dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1f07da2e126af45e8423feb8392bd69bdd288c40
mxaccess/analysis/decompiled/aaServicesContractIAuthenticateASB/Asb.Base.V2/SystemAuthenticationServiceAuthentication.cs
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

111 lines
5.3 KiB
C#
Raw Blame History

using System;
using System.Text;
using ArchestrAServices.Common;
namespace Asb.Base.V2;
public class SystemAuthenticationServiceAuthentication : SystemAuthenticationConnectionBase
{
public ulong Lifetime { get; private set; }
public SystemAuthenticationServiceAuthentication()
{
Reset();
Lifetime = 18000000uL;
}
public static ConnectResponse ProcessClientConnection(ConnectRequest request)
{
ServiceTrace.LogResume("SystemAuthenticationServiceAuthentication.ProcessClientConnection entry");
if (request == null)
{
return null;
}
ServiceTrace.LogVerbose("SysSvcAuth: Processing client Connect() call '{0}'", request.ConnectionId);
if (request.ConsumerPublicKey == null)
{
return null;
}
if (request.ConsumerPublicKey.Data == null)
{
return null;
}
SystemAuthenticationServiceAuthentication systemAuthenticationServiceAuthentication = new SystemAuthenticationServiceAuthentication
{
ConnectionId = request.ConnectionId,
RemotePublicKey = request.ConsumerPublicKey.Data
};
SysAuthenticatorServiceCache.AddServiceAuthenticator(systemAuthenticationServiceAuthentication);
PublicKey servicePublicKey = new PublicKey
{
Data = systemAuthenticationServiceAuthentication.LocalPublicKey
};
AuthenticationData authenticationData = new AuthenticationData();
authenticationData.Data = systemAuthenticationServiceAuthentication.CalculateAuthenticationData(systemAuthenticationServiceAuthentication.LocalPublicKey, systemAuthenticationServiceAuthentication.RemotePublicKey, out var initializationVector);
authenticationData.InitializationVector = initializationVector;
ArchestrAResult result = ArchestrAResult.MakeGoodResult();
systemAuthenticationServiceAuthentication.Lifetime = systemAuthenticationServiceAuthentication.SolutionParameters.ConnectionLifetime;
ConnectResponse connectResponse = new ConnectResponse(result, servicePublicKey, authenticationData, systemAuthenticationServiceAuthentication.Lifetime + ":" + SystemAuthenticationConnectionBase.AsbAuthenticationVersion);
systemAuthenticationServiceAuthentication.Sign(connectResponse, forceHmac: true);
systemAuthenticationServiceAuthentication.ReasonSecureSessionNotEstablished = string.Empty;
ServiceTrace.LogSuspend("SystemAuthenticationServiceAuthentication.ProcessClientConnection exit");
return connectResponse;
}
public bool ProcessClientAuthenticateMe(AuthenticateMeRequest request)
{
ServiceTrace.LogResume("SystemAuthenticationServiceAuthentication.ProcessClientAuthenticateMe entry with connection Id {0}", request.ConnectionValidator.ConnectionId);
ServiceTrace.LogVerbose("SystemAuthenticationServiceAuthentication: Processing client AuthenticateMe() call for connection id {0}", request.ConnectionValidator.ConnectionId);
if (!ValidRequest(request, forceHmac: true))
{
return false;
}
AuthenticationData consumerAuthenticationData = request.ConsumerAuthenticationData;
if (consumerAuthenticationData != null)
{
byte[] expected = ReCalculateAuthenticationData(RemotePublicKey, LocalPublicKey, consumerAuthenticationData.InitializationVector);
if (consumerAuthenticationData.AreEqual(expected))
{
ServiceTrace.LogVerbose("SystemAuthenticationServiceAuthentication: AuthenticateMe() authenticated client");
base.SecureSessionEstablished = true;
}
}
ServiceTrace.LogSuspend("SystemAuthenticationServiceAuthentication.ProcessClientAuthenticateMe exit");
return base.SecureSessionEstablished;
}
public static RenewResponse ProcessClientRenew(RenewRequest request)
{
ServiceTrace.LogResume("SystemAuthenticationServiceAuthentication.ProcessClientRenew entry with connection Id {0}", request.ConnectionValidator.ConnectionId);
SysAuthenticatorServiceCache.GetServiceAuthenticator(request.ConnectionValidator.ConnectionId)?.ValidRequest(request, forceHmac: false);
ServiceTrace.LogSuspend("SystemAuthenticationServiceAuthentication.ProcessClientRenew exit");
return null;
}
public static void ProcessClientUpdateSystemAuthenticationConfiguration(UpdateSystemAuthenticationConfigurationRequest request)
{
ServiceTrace.LogResume("SystemAuthenticationServiceAuthentication.ProcessClientUpdateSystemAuthenticationConfiguration entry with connection Id {0}", request.ConnectionValidator.ConnectionId);
SysAuthenticatorServiceCache.GetServiceAuthenticator(request.ConnectionValidator.ConnectionId)?.ValidRequest(request, forceHmac: false);
ServiceTrace.LogSuspend("SystemAuthenticationServiceAuthentication.ProcessClientUpdateSystemAuthenticationConfiguration exit");
}
public void ProcessClientDisconnect(DisconnectRequest request)
{
if (request == null)
{
return;
}
ServiceTrace.LogResume("SystemAuthenticationServiceAuthentication.ProcessClientDisconnect entry with connection Id {0}", request.ConnectionValidator.ConnectionId);
AuthenticationData consumerAuthenticationData = request.ConsumerAuthenticationData;
if (consumerAuthenticationData != null)
{
byte[] bytes = Decypher(consumerAuthenticationData.Data, consumerAuthenticationData.InitializationVector);
if (Guid.TryParse(Encoding.UTF8.GetString(bytes), out var result) && result == base.ConnectionId)
{
SysAuthenticatorServiceCache.RemoveServiceAuthenticator(result);
}
}
ServiceTrace.LogSuspend("SystemAuthenticationServiceAuthentication.ProcessClientDisconnect exit");
}
}
Reference in New Issue View Git Blame Copy Permalink