| public Init ( bool forEncryption, ICipherParameters parameters ) : void | ||
| forEncryption | bool | |
| parameters | ICipherParameters | |
| return | void | |
private SicBlockCipher CreateDecryptor(string key)
{
SicBlockCipher decryptor = new SicBlockCipher(aes);
decryptor.Init(false, new ParametersWithIV(new KeyParameter(DecodeKey(key)), new byte[aes.GetBlockSize()]));
return decryptor;
}
public Packet MessageEncrypt(ICipherSetRemoteInfo remoteInfo, Packet inner)
{
CS1ARemoteInfo ri = (CS1ARemoteInfo)remoteInfo;
var agreedValue = ECDHAgree (ri.RemotePublicKey, ri.EphemeralKeys.PrivateKey);
// Hash the agreed key
var hashedValue = Helpers.SHA256Hash (Helpers.ToByteArray(agreedValue, 20));
// Fold to get the actual key for AES
byte[] aesKey = Helpers.Fold (hashedValue);
Random rnd = new Random ();
// Setup and encrypt the actual data
byte[] aesIV = new byte[16];
rnd.NextBytes (aesIV);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (aesKey), aesIV);
cipher.Init (true, parameters);
var encryptedInner = new byte[inner.FullPacket.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (inner.FullPacket, encryptedInner, 0);
bufferCipher.DoFinal (encryptedInner, offset);
// Construct the packet minus the hmac
Packet outPacket = new Packet ();
outPacket.Body = new byte[29 + encryptedInner.Length];
Buffer.BlockCopy (ri.EphemeralKeys.PublicKey, 0, outPacket.Body, 0, ri.EphemeralKeys.PublicKey.Length);
Buffer.BlockCopy (aesIV, 0, outPacket.Body, 21, 4);
Buffer.BlockCopy (encryptedInner, 0, outPacket.Body, 25, encryptedInner.Length);
// ECDH for the hmac key using
var idAgreedValue = ECDHAgree (ri.RemotePublicKey, Key.PrivateKey);
// Mash on the IV for the compound key
byte[] macKey = new byte[24];
byte[] idAgreedValueArray = Helpers.ToByteArray(idAgreedValue, 20);
Buffer.BlockCopy(idAgreedValueArray, 0, macKey, 0, idAgreedValueArray.Length);
Buffer.BlockCopy(aesIV, 0, macKey, idAgreedValueArray.Length, 4);
// Actually hmac all the data now
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (macKey, 0, 24));
hmac.BlockUpdate(outPacket.Body, 0, 25 + encryptedInner.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
// Fold it up, shove it in and we're done
var foldedMac = Helpers.Fold(mac, 3);
Buffer.BlockCopy(foldedMac, 0, outPacket.Body, 25 + encryptedInner.Length, foldedMac.Length);
return outPacket;
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
byte[] nonce;
ICipherParameters keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = mac.GetMacSize() / 2;
keyParam = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to EAX");
}
byte[] tag = new byte[blockSize];
// Key reuse implemented in CBC mode of underlying CMac
mac.Init(keyParam);
tag[blockSize - 1] = (byte)Tag.N;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(nonce, 0, nonce.Length);
mac.DoFinal(nonceMac, 0);
tag[blockSize - 1] = (byte)Tag.H;
mac.BlockUpdate(tag, 0, blockSize);
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
// Same BlockCipher underlies this and the mac, so reuse last key on cipher
cipher.Init(true, new ParametersWithIV(null, nonceMac));
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
byte[] nonce, associatedText;
ICipherParameters keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
associatedText = param.GetAssociatedText();
macSize = param.MacSize / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
associatedText = new byte[0];
macSize = mac.GetMacSize() / 2;
keyParam = param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to EAX");
}
byte[] tag = new byte[blockSize];
mac.Init(keyParam);
tag[blockSize - 1] = (byte)Tag.H;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(associatedText, 0, associatedText.Length);
mac.DoFinal(associatedTextMac, 0);
tag[blockSize - 1] = (byte)Tag.N;
mac.BlockUpdate(tag, 0, blockSize);
mac.BlockUpdate(nonce, 0, nonce.Length);
mac.DoFinal(nonceMac, 0);
tag[blockSize - 1] = (byte)Tag.C;
mac.BlockUpdate(tag, 0, blockSize);
cipher.Init(true, new ParametersWithIV(keyParam, nonceMac));
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
//IL_007e: Unknown result type (might be due to invalid IL or missing references)
this.forEncryption = forEncryption;
byte[] array;
ICipherParameters parameters2;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
array = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
macSize = aeadParameters.MacSize / 8;
parameters2 = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to EAX");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
array = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = mac.GetMacSize() / 2;
parameters2 = parametersWithIV.Parameters;
}
bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)];
byte[] array2 = new byte[blockSize];
mac.Init(parameters2);
array2[blockSize - 1] = 0;
mac.BlockUpdate(array2, 0, blockSize);
mac.BlockUpdate(array, 0, array.Length);
mac.DoFinal(nonceMac, 0);
cipher.Init(forEncryption: true, new ParametersWithIV(null, nonceMac));
Reset();
}
/**
* Process a packet of data for either CCM decryption or encryption.
*
* @param in data for processing.
* @param inOff offset at which data starts in the input array.
* @param inLen length of the data in the input array.
* @param output output array.
* @param outOff offset into output array to start putting processed bytes.
* @return the number of bytes added to output.
* @throws IllegalStateException if the cipher is not appropriately set up.
* @throws InvalidCipherTextException if the input data is truncated or the mac check fails.
* @throws DataLengthException if output buffer too short.
*/
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
throw new InvalidOperationException("CCM cipher unitialized.");
int n = nonce.Length;
int q = 15 - n;
if (q < 4)
{
int limitLen = 1 << (8 * q);
if (inLen >= limitLen)
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
byte[] iv = new byte[BlockSize];
iv[0] = (byte)((q - 1) & 0x7);
nonce.CopyTo(iv, 1);
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
int outputLen;
int inIndex = inOff;
int outIndex = outOff;
if (forEncryption)
{
outputLen = inLen + macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (inIndex < (inOff + inLen - BlockSize)) // S1...
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, inLen + inOff - inIndex);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, inLen + inOff - inIndex);
Array.Copy(macBlock, 0, output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
throw new InvalidCipherTextException("data too short");
outputLen = inLen - macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
Array.Copy(input, inOff + outputLen, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (inIndex < (inOff + outputLen - BlockSize))
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, outputLen - (inIndex - inOff));
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, outputLen - (inIndex - inOff));
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, outOff, outputLen, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
throw new InvalidCipherTextException("mac check in CCM failed");
}
return outputLen;
}
/**
* Process a packet of data for either CCM decryption or encryption.
*
* @param in data for processing.
* @param inOff offset at which data starts in the input array.
* @param inLen length of the data in the input array.
* @param output output array.
* @param outOff offset into output array to start putting processed bytes.
* @return the number of bytes added to output.
* @throws IllegalStateException if the cipher is not appropriately set up.
* @throws InvalidCipherTextException if the input data is truncated or the mac check fails.
* @throws DataLengthException if output buffer too short.
*/
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int n = nonce.Length;
int q = 15 - n;
if (q < 4)
{
int limitLen = 1 << (8 * q);
if (inLen >= limitLen)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] iv = new byte[BlockSize];
iv[0] = (byte)((q - 1) & 0x7);
nonce.CopyTo(iv, 1);
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
int outputLen;
int inIndex = inOff;
int outIndex = outOff;
if (forEncryption)
{
outputLen = inLen + macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (inIndex < (inOff + inLen - BlockSize)) // S1...
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, inLen + inOff - inIndex);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, inLen + inOff - inIndex);
Array.Copy(macBlock, 0, output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
{
throw new InvalidCipherTextException("data too short");
}
outputLen = inLen - macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
Array.Copy(input, inOff + outputLen, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (inIndex < (inOff + outputLen - BlockSize))
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, outputLen - (inIndex - inOff));
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, outputLen - (inIndex - inOff));
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, outOff, outputLen, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(outputLen);
}
public byte[] ProcessPacket(
byte[] input,
int inOff,
int inLen)
{
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[BlockSize];
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - BlockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - BlockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(output);
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
if (this.keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int num = this.nonce.Length;
int num2 = 15 - num;
if (num2 < 4)
{
int num3 = 1 << 8 * num2;
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[CcmBlockCipher.BlockSize];
array[0] = (byte)(num2 - 1 & 7);
this.nonce.CopyTo(array, 1);
IBlockCipher blockCipher = new SicBlockCipher(this.cipher);
blockCipher.Init(this.forEncryption, new ParametersWithIV(this.keyParam, array));
int i = inOff;
int num4 = outOff;
int num5;
if (this.forEncryption)
{
num5 = inLen + this.macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
this.calculateMac(input, inOff, inLen, this.macBlock);
blockCipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
while (i < inOff + inLen - CcmBlockCipher.BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += CcmBlockCipher.BlockSize;
i += CcmBlockCipher.BlockSize;
}
byte[] array2 = new byte[CcmBlockCipher.BlockSize];
Array.Copy(input, i, array2, 0, inLen + inOff - i);
blockCipher.ProcessBlock(array2, 0, array2, 0);
Array.Copy(array2, 0, output, num4, inLen + inOff - i);
Array.Copy(this.macBlock, 0, output, outOff + inLen, this.macSize);
}
else
{
if (inLen < this.macSize)
{
throw new InvalidCipherTextException("data too short");
}
num5 = inLen - this.macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
Array.Copy(input, inOff + num5, this.macBlock, 0, this.macSize);
blockCipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
for (int num6 = this.macSize; num6 != this.macBlock.Length; num6++)
{
this.macBlock[num6] = 0;
}
while (i < inOff + num5 - CcmBlockCipher.BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += CcmBlockCipher.BlockSize;
i += CcmBlockCipher.BlockSize;
}
byte[] array3 = new byte[CcmBlockCipher.BlockSize];
Array.Copy(input, i, array3, 0, num5 - (i - inOff));
blockCipher.ProcessBlock(array3, 0, array3, 0);
Array.Copy(array3, 0, output, num4, num5 - (i - inOff));
byte[] b = new byte[CcmBlockCipher.BlockSize];
this.calculateMac(output, outOff, num5, b);
if (!Arrays.ConstantTimeAreEqual(this.macBlock, b))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(num5);
}
public byte[] ProcessPacket(byte[] input, int inOff, int inLen)
{
if (parameters == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[blockSize];
byte[] nonce = parameters.GetNonce();
int macSize = parameters.MacSize / 8;
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(parameters.Key, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - blockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += blockSize;
index += blockSize;
}
byte[] block = new byte[blockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - blockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += blockSize;
index += blockSize;
}
byte[] block = new byte[blockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[blockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!areEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return output;
}
public Packet ChannelDecrypt(ICipherSetRemoteInfo channelInfo, Packet outer)
{
// We gotta have the primary components and something to decrypt
if (outer.Body.Length < 25) {
return null;
}
var ci = (CS1ARemoteInfo)channelInfo;
// Rip apart our packet
byte[] token = outer.Body.Take (16).ToArray ();
byte[] iv = outer.Body.Skip (16).Take (4).ToArray ();
byte[] encryptedData = outer.Body.Skip (20).Take (outer.Body.Length - 24).ToArray ();
byte[] dataMac = outer.Body.Skip (outer.Body.Length - 4).Take (4).ToArray ();
// Make sure we're on the right channel
if (!token.SequenceEqual (ci.Token)) {
return null;
}
// Validate us some hmac
byte[] hmacKey = new byte[20];
Buffer.BlockCopy (ci.DecryptionKey, 0, hmacKey, 0, 16);
Buffer.BlockCopy (iv, 0, hmacKey, 16, 4);
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (hmacKey));
hmac.BlockUpdate(encryptedData, 0, encryptedData.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
var foldedMac = Helpers.Fold (mac, 3);
if (!foldedMac.SequenceEqual (dataMac)) {
// Get out of here with your bad data
return null;
}
// Everything seems ok. Get it decrypted
byte[] aesIV = new byte[16];
Buffer.BlockCopy (iv, 0, aesIV, 0, 4);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (ci.DecryptionKey), aesIV);
cipher.Init (false, parameters);
var decryptedData = new byte[encryptedData.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (encryptedData, decryptedData, 0);
bufferCipher.DoFinal (decryptedData, offset);
// Build a packet and ship it off
return Packet.DecodePacket (decryptedData);
}
public Packet ChannelEncrypt(ICipherSetRemoteInfo channelInfo, Packet inner)
{
var ci = (CS1ARemoteInfo)channelInfo;
// TODO: Validate we don't care about endianess of IV here
// Setup and encrypt the actual data
byte[] aesIV = new byte[16];
Buffer.BlockCopy (BitConverter.GetBytes(ci.IV), 0, aesIV, 0, 4);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (ci.EncryptionKey), aesIV);
cipher.Init (true, parameters);
var encryptedInner = new byte[inner.FullPacket.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (inner.FullPacket, encryptedInner, 0);
bufferCipher.DoFinal (encryptedInner, offset);
// Hmac the output
byte[] hmacKey = new byte[20];
Buffer.BlockCopy (ci.EncryptionKey, 0, hmacKey, 0, 16);
Buffer.BlockCopy (BitConverter.GetBytes(ci.IV), 0, hmacKey, 16, 4);
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (hmacKey));
hmac.BlockUpdate(encryptedInner, 0, encryptedInner.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
var foldedMac = Helpers.Fold (mac, 3);
// Create the outgoing packet
Packet outPacket = new Packet();
outPacket.Body = new byte[encryptedInner.Length + 24];
Buffer.BlockCopy(ci.Token, 0, outPacket.Body, 0, 16);
Buffer.BlockCopy(BitConverter.GetBytes(ci.IV), 0, outPacket.Body, 16, 4);
Buffer.BlockCopy(encryptedInner, 0, outPacket.Body, 20, encryptedInner.Length);
Buffer.BlockCopy(foldedMac, 0, outPacket.Body, outPacket.Body.Length - 4, 4);
// Next IV next packet
++ci.IV;
return outPacket;
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
int num4;
if (this.keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int length = this.nonce.Length;
int num2 = 15 - length;
if (num2 < 4)
{
int num3 = ((int)1) << (8 * num2);
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[BlockSize];
array[0] = (byte)((num2 - 1) & 7);
this.nonce.CopyTo(array, 1);
IBlockCipher cipher = new SicBlockCipher(this.cipher);
cipher.Init(this.forEncryption, new ParametersWithIV(this.keyParam, array));
int num5 = inOff;
int num6 = outOff;
if (this.forEncryption)
{
num4 = inLen + this.macSize;
Check.OutputLength(output, outOff, num4, "Output buffer too short.");
this.CalculateMac(input, inOff, inLen, this.macBlock);
byte[] outBuf = new byte[BlockSize];
cipher.ProcessBlock(this.macBlock, 0, outBuf, 0);
while (num5 < ((inOff + inLen) - BlockSize))
{
cipher.ProcessBlock(input, num5, output, num6);
num6 += BlockSize;
num5 += BlockSize;
}
byte[] buffer3 = new byte[BlockSize];
Array.Copy(input, num5, buffer3, 0, (inLen + inOff) - num5);
cipher.ProcessBlock(buffer3, 0, buffer3, 0);
Array.Copy(buffer3, 0, output, num6, (inLen + inOff) - num5);
Array.Copy(outBuf, 0, output, outOff + inLen, this.macSize);
return(num4);
}
if (inLen < this.macSize)
{
throw new InvalidCipherTextException("data too short");
}
num4 = inLen - this.macSize;
Check.OutputLength(output, outOff, num4, "Output buffer too short.");
Array.Copy(input, inOff + num4, this.macBlock, 0, this.macSize);
cipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
for (int i = this.macSize; i != this.macBlock.Length; i++)
{
this.macBlock[i] = 0;
}
while (num5 < ((inOff + num4) - BlockSize))
{
cipher.ProcessBlock(input, num5, output, num6);
num6 += BlockSize;
num5 += BlockSize;
}
byte[] destinationArray = new byte[BlockSize];
Array.Copy(input, num5, destinationArray, 0, num4 - (num5 - inOff));
cipher.ProcessBlock(destinationArray, 0, destinationArray, 0);
Array.Copy(destinationArray, 0, output, num6, num4 - (num5 - inOff));
byte[] macBlock = new byte[BlockSize];
this.CalculateMac(output, outOff, num4, macBlock);
if (!Arrays.ConstantTimeAreEqual(this.macBlock, macBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
return(num4);
}
public byte[] ProcessPacket(
byte[] input,
int inOff,
int inLen)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
throw new InvalidOperationException("CCM cipher unitialized.");
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[BlockSize];
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - BlockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - BlockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
throw new InvalidCipherTextException("mac check in CCM failed");
}
return output;
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
//IL_000d: Unknown result type (might be due to invalid IL or missing references)
//IL_0037: Unknown result type (might be due to invalid IL or missing references)
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int num = nonce.Length;
int num2 = 15 - num;
if (num2 < 4)
{
int num3 = 1 << 8 * num2;
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[BlockSize];
array[0] = (byte)((uint)(num2 - 1) & 7u);
((global::System.Array)nonce).CopyTo((global::System.Array)array, 1);
IBlockCipher blockCipher = new SicBlockCipher(cipher);
blockCipher.Init(forEncryption, new ParametersWithIV(keyParam, array));
int i = inOff;
int num4 = outOff;
int num5;
if (forEncryption)
{
num5 = inLen + macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
CalculateMac(input, inOff, inLen, macBlock);
byte[] array2 = new byte[BlockSize];
blockCipher.ProcessBlock(macBlock, 0, array2, 0);
for (; i < inOff + inLen - BlockSize; i += BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += BlockSize;
}
byte[] array3 = new byte[BlockSize];
global::System.Array.Copy((global::System.Array)input, i, (global::System.Array)array3, 0, inLen + inOff - i);
blockCipher.ProcessBlock(array3, 0, array3, 0);
global::System.Array.Copy((global::System.Array)array3, 0, (global::System.Array)output, num4, inLen + inOff - i);
global::System.Array.Copy((global::System.Array)array2, 0, (global::System.Array)output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
{
throw new InvalidCipherTextException("data too short");
}
num5 = inLen - macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
global::System.Array.Copy((global::System.Array)input, inOff + num5, (global::System.Array)macBlock, 0, macSize);
blockCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int j = macSize; j != macBlock.Length; j++)
{
macBlock[j] = 0;
}
for (; i < inOff + num5 - BlockSize; i += BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += BlockSize;
}
byte[] array4 = new byte[BlockSize];
global::System.Array.Copy((global::System.Array)input, i, (global::System.Array)array4, 0, num5 - (i - inOff));
blockCipher.ProcessBlock(array4, 0, array4, 0);
global::System.Array.Copy((global::System.Array)array4, 0, (global::System.Array)output, num4, num5 - (i - inOff));
byte[] b = new byte[BlockSize];
CalculateMac(output, outOff, num5, b);
if (!Arrays.ConstantTimeAreEqual(macBlock, b))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(num5);
}
