public byte[] Generate(byte[] agreed)
{
IMac prfMac;
if (prfAlgorithm == FipsPrfAlgorithm.AesCMac)
{
Internal.IBlockCipher aesEng = FipsAes.ENGINE_PROVIDER.CreateEngine(EngineUsage.GENERAL);
aesEng.Init(true, new KeyParameter(salt ?? new byte[16]));
prfMac = new CMac(aesEng);
prfMac.Init(null);
}
else
{
prfMac = FipsShs.CreateHmac((DigestAlgorithm)prfAlgorithm.BaseAlgorithm);
prfMac.Init(new KeyParameter(salt ?? new byte[((HMac)prfMac).GetUnderlyingDigest().GetByteLength()]));
}
byte[] mac = Macs.DoFinal(prfMac, agreed, 0, agreed.Length);
// ZEROIZE
Arrays.Fill(agreed, (byte)0);
return(mac);
}
/**
* Construct a SP800-90A CTR DRBG.
* <p>
* Minimum entropy requirement is the security strength requested.
* </p>
* @param engine underlying block cipher to use to support DRBG
* @param keySizeInBits size of the key to use with the block cipher.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
internal CtrSP800Drbg(Internal.IBlockCipher engine, int keySizeInBits, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce)
{
mEngine = engine;
mKeySizeInBits = keySizeInBits;
mSeedLength = keySizeInBits + engine.GetBlockSize() * 8;
mIsTDEA = isTDEA(engine);
init(securityStrength, entropySource, personalizationString, nonce);
}
internal static IBufferedCipher CreateBufferedCipher(string name, AlgorithmMode algorithmMode, IParametersWithIV <IParameters <Algorithm>, Algorithm> parameters, bool forEncryption, IEngineProvider <Internal.IBlockCipher> cipherProvider)
{
Internal.IBlockCipher baseCipher = cipherProvider.CreateEngine(GetUsage(forEncryption, algorithmMode));
Internal.IBlockCipher cipher;
switch (algorithmMode)
{
case AlgorithmMode.CBC:
cipher = new CbcBlockCipher(baseCipher);
break;
case AlgorithmMode.CS1:
return(new NistCtsBlockCipher(NistCtsBlockCipher.CS1, baseCipher));
case AlgorithmMode.CS2:
return(new NistCtsBlockCipher(NistCtsBlockCipher.CS2, baseCipher));
case AlgorithmMode.CS3:
return(new NistCtsBlockCipher(NistCtsBlockCipher.CS3, baseCipher));
case AlgorithmMode.CFB8:
cipher = new CfbBlockCipher(baseCipher, 8);
break;
case AlgorithmMode.CFB64:
cipher = new CfbBlockCipher(baseCipher, 64);
break;
case AlgorithmMode.CFB128:
cipher = new CfbBlockCipher(baseCipher, 128);
break;
case AlgorithmMode.OpenPGPCFB:
cipher = new OpenPgpCfbBlockCipher(baseCipher);
break;
case AlgorithmMode.OFB64:
cipher = new OfbBlockCipher(baseCipher, 64);
break;
case AlgorithmMode.OFB128:
cipher = new OfbBlockCipher(baseCipher, 128);
break;
case AlgorithmMode.CTR:
cipher = new SicBlockCipher(baseCipher);
break;
default:
throw new ArgumentException("Unknown algorithm mode passed to " + name + ".Provider: " + algorithmMode);
}
return(new BufferedBlockCipher(cipher));
}
internal static IAeadBlockCipher CreateAeadCipher(string name, AlgorithmMode algorithmMode, IParametersWithIV <IParameters <Algorithm>, Algorithm> parameters, bool forEncryption, IEngineProvider <Internal.IBlockCipher> cipherProvider)
{
Internal.IBlockCipher baseCipher = cipherProvider.CreateEngine(GetUsage(forEncryption, algorithmMode));
switch (algorithmMode)
{
case AlgorithmMode.CCM:
return(new CcmBlockCipher(baseCipher));
case AlgorithmMode.GCM:
return(new GcmBlockCipher(baseCipher));
default:
throw new ArgumentException("Unknown algorithm mode passed to " + name + ".Provider: " + algorithmMode);
}
}
internal static IWrapper CreateWrapper(string name, AlgorithmMode algorithmMode, bool useInverse, bool forWrapping, IEngineProvider <Internal.IBlockCipher> baseCipherProvider)
{
Internal.IBlockCipher baseCipher = baseCipherProvider.CreateEngine(GetWrapUsage(useInverse, forWrapping));
IWrapper cipher;
switch (algorithmMode)
{
case AlgorithmMode.WRAP:
cipher = new SP80038FWrapEngine(baseCipher, useInverse);
break;
case AlgorithmMode.WRAPPAD:
cipher = new SP80038FWrapWithPaddingEngine(baseCipher, useInverse);
break;
default:
throw new ArgumentException("Unknown wrapper algorithm passed to " + name + ".Provider: " + algorithmMode);
}
cipher.Init(forWrapping, null);
return(cipher);
}
