public void ReferenceData(
string nonce,
string associatedData,
string plainText,
string cipherText,
string tag)
{
var aesOcb = new AesOcb(Convert.FromHexString("000102030405060708090A0B0C0D0E0F"));
byte[] plainTextBytes = Convert.FromHexString(plainText);
byte[] cipherTextBytes = new byte[plainTextBytes.Length];
byte[] tagBytes = new byte[16];
aesOcb.Encrypt(
Convert.FromHexString(nonce),
plainTextBytes,
cipherTextBytes,
tagBytes,
Convert.FromHexString(associatedData));
Assert.AreEqual(cipherText, Convert.ToHexString(cipherTextBytes));
Assert.AreEqual(tag, Convert.ToHexString(tagBytes));
cipherTextBytes = Convert.FromHexString(cipherText);
plainTextBytes = new byte[cipherTextBytes.Length];
aesOcb.Decrypt(
Convert.FromHexString(nonce),
cipherTextBytes,
Convert.FromHexString(tag),
plainTextBytes,
Convert.FromHexString(associatedData));
Assert.AreEqual(plainText, Convert.ToHexString(plainTextBytes));
}
private static byte[] GetDValue(SXprReader reader, KeyPacket publicKey, byte[] rawPassPhrase, string curveName)
{
string type;
reader.SkipOpenParenthesis();
string protection;
string?protectedAt = null;
S2k s2k;
byte[] iv;
byte[] secKeyData;
type = reader.ReadString();
if (type.Equals("protected", StringComparison.Ordinal))
{
protection = reader.ReadString();
reader.SkipOpenParenthesis();
s2k = reader.ParseS2k();
iv = reader.ReadBytes();
reader.SkipCloseParenthesis();
secKeyData = reader.ReadBytes();
reader.SkipCloseParenthesis();
reader.SkipOpenParenthesis();
if (reader.ReadString().Equals("protected-at", StringComparison.Ordinal))
{
protectedAt = reader.ReadString();
}
}
else
{
throw new PgpException("protected block not found");
}
byte[] data;
switch (protection)
{
case "openpgp-s2k3-sha1-aes256-cbc":
case "openpgp-s2k3-sha1-aes-cbc":
PgpSymmetricKeyAlgorithm symmAlg =
protection.Equals("openpgp-s2k3-sha1-aes256-cbc", StringComparison.Ordinal) ?
PgpSymmetricKeyAlgorithm.Aes256 :
PgpSymmetricKeyAlgorithm.Aes128;
using (var c = PgpUtilities.GetSymmetricAlgorithm(symmAlg))
{
var keyBytes = new byte[c.KeySize / 8];
S2kBasedEncryption.MakeKey(rawPassPhrase, PgpHashAlgorithm.Sha1, s2k.GetIV(), s2k.IterationCount, keyBytes);
c.Key = keyBytes;
c.IV = iv;
c.Mode = CipherMode.CBC;
using var decryptor = new ZeroPaddedCryptoTransform(c.CreateDecryptor());
data = decryptor.TransformFinalBlock(secKeyData, 0, secKeyData.Length);
// TODO: check SHA-1 hash.
}
break;
case "openpgp-s2k3-ocb-aes":
{
MemoryStream aad = new MemoryStream();
WriteSExprPublicKey(new SXprWriter(aad), publicKey, curveName, protectedAt);
var keyBytes = new byte[16];
S2kBasedEncryption.MakeKey(rawPassPhrase, PgpHashAlgorithm.Sha1, s2k.GetIV(), s2k.IterationCount, keyBytes);
using var aesOcb = new AesOcb(keyBytes);
data = new byte[secKeyData.Length - 16];
aesOcb.Decrypt(iv, secKeyData.AsSpan(0, secKeyData.Length - 16), secKeyData.AsSpan(secKeyData.Length - 16), data, aad.ToArray());
}
break;
case "openpgp-native":
default:
throw new PgpException(protection + " key format is not supported yet");
}
//
// parse the secret key S-expr
//
Stream keyIn = new MemoryStream(data, false);
reader = new SXprReader(keyIn);
reader.SkipOpenParenthesis();
reader.SkipOpenParenthesis();
reader.SkipOpenParenthesis();
String name = reader.ReadString();
return(reader.ReadBytes());
}
