public void Aes128_Encrypt_Sha256_Roundtrip()
{
/*
* Plaintext: (length equals block size)
* 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
* Confounder:
* 56 AB 21 71 3F F6 2C 0A 14 57 20 0F 6F A9 94 8F
* 128-bit AES key (Ke):
* 9B 19 7D D1 E8 C5 60 9D 6E 67 C3 E3 7C 62 C7 2E
* 128-bit HMAC key (Ki):
* 9F DA 0E 56 AB 2D 85 E1 56 9A 68 86 96 C2 6A 6C
* AES Output:
* 35 17 D6 40 F5 0D DC 8A D3 62 87 22 B3 56 9D 2A
* e0 74 93 FA 82 63 25 40 80 EA 65 C1 00 8E 8F C2
* Truncated HMAC Output:
* 95 FB 48 52 E7 D8 3E 1E 7C 48 C3 7E EB E6 B0 D3
* Ciphertext:
* 35 17 D6 40 F5 0D DC 8A D3 62 87 22 B3 56 9D 2A
* e0 74 93 FA 82 63 25 40 80 EA 65 C1 00 8E 8F C2
* 95 FB 48 52 E7 D8 3E 1E 7C 48 C3 7E EB E6 B0 D3
*/
var key = new KerberosKey(key: HexToByte(Aes128Sha256BaseKey), etype: EncryptionType.AES128_CTS_HMAC_SHA256_128);
var plaintext = HexToByte(CompleteOneBlock);
var expectedBytes = HexToByte("35 17 D6 40 F5 0D DC 8A D3 62 87 22 B3 56 9D 2A E0 74 93 FA 82 63 25 40 80 EA 65 C1 00 8E 8F C2 95 FB 48 52 E7 D8 3E 1E 7C 48 C3 7E EB E6 B0 D3");
AES128Sha256TransformerEx transformer = new AES128Sha256TransformerEx();
transformer.SetConfounder(HexToByte("56 AB 21 71 3F F6 2C 0A 14 57 20 0F 6F A9 94 8F"));
var output = transformer.Encrypt(
plaintext,
key,
KeyUsage.Ticket
);
AssertArrayEquals(expectedBytes, output);
var decrypted = transformer.Decrypt(output, key, KeyUsage.Ticket);
AssertArrayEquals(plaintext, decrypted);
}
public void Aes128_Sha256_Iter32768_Managed()
{
Rfc2898DeriveBytes.AttemptReflectionLookup = false;
Rfc2898DeriveBytes.RequireNativeImplementation = false;
/*
* Iteration count = 32768
* Pass phrase = "password"
* Saltp for creating 128-bit base-key:
* 61 65 73 31 32 38 2D 63 74 73 2D 68 6D 61 63 2D
* 73 68 61 32 35 36 2D 31 32 38 00 10 DF 9D D7 83
* e5 BC 8A CE A1 73 0E 74 35 5F 61 41 54 48 45 4E
* 41 2E 4D 49 54 2E 45 44 55 72 61 65 62 75 72 6E
*
* (The saltp is "aes128-cts-hmac-sha256-128" | 0x00 |
* random 16-byte valid UTF-8 sequence | "ATHENA.MIT.EDUraeburn")
* 128-bit base-key:
* 08 9B CA 48 B1 05 EA 6E A7 7C A5 D2 F3 9D C5 E7
*/
var expectedBytes = HexToByte("08 9B CA 48 B1 05 EA 6E A7 7C A5 D2 F3 9D C5 E7");
var saltBytes = HexToByte("10 DF 9D D7 83 E5 BC 8A CE A1 73 0E 74 35 5F 61 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 72 61 65 62 75 72 6E");
AES128Sha256TransformerEx transformer = new AES128Sha256TransformerEx();
var iterations = new byte[4];
BinaryPrimitives.WriteInt32BigEndian(iterations, 32768);
var key = transformer.String2Key(
new KerberosKey(
"password",
saltBytes: saltBytes,
etype: EncryptionType.AES128_CTS_HMAC_SHA256_128,
iterationParams: iterations
)
);
AssertArrayEquals(expectedBytes, key);
Assert.IsFalse(Rfc2898DeriveBytes.AttemptReflectionLookup);
}
public void Aes128_KeyDerivation_Integrity()
{
/*
* enctype aes128-cts-hmac-sha256-128:
* 128-bit base-key:
* 37 05 D9 60 80 C1 77 28 A0 E8 00 EA B6 E0 D2 3C
* Kc value for key usage 2 (label = 0x0000000299):
* B3 1A 01 8A 48 F5 47 76 F4 03 E9 A3 96 32 5D C3
* Ke value for key usage 2 (label = 0x00000002AA):
* 9B 19 7D D1 E8 C5 60 9D 6E 67 C3 E3 7C 62 C7 2E
* Ki value for key usage 2 (label = 0x0000000255):
* 9F DA 0E 56 AB 2D 85 E1 56 9A 68 86 96 C2 6A 6C
*/
var key = new KerberosKey(key: HexToByte(Aes128Sha256BaseKey));
var expected = HexToByte("9F DA 0E 56 AB 2D 85 E1 56 9A 68 86 96 C2 6A 6C");
var transformer = new AES128Sha256TransformerEx();
var derived = transformer.GetOrDeriveKey(key, KeyUsage.Ticket, KeyDerivationMode.Ki);
AssertArrayEquals(expected, derived);
}
