public void ExponentiateX(long pow, byte[] output) { // Initial value is little-endian 1 ulong[] y = GcmUtilities.OneAsUlongs(); if (pow > 0) { ulong[] powX = Arrays.Clone(x); do { if ((pow & 1L) != 0) { GcmUtilities.Multiply(y, powX); } GcmUtilities.Square(powX, powX); pow >>= 1; }while (pow > 0); } GcmUtilities.AsBytes(y, output); }
public int DoFinal(byte[] output, int outOff) { if (totalLength == 0) { InitCipher(); } int num = bufOff; if (forEncryption) { Check.OutputLength(output, outOff, num + macSize, "Output buffer too short"); } else { if (num < macSize) { throw new InvalidCipherTextException("data too short"); } num -= macSize; Check.OutputLength(output, outOff, num, "Output buffer too short"); } if (num > 0) { gCTRPartial(bufBlock, 0, num, output, outOff); } atLength += (uint)atBlockPos; if (atLength > atLengthPre) { if (atBlockPos > 0) { gHASHPartial(S_at, atBlock, 0, atBlockPos); } if (atLengthPre != 0) { GcmUtilities.Xor(S_at, S_atPre); } long pow = (long)(totalLength * 8 + 127 >> 7); byte[] array = new byte[16]; if (exp == null) { exp = new Tables1kGcmExponentiator(); exp.Init(H); } exp.ExponentiateX(pow, array); GcmUtilities.Multiply(S_at, array); GcmUtilities.Xor(S, S_at); } byte[] array2 = new byte[16]; Pack.UInt64_To_BE(atLength * 8, array2, 0); Pack.UInt64_To_BE(totalLength * 8, array2, 8); gHASHBlock(S, array2); byte[] array3 = new byte[16]; cipher.ProcessBlock(J0, 0, array3, 0); GcmUtilities.Xor(array3, S); int num2 = num; macBlock = new byte[macSize]; global::System.Array.Copy((global::System.Array)array3, 0, (global::System.Array)macBlock, 0, macSize); if (forEncryption) { global::System.Array.Copy((global::System.Array)macBlock, 0, (global::System.Array)output, outOff + bufOff, macSize); num2 += macSize; } else { byte[] array4 = new byte[macSize]; global::System.Array.Copy((global::System.Array)bufBlock, num, (global::System.Array)array4, 0, macSize); if (!Arrays.ConstantTimeAreEqual(macBlock, array4)) { throw new InvalidCipherTextException("mac check in GCM failed"); } } Reset(clearMac: false); return(num2); }
// Token: 0x060000E8 RID: 232 RVA: 0x0000827C File Offset: 0x0000647C public int DoFinal(byte[] output, int outOff) { this.CheckStatus(); if (this.totalLength == 0UL) { this.InitCipher(); } int num = this.bufOff; if (this.forEncryption) { Check.OutputLength(output, outOff, num + this.macSize, "Output buffer too short"); } else { if (num < this.macSize) { throw new CryptoException("data too short"); } num -= this.macSize; Check.OutputLength(output, outOff, num, "Output buffer too short"); } if (num > 0) { this.ProcessPartial(this.bufBlock, 0, num, output, outOff); } this.atLength += (ulong)this.atBlockPos; if (this.atLength > this.atLengthPre) { if (this.atBlockPos > 0) { this.gHASHPartial(this.S_at, this.atBlock, 0, this.atBlockPos); } if (this.atLengthPre > 0UL) { GcmUtilities.Xor(this.S_at, this.S_atPre); } long pow = (long)(this.totalLength * 8UL + 127UL >> 7); byte[] array = new byte[16]; if (this.exp == null) { this.exp = new Tables1kGcmExponentiator(); this.exp.Init(this.H); } this.exp.ExponentiateX(pow, array); GcmUtilities.Multiply(this.S_at, array); GcmUtilities.Xor(this.S, this.S_at); } byte[] array2 = new byte[16]; Pack.UInt64_To_BE(this.atLength * 8UL, array2, 0); Pack.UInt64_To_BE(this.totalLength * 8UL, array2, 8); this.gHASHBlock(this.S, array2); byte[] array3 = new byte[16]; this.cipher.ProcessBlock(this.J0, 0, array3, 0); GcmUtilities.Xor(array3, this.S); int num2 = num; this.macBlock = new byte[this.macSize]; Array.Copy(array3, 0, this.macBlock, 0, this.macSize); if (this.forEncryption) { Array.Copy(this.macBlock, 0, output, outOff + this.bufOff, this.macSize); num2 += this.macSize; } else { byte[] array4 = new byte[this.macSize]; Array.Copy(this.bufBlock, num, array4, 0, this.macSize); if (!Arrays.ConstantTimeAreEqual(this.macBlock, array4)) { throw new CryptoException("mac check in GCM failed"); } } this.Reset(false); return(num2); }
public void MultiplyH(byte[] x) { uint[] x2 = GcmUtilities.AsUints(x); GcmUtilities.Multiply(x2, H); GcmUtilities.AsBytes(x2, x); }
public int DoFinal(byte[] output, int outOff) { if (totalLength == 0) { InitCipher(); } int extra = bufOff; if (forEncryption) { Check.OutputLength(output, outOff, extra + macSize, "Output buffer too short"); } else { if (extra < macSize) { throw new InvalidCipherTextException("data too short"); } extra -= macSize; Check.OutputLength(output, outOff, extra, "Output buffer too short"); } if (extra > 0) { gCTRPartial(bufBlock, 0, extra, output, outOff); } atLength += (uint)atBlockPos; if (atLength > atLengthPre) { /* * Some AAD was sent after the cipher started. We determine the difference b/w the hash value * we actually used when the cipher started (S_atPre) and the final hash value calculated (S_at). * Then we carry this difference forward by multiplying by H^c, where c is the number of (full or * partial) cipher-text blocks produced, and adjust the current hash. */ // Finish hash for partial AAD block if (atBlockPos > 0) { gHASHPartial(S_at, atBlock, 0, atBlockPos); } // Find the difference between the AAD hashes if (atLengthPre > 0) { GcmUtilities.Xor(S_at, S_atPre); } // Number of cipher-text blocks produced long c = (long)(((totalLength * 8) + 127) >> 7); // Calculate the adjustment factor byte[] H_c = new byte[16]; if (exp == null) { exp = new Tables1kGcmExponentiator(); exp.Init(H); } exp.ExponentiateX(c, H_c); // Carry the difference forward GcmUtilities.Multiply(S_at, H_c); // Adjust the current hash GcmUtilities.Xor(S, S_at); } // Final gHASH byte[] X = new byte[BlockSize]; Pack.UInt64_To_BE(atLength * 8UL, X, 0); Pack.UInt64_To_BE(totalLength * 8UL, X, 8); gHASHBlock(S, X); // T = MSBt(GCTRk(J0,S)) byte[] tag = new byte[BlockSize]; cipher.ProcessBlock(J0, 0, tag, 0); GcmUtilities.Xor(tag, S); int resultLen = extra; // We place into macBlock our calculated value for T this.macBlock = new byte[macSize]; Array.Copy(tag, 0, macBlock, 0, macSize); if (forEncryption) { // Append T to the message Array.Copy(macBlock, 0, output, outOff + bufOff, macSize); resultLen += macSize; } else { // Retrieve the T value from the message and compare to calculated one byte[] msgMac = new byte[macSize]; Array.Copy(bufBlock, extra, msgMac, 0, macSize); if (!Arrays.ConstantTimeAreEqual(this.macBlock, msgMac)) { throw new InvalidCipherTextException("mac check in GCM failed"); } } Reset(false); return(resultLen); }
public void MultiplyH(byte[] x) { GcmUtilities.Multiply(x, H); }
public int DoFinal(byte[] output, int outOff) { if (this.totalLength == 0L) { this.InitCipher(); } int bufOff = this.bufOff; if (this.forEncryption) { Check.OutputLength(output, outOff, bufOff + this.macSize, "Output buffer too short"); } else { if (bufOff < this.macSize) { throw new InvalidCipherTextException("data too short"); } bufOff -= this.macSize; Check.OutputLength(output, outOff, bufOff, "Output buffer too short"); } if (bufOff > 0) { this.gCTRPartial(this.bufBlock, 0, bufOff, output, outOff); } this.atLength += (ulong)this.atBlockPos; if (this.atLength > this.atLengthPre) { if (this.atBlockPos > 0) { this.gHASHPartial(this.S_at, this.atBlock, 0, this.atBlockPos); } if (this.atLengthPre > 0L) { GcmUtilities.Xor(this.S_at, this.S_atPre); } long pow = (long)(((this.totalLength * 8L) + 0x7fL) >> 7); byte[] buffer = new byte[0x10]; if (this.exp == null) { this.exp = new Tables1kGcmExponentiator(); this.exp.Init(this.H); } this.exp.ExponentiateX(pow, buffer); GcmUtilities.Multiply(this.S_at, buffer); GcmUtilities.Xor(this.S, this.S_at); } byte[] bs = new byte[0x10]; Pack.UInt64_To_BE((ulong)(this.atLength * ((ulong)8L)), bs, 0); Pack.UInt64_To_BE((ulong)(this.totalLength * ((ulong)8L)), bs, 8); this.gHASHBlock(this.S, bs); byte[] outBuf = new byte[0x10]; this.cipher.ProcessBlock(this.J0, 0, outBuf, 0); GcmUtilities.Xor(outBuf, this.S); int num3 = bufOff; this.macBlock = new byte[this.macSize]; Array.Copy(outBuf, 0, this.macBlock, 0, this.macSize); if (this.forEncryption) { Array.Copy(this.macBlock, 0, output, outOff + this.bufOff, this.macSize); num3 += this.macSize; } else { byte[] destinationArray = new byte[this.macSize]; Array.Copy(this.bufBlock, bufOff, destinationArray, 0, this.macSize); if (!Arrays.ConstantTimeAreEqual(this.macBlock, destinationArray)) { throw new InvalidCipherTextException("mac check in GCM failed"); } } this.Reset(false); return(num3); }