Added NFold algorithm from krb5.

Author: tyranid

NtApiDotNet/NtApiDotNet.csproj

@@ -103,6 +103,7 @@
     <Compile Include="Utilities\Memory\SafeBufferWrapper.cs" />
     <Compile Include="Utilities\SafeBuffers\SafeGuidArrayBuffer.cs" />
     <Compile Include="Utilities\Security\MD4.cs" />
+    <Compile Include="Utilities\Security\NFold.cs" />
     <Compile Include="Utilities\Security\ObjectTypeTree.cs" />
     <Compile Include="Utilities\Security\ARC4.cs" />
     <Compile Include="Utilities\Text\HexDumpBuilder.cs" />
@@ -360,6 +361,7 @@
     <Compile Include="Win32\Security\Authentication\Kerberos\KerberosErrorType.cs" />
     <Compile Include="Win32\Security\Authentication\Kerberos\KerberosMessageType.cs" />
     <Compile Include="Win32\Security\Authentication\Kerberos\KerberosNameType.cs" />
+    <Compile Include="Win32\Security\Authentication\Kerberos\Ndr\PacDeviceInfoParser.cs" />
     <Compile Include="Win32\Security\Authentication\Kerberos\PrincipalName.cs" />
     <Compile Include="Win32\Security\Authentication\Negotiate\NegotiateAuthenticationToken.cs" />
     <Compile Include="Win32\Security\Authentication\Ntlm\NtlmAuthenticateAuthenticationTokenV2.cs" />

NtApiDotNet/Utilities/Security/NFold.cs

@@ -0,0 +1,142 @@
+//  Copyright 2020 Google Inc. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+// Original license from KRB5 source code on which this code is derived.
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+using System.Text;
+
+namespace NtApiDotNet.Utilities.Security
+{
+    /// <summary>
+    /// Class to perform the n-fold operation for Kerberos key derivation.
+    /// </summary>
+    public static class NFold
+    {
+        /// <summary>
+        /// Perform an n-fold operation.
+        /// </summary>
+        /// <param name="in_data">The input data as a string.</param>
+        /// <param name="out_length">The output length in bytes.</param>
+        /// <returns>The computed n-folded byte array.</returns>
+        public static byte[] Compute(string in_data, int out_length)
+        {
+            return Compute(Encoding.ASCII.GetBytes(in_data), out_length);
+        }
+
+        /// <summary>
+        /// Perform an n-fold operation.
+        /// </summary>
+        /// <param name="in_data">The input data.</param>
+        /// <param name="out_length">The output length in bytes.</param>
+        /// <returns>The computed n-folded byte array.</returns>
+        public static byte[] Compute(byte[] in_data, int out_length)
+        {
+            int a, b, c, lcm;
+            int byte_val, i, msbit;
+
+            int in_length = in_data.Length;
+
+            /* first compute lcm(n,k) */
+
+            a = out_length;
+            b = in_length;
+
+            while (b != 0)
+            {
+                c = b;
+                b = a % b;
+                a = c;
+            }
+
+            lcm = out_length * in_length / a;
+
+            /* now do the real work */
+
+            byte[] out_data = new byte[out_length];
+
+            byte_val = 0;
+
+            /* this will end up cycling through k lcm(k,n)/k times, which
+               is correct */
+            for (i = lcm - 1; i >= 0; i--)
+            {
+                /* compute the msbit in k which gets added into this byte */
+                msbit = (/* first, start with the msbit in the first, unrotated
+                    byte */
+                    ((in_length << 3) - 1)
+                    /* then, for each byte, shift to the right for each
+                       repetition */
+                    + (((in_length << 3) + 13) * (i / in_length))
+                    /* last, pick out the correct byte within that
+                       shifted repetition */
+                    + ((in_length - (i % in_length)) << 3)
+                ) % (in_length << 3);
+
+                /* pull out the byte value itself */
+                byte_val += (((in_data[((in_length - 1) - (msbit >> 3)) % in_length] << 8) |
+                          (in_data[((in_length) - (msbit >> 3)) % in_length]))
+                         >> ((msbit & 7) + 1)) & 0xff;
+
+                /* do the addition */
+                byte_val += out_data[i % out_length];
+                out_data[i % out_length] = (byte)(byte_val & 0xff);
+
+                /* keep around the carry bit, if any */
+                byte_val >>= 8;
+
+            }
+
+            /* if there's a carry bit left over, add it back in */
+            if (byte_val != 0)
+            {
+                for (i = out_length - 1; i >= 0; i--)
+                {
+                    /* do the addition */
+                    byte_val += out_data[i];
+                    out_data[i] = (byte)(byte_val & 0xff);
+
+                    /* keep around the carry bit, if any */
+                    byte_val >>= 8;
+                }
+            }
+
+            return out_data;
+        }
+    }
+}

NtApiDotNet/Win32/Security/Authentication/Kerberos/KerberosEncryptedData.cs

@@ -16,8 +16,8 @@
 using NtApiDotNet.Utilities.Security;
 using NtApiDotNet.Utilities.Text;
 using System;
-using System.ComponentModel;
 using System.IO;
+using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 
@@ -93,16 +93,6 @@ private bool DecryptRC4WithKey(KerberosKey key, KeyUsage key_usage, out byte[] d
         private const int AES_CHECKSUM_SIZE = 12;
         private const int AES_CONFOUNDER_SIZE = 16;
 
-        private static byte[] _aes_encrypt_ticket = new byte[] { 0xB5, 0xB0, 0x58, 0x2C, 0x14, 0xB6, 0x50, 0x0A, 0xAD, 0x56, 0xAB, 0x55, 0xAA, 0x80, 0x55, 0x6A };
-        private static byte[] _aes_verify_ticket = new byte[] { 0x62, 0xDC, 0x6E, 0x37, 0x1A, 0x63, 0xA8, 0x09, 0x58, 0xAC, 0x56, 0x2B, 0x15, 0x40, 0x4A, 0xC5 };
-        private static byte[] _aes_encrypt_auth = new byte[] { 0xFE, 0x54, 0xAA, 0x55, 0xA5, 0x02, 0x52, 0x2F, 0xBF, 0x5F, 0xAF, 0xD7, 0xEA, 0x81, 0x75, 0xFA };
-        private static byte[] _aes_verify_auth = new byte[] { 0xAB, 0x80, 0xC0, 0x60, 0xAA, 0xAF, 0xAA, 0x2E, 0x6A, 0xB5, 0x5A, 0xAD, 0x55, 0x41, 0x6B, 0x55 };
-
-        private static byte[] _aes_encrypt_ap_rep = new byte[] { 0x05, 0xD7, 0xEC, 0x76, 0xB5, 0x0B, 0x53, 0x33, 0xC1, 0x60, 0xB0, 0x58, 0x2A, 0x81, 0x96, 0x0B };
-        private static byte[] _aes_verify_ap_rep = new byte[] { 0xB3, 0x04, 0x02, 0x81, 0xBA, 0xB8, 0xAB, 0x32, 0x6C, 0xB6, 0x5B, 0x2D, 0x95, 0x41, 0x8B, 0x65 };
-        private static byte[] _aes_encrypt_krb_cred = new byte[] { 0x15, 0xE0, 0x70, 0xB8, 0xD5, 0x1C, 0x53, 0x3B, 0xC5, 0x62, 0xB1, 0x58, 0xAA, 0x81, 0xD6, 0x2B };
-        private static byte[] _aes_verify_krb_cred = new byte[] { 0xC3, 0x0C, 0x86, 0xC3, 0xDA, 0xC9, 0xAB, 0x3A, 0x70, 0xB8, 0x5C, 0x2E, 0x15, 0x41, 0xCB, 0x85 };
-
         private static void SwapEndBlocks(byte[] cipher_text)
         {
             if (cipher_text.Length < AES_BLOCK_SIZE*2)
@@ -134,32 +124,21 @@ private byte[] DecryptAESBlock(byte[] key, byte[] cipher_text, int offset)
             return block;
         }
 
-        private bool DecryptAESWithKey(KerberosKey key, KeyUsage key_usage, out byte[] decrypted)
+        private const byte EncryptionKey = 0xAA;
+        private const byte VerificationKey = 0x55;
+
+        private byte[] DeriveTempKey(KerberosKey key, KeyUsage key_usage, byte key_type)
         {
-            byte[] derive_enc_key;
-            byte[] derive_mac_key;
+            byte[] r = BitConverter.GetBytes((int)key_usage).Reverse().ToArray();
+            Array.Resize(ref r, 5);
+            r[4] = key_type;
+            return NFold.Compute(r, 16);
+        }
 
-            switch (key_usage)
-            {
-                case KeyUsage.AsRepTgsRepTicket:
-                    derive_enc_key = _aes_encrypt_ticket;
-                    derive_mac_key = _aes_verify_ticket;
-                    break;
-                case KeyUsage.ApReqAuthSubKey:
-                    derive_enc_key = _aes_encrypt_auth;
-                    derive_mac_key = _aes_verify_auth;
-                    break;
-                case KeyUsage.ApRepEncryptedPart:
-                    derive_enc_key = _aes_encrypt_ap_rep;
-                    derive_mac_key = _aes_verify_ap_rep;
-                    break;
-                case KeyUsage.KrbCred:
-                    derive_enc_key = _aes_encrypt_krb_cred;
-                    derive_mac_key = _aes_verify_krb_cred;
-                    break;
-                default:
-                    throw new ArgumentException("Unknown key usage type.");
-            }
+        private bool DecryptAESWithKey(KerberosKey key, KeyUsage key_usage, out byte[] decrypted)
+        {
+            byte[] derive_enc_key = DeriveTempKey(key, key_usage, EncryptionKey);
+            byte[] derive_mac_key = DeriveTempKey(key, key_usage, VerificationKey);
 
             byte[] new_key = KerberosKey.DeriveAesKey(key.Key, derive_enc_key);
 

NtApiDotNet/Win32/Security/Authentication/Kerberos/KerberosKey.cs

@@ -247,11 +247,8 @@ private static byte[] GetKey(string key)
 
         private static byte[] DeriveAesKey(string password, string salt, int iterations, int key_size)
         {
-            // "kerberos" n-folded out to 16 bytes.
-            byte[] folded_key = { 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 };
-
             Rfc2898DeriveBytes pbkdf = new Rfc2898DeriveBytes(Encoding.UTF8.GetBytes(password), Encoding.UTF8.GetBytes(salt), iterations);
-            return DeriveAesKey(pbkdf.GetBytes(key_size), folded_key);
+            return DeriveAesKey(pbkdf.GetBytes(key_size), NFold.Compute("kerberos", 16));
         }
 
         internal static byte[] DeriveAesKey(byte[] base_key, byte[] folded_key)