public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage)
        {
            var cipherLength = cipher.Length - this.ChecksumSize;

            var encrypted        = cipher.Slice(0, cipherLength);
            var expectedChecksum = cipher.Slice(cipherLength, this.ChecksumSize);

            var checksumDataLength = AllZerosInitVector.Length + encrypted.Length;

            using (var checksumDataRented = CryptoPool.Rent <byte>(checksumDataLength))
            {
                var checksumData = checksumDataRented.Memory.Slice(0, checksumDataLength);

                Concat(AllZerosInitVector.Span, encrypted.Span, checksumData);

                var actualChecksum = this.MakeChecksum(checksumData, kerberosKey, usage, KeyDerivationMode.Ki, this.ChecksumSize);

                if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span))
                {
                    throw new SecurityException("Invalid checksum");
                }
            }

            var ke = this.GetOrDeriveKey(kerberosKey, usage, KeyDerivationMode.Ke);

            var decrypted = AESCTS.Decrypt(
                encrypted,
                ke,
                AllZerosInitVector
                );

            return(decrypted.Slice(this.ConfounderSize, cipherLength - this.ConfounderSize));
        }
Beispiel #2
0
        public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage)
        {
            var cipherLength = cipher.Length - this.ChecksumSize;

            var ke = this.GetOrDeriveKey(kerberosKey, usage, KeyDerivationMode.Ke);

            var decrypted = AESCTS.Decrypt(
                cipher.Slice(0, cipherLength),
                ke,
                AllZerosInitVector
                );

            var actualChecksum = this.MakeChecksum(decrypted, kerberosKey, usage, KeyDerivationMode.Ki, this.ChecksumSize);

            var expectedChecksum = cipher.Slice(cipherLength, this.ChecksumSize);

            if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span))
            {
                throw new SecurityException("Invalid checksum");
            }

            return(decrypted.Slice(this.ConfounderSize, cipherLength - this.ConfounderSize));
        }
Beispiel #3
0
        public void Decrypt(byte[] key, byte[] iv, byte[] tmpEnc)
        {
            var output = AESCTS.Decrypt(tmpEnc, key, iv);

            Buffer.BlockCopy(output, 0, tmpEnc, 0, output.Length);
        }