Implement Kerberos encryption types from RFC8009 (AES HMAC-SHA2 familly)

examples/ticketer.py

@@ -82,7 +82,7 @@
 
 from impacket.krb5 import constants, pac
 from impacket.krb5.asn1 import AP_REQ, TGS_REQ, Authenticator, seq_set, seq_set_iter, PA_FOR_USER_ENC, Ticket as TicketAsn1
-from impacket.krb5.crypto import _HMACMD5, _AES256CTS, string_to_key
+from impacket.krb5.crypto import _HMACMD5, string_to_key
 from impacket.krb5.kerberosv5 import sendReceive
 from impacket.krb5.types import Ticket
 from impacket.winregistry import hexdump
@@ -125,7 +125,7 @@ def loadKeysFromKeytab(self, filename):
         keytab = Keytab.loadFile(filename)
         keyblock = keytab.getKey("%s@%s" % (options.spn, self.__domain))
         if keyblock:
-            if keyblock["keytype"] == Enctype.AES256 or keyblock["keytype"] == Enctype.AES128:
+            if keyblock["keytype"] == Enctype.AES256_SHA1 or keyblock["keytype"] == Enctype.AES128_SHA1:
                 options.aesKey = keyblock.hexlifiedValue()
             elif keyblock["keytype"] == Enctype.RC4:
                 options.nthash = keyblock.hexlifiedValue()
@@ -988,19 +988,19 @@ def signEncryptTicket(self, kdcRep, encASorTGSRepPart, encTicketPart, pacInfos):
 
         checkSumFunctionServer = _checksum_table[serverChecksum['SignatureType']]
         if serverChecksum['SignatureType'] == ChecksumTypes.hmac_sha1_96_aes256.value:
-            keyServer = Key(Enctype.AES256, unhexlify(self.__options.aesKey))
+            keyServer = Key(Enctype.AES256_SHA1, unhexlify(self.__options.aesKey))
         elif serverChecksum['SignatureType'] == ChecksumTypes.hmac_sha1_96_aes128.value:
-            keyServer = Key(Enctype.AES128, unhexlify(self.__options.aesKey))
+            keyServer = Key(Enctype.AES128_SHA1, unhexlify(self.__options.aesKey))
         elif serverChecksum['SignatureType'] == ChecksumTypes.hmac_md5.value:
             keyServer = Key(Enctype.RC4, unhexlify(self.__options.nthash))
         else:
             raise Exception('Invalid Server checksum type 0x%x' % serverChecksum['SignatureType'])
 
         checkSumFunctionPriv = _checksum_table[privSvrChecksum['SignatureType']]
         if privSvrChecksum['SignatureType'] == ChecksumTypes.hmac_sha1_96_aes256.value:
-            keyPriv = Key(Enctype.AES256, unhexlify(self.__options.aesKey))
+            keyPriv = Key(Enctype.AES256_SHA1, unhexlify(self.__options.aesKey))
         elif privSvrChecksum['SignatureType'] == ChecksumTypes.hmac_sha1_96_aes128.value:
-            keyPriv = Key(Enctype.AES128, unhexlify(self.__options.aesKey))
+            keyPriv = Key(Enctype.AES128_SHA1, unhexlify(self.__options.aesKey))
         elif privSvrChecksum['SignatureType'] == ChecksumTypes.hmac_md5.value:
             keyPriv = Key(Enctype.RC4, unhexlify(self.__options.nthash))
         else:

impacket/examples/utils.py

@@ -19,9 +19,11 @@
 target_regex = re.compile(r"(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)")
 
 
-# Regular expression to parse credentials information
-credential_regex = re.compile(r"(?:(?:([^/:]*)/)?([^:]*)(?::(.*))?)?")
+# Regular expression to parse Active Directory credentials information
+ad_credential_regex = re.compile(r"(?:(?:([^/:]*)/)?([^:]*)(?::(.*))?)?")
 
+# Regular expression to parse standard Kerberos credentials information
+krb5_credential_regex = re.compile(r"([^@:]*)@([^/@:]*)(?::(.*))?")
 
 def parse_target(target):
     """ Helper function to parse target information. The expected format is:
@@ -47,6 +49,8 @@ def parse_target(target):
 def parse_credentials(credentials):
     """ Helper function to parse credentials information. The expected format is:
 
+    <USERNAME@><DOMAIN><:PASSWORD>
+    OR
     <DOMAIN></USERNAME><:PASSWORD>
 
     :param credentials: credentials to parse
@@ -55,6 +59,10 @@ def parse_credentials(credentials):
     :return: tuple of domain, username and password
     :rtype: (string, string, string)
     """
-    domain, username, password = credential_regex.match(credentials).groups('')
+    res = krb5_credential_regex.match(credentials)
+    if res:
+        username, domain, password = res.groups('')
+    else:
+        domain, username, password = ad_credential_regex.match(credentials).groups('')
 
     return domain, username, password

impacket/krb5/asn1.py

@@ -502,6 +502,19 @@ class PA_FOR_USER_ENC(univ.Sequence):
         _sequence_optional_component('cksum', 2, Checksum()),
         _sequence_optional_component('auth-package', 3, KerberosString()))
 
+class S4UUserID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        _sequence_component('nonce', 0, UInt32()),
+        _sequence_optional_component("cname", 1, PrincipalName()),
+        _sequence_component("crealm", 2, Realm()),
+        _sequence_optional_component("subject-certificate", 3, univ.OctetString()),
+        _sequence_optional_component('options', 4, univ.BitString()))
+
+class PA_S4U_X509_USER(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        _sequence_component('user-id', 0, S4UUserID()),
+        _sequence_component('checksum', 1, Checksum()))
+
 class KERB_ERROR_DATA(univ.Sequence):
     componentType = namedtype.NamedTypes(
         _sequence_component('data-type', 1, Int32()),

impacket/krb5/constants.py

@@ -102,6 +102,7 @@ class PreAuthenticationDataTypes(Enum):
     TD_REQ_SEQ                 = 108
     PA_PAC_REQUEST             = 128
     PA_FOR_USER                = 129
+    PA_S4U_X509_USER           = 130
     PA_FX_COOKIE               = 133 
     PA_FX_FAST                 = 136
     PA_FX_ERROR                = 137
@@ -460,6 +461,8 @@ class EncryptionTypes(Enum):
     des3_cbc_sha1_kd             = 16
     aes128_cts_hmac_sha1_96      = 17
     aes256_cts_hmac_sha1_96      = 18
+    aes128_cts_hmac_sha256_128   = 19
+    aes256_cts_hmac_sha384_192   = 20
     rc4_hmac                     = 23
     rc4_hmac_exp                 = 24
     subkey_keymaterial           = 65
@@ -472,3 +475,5 @@ class ChecksumTypes(Enum):
     hmac_sha1_des3_kd = 12
     hmac_sha1_96_aes128 = 15
     hmac_sha1_96_aes256 = 16
+    hmac_sha256_128_aes128 = 19
+    hmac_sha384_192_aes256 = 20