Пример #1
0
        public virtual void Init(bool forEncryption, ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            macBlock           = null;
            KeyParameter keyParameter;

            if (parameters is AeadParameters)
            {
                AeadParameters aeadParameters = (AeadParameters)parameters;
                nonce = aeadParameters.GetNonce();
                initialAssociatedText = aeadParameters.GetAssociatedText();
                int num = aeadParameters.MacSize;
                if (num < 32 || num > 128 || num % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + num);
                }
                macSize      = num / 8;
                keyParameter = aeadParameters.Key;
            }
            else
            {
                if (!(parameters is ParametersWithIV))
                {
                    throw new ArgumentException("invalid parameters passed to GCM");
                }
                ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
                nonce = parametersWithIV.GetIV();
                initialAssociatedText = null;
                macSize      = 16;
                keyParameter = (KeyParameter)parametersWithIV.Parameters;
            }
            int num2 = (!forEncryption) ? (16 + macSize) : 16;

            bufBlock = new byte[num2];
            if (nonce == null || nonce.Length < 1)
            {
                throw new ArgumentException("IV must be at least 1 byte");
            }
            if (keyParameter != null)
            {
                cipher.Init(forEncryption: true, keyParameter);
                H = new byte[16];
                cipher.ProcessBlock(H, 0, H, 0);
                multiplier.Init(H);
                exp = null;
            }
            else if (H == null)
            {
                throw new ArgumentException("Key must be specified in initial init");
            }
            J0 = new byte[16];
            if (nonce.Length == 12)
            {
                Array.Copy(nonce, 0, J0, 0, nonce.Length);
                J0[15] = 1;
            }
            else
            {
                gHASH(J0, nonce, nonce.Length);
                byte[] array = new byte[16];
                Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array, 8);
                gHASHBlock(J0, array);
            }
            S           = new byte[16];
            S_at        = new byte[16];
            S_atPre     = new byte[16];
            atBlock     = new byte[16];
            atBlockPos  = 0;
            atLength    = 0uL;
            atLengthPre = 0uL;
            counter     = Arrays.Clone(J0);
            bufOff      = 0;
            totalLength = 0uL;
            if (initialAssociatedText != null)
            {
                ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
            }
        }
Пример #2
0
        private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
        {
            if (!mechanism.EndsWith("DES-CBC") & !mechanism.EndsWith("DESEDE-CBC"))
            {
                return(parameters);
            }

            if (parameters is ParametersWithIV)
            {
                ParametersWithIV ivParams = (ParametersWithIV)parameters;
                return(new ParametersWithIV(FixDesParity(mechanism, ivParams.Parameters), ivParams.GetIV()));
            }

            KeyParameter kParam = (KeyParameter)parameters;

            byte[] keyBytes = kParam.GetKey();
            DesParameters.SetOddParity(keyBytes);
            return(new KeyParameter(keyBytes));
        }
Пример #3
0
        /// <remarks>
        /// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
        /// Sizes less than 96 are not recommended, but are supported for specialized applications.
        /// </remarks>
        public virtual void Init(
            bool forEncryption,
            ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            this.macBlock      = null;

            KeyParameter keyParam;

            if (parameters is AeadParameters)
            {
                AeadParameters param = (AeadParameters)parameters;

                nonce = param.GetNonce();
                initialAssociatedText = param.GetAssociatedText();

                int macSizeBits = param.MacSize;
                if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
                }

                macSize  = macSizeBits / 8;
                keyParam = param.Key;
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV param = (ParametersWithIV)parameters;

                nonce = param.GetIV();
                initialAssociatedText = null;
                macSize  = 16;
                keyParam = (KeyParameter)param.Parameters;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to GCM");
            }

            int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);

            this.bufBlock = new byte[bufLength];

            if (nonce == null || nonce.Length < 1)
            {
                throw new ArgumentException("IV must be at least 1 byte");
            }

            // TODO Restrict macSize to 16 if nonce length not 12?

            // Cipher always used in forward mode
            // if keyParam is null we're reusing the last key.
            if (keyParam != null)
            {
                cipher.Init(true, keyParam);

                this.H = new byte[BlockSize];
                cipher.ProcessBlock(H, 0, H, 0);

                // if keyParam is null we're reusing the last key and the multiplier doesn't need re-init
                multiplier.Init(H);
                exp = null;
            }
            else if (this.H == null)
            {
                throw new ArgumentException("Key must be specified in initial init");
            }

            this.J0 = new byte[BlockSize];

            if (nonce.Length == 12)
            {
                Array.Copy(nonce, 0, J0, 0, nonce.Length);
                this.J0[BlockSize - 1] = 0x01;
            }
            else
            {
                gHASH(J0, nonce, nonce.Length);
                byte[] X = new byte[BlockSize];
                Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8);
                gHASHBlock(J0, X);
            }

            this.S           = new byte[BlockSize];
            this.S_at        = new byte[BlockSize];
            this.S_atPre     = new byte[BlockSize];
            this.atBlock     = new byte[BlockSize];
            this.atBlockPos  = 0;
            this.atLength    = 0;
            this.atLengthPre = 0;
            this.counter     = Arrays.Clone(J0);
            this.bufOff      = 0;
            this.totalLength = 0;

            if (initialAssociatedText != null)
            {
                ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
            }
        }
Пример #4
0
    private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
    {
        if (!Platform.EndsWith(mechanism, "DES-CBC") && !Platform.EndsWith(mechanism, "DESEDE-CBC"))
        {
            return(parameters);
        }
        if (parameters is ParametersWithIV)
        {
            ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
            return(new ParametersWithIV(FixDesParity(mechanism, parametersWithIV.Parameters), parametersWithIV.GetIV()));
        }
        KeyParameter keyParameter = (KeyParameter)parameters;

        byte[] key = keyParameter.GetKey();
        DesParameters.SetOddParity(key);
        return(new KeyParameter(key));
    }
Пример #5
0
        public bool ProcessFile(string sourcePath, string destDir, bool respectFileNameInMeta = true)
        {
            string destPath = null;

            try
            {
                FileItem fi = new FileItem(sourcePath);
                using (CloudSyncFile cloudSyncFile = new CloudSyncFile(fi, _handlerFactory))
                {
                    cloudSyncFile.InitParsing();
                    FileMeta3 fileMeta = cloudSyncFile.GetFileMeta();

                    //Generate session key and make sure it matches the file
                    byte[] sessionKeyComputed =
                        CryptoUtils.RsaOaepDeciper(fileMeta.EncKey2, this._cloudSyncKey.KeyPair.Private);
                    string sessionKeyHashStrComputed = CryptoUtils.SaltedMd5(
                        fileMeta.SessionKeyHash.Substring(0, 10), sessionKeyComputed);

                    if (!fileMeta.SessionKeyHash.Equals(sessionKeyHashStrComputed))
                    {
                        throw new InvalidDataException($"File {fi.Name}, Computed session key is incorrect.");
                    }

                    //decrypt content
                    byte[] sessionKeyBytes = BytesUtils.HexStringToByteArray(
                        Encoding.ASCII.GetString(sessionKeyComputed));
                    ParametersWithIV keys =
                        CryptoUtils.DeriveAESKeyParameters(sessionKeyBytes, null);
                    AesCbcCryptor decryptor =
                        new AesCbcCryptor(((KeyParameter)keys.Parameters).GetKey(), keys.GetIV());

                    destPath = Path.Join(destDir,
                                         respectFileNameInMeta ? fileMeta.FileName : Path.GetFileName(sourcePath));

                    using (var hasher = MD5.Create())
                    {
                        using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
                        {
                            aes.Mode = CipherMode.CBC;
                            aes.Key  = ((KeyParameter)keys.Parameters).GetKey();
                            aes.IV   = keys.GetIV();
                            //Stopwatch stopwatch =  new Stopwatch();
                            //stopwatch.Start();
                            //byte[] buffer = new byte[1024 * 1024];
                            long             bytesRead = 0;
                            ICryptoTransform decoder   = aes.CreateDecryptor();
                            using (CloudSyncPayloadStream cspls =
                                       new CloudSyncPayloadStream(cloudSyncFile.GetDataBlocks(decryptor)))
                                using (CryptoStream aesStream = new CryptoStream(cspls, decoder, CryptoStreamMode.Read))
                                    using (LZ4DecoderStream lz4ds = LZ4Stream.Decode(aesStream))
                                        using (FileStream writeFs = new FileStream(destPath, FileMode.OpenOrCreate,
                                                                                   FileAccess.ReadWrite, FileShare.ReadWrite, 1024 * 1024))
                                            using (CryptoStream md5HashStream =
                                                       new CryptoStream(writeFs, hasher, CryptoStreamMode.Write))
                                            {
                                                lz4ds.CopyTo(md5HashStream, 1024 * 1024);
                                                // int read;
                                                // while ((read = md5HashStream.Read(buffer, 0, buffer.Length)) > 0)
                                                // {
                                                //     //do nothing
                                                //     bytesRead += read;
                                                //     long elapsed = stopwatch.ElapsedMilliseconds;
                                                //     if (elapsed > 1000)
                                                //     {
                                                //         double readInM = (double) bytesRead / 1024.0 / 1024.0/elapsed*1000.0;
                                                //         bytesRead = 0;
                                                //         Console.WriteLine($"Speed:{readInM} M/s");
                                                //         stopwatch.Reset();
                                                //         stopwatch.Start();
                                                //     }
                                                // }
                                            }

                            //stopwatch.Stop();
                            if (!cloudSyncFile.VerifyContentHash(hasher.Hash))
                            {
                                throw new InvalidDataException("File Md5 doesn't match.");
                            }
                        }
                    }

                    return(true);
                }
            }
            catch (Exception ex)
            {
                if (File.Exists(destPath))
                {
                    File.Delete(destPath);
                }

                this._exceptionHandler.Handle(ex);
            }

            return(false);
        }
Пример #6
0
        public virtual void Init(bool forEncryption, ICipherParameters parameters)
        {
            KeyParameter initKeyParam;

            byte[]            initNonce;
            ICipherParameters chacha20Params;

            if (parameters is AeadParameters)
            {
                AeadParameters aeadParams = (AeadParameters)parameters;

                int macSizeBits = aeadParams.MacSize;
                if ((MacSize * 8) != macSizeBits)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
                }

                initKeyParam   = aeadParams.Key;
                initNonce      = aeadParams.GetNonce();
                chacha20Params = new ParametersWithIV(initKeyParam, initNonce);

                this.mInitialAad = aeadParams.GetAssociatedText();
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV ivParams = (ParametersWithIV)parameters;

                initKeyParam   = (KeyParameter)ivParams.Parameters;
                initNonce      = ivParams.GetIV();
                chacha20Params = ivParams;

                this.mInitialAad = null;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305", "parameters");
            }

            // Validate key
            if (null == initKeyParam)
            {
                if (State.Uninitialized == mState)
                {
                    throw new ArgumentException("Key must be specified in initial init");
                }
            }
            else
            {
                if (KeySize != initKeyParam.GetKey().Length)
                {
                    throw new ArgumentException("Key must be 256 bits");
                }
            }

            // Validate nonce
            if (null == initNonce || NonceSize != initNonce.Length)
            {
                throw new ArgumentException("Nonce must be 96 bits");
            }

            // Check for encryption with reused nonce
            if (State.Uninitialized != mState && forEncryption && Arrays.AreEqual(mNonce, initNonce))
            {
                if (null == initKeyParam || Arrays.AreEqual(mKey, initKeyParam.GetKey()))
                {
                    throw new ArgumentException("cannot reuse nonce for ChaCha20Poly1305 encryption");
                }
            }

            if (null != initKeyParam)
            {
                Array.Copy(initKeyParam.GetKey(), 0, mKey, 0, KeySize);
            }

            Array.Copy(initNonce, 0, mNonce, 0, NonceSize);

            mChacha20.Init(true, chacha20Params);

            this.mState = forEncryption ? State.EncInit : State.DecInit;

            Reset(true, false);
        }
Пример #7
0
            private IBlockCipherBuilder <ParametersWithIV> DoCreateBlockCipherBuilder(bool forEncryption, ParametersWithIV parameters)
            {
                IBufferedCipher cipher = ProviderUtils.CreateBufferedCipher("FipsAES", parameters.Algorithm.Mode, parameters, forEncryption, aesEngineProvider);

                cipher.Init(forEncryption, new Internal.Parameters.ParametersWithIV(null, parameters.GetIV()));
                return(new BlockCipherBuilderImpl <ParametersWithIV>(forEncryption, parameters, cipher));
            }
        public virtual void Init(
            bool forEncryption,
            ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            this.macSize       = 16;       // TODO Make configurable?
            this.macBlock      = null;

            // TODO If macSize limitation is removed, be very careful about bufBlock
            int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);

            this.bufBlock = new byte[bufLength];

            if (parameters is AeadParameters)
            {
                AeadParameters param = (AeadParameters)parameters;

                nonce = param.GetNonce();
                A     = param.GetAssociatedText();
                //            macSize = param.getMacSize() / 8;
                if (param.MacSize != 128)
                {
                    // TODO Make configurable?
                    throw new ArgumentException("only 128-bit MAC supported currently");
                }
                keyParam = param.Key;
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV param = (ParametersWithIV)parameters;

                nonce    = param.GetIV();
                A        = null;
                keyParam = (KeyParameter)param.Parameters;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to GCM");
            }

            if (nonce == null || nonce.Length < 1)
            {
                throw new ArgumentException("IV must be at least 1 byte");
            }

            if (A == null)
            {
                // Avoid lots of null checks
                A = new byte[0];
            }

            // Cipher always used in forward mode
            cipher.Init(true, keyParam);

            // TODO This should be configurable by Init parameters
            // (but must be 16 if nonce length not 12) (BlockSize?)
            //        this.tagLength = 16;

            byte[] h = new byte[BlockSize];
            cipher.ProcessBlock(Zeroes, 0, h, 0);
            //trace("H: " + new string(Hex.encode(h)));
            this.H     = new BigInteger(1, h);
            this.initS = gHASH(A, false);

            if (nonce.Length == 12)
            {
                this.J0 = new byte[16];
                Array.Copy(nonce, 0, J0, 0, nonce.Length);
                this.J0[15] = 0x01;
            }
            else
            {
                BigInteger N = gHASH(nonce, true);
                BigInteger X = BigInteger.ValueOf(nonce.Length * 8);
                //trace("len({})||len(IV): " + dumpBigInt(X));

                N = multiply(N.Xor(X), H);
                //trace("GHASH(H,{},IV): " + dumpBigInt(N));
                this.J0 = asBlock(N);
            }

            this.S       = initS;
            this.counter = Arrays.Clone(J0);
            //trace("Y" + yCount + ": " + new string(Hex.encode(counter)));
            this.bufOff      = 0;
            this.totalLength = 0;
        }
Пример #9
0
        public virtual void Init(bool forEncryption, ICipherParameters parameters)
        {
            bool oldForEncryption = this.forEncryption;

            this.forEncryption = forEncryption;
            this.macBlock      = null;

            KeyParameter keyParameter;

            byte[] N;
            if (parameters is AeadParameters)
            {
                AeadParameters aeadParameters = (AeadParameters)parameters;

                N = aeadParameters.GetNonce();
                initialAssociatedText = aeadParameters.GetAssociatedText();

                int macSizeBits = aeadParameters.MacSize;
                if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
                }

                macSize      = macSizeBits / 8;
                keyParameter = aeadParameters.Key;
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;

                N = parametersWithIV.GetIV();
                initialAssociatedText = null;
                macSize      = 16;
                keyParameter = (KeyParameter)parametersWithIV.Parameters;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to OCB");
            }

            this.hashBlock = new byte[16];
            this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];

            if (N == null)
            {
                N = new byte[0];
            }

            if (N.Length > 15)
            {
                throw new ArgumentException("IV must be no more than 15 bytes");
            }

            /*
             * KEY-DEPENDENT INITIALISATION
             */

            if (keyParameter != null)
            {
                // hashCipher always used in forward mode
                hashCipher.Init(true, keyParameter);
                mainCipher.Init(forEncryption, keyParameter);
                KtopInput = null;
            }
            else if (oldForEncryption != forEncryption)
            {
                throw new ArgumentException("cannot change encrypting state without providing key.");
            }

            this.L_Asterisk = new byte[16];
            hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);

            this.L_Dollar = OCB_double(L_Asterisk);

            this.L = Platform.CreateArrayList();
            this.L.Add(OCB_double(L_Dollar));

            /*
             * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
             */

            int bottom = ProcessNonce(N);

            int bits = bottom % 8, bytes = bottom / 8;

            if (bits == 0)
            {
                Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
            }
            else
            {
                for (int i = 0; i < 16; ++i)
                {
                    uint b1 = Stretch[bytes];
                    uint b2 = Stretch[++bytes];
                    this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
                }
            }

            this.hashBlockPos = 0;
            this.mainBlockPos = 0;

            this.hashBlockCount = 0;
            this.mainBlockCount = 0;

            this.OffsetHASH = new byte[16];
            this.Sum        = new byte[16];
            Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16);
            this.Checksum = new byte[16];

            if (initialAssociatedText != null)
            {
                ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
            }
        }
Пример #10
0
        public virtual void Init(bool forEncryption, ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            this.macBlock      = null;

            KeyParameter keyParameter;

            byte[] N;
            if (parameters is AeadParameters)
            {
                AeadParameters aeadParameters = (AeadParameters)parameters;

                N = aeadParameters.GetNonce();
                initialAssociatedText = aeadParameters.GetAssociatedText();

                int macSizeBits = aeadParameters.MacSize;
                if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
                }

                macSize      = macSizeBits / 8;
                keyParameter = aeadParameters.Key;
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;

                N = parametersWithIV.GetIV();
                initialAssociatedText = null;
                macSize      = 16;
                keyParameter = (KeyParameter)parametersWithIV.Parameters;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to OCB");
            }

            this.hashBlock = new byte[16];
            this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)];

            if (N == null)
            {
                N = new byte[0];
            }

            if (N.Length > 15)
            {
                throw new ArgumentException("IV must be no more than 15 bytes");
            }

            /*
             * KEY-DEPENDENT INITIALISATION
             */

            // if keyParam is null we're reusing the last key.
            if (keyParameter != null)
            {
                // TODO
            }

            // hashCipher always used in forward mode
            hashCipher.Init(true, keyParameter);
            mainCipher.Init(forEncryption, keyParameter);

            this.L_Asterisk = new byte[16];
            hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0);

            this.L_Dollar = OCB_double(L_Asterisk);

            this.L = Platform.CreateArrayList();
            this.L.Add(OCB_double(L_Dollar));

            /*
             * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
             */

            byte[] nonce = new byte[16];
            Array.Copy(N, 0, nonce, nonce.Length - N.Length, N.Length);
            nonce[0]              = (byte)(macSize << 4);
            nonce[15 - N.Length] |= 1;

            int bottom = nonce[15] & 0x3F;

            byte[] Ktop = new byte[16];
            nonce[15] &= 0xC0;
            hashCipher.ProcessBlock(nonce, 0, Ktop, 0);

            byte[] Stretch = new byte[24];
            Array.Copy(Ktop, 0, Stretch, 0, 16);
            for (int i = 0; i < 8; ++i)
            {
                Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]);
            }

            this.OffsetMAIN_0 = new byte[16];
            int bits = bottom % 8, bytes = bottom / 8;

            if (bits == 0)
            {
                Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16);
            }
            else
            {
                for (int i = 0; i < 16; ++i)
                {
                    uint b1 = Stretch[bytes];
                    uint b2 = Stretch[++bytes];
                    this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits)));
                }
            }

            this.hashBlockPos = 0;
            this.mainBlockPos = 0;

            this.hashBlockCount = 0;
            this.mainBlockCount = 0;

            this.OffsetHASH = new byte[16];
            this.Sum        = new byte[16];
            this.OffsetMAIN = Arrays.Clone(this.OffsetMAIN_0);
            this.Checksum   = new byte[16];

            if (initialAssociatedText != null)
            {
                ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length);
            }
        }
Пример #11
0
        public virtual void Init(
            bool forEncryption,
            ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            this.macBlock      = null;

            if (parameters is AeadParameters)
            {
                AeadParameters param = (AeadParameters)parameters;

                nonce = param.GetNonce();
                A     = param.GetAssociatedText();

                int macSizeBits = param.MacSize;
                if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + macSizeBits);
                }

                macSize  = macSizeBits / 8;
                keyParam = param.Key;
            }
            else if (parameters is ParametersWithIV)
            {
                ParametersWithIV param = (ParametersWithIV)parameters;

                nonce    = param.GetIV();
                A        = null;
                macSize  = 16;
                keyParam = (KeyParameter)param.Parameters;
            }
            else
            {
                throw new ArgumentException("invalid parameters passed to GCM");
            }

            int bufLength = forEncryption ? BlockSize : (BlockSize + macSize);

            this.bufBlock = new byte[bufLength];

            if (nonce == null || nonce.Length < 1)
            {
                throw new ArgumentException("IV must be at least 1 byte");
            }

            if (A == null)
            {
                // Avoid lots of null checks
                A = new byte[0];
            }

            // Cipher always used in forward mode
            cipher.Init(true, keyParam);

            // TODO This should be configurable by Init parameters
            // (but must be 16 if nonce length not 12) (BlockSize?)
//			this.tagLength = 16;

            this.H = new byte[BlockSize];
            cipher.ProcessBlock(H, 0, H, 0);
            multiplier.Init(H);

            this.initS = gHASH(A);

            if (nonce.Length == 12)
            {
                this.J0 = new byte[16];
                Array.Copy(nonce, 0, J0, 0, nonce.Length);
                this.J0[15] = 0x01;
            }
            else
            {
                this.J0 = gHASH(nonce);
                byte[] X = new byte[16];
                packLength((ulong)nonce.Length * 8UL, X, 8);
                GcmUtilities.Xor(this.J0, X);
                multiplier.MultiplyH(this.J0);
            }

            this.S           = Arrays.Clone(initS);
            this.counter     = Arrays.Clone(J0);
            this.bufOff      = 0;
            this.totalLength = 0;
        }
Пример #12
0
 public virtual void Init(bool forEncryption, ICipherParameters parameters)
 {
     this.forEncryption = forEncryption;
     this.macBlock      = (byte[])null;
     if (parameters is AeadParameters)
     {
         AeadParameters aeadParameters = (AeadParameters)parameters;
         this.nonce = aeadParameters.GetNonce();
         this.A     = aeadParameters.GetAssociatedText();
         int macSize = aeadParameters.MacSize;
         if (macSize < 96 || macSize > 128 || macSize % 8 != 0)
         {
             throw new ArgumentException("Invalid value for MAC size: " + (object)macSize);
         }
         this.macSize  = macSize / 8;
         this.keyParam = aeadParameters.Key;
     }
     else
     {
         if (!(parameters is ParametersWithIV))
         {
             throw new ArgumentException("invalid parameters passed to GCM");
         }
         ParametersWithIV parametersWithIv = (ParametersWithIV)parameters;
         this.nonce    = parametersWithIv.GetIV();
         this.A        = (byte[])null;
         this.macSize  = 16;
         this.keyParam = (KeyParameter)parametersWithIv.Parameters;
     }
     this.bufBlock = new byte[forEncryption ? 16 : 16 + this.macSize];
     if (this.nonce == null || this.nonce.Length < 1)
     {
         throw new ArgumentException("IV must be at least 1 byte");
     }
     if (this.A == null)
     {
         this.A = new byte[0];
     }
     this.cipher.Init(true, (ICipherParameters)this.keyParam);
     this.H = new byte[16];
     this.cipher.ProcessBlock(this.H, 0, this.H, 0);
     this.multiplier.Init(this.H);
     this.initS = this.gHASH(this.A);
     if (this.nonce.Length == 12)
     {
         this.J0 = new byte[16];
         Array.Copy((Array)this.nonce, 0, (Array)this.J0, 0, this.nonce.Length);
         this.J0[15] = (byte)1;
     }
     else
     {
         this.J0 = this.gHASH(this.nonce);
         byte[] numArray = new byte[16];
         GcmBlockCipher.packLength((ulong)this.nonce.Length * 8UL, numArray, 8);
         GcmUtilities.Xor(this.J0, numArray);
         this.multiplier.MultiplyH(this.J0);
     }
     this.S           = Arrays.Clone(this.initS);
     this.counter     = Arrays.Clone(this.J0);
     this.bufOff      = 0;
     this.totalLength = 0UL;
 }
Пример #13
0
        private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
        {
            if (!BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DES-CBC") && !BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DESEDE-CBC"))
            {
                return(parameters);
            }

            if (parameters is ParametersWithIV)
            {
                ParametersWithIV ivParams = (ParametersWithIV)parameters;
                return(new ParametersWithIV(FixDesParity(mechanism, ivParams.Parameters), ivParams.GetIV()));
            }

            KeyParameter kParam = (KeyParameter)parameters;

            byte[] keyBytes = kParam.GetKey();
            DesParameters.SetOddParity(keyBytes);
            return(new KeyParameter(keyBytes));
        }
Пример #14
0
        public virtual void Init(bool forEncryption, ICipherParameters parameters)
        {
            this.forEncryption = forEncryption;
            macBlock           = null;
            if (parameters is AeadParameters)
            {
                AeadParameters aeadParameters = (AeadParameters)parameters;
                nonce = aeadParameters.GetNonce();
                A     = aeadParameters.GetAssociatedText();
                int num = aeadParameters.MacSize;
                if (num < 96 || num > 128 || num % 8 != 0)
                {
                    throw new ArgumentException("Invalid value for MAC size: " + num);
                }
                macSize  = num / 8;
                keyParam = aeadParameters.Key;
            }
            else
            {
                if (!(parameters is ParametersWithIV))
                {
                    throw new ArgumentException("invalid parameters passed to GCM");
                }
                ParametersWithIV parametersWithIV = (ParametersWithIV)parameters;
                nonce    = parametersWithIV.GetIV();
                A        = null;
                macSize  = 16;
                keyParam = (KeyParameter)parametersWithIV.Parameters;
            }
            int num2 = forEncryption ? 16 : (16 + macSize);

            bufBlock = new byte[num2];
            if (nonce == null || nonce.Length < 1)
            {
                throw new ArgumentException("IV must be at least 1 byte");
            }
            if (A == null)
            {
                A = new byte[0];
            }
            cipher.Init(forEncryption: true, keyParam);
            H = new byte[16];
            cipher.ProcessBlock(H, 0, H, 0);
            multiplier.Init(H);
            initS = gHASH(A);
            if (nonce.Length == 12)
            {
                J0 = new byte[16];
                Array.Copy(nonce, 0, J0, 0, nonce.Length);
                J0[15] = 1;
            }
            else
            {
                J0 = gHASH(nonce);
                byte[] array = new byte[16];
                packLength((ulong)((long)nonce.Length * 8L), array, 8);
                GcmUtilities.Xor(J0, array);
                multiplier.MultiplyH(J0);
            }
            S           = Arrays.Clone(initS);
            counter     = Arrays.Clone(J0);
            bufOff      = 0;
            totalLength = 0uL;
        }
Пример #15
0
        public byte[][] DeriveKeyAndIV(TargetKeyType keyType, int keySizeInBytes, int ivSizeInBytes)
        {
            CryptoServicesRegistrar.ApprovedModeCheck(approvedOnlyMode, "PasswordBasedDeriver");

            if (approvedOnlyMode)
            {
                if (keySizeInBytes < 14)
                {
                    throw new CryptoUnapprovedOperationError("keySizeInBytes must be at least 14");
                }
            }

            if (keyType == TargetKeyType.MAC)
            {
                ParametersWithIV paramWithIv = (ParametersWithIV)generator.GenerateDerivedMacParameters(keySizeInBytes * 8, ivSizeInBytes * 8);

                return(new byte[][] { ((KeyParameter)paramWithIv.Parameters).GetKey(), paramWithIv.GetIV() });
            }
            else
            {
                ParametersWithIV paramWithIv = (ParametersWithIV)generator.GenerateDerivedParameters(keySizeInBytes * 8, ivSizeInBytes * 8);

                return(new byte[][] { ((KeyParameter)paramWithIv.Parameters).GetKey(), paramWithIv.GetIV() });
            }
        }
Пример #16
0
        public void Init(ICipherParameters parameters)
        {
            if (parameters is ParametersWithIV)
            {
                ParametersWithIV p = (ParametersWithIV)parameters;

                aeadCipher.Init(true, new AeadParameters((KeyParameter)p.Parameters, macLenInBits, p.GetIV()));
            }
            else
            {
                throw new ArgumentException("AEAD cipher based MAC needs nonce/IV");
            }
        }