/// <summary> /// Method that implements EME-OAEP decoding /// </summary> /// <param name="EM"> /// Message to be decoded. An octet string of length k /// </param> /// <param name="label"> /// Optional label to be associated with the message; the /// default value for L, if L is not provided, is the empty string. /// </param> /// <param name="k"> /// Size of public key modulus in octets /// </param> /// <param name="hash"> /// Hash function (hLen denotes the length in octets of /// the hash function output) /// </param> /// <returns> /// Decoded message, octet string of length mLen /// </returns> /// <exception cref="DecryptionErrorException"> /// Method can throw exception /// </exception> public byte[] EME_OAEP_Decoding(byte[] EM, byte[] label, int k, HashAlgorithm hash) { int hLen = hash.HashSize / 8; byte[] lHash = hash.ComputeHash(label); if (EM[0] != 0x00) { throw new DecryptionErrorException("Decryption error!"); } byte[] maskedSeed = new byte[hLen]; byte[] maskedDB = new byte[k - hLen - 1]; System.Buffer.BlockCopy(EM, 1, maskedSeed, 0, maskedSeed.Length); System.Buffer.BlockCopy(EM, 1 + maskedSeed.Length, maskedDB, 0, maskedDB.Length); byte[] seedMask = mgf.MGF1(maskedDB, hLen, hash); byte[] seed = ByteArraysUtils.XorBytes(maskedSeed, seedMask); byte[] dbMask = mgf.MGF1(seed, k - hLen - 1, hash); byte[] DB = ByteArraysUtils.XorBytes(maskedDB, dbMask); byte[] lHash_dash = new byte[hLen]; System.Buffer.BlockCopy(DB, 0, lHash_dash, 0, hLen); if (!lHash.SequenceEqual(lHash_dash)) { throw new DecryptionErrorException("Decryption error!"); } int i = Array.FindIndex(DB, hLen, el => el == 0x01); if (i == -1) { throw new DecryptionErrorException("Decryption error!"); } byte[] M = new byte[DB.Length - 1 - i]; System.Buffer.BlockCopy(DB, i + 1, M, 0, M.Length); return(M); }
public void XorBytes() { byte[] arg1 = { 97, 29, 31, 55, 17, 0, 129 }; byte[] arg2 = { 12, 33, 14, 40, 199, 244, 87 }; byte[] xor = ByteArraysUtils.XorBytes(arg1, arg2); byte[] actual = ByteArraysUtils.XorBytes(xor, arg2); CollectionAssert.AreEqual(arg1, actual); }
/// <summary> /// Method that implements EME-OAEP encoding. /// </summary> /// <param name="message"> /// Message to be encoded, an octet string of length mLen, where mLen <= k - 2hLen - 2 /// </param> /// <param name="label"> /// Optional label to be associated with the message; the /// default value for L, if L is not provided, is the empty string. /// </param> /// <param name="k"> /// Size of public key modulus in octets /// </param> /// <param name="hash"> /// Hash function (hLen denotes the length in octets of /// the hash function output) /// </param> /// <returns> /// Encoded message of k length /// </returns> public byte[] EME_OAEP_Encoding(byte[] message, byte[] label, int k, HashAlgorithm hash) { int hLen = hash.HashSize / 8; byte[] lHash = hash.ComputeHash(label); byte[] PS = new byte[k - message.Length - 2 * hLen - 2]; byte[] DB = new byte[k - hLen - 1]; System.Buffer.BlockCopy(lHash, 0, DB, 0, lHash.Length); System.Buffer.BlockCopy(PS, 0, DB, lHash.Length, PS.Length); DB[lHash.Length + PS.Length] = 0x01; System.Buffer.BlockCopy(message, 0, DB, lHash.Length + PS.Length + 1, message.Length); byte[] seed = ByteArraysUtils.GetRandomOctets(RNGCryptoServiceProvider.Create(), hLen); byte[] dbMask = mgf.MGF1(seed, k - hLen - 1, hash); byte[] maskedDB = ByteArraysUtils.XorBytes(DB, dbMask); byte[] seedMask = mgf.MGF1(maskedDB, hLen, hash); byte[] maskedSeed = ByteArraysUtils.XorBytes(seed, seedMask); byte[] EM = new byte[k]; System.Buffer.SetByte(EM, 0, 0x00); System.Buffer.BlockCopy(maskedSeed, 0, EM, 1, maskedSeed.Length); System.Buffer.BlockCopy(maskedDB, 0, EM, maskedSeed.Length + 1, maskedDB.Length); return(EM); }
public byte[] EMSA_PSS_Encoding(byte[] M, int k, int sLen) { int hLen = hash.HashSize; int emLen = k / 8; var mHash = hash.ComputeHash(M); if (emLen < hLen + sLen + 2) { throw new EncodingException(); } byte[] salt = ByteArraysUtils.GetRandomOctets(RNGCryptoServiceProvider.Create(), sLen); var M_dash = ByteArraysUtils.Concat(new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, ByteArraysUtils.Concat(mHash, salt)); var H = hash.ComputeHash(M_dash); var PS = new byte[emLen - sLen - hLen - 2]; var DB = ByteArraysUtils.Concat(ByteArraysUtils.Concat(PS, new byte[] { 0x01 }), salt); var dbMask = mgf.MGF1(H, emLen - hLen - 1, hash); var maskedDB = ByteArraysUtils.XorBytes(DB, dbMask); maskedDB[0] &= (byte)(0xFF >> (8 * emLen - k)); var EM = ByteArraysUtils.Concat(ByteArraysUtils.Concat(maskedDB, H), new byte[] { 0xbc }); return(EM); }