private void RunTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
string testName,
byte[] K,
byte[] IV,
byte[] A,
byte[] SA,
byte[] P,
byte[] C,
byte[] T)
{
AeadParameters parameters = new AeadParameters(new KeyParameter(K), T.Length * 8, IV, A);
GcmBlockCipher encCipher = InitCipher(encM, true, parameters);
GcmBlockCipher decCipher = InitCipher(decM, false, parameters);
CheckTestCase(encCipher, decCipher, testName, SA, P, C, T);
encCipher = InitCipher(encM, true, parameters);
CheckTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T);
// Key reuse
AeadParameters keyReuseParams = AeadTestUtilities.ReuseKey(parameters);
try
{
encCipher.Init(true, keyReuseParams);
Fail("no exception");
}
catch (ArgumentException e)
{
IsTrue("wrong message", "cannot reuse nonce for GCM encryption".Equals(e.Message));
}
}
private void RandomTests(SecureRandom srng, IGcmMultiplier m)
{
for (int i = 0; i < 10; ++i)
{
RandomTest(srng, m);
}
}
private void runTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
string testName,
byte[] K,
byte[] IV,
byte[] A,
byte[] SA,
byte[] P,
byte[] C,
byte[] T)
{
AeadParameters parameters = new AeadParameters(new KeyParameter(K), T.Length * 8, IV, A);
GcmBlockCipher encCipher = initCipher(encM, true, parameters);
GcmBlockCipher decCipher = initCipher(decM, false, parameters);
checkTestCase(encCipher, decCipher, testName, SA, P, C, T);
checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T);
// Key reuse
AeadParameters keyReuseParams = new AeadParameters(null, parameters.MacSize, parameters.GetNonce(), parameters.GetAssociatedText());
encCipher.Init(true, keyReuseParams);
decCipher.Init(false, keyReuseParams);
checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T);
checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T);
}
private GcmBlockCipher InitCipher(
IGcmMultiplier m,
bool forEncryption,
AeadParameters parameters)
{
GcmBlockCipher c = new GcmBlockCipher(CreateAesEngine(), m);
c.Init(forEncryption, parameters);
return(c);
}
// Token: 0x0600027E RID: 638 RVA: 0x00026300 File Offset: 0x00024500
public GcmBlockCipher(IBlockCipher c, IGcmMultiplier m)
{
if (c.GetBlockSize() != 16)
{
throw new ArgumentException(Strings.Get(107395085) + 16.ToString() + Strings.Get(107395576));
}
if (m == null)
{
m = new Tables8kGcmMultiplier();
}
this.cipher = c;
this.multiplier = m;
}
// Token: 0x060000DC RID: 220 RVA: 0x00007C2C File Offset: 0x00005E2C
public GcmBlockCipher(IBlockCipher c, IGcmMultiplier m)
{
if (c.GetBlockSize() != 16)
{
throw new ArgumentException("cipher required with a block size of " + 16 + ".");
}
if (m == null)
{
m = new Tables8kGcmMultiplier();
}
this.cipher = c;
this.multiplier = m;
}
public GcmBlockCipher(IBlockCipher c, IGcmMultiplier m)
{
//IL_0026: Unknown result type (might be due to invalid IL or missing references)
if (c.GetBlockSize() != 16)
{
throw new ArgumentException(string.Concat((object)"cipher required with a block size of ", (object)16, (object)"."));
}
if (m == null)
{
m = new Tables8kGcmMultiplier();
}
cipher = c;
multiplier = m;
}
private void runTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
AeadParameters parameters,
string testName,
byte[] P,
byte[] C,
byte[] T)
{
GcmBlockCipher encCipher = initCipher(encM, true, parameters);
GcmBlockCipher decCipher = initCipher(decM, false, parameters);
checkTestCase(encCipher, decCipher, testName, P, C, T);
checkTestCase(encCipher, decCipher, testName + " (reused)", P, C, T);
}
// Token: 0x06000067 RID: 103 RVA: 0x00007EC4 File Offset: 0x000060C4
public GcmBlockCipher(IBlockCipher c, IGcmMultiplier m)
{
Class40.gcO0h7LzslQIW();
base..ctor();
if (c.GetBlockSize() != 16)
{
throw new ArgumentException("cipher required with a block size of " + 16.ToString() + ".");
}
if (m == null)
{
m = new Tables8kGcmMultiplier();
}
this.iblockCipher_0 = c;
this.igcmMultiplier_0 = m;
}
/**
* Constructor.
* @param pCipher the underlying cipher
* @param pMultiplier the multiplier
*/
public GcmSivBlockCipher(IBlockCipher pCipher, IGcmMultiplier pMultiplier)
{
/* Ensure that the cipher is the correct size */
if (pCipher.GetBlockSize() != BUFLEN)
{
throw new ArgumentException("Cipher required with a block size of " + BUFLEN + ".");
}
/* Store parameters */
theCipher = pCipher;
theMultiplier = pMultiplier;
/* Create the hashers */
theAEADHasher = new GcmSivHasher(this);
theDataHasher = new GcmSivHasher(this);
}
public GcmBlockCipher(
IBlockCipher c,
IGcmMultiplier m)
{
if (c.GetBlockSize() != BlockSize)
throw new ArgumentException("cipher required with a block size of " + BlockSize + ".");
if (m == null)
{
// TODO Consider a static property specifying default multiplier
m = new Tables8kGcmMultiplier();
}
this.cipher = c;
this.multiplier = m;
}
public GcmBlockCipher(
IBlockCipher c,
IGcmMultiplier m)
{
if (c.GetBlockSize() != BlockSize)
throw new ArgumentException("cipher required with a block size of " + BlockSize + ".");
if (m == null)
{
// TODO Consider a static property specifying default multiplier
m = new Tables8kGcmMultiplier();
}
this.cipher = c;
this.multiplier = m;
}
private void RunTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
string testName,
byte[] K,
byte[] IV,
byte[] A,
byte[] P,
byte[] C,
byte[] T)
{
byte[] fa = new byte[A.Length / 2];
byte[] la = new byte[A.Length - (A.Length / 2)];
Array.Copy(A, 0, fa, 0, fa.Length);
Array.Copy(A, fa.Length, la, 0, la.Length);
RunTestCase(encM, decM, testName + " all initial associated data", K, IV, A, null, P, C, T);
RunTestCase(encM, decM, testName + " all subsequent associated data", K, IV, null, A, P, C, T);
RunTestCase(encM, decM, testName + " split associated data", K, IV, fa, la, P, C, T);
}
private void randomTest(
SecureRandom srng,
IGcmMultiplier m)
{
int kLength = 16 + 8 * srng.Next(3);
byte[] K = new byte[kLength];
srng.NextBytes(K);
int pLength = srng.Next(1024);
byte[] P = new byte[pLength];
srng.NextBytes(P);
int aLength = srng.Next(1024);
byte[] A = new byte[aLength];
srng.NextBytes(A);
int ivLength = 1 + srng.Next(1024);
byte[] IV = new byte[ivLength];
srng.NextBytes(IV);
GcmBlockCipher cipher = new GcmBlockCipher(new AesFastEngine(), m);
AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A);
cipher.Init(true, parameters);
byte[] C = new byte[cipher.GetOutputSize(P.Length)];
int len = cipher.ProcessBytes(P, 0, P.Length, C, 0);
len += cipher.DoFinal(C, len);
if (C.Length != len)
{
// Console.WriteLine("" + C.Length + "/" + len);
Fail("encryption reported incorrect length in randomised test");
}
byte[] encT = cipher.GetMac();
byte[] tail = new byte[C.Length - P.Length];
Array.Copy(C, P.Length, tail, 0, tail.Length);
if (!AreEqual(encT, tail))
{
Fail("stream contained wrong mac in randomised test");
}
cipher.Init(false, parameters);
byte[] decP = new byte[cipher.GetOutputSize(C.Length)];
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
byte[] decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
}
private GcmBlockCipher initCipher(
IGcmMultiplier m,
bool forEncryption,
AeadParameters parameters)
{
GcmBlockCipher c = new GcmBlockCipher(new AesFastEngine(), m);
c.Init(forEncryption, parameters);
return c;
}
private void runTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
AeadParameters parameters,
string testName,
byte[] P,
byte[] C,
byte[] T)
{
GcmBlockCipher encCipher = initCipher(encM, true, parameters);
GcmBlockCipher decCipher = initCipher(decM, false, parameters);
checkTestCase(encCipher, decCipher, testName, P, C, T);
checkTestCase(encCipher, decCipher, testName + " (reused)", P, C, T);
}
private void RunTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
string testName,
byte[] K,
byte[] IV,
byte[] A,
byte[] P,
byte[] C,
byte[] T)
{
byte[] fa = new byte[A.Length / 2];
byte[] la = new byte[A.Length - (A.Length / 2)];
Array.Copy(A, 0, fa, 0, fa.Length);
Array.Copy(A, fa.Length, la, 0, la.Length);
RunTestCase(encM, decM, testName + " all initial associated data", K, IV, A, null, P, C, T);
RunTestCase(encM, decM, testName + " all subsequent associated data", K, IV, null, A, P, C, T);
RunTestCase(encM, decM, testName + " split associated data", K, IV, fa, la, P, C, T);
}
private void RunTestCase(
IGcmMultiplier encM,
IGcmMultiplier decM,
string testName,
byte[] K,
byte[] IV,
byte[] A,
byte[] SA,
byte[] P,
byte[] C,
byte[] T)
{
AeadParameters parameters = new AeadParameters(new KeyParameter(K), T.Length * 8, IV, A);
GcmBlockCipher encCipher = InitCipher(encM, true, parameters);
GcmBlockCipher decCipher = InitCipher(decM, false, parameters);
CheckTestCase(encCipher, decCipher, testName, SA, P, C, T);
CheckTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T);
// Key reuse
AeadParameters keyReuseParams = AeadTestUtilities.ReuseKey(parameters);
encCipher.Init(true, keyReuseParams);
decCipher.Init(false, keyReuseParams);
CheckTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T);
}
private void RandomTests(SecureRandom srng, IGcmMultiplier m)
{
for (int i = 0; i < 10; ++i)
{
RandomTest(srng, m);
}
}
private void RandomTest(SecureRandom srng, IGcmMultiplier m)
{
int kLength = 16 + 8 * srng.Next(3);
byte[] K = new byte[kLength];
srng.NextBytes(K);
int pLength = srng.Next(65536);
byte[] P = new byte[pLength];
srng.NextBytes(P);
int aLength = srng.Next(256);
byte[] A = new byte[aLength];
srng.NextBytes(A);
int saLength = srng.Next(256);
byte[] SA = new byte[saLength];
srng.NextBytes(SA);
int ivLength = 1 + srng.Next(256);
byte[] IV = new byte[ivLength];
srng.NextBytes(IV);
AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A);
GcmBlockCipher cipher = InitCipher(m, true, parameters);
byte[] C = new byte[cipher.GetOutputSize(P.Length)];
int predicted = cipher.GetUpdateOutputSize(P.Length);
int split = srng.Next(SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
int len = cipher.ProcessBytes(P, 0, P.Length, C, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
if (predicted != len)
{
Fail("encryption reported incorrect update length in randomised test");
}
len += cipher.DoFinal(C, len);
if (C.Length != len)
{
Fail("encryption reported incorrect length in randomised test");
}
byte[] encT = cipher.GetMac();
byte[] tail = new byte[C.Length - P.Length];
Array.Copy(C, P.Length, tail, 0, tail.Length);
if (!AreEqual(encT, tail))
{
Fail("stream contained wrong mac in randomised test");
}
cipher.Init(false, parameters);
byte[] decP = new byte[cipher.GetOutputSize(C.Length)];
predicted = cipher.GetUpdateOutputSize(C.Length);
split = srng.Next(SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
if (predicted != len)
{
Fail("decryption reported incorrect update length in randomised test");
}
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
byte[] decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
//
// key reuse test
//
cipher.Init(false, AeadTestUtilities.ReuseKey(parameters));
decP = new byte[cipher.GetOutputSize(C.Length)];
split = NextInt(srng, SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
}
private void RandomTest(SecureRandom srng, IGcmMultiplier m)
{
int kLength = 16 + 8 * srng.Next(3);
byte[] K = new byte[kLength];
srng.NextBytes(K);
int pLength = srng.Next(65536);
byte[] P = new byte[pLength];
srng.NextBytes(P);
int aLength = srng.Next(256);
byte[] A = new byte[aLength];
srng.NextBytes(A);
int saLength = srng.Next(256);
byte[] SA = new byte[saLength];
srng.NextBytes(SA);
int ivLength = 1 + srng.Next(256);
byte[] IV = new byte[ivLength];
srng.NextBytes(IV);
AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A);
GcmBlockCipher cipher = InitCipher(m, true, parameters);
byte[] C = new byte[cipher.GetOutputSize(P.Length)];
int predicted = cipher.GetUpdateOutputSize(P.Length);
int split = srng.Next(SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
int len = cipher.ProcessBytes(P, 0, P.Length, C, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
if (predicted != len)
{
Fail("encryption reported incorrect update length in randomised test");
}
len += cipher.DoFinal(C, len);
if (C.Length != len)
{
Fail("encryption reported incorrect length in randomised test");
}
byte[] encT = cipher.GetMac();
byte[] tail = new byte[C.Length - P.Length];
Array.Copy(C, P.Length, tail, 0, tail.Length);
if (!AreEqual(encT, tail))
{
Fail("stream contained wrong mac in randomised test");
}
cipher.Init(false, parameters);
byte[] decP = new byte[cipher.GetOutputSize(C.Length)];
predicted = cipher.GetUpdateOutputSize(C.Length);
split = srng.Next(SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
if (predicted != len)
{
Fail("decryption reported incorrect update length in randomised test");
}
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
byte[] decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
//
// key reuse test
//
cipher.Init(false, AeadTestUtilities.ReuseKey(parameters));
decP = new byte[cipher.GetOutputSize(C.Length)];
split = NextInt(srng, SA.Length + 1);
cipher.ProcessAadBytes(SA, 0, split);
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
cipher.ProcessAadBytes(SA, split, SA.Length - split);
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
}
private void randomTest(
SecureRandom srng,
IGcmMultiplier m)
{
int kLength = 16 + 8 * srng.Next(3);
byte[] K = new byte[kLength];
srng.NextBytes(K);
int pLength = srng.Next(1024);
byte[] P = new byte[pLength];
srng.NextBytes(P);
int aLength = srng.Next(1024);
byte[] A = new byte[aLength];
srng.NextBytes(A);
int ivLength = 1 + srng.Next(1024);
byte[] IV = new byte[ivLength];
srng.NextBytes(IV);
GcmBlockCipher cipher = new GcmBlockCipher(new AesFastEngine(), m);
AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A);
cipher.Init(true, parameters);
byte[] C = new byte[cipher.GetOutputSize(P.Length)];
int len = cipher.ProcessBytes(P, 0, P.Length, C, 0);
len += cipher.DoFinal(C, len);
if (C.Length != len)
{
// Console.WriteLine("" + C.Length + "/" + len);
Fail("encryption reported incorrect length in randomised test");
}
byte[] encT = cipher.GetMac();
byte[] tail = new byte[C.Length - P.Length];
Array.Copy(C, P.Length, tail, 0, tail.Length);
if (!AreEqual(encT, tail))
{
Fail("stream contained wrong mac in randomised test");
}
cipher.Init(false, parameters);
byte[] decP = new byte[cipher.GetOutputSize(C.Length)];
len = cipher.ProcessBytes(C, 0, C.Length, decP, 0);
len += cipher.DoFinal(decP, len);
if (!AreEqual(P, decP))
{
Fail("incorrect decrypt in randomised test");
}
byte[] decT = cipher.GetMac();
if (!AreEqual(encT, decT))
{
Fail("decryption produced different mac from encryption");
}
}
