static byte[] ComputeAuthenticator(SspiNegotiationTokenAuthenticatorState sspiState, byte[] key)
{
byte[] negotiationHash;
lock (sspiState.NegotiationDigest)
{
sspiState.NegotiationDigest.TransformFinalBlock(CryptoHelper.EmptyBuffer, 0, 0);
negotiationHash = sspiState.NegotiationDigest.Hash;
}
Psha1DerivedKeyGenerator generator = new Psha1DerivedKeyGenerator(key);
return(generator.GenerateDerivedKey(SecurityUtils.CombinedHashLabel, negotiationHash, SecurityNegotiationConstants.NegotiationAuthenticatorSize, 0));
}
public static byte[] ComputeCombinedKey(byte[] requestorEntropy, byte[] issuerEntropy, int keySizeInBits)
{
if (requestorEntropy == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestorEntropy");
}
if (issuerEntropy == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuerEntropy");
}
// Do a sanity check here. We don't want to allow invalid keys or keys that are too
// large.
if ((keySizeInBits < minSaneKeySizeInBits) || (keySizeInBits > maxSaneKeySizeInBits))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidKeySizeSpecifiedInNegotiation, keySizeInBits, minSaneKeySizeInBits, maxSaneKeySizeInBits)));
}
Psha1DerivedKeyGenerator generator = new Psha1DerivedKeyGenerator(requestorEntropy);
return(generator.GenerateDerivedKey(new byte[] { }, issuerEntropy, keySizeInBits, 0));
}
static bool IsCorrectAuthenticator(SspiNegotiationTokenProviderState sspiState, byte[] proofKey, byte[] serverAuthenticator)
{
byte[] negotiationHash;
lock (sspiState.NegotiationDigest)
{
sspiState.NegotiationDigest.TransformFinalBlock(CryptoHelper.EmptyBuffer, 0, 0);
negotiationHash = sspiState.NegotiationDigest.Hash;
}
Psha1DerivedKeyGenerator generator = new Psha1DerivedKeyGenerator(proofKey);
byte[] clientAuthenticator = generator.GenerateDerivedKey(SecurityUtils.CombinedHashLabel, negotiationHash, SecurityNegotiationConstants.NegotiationAuthenticatorSize, 0);
if (clientAuthenticator.Length != serverAuthenticator.Length)
{
return(false);
}
for (int i = 0; i < clientAuthenticator.Length; ++i)
{
if (clientAuthenticator[i] != serverAuthenticator[i])
{
return(false);
}
}
return(true);
}
internal static byte[] GenerateDerivedKey(byte[] key, byte[] label, byte[] nonce, int derivedKeySize, int position)
{
Psha1DerivedKeyGenerator psha1 = new Psha1DerivedKeyGenerator(key);
return psha1.GenerateDerivedKey(label, nonce, derivedKeySize, position);
}
internal static byte[] GenerateDerivedKey(byte[] key, byte[] label, byte[] nonce, int derivedKeySize, int position)
{
Psha1DerivedKeyGenerator psha1 = new Psha1DerivedKeyGenerator(key);
return(psha1.GenerateDerivedKey(label, nonce, derivedKeySize, position));
}
