private KerberosKey(
byte[] key,
string password,
byte[] passwordBytes = null,
PrincipalName principalName = null,
string host = null,
string salt = null,
byte[] saltBytes = null,
EncryptionType etype = 0,
SaltType saltFormat = SaltType.ActiveDirectoryService,
byte[] iterationParams = null,
int?kvno = null
)
{
this.key = key;
this.Password = password;
this.passwordBytes = passwordBytes;
this.PrincipalName = principalName;
this.Host = host;
this.salt = salt;
this.saltBytes = saltBytes;
this.EncryptionType = etype;
this.SaltFormat = saltFormat;
this.IterationParameter = iterationParams;
this.Version = kvno;
}
public KerberosKey(
string password,
PrincipalName principalName = null,
string host = null,
string salt = null,
EncryptionType etype = 0,
SaltType saltType = SaltType.ActiveDirectoryService,
byte[] iterationParams = null
) : this(null, password, null, principalName, host, salt, etype, saltType, iterationParams)
{
}
public KerberosKey(
byte[] key = null,
byte[] password = null,
PrincipalName principal = null,
string host = null,
string salt = null,
EncryptionType etype = 0,
SaltType saltType = SaltType.ActiveDirectoryService,
byte[] iterationParams = null,
int?kvno = null
) : this(key, null, password, principal, host, salt, etype, saltType, iterationParams, kvno)
{
}
public string Crypt(string value, string salt, SaltType saltType)
{
string saltValue;
if (saltType == SaltType.Before)
{
saltValue = $"{salt}{value}";
}
else
{
saltValue = $"{value}{salt}";
}
return(Crypt(saltValue));
}
private static void AssertSaltGeneration(EncryptionType etype, SaltType saltType, byte[] expectedKey)
{
var key = new KerberosKey(
"P@ssw0rd!",
principalName: new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "domain.com", new string[] { "appservice" }),
host: "appservice",
etype: etype,
saltType: saltType
);
Assert.AreEqual(saltType, key.SaltFormat);
var gen = key.GetKey();
Assert.IsTrue(KerberosCryptoTransformer.AreEqualSlow(gen.Span, expectedKey));
}
public KerberosKey(
string password,
PrincipalName principalName = null,
string host = null,
string salt = null,
EncryptionType etype = 0,
SaltType saltType = SaltType.ActiveDirectoryService,
byte[] iterationParams = null,
int?kvno = null
)
: this(null, password, null, principalName, host, salt, etype, saltType, iterationParams, kvno)
{
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException(nameof(password));
}
}
public KerberosKey(
byte[] key = null,
byte[] password = null,
PrincipalName principal = null,
string host = null,
string salt = null,
EncryptionType etype = 0,
SaltType saltType = SaltType.ActiveDirectoryService,
byte[] iterationParams = null,
int?kvno = null
)
: this(key, null, password, principal, host, salt, etype, saltType, iterationParams, kvno)
{
if (key == null && password == null)
{
throw new ArgumentException("Either a key or password must be provided");
}
}
private static byte[] CreateKey(string password, SaltType saltType = SaltType.Undef)
{
string saltTest = null;
switch (saltType)
{
case SaltType.Undef:
saltTest =
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.";
break;
case SaltType.AesEncryption:
saltTest =
"These aren't the droids you're looking for.";
break;
case SaltType.Hmac:
saltTest =
"To deny our own impulses is to deny the very thing that makes us human.";
break;
default:
throw new Exception($"SaltType {saltType} is missing.");
}
var salt = Encoding.UTF8.GetBytes(saltTest);
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(password, salt, Config.Iterations);
return key.GetBytes(32);
}
public Salt(decimal quantity, DryMeasurement measurement, SaltType type)
{
Quantity = quantity;
Measurement = measurement;
SaltType = type;
}
