/// <summary>
/// Encrypt the plain text with the session key which can be obtained
/// from response message. The usage indicated in section 7 of RFC4210
/// and section 3 of RFC4757 is used to derive key from the session key.
/// </summary>
/// <param name="type">The encryption type selected.</param>
/// <param name="sessionKey">A session key used to encrypt and it can be obtained
/// from the KDC's response. This key size should be equal to the symmetric algorithm
/// key size. This argument can be null. If it is null, null will be returned.</param>
/// <param name="plainData">The text to be encrypted. This argument can be null.
/// If it is null, null will be returned.</param>
/// <param name="usage">A 32 bits integer used to derive the key.</param>
/// <param name="getToBeSignedDateCallback">
/// A callback to get to-be-signed data.
/// The method will use plain-text data directly if this parameter is null.
/// </param>
/// <returns>The cipher text.</returns>
internal static byte[] Encrypt(EncryptionType type, byte[] sessionKey, byte[] plainData, int usage, GetToBeSignedDataFunc getToBeSignedDateCallback)
{
switch (type)
{
case EncryptionType.AES128_CTS_HMAC_SHA1_96:
return(AesCtsHmacSha1Crypto.Encrypt(sessionKey, plainData, usage, AesKeyType.Aes128BitsKey, getToBeSignedDateCallback));
case EncryptionType.AES256_CTS_HMAC_SHA1_96:
return(AesCtsHmacSha1Crypto.Encrypt(sessionKey, plainData, usage, AesKeyType.Aes256BitsKey, getToBeSignedDateCallback));
case EncryptionType.DES_CBC_CRC:
return(DesCbcCrypto.Encrypt(sessionKey, plainData, EncryptionType.DES_CBC_CRC, getToBeSignedDateCallback));
case EncryptionType.DES_CBC_MD5:
return(DesCbcCrypto.Encrypt(sessionKey, plainData, EncryptionType.DES_CBC_MD5, getToBeSignedDateCallback));
case EncryptionType.RC4_HMAC:
return(Rc4HmacCrypto.Encrypt(sessionKey, plainData, usage, EncryptionType.RC4_HMAC, getToBeSignedDateCallback));
case EncryptionType.RC4_HMAC_EXP:
return(Rc4HmacCrypto.Encrypt(sessionKey, plainData, usage, EncryptionType.RC4_HMAC_EXP, getToBeSignedDateCallback));
default:
throw new ArgumentException("Unsupported encryption type.");
}
}
/// <summary>
/// Encrypt specified plain text to cypher, according to specified encryption type.
/// </summary>
/// <param name="key">The encrypt key.</param>
/// <param name="plain">The specified plain text.</param>
/// <param name="type">The specified encryption type.</param>
/// <returns>The encrypted cypher.</returns>
private static byte[] Encrypt(byte[] key, byte[] plain, EncryptionType_Values type)
{
switch (type)
{
case EncryptionType_Values.DES_CBC_CRC:
return(DesCbcCrypto.Encrypt(key, plain, EncryptionType.DES_CBC_CRC));
case EncryptionType_Values.DES_CBC_MD5:
return(DesCbcCrypto.Encrypt(key, plain, EncryptionType.DES_CBC_MD5));
case EncryptionType_Values.AES128_CTS_HMAC_SHA1_96:
return(AesCtsHmacSha1Crypto.Encrypt(key, plain, KerbNonKerbSalt, AesKeyType.Aes128BitsKey));
case EncryptionType_Values.AES256_CTS_HMAC_SHA1_96:
return(AesCtsHmacSha1Crypto.Encrypt(key, plain, KerbNonKerbSalt, AesKeyType.Aes256BitsKey));
case EncryptionType_Values.RC4_HMAC:
return(Rc4HmacCrypto.Encrypt(key, plain, KerbNonKerbSalt, EncryptionType.RC4_HMAC));
default:
throw new ArgumentOutOfRangeException("type");
}
}
