public static ConstantTimeEqual ( Array x, Array y ) : bool | ||
x | Array | |
y | Array | |
리턴 | bool |
}// Decrypt() public static byte[] Decrypt(byte[] masterKey, ArraySegment<byte> ciphertext, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < Cipher.AesConstants.AES_BLOCK_SIZE) return null; try { Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertext.Array, ciphertext.Offset, CONTEXT_BUFFER_LENGTH), derivedOutput: _sessionKey.Value.AsArraySegment(), counter: counter); Utils.BlockCopy(_sessionKey.Value, 0, _macKey.Value, 0, MAC_KEY_LENGTH); using (var hmac = _hmacFactory()) { hmac.Key = _macKey.Value; hmac.TransformBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, AES_IV_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertext.Array, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertext.Array, ciphertext.Offset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) return null; }// using hmac Utils.BlockCopy(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, _iv.Value, 0, AES_IV_LENGTH); Utils.BlockCopy(_sessionKey.Value, MAC_KEY_LENGTH, _encKey.Value, 0, ENC_KEY_LENGTH); using (var aes = _aesFactory()) { EtM_CBC.ValidateAes(aes); using (var aesDecryptor = aes.CreateDecryptor(_encKey.Value, _iv.Value)) { return aesDecryptor.TransformFinalBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_BUFFER_LENGTH, cipherLength); }// using aesDecryptor }// using aes } finally { EtM_CBC.ClearKeyMaterial(); } }// Decrypt()
}// Encrypt() public static void Decrypt(byte[] masterKey, ArraySegment<byte> ciphertext, ref ArraySegment<byte>? outputSegment, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < 0) { outputSegment = null; return; } try { Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertext.Array, ciphertext.Offset, CONTEXT_TWEAK_LENGTH), derivedOutput: new ArraySegment<byte>(_sessionKey.Value), counter: counter); Utils.BlockCopy(_sessionKey.Value, 0, _macKey.Value, 0, MAC_KEY_LENGTH); using (var hmac = _hmacFactory()) { hmac.Key = _macKey.Value; hmac.TransformBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, NONCE_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertext.Array, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertext.Array, ciphertext.Offset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) { outputSegment = null; return; }; }// using hmac if (outputSegment == null) outputSegment = (new byte[cipherLength]).AsNullableArraySegment(); Utils.BlockCopy(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, _counterBuffer.Value, 0, NONCE_LENGTH); Utils.BlockCopy(_sessionKey.Value, MAC_KEY_LENGTH, _encKey.Value, 0, ENC_KEY_LENGTH); using (var ctrTransform = new Cipher.AesCtrCryptoTransform(key: _encKey.Value, counterBufferSegment: _counterBuffer.Value.AsArraySegment(), aesFactory: _aesFactory)) { ctrTransform.TransformBlock(inputBuffer: ciphertext.Array, inputOffset: ciphertext.Offset + CONTEXT_BUFFER_LENGTH, inputCount: cipherLength, outputBuffer: outputSegment.GetValueOrDefault().Array, outputOffset: outputSegment.GetValueOrDefault().Offset); }// using aesDecryptor } finally { EtM_CTR.ClearKeyMaterial(); } }// Decrypt()
}// Decrypt() public static bool Authenticate(byte[] masterKey, ArraySegment<byte> ciphertext, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < 0) return false; var encKey = new byte[ENC_KEY_LENGTH]; var macKey = new byte[MAC_KEY_LENGTH]; var sessionKey = new byte[HMAC_LENGTH]; try { var ciphertextArray = ciphertext.Array; var ciphertextOffset = ciphertext.Offset; Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertextArray, ciphertextOffset, CONTEXT_TWEAK_LENGTH), derivedOutput: sessionKey.AsArraySegment(), counter: counter); //Utils.BlockCopy(sessionKey, 0, macKey, 0, MAC_KEY_LENGTH); for (int i = 0; i < macKey.Length; ++i) macKey[i] = sessionKey[i]; using (var hmac = _hmacFactory()) { hmac.Key = macKey; hmac.TransformBlock(ciphertextArray, ciphertextOffset + CONTEXT_TWEAK_LENGTH, NONCE_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertextArray, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertextArray, ciphertextOffset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) return false; }// using hmac return true; } finally { EtM_CTR.ClearKeyMaterial(encKey, macKey, sessionKey); } }// Authenticate()
}// Encrypt() public static void Decrypt(byte[] masterKey, ArraySegment<byte> ciphertext, ref ArraySegment<byte>? outputSegment, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < Cipher.AesConstants.AES_BLOCK_SIZE) { outputSegment = null; return; } int fullBlockLength = cipherLength - AES_IV_LENGTH; byte[] finalBlock = null; try { var iv = _iv.Value; var encKey = _encKey.Value; var macKey = _macKey.Value; var sessionKey = _sessionKey.Value; Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertext.Array, ciphertext.Offset, CONTEXT_BUFFER_LENGTH), derivedOutput: sessionKey.AsArraySegment(), counter: counter); Utils.BlockCopy(sessionKey, 0, macKey, 0, MAC_KEY_LENGTH); using (var hmac = _hmacFactory()) { hmac.Key = macKey; hmac.TransformBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, AES_IV_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertext.Array, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertext.Array, ciphertext.Offset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) { outputSegment = null; return; }; }// using hmac Utils.BlockCopy(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, iv, 0, AES_IV_LENGTH); Utils.BlockCopy(sessionKey, MAC_KEY_LENGTH, encKey, 0, ENC_KEY_LENGTH); using (var aes = _aesFactory()) { EtM_CBC.ValidateAes(aes); using (var aesDecryptor = aes.CreateDecryptor(encKey, iv)) { int fullBlockTransformed = 0; if (fullBlockLength > 0) fullBlockTransformed = aesDecryptor.TransformBlock(inputBuffer: ciphertext.Array, inputOffset: ciphertext.Offset + CONTEXT_BUFFER_LENGTH, inputCount: fullBlockLength, outputBuffer: outputSegment.Value.Array, outputOffset: outputSegment.Value.Offset); finalBlock = aesDecryptor.TransformFinalBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_BUFFER_LENGTH + fullBlockLength, cipherLength - fullBlockLength); Utils.BlockCopy(finalBlock, 0, outputSegment.Value.Array, outputSegment.Value.Offset + fullBlockTransformed, finalBlock.Length); outputSegment = new ArraySegment<byte>?(new ArraySegment<byte>(outputSegment.Value.Array, outputSegment.Value.Offset, fullBlockTransformed + finalBlock.Length)); }// using aesDecryptor }// using aes } finally { EtM_CBC.ClearKeyMaterial(); if (finalBlock != null) Array.Clear(finalBlock, 0, finalBlock.Length); } }// Decrypt()
}// Encrypt() public static void Decrypt(byte[] masterKey, ArraySegment<byte> ciphertext, ref ArraySegment<byte>? outputSegment, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < 0) { outputSegment = null; return; } var counterBuffer = new byte[Cipher.AesConstants.AES_BLOCK_SIZE]; var encKey = new byte[ENC_KEY_LENGTH]; var macKey = new byte[MAC_KEY_LENGTH]; var sessionKey = new byte[HMAC_LENGTH]; try { var ciphertextArray = ciphertext.Array; var ciphertextOffset = ciphertext.Offset; Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertextArray, ciphertextOffset, CONTEXT_TWEAK_LENGTH), derivedOutput: sessionKey.AsArraySegment(), counter: counter); //Utils.BlockCopy(sessionKey, 0, macKey, 0, MAC_KEY_LENGTH); for (int i = 0; i < macKey.Length; ++i) macKey[i] = sessionKey[i]; using (var hmac = _hmacFactory()) { hmac.Key = macKey; hmac.TransformBlock(ciphertextArray, ciphertextOffset + CONTEXT_TWEAK_LENGTH, NONCE_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertextArray, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertextArray, ciphertextOffset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) { outputSegment = null; return; }; }// using hmac if (outputSegment == null) outputSegment = (new byte[cipherLength]).AsNullableArraySegment(); //Utils.BlockCopy(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, counterBuffer, 0, NONCE_LENGTH); for (int i = 0; i < NONCE_LENGTH; ++i) counterBuffer[i] = ciphertextArray[ciphertextOffset + CONTEXT_TWEAK_LENGTH + i]; //Utils.BlockCopy(sessionKey, MAC_KEY_LENGTH, encKey, 0, ENC_KEY_LENGTH); for (int i = 0; i < encKey.Length; ++i) encKey[i] = sessionKey[MAC_KEY_LENGTH + i]; using (var ctrTransform = new Cipher.AesCtrCryptoTransform(key: encKey, counterBufferSegment: counterBuffer.AsArraySegment(), aesFactory: _aesFactory)) { ctrTransform.TransformBlock(inputBuffer: ciphertextArray, inputOffset: ciphertextOffset + CONTEXT_BUFFER_LENGTH, inputCount: cipherLength, outputBuffer: outputSegment.GetValueOrDefault().Array, outputOffset: outputSegment.GetValueOrDefault().Offset); }// using aesDecryptor } finally { EtM_CTR.ClearKeyMaterial(encKey, macKey, sessionKey); } }// Decrypt()
}// Decrypt() public static bool Authenticate(byte[] masterKey, ArraySegment<byte> ciphertext, ArraySegment<byte>? salt = null, uint counter = 1) { int cipherLength = ciphertext.Count - CONTEXT_BUFFER_LENGTH - MAC_LENGTH; if (cipherLength < 0) return false; try { Kdf.SP800_108_Ctr.DeriveKey(hmacFactory: _hmacFactory, key: masterKey, label: salt, context: new ArraySegment<byte>(ciphertext.Array, ciphertext.Offset, CONTEXT_TWEAK_LENGTH), derivedOutput: _sessionKey.Value.AsArraySegment(), counter: counter); Utils.BlockCopy(_sessionKey.Value, 0, _macKey.Value, 0, MAC_KEY_LENGTH); using (var hmac = _hmacFactory()) { hmac.Key = _macKey.Value; hmac.TransformBlock(ciphertext.Array, ciphertext.Offset + CONTEXT_TWEAK_LENGTH, NONCE_LENGTH + cipherLength, null, 0); hmac.TransformFinalBlock(ciphertext.Array, 0, 0); var fullmacActual = hmac.HashInner; if (!Utils.ConstantTimeEqual(fullmacActual, 0, ciphertext.Array, ciphertext.Offset + ciphertext.Count - MAC_LENGTH, MAC_LENGTH)) return false; }// using hmac return true; } finally { EtM_CTR.ClearKeyMaterial(); } }// Authenticate()