public BitString Extract(BitString salt, BitString inputKeyingMaterial) { // An empty salt is converted to empty bytes salt ??= new BitString(_hmac.OutputLength); return(_hmac.Generate(salt, inputKeyingMaterial).Mac); }
public IkeResult GenerateIke(BitString ni, BitString nr, BitString gxy, BitString cky_i, BitString cky_r, BitString presharedKey = null) { // Append fixed values together for convenience var fixedData = gxy.ConcatenateBits(cky_i).ConcatenateBits(cky_r); var sKeyId = PseudoRandomFunction(ni, nr, gxy, cky_i, cky_r, presharedKey); var sKeyIdD = Hmac.Generate(sKeyId, fixedData.ConcatenateBits(new BitString("00"))).Mac; var sKeyIdA = Hmac.Generate(sKeyId, sKeyIdD.ConcatenateBits(fixedData).ConcatenateBits(new BitString("01"))).Mac; var sKeyIdE = Hmac.Generate(sKeyId, sKeyIdA.ConcatenateBits(fixedData).ConcatenateBits(new BitString("02"))).Mac; return(new IkeResult(sKeyId, sKeyIdA, sKeyIdD, sKeyIdE)); }
private BitString HmacPrf(IHmac hmac, BitString secret, BitString seed, int outputLength) { var hmacLen = hmac.OutputLength; var numBlocks = outputLength.CeilingDivide(hmacLen); var A = seed.GetDeepCopy(); var output = new BitString(0); for (var i = 0; i < numBlocks; i++) { A = hmac.Generate(secret, A).Mac; output = output.ConcatenateBits(hmac.Generate(secret, A.ConcatenateBits(seed)).Mac); } return(output); }
private BitString Prf(BitString secret, string label, BitString seed, int outputLength) { var labelBytes = new BitString(Encoding.ASCII.GetBytes(label)); var prfSeed = labelBytes.ConcatenateBits(seed); var numBlocks = outputLength.CeilingDivide(_hmac.OutputLength); var A = prfSeed.GetDeepCopy(); var output = new BitString(0); for (var i = 0; i < numBlocks; i++) { A = _hmac.Generate(secret, A).Mac; output = output.ConcatenateBits(_hmac.Generate(secret, A.ConcatenateBits(prfSeed)).Mac); } return(output.GetMostSignificantBits(outputLength)); }
protected override BitString H(BitString message, BitString salt) { if (salt == null || salt.BitLength == 0) { throw new ArgumentNullException(nameof(salt)); } return(_hmac.Generate(salt, message, OutputLength).Mac); }
// Question: Is it a hard restriction that the hash within HMAC is the same used within the signature process? public BigInteger GetNonce(BigInteger privateD, BigInteger hashedMessage, BigInteger orderN) { // 1.3 var seedMaterial = new BitString(privateD).PadToModulusMsb(32).ConcatenateBits(new BitString(hashedMessage).PadToModulusMsb(32)); // 1.4 var key = BitString.Zeroes(_hmac.OutputLength); // 1.5 var v = _01bits.GetMostSignificantBits(_hmac.OutputLength); // 1.6 key = _hmac.Generate(key, v.ConcatenateBits(BitString.ConcatenateBits(BitString.Zeroes(8), seedMaterial))).Mac; // 1.7 v = _hmac.Generate(key, v).Mac; // 1.8 key = _hmac.Generate(key, v.ConcatenateBits(BitString.ConcatenateBits(new BitString("01"), seedMaterial))).Mac; // 1.9 v = _hmac.Generate(key, v).Mac; // 2 var nlen = orderN.ExactBitLength(); // 3 BigInteger k = 0; while (k == 0 || k >= orderN) { // 4.1 var tmp = new BitString(0); // 4.2 while (tmp.BitLength < nlen) { v = _hmac.Generate(key, v).Mac; tmp = tmp.ConcatenateBits(v); } // 4.3 k = tmp.GetMostSignificantBits(nlen).ToPositiveBigInteger(); // 4.4 if (k > 0 && k < orderN) { return(k); } // 4.5 key = _hmac.Generate(key, v.ConcatenateBits(BitString.Zeroes(8))).Mac; // 4.6 v = _hmac.Generate(key, v).Mac; } return(k); }
protected override DrbgResult GenerateAlgorithm(int requestedNumberOfBits, BitString additionalInput) { // 1 if (ReseedCounter > Attributes.MaxNumberOfRequestsBetweenReseeds) { return(new DrbgResult(DrbgStatus.ReseedRequired)); } // 2 if (additionalInput.BitLength != 0) { Update(additionalInput); } // 3 var temp = new BitString(0); // 4 while (temp.BitLength < requestedNumberOfBits) { // 4.1 V = _hmac.Generate(Key, V).Mac; // 4.2 temp = temp.ConcatenateBits(V); } // 5 var returnedBits = temp.GetMostSignificantBits(requestedNumberOfBits); // 6 Update(additionalInput); // 7 ReseedCounter++; // 8 return(new DrbgResult(returnedBits)); }
public KdfResult DeriveKey(BitString auth, BitString nonceEven, BitString nonceOdd) { var value = nonceEven.ConcatenateBits(nonceOdd); var result = _hmac.Generate(auth, value); if (result.Success) { return(new KdfResult(result.Mac)); } else { return(new KdfResult(result.ErrorMessage)); } }
public void ShouldHmacCorrectly(string label, ModeValues mode, DigestSizes digestSize, int keyByteSize, int additionToIndexInKey, BitString expectedHmac, int macLength) { var hashFunction = new HashFunction(mode, digestSize); var factory = new HmacFactory(new NativeShaFactory()); _subject = factory.GetHmacInstance(hashFunction); var key = GenKey(keyByteSize, additionToIndexInKey); var message = GetBitStringFromString(label); var result = _subject.Generate(key, message, macLength); Assert.AreEqual(expectedHmac.ToHex(), result.Mac.ToHex()); }
protected override BitString Mac(BitString macData) { var mac = Algo.Generate( NoKeyConfirmationParameters.DerivedKeyingMaterial, macData, NoKeyConfirmationParameters.MacLength ); if (!mac.Success) { throw new Exception(mac.ErrorMessage); } return(mac.Mac); }
protected override BitString Mac(BitString macData) { var result = _iHmac.Generate( _keyConfirmationParameters.DerivedKeyingMaterial, macData, _keyConfirmationParameters.MacLength ); if (!result.Success) { throw new Exception(result.ErrorMessage); } return(result.Mac); }
public void IsoIec9797Tests(ModeValues mode, DigestSizes digestSize, int macLength, string ascii, int count, string keyHex, string expectedHex) { var sha = _shaFactory.GetShaInstance(new HashFunction(mode, digestSize)); _subject = new NativeHmac(sha); var key = new BitString(keyHex); BitString message; if (count == 0) { message = new BitString(Encoding.ASCII.GetBytes(ascii)); } else { message = new BitString(Encoding.ASCII.GetBytes(ascii), count * 8); } var result = _subject.Generate(key, message, macLength); var expected = new BitString(expectedHex, macLength); Assert.AreEqual(expected.ToHex(), result.Mac.ToHex()); }
private BitString GenerateSKeySeed(BitString ni, BitString nr, BitString gir) { return(_hmac.Generate(ni.ConcatenateBits(nr), gir).Mac); }