Skip to content

Commit eb7dfe0

Browse files
rtpt-erikgeiserrtpt-erikgeiser
committed
Refactor AES key handling
1 parent 3a9cc94 commit eb7dfe0

File tree

2 files changed

+16
-22
lines changed

2 files changed

+16
-22
lines changed

credentials.go

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -349,22 +349,3 @@ func addKeyToKeytab(kt *keytab.Keytab, username string, domain string, key strin
349349

350350
return nil
351351
}
352-
353-
// ParseAESKey decodes the supplied hex Kerberos AES key and determines the key type.
354-
func ParseAESKey(key string) (keyBytes []byte, keyType int32, err error) {
355-
keyBytes, err = hex.DecodeString(key)
356-
if err != nil {
357-
return nil, 0, fmt.Errorf("decode hex key: %w", err)
358-
}
359-
360-
switch len(keyBytes) {
361-
case 32:
362-
keyType = etypeID.AES256_CTS_HMAC_SHA1_96
363-
case 16:
364-
keyType = etypeID.AES128_CTS_HMAC_SHA1_96
365-
default:
366-
return nil, 0, fmt.Errorf("invalid AES128/AES256 key")
367-
}
368-
369-
return
370-
}

dcerpcauth/dcerpcauth.go

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@ package dcerpcauth
22

33
import (
44
"context"
5+
"encoding/hex"
56
"fmt"
67
"net"
78
"strings"
89

910
"github.com/RedTeamPentesting/adauth"
1011
"github.com/RedTeamPentesting/adauth/pkinit"
12+
"github.com/oiweiwei/gokrb5.fork/v9/iana/etypeID"
1113

1214
"github.com/oiweiwei/go-msrpc/dcerpc"
1315
"github.com/oiweiwei/go-msrpc/smb2"
@@ -131,12 +133,23 @@ func DCERPCCredentials(ctx context.Context, creds *adauth.Credential, options *O
131133
case creds.AESKey != "":
132134
options.debug("Authenticating with AES key")
133135

134-
key, keyType, err := adauth.ParseAESKey(creds.AESKey)
136+
keyBytes, err := hex.DecodeString(creds.AESKey)
135137
if err != nil {
136-
return nil, fmt.Errorf("parse AES key: %w", err)
138+
return nil, fmt.Errorf("decode hex key: %w", err)
137139
}
138140

139-
return credential.NewFromEncryptionKeyBytes(creds.LogonNameWithUpperCaseDomain(), int(keyType), key), nil
141+
var keyType int
142+
143+
switch len(keyBytes) {
144+
case 32:
145+
keyType = int(etypeID.AES256_CTS_HMAC_SHA1_96)
146+
case 16:
147+
keyType = int(etypeID.AES128_CTS_HMAC_SHA1_96)
148+
default:
149+
return nil, fmt.Errorf("invalid AES128/AES256 key: key size is %d bytes", len(keyBytes))
150+
}
151+
152+
return credential.NewFromEncryptionKeyBytes(creds.LogonNameWithUpperCaseDomain(), keyType, keyBytes), nil
140153
case creds.NTHash != "":
141154
options.debug("Authenticating with NT hash")
142155

0 commit comments

Comments
 (0)