public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage)
{
var Ke = kerberosKey.GetOrDeriveKey(
this,
$"{usage}|Ke|{KeySize}|{BlockSize}",
key => DK(key.Span, usage, KeyDerivationMode.Ke, KeySize, BlockSize).AsMemory()
);
var confounder = GenerateRandomBytes(ConfounderSize);
var cleartext = Concat(confounder.Span, data.Span);
var encrypted = AESCTS.Encrypt(
cleartext.Span,
Ke,
AllZerosInitVector.Span
);
var checksum = MakeChecksum(cleartext.Span, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize);
return(Concat(encrypted, checksum));
}
public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage)
{
var cipherLength = cipher.Length - ChecksumSize;
var Ke = GetOrDeriveKey(kerberosKey, usage);
var decrypted = AESCTS.Decrypt(
cipher.Slice(0, cipherLength),
Ke,
AllZerosInitVector
);
var actualChecksum = MakeChecksum(decrypted, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize);
var expectedChecksum = cipher.Slice(cipherLength, ChecksumSize);
if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span))
{
throw new SecurityException("Invalid checksum");
}
return(decrypted.Slice(ConfounderSize, cipherLength - ConfounderSize));
}
public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage)
{
var Ke = GetOrDeriveKey(kerberosKey, usage);
var confounder = GenerateRandomBytes(ConfounderSize);
var concatLength = confounder.Length + data.Length;
using (var cleartextPool = CryptoPool.Rent <byte>(concatLength))
{
var cleartext = Concat(confounder.Span, data.Span, cleartextPool.Memory.Slice(0, concatLength));
var encrypted = AESCTS.Encrypt(
cleartext,
Ke,
AllZerosInitVector
);
var checksum = MakeChecksum(cleartext, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize);
return(Concat(encrypted.Span, checksum.Span));
}
}
public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage)
{
var key = kerberosKey.GetKey(this);
var Ke = DK(key, usage, KeyDerivationMode.Ke);
var cleartext = new Memory <byte>(new byte[ConfounderSize + data.Length]);
var confounder = GenerateRandomBytes(ConfounderSize);
confounder.CopyTo(cleartext.Slice(0, ConfounderSize));
data.CopyTo(cleartext.Slice(ConfounderSize, data.Length));
var encrypted = AESCTS.Encrypt(
cleartext.ToArray(),
Ke,
AllZerosInitVector
);
var checksum = MakeChecksum(cleartext.ToArray(), key, usage, KeyDerivationMode.Ki, ChecksumSize);
return(new ReadOnlyMemory <byte>(encrypted.Concat(checksum).ToArray()));
}
