private static byte[] EncryptKeyData(
byte[] rawKeyData,
SymmetricKeyAlgorithmTag encAlgorithm,
char[] passPhrase,
ISecureRandom random,
out S2k s2K,
out byte[] iv)
{
IBufferedCipher c;
try
{
var cName = PgpUtilities.GetSymmetricCipherName(encAlgorithm);
c = CipherUtilities.GetCipher(cName + "/CFB/NoPadding");
}
catch (Exception e)
{
throw new PgpException("Exception creating cipher", e);
}
var s2KIv = new byte[8];
random.NextBytes(s2KIv);
s2K = new S2k(HashAlgorithmTag.Sha1, s2KIv, 0x60);
var kp = PgpUtilities.MakeKeyFromPassPhrase(encAlgorithm, s2K, passPhrase);
iv = new byte[c.GetBlockSize()];
random.NextBytes(iv);
c.Init(true, new ParametersWithRandom(new ParametersWithIV(kp, iv), random));
return(c.DoFinal(rawKeyData));
}
/**
* Method init
*
* @param forWrapping
* @param param
*/
public void Init(
bool forWrapping,
ICipherParameters parameters)
{
this.forWrapping = forWrapping;
this.engine = new CbcBlockCipher(new RC2Engine());
if (parameters is ParametersWithRandom)
{
ParametersWithRandom pWithR = (ParametersWithRandom)parameters;
sr = pWithR.Random;
parameters = pWithR.Parameters;
}
else
{
sr = new SecureRandom();
}
if (parameters is ParametersWithIV)
{
if (!forWrapping)
{
throw new ArgumentException("You should not supply an IV for unwrapping");
}
this.paramPlusIV = (ParametersWithIV)parameters;
this.iv = this.paramPlusIV.GetIV();
this.parameters = this.paramPlusIV.Parameters;
if (this.iv.Length != 8)
{
throw new ArgumentException("IV is not 8 octets");
}
}
else
{
this.parameters = parameters;
if (this.forWrapping)
{
// Hm, we have no IV but we want to wrap ?!?
// well, then we have to create our own IV.
this.iv = new byte[8];
sr.NextBytes(iv);
this.paramPlusIV = new ParametersWithIV(this.parameters, this.iv);
}
}
}
public byte[] Wrap(
byte[] inBytes,
int inOff,
int inLen)
{
if (!forWrapping)
{
throw new InvalidOperationException("not set for wrapping");
}
engine.Init(true, param);
int blockSize = engine.GetBlockSize();
byte[] cekBlock;
if (inLen + 4 < blockSize * 2)
{
cekBlock = new byte[blockSize * 2];
}
else
{
cekBlock = new byte[(inLen + 4) % blockSize == 0 ? inLen + 4 : ((inLen + 4) / blockSize + 1) * blockSize];
}
cekBlock[0] = (byte)inLen;
cekBlock[1] = (byte)~inBytes[inOff];
cekBlock[2] = (byte)~inBytes[inOff + 1];
cekBlock[3] = (byte)~inBytes[inOff + 2];
Array.Copy(inBytes, inOff, cekBlock, 4, inLen);
rand.NextBytes(cekBlock, inLen + 4, cekBlock.Length - inLen - 4);
for (int i = 0; i < cekBlock.Length; i += blockSize)
{
engine.ProcessBlock(cekBlock, i, cekBlock, i);
}
for (int i = 0; i < cekBlock.Length; i += blockSize)
{
engine.ProcessBlock(cekBlock, i, cekBlock, i);
}
return(cekBlock);
}
private byte[] EncodeBlock(byte[] input, int inOff, int inLen)
{
if (inLen > GetInputBlockSize())
{
throw new ArgumentException(@"input data too large", "inLen");
}
var block = new byte[_engine.GetInputBlockSize()];
if (_forPrivateKey)
{
block[0] = 0x01; // type code 1
for (var i = 1; i != block.Length - inLen - 1; i++)
{
block[i] = (byte)0xFF;
}
}
else
{
_random.NextBytes(block); // random fill
block[0] = 0x02; // type code 2
//
// a zero byte marks the end of the padding, so all
// the pad bytes must be non-zero.
//
for (var i = 1; i != block.Length - inLen - 1; i++)
{
while (block[i] == 0)
{
block[i] = (byte)_random.NextInt();
}
}
}
block[block.Length - inLen - 1] = 0x00; // mark the end of the padding
Array.Copy(input, inOff, block, block.Length - inLen, inLen);
return(_engine.ProcessBlock(block, 0, block.Length));
}
/// <summary> Generate a signature for the message we've been loaded with using
/// the key we were initialised with.
/// </summary>
public virtual byte[] GenerateSignature()
{
_contentDigest1.DoFinal(_mDash, _mDash.Length - _hLen - _sLen);
if (_sLen != 0)
{
_random.NextBytes(_salt);
_salt.CopyTo(_mDash, _mDash.Length - _sLen);
}
var h = new byte[_hLen];
_contentDigest2.BlockUpdate(_mDash, 0, _mDash.Length);
_contentDigest2.DoFinal(h, 0);
_block[_block.Length - _sLen - 1 - _hLen - 1] = (byte)(0x01);
_salt.CopyTo(_block, _block.Length - _sLen - _hLen - 1);
byte[] dbMask = MaskGeneratorFunction1(h, 0, h.Length, _block.Length - _hLen - 1);
for (int i = 0; i != dbMask.Length; i++)
{
_block[i] ^= dbMask[i];
}
_block[0] &= (byte)((0xff >> ((_block.Length * 8) - _emBits)));
h.CopyTo(_block, _block.Length - _hLen - 1);
_block[_block.Length - 1] = _trailer;
byte[] b = _cipher.ProcessBlock(_block, 0, _block.Length);
ClearBlock(_block);
return(b);
}
private static byte[] EncryptKeyData(
byte[] rawKeyData,
SymmetricKeyAlgorithmTag encAlgorithm,
char[] passPhrase,
ISecureRandom random,
out S2k s2K,
out byte[] iv)
{
IBufferedCipher c;
try
{
var cName = PgpUtilities.GetSymmetricCipherName(encAlgorithm);
c = CipherUtilities.GetCipher(cName + "/CFB/NoPadding");
}
catch (Exception e)
{
throw new PgpException("Exception creating cipher", e);
}
var s2KIv = new byte[8];
random.NextBytes(s2KIv);
s2K = new S2k(HashAlgorithmTag.Sha1, s2KIv, 0x60);
var kp = PgpUtilities.MakeKeyFromPassPhrase(encAlgorithm, s2K, passPhrase);
iv = new byte[c.GetBlockSize()];
random.NextBytes(iv);
c.Init(true, new ParametersWithRandom(new ParametersWithIV(kp, iv), random));
return c.DoFinal(rawKeyData);
}
/// <summary> Generate a signature for the loaded message using the key we were
/// initialised with.
/// </summary>
public byte[] GenerateSignature()
{
int digSize = digest.GetDigestSize();
byte[] m2Hash = new byte[digSize];
digest.DoFinal(m2Hash, 0);
byte[] C = new byte[8];
LtoOSP(messageLength * 8, C);
digest.BlockUpdate(C, 0, C.Length);
digest.BlockUpdate(mBuf, 0, messageLength);
digest.BlockUpdate(m2Hash, 0, m2Hash.Length);
byte[] salt;
if (standardSalt != null)
{
salt = standardSalt;
}
else
{
salt = new byte[saltLength];
random.NextBytes(salt);
}
digest.BlockUpdate(salt, 0, salt.Length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
int tLength = 2;
if (trailer == TrailerImplicit)
{
tLength = 1;
}
int off = block.Length - messageLength - salt.Length - hLen - tLength - 1;
block[off] = (byte)(0x01);
Array.Copy(mBuf, 0, block, off + 1, messageLength);
Array.Copy(salt, 0, block, off + 1 + messageLength, salt.Length);
byte[] dbMask = MaskGeneratorFunction1(hash, 0, hash.Length, block.Length - hLen - tLength);
for (int i = 0; i != dbMask.Length; i++)
{
block[i] ^= dbMask[i];
}
Array.Copy(hash, 0, block, block.Length - hLen - tLength, hLen);
if (trailer == TrailerImplicit)
{
block[block.Length - 1] = (byte)TrailerImplicit;
}
else
{
block[block.Length - 2] = (byte)((uint)trailer >> 8);
block[block.Length - 1] = (byte)trailer;
}
block[0] &= (byte)(0x7f);
byte[] b = cipher.ProcessBlock(block, 0, block.Length);
ClearBlock(mBuf);
ClearBlock(block);
messageLength = 0;
return(b);
}
