Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
module Rex
2
  module Proto
3
    module Kerberos
4
      module Crypto
5
        module Asn1Utils
6
          # Some crypto schemes just decide to add a bunch of null bytes as padding,  and 
7
          # leave it up to the application to decide how many of those null bytes to remove.
8
          # We can't just remove all zeroes from the end of the data, because some of them
9
          # may actually be part of the data. The assumption here is that the information
10
          # about how many bytes to use comes from the ASN1 data structure. So here we ask
11
          # the ASN1 parser's enclosing (first) element "How many bytes do you take up?"
12
          def truncate_nulls_after_asn1(input)
13
             valid_until = 0
14
             OpenSSL::ASN1.traverse(input) do | depth, offset, header_len, length, constructed, tag_class, tag|
15
               valid_until = offset + length + header_len
16
               break
17
             end
18
             
19
             # For this to be a valid result, we expect this byte, and all following it, to be zeroes. Alternatively, there could be no padding at all (e.g. block multiple)
20
             suffix = input[valid_until, input.length]
21
             expected_result = suffix == "" || suffix.unpack('C*').all? {|char| char == 0}
22
             raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to truncate decrypted data' unless expected_result
23

24
             return input[0,valid_until]
25
          end
26
        end
27
      end
28
    end
29
  end
30
end
31

32

33