/// <summary>
/// Set PbmParameters
/// </summary>
/// <param name="parameters">The parameters.</param>
/// <returns>this</returns>
public PKMacBuilder SetParameters(PbmParameter parameters)
{
CheckIterationCountCeiling(parameters.IterationCount.IntValueExact);
this.parameters = parameters;
return(this);
}
/// <summary>
/// Verify a message with password based MAC protection.
/// </summary>
/// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param>
/// <param name="password">the MAC password</param>
/// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns>
/// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception>
public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
{
if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
{
throw new InvalidOperationException("protection algorithm is not mac based");
}
PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
pkMacBuilder.SetParameters(parameter);
IBlockResult result = (IBlockResult)Process(pkMacBuilder.Build(password).CreateCalculator());
return(Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes()));
}
public void TestVerifyBCJavaGeneratedMessage()
{
//
// Test with content generated by BC-JAVA version.
//
ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode(
"305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" +
"ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" +
"6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" +
"01"));
ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode(
"30820155020100300d06092a864886f70d01010105000482013f3082013b02" +
"0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" +
"8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" +
"464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" +
"c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" +
"419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" +
"b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" +
"9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" +
"0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" +
"6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" +
"02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" +
"3fe91d68"));
byte[] ind = Hex.Decode(
"308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" +
"123010310e300c06035504030c055265636970a140303e06092a864886f67d" +
"07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" +
"2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" +
"031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" +
"308201113081bca003020102020601684a515d5b300d06092a864886f70d01" +
"01050500300f310d300b06035504030c0454657374301e170d313930313134" +
"3033303433325a170d3139303432343033303433325a300f310d300b060355" +
"04030c0454657374305c300d06092a864886f70d0101010500034b00304802" +
"4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" +
"365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" +
"f68377450203010001300d06092a864886f70d0101050500034100264b5b76" +
"f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" +
"c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0");
ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind));
PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters);
IsTrue(pkiMsg.Verify(new PKMacBuilder().SetParameters(pbmParameters), "secret".ToCharArray()));
}
private IMacFactory GenCalculator(PbmParameter parameters, char[] password)
{
// From RFC 4211
//
// 1. Generate a random salt value S
//
// 2. Append the salt to the pw. K = pw || salt.
//
// 3. Hash the value of K. K = HASH(K)
//
// 4. Iter = Iter - 1. If Iter is greater than zero. Goto step 3.
//
// 5. Compute an HMAC as documented in [HMAC].
//
// MAC = HASH( K XOR opad, HASH( K XOR ipad, data) )
//
// Where opad and ipad are defined in [HMAC].
byte[] pw = Strings.ToUtf8ByteArray(password);
byte[] salt = parameters.Salt.GetOctets();
byte[] K = new byte[pw.Length + salt.Length];
Array.Copy(pw, 0, K, 0, pw.Length);
Array.Copy(salt, 0, K, pw.Length, salt.Length);
IDigest digest = provider.CreateDigest(parameters.Owf);
int iter = parameters.IterationCount.IntValueExact;
digest.BlockUpdate(K, 0, K.Length);
K = new byte[digest.GetDigestSize()];
digest.DoFinal(K, 0);
while (--iter > 0)
{
digest.BlockUpdate(K, 0, K.Length);
digest.DoFinal(K, 0);
}
byte[] key = K;
return(new PKMacFactory(key, parameters));
}
public PKMacFactory(byte[] key, PbmParameter parameters)
{
this.key = Arrays.Clone(key);
this.parameters = parameters;
}
/**
* Creates a new PKMACValue.
* @param params parameters for password-based MAC
* @param value MAC of the DER-encoded SubjectPublicKeyInfo
*/
public PKMacValue(
PbmParameter pbmParams,
DerBitString macValue)
: this(new AlgorithmIdentifier(CmpObjectIdentifiers.passwordBasedMac, pbmParams), macValue)
{
}
/**
* Creates a new PKMACValue.
* @param params parameters for password-based MAC
* @param value MAC of the DER-encoded SubjectPublicKeyInfo
*/
public PKMacValue(
PbmParameter pbmParams,
DerBitString macValue)
: this(new AlgorithmIdentifier(CmpObjectIdentifiers.passwordBasedMac, pbmParams), macValue)
{
}
