Class: Rex::Proto::Kerberos::Model::Authenticator

Inherits:
Element
  • Object
show all
Defined in:
lib/rex/proto/kerberos/model/authenticator.rb

Overview

This class provides a representation of an Authenticator, sent with a ticket to the server to certify the client’s knowledge of the encryption key in the ticket.

Constant Summary

Constants included from Rex::Proto::Kerberos::Model

AP_REP, AP_REQ, AS_REP, AS_REQ, AUTHENTICATOR, ENC_AP_REP_PART, ENC_KRB_CRED_PART, KRB_CRED, KRB_ERROR, TGS_REP, TGS_REQ, TICKET, VERSION

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Element

attr_accessor, attributes, #attributes, decode, #initialize

Constructor Details

This class inherits a constructor from Rex::Proto::Kerberos::Model::Element

Instance Attribute Details

#checksumRex::Proto::Kerberos::Model::Checksum

accompanies the KRB_AP_REQ.

Returns:



24
25
26
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 24

def checksum
  @checksum
end

#cnameRex::Proto::Kerberos::Model::PrincipalName

identifier

Returns:



20
21
22
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 20

def cname
  @cname
end

#crealmString

Returns The realm in which the client is registered.

Returns:

  • (String)

    The realm in which the client is registered



16
17
18
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 16

def crealm
  @crealm
end

#ctimeTime

Returns The current time of the client’s host.

Returns:

  • (Time)

    The current time of the client's host



30
31
32
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 30

def ctime
  @ctime
end

#cusecInteger

Returns The microsecond part of the client’s timestamp.

Returns:

  • (Integer)

    The microsecond part of the client's timestamp



27
28
29
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 27

def cusec
  @cusec
end

#enc_key_usageRex::Proto::Kerberos::Crypto::KeyUsage, Integer

Returns The enc key usage number for this authenticator.

Returns:



37
38
39
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 37

def enc_key_usage
  @enc_key_usage
end

#sequence_numberInteger

Returns The initial sequence number to be used for future communications.

Returns:

  • (Integer)

    The initial sequence number to be used for future communications



40
41
42
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 40

def sequence_number
  @sequence_number
end

#subkeyRex::Proto::Kerberos::Model::EncryptionKey

key which is to be used to protect this specific application session

Returns:



34
35
36
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 34

def subkey
  @subkey
end

#vnoInteger

Returns The authenticator version number.

Returns:

  • (Integer)

    The authenticator version number



13
14
15
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 13

def vno
  @vno
end

Instance Method Details

#decode(input) ⇒ self

Decodes the Rex::Proto::Kerberos::Model::Authenticator from an input

Parameters:

  • input (String, OpenSSL::ASN1::ASN1Data)

    the input to decode from

Returns:

  • (self)

    if decoding succeeds

Raises:



47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 47

def decode(input)
  case input
  when String
    decode_string(input)
  when OpenSSL::ASN1::ASN1Data
    decode_asn1(input)
  else
    raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode Authenticator, invalid input'
  end

  self
end

#encodeString

Encodes the Rex::Proto::Kerberos::Model::Authenticator into an ASN.1 String

Returns:

  • (String)


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 63

def encode
  elems = []
  elems << OpenSSL::ASN1::ASN1Data.new([encode_vno], 0, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_crealm], 1, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 2, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_checksum], 3, :CONTEXT_SPECIFIC) if checksum
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cusec], 4, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_ctime], 5, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_subkey], 6, :CONTEXT_SPECIFIC) if subkey
  elems << OpenSSL::ASN1::ASN1Data.new([encode_sequence_number], 7, :CONTEXT_SPECIFIC) if sequence_number

  seq = OpenSSL::ASN1::Sequence.new(elems)
  seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], AUTHENTICATOR, :APPLICATION)

  seq_asn1.to_der
end

#encrypt(etype, key) ⇒ String

Encrypts the Rex::Proto::Kerberos::Model::Authenticator

Parameters:

  • etype (Integer)

    the crypto schema to encrypt

  • key (String)

    the key to encrypt

Returns:

  • (String)

    the encrypted result

Raises:

  • (NotImplementedError)

    if the encryption schema isn't supported



86
87
88
89
90
91
92
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 86

def encrypt(etype, key)
  raise ::Rex::Proto::Kerberos::Model::Error::KerberosError, 'Missing enc_key_usage' unless enc_key_usage

  data = self.encode
  encryptor = Rex::Proto::Kerberos::Crypto::Encryption::from_etype(etype)
  encryptor.encrypt(data, key, enc_key_usage)
end