/// <exception cref="IOException"></exception> public Chacha20Poly1305(TlsContext context) { if (!TlsUtilities.IsTlsV12(context)) throw new TlsFatalAlert(AlertDescription.internal_error); this.context = context; byte[] key_block = TlsUtilities.CalculateKeyBlock(context, 64); KeyParameter client_write_key = new KeyParameter(key_block, 0, 32); KeyParameter server_write_key = new KeyParameter(key_block, 32, 32); this.encryptCipher = new ChaChaEngine(20); this.decryptCipher = new ChaChaEngine(20); KeyParameter encryptKey, decryptKey; if (context.IsServer) { encryptKey = server_write_key; decryptKey = client_write_key; } else { encryptKey = client_write_key; decryptKey = server_write_key; } byte[] dummyNonce = new byte[8]; this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, dummyNonce)); this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, dummyNonce)); }
protected override void GenerateKeyStream(byte[] output) { ChaChaEngine.ChachaCore(rounds, engineState, x); Pack.UInt32_To_LE(x, output, 0); }
public byte[] Cloak() { Encode (); byte[] outData = new byte[FullPacket.Length + 8]; // Get our nonce Random rnd = new Random (); byte[] nonce = new byte[8]; rnd.NextBytes (nonce); // We can't have a leading 0 byte if (nonce [0] == 0) { nonce [0] = 1; } var parms = new ParametersWithIV(new KeyParameter(cloakKey), nonce); var chacha = new ChaChaEngine(20); chacha.Init(true, parms); chacha.ProcessBytes (FullPacket, 0, FullPacket.Length, outData, 8); Buffer.BlockCopy (nonce, 0, outData, 0, 8); return outData; }
/// <summary> /// Decloak the given buffer and return the valid Packet from it /// </summary> /// <param name="buffer">A cloaked packet buffer.</param> static public Packet Decloak(byte[] buffer) { if (buffer.Length < 8 || buffer [0] == 0) { return Packet.DecodePacket (buffer); } byte[] nonce = buffer.Take (8).ToArray (); var parms = new ParametersWithIV(new KeyParameter(cloakKey), nonce); var chacha = new ChaChaEngine(20); chacha.Init(false, parms); byte[] outBuff = new byte[buffer.Length - 8]; chacha.ProcessBytes(buffer, 8, buffer.Length - 8, outBuff, 0); return Decloak (outBuff); }
protected virtual KeyParameter InitRecordMac(ChaChaEngine cipher, bool forEncryption, long seqNo) { byte[] nonce = new byte[8]; TlsUtilities.WriteUint64(seqNo, nonce, 0); cipher.Init(forEncryption, new ParametersWithIV(null, nonce)); byte[] firstBlock = new byte[64]; cipher.ProcessBytes(firstBlock, 0, firstBlock.Length, firstBlock, 0); // NOTE: The BC implementation puts 'r' after 'k' Array.Copy(firstBlock, 0, firstBlock, 32, 16); KeyParameter macKey = new KeyParameter(firstBlock, 16, 32); Poly1305KeyGenerator.Clamp(macKey.GetKey()); return macKey; }
private void reinitBug() { KeyParameter key = new KeyParameter(Hex.Decode("80000000000000000000000000000000")); ParametersWithIV parameters = new ParametersWithIV(key, Hex.Decode("0000000000000000")); IStreamCipher chacha = new ChaChaEngine(); chacha.Init(true, parameters); try { chacha.Init(true, key); Fail("ChaCha should throw exception if no IV in Init"); } catch (ArgumentException) { } }
private void chachaTest2( ICipherParameters parameters, string v0, string v65472, string v65536) { IStreamCipher salsa = new ChaChaEngine(); byte[] buf = new byte[64]; salsa.Init(true, parameters); for (int i = 0; i != 1025; i++) { salsa.ProcessBytes(zeroes, 0, 64, buf, 0); switch (i) { case 0: if (!AreEqual(buf, Hex.Decode(v0))) { mismatch("v0", v0, buf); } break; case 1023: if (!AreEqual(buf, Hex.Decode(v65472))) { mismatch("v65472", v65472, buf); } break; case 1024: if (!AreEqual(buf, Hex.Decode(v65536))) { mismatch("v65536", v65536, buf); } break; default: // ignore break; } } }
private void chachaTest1( int rounds, ICipherParameters parameters, string v0, string v192, string v256, string v448) { IStreamCipher salsa = new ChaChaEngine(rounds); byte[] buf = new byte[64]; salsa.Init(true, parameters); for (int i = 0; i != 7; i++) { salsa.ProcessBytes(zeroes, 0, 64, buf, 0); switch (i) { case 0: if (!AreEqual(buf, Hex.Decode(v0))) { mismatch("v0/" + rounds, v0, buf); } break; case 3: if (!AreEqual(buf, Hex.Decode(v192))) { mismatch("v192/" + rounds, v192, buf); } break; case 4: if (!AreEqual(buf, Hex.Decode(v256))) { mismatch("v256/" + rounds, v256, buf); } break; default: // ignore break; } } for (int i = 0; i != 64; i++) { buf[i] = salsa.ReturnByte(zeroes[i]); } if (!AreEqual(buf, Hex.Decode(v448))) { mismatch("v448", v448, buf); } }