public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
ICipherParameters key;
this.forEncryption = forEncryption;
if (parameters is AeadParameters)
{
AeadParameters parameters3 = (AeadParameters)parameters;
this.nonce = parameters3.GetNonce();
this.initialAssociatedText = parameters3.GetAssociatedText();
this.macSize = parameters3.MacSize / 8;
key = parameters3.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to CCM");
}
ParametersWithIV hiv = (ParametersWithIV)parameters;
this.nonce = hiv.GetIV();
this.initialAssociatedText = null;
this.macSize = this.macBlock.Length / 2;
key = hiv.Parameters;
}
if (key != null)
{
this.keyParam = key;
}
if (((this.nonce == null) || (this.nonce.Length < 7)) || (this.nonce.Length > 13))
{
throw new ArgumentException("nonce must have length from 7 to 13 octets");
}
this.Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
ICipherParameters cipherParameters;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
this.nonce = aeadParameters.GetNonce();
this.initialAssociatedText = aeadParameters.GetAssociatedText();
this.macSize = aeadParameters.MacSize / 8;
cipherParameters = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to CCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
this.nonce = parametersWithIV.GetIV();
this.initialAssociatedText = null;
this.macSize = this.macBlock.Length / 2;
cipherParameters = parametersWithIV.Parameters;
}
if (cipherParameters != null)
{
this.keyParam = cipherParameters;
}
if (this.nonce == null || this.nonce.Length < 7 || this.nonce.Length > 13)
{
throw new ArgumentException("nonce must have length from 7 to 13 octets");
}
this.Reset();
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
associatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
associatedText = null;
macSize = macBlock.Length / 2;
keyParam = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to CCM");
}
}
public void Init(bool pEncrypt,
ICipherParameters cipherParameters)
{
/* Set defaults */
byte[] myInitialAEAD = null;
byte[] myNonce = null;
KeyParameter myKey = null;
/* Access parameters */
if (cipherParameters is AeadParameters)
{
AeadParameters myAEAD = (AeadParameters)cipherParameters;
myInitialAEAD = myAEAD.GetAssociatedText();
myNonce = myAEAD.GetNonce();
myKey = myAEAD.Key;
}
else if (cipherParameters is ParametersWithIV)
{
ParametersWithIV myParms = (ParametersWithIV)cipherParameters;
myNonce = myParms.GetIV();
myKey = (KeyParameter)myParms.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM_SIV");
}
/* Check nonceSize */
if (myNonce == null || myNonce.Length != NONCELEN)
{
throw new ArgumentException("Invalid nonce");
}
/* Check keysize */
if (myKey == null)
{
throw new ArgumentException("Invalid key");
}
byte[] k = myKey.GetKey();
if (k.Length != BUFLEN &&
k.Length != (BUFLEN << 1))
{
throw new ArgumentException("Invalid key");
}
/* Reset details */
forEncryption = pEncrypt;
theInitialAEAD = myInitialAEAD;
theNonce = myNonce;
/* Initialise the keys */
deriveKeys(myKey);
resetStreams();
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
KeyParameter keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305");
}
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
// Geneate the key
ChaChaX tmpCypher = new ChaChaX();
byte[] zero = new byte[32];
byte[] polyKey = new byte[32];
ParametersWithIV tmpKey = new ParametersWithIV(keyParam, nonce);
tmpCypher.Init(true, tmpKey);
tmpCypher.ProcessBytes(zero, 0, zero.Length, polyKey, 0);
poly = new Poly1305();
KeyParameter tmpKey2 = new KeyParameter(polyKey);
poly.Init(tmpKey2);
chacha20 = new ChaChaX();
chacha20.Init(forEncryption, tmpKey);
InitCipher();
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
byte[] nonce;
ICipherParameters keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = mac.GetMacSize() / 2;
keyParam = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to EAX");
}
byte[] tag = new byte[blockSize];
// Key reuse implemented in CBC mode of underlying CMac
mac.Init(keyParam);
tag[blockSize - 1] = (byte)Tag.N;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(nonce, 0, nonce.Length);
mac.DoFinal(nonceMac, 0);
tag[blockSize - 1] = (byte)Tag.H;
mac.BlockUpdate(tag, 0, blockSize);
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
// Same BlockCipher underlies this and the mac, so reuse last key on cipher
cipher.Init(true, new ParametersWithIV(null, nonceMac));
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
byte[] nonce, associatedText;
ICipherParameters keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
associatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
associatedText = new byte[0];
macSize = mac.GetMacSize() / 2;
keyParam = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to EAX");
}
byte[] tag = new byte[blockSize];
mac.Init(keyParam);
tag[blockSize - 1] = (byte)Tag.H;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(associatedText, 0, associatedText.Length);
mac.DoFinal(associatedTextMac, 0);
tag[blockSize - 1] = (byte)Tag.N;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(nonce, 0, nonce.Length);
mac.DoFinal(nonceMac, 0);
tag[blockSize - 1] = (byte)Tag.C;
mac.BlockUpdate(tag, 0, blockSize);
cipher.Init(true, new ParametersWithIV(keyParam, nonceMac));
}
public void Init(bool forEncryption, ICipherParameters parameters)
{
Reset();
this.forEncryption = forEncryption;
ICipherParameters cipherParameters;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
if (param.MacSize > 512 || param.MacSize < 64)
{
throw new ArgumentException("invalid mac size parameter passed to KCCM");
}
macSize = param.MacSize / 8;
cipherParameters = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = cipher.GetBlockSize();
cipherParameters = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to KCCM");
}
// NOTE: Very basic support for key re-use, but no performance gain from it
if (cipherParameters != null)
{
keyParam = cipherParameters;
}
this.mac = new byte[macSize];
cipher.Init(true, keyParam);
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
ICipherParameters cipherParameters;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
cipherParameters = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = macBlock.Length / 2;
cipherParameters = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to CCM");
}
// NOTE: Very basic support for key re-use, but no performance gain from it
if (cipherParameters != null)
{
keyParam = cipherParameters;
}
if (nonce == null || nonce.Length < 7 || nonce.Length > 13)
{
throw new ArgumentException("nonce must have length from 7 to 13 octets");
}
Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
ICipherParameters cipherParameters;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
if (param.MacSize > MAX_MAC_BIT_LENGTH || param.MacSize < MIN_MAC_BIT_LENGTH || param.MacSize % 8 != 0)
{
throw new ArgumentException("Invalid mac size specified");
}
nonce = param.GetNonce();
macSize = param.MacSize / BITS_IN_BYTE;
initialAssociatedText = param.GetAssociatedText();
cipherParameters = param.Key;
}
else if (parameters is ParametersWithIV)
{
nonce = ((ParametersWithIV)parameters).GetIV();
macSize = engine.GetBlockSize(); // use default blockSize for MAC if it is not specified
initialAssociatedText = null;
cipherParameters = ((ParametersWithIV)parameters).Parameters;
}
else
{
throw new ArgumentException("Invalid parameters specified");
}
this.mac = new byte[macSize];
this.forEncryption = forEncryption;
engine.Init(true, cipherParameters);
counter[0] = 0x01; // defined in standard
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
//IL_007e: Unknown result type (might be due to invalid IL or missing references)
this.forEncryption = forEncryption;
byte[] array;
ICipherParameters parameters2;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
array = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
macSize = aeadParameters.MacSize / 8;
parameters2 = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to EAX");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
array = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = mac.GetMacSize() / 2;
parameters2 = parametersWithIV.Parameters;
}
bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)];
byte[] array2 = new byte[blockSize];
mac.Init(parameters2);
array2[blockSize - 1] = 0;
mac.BlockUpdate(array2, 0, blockSize);
mac.BlockUpdate(array, 0, array.Length);
mac.DoFinal(nonceMac, 0);
cipher.Init(forEncryption: true, new ParametersWithIV(null, nonceMac));
Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
//IL_0085: Unknown result type (might be due to invalid IL or missing references)
//IL_00b9: Unknown result type (might be due to invalid IL or missing references)
this.forEncryption = forEncryption;
ICipherParameters cipherParameters;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
nonce = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
macSize = aeadParameters.MacSize / 8;
cipherParameters = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to CCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
nonce = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = macBlock.Length / 2;
cipherParameters = parametersWithIV.Parameters;
}
if (cipherParameters != null)
{
keyParam = cipherParameters;
}
if (nonce == null || nonce.Length < 7 || nonce.Length > 13)
{
throw new ArgumentException("nonce must have length from 7 to 13 octets");
}
Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
byte[] nonce;
ICipherParameters key;
this.forEncryption = forEncryption;
if (parameters is AeadParameters)
{
AeadParameters parameters3 = (AeadParameters)parameters;
nonce = parameters3.GetNonce();
this.initialAssociatedText = parameters3.GetAssociatedText();
this.macSize = parameters3.MacSize / 8;
key = parameters3.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to EAX");
}
ParametersWithIV hiv = (ParametersWithIV)parameters;
nonce = hiv.GetIV();
this.initialAssociatedText = null;
this.macSize = this.mac.GetMacSize() / 2;
key = hiv.Parameters;
}
this.bufBlock = new byte[!forEncryption ? (this.blockSize + this.macSize) : this.blockSize];
byte[] input = new byte[this.blockSize];
this.mac.Init(key);
input[this.blockSize - 1] = 0;
this.mac.BlockUpdate(input, 0, this.blockSize);
this.mac.BlockUpdate(nonce, 0, nonce.Length);
this.mac.DoFinal(this.nonceMac, 0);
this.cipher.Init(true, new ParametersWithIV(null, this.nonceMac));
this.Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
byte[] array;
ICipherParameters parameters2;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
array = aeadParameters.GetNonce();
this.initialAssociatedText = aeadParameters.GetAssociatedText();
this.macSize = aeadParameters.MacSize / 8;
parameters2 = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to EAX");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
array = parametersWithIV.GetIV();
this.initialAssociatedText = null;
this.macSize = this.mac.GetMacSize() / 2;
parameters2 = parametersWithIV.Parameters;
}
this.bufBlock = new byte[forEncryption ? this.blockSize : (this.blockSize + this.macSize)];
byte[] array2 = new byte[this.blockSize];
this.mac.Init(parameters2);
array2[this.blockSize - 1] = 0;
this.mac.BlockUpdate(array2, 0, this.blockSize);
this.mac.BlockUpdate(array, 0, array.Length);
this.mac.DoFinal(this.nonceMac, 0);
this.cipher.Init(true, new ParametersWithIV(null, this.nonceMac));
this.Reset();
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
//IL_005e: Unknown result type (might be due to invalid IL or missing references)
//IL_00b3: Unknown result type (might be due to invalid IL or missing references)
//IL_00f0: Unknown result type (might be due to invalid IL or missing references)
//IL_0154: Unknown result type (might be due to invalid IL or missing references)
this.forEncryption = forEncryption;
macBlock = null;
KeyParameter keyParameter;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
nonce = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 32 || num > 128 || num % 8 != 0)
{
throw new ArgumentException(string.Concat((object)"Invalid value for MAC size: ", (object)num));
}
macSize = num / 8;
keyParameter = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
nonce = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
int num2 = (forEncryption ? 16 : (16 + macSize));
bufBlock = new byte[num2];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (keyParameter != null)
{
cipher.Init(forEncryption: true, keyParameter);
H = new byte[16];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
exp = null;
}
else if (H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
J0 = new byte[16];
if (nonce.Length == 12)
{
global::System.Array.Copy((global::System.Array)nonce, 0, (global::System.Array)J0, 0, nonce.Length);
J0[15] = 1;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] array = new byte[16];
Pack.UInt64_To_BE((ulong)nonce.Length * 8uL, array, 8);
gHASHBlock(J0, array);
}
S = new byte[16];
S_at = new byte[16];
S_atPre = new byte[16];
atBlock = new byte[16];
atBlockPos = 0;
atLength = 0uL;
atLengthPre = 0uL;
counter = Arrays.Clone(J0);
bufOff = 0;
totalLength = 0uL;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
// Token: 0x060000E0 RID: 224 RVA: 0x00007CA0 File Offset: 0x00005EA0
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
this.initialised = true;
if (!(parameters is AeadParameters))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
AeadParameters aeadParameters = (AeadParameters)parameters;
byte[] array = aeadParameters.GetNonce();
this.initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 32 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
this.macSize = num / 8;
KeyParameter key = aeadParameters.Key;
int num2 = forEncryption ? 16 : (16 + this.macSize);
this.bufBlock = new byte[num2];
if (array == null || array.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (forEncryption && this.nonce != null && Arrays.AreEqual(this.nonce, array))
{
if (key == null)
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
if (this.lastKey != null && Arrays.AreEqual(this.lastKey, key.GetKey()))
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
}
this.nonce = array;
if (key != null)
{
this.lastKey = key.GetKey();
}
if (key != null)
{
this.cipher.Init(true, key);
this.H = new byte[16];
this.cipher.ProcessBlock(this.H, 0, this.H, 0);
this.multiplier.Init(this.H);
this.exp = null;
}
else if (this.H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
this.J0 = new byte[16];
if (this.nonce.Length == 12)
{
Array.Copy(this.nonce, 0, this.J0, 0, this.nonce.Length);
this.J0[15] = 1;
}
else
{
this.gHASH(this.J0, this.nonce, this.nonce.Length);
byte[] array2 = new byte[16];
Pack.UInt64_To_BE((ulong)((long)this.nonce.Length * 8L), array2, 8);
this.gHASHBlock(this.J0, array2);
}
this.S = new byte[16];
this.S_at = new byte[16];
this.S_atPre = new byte[16];
this.atBlock = new byte[16];
this.atBlockPos = 0;
this.atLength = 0UL;
this.atLengthPre = 0UL;
this.counter = Arrays.Clone(this.J0);
this.blocksRemaining = 4294967294U;
this.bufOff = 0;
this.totalLength = 0UL;
if (this.initialAssociatedText != null)
{
this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
bool oldForEncryption = this.forEncryption;
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParameter;
byte[] N;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
N = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int macSizeBits = aeadParameters.MacSize;
if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParameter = aeadParameters.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
N = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to OCB");
}
this.hashBlock = new byte[16];
this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];
if (N == null)
{
N = new byte[0];
}
if (N.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
/*
* KEY-DEPENDENT INITIALISATION
*/
if (keyParameter != null)
{
// hashCipher always used in forward mode
hashCipher.Init(true, keyParameter);
mainCipher.Init(forEncryption, keyParameter);
KtopInput = null;
}
else if (oldForEncryption != forEncryption)
{
throw new ArgumentException("cannot change encrypting state without providing key.");
}
this.L_Asterisk = new byte[16];
hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);
this.L_Dollar = OCB_double(L_Asterisk);
this.L = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList();
this.L.Add(OCB_double(L_Dollar));
/*
* NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
*/
int bottom = ProcessNonce(N);
int bits = bottom % 8, bytes = bottom / 8;
if (bits == 0)
{
Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
}
else
{
for (int i = 0; i < 16; ++i)
{
uint b1 = Stretch[bytes];
uint b2 = Stretch[++bytes];
this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
}
}
this.hashBlockPos = 0;
this.mainBlockPos = 0;
this.hashBlockCount = 0;
this.mainBlockCount = 0;
this.OffsetHASH = new byte[16];
this.Sum = new byte[16];
Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16);
this.Checksum = new byte[16];
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
/// <remarks>
/// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
/// Sizes less than 96 are not recommended, but are supported for specialized applications.
/// </remarks>
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
// TODO Restrict macSize to 16 if nonce length not 12?
// Cipher always used in forward mode
// if keyParam is null we're reusing the last key.
if (keyParam != null)
{
cipher.Init(true, keyParam);
this.H = new byte[BlockSize];
cipher.ProcessBlock(H, 0, H, 0);
// if keyParam is null we're reusing the last key and the multiplier doesn't need re-init
multiplier.Init(H);
exp = null;
}
else if (this.H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
this.J0 = new byte[BlockSize];
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[BlockSize - 1] = 0x01;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] X = new byte[BlockSize];
Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8);
gHASHBlock(J0, X);
}
this.S = new byte[BlockSize];
this.S_at = new byte[BlockSize];
this.S_atPre = new byte[BlockSize];
this.atBlock = new byte[BlockSize];
this.atBlockPos = 0;
this.atLength = 0;
this.atLengthPre = 0;
this.counter = Arrays.Clone(J0);
this.bufOff = 0;
this.totalLength = 0;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
macBlock = null;
initialised = true;
byte[] array = null;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
array = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 32 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
macSize = num / 8;
KeyParameter key = aeadParameters.Key;
int num2 = forEncryption ? 16 : (16 + macSize);
bufBlock = new byte[num2];
if (array == null || array.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (forEncryption && nonce != null && Arrays.AreEqual(nonce, array))
{
if (key == null)
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
if (lastKey != null && Arrays.AreEqual(lastKey, key.GetKey()))
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
}
nonce = array;
if (key != null)
{
lastKey = key.GetKey();
}
if (key != null)
{
cipher.Init(forEncryption: true, key);
H = new byte[16];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
exp = null;
}
else if (H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
J0 = new byte[16];
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
J0[15] = 1;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] array2 = new byte[16];
Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array2, 8);
gHASHBlock(J0, array2);
}
S = new byte[16];
S_at = new byte[16];
S_atPre = new byte[16];
atBlock = new byte[16];
atBlockPos = 0;
atLength = 0uL;
atLengthPre = 0uL;
counter = Arrays.Clone(J0);
blocksRemaining = 4294967294u;
bufOff = 0;
totalLength = 0uL;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
return;
}
throw new ArgumentException("invalid parameters passed to GCM");
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macSize = 16; // TODO Make configurable?
this.macBlock = null;
// TODO If macSize limitation is removed, be very careful about bufBlock
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
A = param.GetAssociatedText();
// macSize = param.getMacSize() / 8;
if (param.MacSize != 128)
{
// TODO Make configurable?
throw new ArgumentException("only 128-bit MAC supported currently");
}
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
A = null;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (A == null)
{
// Avoid lots of null checks
A = new byte[0];
}
// Cipher always used input forward mode
cipher.Init(true, keyParam);
// TODO This should be configurable by Init parameters
// (but must be 16 if nonce length not 12) (BlockSize?)
// this.tagLength = 16;
byte[] h = new byte[BlockSize];
cipher.ProcessBlock(Zeroes, 0, h, 0);
//trace("H: " + new string(Hex.encode(h)));
this.H = new BigInteger(1, h);
this.initS = gHASH(A, false);
if (nonce.Length == 12)
{
this.J0 = new byte[16];
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[15] = 0x01;
}
else
{
BigInteger N = gHASH(nonce, true);
BigInteger X = BigInteger.ValueOf(nonce.Length * 8);
//trace("len({})||len(IV): " + dumpBigInt(X));
N = multiply(N.Xor(X), H);
//trace("GHASH(H,{},IV): " + dumpBigInt(N));
this.J0 = asBlock(N);
}
this.S = initS;
this.counter = Arrays.Clone(J0);
//trace("Y" + yCount + ": " + new string(Hex.encode(counter)));
this.bufOff = 0;
this.totalLength = 0;
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
KeyParameter key;
byte[] nonce;
bool flag = this.forEncryption;
this.forEncryption = forEncryption;
this.macBlock = null;
if (parameters is AeadParameters)
{
AeadParameters parameters2 = (AeadParameters)parameters;
nonce = parameters2.GetNonce();
this.initialAssociatedText = parameters2.GetAssociatedText();
int macSize = parameters2.MacSize;
if (((macSize < 0x40) || (macSize > 0x80)) || ((macSize % 8) != 0))
{
throw new ArgumentException("Invalid value for MAC size: " + macSize);
}
this.macSize = macSize / 8;
key = parameters2.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to OCB");
}
ParametersWithIV hiv = (ParametersWithIV)parameters;
nonce = hiv.GetIV();
this.initialAssociatedText = null;
this.macSize = 0x10;
key = (KeyParameter)hiv.Parameters;
}
this.hashBlock = new byte[0x10];
this.mainBlock = new byte[!forEncryption ? (0x10 + this.macSize) : 0x10];
if (nonce == null)
{
nonce = new byte[0];
}
if (nonce.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
if (key != null)
{
this.hashCipher.Init(true, key);
this.mainCipher.Init(forEncryption, key);
this.KtopInput = null;
}
else if (flag != forEncryption)
{
throw new ArgumentException("cannot change encrypting state without providing key.");
}
this.L_Asterisk = new byte[0x10];
this.hashCipher.ProcessBlock(this.L_Asterisk, 0, this.L_Asterisk, 0);
this.L_Dollar = OCB_double(this.L_Asterisk);
this.L = Platform.CreateArrayList();
this.L.Add(OCB_double(this.L_Dollar));
int num2 = this.ProcessNonce(nonce);
int num3 = num2 % 8;
int sourceIndex = num2 / 8;
if (num3 == 0)
{
Array.Copy(this.Stretch, sourceIndex, this.OffsetMAIN_0, 0, 0x10);
}
else
{
for (int i = 0; i < 0x10; i++)
{
uint num6 = this.Stretch[sourceIndex];
uint num7 = this.Stretch[++sourceIndex];
this.OffsetMAIN_0[i] = (byte)((num6 << num3) | (num7 >> (8 - num3)));
}
}
this.hashBlockPos = 0;
this.mainBlockPos = 0;
this.hashBlockCount = 0L;
this.mainBlockCount = 0L;
this.OffsetHASH = new byte[0x10];
this.Sum = new byte[0x10];
Array.Copy(this.OffsetMAIN_0, 0, this.OffsetMAIN, 0, 0x10);
this.Checksum = new byte[0x10];
if (this.initialAssociatedText != null)
{
this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length);
}
}
/// <remarks>
/// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
/// Sizes less than 96 are not recommended, but are supported for specialized applications.
/// </remarks>
public /*virtual*/ void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
//this.macBlock = null;
if (this.macBlock != null)
{
Array.Clear(this.macBlock, 0, this.macBlock.Length);
}
this.initialised = true;
KeyParameter keyParam;
byte[] newNonce = null;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
newNonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
newNonce = param.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
this.bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
if (this.bufBlock == null || this.bufLength < this.bufBlock.Length)
{
BufferPool.Resize(ref this.bufBlock, this.bufLength, true, true);
}
if (newNonce == null || newNonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (forEncryption)
{
if (nonce != null && Arrays.AreEqual(nonce, newNonce))
{
if (keyParam == null)
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
if (lastKey != null && Arrays.AreEqual(lastKey, keyParam.GetKey()))
{
throw new ArgumentException("cannot reuse nonce for GCM encryption");
}
}
}
nonce = newNonce;
if (keyParam != null)
{
lastKey = keyParam.GetKey();
}
// TODO Restrict macSize to 16 if nonce length not 12?
// Cipher always used in forward mode
// if keyParam is null we're reusing the last key.
if (keyParam != null)
{
cipher.Init(true, keyParam);
if (this.H == null)
{
this.H = new byte[BlockSize];
}
else
{
Array.Clear(this.H, 0, BlockSize);
}
cipher.ProcessBlock(H, 0, H, 0);
// if keyParam is null we're reusing the last key and the multiplier doesn't need re-init
Tables8kGcmMultiplier_Init(H);
exp = null;
}
else if (this.H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
if (this.J0 == null)
{
this.J0 = new byte[BlockSize];
}
else
{
Array.Clear(this.J0, 0, BlockSize);
}
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[BlockSize - 1] = 0x01;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] X = BufferPool.Get(BlockSize, false);
Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8);
gHASHBlock(J0, X);
BufferPool.Release(X);
}
//BufferPool.Resize(ref this.S, BlockSize, false, true);
//BufferPool.Resize(ref this.S_at, BlockSize, false, true);
//BufferPool.Resize(ref this.S_atPre, BlockSize, false, true);
//BufferPool.Resize(ref this.atBlock, BlockSize, false, true);
if (this.S == null)
{
this.S = new byte[BlockSize];
}
else
{
Array.Clear(this.S, 0, this.S.Length);
}
if (this.S_at == null)
{
this.S_at = new byte[BlockSize];
}
else
{
Array.Clear(this.S_at, 0, this.S_at.Length);
}
if (this.S_atPre == null)
{
this.S_atPre = new byte[BlockSize];
}
else
{
Array.Clear(this.S_atPre, 0, this.S_atPre.Length);
}
if (this.atBlock == null)
{
this.atBlock = new byte[BlockSize];
}
else
{
Array.Clear(this.atBlock, 0, this.atBlock.Length);
}
this.atBlockPos = 0;
this.atLength = 0;
this.atLengthPre = 0;
//this.counter = Arrays.Clone(J0);
//BufferPool.Resize(ref this.counter, BlockSize, false, true);
if (this.counter == null)
{
this.counter = new byte[BlockSize];
}
else
{
Array.Clear(this.counter, 0, this.counter.Length);
}
Array.Copy(this.J0, 0, this.counter, 0, BlockSize);
this.blocksRemaining = uint.MaxValue - 1; // page 8, len(P) <= 2^39 - 256, 1 block used by tag
this.bufOff = 0;
this.totalLength = 0;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
bool flag = this.forEncryption;
this.forEncryption = forEncryption;
macBlock = null;
byte[] array;
KeyParameter keyParameter;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
array = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 64 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
macSize = num / 8;
keyParameter = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to OCB");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
array = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
hashBlock = new byte[16];
mainBlock = new byte[(!forEncryption) ? (16 + macSize) : 16];
if (array == null)
{
array = new byte[0];
}
if (array.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
if (keyParameter != null)
{
hashCipher.Init(forEncryption: true, keyParameter);
mainCipher.Init(forEncryption, keyParameter);
KtopInput = null;
}
else if (flag != forEncryption)
{
throw new ArgumentException("cannot change encrypting state without providing key.");
}
L_Asterisk = new byte[16];
hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);
L_Dollar = OCB_double(L_Asterisk);
L = Platform.CreateArrayList();
L.Add(OCB_double(L_Dollar));
int num2 = ProcessNonce(array);
int num3 = num2 % 8;
int num4 = num2 / 8;
if (num3 == 0)
{
Array.Copy(Stretch, num4, OffsetMAIN_0, 0, 16);
}
else
{
for (int i = 0; i < 16; i++)
{
uint num5 = Stretch[num4];
uint num6 = Stretch[++num4];
OffsetMAIN_0[i] = (byte)((num5 << num3) | (num6 >> 8 - num3));
}
}
hashBlockPos = 0;
mainBlockPos = 0;
hashBlockCount = 0L;
mainBlockCount = 0L;
OffsetHASH = new byte[16];
Sum = new byte[16];
Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16);
Checksum = new byte[16];
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
A = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
A = null;
macSize = 16;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (A == null)
{
// Avoid lots of null checks
A = new byte[0];
}
// Cipher always used in forward mode
cipher.Init(true, keyParam);
// TODO This should be configurable by Init parameters
// (but must be 16 if nonce length not 12) (BlockSize?)
// this.tagLength = 16;
this.H = new byte[BlockSize];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
this.initS = gHASH(A);
if (nonce.Length == 12)
{
this.J0 = new byte[16];
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[15] = 0x01;
}
else
{
this.J0 = gHASH(nonce);
byte[] X = new byte[16];
packLength((ulong)nonce.Length * 8UL, X, 8);
GcmUtilities.Xor(this.J0, X);
multiplier.MultiplyH(this.J0);
}
this.S = Arrays.Clone(initS);
this.counter = Arrays.Clone(J0);
this.bufOff = 0;
this.totalLength = 0;
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
KeyParameter initKeyParam;
byte[] initNonce;
ICipherParameters chacha20Params;
if (parameters is AeadParameters)
{
AeadParameters aeadParams = (AeadParameters)parameters;
int macSizeBits = aeadParams.MacSize;
if ((MacSize * 8) != macSizeBits)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
initKeyParam = aeadParams.Key;
initNonce = aeadParams.GetNonce();
chacha20Params = new ParametersWithIV(initKeyParam, initNonce);
this.mInitialAad = aeadParams.GetAssociatedText();
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV ivParams = (ParametersWithIV)parameters;
initKeyParam = (KeyParameter)ivParams.Parameters;
initNonce = ivParams.GetIV();
chacha20Params = ivParams;
this.mInitialAad = null;
}
else
{
throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305", "parameters");
}
// Validate key
if (null == initKeyParam)
{
if (State.Uninitialized == mState)
{
throw new ArgumentException("Key must be specified in initial init");
}
}
else
{
if (KeySize != initKeyParam.GetKey().Length)
{
throw new ArgumentException("Key must be 256 bits");
}
}
// Validate nonce
if (null == initNonce || NonceSize != initNonce.Length)
{
throw new ArgumentException("Nonce must be 96 bits");
}
// Check for encryption with reused nonce
if (State.Uninitialized != mState && forEncryption && Arrays.AreEqual(mNonce, initNonce))
{
if (null == initKeyParam || Arrays.AreEqual(mKey, initKeyParam.GetKey()))
{
throw new ArgumentException("cannot reuse nonce for ChaCha20Poly1305 encryption");
}
}
if (null != initKeyParam)
{
Array.Copy(initKeyParam.GetKey(), 0, mKey, 0, KeySize);
}
Array.Copy(initNonce, 0, mNonce, 0, NonceSize);
mChacha20.Init(true, chacha20Params);
this.mState = forEncryption ? State.EncInit : State.DecInit;
Reset(true, false);
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParameter;
byte[] N;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
N = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int macSizeBits = aeadParameters.MacSize;
if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParameter = aeadParameters.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
N = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to OCB");
}
this.hashBlock = new byte[16];
this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];
if (N == null)
{
N = new byte[0];
}
if (N.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
/*
* KEY-DEPENDENT INITIALISATION
*/
// if keyParam is null we're reusing the last key.
if (keyParameter != null)
{
// TODO
}
// hashCipher always used in forward mode
hashCipher.Init(true, keyParameter);
mainCipher.Init(forEncryption, keyParameter);
this.L_Asterisk = new byte[16];
hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);
this.L_Dollar = OCB_double(L_Asterisk);
this.L = Platform.CreateArrayList();
this.L.Add(OCB_double(L_Dollar));
/*
* NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
*/
byte[] nonce = new byte[16];
Array.Copy(N, 0, nonce, nonce.Length - N.Length, N.Length);
nonce[0] = (byte)(macSize << 4);
nonce[15 - N.Length] |= 1;
int bottom = nonce[15] & 0x3F;
byte[] Ktop = new byte[16];
nonce[15] &= 0xC0;
hashCipher.ProcessBlock(nonce, 0, Ktop, 0);
byte[] Stretch = new byte[24];
Array.Copy(Ktop, 0, Stretch, 0, 16);
for (int i = 0; i < 8; ++i)
{
Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]);
}
this.OffsetMAIN_0 = new byte[16];
int bits = bottom % 8, bytes = bottom / 8;
if (bits == 0)
{
Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
}
else
{
for (int i = 0; i < 16; ++i)
{
uint b1 = Stretch[bytes];
uint b2 = Stretch[++bytes];
this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
}
}
this.hashBlockPos = 0;
this.mainBlockPos = 0;
this.hashBlockCount = 0;
this.mainBlockCount = 0;
this.OffsetHASH = new byte[16];
this.Sum = new byte[16];
this.OffsetMAIN = Arrays.Clone(this.OffsetMAIN_0);
this.Checksum = new byte[16];
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
KeyParameter key;
this.forEncryption = forEncryption;
this.macBlock = null;
if (parameters is AeadParameters)
{
AeadParameters parameters2 = (AeadParameters)parameters;
this.nonce = parameters2.GetNonce();
this.initialAssociatedText = parameters2.GetAssociatedText();
int macSize = parameters2.MacSize;
if (((macSize < 0x20) || (macSize > 0x80)) || ((macSize % 8) != 0))
{
throw new ArgumentException("Invalid value for MAC size: " + macSize);
}
this.macSize = macSize / 8;
key = parameters2.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV hiv = (ParametersWithIV)parameters;
this.nonce = hiv.GetIV();
this.initialAssociatedText = null;
this.macSize = 0x10;
key = (KeyParameter)hiv.Parameters;
}
int num2 = !forEncryption ? (0x10 + this.macSize) : 0x10;
this.bufBlock = new byte[num2];
if ((this.nonce == null) || (this.nonce.Length < 1))
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (key != null)
{
this.cipher.Init(true, key);
this.H = new byte[0x10];
this.cipher.ProcessBlock(this.H, 0, this.H, 0);
this.multiplier.Init(this.H);
this.exp = null;
}
else if (this.H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
this.J0 = new byte[0x10];
if (this.nonce.Length == 12)
{
Array.Copy(this.nonce, 0, this.J0, 0, this.nonce.Length);
this.J0[15] = 1;
}
else
{
this.gHASH(this.J0, this.nonce, this.nonce.Length);
byte[] bs = new byte[0x10];
Pack.UInt64_To_BE((ulong)(this.nonce.Length * 8L), bs, 8);
this.gHASHBlock(this.J0, bs);
}
this.S = new byte[0x10];
this.S_at = new byte[0x10];
this.S_atPre = new byte[0x10];
this.atBlock = new byte[0x10];
this.atBlockPos = 0;
this.atLength = 0L;
this.atLengthPre = 0L;
this.counter = Arrays.Clone(this.J0);
this.blocksRemaining = 0xfffffffe;
this.bufOff = 0;
this.totalLength = 0L;
if (this.initialAssociatedText != null)
{
this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length);
}
}
internal static AeadParameters ReuseKey(AeadParameters p)
{
return(new AeadParameters(null, p.MacSize, p.GetNonce(), p.GetAssociatedText()));
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
macBlock = null;
KeyParameter keyParameter;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
nonce = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 32 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
macSize = num / 8;
keyParameter = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
nonce = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
int num2 = (!forEncryption) ? (16 + macSize) : 16;
bufBlock = new byte[num2];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (keyParameter != null)
{
cipher.Init(forEncryption: true, keyParameter);
H = new byte[16];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
exp = null;
}
else if (H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
J0 = new byte[16];
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
J0[15] = 1;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] array = new byte[16];
Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array, 8);
gHASHBlock(J0, array);
}
S = new byte[16];
S_at = new byte[16];
S_atPre = new byte[16];
atBlock = new byte[16];
atBlockPos = 0;
atLength = 0uL;
atLengthPre = 0uL;
counter = Arrays.Clone(J0);
bufOff = 0;
totalLength = 0uL;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
KeyParameter engineParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
byte[] iv = param.GetNonce();
int diff = IV.Length - iv.Length;
Array.Copy(iv, 0, IV, diff, iv.Length);
Array.Clear(IV, 0, diff);
initialAssociatedText = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 64 || macSizeBits > cipher.GetBlockSize() * 8 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
engineParam = param.Key;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
byte[] iv = param.GetIV();
int diff = IV.Length - iv.Length;
Array.Copy(iv, 0, IV, diff, iv.Length);
Array.Clear(IV, 0, diff);
initialAssociatedText = null;
macSize = cipher.GetBlockSize();
engineParam = param.Parameters as KeyParameter;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
this.macBlock = new byte[cipher.GetBlockSize()];
ctrCipher.Init(true, new ParametersWithIV(engineParam, IV));
cipher.Init(true, engineParam);
}