/** * Construct a KDF Parameters generator. * * @param counterStart value of counter. * @param digest the digest to be used as the source of derived keys. */ protected BaseKdfBytesGenerator( int counterStart, IDigest digest) { this.counterStart = counterStart; this.digest = digest; }
/// <summary> /// Initialize this class /// </summary> /// /// <param name="Parameters">The cipher parameters</param> /// <param name="Info">The predefined nonce value</param> public KobaraImaiCipher(MPKCParameters Parameters, byte[] Info = null) { if (Info != null) KobaraImaiCipher.MPKCINFO = Info; _cipherParams = Parameters; _dgtEngine = GetDigest(Parameters.Digest); }
/// <summary> /// Generate a signer for the with either implicit or explicit trailers /// for ISO9796-2. /// </summary> /// <param name="cipher">base cipher to use for signature creation/verification</param> /// <param name="digest">digest to use.</param> /// <param name="isImplicit">whether or not the trailer is implicit or gives the hash.</param> public Iso9796d2Signer( IAsymmetricBlockCipher cipher, IDigest digest, bool isImplicit) { this.cipher = cipher; this.digest = digest; if (isImplicit) { trailer = TrailerImplicit; } else { if (digest is Sha1Digest) { trailer = TrailerSha1; } else if (digest is RipeMD160Digest) { trailer = TrailerRipeMD160; } else if (digest is RipeMD128Digest) { trailer = TrailerRipeMD128; } else { throw new System.ArgumentException("no valid trailer for digest"); } } }
/// <summary>Basic constructor</summary> /// <param name="cipher">the asymmetric cipher to use.</param> /// <param name="digest">the digest to use.</param> /// <param name="salt">the fixed salt to be used.</param> public PssSigner( IAsymmetricBlockCipher cipher, IDigest digest, byte[] salt) : this(cipher, digest, digest, digest, salt.Length, salt, TrailerImplicit) { }
/** * Processes the client's credentials. If valid the shared secret is generated and returned. * @param clientA The client's credentials * @return A shared secret BigInteger * @throws CryptoException If client's credentials are invalid */ public virtual BigInteger CalculateSecret(IDigest digest, BigInteger clientA) { this.A = Srp6Utilities.ValidatePublicValue(param.N, clientA); this.u = Srp6Utilities.CalculateU(digest, param.N, A, pubB); this.S = v.ModPow(u, param.N).Multiply(A).Mod(param.N).ModPow(privB, param.N); return S; }
/// <summary> /// Generate a signer for the with either implicit or explicit trailers /// for ISO9796-2. /// </summary> /// <param name="cipher">base cipher to use for signature creation/verification</param> /// <param name="digest">digest to use.</param> /// <param name="isImplicit">whether or not the trailer is implicit or gives the hash.</param> public Iso9796d2Signer( IAsymmetricBlockCipher cipher, IDigest digest, bool isImplicit) { this.cipher = cipher; this.digest = digest; if (isImplicit) { trailer = TrailerImplicit; } else { string digestName = digest.AlgorithmName; if (trailerMap.Contains(digestName)) { trailer = (int)trailerMap[digest.AlgorithmName]; } else { throw new System.ArgumentException("no valid trailer for digest"); } } }
/// <summary> /// Encode the stream with the given digest. /// </summary> /// <param name="data">The byte array to be encoded.</param> /// <param name="digest">The digest to be used.</param> /// <returns>Hashed value of the byte array as a hex string.</returns> private static string Encode(byte[] data, IDigest digest) { digest.BlockUpdate(data, 0, data.Length); byte[] output = new byte[digest.GetDigestSize()]; digest.DoFinal (output, 0); return Hex.Encode(output); }
public Gost3410DigestSigner( IDsa signer, IDigest digest) { this.dsaSigner = signer; this.digest = digest; }
/** * Initialises the client to begin new authentication attempt * @param N The safe prime associated with the client's verifier * @param g The group parameter associated with the client's verifier * @param digest The digest algorithm associated with the client's verifier * @param random For key generation */ public virtual void Init(BigInteger N, BigInteger g, IDigest digest, SecureRandom random) { this.N = N; this.g = g; this.digest = digest; this.random = random; }
public OaepEncoding( IAsymmetricBlockCipher cipher, IDigest hash, byte[] encodingParams) : this(cipher, hash, hash, encodingParams) { }
public GenericSigner( IAsymmetricBlockCipher engine, IDigest digest) { this.engine = engine; this.digest = digest; }
private DeferredHash(byte prfHashAlgorithm, IDigest prfHash) { this.mBuf = null; this.mHashes = Platform.CreateHashtable(); this.mPrfHashAlgorithm = prfHashAlgorithm; mHashes[prfHashAlgorithm] = prfHash; }
/** * Base constructor. * * @param baseDigest underlying digest to use. * @exception IllegalArgumentException if baseDigest is null */ public NonMemoableDigest(IDigest baseDigest) { if (baseDigest == null) throw new ArgumentNullException("baseDigest"); this.mBaseDigest = baseDigest; }
/// <summary>Basic constructor</summary> /// <param name="cipher">the asymmetric cipher to use.</param> /// <param name="digest">the digest to use.</param> /// <param name="saltLen">the length of the salt to use (in bytes).</param> public PssSigner( IAsymmetricBlockCipher cipher, IDigest digest, int saltLen) : this(cipher, digest, saltLen, TrailerImplicit) { }
public TlsStreamCipher(TlsClientContext context, IStreamCipher encryptCipher, IStreamCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize) { this.context = context; this.encryptCipher = encryptCipher; this.decryptCipher = decryptCipher; int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize() + readDigest.GetDigestSize(); SecurityParameters securityParameters = context.SecurityParameters; byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion", TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom), prfSize); int offset = 0; // Init MACs writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset); readMac = CreateTlsMac(readDigest, keyBlock, ref offset); // Build keys KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); if (offset != prfSize) throw new TlsFatalAlert(AlertDescription.internal_error); // Init Ciphers encryptCipher.Init(true, encryptKey); decryptCipher.Init(false, decryptKey); }
protected virtual TlsMac CreateTlsMac(IDigest digest, byte[] buf, ref int off) { int len = digest.GetDigestSize(); TlsMac mac = new TlsMac(digest, buf, off, len); off += len; return mac; }
public RsaDigestSigner( IDigest digest) { this.digest = digest; algId = new AlgorithmIdentifier( (DerObjectIdentifier)oidMap[digest.AlgorithmName] , DerNull.Instance); }
public DsaDigestSigner( IDsa signer, IDigest digest) { this.digest = digest; this.dsaSigner = signer; }
/** * Construct a SP800-90A Hash DRBG. * <p> * Minimum entropy requirement is the security strength requested. * </p> * @param digest source digest to use for DRB stream. * @param securityStrength security strength required (in bits) * @param entropySource source of entropy to use for seeding/reseeding. * @param personalizationString personalization string to distinguish this DRBG (may be null). * @param nonce nonce to further distinguish this DRBG (may be null). */ public HashSP800Drbg(IDigest digest, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce) { if (securityStrength > DrbgUtilities.GetMaxSecurityStrength(digest)) throw new ArgumentException("Requested security strength is not supported by the derivation function"); if (entropySource.EntropySize < securityStrength) throw new ArgumentException("Not enough entropy for security strength required"); mDigest = digest; mEntropySource = entropySource; mSecurityStrength = securityStrength; mSeedLength = (int)seedlens[digest.AlgorithmName]; // 1. seed_material = entropy_input || nonce || personalization_string. // 2. seed = Hash_df (seed_material, seedlen). // 3. V = seed. // 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte // of zeros. // 5. reseed_counter = 1. // 6. Return V, C, and reseed_counter as the initial_working_state byte[] entropy = GetEntropy(); byte[] seedMaterial = Arrays.ConcatenateAll(entropy, nonce, personalizationString); byte[] seed = DrbgUtilities.HashDF(mDigest, seedMaterial, mSeedLength); mV = seed; byte[] subV = new byte[mV.Length + 1]; Array.Copy(mV, 0, subV, 1, mV.Length); mC = DrbgUtilities.HashDF(mDigest, subV, mSeedLength); mReseedCounter = 1; }
/// <summary> /// Creates a PBKDF2 Bytes Generator based on the given HMAC function using the default SHA512 engine /// </summary> public KDF2Drbg() { _disposeEngine = true; _digest = new SHA512(); _hashLength = _digest.DigestSize; _keySize = _digest.BlockSize; }
private void doExpectedTest(IDigest digest, int seed, byte[] expected, byte[] noCycle) { DigestRandomGenerator rGen = new DigestRandomGenerator(digest); byte[] output = new byte[digest.GetDigestSize()]; rGen.AddSeedMaterial(seed); for (int i = 0; i != 1024; i++) { rGen.NextBytes(output); } if (noCycle != null) { if (Arrays.AreEqual(noCycle, output)) { Fail("seed not being cycled!"); } } if (!Arrays.AreEqual(expected, output)) { Fail("expected output doesn't match"); } }
public static byte[] Compute(IDigest hash, byte[] data) { var result = new byte[hash.GetDigestSize()]; hash.BlockUpdate(data, 0, data.Length); hash.DoFinal(result, 0); return result; }
public static BigInteger GeneratePrivateValue(IDigest digest, BigInteger N, BigInteger g, SecureRandom random) { int num = Math.Min(0x100, N.BitLength / 2); BigInteger min = BigInteger.One.ShiftLeft(num - 1); BigInteger max = N.Subtract(BigInteger.One); return BigIntegers.CreateRandomInRange(min, max, random); }
/// <summary> /// Generate a signer for the with either implicit or explicit trailers /// for ISO9796-2, scheme 2 or 3. /// </summary> /// <param name="cipher">base cipher to use for signature creation/verification</param> /// <param name="digest">digest to use.</param> /// <param name="saltLength">length of salt in bytes.</param> /// <param name="isImplicit">whether or not the trailer is implicit or gives the hash.</param> public Iso9796d2PssSigner( IAsymmetricBlockCipher cipher, IDigest digest, int saltLength, bool isImplicit) { this.cipher = cipher; this.digest = digest; this.hLen = digest.GetDigestSize(); this.saltLength = saltLength; if (isImplicit) { trailer = TrailerImplicit; } else { if (digest is Sha1Digest) { trailer = TrailerSha1; } else if (digest is RipeMD160Digest) { trailer = TrailerRipeMD160; } else if (digest is RipeMD128Digest) { trailer = TrailerRipeMD128; } else { throw new ArgumentException("no valid trailer for digest"); } } }
public DigestRandomGenerator( IDigest digest) { this.digest = digest; this.state = new byte[digest.GetDigestSize()]; this.counter = 1; }
private static TlsMac CreateTlsMac(IDigest digest, byte[] buf, ref int off) { int len = digest.GetDigestSize(); TlsMac mac = new TlsMac(digest, buf, off, len); off += len; return mac; }
public PssSigner( IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, int saltLen) : this(cipher, contentDigest, mgfDigest, saltLen, TrailerImplicit) { }
public HMac(IDigest digest) { this.digest = digest; this.digestSize = digest.GetDigestSize(); this.blockLength = digest.GetByteLength(); this.inputPad = new byte[blockLength]; this.outputBuf = new byte[blockLength + digestSize]; }
/** * Construct a Pkcs 12 Parameters generator. * * @param digest the digest to be used as the source of derived keys. * @exception ArgumentException if an unknown digest is passed in. */ public Pkcs12ParametersGenerator( IDigest digest) { this.digest = digest; u = digest.GetDigestSize(); v = digest.GetByteLength(); }
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary> public PgpSignatureGenerator(PublicKeyAlgorithmTag keyAlgorithm, HashAlgorithmTag hashAlgorithm) { _keyAlgorithm = keyAlgorithm; _hashAlgorithm = hashAlgorithm; _dig = DigestUtilities.GetDigest(PgpUtilities.GetDigestName(hashAlgorithm)); _sig = SignerUtilities.GetSigner(PgpUtilities.GetSignatureName(keyAlgorithm, hashAlgorithm)); }
/// <summary> /// Initialize this class /// </summary> /// /// <param name="Paramaters">The cipher parameters</param> public FujisakiCipher(MPKCParameters Paramaters) { _cipherParams = Paramaters; _dgtEngine = GetDigest(Paramaters.Digest); }
public Pkcs5S2ParametersGenerator(IDigest digest) { this.hMac = new HMac(digest); this.state = new byte[hMac.GetMacSize()]; }
public static void SignPrehash(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, IDigest ph, byte[] sig, int sigOff) { byte[] m = new byte[PrehashSize]; if (PrehashSize != ph.DoFinal(m, 0)) { throw new ArgumentException("ph"); } byte phflag = 0x01; ImplSign(sk, skOff, pk, pkOff, ctx, phflag, m, 0, m.Length, sig, sigOff); }
/** * Constructor for a signer with an explicit digest trailer. * * @param cipher cipher to use. * @param digest digest to sign with. */ public X931Signer(IAsymmetricBlockCipher cipher, IDigest digest) : this(cipher, digest, false) { }
public DeterministicECDSA() : base(new HMacDsaKCalculator(new Sha256Digest())) { _digest = new Sha256Digest(); }
/** * Construct a KDF2 bytes generator. Generates key material * according to IEEE P1363 or ISO 18033 depending on the initialisation. * * @param digest the digest to be used as the source of derived keys. */ public Kdf2BytesGenerator( IDigest digest) : base(1, digest) { }
public static void Update(this IDigest dgst, byte[] input) { dgst.Update(input, 0, input.Length); }
/// <summary> /// Creates a HKDFBytesGenerator based on the given hash function. /// </summary> /// <param name="hash">the digest to be used as the source of generatedBytes bytes</param> public HkdfBytesGenerator(IDigest hash) { this._hMacHash = new HMac(hash); this._hashLen = hash.GetDigestSize(); }
public OaepEncoding( IAsymmetricBlockCipher cipher, IDigest hash) : this(cipher, hash, null) { }
/// <summary> Constructor for a signer with an explicit digest trailer. /// /// </summary> /// <param name="cipher">cipher to use. /// </param> /// <param name="digest">digest to sign with. /// </param> public Iso9796d2Signer(IAsymmetricBlockCipher cipher, IDigest digest) : this(cipher, digest, false) { }
/** * Construct a Pkcs 5 Scheme 1 Parameters generator. * * @param digest the digest to be used as the source of derived keys. */ public Pkcs5S1ParametersGenerator( IDigest digest) { this.digest = digest; }
private void AddFieldElement(IDigest digest, ECFieldElement v) { byte[] p = v.GetEncoded(); digest.BlockUpdate(p, 0, p.Length); }
public SM2Signer(IDigest digest) : this(StandardDsaEncoding.Instance, digest) { }
public static byte[] Digest(this IDigest dgst) { byte[] output = new byte[dgst.GetDigestSize()]; dgst.DoFinal(output, 0); return(output); }
public static void Update(this IDigest dgst, byte[] input, int offset, int len) { dgst.BlockUpdate(input, offset, len); }
private static void Hash(IDigest d, byte[] input, byte[] output, int outPos) { d.BlockUpdate(input, 0, input.Length); d.DoFinal(output, outPos); }
private bool DoVerify( AsymmetricKeyParameter key) { string digestName = Helper.GetDigestAlgName(this.DigestAlgOid); IDigest digest = Helper.GetDigestInstance(digestName); DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.ObjectID; Asn1Encodable sigParams = this.encryptionAlgorithm.Parameters; ISigner sig; if (sigAlgOid.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdRsassaPss)) { // RFC 4056 2.2 // When the id-RSASSA-PSS algorithm identifier is used for a signature, // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params. if (sigParams == null) { throw new CmsException("RSASSA-PSS signature must specify algorithm parameters"); } try { // TODO Provide abstract configuration mechanism // (via alternate SignerUtilities.GetSigner method taking ASN.1 params) Asn1.Pkcs.RsassaPssParameters pss = Asn1.Pkcs.RsassaPssParameters.GetInstance( sigParams.ToAsn1Object()); if (!pss.HashAlgorithm.ObjectID.Equals(this.digestAlgorithm.ObjectID)) { throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm"); } if (!pss.MaskGenAlgorithm.ObjectID.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1)) { throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF"); } IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.ObjectID); int saltLength = pss.SaltLength.Value.IntValue; byte trailerField = (byte)pss.TrailerField.Value.IntValue; // RFC 4055 3.1 // The value MUST be 1, which represents the trailer field with hexadecimal value 0xBC if (trailerField != 1) { throw new CmsException("RSASSA-PSS signature parameters must have trailerField of 1"); } sig = new PssSigner(new RsaBlindedEngine(), pssDigest, saltLength); } catch (Exception e) { throw new CmsException("failed to set RSASSA-PSS signature parameters", e); } } else { // TODO Probably too strong a check at the moment // if (sigParams != null) // throw new CmsException("unrecognised signature parameters provided"); string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(this.EncryptionAlgOid); sig = Helper.GetSignatureInstance(signatureName); } try { if (digestCalculator != null) { resultDigest = digestCalculator.GetDigest(); } else { if (content != null) { content.Write(new CmsSignedGenerator.DigOutputStream(digest)); } else if (signedAttributeSet == null) { // TODO Get rid of this exception and just treat content==null as empty not missing? throw new CmsException("data not encapsulated in signature - use detached constructor."); } resultDigest = DigestUtilities.DoFinal(digest); } } catch (IOException e) { throw new CmsException("can't process mime object to create signature.", e); } // TODO Shouldn't be using attribute OID as contentType (should be null) bool isCounterSignature = contentType.Equals(CmsAttributes.CounterSignature); // RFC 3852 11.1 Check the content-type attribute is correct { Asn1Object validContentType = GetSingleValuedSignedAttribute( CmsAttributes.ContentType, "content-type"); if (validContentType == null) { if (!isCounterSignature && signedAttributeSet != null) { throw new CmsException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data"); } } else { if (isCounterSignature) { throw new CmsException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute"); } if (!(validContentType is DerObjectIdentifier)) { throw new CmsException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'"); } DerObjectIdentifier signedContentType = (DerObjectIdentifier)validContentType; if (!signedContentType.Equals(contentType)) { throw new CmsException("content-type attribute value does not match eContentType"); } } } // RFC 3852 11.2 Check the message-digest attribute is correct { Asn1Object validMessageDigest = GetSingleValuedSignedAttribute( CmsAttributes.MessageDigest, "message-digest"); if (validMessageDigest == null) { if (signedAttributeSet != null) { throw new CmsException("the message-digest signed attribute type MUST be present when there are any signed attributes present"); } } else { if (!(validMessageDigest is Asn1OctetString)) { throw new CmsException("message-digest attribute value not of ASN.1 type 'OCTET STRING'"); } Asn1OctetString signedMessageDigest = (Asn1OctetString)validMessageDigest; if (!Arrays.AreEqual(resultDigest, signedMessageDigest.GetOctets())) { throw new CmsException("message-digest attribute value does not match calculated value"); } } } // RFC 3852 11.4 Validate countersignature attribute(s) { Asn1.Cms.AttributeTable signedAttrTable = this.SignedAttributes; if (signedAttrTable != null && signedAttrTable.GetAll(CmsAttributes.CounterSignature).Count > 0) { throw new CmsException("A countersignature attribute MUST NOT be a signed attribute"); } Asn1.Cms.AttributeTable unsignedAttrTable = this.UnsignedAttributes; if (unsignedAttrTable != null) { foreach (Asn1.Cms.Attribute csAttr in unsignedAttrTable.GetAll(CmsAttributes.CounterSignature)) { if (csAttr.AttrValues.Count < 1) { throw new CmsException("A countersignature attribute MUST contain at least one AttributeValue"); } // Note: We don't recursively validate the countersignature value } } } try { sig.Init(false, key); if (signedAttributeSet == null) { if (digestCalculator != null) { // need to decrypt signature and check message bytes return(VerifyDigest(resultDigest, key, this.GetSignature())); } else if (content != null) { // TODO Use raw signature of the hash value instead content.Write(new CmsSignedGenerator.SigOutputStream(sig)); } } else { byte[] tmp = this.GetEncodedSignedAttributes(); sig.BlockUpdate(tmp, 0, tmp.Length); } return(sig.VerifySignature(this.GetSignature())); } catch (InvalidKeyException e) { throw new CmsException("key not appropriate to signature in message.", e); } catch (IOException e) { throw new CmsException("can't process mime object to create signature.", e); } catch (SignatureException e) { throw new CmsException("invalid signature format in message: " + e.Message, e); } }
private static STOutput ImplSTRandomPrime(IDigest d, int length, byte[] primeSeed) { int dLen = d.GetDigestSize(); if (length < 33) { int primeGenCounter = 0; byte[] c0 = new byte[dLen]; byte[] c1 = new byte[dLen]; for (;;) { Hash(d, primeSeed, c0, 0); Inc(primeSeed, 1); Hash(d, primeSeed, c1, 0); Inc(primeSeed, 1); uint c = Extract32(c0) ^ Extract32(c1); c &= (uint.MaxValue >> (32 - length)); c |= (1U << (length - 1)) | 1U; ++primeGenCounter; if (IsPrime32(c)) { return(new STOutput(BigInteger.ValueOf((long)c), primeSeed, primeGenCounter)); } if (primeGenCounter > (4 * length)) { throw new InvalidOperationException("Too many iterations in Shawe-Taylor Random_Prime Routine"); } } } STOutput rec = ImplSTRandomPrime(d, (length + 3) / 2, primeSeed); { BigInteger c0 = rec.Prime; primeSeed = rec.PrimeSeed; int primeGenCounter = rec.PrimeGenCounter; int outlen = 8 * dLen; int iterations = (length - 1) / outlen; int oldCounter = primeGenCounter; BigInteger x = HashGen(d, primeSeed, iterations + 1); x = x.Mod(One.ShiftLeft(length - 1)).SetBit(length - 1); BigInteger c0x2 = c0.ShiftLeft(1); BigInteger tx2 = x.Subtract(One).Divide(c0x2).Add(One).ShiftLeft(1); int dt = 0; BigInteger c = tx2.Multiply(c0).Add(One); /* * TODO Since the candidate primes are generated by constant steps ('c0x2'), * sieving could be used here in place of the 'HasAnySmallFactors' approach. */ for (;;) { if (c.BitLength > length) { tx2 = One.ShiftLeft(length - 1).Subtract(One).Divide(c0x2).Add(One).ShiftLeft(1); c = tx2.Multiply(c0).Add(One); } ++primeGenCounter; /* * This is an optimization of the original algorithm, using trial division to screen out * many non-primes quickly. * * NOTE: 'primeSeed' is still incremented as if we performed the full check! */ if (!ImplHasAnySmallFactors(c)) { BigInteger a = HashGen(d, primeSeed, iterations + 1); a = a.Mod(c.Subtract(Three)).Add(Two); tx2 = tx2.Add(BigInteger.ValueOf(dt)); dt = 0; BigInteger z = a.ModPow(tx2, c); if (c.Gcd(z.Subtract(One)).Equals(One) && z.ModPow(c0, c).Equals(One)) { return(new STOutput(c, primeSeed, primeGenCounter)); } } else { Inc(primeSeed, iterations + 1); } if (primeGenCounter >= ((4 * length) + oldCounter)) { throw new InvalidOperationException("Too many iterations in Shawe-Taylor Random_Prime Routine"); } dt += 2; c = c.Add(c0x2); } } }
public DeterministicECDSA(Func <IDigest> digest) : base(new HMacDsaKCalculator(digest())) { _digest = digest(); }
public void MineBlock(Block block) { INonceGenerator nonceGenerator = HashFactory.GetNonceGenerator(); IByteConverter converter = HashFactory.GetByteConverter(); if (Difficulty >= HashFactory.GetDigest().HashLength) { throw new ArgumentException("Difficulty can not be greater or equal to hash length."); } if (Difficulty <= 0) { throw new ArgumentException("Difficulty can not be greater or equal to zero."); } byte[] target = new byte[Difficulty]; block.HashAlgorithmId = HashAlgorithmId; block.Difficulty = Difficulty; nonceGenerator.Reset(); #region Parallel mining. CancellationTokenSource tokenSource = new CancellationTokenSource(); object locker = new object(); byte[] solutionNonce = null; byte[] solutionHash = null; string immutableData = converter.ConvertToString(block.PreviousHash) + block.CreationTime.ToString() + converter.ConvertToString(block.MerkleRoot) + converter.ConvertToString(block.MinerAddress) + block.HashAlgorithmId + block.Difficulty; try { Parallel.ForEach(nonceGenerator, new ParallelOptions() { CancellationToken = tokenSource.Token }, (byte[] nonce) => { IDigest digest = HashFactory.GetDigest(); converter = HashFactory.GetByteConverter(); string dataWithNonce = converter.ConvertToString(nonce) + immutableData; byte[] rawData = Encoding.ASCII.GetBytes(dataWithNonce); byte[] hash = digest.GetHash(rawData); if (hash.Take(Difficulty).SequenceEqual(target)) { lock (locker) { solutionNonce = nonce; solutionHash = hash; } tokenSource.Cancel(); } }); } catch (OperationCanceledException) { } block.Nonce = solutionNonce ?? throw new MiningFailureException("Couldn't resolve block", block); block.Hash = solutionHash; #endregion }
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize) { this.context = context; randomData = new byte[256]; context.NonceRandomGenerator.NextBytes(randomData); useExplicitIV = TlsUtilities.IsTlsV11(context); encryptThenMac = context.SecurityParameters.encryptThenMac; int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize(); if (!useExplicitIV) { num += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize(); } byte[] array = TlsUtilities.CalculateKeyBlock(context, num); int num2 = 0; TlsMac tlsMac = new TlsMac(context, clientWriteDigest, array, num2, clientWriteDigest.GetDigestSize()); num2 += clientWriteDigest.GetDigestSize(); TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, array, num2, serverWriteDigest.GetDigestSize()); num2 += serverWriteDigest.GetDigestSize(); KeyParameter parameters = new KeyParameter(array, num2, cipherKeySize); num2 += cipherKeySize; KeyParameter parameters2 = new KeyParameter(array, num2, cipherKeySize); num2 += cipherKeySize; byte[] iv; byte[] iv2; if (useExplicitIV) { iv = new byte[clientWriteCipher.GetBlockSize()]; iv2 = new byte[serverWriteCipher.GetBlockSize()]; } else { iv = Arrays.CopyOfRange(array, num2, num2 + clientWriteCipher.GetBlockSize()); num2 += clientWriteCipher.GetBlockSize(); iv2 = Arrays.CopyOfRange(array, num2, num2 + serverWriteCipher.GetBlockSize()); num2 += serverWriteCipher.GetBlockSize(); } if (num2 != num) { throw new TlsFatalAlert(80); } ICipherParameters parameters3; ICipherParameters parameters4; if (context.IsServer) { mWriteMac = tlsMac2; mReadMac = tlsMac; encryptCipher = serverWriteCipher; decryptCipher = clientWriteCipher; parameters3 = new ParametersWithIV(parameters2, iv2); parameters4 = new ParametersWithIV(parameters, iv); } else { mWriteMac = tlsMac; mReadMac = tlsMac2; encryptCipher = clientWriteCipher; decryptCipher = serverWriteCipher; parameters3 = new ParametersWithIV(parameters, iv); parameters4 = new ParametersWithIV(parameters2, iv2); } encryptCipher.Init(forEncryption: true, parameters3); decryptCipher.Init(forEncryption: false, parameters4); }
/// <summary> /// IMPORTANT: USE THIS METHOD CAREFULLY. /// This method serves as replacement for the java method MessageDigest#digest(byte[] buf, int offset, int len). /// However for now, we simply omit len parameter, because it doesn't affect anything for all current usages /// (there are two of them at the moment of the method addition which are in StandardHandlerUsingAes256 class). /// This may be not true for future possible usages, so be aware. /// </summary> public static void Digest(this IDigest dgst, byte[] buff, int offest, int len) { dgst.DoFinal(buff, offest); }
public static bool VerifyPrehash(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, IDigest ph) { byte[] m = new byte[PrehashSize]; if (PrehashSize != ph.DoFinal(m, 0)) { throw new ArgumentException("ph"); } byte phflag = 0x01; return(ImplVerify(sig, sigOff, pk, pkOff, ctx, phflag, m, 0, m.Length)); }
public byte[] GetDigest() { IDigest digest = CmsSignedHelper.Instance.GetDigestInstance(alg); return(DigestUtilities.DoFinal(digest, data)); }
protected override IDigest CloneDigest(IDigest digest) { return(new Sha1Digest((Sha1Digest)digest)); }
internal void UpdateDigest(IDigest d) { WriteTo(new DigStream(d)); }
public static byte[] Digest(this IDigest dgst, byte[] input) { dgst.Update(input); return(dgst.Digest()); }
internal DigStream(IDigest d) { this.d = d; }
/** * generate suitable parameters for DSA, in line with * <i>FIPS 186-3 A.1 Generation of the FFC Primes p and q</i>. */ protected virtual DsaParameters GenerateParameters_FIPS186_3() { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function IDigest d = digest; int outlen = d.GetDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If // the pair is not in the list, then return INVALID. // Note: checked at initialisation // 2. If (seedlen < N), then return INVALID. // FIXME This should be configurable (must be >= N) int seedlen = N; byte[] seed = new byte[seedlen / 8]; // 3. n = ceiling(L ⁄ outlen) – 1. int n = (L - 1) / outlen; // 4. b = L – 1 – (n ∗ outlen). int b = (L - 1) % outlen; byte[] output = new byte[d.GetDigestSize()]; for (;;) { // 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed. random.NextBytes(seed); // 6. U = Hash (domain_parameter_seed) mod 2^(N–1). Hash(d, seed, output); BigInteger U = new BigInteger(1, output).Mod(BigInteger.One.ShiftLeft(N - 1)); // 7. q = 2^(N–1) + U + 1 – ( U mod 2). BigInteger q = U.SetBit(0).SetBit(N - 1); // 8. Test whether or not q is prime as specified in Appendix C.3. // TODO Review C.3 for primality checking if (!q.IsProbablePrime(certainty)) { // 9. If q is not a prime, then go to step 5. continue; } // 10. offset = 1. // Note: 'offset' value managed incrementally byte[] offset = Arrays.Clone(seed); // 11. For counter = 0 to (4L – 1) do int counterLimit = 4 * L; for (int counter = 0; counter < counterLimit; ++counter) { // 11.1 For j = 0 to n do // Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen). // 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)). // TODO Assemble w as a byte array BigInteger W = BigInteger.Zero; for (int j = 0, exp = 0; j <= n; ++j, exp += outlen) { Inc(offset); Hash(d, offset, output); BigInteger Vj = new BigInteger(1, output); if (j == n) { Vj = Vj.Mod(BigInteger.One.ShiftLeft(b)); } W = W.Add(Vj.ShiftLeft(exp)); } // 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L. BigInteger X = W.Add(BigInteger.One.ShiftLeft(L - 1)); // 11.4 c = X mod 2q. BigInteger c = X.Mod(q.ShiftLeft(1)); // 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q). BigInteger p = X.Subtract(c.Subtract(BigInteger.One)); // 11.6 If (p < 2^(L - 1)), then go to step 11.9 if (p.BitLength != L) { continue; } // 11.7 Test whether or not p is prime as specified in Appendix C.3. // TODO Review C.3 for primality checking if (p.IsProbablePrime(certainty)) { // 11.8 If p is determined to be prime, then return VALID and the values of p, q and // (optionally) the values of domain_parameter_seed and counter. // TODO Make configurable (8-bit unsigned)? if (usageIndex >= 0) { BigInteger g = CalculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex); if (g != null) { return(new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter, usageIndex))); } } { BigInteger g = CalculateGenerator_FIPS186_3_Unverifiable(p, q, random); return(new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter))); } } // 11.9 offset = offset + n + 1. Comment: Increment offset; then, as part of // the loop in step 11, increment counter; if // counter < 4L, repeat steps 11.1 through 11.8. // Note: 'offset' value already incremented in inner loop } // 12. Go to step 5. } }
public SM2Signer(IDsaEncoding encoding, IDigest digest) { this.encoding = encoding; this.digest = digest; }