private byte[] DecryptBlock(
byte[] in_enc,
int inOff,
int inLen,
byte[] z)
{
byte[] M = null;
KeyParameter macKey = null;
KdfParameters kParam = new KdfParameters(z, param.GetDerivationV());
int macKeySize = param.MacKeySize;
kdf.Init(kParam);
inLen -= mac.GetMacSize();
if (cipher == null) // stream mode
{
byte[] Buffer = GenerateKdfBytes(kParam, inLen + (macKeySize / 8));
M = new byte[inLen];
for (int i = 0; i != inLen; i++)
{
M[i] = (byte)(in_enc[inOff + i] ^ Buffer[i]);
}
macKey = new KeyParameter(Buffer, inLen, (macKeySize / 8));
}
else
{
int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize;
byte[] Buffer = GenerateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8));
cipher.Init(false, new KeyParameter(Buffer, 0, (cipherKeySize / 8)));
M = cipher.DoFinal(in_enc, inOff, inLen);
macKey = new KeyParameter(Buffer, (cipherKeySize / 8), (macKeySize / 8));
}
byte[] macIV = param.GetEncodingV();
mac.Init(macKey);
mac.BlockUpdate(in_enc, inOff, inLen);
mac.BlockUpdate(macIV, 0, macIV.Length);
mac.DoFinal(macBuf, 0);
inOff += inLen;
for (int t = 0; t < macBuf.Length; t++)
{
if (macBuf[t] != in_enc[inOff + t])
{
throw (new InvalidCipherTextException("IMac codes failed to equal."));
}
}
return(M);
}
private byte[] EncryptBlock(byte[] input, int inOff, int inLen, byte[] macData)
{
// Block cipher mode.
byte[] k1 = new byte[((IesWithCipherParameters)_iesParameters).CipherKeySize / 8];
byte[] k2 = new byte[_iesParameters.MacKeySize / 8];
byte[] k = _kdfKey;
Array.Copy(k, 0, k1, 0, k1.Length);
Array.Copy(k, k1.Length, k2, 0, k2.Length);
_cipher.Init(true, new ParametersWithIV(new KeyParameter(k1), _iv));
byte[] c = new byte[_cipher.GetOutputSize(inLen)];
int len = _cipher.ProcessBytes(input, inOff, inLen, c, 0);
len += _cipher.DoFinal(c, len);
// Convert the length of the encoding vector into a byte array.
byte[] p2 = _iesParameters.GetEncodingV();
// Apply the MAC.
byte[] T = new byte[_mac.GetMacSize()];
byte[] k2A = new byte[_hash.GetDigestSize()];
_hash.Reset();
_hash.BlockUpdate(k2, 0, k2.Length);
_hash.DoFinal(k2A, 0);
_mac.Init(new KeyParameter(k2A));
_mac.BlockUpdate(_iv, 0, _iv.Length);
_mac.BlockUpdate(c, 0, c.Length);
if (p2 != null)
{
_mac.BlockUpdate(p2, 0, p2.Length);
}
if (macData != null)
{
_mac.BlockUpdate(macData, 0, macData.Length);
}
_mac.DoFinal(T, 0);
// Output the double (C,T).
byte[] output = new byte[len + T.Length];
Array.Copy(c, 0, output, 0, len);
Array.Copy(T, 0, output, len, T.Length);
return(output);
}
private byte[] DecryptBlock(byte[] in_enc, int inOff, int inLen, byte[] z)
{
byte[] array = null;
KeyParameter keyParameter = null;
KdfParameters kdfParameters = new KdfParameters(z, param.GetDerivationV());
int macKeySize = param.MacKeySize;
kdf.Init(kdfParameters);
if (inLen < mac.GetMacSize())
{
throw new InvalidCipherTextException("Length of input must be greater than the MAC");
}
inLen -= mac.GetMacSize();
if (cipher == null)
{
byte[] array2 = GenerateKdfBytes(kdfParameters, inLen + macKeySize / 8);
array = new byte[inLen];
for (int i = 0; i != inLen; i++)
{
array[i] = (byte)(in_enc[inOff + i] ^ array2[i]);
}
keyParameter = new KeyParameter(array2, inLen, macKeySize / 8);
}
else
{
int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize;
byte[] key = GenerateKdfBytes(kdfParameters, cipherKeySize / 8 + macKeySize / 8);
cipher.Init(forEncryption: false, new KeyParameter(key, 0, cipherKeySize / 8));
array = cipher.DoFinal(in_enc, inOff, inLen);
keyParameter = new KeyParameter(key, cipherKeySize / 8, macKeySize / 8);
}
byte[] encodingV = param.GetEncodingV();
mac.Init(keyParameter);
mac.BlockUpdate(in_enc, inOff, inLen);
mac.BlockUpdate(encodingV, 0, encodingV.Length);
mac.DoFinal(macBuf, 0);
inOff += inLen;
byte[] a = Arrays.CopyOfRange(in_enc, inOff, inOff + macBuf.Length);
if (!Arrays.ConstantTimeAreEqual(a, macBuf))
{
throw new InvalidCipherTextException("Invalid MAC.");
}
return(array);
}
private byte[] DecryptBlock(
byte[] in_enc,
int inOff,
int inLen,
byte[] z)
{
byte[] M = null;
KeyParameter macKey = null;
KdfParameters kParam = new KdfParameters(z, param.GetDerivationV());
int macKeySize = param.MacKeySize;
kdf.Init(kParam);
// Ensure that the length of the input is greater than the MAC in bytes
if (inLen < mac.GetMacSize())
{
throw new InvalidCipherTextException("Length of input must be greater than the MAC");
}
inLen -= mac.GetMacSize();
if (cipher == null) // stream mode
{
byte[] Buffer = GenerateKdfBytes(kParam, inLen + (macKeySize / 8));
M = new byte[inLen];
for (int i = 0; i != inLen; i++)
{
M[i] = (byte)(in_enc[inOff + i] ^ Buffer[i]);
}
macKey = new KeyParameter(Buffer, inLen, (macKeySize / 8));
}
else
{
int cipherKeySize = ((IesWithCipherParameters)param).CipherKeySize;
byte[] Buffer = GenerateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8));
cipher.Init(false, new KeyParameter(Buffer, 0, (cipherKeySize / 8)));
M = cipher.DoFinal(in_enc, inOff, inLen);
macKey = new KeyParameter(Buffer, (cipherKeySize / 8), (macKeySize / 8));
}
byte[] macIV = param.GetEncodingV();
mac.Init(macKey);
mac.BlockUpdate(in_enc, inOff, inLen);
mac.BlockUpdate(macIV, 0, macIV.Length);
mac.DoFinal(macBuf, 0);
inOff += inLen;
byte[] T1 = Arrays.CopyOfRange(in_enc, inOff, inOff + macBuf.Length);
if (!Arrays.ConstantTimeAreEqual(T1, macBuf))
{
throw (new InvalidCipherTextException("Invalid MAC."));
}
return(M);
}
protected virtual byte[] DecryptBlock(
byte[] inEnc,
int inOff,
int inLen)
{
byte[] m;
byte[] k1, k2;
int len = 0;
// Ensure that the length of the input is greater than the MAC in bytes
if (inLen < (V.Length + Mac.GetMacSize()))
{
throw new InvalidCipherTextException("Length of input must be greater than the MAC and V combined");
}
// note order is important: set up keys, do simple encryptions, check mac, do final encryption.
if (Cipher == null)
{
// Streaming mode.
k1 = new byte[inLen - V.Length - Mac.GetMacSize()];
k2 = new byte[_param.MacKeySize / 8];
var k = new byte[k1.Length + k2.Length];
Kdf.GenerateBytes(k, 0, k.Length);
if (V.Length != 0)
{
Array.Copy(k, 0, k2, 0, k2.Length);
Array.Copy(k, k2.Length, k1, 0, k1.Length);
}
else
{
Array.Copy(k, 0, k1, 0, k1.Length);
Array.Copy(k, k1.Length, k2, 0, k2.Length);
}
// process the message
m = new byte[k1.Length];
for (int i = 0; i != k1.Length; i++)
{
m[i] = (byte)(inEnc[inOff + V.Length + i] ^ k1[i]);
}
}
else
{
// Block cipher mode.
SetupBlockCipherAndMacKeyBytes(out k1, out k2);
ICipherParameters cp = new KeyParameter(k1);
// If IV provide use it to initialize the cipher
if (Iv != null)
{
cp = new ParametersWithIV(cp, Iv);
}
Cipher.Init(false, cp);
m = new byte[Cipher.GetOutputSize(inLen - V.Length - Mac.GetMacSize())];
// do initial processing
len = Cipher.ProcessBytes(inEnc, inOff + V.Length, inLen - V.Length - Mac.GetMacSize(), m, 0);
}
// Convert the length of the encoding vector into a byte array.
byte[] p2 = _param.GetEncodingV();
byte[] l2 = null;
if (V.Length != 0)
{
l2 = GetLengthTag(p2);
}
// Verify the MAC.
int end = inOff + inLen;
byte[] t1 = Arrays.CopyOfRange(inEnc, end - Mac.GetMacSize(), end);
byte[] t2 = new byte[t1.Length];
Mac.Init(new KeyParameter(k2));
Mac.BlockUpdate(inEnc, inOff + V.Length, inLen - V.Length - t2.Length);
SimilarMacCompute(p2, l2, t2);
if (!Arrays.ConstantTimeAreEqual(t1, t2))
{
throw new InvalidCipherTextException("invalid MAC");
}
if (Cipher == null)
{
return(m);
}
else
{
len += Cipher.DoFinal(m, len);
return(Arrays.CopyOfRange(m, 0, len));
}
}
private byte[] EncryptBlock(
byte[] input,
int inOff,
int inLen,
byte[] macData)
{
byte[] c, k, k1, k2;
int len;
if (Cipher == null)
{
// Streaming mode.
k1 = new byte[inLen];
k2 = new byte[_iesParameters.MacKeySize / 8];
k = new byte[k1.Length + k2.Length];
_kdf.GenerateBytes(k, 0, k.Length);
// if (V.Length != 0)
// {
// Array.Copy(K, 0, K2, 0, K2.Length);
// Array.Copy(K, K2.Length, K1, 0, K1.Length);
// }
// else
{
Array.Copy(k, 0, k1, 0, k1.Length);
Array.Copy(k, inLen, k2, 0, k2.Length);
}
c = new byte[inLen];
for (int i = 0; i != inLen; i++)
{
c[i] = (byte)(input[inOff + i] ^ k1[i]);
}
len = inLen;
}
else
{
// Block cipher mode.
k1 = new byte[((IesWithCipherParameters)_iesParameters).CipherKeySize / 8];
k2 = new byte[_iesParameters.MacKeySize / 8];
k = new byte[k1.Length + k2.Length];
_kdf.GenerateBytes(k, 0, k.Length);
Array.Copy(k, 0, k1, 0, k1.Length);
Array.Copy(k, k1.Length, k2, 0, k2.Length);
// If iv provided use it to initialise the cipher
if (_iv != null)
{
Cipher.Init(true, new ParametersWithIV(new KeyParameter(k1), _iv));
}
else
{
Cipher.Init(true, new KeyParameter(k1));
}
c = new byte[Cipher.GetOutputSize(inLen)];
len = Cipher.ProcessBytes(input, inOff, inLen, c, 0);
len += Cipher.DoFinal(c, len);
}
// Convert the length of the encoding vector into a byte array.
byte[] p2 = _iesParameters.GetEncodingV();
// Apply the MAC.
byte[] T = new byte[Mac.GetMacSize()];
byte[] k2A;
if (HashK2)
{
k2A = new byte[_hash.GetDigestSize()];
_hash.Reset();
_hash.BlockUpdate(k2, 0, k2.Length);
_hash.DoFinal(k2A, 0);
}
else
{
k2A = k2;
}
Mac.Init(new KeyParameter(k2A));
Mac.BlockUpdate(_iv, 0, _iv.Length);
Mac.BlockUpdate(c, 0, c.Length);
if (p2 != null)
{
Mac.BlockUpdate(p2, 0, p2.Length);
}
if (V.Length != 0 && p2 != null)
{
// byte[] L2 = new byte[4];
// Pack.intToBigEndian(P2.Length * 8, L2, 0);
byte[] L2 = (p2.Length * 8).ToBigEndianByteArray();
Debug.Assert(L2.Length == 4, "expected to be 4 bytes long");
Mac.BlockUpdate(L2, 0, L2.Length);
}
if (macData != null)
{
Mac.BlockUpdate(macData, 0, macData.Length);
}
Mac.DoFinal(T, 0);
// Output the triple (V,C,T).
byte[] Output = new byte[V.Length + len + T.Length];
Array.Copy(V, 0, Output, 0, V.Length);
Array.Copy(c, 0, Output, V.Length, len);
Array.Copy(T, 0, Output, V.Length + len, T.Length);
return(Output);
}