public void Init(BigInteger n, BigInteger d, byte[] message)
{
this.n = n;
Arrays.Fill(V, 1);
Arrays.Fill(K, 0);
byte[] array = new byte[(n.BitLength + 7) / 8];
byte[] array2 = BigIntegers.AsUnsignedByteArray(d);
Array.Copy(array2, 0, array, array.Length - array2.Length, array2.Length);
byte[] array3 = new byte[(n.BitLength + 7) / 8];
BigInteger bigInteger = BitsToInt(message);
if (bigInteger.CompareTo(n) >= 0)
{
bigInteger = bigInteger.Subtract(n);
}
byte[] array4 = BigIntegers.AsUnsignedByteArray(bigInteger);
Array.Copy(array4, 0, array3, array3.Length - array4.Length, array4.Length);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.Update(0);
hMac.BlockUpdate(array, 0, array.Length);
hMac.BlockUpdate(array3, 0, array3.Length);
hMac.DoFinal(K, 0);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.DoFinal(V, 0);
hMac.BlockUpdate(V, 0, V.Length);
hMac.Update(1);
hMac.BlockUpdate(array, 0, array.Length);
hMac.BlockUpdate(array3, 0, array3.Length);
hMac.DoFinal(K, 0);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.DoFinal(V, 0);
}
public void Init(BigInteger n, BigInteger d, byte[] message)
{
this.n = n;
Arrays.Fill(V, (byte)0x01);
Arrays.Fill(K, (byte)0);
int size = BigIntegers.GetUnsignedByteLength(n);
byte[] x = new byte[size];
byte[] dVal = BigIntegers.AsUnsignedByteArray(d);
Array.Copy(dVal, 0, x, x.Length - dVal.Length, dVal.Length);
byte[] m = new byte[size];
BigInteger mInt = BitsToInt(message);
if (mInt.CompareTo(n) >= 0)
{
mInt = mInt.Subtract(n);
}
byte[] mVal = BigIntegers.AsUnsignedByteArray(mInt);
Array.Copy(mVal, 0, m, m.Length - mVal.Length, mVal.Length);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.Update((byte)0x00);
hMac.BlockUpdate(x, 0, x.Length);
hMac.BlockUpdate(m, 0, m.Length);
hMac.DoFinal(K, 0);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.DoFinal(V, 0);
hMac.BlockUpdate(V, 0, V.Length);
hMac.Update((byte)0x01);
hMac.BlockUpdate(x, 0, x.Length);
hMac.BlockUpdate(m, 0, m.Length);
hMac.DoFinal(K, 0);
hMac.Init(new KeyParameter(K));
hMac.BlockUpdate(V, 0, V.Length);
hMac.DoFinal(V, 0);
}
public virtual byte[] CalculateMacConstantTime(ContentType type, byte[] message, int offset, int len,
int fullLength, byte[] dummyData)
{
// Actual MAC only calculated on 'len' bytes
byte[] result = CalculateMac(type, message, offset, len);
//bool isTls = context.ServerVersion.FullVersion >= ProtocolVersion.TLSv10.FullVersion;
bool isTls = true;
// ...but ensure a constant number of complete digest blocks are processed (per 'fullLength')
if (isTls)
{
// TODO Currently all TLS digests use a block size of 64, a suffix (length field) of 8, and padding (1+)
int db = 64, ds = 8;
int L1 = 13 + fullLength;
int L2 = 13 + len;
// How many extra full blocks do we need to calculate?
int extra = ((L1 + ds) / db) - ((L2 + ds) / db);
while (--extra >= 0)
{
mac.BlockUpdate(dummyData, 0, db);
}
// One more byte in case the implementation is "lazy" about processing blocks
mac.Update(dummyData[0]);
mac.Reset();
}
return(result);
}
private static byte[] HKDF(byte[] secret, byte[] salt, byte[] info, int cbit, IDigest digest)
{
// Now start doing HKDF
// Perform the Extract phase
HMac mac = new HMac(digest);
int hashLength = digest.GetDigestSize();
int c = ((cbit + 7) / 8 + hashLength - 1) / hashLength;
if (salt == null)
{
salt = new byte[0];
}
KeyParameter key = new KeyParameter(salt);
mac.Init(key);
mac.BlockUpdate(secret, 0, secret.Length);
byte[] rgbExtract = new byte[hashLength];
mac.DoFinal(rgbExtract, 0);
// Now do the Expand Phase
byte[] rgbOut = new byte[cbit / 8];
byte[] rgbT = new byte[hashLength * c];
mac = new HMac(digest);
key = new KeyParameter(rgbExtract);
mac.Init(key);
byte[] rgbLast = new byte[0];
byte[] rgbHash2 = new byte[hashLength];
for (int i = 0; i < c; i++)
{
mac.Reset();
mac.BlockUpdate(rgbLast, 0, rgbLast.Length);
mac.BlockUpdate(info, 0, info.Length);
mac.Update((byte)(i + 1));
rgbLast = rgbHash2;
mac.DoFinal(rgbLast, 0);
Array.Copy(rgbLast, 0, rgbT, i * hashLength, hashLength);
}
Array.Copy(rgbT, 0, rgbOut, 0, cbit / 8);
return(rgbOut);
}
/**
* Performs the expand part of the key derivation function, using currentT
* as input and output buffer.
*
* @throws DataLengthException if the total number of bytes generated is larger than the one
* specified by RFC 5869 (255 * HashLen)
*/
private void ExpandNext()
{
int n = _generatedBytes / _hashLen + 1;
if (n >= 256)
{
throw new DataLengthException(
"HKDF cannot generate more than 255 blocks of HashLen size");
}
// special case for T(0): T(0) is empty, so no update
if (_generatedBytes != 0)
{
_hMacHash.BlockUpdate(_currentT, 0, _hashLen);
}
_hMacHash.BlockUpdate(_info, 0, _info.Length);
_hMacHash.Update((byte)n);
_hMacHash.DoFinal(_currentT, 0);
}