Exemple #1
0
        protected virtual byte[] DecryptWith(byte[] workBuffer, int[] workLens, byte[] key, byte[] iv, KeyUsage usage)
        {
            var confounderLen = workLens[0];
            var checksumLen   = workLens[1];
            var dataLen       = workLens[2];

            byte[] Ki;
            byte[] Ke;

            var constant = new byte[5];

            KerberosHash.ConvertToBigEndian((int)usage, constant, 0);

            constant[4] = 170;

            var encryptor = (AESEncryptor)Encryptor;

            Ke = encryptor.DK(key, constant);

            constant[4] = 85;

            Ki = encryptor.DK(key, constant);

            var tmpEnc = new byte[confounderLen + dataLen];

            Buffer.BlockCopy(workBuffer, 0, tmpEnc, 0, (confounderLen + dataLen));

            var checksum = new byte[checksumLen];

            Buffer.BlockCopy(workBuffer, confounderLen + dataLen, checksum, 0, checksumLen);

            encryptor.Decrypt(Ke, iv, tmpEnc);

            var newChecksum = MakeChecksum(Ki, tmpEnc, checksumLen);

            if (!KerberosHash.AreEqualSlow(checksum, newChecksum))
            {
                throw new SecurityException("Invalid checksum");
            }

            var data = new byte[dataLen];

            Buffer.BlockCopy(tmpEnc, confounderLen, data, 0, dataLen);

            return(data);
        }
Exemple #2
0
        private static byte[] Decrypt(byte[] k1, byte[] ciphertext, KeyUsage keyType)
        {
            var salt = GetSalt((int)keyType);

            var k2 = KerberosHash.HMACMD5(k1, salt);

            var checksum = new byte[HashSize];

            Buffer.BlockCopy(ciphertext, 0, checksum, 0, HashSize);

            var k3 = KerberosHash.HMACMD5(k2, checksum);

            var ciphertextOffset = new byte[ciphertext.Length - HashSize];

            Buffer.BlockCopy(ciphertext, HashSize, ciphertextOffset, 0, ciphertextOffset.Length);

            var plaintext = RC4.Decrypt(k3, ciphertextOffset);

            var calculatedHmac = KerberosHash.HMACMD5(k2, plaintext);

            var invalidChecksum = false;

            if (calculatedHmac.Length >= HashSize)
            {
                for (var i = 0; i < HashSize; i++)
                {
                    if (calculatedHmac[i] != ciphertext[i])
                    {
                        invalidChecksum = true;
                    }
                }
            }

            if (invalidChecksum)
            {
                throw new SecurityException("Invalid Checksum");
            }

            var output = new byte[plaintext.Length - ConfounderSize];

            Buffer.BlockCopy(plaintext, ConfounderSize, output, 0, output.Length);

            return(output);
        }
Exemple #3
0
 public byte[] String2Key(KerberosKey key)
 {
     return(KerberosHash.MD4(key.Password));
 }
Exemple #4
0
        private static string Hash(string value)
        {
            var hash = KerberosHash.SHA256(value);

            return(ToBase64UrlString(hash));
        }