Inheritance: IBasicAgreement
Exemple #1
0
 public static byte[] GetObsoleteSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded)
 {
     var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded);
     var agreement = new ECDHBasicAgreement();
     agreement.Init(localKeyWithPrivate.Private);
     return agreement.CalculateAgreement(remotePublicKey).ToByteArray();
 }
Exemple #2
0
 public static byte[] GetSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded)
 {
     var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded);
     var agreement = new ECDHBasicAgreement();
     agreement.Init(localKeyWithPrivate.Private);
     using (var sha = SHA256.Create()) {
         // CalculateAgreement returns a BigInteger, whose length is variable, and bits are not whitened.
         // So hash it.
         return sha.ComputeHash(agreement.CalculateAgreement(remotePublicKey).ToByteArray());
     }
 }
        public static IBufferedCipher GetCipher(
            string algorithm)
        {
            if (algorithm == null)
                throw new ArgumentNullException("algorithm");

            algorithm = Platform.ToUpperInvariant(algorithm);

            {
                string aliased = (string) algorithms[algorithm];

                if (aliased != null)
                    algorithm = aliased;
            }

            IBasicAgreement iesAgreement = null;
            if (algorithm == "IES")
            {
                iesAgreement = new DHBasicAgreement();
            }
            else if (algorithm == "ECIES")
            {
                iesAgreement = new ECDHBasicAgreement();
            }

            if (iesAgreement != null)
            {
                return new BufferedIesCipher(
                    new IesEngine(
                    iesAgreement,
                    new Kdf2BytesGenerator(
                    new Sha1Digest()),
                    new HMac(
                    new Sha1Digest())));
            }



            if (algorithm.StartsWith("PBE"))
            {
                if (algorithm.EndsWith("-CBC"))
                {
                    if (algorithm == "PBEWITHSHA1ANDDES-CBC")
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEngine()));
                    }
                    else if (algorithm == "PBEWITHSHA1ANDRC2-CBC")
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                    }
                    else if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEdeEngine()));
                    }
                    else if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                    }
                }
                else if (algorithm.EndsWith("-BC") || algorithm.EndsWith("-OPENSSL"))
                {
                    if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND128BITAES-CBC-BC",
                        "PBEWITHSHAAND192BITAES-CBC-BC",
                        "PBEWITHSHAAND256BITAES-CBC-BC",
                        "PBEWITHSHA256AND128BITAES-CBC-BC",
                        "PBEWITHSHA256AND192BITAES-CBC-BC",
                        "PBEWITHSHA256AND256BITAES-CBC-BC",
                        "PBEWITHMD5AND128BITAES-CBC-OPENSSL",
                        "PBEWITHMD5AND192BITAES-CBC-OPENSSL",
                        "PBEWITHMD5AND256BITAES-CBC-OPENSSL"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new AesFastEngine()));
                    }
                }
            }



            string[] parts = algorithm.Split('/');

            IBlockCipher blockCipher = null;
            IAsymmetricBlockCipher asymBlockCipher = null;
            IStreamCipher streamCipher = null;

            string algorithmName = parts[0];

            {
                string aliased = (string)algorithms[algorithmName];

                if (aliased != null)
                    algorithmName = aliased;
            }

            CipherAlgorithm cipherAlgorithm;
            try
            {
                cipherAlgorithm = (CipherAlgorithm)Enums.GetEnumValue(typeof(CipherAlgorithm), algorithmName);
            }
            catch (ArgumentException)
            {
                throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            switch (cipherAlgorithm)
            {
                case CipherAlgorithm.AES:
                    blockCipher = new AesFastEngine();
                    break;
                case CipherAlgorithm.ARC4:
                    streamCipher = new RC4Engine();
                    break;
                case CipherAlgorithm.BLOWFISH:
                    blockCipher = new BlowfishEngine();
                    break;
                case CipherAlgorithm.CAMELLIA:
                    blockCipher = new CamelliaEngine();
                    break;
                case CipherAlgorithm.CAST5:
                    blockCipher = new Cast5Engine();
                    break;
                case CipherAlgorithm.CAST6:
                    blockCipher = new Cast6Engine();
                    break;
                case CipherAlgorithm.DES:
                    blockCipher = new DesEngine();
                    break;
                case CipherAlgorithm.DESEDE:
                    blockCipher = new DesEdeEngine();
                    break;
                case CipherAlgorithm.ELGAMAL:
                    asymBlockCipher = new ElGamalEngine();
                    break;
                case CipherAlgorithm.GOST28147:
                    blockCipher = new Gost28147Engine();
                    break;
                case CipherAlgorithm.HC128:
                    streamCipher = new HC128Engine();
                    break;
                case CipherAlgorithm.HC256:
                    streamCipher = new HC256Engine();
                    break;
                case CipherAlgorithm.IDEA:
                    blockCipher = new IdeaEngine();
                    break;
                case CipherAlgorithm.NOEKEON:
                    blockCipher = new NoekeonEngine();
                    break;
                case CipherAlgorithm.PBEWITHSHAAND128BITRC4:
                case CipherAlgorithm.PBEWITHSHAAND40BITRC4:
                    streamCipher = new RC4Engine();
                    break;
                case CipherAlgorithm.RC2:
                    blockCipher = new RC2Engine();
                    break;
                case CipherAlgorithm.RC5:
                    blockCipher = new RC532Engine();
                    break;
                case CipherAlgorithm.RC5_64:
                    blockCipher = new RC564Engine();
                    break;
                case CipherAlgorithm.RC6:
                    blockCipher = new RC6Engine();
                    break;
                case CipherAlgorithm.RIJNDAEL:
                    blockCipher = new RijndaelEngine();
                    break;
                case CipherAlgorithm.RSA:
                    asymBlockCipher = new RsaBlindedEngine();
                    break;
                case CipherAlgorithm.SALSA20:
                    streamCipher = new Salsa20Engine();
                    break;
                case CipherAlgorithm.SEED:
                    blockCipher = new SeedEngine();
                    break;
                case CipherAlgorithm.SERPENT:
                    blockCipher = new SerpentEngine();
                    break;
                case CipherAlgorithm.SKIPJACK:
                    blockCipher = new SkipjackEngine();
                    break;
                case CipherAlgorithm.TEA:
                    blockCipher = new TeaEngine();
                    break;
                case CipherAlgorithm.TWOFISH:
                    blockCipher = new TwofishEngine();
                    break;
                case CipherAlgorithm.VMPC:
                    streamCipher = new VmpcEngine();
                    break;
                case CipherAlgorithm.VMPC_KSA3:
                    streamCipher = new VmpcKsa3Engine();
                    break;
                case CipherAlgorithm.XTEA:
                    blockCipher = new XteaEngine();
                    break;
                default:
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            if (streamCipher != null)
            {
                if (parts.Length > 1)
                    throw new ArgumentException("Modes and paddings not used for stream ciphers");

                return new BufferedStreamCipher(streamCipher);
            }


            bool cts = false;
            bool padded = true;
            IBlockCipherPadding padding = null;
            IAeadBlockCipher aeadBlockCipher = null;

            if (parts.Length > 2)
            {
                if (streamCipher != null)
                    throw new ArgumentException("Paddings not used for stream ciphers");

                string paddingName = parts[2];

                CipherPadding cipherPadding;
                if (paddingName == "")
                {
                    cipherPadding = CipherPadding.RAW;
                }
                else if (paddingName == "X9.23PADDING")
                {
                    cipherPadding = CipherPadding.X923PADDING;
                }
                else
                {
                    try
                    {
                        cipherPadding = (CipherPadding)Enums.GetEnumValue(typeof(CipherPadding), paddingName);
                    }
                    catch (ArgumentException)
                    {
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                    }
                }

                switch (cipherPadding)
                {
                    case CipherPadding.NOPADDING:
                        padded = false;
                        break;
                    case CipherPadding.RAW:
                        break;
                    case CipherPadding.ISO10126PADDING:
                    case CipherPadding.ISO10126D2PADDING:
                    case CipherPadding.ISO10126_2PADDING:
                        padding = new ISO10126d2Padding();
                        break;
                    case CipherPadding.ISO7816_4PADDING:
                    case CipherPadding.ISO9797_1PADDING:
                        padding = new ISO7816d4Padding();
                        break;
                    case CipherPadding.ISO9796_1:
                    case CipherPadding.ISO9796_1PADDING:
                        asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
                        break;
                    case CipherPadding.OAEP:
                    case CipherPadding.OAEPPADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher);
                        break;
                    case CipherPadding.OAEPWITHMD5ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA1ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_1ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA224ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_224ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA256ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_256ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA384ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_384ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA512ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_512ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
                        break;
                    case CipherPadding.PKCS1:
                    case CipherPadding.PKCS1PADDING:
                        asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
                        break;
                    case CipherPadding.PKCS5:
                    case CipherPadding.PKCS5PADDING:
                    case CipherPadding.PKCS7:
                    case CipherPadding.PKCS7PADDING:
                        padding = new Pkcs7Padding();
                        break;
                    case CipherPadding.TBCPADDING:
                        padding = new TbcPadding();
                        break;
                    case CipherPadding.WITHCTS:
                        cts = true;
                        break;
                    case CipherPadding.X923PADDING:
                        padding = new X923Padding();
                        break;
                    case CipherPadding.ZEROBYTEPADDING:
                        padding = new ZeroBytePadding();
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            string mode = "";
            if (parts.Length > 1)
            {
                mode = parts[1];

                int di = GetDigitIndex(mode);
                string modeName = di >= 0 ? mode.Substring(0, di) : mode;

                try
                {
                    CipherMode cipherMode = modeName == ""
                        ? CipherMode.NONE
                        : (CipherMode)Enums.GetEnumValue(typeof(CipherMode), modeName);

                    switch (cipherMode)
                    {
                        case CipherMode.ECB:
                        case CipherMode.NONE:
                            break;
                        case CipherMode.CBC:
                            blockCipher = new CbcBlockCipher(blockCipher);
                            break;
                        case CipherMode.CCM:
                            aeadBlockCipher = new CcmBlockCipher(blockCipher);
                            break;
                        case CipherMode.CFB:
                        {
                            int bits = (di < 0)
                                ?	8 * blockCipher.GetBlockSize()
                                :	int.Parse(mode.Substring(di));
    
                            blockCipher = new CfbBlockCipher(blockCipher, bits);
                            break;
                        }
                        case CipherMode.CTR:
                            blockCipher = new SicBlockCipher(blockCipher);
                            break;
                        case CipherMode.CTS:
                            cts = true;
                            blockCipher = new CbcBlockCipher(blockCipher);
                            break;
                        case CipherMode.EAX:
                            aeadBlockCipher = new EaxBlockCipher(blockCipher);
                            break;
                        case CipherMode.GCM:
                            aeadBlockCipher = new GcmBlockCipher(blockCipher);
                            break;
                        case CipherMode.GOFB:
                            blockCipher = new GOfbBlockCipher(blockCipher);
                            break;
                        case CipherMode.OCB:
                            aeadBlockCipher = new OcbBlockCipher(blockCipher, CreateBlockCipher(cipherAlgorithm));
                            break;
                        case CipherMode.OFB:
                        {
                            int bits = (di < 0)
                                ?	8 * blockCipher.GetBlockSize()
                                :	int.Parse(mode.Substring(di));
    
                            blockCipher = new OfbBlockCipher(blockCipher, bits);
                            break;
                        }
                        case CipherMode.OPENPGPCFB:
                            blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
                            break;
                        case CipherMode.SIC:
                            if (blockCipher.GetBlockSize() < 16)
                            {
                                throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
                            }
                            blockCipher = new SicBlockCipher(blockCipher);
                            break;
                        default:
                            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                    }
                }
                catch (ArgumentException)
                {
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            if (aeadBlockCipher != null)
            {
                if (cts)
                    throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
                if (padded && parts.Length > 2 && parts[2] != "")
                    throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");

                return new BufferedAeadBlockCipher(aeadBlockCipher);
            }

            if (blockCipher != null)
            {
                if (cts)
                {
                    return new CtsBlockCipher(blockCipher);
                }

                if (padding != null)
                {
                    return new PaddedBufferedBlockCipher(blockCipher, padding);
                }

                if (!padded || blockCipher.IsPartialBlockOkay)
                {
                    return new BufferedBlockCipher(blockCipher);
                }

                return new PaddedBufferedBlockCipher(blockCipher);
            }

            if (asymBlockCipher != null)
            {
                return new BufferedAsymmetricBlockCipher(asymBlockCipher);
            }

            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
        }
        public static IBufferedCipher GetCipher(
            string algorithm)
        {
            if (algorithm == null)
                throw new ArgumentNullException("algorithm");

            algorithm = algorithm.ToUpper(CultureInfo.InvariantCulture);

            string aliased = (string) algorithms[algorithm];

            if (aliased != null)
                algorithm = aliased;

            IBasicAgreement iesAgreement = null;
            if (algorithm == "IES")
            {
                iesAgreement = new DHBasicAgreement();
            }
            else if (algorithm == "ECIES")
            {
                iesAgreement = new ECDHBasicAgreement();
            }

            if (iesAgreement != null)
            {
                return new BufferedIesCipher(
                    new IesEngine(
                    iesAgreement,
                    new Kdf2BytesGenerator(
                    new Sha1Digest()),
                    new HMac(
                    new Sha1Digest())));
            }

            if (algorithm.StartsWith("PBE"))
            {
                switch (algorithm)
                {
                    case "PBEWITHSHAAND2-KEYTRIPLEDES-CBC":
                    case "PBEWITHSHAAND3-KEYTRIPLEDES-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEdeEngine()));

                    case "PBEWITHSHAAND128BITRC2-CBC":
                    case "PBEWITHSHAAND40BITRC2-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));

                    case "PBEWITHSHAAND128BITAES-CBC-BC":
                    case "PBEWITHSHAAND192BITAES-CBC-BC":
                    case "PBEWITHSHAAND256BITAES-CBC-BC":
                    case "PBEWITHSHA256AND128BITAES-CBC-BC":
                    case "PBEWITHSHA256AND192BITAES-CBC-BC":
                    case "PBEWITHSHA256AND256BITAES-CBC-BC":
                    case "PBEWITHMD5AND128BITAES-CBC-OPENSSL":
                    case "PBEWITHMD5AND192BITAES-CBC-OPENSSL":
                    case "PBEWITHMD5AND256BITAES-CBC-OPENSSL":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new AesFastEngine()));

                    case "PBEWITHSHA1ANDDES-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEngine()));

                    case "PBEWITHSHA1ANDRC2-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                }
            }

            string[] parts = algorithm.Split('/');

            IBlockCipher blockCipher = null;
            IAsymmetricBlockCipher asymBlockCipher = null;
            IStreamCipher streamCipher = null;

            switch (parts[0])
            {
                case "AES":
                    blockCipher = new AesFastEngine();
                    break;
                case "ARC4":
                    streamCipher = new RC4Engine();
                    break;
                case "BLOWFISH":
                    blockCipher = new BlowfishEngine();
                    break;
                case "CAMELLIA":
                    blockCipher = new CamelliaEngine();
                    break;
                case "CAST5":
                    blockCipher = new Cast5Engine();
                    break;
                case "CAST6":
                    blockCipher = new Cast6Engine();
                    break;
                case "DES":
                    blockCipher = new DesEngine();
                    break;
                case "DESEDE":
                    blockCipher = new DesEdeEngine();
                    break;
                case "ELGAMAL":
                    asymBlockCipher = new ElGamalEngine();
                    break;
                case "GOST28147":
                    blockCipher = new Gost28147Engine();
                    break;
                case "HC128":
                    streamCipher = new HC128Engine();
                    break;
                case "HC256":
                    streamCipher = new HC256Engine();
                    break;
            #if INCLUDE_IDEA
                case "IDEA":
                    blockCipher = new IdeaEngine();
                    break;
            #endif
                case "NOEKEON":
                    blockCipher = new NoekeonEngine();
                    break;
                case "PBEWITHSHAAND128BITRC4":
                case "PBEWITHSHAAND40BITRC4":
                    streamCipher = new RC4Engine();
                    break;
                case "RC2":
                    blockCipher = new RC2Engine();
                    break;
                case "RC5":
                    blockCipher = new RC532Engine();
                    break;
                case "RC5-64":
                    blockCipher = new RC564Engine();
                    break;
                case "RC6":
                    blockCipher = new RC6Engine();
                    break;
                case "RIJNDAEL":
                    blockCipher = new RijndaelEngine();
                    break;
                case "RSA":
                    asymBlockCipher = new RsaBlindedEngine();
                    break;
                case "SALSA20":
                    streamCipher = new Salsa20Engine();
                    break;
                case "SEED":
                    blockCipher = new SeedEngine();
                    break;
                case "SERPENT":
                    blockCipher = new SerpentEngine();
                    break;
                case "SKIPJACK":
                    blockCipher = new SkipjackEngine();
                    break;
                case "TEA":
                    blockCipher = new TeaEngine();
                    break;
                case "TWOFISH":
                    blockCipher = new TwofishEngine();
                    break;
                case "VMPC":
                    streamCipher = new VmpcEngine();
                    break;
                case "VMPC-KSA3":
                    streamCipher = new VmpcKsa3Engine();
                    break;
                case "XTEA":
                    blockCipher = new XteaEngine();
                    break;
                default:
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            if (streamCipher != null)
            {
                if (parts.Length > 1)
                    throw new ArgumentException("Modes and paddings not used for stream ciphers");

                return new BufferedStreamCipher(streamCipher);
            }

            bool cts = false;
            bool padded = true;
            IBlockCipherPadding padding = null;
            IAeadBlockCipher aeadBlockCipher = null;

            if (parts.Length > 2)
            {
                if (streamCipher != null)
                    throw new ArgumentException("Paddings not used for stream ciphers");

                switch (parts[2])
                {
                    case "NOPADDING":
                        padded = false;
                        break;
                    case "":
                    case "RAW":
                        break;
                    case "ISO10126PADDING":
                    case "ISO10126D2PADDING":
                    case "ISO10126-2PADDING":
                        padding = new ISO10126d2Padding();
                        break;
                    case "ISO7816-4PADDING":
                    case "ISO9797-1PADDING":
                        padding = new ISO7816d4Padding();
                        break;
                    case "ISO9796-1":
                    case "ISO9796-1PADDING":
                        asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
                        break;
                    case "OAEP":
                    case "OAEPPADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher);
                        break;
                    case "OAEPWITHMD5ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
                        break;
                    case "OAEPWITHSHA1ANDMGF1PADDING":
                    case "OAEPWITHSHA-1ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
                        break;
                    case "OAEPWITHSHA224ANDMGF1PADDING":
                    case "OAEPWITHSHA-224ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
                        break;
                    case "OAEPWITHSHA256ANDMGF1PADDING":
                    case "OAEPWITHSHA-256ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
                        break;
                    case "OAEPWITHSHA384ANDMGF1PADDING":
                    case "OAEPWITHSHA-384ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
                        break;
                    case "OAEPWITHSHA512ANDMGF1PADDING":
                    case "OAEPWITHSHA-512ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
                        break;
                    case "PKCS1":
                    case "PKCS1PADDING":
                        asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
                        break;
                    case "PKCS5":
                    case "PKCS5PADDING":
                    case "PKCS7":
                    case "PKCS7PADDING":
                        padding = new Pkcs7Padding();
                        break;
                    case "TBCPADDING":
                        padding = new TbcPadding();
                        break;
                    case "WITHCTS":
                        cts = true;
                        break;
                    case "X9.23PADDING":
                    case "X923PADDING":
                        padding = new X923Padding();
                        break;
                    case "ZEROBYTEPADDING":
                        padding = new ZeroBytePadding();
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            string mode = "";
            if (parts.Length > 1)
            {
                mode = parts[1];

                int di = GetDigitIndex(mode);
                string modeName = di >= 0 ? mode.Substring(0, di) : mode;

                switch (modeName)
                {
                    case "":
                    case "ECB":
                    case "NONE":
                        break;
                    case "CBC":
                        blockCipher = new CbcBlockCipher(blockCipher);
                        break;
                    case "CCM":
                        aeadBlockCipher = new CcmBlockCipher(blockCipher);
                        break;
                    case "CFB":
                    {
                        int bits = (di < 0)
                            ?	8 * blockCipher.GetBlockSize()
                            :	int.Parse(mode.Substring(di));

                        blockCipher = new CfbBlockCipher(blockCipher, bits);
                        break;
                    }
                    case "CTR":
                        blockCipher = new SicBlockCipher(blockCipher);
                        break;
                    case "CTS":
                        cts = true;
                        blockCipher = new CbcBlockCipher(blockCipher);
                        break;
                    case "EAX":
                        aeadBlockCipher = new EaxBlockCipher(blockCipher);
                        break;
                    case "GCM":
                        aeadBlockCipher = new GcmBlockCipher(blockCipher);
                        break;
                    case "GOFB":
                        blockCipher = new GOfbBlockCipher(blockCipher);
                        break;
                    case "OFB":
                    {
                        int bits = (di < 0)
                            ?	8 * blockCipher.GetBlockSize()
                            :	int.Parse(mode.Substring(di));

                        blockCipher = new OfbBlockCipher(blockCipher, bits);
                        break;
                    }
                    case "OPENPGPCFB":
                        blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
                        break;
                    case "SIC":
                        if (blockCipher.GetBlockSize() < 16)
                        {
                            throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
                        }
                        blockCipher = new SicBlockCipher(blockCipher);
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            if (aeadBlockCipher != null)
            {
                if (cts)
                    throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
                if (padded && parts.Length > 2 && parts[2] != "")
                    throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");

                return new BufferedAeadBlockCipher(aeadBlockCipher);
            }

            if (blockCipher != null)
            {
                if (cts)
                {
                    return new CtsBlockCipher(blockCipher);
                }

                if (padding != null)
                {
                    return new PaddedBufferedBlockCipher(blockCipher, padding);
                }

                if (!padded || blockCipher.IsPartialBlockOkay)
                {
                    return new BufferedBlockCipher(blockCipher);
                }

                return new PaddedBufferedBlockCipher(blockCipher);
            }

            if (asymBlockCipher != null)
            {
                return new BufferedAsymmetricBlockCipher(asymBlockCipher);
            }

            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
        }
Exemple #5
0
 public static EncryptionResult EncryptMessage(byte[] userKey, byte[] userSecret, byte[] data, ushort padding = 0, bool randomisePadding = false)
 {
     var Random = new SecureRandom();
     var Salt = new byte[16];
     Random.NextBytes(Salt);
     var Curve = ECNamedCurveTable.GetByName("prime256v1");
     var Spec = new ECDomainParameters(Curve.Curve, Curve.G, Curve.N, Curve.H, Curve.GetSeed());
     var Generator = new ECKeyPairGenerator();
     Generator.Init(new ECKeyGenerationParameters(Spec, new SecureRandom()));
     var KeyPair = Generator.GenerateKeyPair();
     var AgreementGenerator = new ECDHBasicAgreement();
     AgreementGenerator.Init(KeyPair.Private);
     var IKM =
         AgreementGenerator.CalculateAgreement(new ECPublicKeyParameters(Spec.Curve.DecodePoint(userKey), Spec));
     var PRK = GenerateHKDF(userSecret, IKM.ToByteArrayUnsigned(),
         Encoding.UTF8.GetBytes("Content-Encoding: auth\0"), 32);
     var PublicKey = ((ECPublicKeyParameters)KeyPair.Public).Q.GetEncoded(false);
     var CEK = GenerateHKDF(Salt, PRK, CreateInfoChunk("aesgcm", userKey, PublicKey), 16);
     var Nonce = GenerateHKDF(Salt, PRK, CreateInfoChunk("nonce", userKey, PublicKey), 12);
     if (randomisePadding && (padding > 0)) padding = Convert.ToUInt16(Math.Abs(Random.NextInt()) % (padding + 1));
     var Input = new byte[padding + 2 + data.Length];
     Buffer.BlockCopy(ConvertInt(padding), 0, Input, 0, 2);
     Buffer.BlockCopy(data, 0, Input, padding + 2, data.Length);
     var Cipher = CipherUtilities.GetCipher("AES/GCM/NoPadding");
     Cipher.Init(true, new AeadParameters(new KeyParameter(CEK), 128, Nonce));
     var Message = new byte[Cipher.GetOutputSize(Input.Length)];
     Cipher.DoFinal(Input, 0, Input.Length, Message, 0);
     return new EncryptionResult { Salt = Salt, Payload = Message, PublicKey = PublicKey };
 }
Exemple #6
0
        public void TestECBasicAgreementTest()
        {
            SecureRandom random = new SecureRandom();

            FpCurve curve = new FpCurve(
                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
                new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b

            ECDomainParameters parameters = new ECDomainParameters(
                curve,
                curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
                new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n

            ECKeyPairGenerator pGen = new ECKeyPairGenerator();
            ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(parameters, random);

            pGen.Init(genParam);

            AsymmetricCipherKeyPair p1 = pGen.GenerateKeyPair();
            AsymmetricCipherKeyPair p2 = pGen.GenerateKeyPair();

            //
            // two way
            //
            IBasicAgreement e1 = new ECDHBasicAgreement();
            IBasicAgreement e2 = new ECDHBasicAgreement();

            e1.Init(p1.Private);
            e2.Init(p2.Private);

            BigInteger   k1 = e1.CalculateAgreement(p2.Public);
            BigInteger   k2 = e2.CalculateAgreement(p1.Public);

            if (!k1.Equals(k2))
            {
                Fail("calculated agreement test failed");
            }

            //
            // two way
            //
            e1 = new ECDHCBasicAgreement();
            e2 = new ECDHCBasicAgreement();

            e1.Init(p1.Private);
            e2.Init(p2.Private);

            k1 = e1.CalculateAgreement(p2.Public);
            k2 = e2.CalculateAgreement(p1.Public);

            if (!k1.Equals(k2))
            {
                Fail("calculated agreement test failed");
            }
        }
		BigInteger ECDHAgree(byte[] publicKey, byte[] privateKey)
		{
			var domain = SecNamedCurves.GetByName ("secp160r1");
			ECDHBasicAgreement agreement = new ECDHBasicAgreement ();
			BigInteger privKeyInt = new BigInteger (privateKey);
			ECDomainParameters parm = new ECDomainParameters(domain.Curve, domain.G, domain.N);
			ECPrivateKeyParameters privKey = new ECPrivateKeyParameters (privKeyInt, parm);
			agreement.Init (privKey);
			var pt = Key.Curve.Curve.DecodePoint (publicKey);
			ECPublicKeyParameters pubParams = new ECPublicKeyParameters (pt, parm);
			return agreement.CalculateAgreement (pubParams);
		}
 protected virtual byte[] CalculateECDHBasicAgreement(ECPublicKeyParameters publicKey,
     ECPrivateKeyParameters privateKey)
 {
     ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement();
     basicAgreement.Init(privateKey);
     BigInteger agreement = basicAgreement.CalculateAgreement(publicKey);
     return BigIntegers.AsUnsignedByteArray(agreement);
 }
        protected virtual byte[] CalculateECDHBasicAgreement(ECPublicKeyParameters publicKey,
            ECPrivateKeyParameters privateKey)
        {
            ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement();
            basicAgreement.Init(privateKey);
            BigInteger agreementValue = basicAgreement.CalculateAgreement(publicKey);

            /*
             * RFC 4492 5.10. Note that this octet string (Z in IEEE 1363 terminology) as output by
             * FE2OSP, the Field Element to Octet String Conversion Primitive, has constant length for
             * any given field; leading zeros found in this octet string MUST NOT be truncated.
             */
            return BigIntegers.AsUnsignedByteArray(basicAgreement.GetFieldSize(), agreementValue);
        }
        /// <summary>
        /// Generates the KDF parameters.
        /// Sess Sections 7 & 8 of RFC 6637 (http://tools.ietf.org/html/rfc6637) for more details
        /// </summary>
        /// <returns></returns>
        private void UpdateDigestWithKDFParameters(IDigest digest)
        {
            var agreement = new ECDHBasicAgreement();
            agreement.Init(_privateKey);
            var zb = agreement.CalculateAgreement(_publicKey).ToByteArrayUnsigned();

            digest.Update(0x00);
            digest.Update(0x00);
            digest.Update(0x00);
            digest.Update(0x01);

            digest.BlockUpdate(zb, 0, zb.Length);

            var oid = _publicKey.PublicKeyParamSet.ToBytes();
            digest.Update((byte)oid.Length);
            digest.BlockUpdate(oid, 0, oid.Length);
            digest.Update((byte)PublicKeyAlgorithmTag.Ecdh);
            digest.Update(0x3);
            digest.Update(0x1);
            digest.Update((byte)_publicKey.HashAlgorithm);
            digest.Update((byte)_publicKey.SymmetricKeyAlgorithm);

            digest.BlockUpdate(_anonymousSender, 0, _anonymousSender.Length);
            digest.BlockUpdate(_fingerPrint, 0, _fingerPrint.Length);
        }
        public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data)
        {
            if (data == null)
            {
                throw new ArgumentNullException("data");
            }
            if (data.Length < 1)
            {
                throw new ArgumentException("data");
            }

            byte[] ecPointData = new byte[data[0]];
            Buffer.BlockCopy(data, 1, ecPointData, 0, ecPointData.Length);
            ECPoint ecPoint = domainParameters.Curve.DecodePoint(ecPointData);
            var theirPublicKey = new ECPublicKeyParameters(ecPoint, domainParameters);

            // Calculate the actual agreement
            var agreement = new ECDHBasicAgreement();
            agreement.Init(this.privateKey);
            preMasterSecret = BigIntegerToByteArray(agreement.CalculateAgreement(theirPublicKey), 32);
            this.logger?.Debug("Pre-Master secret: " + BitConverter.ToString(preMasterSecret));
        }
        /// <summary>
        /// Called by client to get his ephemaral ECC keys
        /// TODO: get information about which ECC curve should be used
        /// </summary>
        /// <param name="version"></param>
        /// <param name="data"></param>
        /// <returns></returns>
        public override byte[] ProcessServerKeys(ProtocolVersion version, byte[] data, X509Certificate serverCertificate)
        {
            if (data == null)
            {
                throw new ArgumentNullException(nameof(data));
            }
            if (data.Length < 4) throw new ArgumentException(nameof(data));

            //if (data[0] != 3 || data[1] != 0 || data[2] != 23)
            if (data[0] != 3 || data[1] != 0)
            {
                throw new ArgumentException(nameof(data));
            }

            //if (data[3] != 65 || data[4] > data.Length - 4)
            if (data[4] > data.Length - 4)
            {
                throw new ArgumentException(nameof(data));
            }

            
            // Extract the public key from the data
            byte[] ecPointData = new byte[data[3]];
            Buffer.BlockCopy(data, 4, ecPointData, 0, ecPointData.Length);
            var ecPoint = this.ObtainCurveNameAndPoint(ecPointData, serverCertificate);
            var theirPublicKey = new ECPublicKeyParameters(ecPoint, this.domainParameters);

            // Calculate the actual agreement
            var agreement = new ECDHBasicAgreement();
            agreement.Init(this.privateKey);
            this.preMasterSecret = BigIntegerToByteArray(agreement.CalculateAgreement(theirPublicKey), 32);

            var signature = new byte[data.Length - 4 - data[3]];
            Buffer.BlockCopy(data, 4 + data[3], signature, 0, signature.Length);
            return signature;
        }