public void Init(ICipherParameters parameters)
{
// setup AAD
var aadParam = parameters as AADParameter;
SecurityAssert.NotNull(aadParam);
var a = aadParam.AAD;
aSize = a.Length * 8;
// setup IV
var ivParam = aadParam.Parameters as IVParameter;
SecurityAssert.NotNull(ivParam);
var iv = ivParam.IV;
ivSize = iv.Length * 8;
// setup cipher
Cipher.Init(ivParam.Parameters);
// setup H subkey
h = new byte[16];
Cipher.EncryptBlock(new byte[16], 0, h, 0);
// setup tag hash
tagHash = new GHash(h);
tagHash.Update(a, 0, a.Length);
var tagAADPaddingLength = 16 - a.Length % 16;
tagHash.Update(new byte[tagAADPaddingLength], 0, tagAADPaddingLength);
// setup pre-counter block
if (iv.Length == 12)
{
// IV || 0^31 ||1
j0 = new byte[16];
Array.Copy(iv, j0, 12);
j0[15] = 1;
}
else
{
// GHASH_H(IV || 0^(s+64) || [len(IV)])
var j0PaddingLength = 8 + (16 - iv.Length % 16) % 16;
var j0Hash = new GHash(h);
j0Hash.Update(iv, 0, iv.Length);
j0Hash.Update(new byte[j0PaddingLength], 0, j0PaddingLength);
j0Hash.Update(EndianBitConverter.Big.GetBytes(ivSize), 0, sizeof(long));
j0 = j0Hash.Digest();
}
ctr = new CTRBlockCipher(Cipher);
ctr.Init(new IVParameter(null, j0));
ctr.Inc();
cSize = 0;
}
/**
* Used by both Dual EC and Hash.
*/
internal static byte[] HashDF(IDigest digest, byte[] seedMaterial, int seedLength)
{
// 1. temp = the Null string.
// 2. .
// 3. counter = an 8-bit binary value representing the integer "1".
// 4. For i = 1 to len do
// Comment : In step 4.1, no_of_bits_to_return
// is used as a 32-bit string.
// 4.1 temp = temp || Hash (counter || no_of_bits_to_return ||
// input_string).
// 4.2 counter = counter + 1.
// 5. requested_bits = Leftmost (no_of_bits_to_return) of temp.
// 6. Return SUCCESS and requested_bits.
byte[] temp = new byte[(seedLength + 7) / 8];
int len = temp.Length / digest.GetDigestSize();
int counter = 1;
byte[] dig = new byte[digest.GetDigestSize()];
for (int i = 0; i <= len; i++)
{
digest.Update((byte)counter);
digest.Update((byte)(seedLength >> 24));
digest.Update((byte)(seedLength >> 16));
digest.Update((byte)(seedLength >> 8));
digest.Update((byte)seedLength);
digest.BlockUpdate(seedMaterial, 0, seedMaterial.Length);
digest.DoFinal(dig, 0);
int bytesToCopy = ((temp.Length - i * dig.Length) > dig.Length)
? dig.Length
: (temp.Length - i * dig.Length);
Array.Copy(dig, 0, temp, i * dig.Length, bytesToCopy);
counter++;
}
// do a left shift to get rid of excess bits.
if (seedLength % 8 != 0)
{
int shift = 8 - (seedLength % 8);
uint carry = 0;
for (int i = 0; i != temp.Length; i++)
{
uint b = temp[i];
temp[i] = (byte)((b >> shift) | (carry << (8 - shift)));
carry = b;
}
}
return temp;
}
public static BigInteger CalculateX(IDigest digest, BigInteger N, byte[] salt, byte[] identity, byte[] password)
{
byte[] output = new byte[digest.GetDigestSize()];
digest.BlockUpdate(identity, 0, identity.Length);
digest.Update(0x3a);
digest.BlockUpdate(password, 0, password.Length);
digest.DoFinal(output, 0);
digest.BlockUpdate(salt, 0, salt.Length);
digest.BlockUpdate(output, 0, output.Length);
digest.DoFinal(output, 0);
return new BigInteger(1, output).Mod(N);
}
private byte[] MakeTestHash(
IDigest digest)
{
for (int i = 0; i < digest.GetDigestSize(); ++i)
{
digest.Update((byte) i);
}
digest.BlockUpdate(TestBytes, 0, TestBytes.Length);
return DigestUtilities.DoFinal(digest);
}
public override void WriteByte(byte b)
{
dig.Update(b);
}
/// <summary> update the internal digest with the byte b</summary>
public virtual void Update(
byte input)
{
contentDigest1.Update(input);
}
private void doUpdateByte(
byte b)
{
sig.Update(b);
dig.Update(b);
}
public static byte[] Digest(this IDigest dgst, byte[] input)
{
dgst.Update(input);
return(dgst.Digest());
}
private byte[] ComputeHash(byte[] password, byte[] salt, int saltOffset, int saltLen, byte[] userKey)
{
IDigest mdSha256 = DigestUtilities.GetDigest("SHA-256");
mdSha256.Update(password);
mdSha256.Update(salt, saltOffset, saltLen);
if (userKey != null)
{
mdSha256.Update(userKey);
}
byte[] k = mdSha256.Digest();
if (isPdf2)
{
// See 7.6.4.3.3 "Algorithm 2.B"
IDigest mdSha384 = DigestUtilities.GetDigest("SHA-384");
IDigest mdSha512 = DigestUtilities.GetDigest("SHA-512");
int userKeyLen = userKey != null ? userKey.Length : 0;
int passAndUserKeyLen = password.Length + userKeyLen;
// k1 repetition length
int k1RepLen;
int roundNum = 0;
while (true)
{
// a)
k1RepLen = passAndUserKeyLen + k.Length;
byte[] k1 = new byte[k1RepLen * 64];
Array.Copy(password, 0, k1, 0, password.Length);
Array.Copy(k, 0, k1, password.Length, k.Length);
if (userKey != null)
{
Array.Copy(userKey, 0, k1, password.Length + k.Length, userKeyLen);
}
for (int i = 1; i < 64; ++i)
{
Array.Copy(k1, 0, k1, k1RepLen * i, k1RepLen);
}
// b)
AESCipherCBCnoPad cipher = new AESCipherCBCnoPad(true, JavaUtil.ArraysCopyOf(k, 16), JavaUtil.ArraysCopyOfRange
(k, 16, 32));
byte[] e = cipher.ProcessBlock(k1, 0, k1.Length);
// c)
IDigest md = null;
BigInteger i_1 = new BigInteger(1, JavaUtil.ArraysCopyOf(e, 16));
int remainder = i_1.Remainder(BigInteger.ValueOf(3)).IntValue;
switch (remainder)
{
case 0: {
md = mdSha256;
break;
}
case 1: {
md = mdSha384;
break;
}
case 2: {
md = mdSha512;
break;
}
}
// d)
k = md.Digest(e);
++roundNum;
if (roundNum > 63)
{
// e)
// interpreting last byte as unsigned integer
int condVal = e[e.Length - 1] & 0xFF;
if (condVal <= roundNum - 32)
{
break;
}
}
}
k = k.Length == 32 ? k : JavaUtil.ArraysCopyOf(k, 32);
}
return(k);
}
/// <seealso cref="IDigest.Update"/>
public void Update(
byte input)
{
md5.Update(input);
sha1.Update(input);
}
void doTest(
string algorithm)
{
byte[] message = Encoding.ASCII.GetBytes("hello world");
IDigest digest = DigestUtilities.GetDigest(algorithm);
// byte[] result = digest.digest(message);
digest.BlockUpdate(message, 0, message.Length);
byte[] result = DigestUtilities.DoFinal(digest);
// byte[] result2 = digest.digest(message);
digest.BlockUpdate(message, 0, message.Length);
byte[] result2 = DigestUtilities.DoFinal(digest);
// test one digest the same message with the same instance
if (!AreEqual(result, result2))
{
Fail("Result object 1 not equal");
}
// test two, single byte updates
for (int i = 0; i < message.Length; i++)
{
digest.Update(message[i]);
}
// result2 = digest.digest();
result2 = DigestUtilities.DoFinal(digest);
if (!AreEqual(result, result2))
{
Fail("Result object 2 not equal");
}
// test three, two half updates
digest.BlockUpdate(message, 0, message.Length / 2);
digest.BlockUpdate(message, message.Length / 2, message.Length - message.Length / 2);
// result2 = digest.digest();
result2 = DigestUtilities.DoFinal(digest);
if (!AreEqual(result, result2))
{
Fail("Result object 3 not equal");
}
// TODO Should we support Clone'ing of digests?
// // test four, clone test
// digest.BlockUpdate(message, 0, message.Length/2);
// IDigest d = (IDigest)digest.Clone();
// digest.BlockUpdate(message, message.Length/2, message.Length-message.Length/2);
//// result2 = digest.digest();
// result2 = new byte[digest.GetDigestSize()];
// digest.DoFinal(result2, 0);
//
// if (!AreEqual(result, result2))
// {
// Fail("Result object 4(a) not equal");
// }
//
// d.BlockUpdate(message, message.Length/2, message.Length-message.Length/2);
//// result2 = d.digest();
// result2 = new byte[d.GetDigestSize()];
// d.DoFinal(result2, 0);
//
// if (!AreEqual(result, result2))
// {
// Fail("Result object 4(b) not equal");
// }
// test five, check reset() method
digest.BlockUpdate(message, 0, message.Length / 2);
digest.Reset();
digest.BlockUpdate(message, 0, message.Length / 2);
digest.BlockUpdate(message, message.Length / 2, message.Length - message.Length / 2);
// result2 = digest.digest();
result2 = DigestUtilities.DoFinal(digest);
if (!AreEqual(result, result2))
{
Fail("Result object 5 not equal");
}
}
/// <summary>
/// Update the digest with 1 byte
/// </summary>
///
/// <param name="Input">Input byte</param>
public void Update(byte Input)
{
m_msgDigest.Update(Input);
}
/// <summary>
/// Generates the KDF parameters.
/// Sess Sections 7 & 8 of RFC 6637 (http://tools.ietf.org/html/rfc6637) for more details
/// </summary>
/// <returns></returns>
private void UpdateDigestWithKDFParameters(IDigest digest)
{
var agreement = new ECDHBasicAgreement();
agreement.Init(_privateKey);
var zb = agreement.CalculateAgreement(_publicKey).ToByteArrayUnsigned();
digest.Update(0x00);
digest.Update(0x00);
digest.Update(0x00);
digest.Update(0x01);
digest.BlockUpdate(zb, 0, zb.Length);
var oid = _publicKey.PublicKeyParamSet.ToBytes();
digest.Update((byte)oid.Length);
digest.BlockUpdate(oid, 0, oid.Length);
digest.Update((byte)PublicKeyAlgorithmTag.Ecdh);
digest.Update(0x3);
digest.Update(0x1);
digest.Update((byte)_publicKey.HashAlgorithm);
digest.Update((byte)_publicKey.SymmetricKeyAlgorithm);
digest.BlockUpdate(_anonymousSender, 0, _anonymousSender.Length);
digest.BlockUpdate(_fingerPrint, 0, _fingerPrint.Length);
}
private void DoUpdateByte(
byte b)
{
_sig.Update(b);
_dig.Update(b);
}
private byte[] ComputeMAC(IDigest macAlgo, long seqNum, RecordType type, TlsVersion version, byte[] content)
{
macAlgo.Update(EndianBitConverter.Big.GetBytes(seqNum), 0, sizeof(long));
macAlgo.Update(new[] { (byte)type, version.Major, version.Major }, 0, 3);
macAlgo.Update(EndianBitConverter.Big.GetBytes((ushort)content.Length), 0, sizeof(ushort));
macAlgo.Update(content, 0, content.Length);
return macAlgo.Digest();
}
private void Init()
{
IBcpgKey key = publicPk.Key;
if (publicPk.Version <= 3)
{
RsaPublicBcpgKey rK = (RsaPublicBcpgKey)key;
this.keyId = rK.Modulus.LongValue;
try
{
IDigest digest = DigestUtilities.GetDigest("MD5");
byte[] bytes = rK.Modulus.ToByteArrayUnsigned();
digest.BlockUpdate(bytes, 0, bytes.Length);
bytes = rK.PublicExponent.ToByteArrayUnsigned();
digest.BlockUpdate(bytes, 0, bytes.Length);
this.fingerprint = DigestUtilities.DoFinal(digest);
}
//catch (NoSuchAlgorithmException)
catch (Exception e)
{
throw new IOException("can't find MD5", e);
}
this.keyStrength = rK.Modulus.BitLength;
}
else
{
byte[] kBytes = publicPk.GetEncodedContents();
try
{
IDigest digest = DigestUtilities.GetDigest("SHA1");
digest.Update(0x99);
digest.Update((byte)(kBytes.Length >> 8));
digest.Update((byte)kBytes.Length);
digest.BlockUpdate(kBytes, 0, kBytes.Length);
this.fingerprint = DigestUtilities.DoFinal(digest);
}
catch (Exception e)
{
throw new IOException("can't find SHA1", e);
}
this.keyId = (long)(((ulong)fingerprint[fingerprint.Length - 8] << 56)
| ((ulong)fingerprint[fingerprint.Length - 7] << 48)
| ((ulong)fingerprint[fingerprint.Length - 6] << 40)
| ((ulong)fingerprint[fingerprint.Length - 5] << 32)
| ((ulong)fingerprint[fingerprint.Length - 4] << 24)
| ((ulong)fingerprint[fingerprint.Length - 3] << 16)
| ((ulong)fingerprint[fingerprint.Length - 2] << 8)
| (ulong)fingerprint[fingerprint.Length - 1]);
if (key is RsaPublicBcpgKey)
{
this.keyStrength = ((RsaPublicBcpgKey)key).Modulus.BitLength;
}
else if (key is DsaPublicBcpgKey)
{
this.keyStrength = ((DsaPublicBcpgKey)key).P.BitLength;
}
else if (key is ElGamalPublicBcpgKey)
{
this.keyStrength = ((ElGamalPublicBcpgKey)key).P.BitLength;
}
}
}
private void DigestTest(IDigest Digest, string[] Expected)
{
byte[] hash = new byte[Digest.DigestSize];
for (int i = 0; i != _messages.Length; i++)
{
if (_messages.Length != 0)
{
byte[] data = HexConverter.Decode(_messages[i]);
Digest.BlockUpdate(data, 0, data.Length);
}
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[i]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[i] + " Received: " + HexConverter.ToString(hash));
}
byte[] k64 = new byte[1024 * 64];
for (int i = 0; i != k64.Length; i++)
k64[i] = (byte)'a';
Digest.BlockUpdate(k64, 0, k64.Length);
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[_messages.Length]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[_messages.Length] + " Received: " + HexConverter.ToString(hash));
for (int i = 0; i != k64.Length; i++)
Digest.Update((byte)'a');
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[_messages.Length]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[_messages.Length] + " Received: " + HexConverter.ToString(hash));
for (int i = 0; i != k64.Length; i++)
k64[i] = (byte)('a' + (i % 26));
Digest.BlockUpdate(k64, 0, k64.Length);
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[_messages.Length + 1]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[_messages.Length + 1] + " Received: " + HexConverter.ToString(hash));
for (int i = 0; i != 64; i++)
{
Digest.Update(k64[i * 1024]);
Digest.BlockUpdate(k64, i * 1024 + 1, 1023);
}
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[_messages.Length + 1]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[_messages.Length + 1] + " Received: " + HexConverter.ToString(hash));
DoFinalTest(Digest);
/*// very long test (passes)
for (int i = 0; i != 16384; i++)
{
for (int j = 0; j != 1024; j++)
Digest.BlockUpdate(_xtremeData, 0, _xtremeData.Length);
}
Digest.DoFinal(hash, 0);
if (Compare.AreEqual(HexConverter.Decode(Expected[_messages.Length + 2]), hash) == false)
throw new Exception("Keccak: Expected hash is not equal! Expected: " + Expected[_messages.Length + 2] + " Received: " + hash);*/
}
public virtual void Update(byte b)
{
prehash.Update(b);
}
/**
* Process one more byte of input data (message to sign).
*
* @param in the extra input byte
*/
public void update(byte @in)
{
dig.Update(@in);
}
public static void Update(this IDigest dgst, byte[] input)
{
dgst.Update(input, 0, input.Length);
}
private void TestDigest(IDigest digest, string[] expected)
{
byte[] hash = new byte[digest.GetDigestSize()];
for (int i = 0; i != messages.Length; i++)
{
if (messages.Length != 0)
{
byte[] data = Hex.Decode(messages[i]);
digest.BlockUpdate(data, 0, data.Length);
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[i]), hash))
{
Fail("sha3 mismatch on " + digest.AlgorithmName + " index " + i);
}
}
byte[] k64 = new byte[1024 * 64];
for (int i = 0; i != k64.Length; i++)
{
k64[i] = (byte)'a';
}
digest.BlockUpdate(k64, 0, k64.Length);
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length]), hash))
{
Fail("sha3 mismatch on " + digest.AlgorithmName + " 64k a");
}
for (int i = 0; i != k64.Length; i++)
{
digest.Update((byte)'a');
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length]), hash))
{
Fail("sha3 mismatch on " + digest.AlgorithmName + " 64k a single");
}
for (int i = 0; i != k64.Length; i++)
{
k64[i] = (byte)('a' + (i % 26));
}
digest.BlockUpdate(k64, 0, k64.Length);
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 1]), hash))
{
Fail("sha3 mismatch on " + digest.AlgorithmName + " 64k alpha");
}
for (int i = 0; i != 64; i++)
{
digest.Update(k64[i * 1024]);
digest.BlockUpdate(k64, i * 1024 + 1, 1023);
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 1]), hash))
{
Fail("sha3 mismatch on " + digest.AlgorithmName + " 64k chunked alpha");
}
TestDigestDoFinal(digest);
//
// extremely long data test
//
//Console.WriteLine("Starting very long");
//for (int i = 0; i != 16384; i++)
//{
// for (int j = 0; j != 1024; j++)
// {
// digest.BlockUpdate(xtremeData, 0, xtremeData.Length);
// }
//}
//digest.DoFinal(hash, 0);
//if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 2]), hash))
//{
// Fail("sha3 mismatch on " + digest.AlgorithmName + " extreme data test");
//}
//Console.WriteLine("Done");
}
public void Update(byte input)
{
baseDigest.Update(input);
}
public override void WriteByte(byte b)
{
mDigest.Update(b);
}
public virtual void Update(byte b)
{
digest.Update(b);
}
public virtual void Update(byte input)
{
mBaseDigest.Update(input);
}
public virtual void Update(byte input)
{
mMd5.Update(input);
mSha1.Update(input);
}
/**
* fill len bytes of the output buffer with bytes generated from
* the derivation function.
*
* @throws ArgumentException if the size of the request will cause an overflow.
* @throws DataLengthException if the out buffer is too small.
*/
public int GenerateBytes(
byte[] output,
int outOff,
int length)
{
if ((output.Length - length) < outOff)
{
throw new DataLengthException("output buffer too small");
}
long oBytes = length;
int outLen = digest.GetDigestSize();
//
// this is at odds with the standard implementation, the
// maximum value should be hBits * (2^32 - 1) where hBits
// is the digest output size in bits. We can't have an
// array with a long index at the moment...
//
if (oBytes > ((2L << 32) - 1))
{
throw new ArgumentException("Output length too large");
}
int cThreshold = (int)((oBytes + outLen - 1) / outLen);
byte[] dig = new byte[digest.GetDigestSize()];
int counter = counterStart;
for (int i = 0; i < cThreshold; i++)
{
digest.BlockUpdate(shared, 0, shared.Length);
digest.Update((byte)(counter >> 24));
digest.Update((byte)(counter >> 16));
digest.Update((byte)(counter >> 8));
digest.Update((byte)counter);
if (iv != null)
{
digest.BlockUpdate(iv, 0, iv.Length);
}
digest.DoFinal(dig, 0);
if (length > outLen)
{
Array.Copy(dig, 0, output, outOff, outLen);
outOff += outLen;
length -= outLen;
}
else
{
Array.Copy(dig, 0, output, outOff, length);
}
counter++;
}
digest.Reset();
return((int)oBytes);
}
/**
* update the internal digest with the byte b
*/
public void Update(
byte input)
{
digest.Update(input);
}
private void TestDigest(IDigest digest, string[] expected)
{
byte[] hash = new byte[digest.GetDigestSize()];
for (int i = 0; i != messages.Length; i++)
{
if (messages.Length != 0)
{
byte[] data = Hex.Decode(messages[i]);
digest.BlockUpdate(data, 0, data.Length);
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[i]), hash))
{
Fail("Keccak mismatch on " + digest.AlgorithmName + " index " + i);
}
}
byte[] k64 = new byte[1024 * 64];
for (int i = 0; i != k64.Length; i++)
{
k64[i] = (byte)'a';
}
digest.BlockUpdate(k64, 0, k64.Length);
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length]), hash))
{
Fail("Keccak mismatch on " + digest.AlgorithmName + " 64k a");
}
for (int i = 0; i != k64.Length; i++)
{
digest.Update((byte)'a');
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length]), hash))
{
Fail("Keccak mismatch on " + digest.AlgorithmName + " 64k a single");
}
for (int i = 0; i != k64.Length; i++)
{
k64[i] = (byte)('a' + (i % 26));
}
digest.BlockUpdate(k64, 0, k64.Length);
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 1]), hash))
{
Fail("Keccak mismatch on " + digest.AlgorithmName + " 64k alpha");
}
for (int i = 0; i != 64; i++)
{
digest.Update(k64[i * 1024]);
digest.BlockUpdate(k64, i * 1024 + 1, 1023);
}
digest.DoFinal(hash, 0);
if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 1]), hash))
{
Fail("Keccak mismatch on " + digest.AlgorithmName + " 64k chunked alpha");
}
TestDigestDoFinal(digest);
//
// extremely long data test
//
//Console.WriteLine("Starting very long");
//for (int i = 0; i != 16384; i++)
//{
// for (int j = 0; j != 1024; j++)
// {
// digest.BlockUpdate(xtremeData, 0, xtremeData.Length);
// }
//}
//digest.DoFinal(hash, 0);
//if (!Arrays.AreEqual(Hex.Decode(expected[messages.Length + 2]), hash))
//{
// Fail("Keccak mismatch on " + digest.AlgorithmName + " extreme data test");
//}
//Console.WriteLine("Done");
}
private static byte[] EMSA_PKCS1_v1_5_Encode(byte[] input, int emLen, IDigest hash)
{
hash.Update(input, 0, input.Length);
var h = hash.Digest();
byte[] t;
using (var mem = new MemoryStream())
{
var derWriter = new DERWriter(mem);
derWriter.Write(new ASN1Sequence(new ASN1Object[]
{
new ASN1Sequence(new ASN1Object[] {
hash.Id,
new ASN1Null()
}),
new ASN1OctetString(h)
}));
t = mem.ToArray();
}
SecurityAssert.SAssert(emLen >= t.Length + 11);
var ps = new byte[emLen - t.Length - 3];
SecurityAssert.SAssert(ps.Length >= 8);
for (var i = 0; i < ps.Length; i++) { ps[i] = 0xff; }
var em = new byte[emLen];
em[0] = 0;
em[1] = 1;
Array.Copy(ps, 0, em, 2, ps.Length);
em[ps.Length + 2] = 0;
Array.Copy(t, 0, em, ps.Length + 3, t.Length);
return em;
}
// TODO Move this when other JCE tests are ported from Java
/**
* signature with a "forged signature" (sig block not at end of plain text)
*/
private void doTestBadSig() //PrivateKey priv, PublicKey pub)
{
// Signature sig = Signature.getInstance("SHA1WithRSAEncryption", "BC");
ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
// KeyPairGenerator fact;
// KeyPair keyPair;
// byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
// fact = KeyPairGenerator.getInstance("RSA", "BC");
RsaKeyPairGenerator fact = new RsaKeyPairGenerator();
// fact.initialize(768, new SecureRandom());
RsaKeyGenerationParameters factParams = new RsaKeyGenerationParameters(
// BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);
BigInteger.ValueOf(3), new SecureRandom(), 768, 25);
fact.Init(factParams);
// keyPair = fact.generateKeyPair();
//
// PrivateKey signingKey = keyPair.getPrivate();
// PublicKey verifyKey = keyPair.getPublic();
IAsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair();
IAsymmetricKeyParameter priv = keyPair.Private;
IAsymmetricKeyParameter pub = keyPair.Public;
// testBadSig(signingKey, verifyKey);
// MessageDigest sha1 = MessageDigest.getInstance("SHA1", "BC");
IDigest sha1 = DigestUtilities.GetDigest("SHA1");
// Cipher signer = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
// IBufferedCipher signer = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding");
IAsymmetricBlockCipher signer = new Pkcs1Encoding(new RsaEngine());
// signer.init(Cipher.ENCRYPT_MODE, priv);
signer.Init(true, priv);
// byte[] block = new byte[signer.getBlockSize()];
// byte[] block = new byte[signer.GetBlockSize()];
byte[] block = new byte[signer.GetInputBlockSize()];
// sha1.update((byte)0);
sha1.Update(0);
// byte[] sigHeader = Hex.decode("3021300906052b0e03021a05000414");
byte[] sigHeader = Hex.Decode("3021300906052b0e03021a05000414");
// System.arraycopy(sigHeader, 0, block, 0, sigHeader.length);
Array.Copy(sigHeader, 0, block, 0, sigHeader.Length);
// sha1.digest(block, sigHeader.length, sha1.getDigestLength());
sha1.DoFinal(block, sigHeader.Length);
// System.arraycopy(sigHeader, 0, block,
// sigHeader.length + sha1.getDigestLength(), sigHeader.length);
Array.Copy(sigHeader, 0, block,
sigHeader.Length + sha1.GetDigestSize(), sigHeader.Length);
// byte[] sigBytes = signer.doFinal(block);
byte[] sigBytes = signer.ProcessBlock(block, 0, block.Length);
// Signature verifier = Signature.getInstance("SHA1WithRSA", "BC");
ISigner verifier = SignerUtilities.GetSigner("SHA1WithRSA");
// verifier.initVerify(pub);
verifier.Init(false, pub);
// verifier.update((byte)0);
verifier.Update(0);
// if (verifier.verify(sig))
if (verifier.VerifySignature(sigBytes))
{
// fail("bad signature passed");
Fail("bad signature passed");
}
}
