private byte[] DecryptBlock( byte[] in_enc, int inOff, int inLen, byte[] z) { byte[] M = null; KeyParameter macKey = null; KdfParameters kParam = new KdfParameters(z, param.GetDerivationV()); int macKeySize = param.MacKeySize; kdf.Init(kParam); inLen -= mac.GetMacSize(); if (cipher == null) // stream mode { byte[] Buffer = GenerateKdfBytes(kParam, inLen + (macKeySize / 8)); M = new byte[inLen]; for (int i = 0; i != inLen; i++) { M[i] = (byte)(in_enc[inOff + i] ^ Buffer[i]); } macKey = new KeyParameter(Buffer, inLen, (macKeySize / 8)); } else { int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize; byte[] Buffer = GenerateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8)); cipher.Init(false, new KeyParameter(Buffer, 0, (cipherKeySize / 8))); M = cipher.DoFinal(in_enc, inOff, inLen); macKey = new KeyParameter(Buffer, (cipherKeySize / 8), (macKeySize / 8)); } byte[] macIV = param.GetEncodingV(); mac.Init(macKey); mac.BlockUpdate(in_enc, inOff, inLen); mac.BlockUpdate(macIV, 0, macIV.Length); mac.DoFinal(macBuf, 0); inOff += inLen; for (int t = 0; t < macBuf.Length; t++) { if (macBuf[t] != in_enc[inOff + t]) { throw (new InvalidCipherTextException("IMac codes failed to equal.")); } } return(M); }
private byte[] EncryptBlock(byte[] input, int inOff, int inLen, byte[] macData) { // Block cipher mode. byte[] k1 = new byte[((IesWithCipherParameters)_iesParameters).CipherKeySize / 8]; byte[] k2 = new byte[_iesParameters.MacKeySize / 8]; byte[] k = _kdfKey; Array.Copy(k, 0, k1, 0, k1.Length); Array.Copy(k, k1.Length, k2, 0, k2.Length); _cipher.Init(true, new ParametersWithIV(new KeyParameter(k1), _iv)); byte[] c = new byte[_cipher.GetOutputSize(inLen)]; int len = _cipher.ProcessBytes(input, inOff, inLen, c, 0); len += _cipher.DoFinal(c, len); // Convert the length of the encoding vector into a byte array. byte[] p2 = _iesParameters.GetEncodingV(); // Apply the MAC. byte[] T = new byte[_mac.GetMacSize()]; byte[] k2A = new byte[_hash.GetDigestSize()]; _hash.Reset(); _hash.BlockUpdate(k2, 0, k2.Length); _hash.DoFinal(k2A, 0); _mac.Init(new KeyParameter(k2A)); _mac.BlockUpdate(_iv, 0, _iv.Length); _mac.BlockUpdate(c, 0, c.Length); if (p2 != null) { _mac.BlockUpdate(p2, 0, p2.Length); } if (macData != null) { _mac.BlockUpdate(macData, 0, macData.Length); } _mac.DoFinal(T, 0); // Output the double (C,T). byte[] output = new byte[len + T.Length]; Array.Copy(c, 0, output, 0, len); Array.Copy(T, 0, output, len, T.Length); return(output); }
private byte[] DecryptBlock(byte[] in_enc, int inOff, int inLen, byte[] z) { byte[] array = null; KeyParameter keyParameter = null; KdfParameters kdfParameters = new KdfParameters(z, param.GetDerivationV()); int macKeySize = param.MacKeySize; kdf.Init(kdfParameters); if (inLen < mac.GetMacSize()) { throw new InvalidCipherTextException("Length of input must be greater than the MAC"); } inLen -= mac.GetMacSize(); if (cipher == null) { byte[] array2 = GenerateKdfBytes(kdfParameters, inLen + macKeySize / 8); array = new byte[inLen]; for (int i = 0; i != inLen; i++) { array[i] = (byte)(in_enc[inOff + i] ^ array2[i]); } keyParameter = new KeyParameter(array2, inLen, macKeySize / 8); } else { int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize; byte[] key = GenerateKdfBytes(kdfParameters, cipherKeySize / 8 + macKeySize / 8); cipher.Init(forEncryption: false, new KeyParameter(key, 0, cipherKeySize / 8)); array = cipher.DoFinal(in_enc, inOff, inLen); keyParameter = new KeyParameter(key, cipherKeySize / 8, macKeySize / 8); } byte[] encodingV = param.GetEncodingV(); mac.Init(keyParameter); mac.BlockUpdate(in_enc, inOff, inLen); mac.BlockUpdate(encodingV, 0, encodingV.Length); mac.DoFinal(macBuf, 0); inOff += inLen; byte[] a = Arrays.CopyOfRange(in_enc, inOff, inOff + macBuf.Length); if (!Arrays.ConstantTimeAreEqual(a, macBuf)) { throw new InvalidCipherTextException("Invalid MAC."); } return(array); }
private byte[] DecryptBlock( byte[] in_enc, int inOff, int inLen, byte[] z) { byte[] M = null; KeyParameter macKey = null; KdfParameters kParam = new KdfParameters(z, param.GetDerivationV()); int macKeySize = param.MacKeySize; kdf.Init(kParam); // Ensure that the length of the input is greater than the MAC in bytes if (inLen < mac.GetMacSize()) { throw new InvalidCipherTextException("Length of input must be greater than the MAC"); } inLen -= mac.GetMacSize(); if (cipher == null) // stream mode { byte[] Buffer = GenerateKdfBytes(kParam, inLen + (macKeySize / 8)); M = new byte[inLen]; for (int i = 0; i != inLen; i++) { M[i] = (byte)(in_enc[inOff + i] ^ Buffer[i]); } macKey = new KeyParameter(Buffer, inLen, (macKeySize / 8)); } else { int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize; byte[] Buffer = GenerateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8)); cipher.Init(false, new KeyParameter(Buffer, 0, (cipherKeySize / 8))); M = cipher.DoFinal(in_enc, inOff, inLen); macKey = new KeyParameter(Buffer, (cipherKeySize / 8), (macKeySize / 8)); } byte[] macIV = param.GetEncodingV(); mac.Init(macKey); mac.BlockUpdate(in_enc, inOff, inLen); mac.BlockUpdate(macIV, 0, macIV.Length); mac.DoFinal(macBuf, 0); inOff += inLen; byte[] T1 = Arrays.CopyOfRange(in_enc, inOff, inOff + macBuf.Length); if (!Arrays.ConstantTimeAreEqual(T1, macBuf)) { throw (new InvalidCipherTextException("Invalid MAC.")); } return(M); }
protected virtual byte[] DecryptBlock( byte[] inEnc, int inOff, int inLen) { byte[] m; byte[] k1, k2; int len = 0; // Ensure that the length of the input is greater than the MAC in bytes if (inLen < (V.Length + Mac.GetMacSize())) { throw new InvalidCipherTextException("Length of input must be greater than the MAC and V combined"); } // note order is important: set up keys, do simple encryptions, check mac, do final encryption. if (Cipher == null) { // Streaming mode. k1 = new byte[inLen - V.Length - Mac.GetMacSize()]; k2 = new byte[_param.MacKeySize / 8]; var k = new byte[k1.Length + k2.Length]; Kdf.GenerateBytes(k, 0, k.Length); if (V.Length != 0) { Array.Copy(k, 0, k2, 0, k2.Length); Array.Copy(k, k2.Length, k1, 0, k1.Length); } else { Array.Copy(k, 0, k1, 0, k1.Length); Array.Copy(k, k1.Length, k2, 0, k2.Length); } // process the message m = new byte[k1.Length]; for (int i = 0; i != k1.Length; i++) { m[i] = (byte)(inEnc[inOff + V.Length + i] ^ k1[i]); } } else { // Block cipher mode. SetupBlockCipherAndMacKeyBytes(out k1, out k2); ICipherParameters cp = new KeyParameter(k1); // If IV provide use it to initialize the cipher if (Iv != null) { cp = new ParametersWithIV(cp, Iv); } Cipher.Init(false, cp); m = new byte[Cipher.GetOutputSize(inLen - V.Length - Mac.GetMacSize())]; // do initial processing len = Cipher.ProcessBytes(inEnc, inOff + V.Length, inLen - V.Length - Mac.GetMacSize(), m, 0); } // Convert the length of the encoding vector into a byte array. byte[] p2 = _param.GetEncodingV(); byte[] l2 = null; if (V.Length != 0) { l2 = GetLengthTag(p2); } // Verify the MAC. int end = inOff + inLen; byte[] t1 = Arrays.CopyOfRange(inEnc, end - Mac.GetMacSize(), end); byte[] t2 = new byte[t1.Length]; Mac.Init(new KeyParameter(k2)); Mac.BlockUpdate(inEnc, inOff + V.Length, inLen - V.Length - t2.Length); SimilarMacCompute(p2, l2, t2); if (!Arrays.ConstantTimeAreEqual(t1, t2)) { throw new InvalidCipherTextException("invalid MAC"); } if (Cipher == null) { return(m); } else { len += Cipher.DoFinal(m, len); return(Arrays.CopyOfRange(m, 0, len)); } }
private byte[] EncryptBlock( byte[] input, int inOff, int inLen, byte[] macData) { byte[] c, k, k1, k2; int len; if (Cipher == null) { // Streaming mode. k1 = new byte[inLen]; k2 = new byte[_iesParameters.MacKeySize / 8]; k = new byte[k1.Length + k2.Length]; _kdf.GenerateBytes(k, 0, k.Length); // if (V.Length != 0) // { // Array.Copy(K, 0, K2, 0, K2.Length); // Array.Copy(K, K2.Length, K1, 0, K1.Length); // } // else { Array.Copy(k, 0, k1, 0, k1.Length); Array.Copy(k, inLen, k2, 0, k2.Length); } c = new byte[inLen]; for (int i = 0; i != inLen; i++) { c[i] = (byte)(input[inOff + i] ^ k1[i]); } len = inLen; } else { // Block cipher mode. k1 = new byte[((IesWithCipherParameters)_iesParameters).CipherKeySize / 8]; k2 = new byte[_iesParameters.MacKeySize / 8]; k = new byte[k1.Length + k2.Length]; _kdf.GenerateBytes(k, 0, k.Length); Array.Copy(k, 0, k1, 0, k1.Length); Array.Copy(k, k1.Length, k2, 0, k2.Length); // If iv provided use it to initialise the cipher if (_iv != null) { Cipher.Init(true, new ParametersWithIV(new KeyParameter(k1), _iv)); } else { Cipher.Init(true, new KeyParameter(k1)); } c = new byte[Cipher.GetOutputSize(inLen)]; len = Cipher.ProcessBytes(input, inOff, inLen, c, 0); len += Cipher.DoFinal(c, len); } // Convert the length of the encoding vector into a byte array. byte[] p2 = _iesParameters.GetEncodingV(); // Apply the MAC. byte[] T = new byte[Mac.GetMacSize()]; byte[] k2A; if (HashK2) { k2A = new byte[_hash.GetDigestSize()]; _hash.Reset(); _hash.BlockUpdate(k2, 0, k2.Length); _hash.DoFinal(k2A, 0); } else { k2A = k2; } Mac.Init(new KeyParameter(k2A)); Mac.BlockUpdate(_iv, 0, _iv.Length); Mac.BlockUpdate(c, 0, c.Length); if (p2 != null) { Mac.BlockUpdate(p2, 0, p2.Length); } if (V.Length != 0 && p2 != null) { // byte[] L2 = new byte[4]; // Pack.intToBigEndian(P2.Length * 8, L2, 0); byte[] L2 = (p2.Length * 8).ToBigEndianByteArray(); Debug.Assert(L2.Length == 4, "expected to be 4 bytes long"); Mac.BlockUpdate(L2, 0, L2.Length); } if (macData != null) { Mac.BlockUpdate(macData, 0, macData.Length); } Mac.DoFinal(T, 0); // Output the triple (V,C,T). byte[] Output = new byte[V.Length + len + T.Length]; Array.Copy(V, 0, Output, 0, V.Length); Array.Copy(c, 0, Output, V.Length, len); Array.Copy(T, 0, Output, V.Length + len, T.Length); return(Output); }