart['subkey'].clear()
encAPRepPart = encAPRepPart.clone()
now = datetime.datetime.utcnow()
encAPRepPart['cusec'] = now.microsecond
encAPRepPart['ctime'] = KerberosTime.to_asn1(now)
encAPRepPart['seq-number'] = sequenceNumber
encodedAuthenticator = encoder.encode(encAPRepPart)
encryptedEncodedAuthenticator = cipher.encrypt(sessionKey, 12,
encodedAuthenticator, None)
ap_rep['enc-part'].clear()
ap_rep['enc-part']['etype'] = cipher.enctype
ap_rep['enc-part']['cipher'] = encryptedEncodedAuthenticator
resp = SPNEGO_NegTokenResp()
resp['ResponseToken'] = encoder.encode(ap_rep)
return cipher, sessionKey2, resp.getData()
# DCE RPC Helpers
################################################################################
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet=decoder.decode(
negTokenResp['ResponseToken'][15:], asn1Spec=KRB_ERROR())[0])
except Exception, e:
pass
else:
raise krbError
ap_rep = decoder.decode(negTokenResp['ResponseToken'],
asn1Spec=AP_REP())[0]
cipherText = str(ap_rep['enc-part']['cipher'])
# Key Usage 12
# AP-REP encrypted part (includes application session
# subkey), encrypted with the application session key
# (Section 5.5.2)
plainText = cipher.decrypt(sessionKey, 12, cipherText)
encAPRepPart = decoder.decode(plainText, asn1Spec=EncAPRepPart())[0]
cipher = _enctype_table[int(encAPRepPart['subkey']['keytype'])]()
sessionKey2 = Key(cipher.enctype, str(encAPRepPart['subkey']['keyvalue']))
sequenceNumber = str(encAPRepPart['seq-number'])
################################################################################
# DCE RPC Helpers
################################################################################
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
except Exception, e:
pass
else:
raise krbError
ap_rep = decoder.decode(negTokenResp['ResponseToken'], asn1Spec=AP_REP())[0]
cipherText = str(ap_rep['enc-part']['cipher'])
# Key Usage 12
# AP-REP encrypted part (includes application session
# subkey), encrypted with the application session key
# (Section 5.5.2)
plainText = cipher.decrypt(sessionKey, 12, cipherText)
encAPRepPart = decoder.decode(plainText, asn1Spec = EncAPRepPart())[0]
cipher = _enctype_table[int(encAPRepPart['subkey']['keytype'])]()
sessionKey2 = Key(cipher.enctype, str(encAPRepPart['subkey']['keyvalue']))
sequenceNumber = str(encAPRepPart['seq-number'])
class NegoExKerberos(univ.Choice):
componentType = NamedTypes(NamedType('ApReq', AP_REQ()),
NamedType('ApRep', AP_REP()),
NamedType('AsReq', AsReq()))