public BitString Extract(BitString salt, BitString inputKeyingMaterial)
{
// An empty salt is converted to empty bytes
salt ??= new BitString(_hmac.OutputLength);
return(_hmac.Generate(salt, inputKeyingMaterial).Mac);
}
public IkeResult GenerateIke(BitString ni, BitString nr, BitString gxy, BitString cky_i, BitString cky_r, BitString presharedKey = null)
{
// Append fixed values together for convenience
var fixedData = gxy.ConcatenateBits(cky_i).ConcatenateBits(cky_r);
var sKeyId = PseudoRandomFunction(ni, nr, gxy, cky_i, cky_r, presharedKey);
var sKeyIdD = Hmac.Generate(sKeyId, fixedData.ConcatenateBits(new BitString("00"))).Mac;
var sKeyIdA = Hmac.Generate(sKeyId, sKeyIdD.ConcatenateBits(fixedData).ConcatenateBits(new BitString("01"))).Mac;
var sKeyIdE = Hmac.Generate(sKeyId, sKeyIdA.ConcatenateBits(fixedData).ConcatenateBits(new BitString("02"))).Mac;
return(new IkeResult(sKeyId, sKeyIdA, sKeyIdD, sKeyIdE));
}
private BitString HmacPrf(IHmac hmac, BitString secret, BitString seed, int outputLength)
{
var hmacLen = hmac.OutputLength;
var numBlocks = outputLength.CeilingDivide(hmacLen);
var A = seed.GetDeepCopy();
var output = new BitString(0);
for (var i = 0; i < numBlocks; i++)
{
A = hmac.Generate(secret, A).Mac;
output = output.ConcatenateBits(hmac.Generate(secret, A.ConcatenateBits(seed)).Mac);
}
return(output);
}
private BitString Prf(BitString secret, string label, BitString seed, int outputLength)
{
var labelBytes = new BitString(Encoding.ASCII.GetBytes(label));
var prfSeed = labelBytes.ConcatenateBits(seed);
var numBlocks = outputLength.CeilingDivide(_hmac.OutputLength);
var A = prfSeed.GetDeepCopy();
var output = new BitString(0);
for (var i = 0; i < numBlocks; i++)
{
A = _hmac.Generate(secret, A).Mac;
output = output.ConcatenateBits(_hmac.Generate(secret, A.ConcatenateBits(prfSeed)).Mac);
}
return(output.GetMostSignificantBits(outputLength));
}
protected override BitString H(BitString message, BitString salt)
{
if (salt == null || salt.BitLength == 0)
{
throw new ArgumentNullException(nameof(salt));
}
return(_hmac.Generate(salt, message, OutputLength).Mac);
}
// Question: Is it a hard restriction that the hash within HMAC is the same used within the signature process?
public BigInteger GetNonce(BigInteger privateD, BigInteger hashedMessage, BigInteger orderN)
{
// 1.3
var seedMaterial = new BitString(privateD).PadToModulusMsb(32).ConcatenateBits(new BitString(hashedMessage).PadToModulusMsb(32));
// 1.4
var key = BitString.Zeroes(_hmac.OutputLength);
// 1.5
var v = _01bits.GetMostSignificantBits(_hmac.OutputLength);
// 1.6
key = _hmac.Generate(key, v.ConcatenateBits(BitString.ConcatenateBits(BitString.Zeroes(8), seedMaterial))).Mac;
// 1.7
v = _hmac.Generate(key, v).Mac;
// 1.8
key = _hmac.Generate(key, v.ConcatenateBits(BitString.ConcatenateBits(new BitString("01"), seedMaterial))).Mac;
// 1.9
v = _hmac.Generate(key, v).Mac;
// 2
var nlen = orderN.ExactBitLength();
// 3
BigInteger k = 0;
while (k == 0 || k >= orderN)
{
// 4.1
var tmp = new BitString(0);
// 4.2
while (tmp.BitLength < nlen)
{
v = _hmac.Generate(key, v).Mac;
tmp = tmp.ConcatenateBits(v);
}
// 4.3
k = tmp.GetMostSignificantBits(nlen).ToPositiveBigInteger();
// 4.4
if (k > 0 && k < orderN)
{
return(k);
}
// 4.5
key = _hmac.Generate(key, v.ConcatenateBits(BitString.Zeroes(8))).Mac;
// 4.6
v = _hmac.Generate(key, v).Mac;
}
return(k);
}
protected override DrbgResult GenerateAlgorithm(int requestedNumberOfBits, BitString additionalInput)
{
// 1
if (ReseedCounter > Attributes.MaxNumberOfRequestsBetweenReseeds)
{
return(new DrbgResult(DrbgStatus.ReseedRequired));
}
// 2
if (additionalInput.BitLength != 0)
{
Update(additionalInput);
}
// 3
var temp = new BitString(0);
// 4
while (temp.BitLength < requestedNumberOfBits)
{
// 4.1
V = _hmac.Generate(Key, V).Mac;
// 4.2
temp = temp.ConcatenateBits(V);
}
// 5
var returnedBits = temp.GetMostSignificantBits(requestedNumberOfBits);
// 6
Update(additionalInput);
// 7
ReseedCounter++;
// 8
return(new DrbgResult(returnedBits));
}
public KdfResult DeriveKey(BitString auth, BitString nonceEven, BitString nonceOdd)
{
var value = nonceEven.ConcatenateBits(nonceOdd);
var result = _hmac.Generate(auth, value);
if (result.Success)
{
return(new KdfResult(result.Mac));
}
else
{
return(new KdfResult(result.ErrorMessage));
}
}
public void ShouldHmacCorrectly(string label, ModeValues mode, DigestSizes digestSize, int keyByteSize, int additionToIndexInKey, BitString expectedHmac, int macLength)
{
var hashFunction = new HashFunction(mode, digestSize);
var factory = new HmacFactory(new NativeShaFactory());
_subject = factory.GetHmacInstance(hashFunction);
var key = GenKey(keyByteSize, additionToIndexInKey);
var message = GetBitStringFromString(label);
var result = _subject.Generate(key, message, macLength);
Assert.AreEqual(expectedHmac.ToHex(), result.Mac.ToHex());
}
protected override BitString Mac(BitString macData)
{
var mac = Algo.Generate(
NoKeyConfirmationParameters.DerivedKeyingMaterial,
macData,
NoKeyConfirmationParameters.MacLength
);
if (!mac.Success)
{
throw new Exception(mac.ErrorMessage);
}
return(mac.Mac);
}
protected override BitString Mac(BitString macData)
{
var result = _iHmac.Generate(
_keyConfirmationParameters.DerivedKeyingMaterial,
macData,
_keyConfirmationParameters.MacLength
);
if (!result.Success)
{
throw new Exception(result.ErrorMessage);
}
return(result.Mac);
}
public void IsoIec9797Tests(ModeValues mode, DigestSizes digestSize, int macLength, string ascii, int count, string keyHex, string expectedHex)
{
var sha = _shaFactory.GetShaInstance(new HashFunction(mode, digestSize));
_subject = new NativeHmac(sha);
var key = new BitString(keyHex);
BitString message;
if (count == 0)
{
message = new BitString(Encoding.ASCII.GetBytes(ascii));
}
else
{
message = new BitString(Encoding.ASCII.GetBytes(ascii), count * 8);
}
var result = _subject.Generate(key, message, macLength);
var expected = new BitString(expectedHex, macLength);
Assert.AreEqual(expected.ToHex(), result.Mac.ToHex());
}
private BitString GenerateSKeySeed(BitString ni, BitString nr, BitString gir)
{
return(_hmac.Generate(ni.ConcatenateBits(nr), gir).Mac);
}