rex 2.0.5 → 2.0.7

data/lib/rex/proto/kerberos/model/encryption_key.rb

@@ -0,0 +1,106 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos EncryptionKey data
+        # definition
+        class EncryptionKey < Element
+
+          # @!attribute key
+          #   @return [Fixnum] The type of encryption key
+          attr_accessor :type
+          # @!attribute value
+          #   @return [String] the key itself
+          attr_accessor :value
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptionKey
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode EncryptionKey, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::EncryptionKey into an
+          # ASN.1 String
+          #
+          # @return [String]
+          def encode
+            elems = []
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_type], 0, :CONTEXT_SPECIFIC)
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_value], 1, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new(elems)
+
+            seq.to_der
+          end
+
+          private
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptionKey from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptionKey from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          def decode_asn1(input)
+            seq_values = input.value
+            self.type = decode_type(seq_values[0])
+            self.value = decode_value(seq_values[1])
+          end
+
+          # Decodes the type from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_type(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the value from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [String]
+          def decode_value(input)
+            input.value[0].value
+          end
+
+          # Encodes the type field
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_type
+            bn = OpenSSL::BN.new(type.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the value field
+          #
+          # @return [OpenSSL::ASN1::OctetString]
+          def encode_value
+            OpenSSL::ASN1::OctetString.new(value)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/kdc_request.rb

@@ -0,0 +1,166 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos KDC-REQ (request) data
+        # definition
+        class KdcRequest < Element
+          # @!attribute pvno
+          #   @return [Fixnum] The protocol version number
+          attr_accessor :pvno
+          # @!attribute msg_type
+          #   @return [Fixnum] The type of a protocol message
+          attr_accessor :msg_type
+          # @!attribute pa_data
+          #   @return [Array<Rex::Proto::Kerberos::Model::PreAuthData>] Authentication information which may
+          #   be needed before credentials can be issued or decrypted
+          attr_accessor :pa_data
+          # @!attribute req_body
+          #   @return [Rex::Proto::Kerberos::Model:::KdcRequestBody] The request body
+          attr_accessor :req_body
+
+          # Decodes the Rex::Proto::Kerberos::Model::KdcRequest from an input
+          #
+          # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::ASN1Data
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode KdcRequest, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes the Rex::Proto::Kerberos::Model::KdcRequest into an ASN.1 String
+          #
+          # @return [String]
+          def encode
+            pvno_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pvno], 1, :CONTEXT_SPECIFIC)
+            msg_type_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_msg_type], 2, :CONTEXT_SPECIFIC)
+            pa_data_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pa_data], 3, :CONTEXT_SPECIFIC)
+            req_body_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_req_body], 4, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new([pvno_asn1, msg_type_asn1, pa_data_asn1, req_body_asn1])
+            seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], msg_type, :APPLICATION)
+            seq_asn1.to_der
+          end
+
+          private
+
+          # Encodes the pvno field
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_pvno
+            bn = OpenSSL::BN.new(pvno.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the msg_type field
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_msg_type
+            bn = OpenSSL::BN.new(msg_type.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the pa_data field
+          #
+          # @return [String]
+          def encode_pa_data
+            elems = []
+            pa_data.each do |data|
+              elems << data.encode
+            end
+
+            OpenSSL::ASN1::Sequence.new(elems)
+          end
+
+          # Encodes the req_body field
+          #
+          # @return [String]
+          def encode_req_body
+            req_body.encode
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::KdcRequest from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::KdcRequest
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_asn1(input)
+            input.value[0].value.each do |val|
+              case val.tag
+              when 1
+                self.pvno = decode_asn1_pvno(val)
+              when 2
+                self.msg_type = decode_asn1_msg_type(val)
+              when 3
+                self.pa_data  = decode_asn1_pa_data(val)
+              when 4
+                self.req_body = decode_asn1_req_body(val)
+              else
+                raise ::RuntimeError, 'Filed to decode KdcRequest SEQUENCE'
+              end
+            end
+          end
+
+          # Decodes the pvno from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_asn1_pvno(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the msg_type from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_asn1_msg_type(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the pa_data from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Array<Rex::Proto::Kerberos::Model::PreAuthData>]
+          def decode_asn1_pa_data(input)
+            pre_auth = []
+            input.value[0].value.each do |pre_auth_data|
+              pre_auth << Rex::Proto::Kerberos::Model::PreAuthData.decode(pre_auth_data)
+            end
+
+            pre_auth
+          end
+
+          # Decodes the req_body from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::KdcRequestBody]
+          def decode_asn1_req_body(input)
+            Rex::Proto::Kerberos::Model::KdcRequestBody.decode(input.value[0])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/kdc_request_body.rb

@@ -0,0 +1,315 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos KDC-REQ-BODY (request body) data
+        # definition
+        class KdcRequestBody < Element
+          # @!attribute options
+          #   @return [Fixnum] The ticket flags
+          attr_accessor :options
+          # @!attribute cname
+          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the client's principal identifier
+          attr_accessor :cname
+          # @!attribute realm
+          #   @return [String] The realm part of the server's principal identifier
+          attr_accessor :realm
+          # @!attribute sname
+          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
+          attr_accessor :sname
+          # @!attribute from
+          #   @return [Time] Start time when the ticket is to be postdated
+          attr_accessor :from
+          # @!attribute till
+          #   @return [Time] Expiration date requested by the client
+          attr_accessor :till
+          # @!attribute rtime
+          #   @return [Time] Optional requested renew-till time
+          attr_accessor :rtime
+          # @!attribute nonce
+          #   @return [Fixnum] random number
+          attr_accessor :nonce
+          # @!attribute etype
+          #   @return [Array<Fixnum>] The desired encryption algorithm to be used in the response
+          attr_accessor :etype
+          # @!attribute enc_auth_data
+          #   @return [Rex::Proto::Kerberos::Model::EncryptedData] An encoding of the desired authorization-data encrypted
+          attr_accessor :enc_auth_data
+
+          # Decodes the Rex::Proto::Kerberos::Model::KdcRequestBody attributes from input
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode KdcRequestBody, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes the Rex::Proto::Kerberos::Model::KdcRequestBody into an ASN.1 String
+          #
+          # @return [String]
+          def encode
+            elems = []
+
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_options], 0, :CONTEXT_SPECIFIC) if options
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 1, :CONTEXT_SPECIFIC) if cname
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_realm], 2, :CONTEXT_SPECIFIC) if realm
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 3, :CONTEXT_SPECIFIC) if sname
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_from], 4, :CONTEXT_SPECIFIC) if from
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_till], 5, :CONTEXT_SPECIFIC) if till
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_rtime], 6, :CONTEXT_SPECIFIC) if rtime
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_nonce], 7, :CONTEXT_SPECIFIC) if nonce
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_etype], 8, :CONTEXT_SPECIFIC) if etype
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_enc_auth_data], 10, :CONTEXT_SPECIFIC) if enc_auth_data
+
+            seq = OpenSSL::ASN1::Sequence.new(elems)
+
+            seq.to_der
+          end
+
+          # Makes a checksum from the Rex::Proto::Kerberos::Model::KdcRequestBody
+          #
+          # @param etype [Fixnum] the crypto schema to checksum
+          # @return [String] the checksum
+          # @raise [NotImplementedError] if the encryption schema isn't supported
+          def checksum(etype)
+            data = self.encode
+
+            res = ''
+            case etype
+            when RSA_MD5
+              res = checksum_rsa_md5(data)
+            else
+              raise ::NotImplementedError, 'EncryptedData schema is not supported'
+            end
+
+            res
+          end
+
+          private
+
+          # Encodes the options
+          #
+          # @return [OpenSSL::ASN1::BitString]
+          def encode_options
+            OpenSSL::ASN1::BitString.new([options].pack('N'))
+          end
+
+          # Encodes the cname
+          #
+          # @return [String]
+          def encode_cname
+            cname.encode
+          end
+
+          # Encodes the realm
+          #
+          # @return [OpenSSL::ASN1::GeneralString]
+          def encode_realm
+            OpenSSL::ASN1::GeneralString.new(realm)
+          end
+
+          # Encodes the sname
+          #
+          # @return [String]
+          def encode_sname
+            sname.encode
+          end
+
+          # Encodes the from
+          #
+          # @return [OpenSSL::ASN1::GeneralizedTime]
+          def encode_from
+            OpenSSL::ASN1::GeneralizedTime.new(from)
+          end
+
+          # Encodes the till
+          #
+          # @return [OpenSSL::ASN1::GeneralizedTime]
+          def encode_till
+            OpenSSL::ASN1::GeneralizedTime.new(till)
+          end
+
+          # Encodes the rtime
+          #
+          # @return [OpenSSL::ASN1::GeneralizedTime]
+          def encode_rtime
+            OpenSSL::ASN1::GeneralizedTime.new(rtime)
+          end
+
+          # Encodes the nonce
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_nonce
+            bn = OpenSSL::BN.new(nonce.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the etype
+          #
+          # @return [OpenSSL::ASN1::Sequence]
+          def encode_etype
+            encoded_types = []
+            etype.each do |member|
+              bn = OpenSSL::BN.new(member.to_s)
+              int = OpenSSL::ASN1::Integer.new(bn)
+              encoded_types << int
+            end
+
+            OpenSSL::ASN1::Sequence.new(encoded_types)
+          end
+
+          # Encodes the enc_auth_data
+          #
+          # @return [String]
+          def encode_enc_auth_data
+            enc_auth_data.encode
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::KdcRequestBody from an String
+          #
+          # @param input [String] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::KdcRequestBody from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_asn1(input)
+            seq_values = input.value
+
+            seq_values.each do |val|
+              case val.tag
+              when 0
+                self.options = decode_options(val)
+              when 1
+                self.cname = decode_cname(val)
+              when 2
+                self.realm = decode_realm(val)
+              when 3
+                self.sname = decode_sname(val)
+              when 4
+                self.from = decode_from(val)
+              when 5
+                self.till = decode_till(val)
+              when 6
+                self.rtime = decode_rtime(val)
+              when 7
+                self.nonce = decode_nonce(val)
+              when 8
+                self.etype = decode_etype(val)
+              when 10
+                self.enc_auth_data = decode_enc_auth_data(val)
+              else
+                raise ::RuntimeError, 'Failed to decode KdcRequestBody SEQUENCE'
+              end
+            end
+          end
+
+          # Decodes the options field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_options(input)
+            input.value[0].value.unpack('N')[0]
+          end
+
+          # Decodes the cname field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
+          def decode_cname(input)
+            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
+          end
+
+          # Decodes the realm field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [String]
+          def decode_realm(input)
+            input.value[0].value
+          end
+
+          # Decodes the sname field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
+          def decode_sname(input)
+            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
+          end
+
+          # Decodes the from field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_from(input)
+            input.value[0].value
+          end
+
+          # Decodes the till field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_till(input)
+            input.value[0].value
+          end
+
+          # Decodes the rtime field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_rtime(input)
+            input.value[0].value
+          end
+
+          # Decodes the nonce field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_nonce(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the etype field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Array<Fixnum>]
+          def decode_etype(input)
+            encs = []
+            input.value[0].value.each do |enc|
+              encs << enc.value.to_i
+            end
+            encs
+          end
+
+          # Decodes the enc_auth_data field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::EncryptedData]
+          def decode_enc_auth_data(input)
+            Rex::Proto::Kerberos::Model::EncryptedData.decode(input.value[0])
+          end
+        end
+      end
+    end
+  end
+end