private static byte[] Decrypt(byte[] k1, byte[] ciphertext, KeyUsage keyType) { var salt = GetSalt((int)keyType); var k2 = KerberosHash.HMACMD5(k1, salt); var checksum = new byte[HashSize]; Buffer.BlockCopy(ciphertext, 0, checksum, 0, HashSize); var k3 = KerberosHash.HMACMD5(k2, checksum); var ciphertextOffset = new byte[ciphertext.Length - HashSize]; Buffer.BlockCopy(ciphertext, HashSize, ciphertextOffset, 0, ciphertextOffset.Length); var plaintext = RC4.Decrypt(k3, ciphertextOffset); var calculatedHmac = KerberosHash.HMACMD5(k2, plaintext); if (!KerberosHash.AreEqualSlow(calculatedHmac, ciphertext, calculatedHmac.Length)) { throw new SecurityException("Invalid Checksum"); } var output = new byte[plaintext.Length - ConfounderSize]; Buffer.BlockCopy(plaintext, ConfounderSize, output, 0, output.Length); return(output); }
protected override bool ValidateInternal(KerberosKey key) { var actualChecksum = KerberosHash.KerbChecksumHmacMd5( key.GetKey(new MD4Encryptor()), (int)KeyUsage.KU_PA_FOR_USER_ENC_CKSUM, Pac ); return(KerberosHash.AreEqualSlow(actualChecksum, Signature)); }
protected override bool ValidateInternal(KerberosKey key) { var constant = new byte[5]; KerberosHash.ConvertToBigEndian((int)KeyUsage.KU_PA_FOR_USER_ENC_CKSUM, constant, 0); constant[4] = 0x99; var Ki = encryptor.DK(key.GetKey(encryptor), constant); var actualChecksum = decryptor.MakeChecksum(Ki, Pac, decryptor.ChecksumSize); return(KerberosHash.AreEqualSlow(actualChecksum, Signature)); }