public void Init(BigInteger n, BigInteger d, byte[] message) { this.n = n; Arrays.Fill(V, 1); Arrays.Fill(K, 0); byte[] array = new byte[(n.BitLength + 7) / 8]; byte[] array2 = BigIntegers.AsUnsignedByteArray(d); Array.Copy(array2, 0, array, array.Length - array2.Length, array2.Length); byte[] array3 = new byte[(n.BitLength + 7) / 8]; BigInteger bigInteger = BitsToInt(message); if (bigInteger.CompareTo(n) >= 0) { bigInteger = bigInteger.Subtract(n); } byte[] array4 = BigIntegers.AsUnsignedByteArray(bigInteger); Array.Copy(array4, 0, array3, array3.Length - array4.Length, array4.Length); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.Update(0); hMac.BlockUpdate(array, 0, array.Length); hMac.BlockUpdate(array3, 0, array3.Length); hMac.DoFinal(K, 0); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); hMac.BlockUpdate(V, 0, V.Length); hMac.Update(1); hMac.BlockUpdate(array, 0, array.Length); hMac.BlockUpdate(array3, 0, array3.Length); hMac.DoFinal(K, 0); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); }
public void Init(BigInteger n, BigInteger d, byte[] message) { this.n = n; Arrays.Fill(V, (byte)0x01); Arrays.Fill(K, (byte)0); int size = BigIntegers.GetUnsignedByteLength(n); byte[] x = new byte[size]; byte[] dVal = BigIntegers.AsUnsignedByteArray(d); Array.Copy(dVal, 0, x, x.Length - dVal.Length, dVal.Length); byte[] m = new byte[size]; BigInteger mInt = BitsToInt(message); if (mInt.CompareTo(n) >= 0) { mInt = mInt.Subtract(n); } byte[] mVal = BigIntegers.AsUnsignedByteArray(mInt); Array.Copy(mVal, 0, m, m.Length - mVal.Length, mVal.Length); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.Update((byte)0x00); hMac.BlockUpdate(x, 0, x.Length); hMac.BlockUpdate(m, 0, m.Length); hMac.DoFinal(K, 0); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); hMac.BlockUpdate(V, 0, V.Length); hMac.Update((byte)0x01); hMac.BlockUpdate(x, 0, x.Length); hMac.BlockUpdate(m, 0, m.Length); hMac.DoFinal(K, 0); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); }
public virtual byte[] CalculateMacConstantTime(ContentType type, byte[] message, int offset, int len, int fullLength, byte[] dummyData) { // Actual MAC only calculated on 'len' bytes byte[] result = CalculateMac(type, message, offset, len); //bool isTls = context.ServerVersion.FullVersion >= ProtocolVersion.TLSv10.FullVersion; bool isTls = true; // ...but ensure a constant number of complete digest blocks are processed (per 'fullLength') if (isTls) { // TODO Currently all TLS digests use a block size of 64, a suffix (length field) of 8, and padding (1+) int db = 64, ds = 8; int L1 = 13 + fullLength; int L2 = 13 + len; // How many extra full blocks do we need to calculate? int extra = ((L1 + ds) / db) - ((L2 + ds) / db); while (--extra >= 0) { mac.BlockUpdate(dummyData, 0, db); } // One more byte in case the implementation is "lazy" about processing blocks mac.Update(dummyData[0]); mac.Reset(); } return(result); }
private static byte[] HKDF(byte[] secret, byte[] salt, byte[] info, int cbit, IDigest digest) { // Now start doing HKDF // Perform the Extract phase HMac mac = new HMac(digest); int hashLength = digest.GetDigestSize(); int c = ((cbit + 7) / 8 + hashLength - 1) / hashLength; if (salt == null) { salt = new byte[0]; } KeyParameter key = new KeyParameter(salt); mac.Init(key); mac.BlockUpdate(secret, 0, secret.Length); byte[] rgbExtract = new byte[hashLength]; mac.DoFinal(rgbExtract, 0); // Now do the Expand Phase byte[] rgbOut = new byte[cbit / 8]; byte[] rgbT = new byte[hashLength * c]; mac = new HMac(digest); key = new KeyParameter(rgbExtract); mac.Init(key); byte[] rgbLast = new byte[0]; byte[] rgbHash2 = new byte[hashLength]; for (int i = 0; i < c; i++) { mac.Reset(); mac.BlockUpdate(rgbLast, 0, rgbLast.Length); mac.BlockUpdate(info, 0, info.Length); mac.Update((byte)(i + 1)); rgbLast = rgbHash2; mac.DoFinal(rgbLast, 0); Array.Copy(rgbLast, 0, rgbT, i * hashLength, hashLength); } Array.Copy(rgbT, 0, rgbOut, 0, cbit / 8); return(rgbOut); }
/** * Performs the expand part of the key derivation function, using currentT * as input and output buffer. * * @throws DataLengthException if the total number of bytes generated is larger than the one * specified by RFC 5869 (255 * HashLen) */ private void ExpandNext() { int n = _generatedBytes / _hashLen + 1; if (n >= 256) { throw new DataLengthException( "HKDF cannot generate more than 255 blocks of HashLen size"); } // special case for T(0): T(0) is empty, so no update if (_generatedBytes != 0) { _hMacHash.BlockUpdate(_currentT, 0, _hashLen); } _hMacHash.BlockUpdate(_info, 0, _info.Length); _hMacHash.Update((byte)n); _hMacHash.DoFinal(_currentT, 0); }