static byte[] MFcrypt(byte[] P, byte[] S,
int cost, int blockSize, int parallel, int?maxThreads)
{
int MFLen = blockSize * 128;
if (maxThreads == null)
{
maxThreads = int.MaxValue;
}
if (!BitMath.IsPositivePowerOf2(cost))
{
throw Exceptions.ArgumentOutOfRange("cost", "Cost must be a positive power of 2.");
}
Check.Range("blockSize", blockSize, 1, int.MaxValue / 128);
Check.Range("parallel", parallel, 1, int.MaxValue / MFLen);
Check.Range("maxThreads", (int)maxThreads, 1, int.MaxValue);
byte[] B = Pbkdf2.ComputeDerivedKey(new HMACSHA256(P), S, 1, parallel * MFLen);
uint[] B0 = new uint[B.Length / 4];
for (int i = 0; i < B0.Length; i++)
{
B0[i] = BitPacking.UInt32FromLEBytes(B, i * 4);
} // code is easier with uint[]
ThreadSMixCalls(B0, MFLen, cost, blockSize, parallel, (int)maxThreads);
for (int i = 0; i < B0.Length; i++)
{
BitPacking.LEBytesFromUInt32(B0[i], B, i * 4);
}
Security.Clear(B0);
return(B);
}
internal static Pbkdf2 GetStream(byte[] key, byte[] salt, int cost, int blockSize, int parallel, int?maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
Pbkdf2 kdf = new Pbkdf2(new HMACSHA256(key), B, 1);
Security.Clear(B);
return(kdf);
}
public static byte[] ComputeDerivedKey(KeyedHashAlgorithm hmacAlgorithm, byte[] salt, int iterations,
int derivedKeyLength)
{
NBitcoin.Crypto.Internal.Check.Range("derivedKeyLength", derivedKeyLength, 0, int.MaxValue);
using (Pbkdf2 kdf = new Pbkdf2(hmacAlgorithm, salt, iterations))
{
return(kdf.Read(derivedKeyLength));
}
}
/// <summary>
/// Computes a derived key.
/// </summary>
/// <param name="hmacAlgorithm">
/// </param>
/// <param name="salt">
/// The salt.
/// A unique salt means a unique derived key, even if the original key is identical.
/// </param>
/// <param name="iterations">The number of iterations to apply.</param>
/// <param name="derivedKeyLength">The desired length of the derived key.</param>
/// <returns>The derived key.</returns>
#if NETCORE
public static byte[] ComputeDerivedKey(IMac hmacAlgorithm, byte[] salt, int iterations,
int derivedKeyLength)
{
Internal.Check.Range("derivedKeyLength", derivedKeyLength, 0, int.MaxValue);
using (var kdf = new Pbkdf2(hmacAlgorithm, salt, iterations))
{
return(kdf.Read(derivedKeyLength));
}
}
public static byte[] ComputeDerivedKey(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int?maxThreads,
int derivedKeyLength)
{
Check.Range("derivedKeyLength", derivedKeyLength, 0, int.MaxValue);
using (Pbkdf2 kdf = GetStream(key, salt, cost, blockSize, parallel, maxThreads))
{
return(kdf.Read(derivedKeyLength));
}
}
internal static Pbkdf2 GetStream(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int?maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
var mac = new NBitcoin.BouncyCastle.Crypto.Macs.HMac(new NBitcoin.BouncyCastle.Crypto.Digests.Sha256Digest());
mac.Init(new KeyParameter(key));
Pbkdf2 kdf = new Pbkdf2(mac, B, 1);
Security.Clear(B);
return(kdf);
}
public static Pbkdf2 GetStream(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int?maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
var mac = MacUtilities.GetMac("HMAC-SHA_256");
mac.Init(new KeyParameter(key));
Pbkdf2 kdf = new Pbkdf2(mac, B, 1);
Security.Clear(B);
return(kdf);
}
static byte[] MFcrypt(byte[] P, byte[] S,
int cost, int blockSize, int parallel, int?maxThreads)
{
int MFLen = blockSize * 128;
if (maxThreads == null)
{
maxThreads = int.MaxValue;
}
if (!BitMath.IsPositivePowerOf2(cost))
{
throw Exceptions.ArgumentOutOfRange("cost", "Cost must be a positive power of 2.");
}
Check.Range("blockSize", blockSize, 1, int.MaxValue / 128);
Check.Range("parallel", parallel, 1, int.MaxValue / MFLen);
Check.Range("maxThreads", (int)maxThreads, 1, int.MaxValue);
#if NO_NATIVE_HMACSHA512
var mac = new NBitcoin.BouncyCastle.Crypto.Macs.HMac(new NBitcoin.BouncyCastle.Crypto.Digests.Sha256Digest());
mac.Init(new KeyParameter(P));
byte[] B = Pbkdf2.ComputeDerivedKey(mac, S, 1, parallel * MFLen);
#elif NO_NATIVE_RFC2898_HMACSHA512
byte[] B = Pbkdf2.ComputeDerivedKey(new HMACSHA256(P), S, 1, parallel * MFLen);
#else
byte[] B = null;
if (S.Length >= 8)
{
// While we should be able to use Rfc2898DeriveBytes if salt is less than 8 bytes, it sadly does not accept salt less than 8 bytes needed for BIP38
using System.Security.Cryptography.Rfc2898DeriveBytes derive = new System.Security.Cryptography.Rfc2898DeriveBytes(P, S, 1, System.Security.Cryptography.HashAlgorithmName.SHA256);
B = derive.GetBytes(parallel * MFLen);
}
else
{
B = Pbkdf2.ComputeDerivedKey(new HMACSHA256(P), S, 1, parallel * MFLen);
}
#endif
uint[] B0 = new uint[B.Length / 4];
for (int i = 0; i < B0.Length; i++)
{
B0[i] = BitPacking.UInt32FromLEBytes(B, i * 4);
} // code is easier with uint[]
ThreadSMixCalls(B0, MFLen, cost, blockSize, parallel, (int)maxThreads);
for (int i = 0; i < B0.Length; i++)
{
BitPacking.LEBytesFromUInt32(B0[i], B, i * 4);
}
Security.Clear(B0);
return(B);
}
/// <summary>
/// Computes a derived key.
/// </summary>
/// <param name="key">The key to derive from.</param>
/// <param name="salt">
/// The salt.
/// A unique salt means a unique SCrypt stream, even if the original key is identical.
/// </param>
/// <param name="cost">
/// The cost parameter, typically a fairly large number such as 262144.
/// Memory usage and CPU time scale approximately linearly with this parameter.
/// </param>
/// <param name="blockSize">
/// The mixing block size, typically 8.
/// Memory usage and CPU time scale approximately linearly with this parameter.
/// </param>
/// <param name="parallel">
/// The level of parallelism, typically 1.
/// CPU time scales approximately linearly with this parameter.
/// </param>
/// <param name="maxThreads">
/// The maximum number of threads to spawn to derive the key.
/// This is limited by the <paramref name="parallel"/> value.
/// <c>null</c> will use as many threads as possible.
/// </param>
/// <param name="derivedKeyLength">The desired length of the derived key.</param>
/// <returns>The derived key.</returns>
public static byte[] ComputeDerivedKey(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int?maxThreads,
int derivedKeyLength)
{
Check.Range("derivedKeyLength", derivedKeyLength, 0, int.MaxValue);
#if NO_NATIVE_RFC2898_HMACSHA512 || NO_NATIVE_HMACSHA512
using (Pbkdf2 kdf = GetStream(key, salt, cost, blockSize, parallel, maxThreads))
{
return(kdf.Read(derivedKeyLength));
}
#else
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
using System.Security.Cryptography.Rfc2898DeriveBytes derive = new System.Security.Cryptography.Rfc2898DeriveBytes(key, B, 1, System.Security.Cryptography.HashAlgorithmName.SHA256);
Security.Clear(B);
return(derive.GetBytes(derivedKeyLength));
#endif
}
static byte[] MFcrypt(byte[] P, byte[] S,
int cost, int blockSize, int parallel, int?maxThreads)
{
int MFLen = blockSize * 128;
if (maxThreads == null)
{
maxThreads = int.MaxValue;
}
if (!BitMath.IsPositivePowerOf2(cost))
{
throw Exceptions.ArgumentOutOfRange("cost", "Cost must be a positive power of 2.");
}
Check.Range("blockSize", blockSize, 1, int.MaxValue / 128);
Check.Range("parallel", parallel, 1, int.MaxValue / MFLen);
Check.Range("maxThreads", (int)maxThreads, 1, int.MaxValue);
#if !(USEBC || NETSTANDARD1X)
byte[] B = Pbkdf2.ComputeDerivedKey(new HMACSHA256(P), S, 1, parallel * MFLen);
#else
var mac = new NBitcoin.BouncyCastle.Crypto.Macs.HMac(new NBitcoin.BouncyCastle.Crypto.Digests.Sha256Digest());
mac.Init(new KeyParameter(P));
byte[] B = Pbkdf2.ComputeDerivedKey(mac, S, 1, parallel * MFLen);
#endif
uint[] B0 = new uint[B.Length / 4];
for (int i = 0; i < B0.Length; i++)
{
B0[i] = BitPacking.UInt32FromLEBytes(B, i * 4);
} // code is easier with uint[]
ThreadSMixCalls(B0, MFLen, cost, blockSize, parallel, (int)maxThreads);
for (int i = 0; i < B0.Length; i++)
{
BitPacking.LEBytesFromUInt32(B0[i], B, i * 4);
}
Security.Clear(B0);
return(B);
}
public static Pbkdf2 GetStream(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int? maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
var mac = MacUtilities.GetMac("HMAC-SHA_256");
mac.Init(new KeyParameter(key));
Pbkdf2 kdf = new Pbkdf2(mac, B, 1);
Security.Clear(B);
return kdf;
}
/// <summary>
/// Creates a derived key stream from which a derived key can be read.
/// </summary>
/// <param name="key">The key to derive from.</param>
/// <param name="salt">
/// The salt.
/// A unique salt means a unique scrypt stream, even if the original key is identical.
/// </param>
/// <param name="cost">
/// The cost parameter, typically a fairly large number such as 262144.
/// Memory usage and CPU time scale approximately linearly with this parameter.
/// </param>
/// <param name="blockSize">
/// The mixing block size, typically 8.
/// Memory usage and CPU time scale approximately linearly with this parameter.
/// </param>
/// <param name="parallel">
/// The level of parallelism, typically 1.
/// CPU time scales approximately linearly with this parameter.
/// </param>
/// <param name="maxThreads">
/// The maximum number of threads to spawn to derive the key.
/// This is limited by the <paramref name="parallel"/> value.
/// <c>null</c> will use as many threads as possible.
/// </param>
/// <returns>The derived key stream.</returns>
#if !USEBC
public static Pbkdf2 GetStream(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int? maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
Pbkdf2 kdf = new Pbkdf2(new HMACSHA256(key), B, 1);
Security.Clear(B);
return kdf;
}
/// <summary>
/// Computes a derived key.
/// </summary>
/// <param name="hmacAlgorithm">
/// The HMAC algorithm to use, for example <see cref="HMACSHA256"/>.
/// Make sure to set <see cref="KeyedHashAlgorithm.Key"/>.
/// </param>
/// <param name="salt">
/// The salt.
/// A unique salt means a unique derived key, even if the original key is identical.
/// </param>
/// <param name="iterations">The number of iterations to apply.</param>
/// <param name="derivedKeyLength">The desired length of the derived key.</param>
/// <returns>The derived key.</returns>
public static byte[] ComputeDerivedKey(KeyedHashAlgorithm hmacAlgorithm, byte[] salt, int iterations,
int derivedKeyLength)
{
Check.Range("derivedKeyLength", derivedKeyLength, 0, int.MaxValue);
using (Pbkdf2 kdf = new Pbkdf2(hmacAlgorithm, salt, iterations))
{
return kdf.Read(derivedKeyLength);
}
}
public static Pbkdf2 GetStream(byte[] key, byte[] salt,
int cost, int blockSize, int parallel, int? maxThreads)
{
byte[] B = GetEffectivePbkdf2Salt(key, salt, cost, blockSize, parallel, maxThreads);
var mac = new NBitcoin.BouncyCastle.Crypto.Macs.HMac(new NBitcoin.BouncyCastle.Crypto.Digests.Sha256Digest());
mac.Init(new KeyParameter(key));
Pbkdf2 kdf = new Pbkdf2(mac, B, 1);
Security.Clear(B);
return kdf;
}
