/// <summary> /// Derives cipher (encryption) and MAC (authentication) keys /// from a single pre-key using a key derivation function. /// </summary> /// <param name="preKey">Pre-key to stretch.</param> /// <param name="cipherKeySize">Cipher key size in bytes.</param> /// <param name="macKeySize">MAC key size in bytes.</param> /// <param name="kdfConfig">Key derivation function configuration.</param> /// <param name="cipherKey">Cipher key.</param> /// <param name="macKey">MAC key.</param> public static void DeriveWorkingKeys(byte[] preKey, int cipherKeySize, int macKeySize, KeyDerivationConfiguration kdfConfig, out byte[] cipherKey, out byte[] macKey) { // Derive the key which will be used for encrypting the manifest byte[] stretchedKeys = KdfFactory.DeriveKeyWithKdf(kdfConfig.FunctionName.ToEnum <KeyDerivationFunction>(), preKey, kdfConfig.Salt, cipherKeySize + macKeySize, kdfConfig.FunctionConfiguration); // Retrieve the working encryption & authentication subkeys from the stretched manifest key cipherKey = new byte[cipherKeySize]; macKey = new byte[macKeySize]; stretchedKeys.CopyBytes_NoChecks(0, cipherKey, 0, cipherKeySize); stretchedKeys.CopyBytes_NoChecks(cipherKeySize, macKey, 0, macKeySize); // Clear the pre-key and stretched manifest working combination key from memory preKey.SecureWipe(); stretchedKeys.SecureWipe(); }
public byte[] DeriveKey(byte[] key, int outputSize, KeyDerivationConfiguration config) { return(DeriveKeyWithConfig(key, config.Salt, outputSize, config.FunctionConfiguration)); }