internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
if (offset < 0 || offset > (payload == null ? 0 : payload.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'offset' out of range.");
}
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (payload == null ? 0 : payload.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'count' out of range.");
}
throw new ArgumentOutOfRangeException("count");
}
if (IsNTLM)
{
return(DecryptNtlm(payload, offset, count, out newOffset, expectedSeqNumber));
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(payload, offset, count, SecurityBufferType.Stream);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.Data);
int errorCode;
if (IsConfidentialityFlag)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
if (errorCode != 0)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != SecurityBufferType.Data)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}