public AEADResult EncryptFinal(AEADResult previousResult) { var output = previousResult.RemainingOutput; if (_bufferOffset != 0) { output = EncryptBlock(output); } var tagCiphertextPaddingLength = (16 - (int)(_cSize / 8) % 16) % 16; _tagHash.Update(new byte[tagCiphertextPaddingLength]); _tagHash.Update(EndianBitConverter.Big.GetBytes(_aSize)); _tagHash.Update(EndianBitConverter.Big.GetBytes(_cSize)); var ctr = new CTRBlockCipher(_cipher); ctr.Init(new IVParameter(new NullCipherParameter(), _j0)); var blockResult = ctr.EncryptBlock(_tagHash.DigestBuffer(), output); output = blockResult.RemainingOutput; return(new AEADResult(previousResult.RemainingInput, output)); }
public bool Verify(byte[] input, byte[] signature, IDigest hash) { if (_publicKey is null || _domain is null || _nField is null) { throw new InvalidOperationException("ECDSA not initialised"); } FieldValue r, s; using (var buffer = new MemoryStream(signature)) { var reader = new DERReader(buffer); var seq = reader.Read() as ASN1Sequence; SecurityAssert.NotNull(seq); SecurityAssert.Assert(seq !.Count == 2); var ri = seq.Elements[0] as ASN1Integer; SecurityAssert.NotNull(ri); r = _nField.Value(ri !.Value); SecurityAssert.Assert(r.Value == ri !.Value); var si = seq.Elements[1] as ASN1Integer; SecurityAssert.NotNull(si); s = _nField.Value(si !.Value); SecurityAssert.Assert(s.Value == si !.Value); } // check QA != O // check QA is on curve SecurityAssert.Assert(_domain.Curve.IsPointOnCurve(_publicKey)); // check n*QA = O // check r and s are in [1, n-1] // e = HASH(input) hash.Update(input); var e = hash.DigestBuffer(); // z = the Ln leftmost bits of e, where Ln is the bit length of the group order n. var z = ToZ(e, _ln); // w = 1/s (mod n) var w = _nField.Divide(_nField.Value(1), s); // u1 = zw (mod n) var u1 = _nField.Multiply(w, z); // u2 = rw (mod n) var u2 = _nField.Multiply(w, r); // (x1, y2) = u1 * G + u2 * QA var point = Point.Add(_domain.Curve, a: Point.Multiply(_domain.Curve, u1, _domain.Generator), b: Point.Multiply(_domain.Curve, u2, _publicKey)) !; // return r == x1 (mod n) return(r == point.X); }
private byte[] ComputeMAC(IDigest macAlgo, long seqNum, RecordType type, TLSVersion version, byte[] content) { macAlgo.Update(EndianBitConverter.Big.GetBytes(seqNum)); macAlgo.Update(new[] { (byte)type, version.Major, version.Major }); macAlgo.Update(EndianBitConverter.Big.GetBytes((ushort)content.Length)); macAlgo.Update(content); return(macAlgo.DigestBuffer()); }
public byte[] ComputeVerification(IDigest digest) { foreach (var message in _messages) { digest.Update(message); } return(digest.DigestBuffer()); }
public byte[] Sign(byte[] input, IDigest hash) { if (_privateKey is null || _domain is null || _nField is null) { throw new InvalidOperationException("ECDSA not initialised"); } // e = HASH(input) hash.Update(input); var e = hash.DigestBuffer(); // z = the Ln leftmost bits of e, where Ln is the bit length of the group order n. var z = ToZ(e, _ln).Value; // k = rand(1, n-1) <-- step 3 var k = _domain.Curve.Field.Value(_random.RandomBig(_domain.Order - 1)); // (x1, y1) = k * G var c = Point.Multiply(_domain.Curve, k, _domain.Generator); // r = x1 % n var r = c.X.Value % _domain.Order; // if r == 0 go to step 3 if (r == 0) { throw new NotImplementedException(); } // s = (1/k)(z + rdA) mod n var kInv = _nField.Divide(_nField.Value(1), k); var s = _nField.Multiply(kInv, _nField.Value(z + r * _privateKey.Value)).Value; // if s == 0 go to step 3 if (s == 0) { throw new NotImplementedException(); } // return ASN1 SEQUENCE [r INTEGER, s INTEGER] using (var buffer = new MemoryStream()) { var derWriter = new DERWriter(buffer); derWriter.Write(new ASN1Sequence(new[] { new ASN1Integer(r), new ASN1Integer(s), })); return(buffer.ToArray()); } }
public void Digest(Span <byte> output) { SecurityAssert.Assert(_state == HMACState.InnerHashing); _state = HMACState.HashingDone; var innerHash = _digest.DigestBuffer(); var oPadKey = XorKey(_key, 0x5c); _digest.Reset(); _digest.Update(oPadKey); _digest.Update(innerHash); _digest.Digest(output); }
internal static byte[] EMSA_PKCS1_v1_5_Encode(byte[] input, int emLen, IDigest hash) { hash.Update(input); var h = hash.DigestBuffer(); byte[] t; using (var mem = new MemoryStream()) { var derWriter = new DERWriter(mem); derWriter.Write(new ASN1Sequence(new ASN1Object[] { new ASN1Sequence(new ASN1Object[] { hash.Id, new ASN1Null() }), new ASN1OctetString(h) })); t = mem.ToArray(); } SecurityAssert.Assert(emLen >= t.Length + 11); var ps = new byte[emLen - t.Length - 3]; SecurityAssert.Assert(ps.Length >= 8); for (var i = 0; i < ps.Length; i++) { ps[i] = 0xff; } var em = new byte[emLen]; em[0] = 0; em[1] = 1; Array.Copy(ps, 0, em, 2, ps.Length); em[ps.Length + 2] = 0; Array.Copy(t, 0, em, ps.Length + 3, t.Length); return(em); }