public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
macBlock = null;
KeyParameter keyParameter;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
nonce = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 32 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
macSize = num / 8;
keyParameter = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
nonce = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
int num2 = (!forEncryption) ? (16 + macSize) : 16;
bufBlock = new byte[num2];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (keyParameter != null)
{
cipher.Init(forEncryption: true, keyParameter);
H = new byte[16];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
exp = null;
}
else if (H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
J0 = new byte[16];
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
J0[15] = 1;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] array = new byte[16];
Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array, 8);
gHASHBlock(J0, array);
}
S = new byte[16];
S_at = new byte[16];
S_atPre = new byte[16];
atBlock = new byte[16];
atBlockPos = 0;
atLength = 0uL;
atLengthPre = 0uL;
counter = Arrays.Clone(J0);
bufOff = 0;
totalLength = 0uL;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
{
if (!mechanism.EndsWith("DES-CBC") & !mechanism.EndsWith("DESEDE-CBC"))
{
return(parameters);
}
if (parameters is ParametersWithIV)
{
ParametersWithIV ivParams = (ParametersWithIV)parameters;
return(new ParametersWithIV(FixDesParity(mechanism, ivParams.Parameters), ivParams.GetIV()));
}
KeyParameter kParam = (KeyParameter)parameters;
byte[] keyBytes = kParam.GetKey();
DesParameters.SetOddParity(keyBytes);
return(new KeyParameter(keyBytes));
}
/// <remarks>
/// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
/// Sizes less than 96 are not recommended, but are supported for specialized applications.
/// </remarks>
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParam;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
initialAssociatedText = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
// TODO Restrict macSize to 16 if nonce length not 12?
// Cipher always used in forward mode
// if keyParam is null we're reusing the last key.
if (keyParam != null)
{
cipher.Init(true, keyParam);
this.H = new byte[BlockSize];
cipher.ProcessBlock(H, 0, H, 0);
// if keyParam is null we're reusing the last key and the multiplier doesn't need re-init
multiplier.Init(H);
exp = null;
}
else if (this.H == null)
{
throw new ArgumentException("Key must be specified in initial init");
}
this.J0 = new byte[BlockSize];
if (nonce.Length == 12)
{
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[BlockSize - 1] = 0x01;
}
else
{
gHASH(J0, nonce, nonce.Length);
byte[] X = new byte[BlockSize];
Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8);
gHASHBlock(J0, X);
}
this.S = new byte[BlockSize];
this.S_at = new byte[BlockSize];
this.S_atPre = new byte[BlockSize];
this.atBlock = new byte[BlockSize];
this.atBlockPos = 0;
this.atLength = 0;
this.atLengthPre = 0;
this.counter = Arrays.Clone(J0);
this.bufOff = 0;
this.totalLength = 0;
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
{
if (!Platform.EndsWith(mechanism, "DES-CBC") && !Platform.EndsWith(mechanism, "DESEDE-CBC"))
{
return(parameters);
}
if (parameters is ParametersWithIV)
{
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
return(new ParametersWithIV(FixDesParity(mechanism, parametersWithIV.Parameters), parametersWithIV.GetIV()));
}
KeyParameter keyParameter = (KeyParameter)parameters;
byte[] key = keyParameter.GetKey();
DesParameters.SetOddParity(key);
return(new KeyParameter(key));
}
public bool ProcessFile(string sourcePath, string destDir, bool respectFileNameInMeta = true)
{
string destPath = null;
try
{
FileItem fi = new FileItem(sourcePath);
using (CloudSyncFile cloudSyncFile = new CloudSyncFile(fi, _handlerFactory))
{
cloudSyncFile.InitParsing();
FileMeta3 fileMeta = cloudSyncFile.GetFileMeta();
//Generate session key and make sure it matches the file
byte[] sessionKeyComputed =
CryptoUtils.RsaOaepDeciper(fileMeta.EncKey2, this._cloudSyncKey.KeyPair.Private);
string sessionKeyHashStrComputed = CryptoUtils.SaltedMd5(
fileMeta.SessionKeyHash.Substring(0, 10), sessionKeyComputed);
if (!fileMeta.SessionKeyHash.Equals(sessionKeyHashStrComputed))
{
throw new InvalidDataException($"File {fi.Name}, Computed session key is incorrect.");
}
//decrypt content
byte[] sessionKeyBytes = BytesUtils.HexStringToByteArray(
Encoding.ASCII.GetString(sessionKeyComputed));
ParametersWithIV keys =
CryptoUtils.DeriveAESKeyParameters(sessionKeyBytes, null);
AesCbcCryptor decryptor =
new AesCbcCryptor(((KeyParameter)keys.Parameters).GetKey(), keys.GetIV());
destPath = Path.Join(destDir,
respectFileNameInMeta ? fileMeta.FileName : Path.GetFileName(sourcePath));
using (var hasher = MD5.Create())
{
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
aes.Mode = CipherMode.CBC;
aes.Key = ((KeyParameter)keys.Parameters).GetKey();
aes.IV = keys.GetIV();
//Stopwatch stopwatch = new Stopwatch();
//stopwatch.Start();
//byte[] buffer = new byte[1024 * 1024];
long bytesRead = 0;
ICryptoTransform decoder = aes.CreateDecryptor();
using (CloudSyncPayloadStream cspls =
new CloudSyncPayloadStream(cloudSyncFile.GetDataBlocks(decryptor)))
using (CryptoStream aesStream = new CryptoStream(cspls, decoder, CryptoStreamMode.Read))
using (LZ4DecoderStream lz4ds = LZ4Stream.Decode(aesStream))
using (FileStream writeFs = new FileStream(destPath, FileMode.OpenOrCreate,
FileAccess.ReadWrite, FileShare.ReadWrite, 1024 * 1024))
using (CryptoStream md5HashStream =
new CryptoStream(writeFs, hasher, CryptoStreamMode.Write))
{
lz4ds.CopyTo(md5HashStream, 1024 * 1024);
// int read;
// while ((read = md5HashStream.Read(buffer, 0, buffer.Length)) > 0)
// {
// //do nothing
// bytesRead += read;
// long elapsed = stopwatch.ElapsedMilliseconds;
// if (elapsed > 1000)
// {
// double readInM = (double) bytesRead / 1024.0 / 1024.0/elapsed*1000.0;
// bytesRead = 0;
// Console.WriteLine($"Speed:{readInM} M/s");
// stopwatch.Reset();
// stopwatch.Start();
// }
// }
}
//stopwatch.Stop();
if (!cloudSyncFile.VerifyContentHash(hasher.Hash))
{
throw new InvalidDataException("File Md5 doesn't match.");
}
}
}
return(true);
}
}
catch (Exception ex)
{
if (File.Exists(destPath))
{
File.Delete(destPath);
}
this._exceptionHandler.Handle(ex);
}
return(false);
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
KeyParameter initKeyParam;
byte[] initNonce;
ICipherParameters chacha20Params;
if (parameters is AeadParameters)
{
AeadParameters aeadParams = (AeadParameters)parameters;
int macSizeBits = aeadParams.MacSize;
if ((MacSize * 8) != macSizeBits)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
initKeyParam = aeadParams.Key;
initNonce = aeadParams.GetNonce();
chacha20Params = new ParametersWithIV(initKeyParam, initNonce);
this.mInitialAad = aeadParams.GetAssociatedText();
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV ivParams = (ParametersWithIV)parameters;
initKeyParam = (KeyParameter)ivParams.Parameters;
initNonce = ivParams.GetIV();
chacha20Params = ivParams;
this.mInitialAad = null;
}
else
{
throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305", "parameters");
}
// Validate key
if (null == initKeyParam)
{
if (State.Uninitialized == mState)
{
throw new ArgumentException("Key must be specified in initial init");
}
}
else
{
if (KeySize != initKeyParam.GetKey().Length)
{
throw new ArgumentException("Key must be 256 bits");
}
}
// Validate nonce
if (null == initNonce || NonceSize != initNonce.Length)
{
throw new ArgumentException("Nonce must be 96 bits");
}
// Check for encryption with reused nonce
if (State.Uninitialized != mState && forEncryption && Arrays.AreEqual(mNonce, initNonce))
{
if (null == initKeyParam || Arrays.AreEqual(mKey, initKeyParam.GetKey()))
{
throw new ArgumentException("cannot reuse nonce for ChaCha20Poly1305 encryption");
}
}
if (null != initKeyParam)
{
Array.Copy(initKeyParam.GetKey(), 0, mKey, 0, KeySize);
}
Array.Copy(initNonce, 0, mNonce, 0, NonceSize);
mChacha20.Init(true, chacha20Params);
this.mState = forEncryption ? State.EncInit : State.DecInit;
Reset(true, false);
}
private IBlockCipherBuilder <ParametersWithIV> DoCreateBlockCipherBuilder(bool forEncryption, ParametersWithIV parameters)
{
IBufferedCipher cipher = ProviderUtils.CreateBufferedCipher("FipsAES", parameters.Algorithm.Mode, parameters, forEncryption, aesEngineProvider);
cipher.Init(forEncryption, new Internal.Parameters.ParametersWithIV(null, parameters.GetIV()));
return(new BlockCipherBuilderImpl <ParametersWithIV>(forEncryption, parameters, cipher));
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macSize = 16; // TODO Make configurable?
this.macBlock = null;
// TODO If macSize limitation is removed, be very careful about bufBlock
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
A = param.GetAssociatedText();
// macSize = param.getMacSize() / 8;
if (param.MacSize != 128)
{
// TODO Make configurable?
throw new ArgumentException("only 128-bit MAC supported currently");
}
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
A = null;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (A == null)
{
// Avoid lots of null checks
A = new byte[0];
}
// Cipher always used in forward mode
cipher.Init(true, keyParam);
// TODO This should be configurable by Init parameters
// (but must be 16 if nonce length not 12) (BlockSize?)
// this.tagLength = 16;
byte[] h = new byte[BlockSize];
cipher.ProcessBlock(Zeroes, 0, h, 0);
//trace("H: " + new string(Hex.encode(h)));
this.H = new BigInteger(1, h);
this.initS = gHASH(A, false);
if (nonce.Length == 12)
{
this.J0 = new byte[16];
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[15] = 0x01;
}
else
{
BigInteger N = gHASH(nonce, true);
BigInteger X = BigInteger.ValueOf(nonce.Length * 8);
//trace("len({})||len(IV): " + dumpBigInt(X));
N = multiply(N.Xor(X), H);
//trace("GHASH(H,{},IV): " + dumpBigInt(N));
this.J0 = asBlock(N);
}
this.S = initS;
this.counter = Arrays.Clone(J0);
//trace("Y" + yCount + ": " + new string(Hex.encode(counter)));
this.bufOff = 0;
this.totalLength = 0;
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
bool oldForEncryption = this.forEncryption;
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParameter;
byte[] N;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
N = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int macSizeBits = aeadParameters.MacSize;
if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParameter = aeadParameters.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
N = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to OCB");
}
this.hashBlock = new byte[16];
this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];
if (N == null)
{
N = new byte[0];
}
if (N.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
/*
* KEY-DEPENDENT INITIALISATION
*/
if (keyParameter != null)
{
// hashCipher always used in forward mode
hashCipher.Init(true, keyParameter);
mainCipher.Init(forEncryption, keyParameter);
KtopInput = null;
}
else if (oldForEncryption != forEncryption)
{
throw new ArgumentException("cannot change encrypting state without providing key.");
}
this.L_Asterisk = new byte[16];
hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);
this.L_Dollar = OCB_double(L_Asterisk);
this.L = Platform.CreateArrayList();
this.L.Add(OCB_double(L_Dollar));
/*
* NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
*/
int bottom = ProcessNonce(N);
int bits = bottom % 8, bytes = bottom / 8;
if (bits == 0)
{
Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
}
else
{
for (int i = 0; i < 16; ++i)
{
uint b1 = Stretch[bytes];
uint b2 = Stretch[++bytes];
this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
}
}
this.hashBlockPos = 0;
this.mainBlockPos = 0;
this.hashBlockCount = 0;
this.mainBlockCount = 0;
this.OffsetHASH = new byte[16];
this.Sum = new byte[16];
Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16);
this.Checksum = new byte[16];
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
KeyParameter keyParameter;
byte[] N;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
N = aeadParameters.GetNonce();
initialAssociatedText = aeadParameters.GetAssociatedText();
int macSizeBits = aeadParameters.MacSize;
if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParameter = aeadParameters.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
N = parametersWithIV.GetIV();
initialAssociatedText = null;
macSize = 16;
keyParameter = (KeyParameter)parametersWithIV.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to OCB");
}
this.hashBlock = new byte[16];
this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];
if (N == null)
{
N = new byte[0];
}
if (N.Length > 15)
{
throw new ArgumentException("IV must be no more than 15 bytes");
}
/*
* KEY-DEPENDENT INITIALISATION
*/
// if keyParam is null we're reusing the last key.
if (keyParameter != null)
{
// TODO
}
// hashCipher always used in forward mode
hashCipher.Init(true, keyParameter);
mainCipher.Init(forEncryption, keyParameter);
this.L_Asterisk = new byte[16];
hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);
this.L_Dollar = OCB_double(L_Asterisk);
this.L = Platform.CreateArrayList();
this.L.Add(OCB_double(L_Dollar));
/*
* NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
*/
byte[] nonce = new byte[16];
Array.Copy(N, 0, nonce, nonce.Length - N.Length, N.Length);
nonce[0] = (byte)(macSize << 4);
nonce[15 - N.Length] |= 1;
int bottom = nonce[15] & 0x3F;
byte[] Ktop = new byte[16];
nonce[15] &= 0xC0;
hashCipher.ProcessBlock(nonce, 0, Ktop, 0);
byte[] Stretch = new byte[24];
Array.Copy(Ktop, 0, Stretch, 0, 16);
for (int i = 0; i < 8; ++i)
{
Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]);
}
this.OffsetMAIN_0 = new byte[16];
int bits = bottom % 8, bytes = bottom / 8;
if (bits == 0)
{
Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
}
else
{
for (int i = 0; i < 16; ++i)
{
uint b1 = Stretch[bytes];
uint b2 = Stretch[++bytes];
this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
}
}
this.hashBlockPos = 0;
this.mainBlockPos = 0;
this.hashBlockCount = 0;
this.mainBlockCount = 0;
this.OffsetHASH = new byte[16];
this.Sum = new byte[16];
this.OffsetMAIN = Arrays.Clone(this.OffsetMAIN_0);
this.Checksum = new byte[16];
if (initialAssociatedText != null)
{
ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
}
}
public virtual void Init(
bool forEncryption,
ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = null;
if (parameters is AeadParameters)
{
AeadParameters param = (AeadParameters)parameters;
nonce = param.GetNonce();
A = param.GetAssociatedText();
int macSizeBits = param.MacSize;
if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.Key;
}
else if (parameters is ParametersWithIV)
{
ParametersWithIV param = (ParametersWithIV)parameters;
nonce = param.GetIV();
A = null;
macSize = 16;
keyParam = (KeyParameter)param.Parameters;
}
else
{
throw new ArgumentException("invalid parameters passed to GCM");
}
int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);
this.bufBlock = new byte[bufLength];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (A == null)
{
// Avoid lots of null checks
A = new byte[0];
}
// Cipher always used in forward mode
cipher.Init(true, keyParam);
// TODO This should be configurable by Init parameters
// (but must be 16 if nonce length not 12) (BlockSize?)
// this.tagLength = 16;
this.H = new byte[BlockSize];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
this.initS = gHASH(A);
if (nonce.Length == 12)
{
this.J0 = new byte[16];
Array.Copy(nonce, 0, J0, 0, nonce.Length);
this.J0[15] = 0x01;
}
else
{
this.J0 = gHASH(nonce);
byte[] X = new byte[16];
packLength((ulong)nonce.Length * 8UL, X, 8);
GcmUtilities.Xor(this.J0, X);
multiplier.MultiplyH(this.J0);
}
this.S = Arrays.Clone(initS);
this.counter = Arrays.Clone(J0);
this.bufOff = 0;
this.totalLength = 0;
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
this.macBlock = (byte[])null;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
this.nonce = aeadParameters.GetNonce();
this.A = aeadParameters.GetAssociatedText();
int macSize = aeadParameters.MacSize;
if (macSize < 96 || macSize > 128 || macSize % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + (object)macSize);
}
this.macSize = macSize / 8;
this.keyParam = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV parametersWithIv = (ParametersWithIV)parameters;
this.nonce = parametersWithIv.GetIV();
this.A = (byte[])null;
this.macSize = 16;
this.keyParam = (KeyParameter)parametersWithIv.Parameters;
}
this.bufBlock = new byte[forEncryption ? 16 : 16 + this.macSize];
if (this.nonce == null || this.nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (this.A == null)
{
this.A = new byte[0];
}
this.cipher.Init(true, (ICipherParameters)this.keyParam);
this.H = new byte[16];
this.cipher.ProcessBlock(this.H, 0, this.H, 0);
this.multiplier.Init(this.H);
this.initS = this.gHASH(this.A);
if (this.nonce.Length == 12)
{
this.J0 = new byte[16];
Array.Copy((Array)this.nonce, 0, (Array)this.J0, 0, this.nonce.Length);
this.J0[15] = (byte)1;
}
else
{
this.J0 = this.gHASH(this.nonce);
byte[] numArray = new byte[16];
GcmBlockCipher.packLength((ulong)this.nonce.Length * 8UL, numArray, 8);
GcmUtilities.Xor(this.J0, numArray);
this.multiplier.MultiplyH(this.J0);
}
this.S = Arrays.Clone(this.initS);
this.counter = Arrays.Clone(this.J0);
this.bufOff = 0;
this.totalLength = 0UL;
}
private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
{
if (!BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DES-CBC") && !BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DESEDE-CBC"))
{
return(parameters);
}
if (parameters is ParametersWithIV)
{
ParametersWithIV ivParams = (ParametersWithIV)parameters;
return(new ParametersWithIV(FixDesParity(mechanism, ivParams.Parameters), ivParams.GetIV()));
}
KeyParameter kParam = (KeyParameter)parameters;
byte[] keyBytes = kParam.GetKey();
DesParameters.SetOddParity(keyBytes);
return(new KeyParameter(keyBytes));
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
this.forEncryption = forEncryption;
macBlock = null;
if (parameters is AeadParameters)
{
AeadParameters aeadParameters = (AeadParameters)parameters;
nonce = aeadParameters.GetNonce();
A = aeadParameters.GetAssociatedText();
int num = aeadParameters.MacSize;
if (num < 96 || num > 128 || num % 8 != 0)
{
throw new ArgumentException("Invalid value for MAC size: " + num);
}
macSize = num / 8;
keyParam = aeadParameters.Key;
}
else
{
if (!(parameters is ParametersWithIV))
{
throw new ArgumentException("invalid parameters passed to GCM");
}
ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
nonce = parametersWithIV.GetIV();
A = null;
macSize = 16;
keyParam = (KeyParameter)parametersWithIV.Parameters;
}
int num2 = forEncryption ? 16 : (16 + macSize);
bufBlock = new byte[num2];
if (nonce == null || nonce.Length < 1)
{
throw new ArgumentException("IV must be at least 1 byte");
}
if (A == null)
{
A = new byte[0];
}
cipher.Init(forEncryption: true, keyParam);
H = new byte[16];
cipher.ProcessBlock(H, 0, H, 0);
multiplier.Init(H);
initS = gHASH(A);
if (nonce.Length == 12)
{
J0 = new byte[16];
Array.Copy(nonce, 0, J0, 0, nonce.Length);
J0[15] = 1;
}
else
{
J0 = gHASH(nonce);
byte[] array = new byte[16];
packLength((ulong)((long)nonce.Length * 8L), array, 8);
GcmUtilities.Xor(J0, array);
multiplier.MultiplyH(J0);
}
S = Arrays.Clone(initS);
counter = Arrays.Clone(J0);
bufOff = 0;
totalLength = 0uL;
}
public byte[][] DeriveKeyAndIV(TargetKeyType keyType, int keySizeInBytes, int ivSizeInBytes)
{
CryptoServicesRegistrar.ApprovedModeCheck(approvedOnlyMode, "PasswordBasedDeriver");
if (approvedOnlyMode)
{
if (keySizeInBytes < 14)
{
throw new CryptoUnapprovedOperationError("keySizeInBytes must be at least 14");
}
}
if (keyType == TargetKeyType.MAC)
{
ParametersWithIV paramWithIv = (ParametersWithIV)generator.GenerateDerivedMacParameters(keySizeInBytes * 8, ivSizeInBytes * 8);
return(new byte[][] { ((KeyParameter)paramWithIv.Parameters).GetKey(), paramWithIv.GetIV() });
}
else
{
ParametersWithIV paramWithIv = (ParametersWithIV)generator.GenerateDerivedParameters(keySizeInBytes * 8, ivSizeInBytes * 8);
return(new byte[][] { ((KeyParameter)paramWithIv.Parameters).GetKey(), paramWithIv.GetIV() });
}
}
public void Init(ICipherParameters parameters)
{
if (parameters is ParametersWithIV)
{
ParametersWithIV p = (ParametersWithIV)parameters;
aeadCipher.Init(true, new AeadParameters((KeyParameter)p.Parameters, macLenInBits, p.GetIV()));
}
else
{
throw new ArgumentException("AEAD cipher based MAC needs nonce/IV");
}
}