/// <summary> /// Set PbmParameters /// </summary> /// <param name="parameters">The parameters.</param> /// <returns>this</returns> public PKMacBuilder SetParameters(PbmParameter parameters) { CheckIterationCountCeiling(parameters.IterationCount.IntValueExact); this.parameters = parameters; return(this); }
/// <summary> /// Verify a message with password based MAC protection. /// </summary> /// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param> /// <param name="password">the MAC password</param> /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns> /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception> public bool Verify(PKMacBuilder pkMacBuilder, char[] password) { if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) { throw new InvalidOperationException("protection algorithm is not mac based"); } PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters); pkMacBuilder.SetParameters(parameter); IBlockResult result = (IBlockResult)Process(pkMacBuilder.Build(password).CreateCalculator()); return(Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes())); }
public void TestVerifyBCJavaGeneratedMessage() { // // Test with content generated by BC-JAVA version. // ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode( "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" + "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" + "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" + "01")); ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode( "30820155020100300d06092a864886f70d01010105000482013f3082013b02" + "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" + "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" + "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" + "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" + "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" + "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" + "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" + "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" + "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" + "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" + "3fe91d68")); byte[] ind = Hex.Decode( "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" + "123010310e300c06035504030c055265636970a140303e06092a864886f67d" + "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" + "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" + "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" + "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" + "01050500300f310d300b06035504030c0454657374301e170d313930313134" + "3033303433325a170d3139303432343033303433325a300f310d300b060355" + "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" + "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" + "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" + "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" + "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" + "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0"); ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind)); PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters); IsTrue(pkiMsg.Verify(new PKMacBuilder().SetParameters(pbmParameters), "secret".ToCharArray())); }
private IMacFactory GenCalculator(PbmParameter parameters, char[] password) { // From RFC 4211 // // 1. Generate a random salt value S // // 2. Append the salt to the pw. K = pw || salt. // // 3. Hash the value of K. K = HASH(K) // // 4. Iter = Iter - 1. If Iter is greater than zero. Goto step 3. // // 5. Compute an HMAC as documented in [HMAC]. // // MAC = HASH( K XOR opad, HASH( K XOR ipad, data) ) // // Where opad and ipad are defined in [HMAC]. byte[] pw = Strings.ToUtf8ByteArray(password); byte[] salt = parameters.Salt.GetOctets(); byte[] K = new byte[pw.Length + salt.Length]; Array.Copy(pw, 0, K, 0, pw.Length); Array.Copy(salt, 0, K, pw.Length, salt.Length); IDigest digest = provider.CreateDigest(parameters.Owf); int iter = parameters.IterationCount.IntValueExact; digest.BlockUpdate(K, 0, K.Length); K = new byte[digest.GetDigestSize()]; digest.DoFinal(K, 0); while (--iter > 0) { digest.BlockUpdate(K, 0, K.Length); digest.DoFinal(K, 0); } byte[] key = K; return(new PKMacFactory(key, parameters)); }
public PKMacFactory(byte[] key, PbmParameter parameters) { this.key = Arrays.Clone(key); this.parameters = parameters; }
/** * Creates a new PKMACValue. * @param params parameters for password-based MAC * @param value MAC of the DER-encoded SubjectPublicKeyInfo */ public PKMacValue( PbmParameter pbmParams, DerBitString macValue) : this(new AlgorithmIdentifier(CmpObjectIdentifiers.passwordBasedMac, pbmParams), macValue) { }
/** * Creates a new PKMACValue. * @param params parameters for password-based MAC * @param value MAC of the DER-encoded SubjectPublicKeyInfo */ public PKMacValue( PbmParameter pbmParams, DerBitString macValue) : this(new AlgorithmIdentifier(CmpObjectIdentifiers.passwordBasedMac, pbmParams), macValue) { }