dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb6c689f0916a5fbd2fc1dfd005b2ce418e8bf29
mxaccess/analysis/decompiled/aaServicesContractIAuthenticateASB/ArchestrAServices.ASBContract/SysAuthClientAuthentication.cs
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

205 lines
8.1 KiB
C#
Raw Blame History

#define TRACE
using System;
using System.Diagnostics;
using System.Globalization;
using System.Numerics;
using System.Security.Cryptography;
using System.Text;
using ArchestrAServices.Common;
namespace ArchestrAServices.ASBContract;
public class SysAuthClientAuthentication : SysAuthConnectionBase
{
private RNGCryptoServiceProvider m_Random = new RNGCryptoServiceProvider();
private readonly WeakReference owner;
public uint Timeout { get; set; }
public BigInteger ClientPrivateKey { get; private set; }
public BigInteger ClientPublicKey { get; private set; }
public BigInteger ServicePublicKey { get; private set; }
public bool IsOwnerAlive
{
get
{
if (owner != null)
{
return owner.IsAlive;
}
return true;
}
}
[Obsolete("Please use the constructor that takes the owner as well.")]
public SysAuthClientAuthentication(string ASBSolution)
: this(ASBSolution, null)
{
}
public SysAuthClientAuthentication(string ASBSolution, WeakReference owner)
: base(ASBSolution)
{
Reset();
base.ReasonSecureSessionNotEstablished = "Constructed";
this.owner = owner;
}
public static bool EstablishSecureSession(string application, string domain, string host, string asbSolution, WeakReference owner, MakeCallToAuthenticationConnect connectDelegate, MakeCalltoAuthenticateMe authenticateMeDelegate, out Guid connectionId)
{
string ReasonSecureSessionNotEstablished;
return EstablishSecureSession(application, domain, host, asbSolution, owner, connectDelegate, authenticateMeDelegate, out connectionId, out ReasonSecureSessionNotEstablished);
}
[Obsolete("Please use the method that requires the owner as well.")]
public static bool EstablishSecureSession(string application, string domain, string host, string asbSolution, MakeCallToAuthenticationConnect connectDelegate, MakeCalltoAuthenticateMe authenticateMeDelegate, out Guid connectionId)
{
return EstablishSecureSession(application, domain, host, asbSolution, null, connectDelegate, authenticateMeDelegate, out connectionId);
}
[CLSCompliant(false)]
[Obsolete("Please use the method that requires the owner as well.")]
public static bool EstablishSecureSession(string application, string domain, string host, string asbSolution, MakeCallToAuthenticationConnect connectDelegate, MakeCalltoAuthenticateMe authenticateMeDelegate, out Guid connectionId, out string ReasonSecureSessionNotEstablished)
{
return EstablishSecureSession(application, domain, host, asbSolution, null, connectDelegate, authenticateMeDelegate, out connectionId, out ReasonSecureSessionNotEstablished);
}
[CLSCompliant(false)]
public static bool EstablishSecureSession(string application, string domain, string host, string asbSolution, WeakReference owner, MakeCallToAuthenticationConnect connectDelegate, MakeCalltoAuthenticateMe authenticateMeDelegate, out Guid connectionId, out string ReasonSecureSessionNotEstablished)
{
SysAuthClientAuthentication sysAuthClientAuthentication = new SysAuthClientAuthentication(asbSolution, owner);
ReasonSecureSessionNotEstablished = string.Empty;
SysAuthenticatorClientCache.AddClientAuthenticator(sysAuthClientAuthentication);
connectionId = sysAuthClientAuthentication.connectionID;
PublicKey publicKey = new PublicKey();
publicKey.Data = sysAuthClientAuthentication.m_LocalPublicKey;
ConnectRequest request = new ConnectRequest(connectionId, publicKey);
ConnectResponse connectResponse = null;
try
{
connectResponse = connectDelegate(request);
}
catch (Exception ex)
{
string text = string.Format(CultureInfo.CurrentCulture, "Exception connecting to service during EstablishSecureSession: {0}", new object[1] { ex.Message });
SvcTrace.DiagControl.TraceEvent(TraceEventType.Warning, 0, text);
if (string.IsNullOrEmpty(ReasonSecureSessionNotEstablished))
{
ReasonSecureSessionNotEstablished = text;
}
}
if (connectResponse != null)
{
if (connectResponse.Result.Success)
{
sysAuthClientAuthentication.m_RemotePublicKey = connectResponse.ServicePublicKey.Data;
sysAuthClientAuthentication.SignatureMethod = SigningMethod.Baktun;
sysAuthClientAuthentication.ReasonSecureSessionNotEstablished = string.Empty;
if (sysAuthClientAuthentication.ValidResponse(connectResponse, ForceHmac: true))
{
sysAuthClientAuthentication.m_Authenticated = true;
if (connectResponse.ConnectionLifetime.Contains(":" + SysAuthConnectionBase.ASBAuthenticationVersion))
{
sysAuthClientAuthentication.SignatureMethod = SigningMethod.Apollo;
}
SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 100, "SysClientAuth: Connect() response validated, signing set to {0}", (sysAuthClientAuthentication.SignatureMethod == SigningMethod.Baktun) ? "System Platform 2012R2 Comptibility" : "System Platform 2014 Compatibility");
byte[] initializationVector;
AuthenticateMe request2 = new AuthenticateMe(new AuthenticationData
{
Data = sysAuthClientAuthentication.CalculateAuthenticationData(sysAuthClientAuthentication.m_LocalPublicKey, sysAuthClientAuthentication.m_RemotePublicKey, out initializationVector),
InitializationVector = initializationVector
});
sysAuthClientAuthentication.Sign(request2, ForceHmac: true);
authenticateMeDelegate(request2);
}
else
{
if (string.IsNullOrEmpty(ReasonSecureSessionNotEstablished))
{
if (!string.IsNullOrEmpty(sysAuthClientAuthentication.ReasonSecureSessionNotEstablished))
{
ReasonSecureSessionNotEstablished = "Service returned response to Connect method, but validation failed: " + sysAuthClientAuthentication.ReasonSecureSessionNotEstablished;
}
else
{
ReasonSecureSessionNotEstablished = "Service returned response to Connect method, but validation data was not valid, cannot establish secure session";
}
}
SysAuthenticatorClientCache.RemoveClientAuthenticator(connectionId);
connectionId = Guid.Empty;
}
}
else
{
if (string.IsNullOrEmpty(ReasonSecureSessionNotEstablished))
{
string text2 = string.Empty;
if (connectResponse.Result.ErrorMessages != null && connectResponse.Result.ErrorMessages.Length != 0)
{
string[] errorMessages = connectResponse.Result.ErrorMessages;
foreach (string text3 in errorMessages)
{
text2 = text2 + text3 + "| ";
}
}
if (string.IsNullOrEmpty(text2))
{
ReasonSecureSessionNotEstablished = string.Format(CultureInfo.CurrentCulture, "Service returned error {0} in response to Connect method, cannot establish secure connection.", new object[1] { connectResponse.Result.ErrorCode });
}
else
{
ReasonSecureSessionNotEstablished = string.Format(CultureInfo.CurrentCulture, "Service returned error {0} in response to Connect method, cannot establish secure connection. Additional information: {1}", new object[2]
{
connectResponse.Result.ErrorCode,
text2
});
}
}
SysAuthenticatorClientCache.RemoveClientAuthenticator(connectionId);
connectionId = Guid.Empty;
}
}
else
{
SysAuthenticatorClientCache.RemoveClientAuthenticator(connectionId);
connectionId = Guid.Empty;
}
return sysAuthClientAuthentication.SecureSessionEstablished;
}
public void AbortSession()
{
SysAuthenticatorClientCache.RemoveClientAuthenticator(connectionID);
Reset();
base.ReasonSecureSessionNotEstablished = "Session Aborted";
}
[CLSCompliant(false)]
public static void DisconnectSecureSession(Guid connectionId, MakeCallToServiceDisconnect DisconnectDelegate)
{
SysAuthClientAuthentication clientAuthenticator = SysAuthenticatorClientCache.GetClientAuthenticator(connectionId);
if (clientAuthenticator != null)
{
byte[] initializationVector;
Disconnect request = new Disconnect(new AuthenticationData
{
Data = clientAuthenticator.Encypher(Encoding.UTF8.GetBytes(clientAuthenticator.connectionID.ToString()), out initializationVector),
InitializationVector = initializationVector
});
clientAuthenticator.Sign(request);
DisconnectDelegate?.Invoke(request);
SysAuthenticatorClientCache.RemoveClientAuthenticator(connectionId);
}
}
private new void Reset()
{
base.Reset();
Timeout = 10000u;
}
}
Reference in New Issue View Git Blame Copy Permalink