public static byte[] GetObsoleteSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded) { var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded); var agreement = new ECDHBasicAgreement(); agreement.Init(localKeyWithPrivate.Private); return agreement.CalculateAgreement(remotePublicKey).ToByteArray(); }
public static byte[] GetSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded) { var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded); var agreement = new ECDHBasicAgreement(); agreement.Init(localKeyWithPrivate.Private); using (var sha = SHA256.Create()) { // CalculateAgreement returns a BigInteger, whose length is variable, and bits are not whitened. // So hash it. return sha.ComputeHash(agreement.CalculateAgreement(remotePublicKey).ToByteArray()); } }
public static IBufferedCipher GetCipher( string algorithm) { if (algorithm == null) throw new ArgumentNullException("algorithm"); algorithm = Platform.ToUpperInvariant(algorithm); { string aliased = (string) algorithms[algorithm]; if (aliased != null) algorithm = aliased; } IBasicAgreement iesAgreement = null; if (algorithm == "IES") { iesAgreement = new DHBasicAgreement(); } else if (algorithm == "ECIES") { iesAgreement = new ECDHBasicAgreement(); } if (iesAgreement != null) { return new BufferedIesCipher( new IesEngine( iesAgreement, new Kdf2BytesGenerator( new Sha1Digest()), new HMac( new Sha1Digest()))); } if (algorithm.StartsWith("PBE")) { if (algorithm.EndsWith("-CBC")) { if (algorithm == "PBEWITHSHA1ANDDES-CBC") { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEngine())); } else if (algorithm == "PBEWITHSHA1ANDRC2-CBC") { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); } else if (Strings.IsOneOf(algorithm, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEdeEngine())); } else if (Strings.IsOneOf(algorithm, "PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC")) { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); } } else if (algorithm.EndsWith("-BC") || algorithm.EndsWith("-OPENSSL")) { if (Strings.IsOneOf(algorithm, "PBEWITHSHAAND128BITAES-CBC-BC", "PBEWITHSHAAND192BITAES-CBC-BC", "PBEWITHSHAAND256BITAES-CBC-BC", "PBEWITHSHA256AND128BITAES-CBC-BC", "PBEWITHSHA256AND192BITAES-CBC-BC", "PBEWITHSHA256AND256BITAES-CBC-BC", "PBEWITHMD5AND128BITAES-CBC-OPENSSL", "PBEWITHMD5AND192BITAES-CBC-OPENSSL", "PBEWITHMD5AND256BITAES-CBC-OPENSSL")) { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new AesFastEngine())); } } } string[] parts = algorithm.Split('/'); IBlockCipher blockCipher = null; IAsymmetricBlockCipher asymBlockCipher = null; IStreamCipher streamCipher = null; string algorithmName = parts[0]; { string aliased = (string)algorithms[algorithmName]; if (aliased != null) algorithmName = aliased; } CipherAlgorithm cipherAlgorithm; try { cipherAlgorithm = (CipherAlgorithm)Enums.GetEnumValue(typeof(CipherAlgorithm), algorithmName); } catch (ArgumentException) { throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } switch (cipherAlgorithm) { case CipherAlgorithm.AES: blockCipher = new AesFastEngine(); break; case CipherAlgorithm.ARC4: streamCipher = new RC4Engine(); break; case CipherAlgorithm.BLOWFISH: blockCipher = new BlowfishEngine(); break; case CipherAlgorithm.CAMELLIA: blockCipher = new CamelliaEngine(); break; case CipherAlgorithm.CAST5: blockCipher = new Cast5Engine(); break; case CipherAlgorithm.CAST6: blockCipher = new Cast6Engine(); break; case CipherAlgorithm.DES: blockCipher = new DesEngine(); break; case CipherAlgorithm.DESEDE: blockCipher = new DesEdeEngine(); break; case CipherAlgorithm.ELGAMAL: asymBlockCipher = new ElGamalEngine(); break; case CipherAlgorithm.GOST28147: blockCipher = new Gost28147Engine(); break; case CipherAlgorithm.HC128: streamCipher = new HC128Engine(); break; case CipherAlgorithm.HC256: streamCipher = new HC256Engine(); break; case CipherAlgorithm.IDEA: blockCipher = new IdeaEngine(); break; case CipherAlgorithm.NOEKEON: blockCipher = new NoekeonEngine(); break; case CipherAlgorithm.PBEWITHSHAAND128BITRC4: case CipherAlgorithm.PBEWITHSHAAND40BITRC4: streamCipher = new RC4Engine(); break; case CipherAlgorithm.RC2: blockCipher = new RC2Engine(); break; case CipherAlgorithm.RC5: blockCipher = new RC532Engine(); break; case CipherAlgorithm.RC5_64: blockCipher = new RC564Engine(); break; case CipherAlgorithm.RC6: blockCipher = new RC6Engine(); break; case CipherAlgorithm.RIJNDAEL: blockCipher = new RijndaelEngine(); break; case CipherAlgorithm.RSA: asymBlockCipher = new RsaBlindedEngine(); break; case CipherAlgorithm.SALSA20: streamCipher = new Salsa20Engine(); break; case CipherAlgorithm.SEED: blockCipher = new SeedEngine(); break; case CipherAlgorithm.SERPENT: blockCipher = new SerpentEngine(); break; case CipherAlgorithm.SKIPJACK: blockCipher = new SkipjackEngine(); break; case CipherAlgorithm.TEA: blockCipher = new TeaEngine(); break; case CipherAlgorithm.TWOFISH: blockCipher = new TwofishEngine(); break; case CipherAlgorithm.VMPC: streamCipher = new VmpcEngine(); break; case CipherAlgorithm.VMPC_KSA3: streamCipher = new VmpcKsa3Engine(); break; case CipherAlgorithm.XTEA: blockCipher = new XteaEngine(); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } if (streamCipher != null) { if (parts.Length > 1) throw new ArgumentException("Modes and paddings not used for stream ciphers"); return new BufferedStreamCipher(streamCipher); } bool cts = false; bool padded = true; IBlockCipherPadding padding = null; IAeadBlockCipher aeadBlockCipher = null; if (parts.Length > 2) { if (streamCipher != null) throw new ArgumentException("Paddings not used for stream ciphers"); string paddingName = parts[2]; CipherPadding cipherPadding; if (paddingName == "") { cipherPadding = CipherPadding.RAW; } else if (paddingName == "X9.23PADDING") { cipherPadding = CipherPadding.X923PADDING; } else { try { cipherPadding = (CipherPadding)Enums.GetEnumValue(typeof(CipherPadding), paddingName); } catch (ArgumentException) { throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } switch (cipherPadding) { case CipherPadding.NOPADDING: padded = false; break; case CipherPadding.RAW: break; case CipherPadding.ISO10126PADDING: case CipherPadding.ISO10126D2PADDING: case CipherPadding.ISO10126_2PADDING: padding = new ISO10126d2Padding(); break; case CipherPadding.ISO7816_4PADDING: case CipherPadding.ISO9797_1PADDING: padding = new ISO7816d4Padding(); break; case CipherPadding.ISO9796_1: case CipherPadding.ISO9796_1PADDING: asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher); break; case CipherPadding.OAEP: case CipherPadding.OAEPPADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher); break; case CipherPadding.OAEPWITHMD5ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest()); break; case CipherPadding.OAEPWITHSHA1ANDMGF1PADDING: case CipherPadding.OAEPWITHSHA_1ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest()); break; case CipherPadding.OAEPWITHSHA224ANDMGF1PADDING: case CipherPadding.OAEPWITHSHA_224ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest()); break; case CipherPadding.OAEPWITHSHA256ANDMGF1PADDING: case CipherPadding.OAEPWITHSHA_256ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest()); break; case CipherPadding.OAEPWITHSHA384ANDMGF1PADDING: case CipherPadding.OAEPWITHSHA_384ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest()); break; case CipherPadding.OAEPWITHSHA512ANDMGF1PADDING: case CipherPadding.OAEPWITHSHA_512ANDMGF1PADDING: asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest()); break; case CipherPadding.PKCS1: case CipherPadding.PKCS1PADDING: asymBlockCipher = new Pkcs1Encoding(asymBlockCipher); break; case CipherPadding.PKCS5: case CipherPadding.PKCS5PADDING: case CipherPadding.PKCS7: case CipherPadding.PKCS7PADDING: padding = new Pkcs7Padding(); break; case CipherPadding.TBCPADDING: padding = new TbcPadding(); break; case CipherPadding.WITHCTS: cts = true; break; case CipherPadding.X923PADDING: padding = new X923Padding(); break; case CipherPadding.ZEROBYTEPADDING: padding = new ZeroBytePadding(); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } string mode = ""; if (parts.Length > 1) { mode = parts[1]; int di = GetDigitIndex(mode); string modeName = di >= 0 ? mode.Substring(0, di) : mode; try { CipherMode cipherMode = modeName == "" ? CipherMode.NONE : (CipherMode)Enums.GetEnumValue(typeof(CipherMode), modeName); switch (cipherMode) { case CipherMode.ECB: case CipherMode.NONE: break; case CipherMode.CBC: blockCipher = new CbcBlockCipher(blockCipher); break; case CipherMode.CCM: aeadBlockCipher = new CcmBlockCipher(blockCipher); break; case CipherMode.CFB: { int bits = (di < 0) ? 8 * blockCipher.GetBlockSize() : int.Parse(mode.Substring(di)); blockCipher = new CfbBlockCipher(blockCipher, bits); break; } case CipherMode.CTR: blockCipher = new SicBlockCipher(blockCipher); break; case CipherMode.CTS: cts = true; blockCipher = new CbcBlockCipher(blockCipher); break; case CipherMode.EAX: aeadBlockCipher = new EaxBlockCipher(blockCipher); break; case CipherMode.GCM: aeadBlockCipher = new GcmBlockCipher(blockCipher); break; case CipherMode.GOFB: blockCipher = new GOfbBlockCipher(blockCipher); break; case CipherMode.OCB: aeadBlockCipher = new OcbBlockCipher(blockCipher, CreateBlockCipher(cipherAlgorithm)); break; case CipherMode.OFB: { int bits = (di < 0) ? 8 * blockCipher.GetBlockSize() : int.Parse(mode.Substring(di)); blockCipher = new OfbBlockCipher(blockCipher, bits); break; } case CipherMode.OPENPGPCFB: blockCipher = new OpenPgpCfbBlockCipher(blockCipher); break; case CipherMode.SIC: if (blockCipher.GetBlockSize() < 16) { throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); } blockCipher = new SicBlockCipher(blockCipher); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } catch (ArgumentException) { throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } if (aeadBlockCipher != null) { if (cts) throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers."); if (padded && parts.Length > 2 && parts[2] != "") throw new SecurityUtilityException("Bad padding specified for AEAD cipher."); return new BufferedAeadBlockCipher(aeadBlockCipher); } if (blockCipher != null) { if (cts) { return new CtsBlockCipher(blockCipher); } if (padding != null) { return new PaddedBufferedBlockCipher(blockCipher, padding); } if (!padded || blockCipher.IsPartialBlockOkay) { return new BufferedBlockCipher(blockCipher); } return new PaddedBufferedBlockCipher(blockCipher); } if (asymBlockCipher != null) { return new BufferedAsymmetricBlockCipher(asymBlockCipher); } throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); }
public static IBufferedCipher GetCipher( string algorithm) { if (algorithm == null) throw new ArgumentNullException("algorithm"); algorithm = algorithm.ToUpper(CultureInfo.InvariantCulture); string aliased = (string) algorithms[algorithm]; if (aliased != null) algorithm = aliased; IBasicAgreement iesAgreement = null; if (algorithm == "IES") { iesAgreement = new DHBasicAgreement(); } else if (algorithm == "ECIES") { iesAgreement = new ECDHBasicAgreement(); } if (iesAgreement != null) { return new BufferedIesCipher( new IesEngine( iesAgreement, new Kdf2BytesGenerator( new Sha1Digest()), new HMac( new Sha1Digest()))); } if (algorithm.StartsWith("PBE")) { switch (algorithm) { case "PBEWITHSHAAND2-KEYTRIPLEDES-CBC": case "PBEWITHSHAAND3-KEYTRIPLEDES-CBC": return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEdeEngine())); case "PBEWITHSHAAND128BITRC2-CBC": case "PBEWITHSHAAND40BITRC2-CBC": return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); case "PBEWITHSHAAND128BITAES-CBC-BC": case "PBEWITHSHAAND192BITAES-CBC-BC": case "PBEWITHSHAAND256BITAES-CBC-BC": case "PBEWITHSHA256AND128BITAES-CBC-BC": case "PBEWITHSHA256AND192BITAES-CBC-BC": case "PBEWITHSHA256AND256BITAES-CBC-BC": case "PBEWITHMD5AND128BITAES-CBC-OPENSSL": case "PBEWITHMD5AND192BITAES-CBC-OPENSSL": case "PBEWITHMD5AND256BITAES-CBC-OPENSSL": return new PaddedBufferedBlockCipher( new CbcBlockCipher(new AesFastEngine())); case "PBEWITHSHA1ANDDES-CBC": return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEngine())); case "PBEWITHSHA1ANDRC2-CBC": return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); } } string[] parts = algorithm.Split('/'); IBlockCipher blockCipher = null; IAsymmetricBlockCipher asymBlockCipher = null; IStreamCipher streamCipher = null; switch (parts[0]) { case "AES": blockCipher = new AesFastEngine(); break; case "ARC4": streamCipher = new RC4Engine(); break; case "BLOWFISH": blockCipher = new BlowfishEngine(); break; case "CAMELLIA": blockCipher = new CamelliaEngine(); break; case "CAST5": blockCipher = new Cast5Engine(); break; case "CAST6": blockCipher = new Cast6Engine(); break; case "DES": blockCipher = new DesEngine(); break; case "DESEDE": blockCipher = new DesEdeEngine(); break; case "ELGAMAL": asymBlockCipher = new ElGamalEngine(); break; case "GOST28147": blockCipher = new Gost28147Engine(); break; case "HC128": streamCipher = new HC128Engine(); break; case "HC256": streamCipher = new HC256Engine(); break; #if INCLUDE_IDEA case "IDEA": blockCipher = new IdeaEngine(); break; #endif case "NOEKEON": blockCipher = new NoekeonEngine(); break; case "PBEWITHSHAAND128BITRC4": case "PBEWITHSHAAND40BITRC4": streamCipher = new RC4Engine(); break; case "RC2": blockCipher = new RC2Engine(); break; case "RC5": blockCipher = new RC532Engine(); break; case "RC5-64": blockCipher = new RC564Engine(); break; case "RC6": blockCipher = new RC6Engine(); break; case "RIJNDAEL": blockCipher = new RijndaelEngine(); break; case "RSA": asymBlockCipher = new RsaBlindedEngine(); break; case "SALSA20": streamCipher = new Salsa20Engine(); break; case "SEED": blockCipher = new SeedEngine(); break; case "SERPENT": blockCipher = new SerpentEngine(); break; case "SKIPJACK": blockCipher = new SkipjackEngine(); break; case "TEA": blockCipher = new TeaEngine(); break; case "TWOFISH": blockCipher = new TwofishEngine(); break; case "VMPC": streamCipher = new VmpcEngine(); break; case "VMPC-KSA3": streamCipher = new VmpcKsa3Engine(); break; case "XTEA": blockCipher = new XteaEngine(); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } if (streamCipher != null) { if (parts.Length > 1) throw new ArgumentException("Modes and paddings not used for stream ciphers"); return new BufferedStreamCipher(streamCipher); } bool cts = false; bool padded = true; IBlockCipherPadding padding = null; IAeadBlockCipher aeadBlockCipher = null; if (parts.Length > 2) { if (streamCipher != null) throw new ArgumentException("Paddings not used for stream ciphers"); switch (parts[2]) { case "NOPADDING": padded = false; break; case "": case "RAW": break; case "ISO10126PADDING": case "ISO10126D2PADDING": case "ISO10126-2PADDING": padding = new ISO10126d2Padding(); break; case "ISO7816-4PADDING": case "ISO9797-1PADDING": padding = new ISO7816d4Padding(); break; case "ISO9796-1": case "ISO9796-1PADDING": asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher); break; case "OAEP": case "OAEPPADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher); break; case "OAEPWITHMD5ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest()); break; case "OAEPWITHSHA1ANDMGF1PADDING": case "OAEPWITHSHA-1ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest()); break; case "OAEPWITHSHA224ANDMGF1PADDING": case "OAEPWITHSHA-224ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest()); break; case "OAEPWITHSHA256ANDMGF1PADDING": case "OAEPWITHSHA-256ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest()); break; case "OAEPWITHSHA384ANDMGF1PADDING": case "OAEPWITHSHA-384ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest()); break; case "OAEPWITHSHA512ANDMGF1PADDING": case "OAEPWITHSHA-512ANDMGF1PADDING": asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest()); break; case "PKCS1": case "PKCS1PADDING": asymBlockCipher = new Pkcs1Encoding(asymBlockCipher); break; case "PKCS5": case "PKCS5PADDING": case "PKCS7": case "PKCS7PADDING": padding = new Pkcs7Padding(); break; case "TBCPADDING": padding = new TbcPadding(); break; case "WITHCTS": cts = true; break; case "X9.23PADDING": case "X923PADDING": padding = new X923Padding(); break; case "ZEROBYTEPADDING": padding = new ZeroBytePadding(); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } string mode = ""; if (parts.Length > 1) { mode = parts[1]; int di = GetDigitIndex(mode); string modeName = di >= 0 ? mode.Substring(0, di) : mode; switch (modeName) { case "": case "ECB": case "NONE": break; case "CBC": blockCipher = new CbcBlockCipher(blockCipher); break; case "CCM": aeadBlockCipher = new CcmBlockCipher(blockCipher); break; case "CFB": { int bits = (di < 0) ? 8 * blockCipher.GetBlockSize() : int.Parse(mode.Substring(di)); blockCipher = new CfbBlockCipher(blockCipher, bits); break; } case "CTR": blockCipher = new SicBlockCipher(blockCipher); break; case "CTS": cts = true; blockCipher = new CbcBlockCipher(blockCipher); break; case "EAX": aeadBlockCipher = new EaxBlockCipher(blockCipher); break; case "GCM": aeadBlockCipher = new GcmBlockCipher(blockCipher); break; case "GOFB": blockCipher = new GOfbBlockCipher(blockCipher); break; case "OFB": { int bits = (di < 0) ? 8 * blockCipher.GetBlockSize() : int.Parse(mode.Substring(di)); blockCipher = new OfbBlockCipher(blockCipher, bits); break; } case "OPENPGPCFB": blockCipher = new OpenPgpCfbBlockCipher(blockCipher); break; case "SIC": if (blockCipher.GetBlockSize() < 16) { throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); } blockCipher = new SicBlockCipher(blockCipher); break; default: throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } } if (aeadBlockCipher != null) { if (cts) throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers."); if (padded && parts.Length > 2 && parts[2] != "") throw new SecurityUtilityException("Bad padding specified for AEAD cipher."); return new BufferedAeadBlockCipher(aeadBlockCipher); } if (blockCipher != null) { if (cts) { return new CtsBlockCipher(blockCipher); } if (padding != null) { return new PaddedBufferedBlockCipher(blockCipher, padding); } if (!padded || blockCipher.IsPartialBlockOkay) { return new BufferedBlockCipher(blockCipher); } return new PaddedBufferedBlockCipher(blockCipher); } if (asymBlockCipher != null) { return new BufferedAsymmetricBlockCipher(asymBlockCipher); } throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); }
public static EncryptionResult EncryptMessage(byte[] userKey, byte[] userSecret, byte[] data, ushort padding = 0, bool randomisePadding = false) { var Random = new SecureRandom(); var Salt = new byte[16]; Random.NextBytes(Salt); var Curve = ECNamedCurveTable.GetByName("prime256v1"); var Spec = new ECDomainParameters(Curve.Curve, Curve.G, Curve.N, Curve.H, Curve.GetSeed()); var Generator = new ECKeyPairGenerator(); Generator.Init(new ECKeyGenerationParameters(Spec, new SecureRandom())); var KeyPair = Generator.GenerateKeyPair(); var AgreementGenerator = new ECDHBasicAgreement(); AgreementGenerator.Init(KeyPair.Private); var IKM = AgreementGenerator.CalculateAgreement(new ECPublicKeyParameters(Spec.Curve.DecodePoint(userKey), Spec)); var PRK = GenerateHKDF(userSecret, IKM.ToByteArrayUnsigned(), Encoding.UTF8.GetBytes("Content-Encoding: auth\0"), 32); var PublicKey = ((ECPublicKeyParameters)KeyPair.Public).Q.GetEncoded(false); var CEK = GenerateHKDF(Salt, PRK, CreateInfoChunk("aesgcm", userKey, PublicKey), 16); var Nonce = GenerateHKDF(Salt, PRK, CreateInfoChunk("nonce", userKey, PublicKey), 12); if (randomisePadding && (padding > 0)) padding = Convert.ToUInt16(Math.Abs(Random.NextInt()) % (padding + 1)); var Input = new byte[padding + 2 + data.Length]; Buffer.BlockCopy(ConvertInt(padding), 0, Input, 0, 2); Buffer.BlockCopy(data, 0, Input, padding + 2, data.Length); var Cipher = CipherUtilities.GetCipher("AES/GCM/NoPadding"); Cipher.Init(true, new AeadParameters(new KeyParameter(CEK), 128, Nonce)); var Message = new byte[Cipher.GetOutputSize(Input.Length)]; Cipher.DoFinal(Input, 0, Input.Length, Message, 0); return new EncryptionResult { Salt = Salt, Payload = Message, PublicKey = PublicKey }; }
public void TestECBasicAgreementTest() { SecureRandom random = new SecureRandom(); FpCurve curve = new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters parameters = new ECDomainParameters( curve, curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(parameters, random); pGen.Init(genParam); AsymmetricCipherKeyPair p1 = pGen.GenerateKeyPair(); AsymmetricCipherKeyPair p2 = pGen.GenerateKeyPair(); // // two way // IBasicAgreement e1 = new ECDHBasicAgreement(); IBasicAgreement e2 = new ECDHBasicAgreement(); e1.Init(p1.Private); e2.Init(p2.Private); BigInteger k1 = e1.CalculateAgreement(p2.Public); BigInteger k2 = e2.CalculateAgreement(p1.Public); if (!k1.Equals(k2)) { Fail("calculated agreement test failed"); } // // two way // e1 = new ECDHCBasicAgreement(); e2 = new ECDHCBasicAgreement(); e1.Init(p1.Private); e2.Init(p2.Private); k1 = e1.CalculateAgreement(p2.Public); k2 = e2.CalculateAgreement(p1.Public); if (!k1.Equals(k2)) { Fail("calculated agreement test failed"); } }
BigInteger ECDHAgree(byte[] publicKey, byte[] privateKey) { var domain = SecNamedCurves.GetByName ("secp160r1"); ECDHBasicAgreement agreement = new ECDHBasicAgreement (); BigInteger privKeyInt = new BigInteger (privateKey); ECDomainParameters parm = new ECDomainParameters(domain.Curve, domain.G, domain.N); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters (privKeyInt, parm); agreement.Init (privKey); var pt = Key.Curve.Curve.DecodePoint (publicKey); ECPublicKeyParameters pubParams = new ECPublicKeyParameters (pt, parm); return agreement.CalculateAgreement (pubParams); }
protected virtual byte[] CalculateECDHBasicAgreement(ECPublicKeyParameters publicKey, ECPrivateKeyParameters privateKey) { ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement(); basicAgreement.Init(privateKey); BigInteger agreement = basicAgreement.CalculateAgreement(publicKey); return BigIntegers.AsUnsignedByteArray(agreement); }
protected virtual byte[] CalculateECDHBasicAgreement(ECPublicKeyParameters publicKey, ECPrivateKeyParameters privateKey) { ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement(); basicAgreement.Init(privateKey); BigInteger agreementValue = basicAgreement.CalculateAgreement(publicKey); /* * RFC 4492 5.10. Note that this octet string (Z in IEEE 1363 terminology) as output by * FE2OSP, the Field Element to Octet String Conversion Primitive, has constant length for * any given field; leading zeros found in this octet string MUST NOT be truncated. */ return BigIntegers.AsUnsignedByteArray(basicAgreement.GetFieldSize(), agreementValue); }
/// <summary> /// Generates the KDF parameters. /// Sess Sections 7 & 8 of RFC 6637 (http://tools.ietf.org/html/rfc6637) for more details /// </summary> /// <returns></returns> private void UpdateDigestWithKDFParameters(IDigest digest) { var agreement = new ECDHBasicAgreement(); agreement.Init(_privateKey); var zb = agreement.CalculateAgreement(_publicKey).ToByteArrayUnsigned(); digest.Update(0x00); digest.Update(0x00); digest.Update(0x00); digest.Update(0x01); digest.BlockUpdate(zb, 0, zb.Length); var oid = _publicKey.PublicKeyParamSet.ToBytes(); digest.Update((byte)oid.Length); digest.BlockUpdate(oid, 0, oid.Length); digest.Update((byte)PublicKeyAlgorithmTag.Ecdh); digest.Update(0x3); digest.Update(0x1); digest.Update((byte)_publicKey.HashAlgorithm); digest.Update((byte)_publicKey.SymmetricKeyAlgorithm); digest.BlockUpdate(_anonymousSender, 0, _anonymousSender.Length); digest.BlockUpdate(_fingerPrint, 0, _fingerPrint.Length); }
public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data) { if (data == null) { throw new ArgumentNullException("data"); } if (data.Length < 1) { throw new ArgumentException("data"); } byte[] ecPointData = new byte[data[0]]; Buffer.BlockCopy(data, 1, ecPointData, 0, ecPointData.Length); ECPoint ecPoint = domainParameters.Curve.DecodePoint(ecPointData); var theirPublicKey = new ECPublicKeyParameters(ecPoint, domainParameters); // Calculate the actual agreement var agreement = new ECDHBasicAgreement(); agreement.Init(this.privateKey); preMasterSecret = BigIntegerToByteArray(agreement.CalculateAgreement(theirPublicKey), 32); this.logger?.Debug("Pre-Master secret: " + BitConverter.ToString(preMasterSecret)); }
/// <summary> /// Called by client to get his ephemaral ECC keys /// TODO: get information about which ECC curve should be used /// </summary> /// <param name="version"></param> /// <param name="data"></param> /// <returns></returns> public override byte[] ProcessServerKeys(ProtocolVersion version, byte[] data, X509Certificate serverCertificate) { if (data == null) { throw new ArgumentNullException(nameof(data)); } if (data.Length < 4) throw new ArgumentException(nameof(data)); //if (data[0] != 3 || data[1] != 0 || data[2] != 23) if (data[0] != 3 || data[1] != 0) { throw new ArgumentException(nameof(data)); } //if (data[3] != 65 || data[4] > data.Length - 4) if (data[4] > data.Length - 4) { throw new ArgumentException(nameof(data)); } // Extract the public key from the data byte[] ecPointData = new byte[data[3]]; Buffer.BlockCopy(data, 4, ecPointData, 0, ecPointData.Length); var ecPoint = this.ObtainCurveNameAndPoint(ecPointData, serverCertificate); var theirPublicKey = new ECPublicKeyParameters(ecPoint, this.domainParameters); // Calculate the actual agreement var agreement = new ECDHBasicAgreement(); agreement.Init(this.privateKey); this.preMasterSecret = BigIntegerToByteArray(agreement.CalculateAgreement(theirPublicKey), 32); var signature = new byte[data.Length - 4 - data[3]]; Buffer.BlockCopy(data, 4 + data[3], signature, 0, signature.Length); return signature; }