RepoMirrors
/
DSInternals
mirror of https://github.com/MichaelGrafnetter/DSInternals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DSInternals/Src/DSInternals.Replication/ReplicationSecretDecryptor.cs

60 lines
1.8 KiB
C#
Raw Normal View History

Initial source commit
2015-12-26 22:44:43 +00:00
using DSInternals.Common;
using DSInternals.Common.Cryptography;
using System;
namespace DSInternals.Replication
{
public class ReplicationSecretDecryptor : DirectorySecretDecryptor
{
private const int SaltOffset = 0;
private const int BlobMinSize = SaltSize + 1;
private byte[] key;
public override byte[] CurrentKey
{
get
{
return this.key;
}
}
public override SecretEncryptionType EncryptionType
{
get
{
Prepared for Windows Server 2016
2016-01-02 15:27:44 +00:00
return SecretEncryptionType.ReplicationRC4WithSalt;
Initial source commit
2015-12-26 22:44:43 +00:00
}
}
public ReplicationSecretDecryptor(byte[] key)
{
Resolved #35: Replication does not work for Protected Users
2017-03-19 06:55:01 +00:00
Validator.AssertNotNull(key, "key");
// Session key size: NTLM - 16B, Kerberos - 32B
Validator.AssertMinLength(key, KeySize, "key");
Initial source commit
2015-12-26 22:44:43 +00:00
this.key = key;
}
public override byte[] DecryptSecret(byte[] blob)
{
// Blob structure: Salt (16B), Encrypted secret (rest)
Validator.AssertMinLength(blob, BlobMinSize, "blob");
// Extract salt and the actual encrypted data from the blob
byte[] salt = blob.Cut(SaltOffset, SaltSize);
byte[] encryptedSecret = blob.Cut(SaltOffset + SaltSize);
// Perform decryption
byte[] decryptedBlob = DecryptUsingRC4(encryptedSecret, salt, this.CurrentKey);
// The blob is prepended with CRC
byte[] decryptedSecret;
uint expectedCrc = BitConverter.ToUInt32(decryptedBlob, 0);
decryptedSecret = decryptedBlob.Cut(sizeof(uint));
Validator.AssertCrcMatches(decryptedSecret, expectedCrc);
return decryptedSecret;
}
}
}