public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage) { var Ke = kerberosKey.GetOrDeriveKey( this, $"{usage}|Ke|{KeySize}|{BlockSize}", key => DK(key.Span, usage, KeyDerivationMode.Ke, KeySize, BlockSize).AsMemory() ); var confounder = GenerateRandomBytes(ConfounderSize); var cleartext = Concat(confounder.Span, data.Span); var encrypted = AESCTS.Encrypt( cleartext.Span, Ke, AllZerosInitVector.Span ); var checksum = MakeChecksum(cleartext.Span, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize); return(Concat(encrypted, checksum)); }
public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage) { var cipherLength = cipher.Length - ChecksumSize; var Ke = GetOrDeriveKey(kerberosKey, usage); var decrypted = AESCTS.Decrypt( cipher.Slice(0, cipherLength), Ke, AllZerosInitVector ); var actualChecksum = MakeChecksum(decrypted, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize); var expectedChecksum = cipher.Slice(cipherLength, ChecksumSize); if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span)) { throw new SecurityException("Invalid checksum"); } return(decrypted.Slice(ConfounderSize, cipherLength - ConfounderSize)); }
public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage) { var Ke = GetOrDeriveKey(kerberosKey, usage); var confounder = GenerateRandomBytes(ConfounderSize); var concatLength = confounder.Length + data.Length; using (var cleartextPool = CryptoPool.Rent <byte>(concatLength)) { var cleartext = Concat(confounder.Span, data.Span, cleartextPool.Memory.Slice(0, concatLength)); var encrypted = AESCTS.Encrypt( cleartext, Ke, AllZerosInitVector ); var checksum = MakeChecksum(cleartext, kerberosKey, usage, KeyDerivationMode.Ki, ChecksumSize); return(Concat(encrypted.Span, checksum.Span)); } }
public override ReadOnlyMemory <byte> Encrypt(ReadOnlyMemory <byte> data, KerberosKey kerberosKey, KeyUsage usage) { var key = kerberosKey.GetKey(this); var Ke = DK(key, usage, KeyDerivationMode.Ke); var cleartext = new Memory <byte>(new byte[ConfounderSize + data.Length]); var confounder = GenerateRandomBytes(ConfounderSize); confounder.CopyTo(cleartext.Slice(0, ConfounderSize)); data.CopyTo(cleartext.Slice(ConfounderSize, data.Length)); var encrypted = AESCTS.Encrypt( cleartext.ToArray(), Ke, AllZerosInitVector ); var checksum = MakeChecksum(cleartext.ToArray(), key, usage, KeyDerivationMode.Ki, ChecksumSize); return(new ReadOnlyMemory <byte>(encrypted.Concat(checksum).ToArray())); }