private static byte[] Decrypt(byte[] k1, byte[] ciphertext, KeyUsage keyType)
{
var salt = GetSalt((int)keyType);
var k2 = KerberosHash.HMACMD5(k1, salt);
var checksum = new byte[HashSize];
Buffer.BlockCopy(ciphertext, 0, checksum, 0, HashSize);
var k3 = KerberosHash.HMACMD5(k2, checksum);
var ciphertextOffset = new byte[ciphertext.Length - HashSize];
Buffer.BlockCopy(ciphertext, HashSize, ciphertextOffset, 0, ciphertextOffset.Length);
var plaintext = RC4.Decrypt(k3, ciphertextOffset);
var calculatedHmac = KerberosHash.HMACMD5(k2, plaintext);
if (!KerberosHash.AreEqualSlow(calculatedHmac, ciphertext, calculatedHmac.Length))
{
throw new SecurityException("Invalid Checksum");
}
var output = new byte[plaintext.Length - ConfounderSize];
Buffer.BlockCopy(plaintext, ConfounderSize, output, 0, output.Length);
return(output);
}
protected override bool ValidateInternal(KerberosKey key)
{
var actualChecksum = KerberosHash.KerbChecksumHmacMd5(
key.GetKey(new MD4Encryptor()),
(int)KeyUsage.KU_PA_FOR_USER_ENC_CKSUM,
Pac
);
return(KerberosHash.AreEqualSlow(actualChecksum, Signature));
}
protected override bool ValidateInternal(KerberosKey key)
{
var constant = new byte[5];
KerberosHash.ConvertToBigEndian((int)KeyUsage.KU_PA_FOR_USER_ENC_CKSUM, constant, 0);
constant[4] = 0x99;
var Ki = encryptor.DK(key.GetKey(encryptor), constant);
var actualChecksum = decryptor.MakeChecksum(Ki, Pac, decryptor.ChecksumSize);
return(KerberosHash.AreEqualSlow(actualChecksum, Signature));
}
