C# (CSharp) IDigest.DigestBuffer Beispiele

Beispiel #1

            public AEADResult EncryptFinal(AEADResult previousResult)
            {
                var output = previousResult.RemainingOutput;

                if (_bufferOffset != 0)
                {
                    output = EncryptBlock(output);
                }

                var tagCiphertextPaddingLength = (16 - (int)(_cSize / 8) % 16) % 16;

                _tagHash.Update(new byte[tagCiphertextPaddingLength]);
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_aSize));
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_cSize));

                var ctr = new CTRBlockCipher(_cipher);

                ctr.Init(new IVParameter(new NullCipherParameter(), _j0));

                var blockResult = ctr.EncryptBlock(_tagHash.DigestBuffer(), output);

                output = blockResult.RemainingOutput;

                return(new AEADResult(previousResult.RemainingInput, output));
            }

Beispiel #2

        public bool Verify(byte[] input, byte[] signature, IDigest hash)
        {
            if (_publicKey is null || _domain is null || _nField is null)
            {
                throw new InvalidOperationException("ECDSA not initialised");
            }

            FieldValue r, s;

            using (var buffer = new MemoryStream(signature))
            {
                var reader = new DERReader(buffer);

                var seq = reader.Read() as ASN1Sequence;
                SecurityAssert.NotNull(seq);
                SecurityAssert.Assert(seq !.Count == 2);

                var ri = seq.Elements[0] as ASN1Integer;
                SecurityAssert.NotNull(ri);
                r = _nField.Value(ri !.Value);
                SecurityAssert.Assert(r.Value == ri !.Value);

                var si = seq.Elements[1] as ASN1Integer;
                SecurityAssert.NotNull(si);
                s = _nField.Value(si !.Value);
                SecurityAssert.Assert(s.Value == si !.Value);
            }

            // check QA != O
            // check QA is on curve
            SecurityAssert.Assert(_domain.Curve.IsPointOnCurve(_publicKey));
            // check n*QA = O
            // check r and s are in [1, n-1]

            // e = HASH(input)
            hash.Update(input);
            var e = hash.DigestBuffer();

            // z = the Ln leftmost bits of e, where Ln is the bit length of the group order n.
            var z = ToZ(e, _ln);

            // w = 1/s (mod n)
            var w = _nField.Divide(_nField.Value(1), s);

            // u1 = zw (mod n)
            var u1 = _nField.Multiply(w, z);

            // u2 = rw (mod n)
            var u2 = _nField.Multiply(w, r);

            // (x1, y2) = u1 * G + u2 * QA
            var point = Point.Add(_domain.Curve,
                                  a: Point.Multiply(_domain.Curve, u1, _domain.Generator),
                                  b: Point.Multiply(_domain.Curve, u2, _publicKey)) !;

            // return r == x1 (mod n)
            return(r == point.X);
        }

Beispiel #3

        private byte[] ComputeMAC(IDigest macAlgo, long seqNum, RecordType type, TLSVersion version, byte[] content)
        {
            macAlgo.Update(EndianBitConverter.Big.GetBytes(seqNum));
            macAlgo.Update(new[] { (byte)type, version.Major, version.Major });
            macAlgo.Update(EndianBitConverter.Big.GetBytes((ushort)content.Length));
            macAlgo.Update(content);

            return(macAlgo.DigestBuffer());
        }

Beispiel #4

        public byte[] ComputeVerification(IDigest digest)
        {
            foreach (var message in _messages)
            {
                digest.Update(message);
            }

            return(digest.DigestBuffer());
        }

Beispiel #5

        public byte[] Sign(byte[] input, IDigest hash)
        {
            if (_privateKey is null || _domain is null || _nField is null)
            {
                throw new InvalidOperationException("ECDSA not initialised");
            }

            // e = HASH(input)
            hash.Update(input);
            var e = hash.DigestBuffer();

            // z = the Ln leftmost bits of e, where Ln is the bit length of the group order n.
            var z = ToZ(e, _ln).Value;

            // k = rand(1, n-1) <-- step 3
            var k = _domain.Curve.Field.Value(_random.RandomBig(_domain.Order - 1));

            // (x1, y1) = k * G
            var c = Point.Multiply(_domain.Curve, k, _domain.Generator);

            // r = x1 % n
            var r = c.X.Value % _domain.Order;

            // if r == 0 go to step 3
            if (r == 0)
            {
                throw new NotImplementedException();
            }

            // s = (1/k)(z + rdA) mod n
            var kInv = _nField.Divide(_nField.Value(1), k);
            var s    = _nField.Multiply(kInv, _nField.Value(z + r * _privateKey.Value)).Value;

            // if s == 0 go to step 3
            if (s == 0)
            {
                throw new NotImplementedException();
            }

            // return ASN1 SEQUENCE [r INTEGER, s INTEGER]
            using (var buffer = new MemoryStream())
            {
                var derWriter = new DERWriter(buffer);

                derWriter.Write(new ASN1Sequence(new[]
                {
                    new ASN1Integer(r),
                    new ASN1Integer(s),
                }));

                return(buffer.ToArray());
            }
        }

Beispiel #6

Datei: HMAC.cs Projekt: will14smith/crypto-core

        public void Digest(Span <byte> output)
        {
            SecurityAssert.Assert(_state == HMACState.InnerHashing);

            _state = HMACState.HashingDone;

            var innerHash = _digest.DigestBuffer();

            var oPadKey = XorKey(_key, 0x5c);

            _digest.Reset();
            _digest.Update(oPadKey);
            _digest.Update(innerHash);

            _digest.Digest(output);
        }

Beispiel #7

        internal static byte[] EMSA_PKCS1_v1_5_Encode(byte[] input, int emLen, IDigest hash)
        {
            hash.Update(input);
            var h = hash.DigestBuffer();

            byte[] t;
            using (var mem = new MemoryStream())
            {
                var derWriter = new DERWriter(mem);

                derWriter.Write(new ASN1Sequence(new ASN1Object[]
                {
                    new ASN1Sequence(new ASN1Object[] {
                        hash.Id,
                        new ASN1Null()
                    }),
                    new ASN1OctetString(h)
                }));

                t = mem.ToArray();
            }

            SecurityAssert.Assert(emLen >= t.Length + 11);

            var ps = new byte[emLen - t.Length - 3];

            SecurityAssert.Assert(ps.Length >= 8);
            for (var i = 0; i < ps.Length; i++)
            {
                ps[i] = 0xff;
            }

            var em = new byte[emLen];

            em[0] = 0;
            em[1] = 1;
            Array.Copy(ps, 0, em, 2, ps.Length);
            em[ps.Length + 2] = 0;
            Array.Copy(t, 0, em, ps.Length + 3, t.Length);

            return(em);
        }