public static KrbChecksum Create(ReadOnlyMemory <byte> data, KerberosKey key, KeyUsage ku, ChecksumType type = 0)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (type == 0)
{
type = CryptoService.ConvertType(key.EncryptionType);
}
var checksum = CryptoService.CreateChecksum(type, signatureData: data);
if (checksum == null)
{
throw new InvalidOperationException($"CryptoService couldn't create a transform for type {type}");
}
checksum.Usage = ku;
checksum.Sign(key);
return(new KrbChecksum
{
Checksum = checksum.Signature,
Type = type
});
}
internal void Sign(Memory <byte> pacUnsigned, KerberosKey key)
{
this.Validator = CryptoService.CreateChecksum(this.Type, this.Signature, pacUnsigned);
this.Validator.Sign(key);
this.Signature = MemoryMarshal.AsMemory(this.Validator.Signature);
this.IsDirty = true;
}
private static void AssertChecksum(string plaintextHex, string keyHex, string checksumHex, ChecksumType type)
{
var hmac = CryptoService.CreateChecksum(type, HexToByte(checksumHex), HexToByte(plaintextHex));
hmac.Usage = KeyUsage.Ticket;
var key = new KerberosKey(HexToByte(keyHex));
hmac.Validate(key);
}
private static byte[] SetSignatureValue(ChecksumType type, Func <int, byte[]> setterFunc)
{
var checksum = CryptoService.CreateChecksum(type);
if (checksum == null)
{
throw new InvalidOperationException($"Unknown checksum type {type}");
}
return(setterFunc(checksum.ChecksumSize));
}
public override void ReadBody(NdrBinaryStream stream)
{
Type = (ChecksumType)stream.ReadUnsignedInt();
SignaturePosition = (int)stream.Position;
Signature = SetSignatureValue(Type, size => stream.Read(size));
Validator = CryptoService.CreateChecksum(Type, Signature, signatureData);
if (stream.Position < stream.Length)
{
RODCIdentifier = stream.ReadShort();
}
}
public override void Unmarshal(ReadOnlyMemory <byte> bytes)
{
var stream = new NdrBuffer(bytes);
Type = (ChecksumType)stream.ReadInt32LittleEndian();
SignaturePosition = stream.Offset;
Signature = SetSignatureValue(Type, size => stream.ReadFixedPrimitiveArray <byte>(size).ToArray());
Validator = CryptoService.CreateChecksum(Type, Signature, SignatureData);
if (stream.BytesAvailable > 0)
{
RODCIdentifier = stream.ReadInt16LittleEndian();
}
}
public static KrbChecksum Create(ReadOnlyMemory <byte> data, KerberosKey key, KeyUsage ku, ChecksumType type = 0)
{
if (type == 0)
{
type = CryptoService.ConvertType(key.EncryptionType);
}
var checksum = CryptoService.CreateChecksum(type, signatureData: data);
checksum.Usage = ku;
checksum.Sign(key);
return(new KrbChecksum
{
Checksum = checksum.Signature,
Type = type
});
}
