public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage)
{
var cipherLength = cipher.Length - this.ChecksumSize;
var encrypted = cipher.Slice(0, cipherLength);
var expectedChecksum = cipher.Slice(cipherLength, this.ChecksumSize);
var checksumDataLength = AllZerosInitVector.Length + encrypted.Length;
using (var checksumDataRented = CryptoPool.Rent <byte>(checksumDataLength))
{
var checksumData = checksumDataRented.Memory.Slice(0, checksumDataLength);
Concat(AllZerosInitVector.Span, encrypted.Span, checksumData);
var actualChecksum = this.MakeChecksum(checksumData, kerberosKey, usage, KeyDerivationMode.Ki, this.ChecksumSize);
if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span))
{
throw new SecurityException("Invalid checksum");
}
}
var ke = this.GetOrDeriveKey(kerberosKey, usage, KeyDerivationMode.Ke);
var decrypted = AESCTS.Decrypt(
encrypted,
ke,
AllZerosInitVector
);
return(decrypted.Slice(this.ConfounderSize, cipherLength - this.ConfounderSize));
}
public override ReadOnlyMemory <byte> Decrypt(ReadOnlyMemory <byte> cipher, KerberosKey kerberosKey, KeyUsage usage)
{
var cipherLength = cipher.Length - this.ChecksumSize;
var ke = this.GetOrDeriveKey(kerberosKey, usage, KeyDerivationMode.Ke);
var decrypted = AESCTS.Decrypt(
cipher.Slice(0, cipherLength),
ke,
AllZerosInitVector
);
var actualChecksum = this.MakeChecksum(decrypted, kerberosKey, usage, KeyDerivationMode.Ki, this.ChecksumSize);
var expectedChecksum = cipher.Slice(cipherLength, this.ChecksumSize);
if (!AreEqualSlow(expectedChecksum.Span, actualChecksum.Span))
{
throw new SecurityException("Invalid checksum");
}
return(decrypted.Slice(this.ConfounderSize, cipherLength - this.ConfounderSize));
}
public void Decrypt(byte[] key, byte[] iv, byte[] tmpEnc)
{
var output = AESCTS.Decrypt(tmpEnc, key, iv);
Buffer.BlockCopy(output, 0, tmpEnc, 0, output.Length);
}
