Class: Rex::Proto::Gss::ChannelBinding

Inherits:
Net::NTLM::ChannelBinding
  • Object
show all
Defined in:
lib/rex/proto/gss/channel_binding.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(channel_data, unique_prefix: 'tls-server-end-point', digest_algorithm: 'SHA256') ⇒ ChannelBinding

Returns a new instance of ChannelBinding.



6
7
8
9
10
 
# File 'lib/rex/proto/gss/channel_binding.rb', line 6

def initialize(channel_data, unique_prefix: 'tls-server-end-point', digest_algorithm: 'SHA256')
  super(channel_data)
  @unique_prefix = unique_prefix
  @digest_algorithm = digest_algorithm
end

Instance Attribute Details

#digest_algorithmObject (readonly)

Returns the value of attribute digest_algorithm.



5
6
7
 
# File 'lib/rex/proto/gss/channel_binding.rb', line 5

def digest_algorithm
  @digest_algorithm
end

Class Method Details

.create(peer_cert) ⇒ Object 



16
17
18
 
# File 'lib/rex/proto/gss/channel_binding.rb', line 16

def self.create(peer_cert)
  super(peer_cert.to_der)
end

.from_tls_cert(peer_cert) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/rex/proto/gss/channel_binding.rb', line 20

def self.from_tls_cert(peer_cert)
  digest_algorithm = 'SHA256'
  if peer_cert.signature_algorithm
    # see: https://learn.microsoft.com/en-us/archive/blogs/openspecification/ntlm-and-channel-binding-hash-aka-extended-protection-for-authentication
    normalized_name = OpenSSL::Digest.new(peer_cert.signature_algorithm).name.upcase
    unless %[ MD5 SHA1 ].include?(normalized_name)
      digest_algorithm = normalized_name
    end
  end

  new(peer_cert.to_der, unique_prefix: 'tls-server-end-point', digest_algorithm: digest_algorithm)
end

Instance Method Details

#channel_hashObject 



12
13
14
 
# File 'lib/rex/proto/gss/channel_binding.rb', line 12

def channel_hash
  @channel_hash ||= OpenSSL::Digest.new(@digest_algorithm, channel)
end