/// <summary> /// Creates a new session paket crypto service. /// </summary> /// <param name="sessionKey"></param> /// <param name="isForEncryption"></param> /// <param name="hmacKey"></param> public SessionARC4NPacketCryptoService([NotNull] byte[] sessionKey, bool isForEncryption, [NotNull] byte[] hmacKey) { if (sessionKey == null) { throw new ArgumentNullException(nameof(sessionKey)); } if (hmacKey == null) { throw new ArgumentNullException(nameof(hmacKey)); } //RC4-Drop[n] for security //Build an RC4 cipher service for the provided session key. using (HMACSHA1 hmacsha = new HMACSHA1(hmacKey)) rc4CryptoService = new RC4DropNCryptoServiceProvider(hmacsha.ComputeHash(sessionKey), 1024, isForEncryption); }
/// <summary> /// Creates a new RC4 service with the provided <see cref="key"/> and follows /// RC4-Drop[n]. /// </summary> /// <param name="key">The RC4 key.</param> /// <param name="n">The n value to be used in RC4-Drop[n]</param> public RC4DropNCryptoServiceProvider([NotNull] byte[] key, int n, bool forEncryption) { if (key == null) { throw new ArgumentNullException(nameof(key)); } internalRC4Engine = new RC4CryptoServiceProvider(key, forEncryption); //TODO: Create a shared n buffer to be used. Only matters for server. Client only makes one usually. byte[] dropNByteArray = new byte[n]; //Once initialized we need to drop the first n bytes. //This prevents a common RC4 exploit that can determine key values otherwise. internalRC4Engine.ProcessBytes(dropNByteArray, 0, n, dropNByteArray, 0); }