Пример #1
0
            public AEADResult EncryptFinal(AEADResult previousResult)
            {
                var output = previousResult.RemainingOutput;

                if (_bufferOffset != 0)
                {
                    output = EncryptBlock(output);
                }

                var tagCiphertextPaddingLength = (16 - (int)(_cSize / 8) % 16) % 16;

                _tagHash.Update(new byte[tagCiphertextPaddingLength]);
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_aSize));
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_cSize));

                var ctr = new CTRBlockCipher(_cipher);

                ctr.Init(new IVParameter(new NullCipherParameter(), _j0));

                var blockResult = ctr.EncryptBlock(_tagHash.DigestBuffer(), output);

                output = blockResult.RemainingOutput;

                return(new AEADResult(previousResult.RemainingInput, output));
            }
Пример #2
0
            private Span <byte> EncryptBlock(Span <byte> output)
            {
                var bufferLength = _bufferOffset;

                // encrypt block
                var ciphertext = new byte[_blockSize];

                _ctr.EncryptBlock(_buffer, ciphertext);

                // copy to output
                ciphertext.AsSpan().Slice(0, bufferLength).CopyTo(output);

                // update tag hash
                _tagHash.Update(output.Slice(0, bufferLength));
                _cSize += bufferLength * 8;

                // clear buffer
                _bufferOffset = 0;
                Array.Clear(_buffer, 0, _blockSize);

                return(output.Slice(bufferLength));
            }
Пример #3
0
            public AEADResult DecryptFinal(AEADResult previousResult)
            {
                // TODO SecurityAssert.AssertBuffer(input, inputOffset, _bufferOffset + TagLength);
                // TODO SecurityAssert.AssertBuffer(output, outputOffset, _bufferOffset);

                // Consume everything but the Tag
                previousResult = Decrypt(previousResult.RemainingInput, previousResult.RemainingOutput);
                var input  = previousResult.RemainingInput;
                var output = previousResult.RemainingOutput;

                if (_bufferOffset != 0)
                {
                    output = DecryptBlock(output);
                }

                var tagCiphertextPaddingLength = (16 - (int)(_cSize / 8) % 16) % 16;

                _tagHash.Update(new byte[tagCiphertextPaddingLength]);
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_aSize));
                _tagHash.Update(EndianBitConverter.Big.GetBytes(_cSize));

                var tagCtr = new CTRBlockCipher(_cipher);

                tagCtr.Init(new IVParameter(new NullCipherParameter(), _j0));

                var digest        = _tagHash.DigestBuffer();
                var calculatedTag = new byte[16];

                tagCtr.EncryptBlock(digest, calculatedTag);

                var tag = input.Slice(0, _tagSize).ToArray();

                SecurityAssert.AssertHash(calculatedTag, tag);

                return(new AEADResult(input.Slice(_tagSize), output));
            }