//public string PublicKeyBeforeSha256 { get; set; } //private string _privateKey; //public AsymmetricCipherKeyPair GenerateKeyPair() //{ // ECKeyPairGenerator keyPair = new ECKeyPairGenerator("EC"); // keyPair.Init(new KeyGenerationParameters(new SecureRandom(), 384)); // var pair = keyPair.GenerateKeyPair(); // //PublicKeyBeforeSha256 = GetPublicKeyStringRepresentation(pair.Public); // //_privateKey = GetPrivateKeyStringRepresentation(pair.Private); // return pair; //} /** * Generate a random private key that can be used with Secp256k1. */ public static byte[] GeneratePrivateKey() { SecureRandom secureRandom = null; try { secureRandom = SecureRandom.GetInstance(RANDOM_NUMBER_ALGORITHM, RANDOM_NUMBER_ALGORITHM_PROVIDER); } catch (Exception e) { Console.WriteLine("err"); } BigInteger privateKeyCheck = BigInteger.Zero; // Bit of magic, move this maybe. This is the max key range. BigInteger maxKey = new BigInteger("00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140", 16); // Generate the key, skipping as many as desired. byte[] privateKeyAttempt = new byte[32]; secureRandom?.NextBytes(privateKeyAttempt); privateKeyCheck = new BigInteger(1, privateKeyAttempt); while (privateKeyCheck.CompareTo(BigInteger.Zero) == 0 || privateKeyCheck.CompareTo(maxKey) == 1) { secureRandom?.NextBytes(privateKeyAttempt); privateKeyCheck = new BigInteger(1, privateKeyAttempt); } return(privateKeyAttempt); }
private void doTestCreateKeyParameter( string algorithm, DerObjectIdentifier oid, int keyBits, Type expectedType, SecureRandom random) { int keyLength = keyBits / 8; byte[] bytes = new byte[keyLength]; random.NextBytes(bytes); KeyParameter key; key = ParameterUtilities.CreateKeyParameter(algorithm, bytes); checkKeyParameter(key, expectedType, bytes); key = ParameterUtilities.CreateKeyParameter(oid, bytes); checkKeyParameter(key, expectedType, bytes); bytes = new byte[keyLength * 2]; random.NextBytes(bytes); int offset = random.Next(1, keyLength); byte[] expected = new byte[keyLength]; Array.Copy(bytes, offset, expected, 0, keyLength); key = ParameterUtilities.CreateKeyParameter(algorithm, bytes, offset, keyLength); checkKeyParameter(key, expectedType, expected); key = ParameterUtilities.CreateKeyParameter(oid, bytes, offset, keyLength); checkKeyParameter(key, expectedType, expected); }
public void TestSha1PrngBackward() { byte[] seed = Encoding.ASCII.GetBytes("backward compatible"); SecureRandom sx = new SecureRandom(seed); SecureRandom sy = SecureRandom.GetInstance("SHA1PRNG", false); sy.SetSeed(seed); byte[] bx = new byte[128]; sx.NextBytes(bx); byte[] by = new byte[128]; sy.NextBytes(by); Assert.IsTrue(Arrays.AreEqual(bx, by)); }
private void randomTest( SecureRandom srng, IGcmMultiplier m) { int kLength = 16 + 8 * srng.Next(3); byte[] K = new byte[kLength]; srng.NextBytes(K); int pLength = srng.Next(1024); byte[] P = new byte[pLength]; srng.NextBytes(P); int aLength = srng.Next(1024); byte[] A = new byte[aLength]; srng.NextBytes(A); int ivLength = 1 + srng.Next(1024); byte[] IV = new byte[ivLength]; srng.NextBytes(IV); GcmBlockCipher cipher = new GcmBlockCipher(new AesFastEngine(), m); AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A); cipher.Init(true, parameters); byte[] C = new byte[cipher.GetOutputSize(P.Length)]; int len = cipher.ProcessBytes(P, 0, P.Length, C, 0); len += cipher.DoFinal(C, len); if (C.Length != len) { // Console.WriteLine("" + C.Length + "/" + len); Fail("encryption reported incorrect length in randomised test"); } byte[] encT = cipher.GetMac(); byte[] tail = new byte[C.Length - P.Length]; Array.Copy(C, P.Length, tail, 0, tail.Length); if (!AreEqual(encT, tail)) { Fail("stream contained wrong mac in randomised test"); } cipher.Init(false, parameters); byte[] decP = new byte[cipher.GetOutputSize(C.Length)]; len = cipher.ProcessBytes(C, 0, C.Length, decP, 0); len += cipher.DoFinal(decP, len); if (!AreEqual(P, decP)) { Fail("incorrect decrypt in randomised test"); } byte[] decT = cipher.GetMac(); if (!AreEqual(encT, decT)) { Fail("decryption produced different mac from encryption"); } }
private static double measureChiSquared( SecureRandom random, int rounds) { int[] counts = new int[256]; byte[] bs = new byte[256]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b]]; } } byte mask = SecureRandom.GetSeed(1)[0]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b] ^ mask]; } ++mask; } byte shift = SecureRandom.GetSeed(1)[0]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[(byte)(bs[b] + shift)]; } ++shift; } int total = 3 * rounds; double chi2 = 0; for (int k = 0; k < counts.Length; ++k) { double diff = ((double)counts[k]) - total; double diff2 = diff * diff; chi2 += diff2; } chi2 /= total; return(chi2); }
public static void GeneratePrivateKey(SecureRandom random, byte[] k) { random.NextBytes(k); }
public void GenerateBitsAfterDisposing() { SecureRandom random = null; using (random = new SecureRandom()) { } random.NextBytes(new byte[10]); }
/// <summary> /// Generate a set of M-of-N parts for a specific private key. /// If desiredPrivKey is null, then a random key will be selected. /// </summary> public void Generate(int PartsNeededToDecode, int PartsToGenerate, byte[] desiredPrivKey) { if (PartsNeededToDecode > PartsToGenerate) { throw new ApplicationException("Number of parts needed exceeds number of parts to generate."); } if (PartsNeededToDecode > 8 || PartsToGenerate > 8) { throw new ApplicationException("Maximum number of parts is 8"); } if (PartsNeededToDecode < 1 || PartsToGenerate < 1) { throw new ApplicationException("Minimum number of parts is 1"); } if (desiredPrivKey != null && desiredPrivKey.Length != 32) { throw new ApplicationException("Desired private key must be 32 bytes"); } KeyParts.Clear(); decodedKeyParts.Clear(); SecureRandom sr = new SecureRandom(); // Get 8 random big integers into v[i]. byte[][] vvv = new byte[8][]; BigInteger[] v = new BigInteger[8]; for (int i = 0; i < 8; i++) { byte[] b = new byte[32]; sr.NextBytes(b, 0, 32); // For larger values of i, chop off some most-significant-bits to prevent overflows as they are // multiplied with increasingly larger factors. if (i >= 7) { b[0] &= 0x7f; } v[i] = new BigInteger(1, b); Debug.WriteLine(String.Format("v({0})={1}", i, v[i].ToString())); } // if a certain private key is desired, then specify it. if (desiredPrivKey != null) { // replace v[0] with xor(v[1...7]) xor desiredPrivKey BigInteger newv0 = BigInteger.Zero; for (int i = 1; i < PartsNeededToDecode; i++) { newv0 = newv0.Xor(v[i]); } v[0] = newv0.Xor(new BigInteger(1, desiredPrivKey)); } // Generate the expected private key from all the parts BigInteger privkey = new BigInteger("0"); for (int i = 0; i < PartsNeededToDecode; i++) { privkey = privkey.Xor(v[i]); } // Get the bitcoin address byte[] keybytes = privkey.ToByteArrayUnsigned(); // make sure we have 32 bytes, we'll need it if (keybytes.Length < 32) { byte[] array32 = new byte[32]; Array.Copy(keybytes, 0, array32, 32 - keybytes.Length, keybytes.Length); keybytes = array32; } KeyPair = new KeyPair(keybytes); byte[] checksum = Util.ComputeSha256(BitcoinAddress); // Generate the parts for (int i = 0; i < PartsToGenerate; i++) { BigInteger total = new BigInteger("0"); for (int j = 0; j < PartsNeededToDecode; j++) { int factor = 1; for (int ii = 0; ii <= i; ii++) { factor = factor * (j + 1); } BigInteger bfactor = new BigInteger(factor.ToString()); total = total.Add(v[j].Multiply(bfactor)); } Debug.WriteLine(String.Format(" pc{0}={1}", i, total.ToString())); byte[] parts = new byte[39]; parts[0] = 0x4f; parts[1] = (byte)(0x93 + PartsNeededToDecode); int parts23 = (((checksum[0] << 8) + checksum[1]) & 0x1ff); Debug.WriteLine("checksum " + parts23.ToString()); parts23 += 0x6000; parts23 += (i << 9); byte[] btotal = total.ToByteArrayUnsigned(); for (int jj = 0; jj < btotal.Length; jj++) { parts[jj + 4 + (35 - btotal.Length)] = btotal[jj]; } parts[2] = (byte)((parts23 & 0xFF00) >> 8); parts[3] = (byte)(parts23 & 0xFF); KeyParts.Add(Util.ByteArrayToBase58Check(parts)); decodedKeyParts.Add(parts); } }
private void RandomTest(SecureRandom srng, IGcmMultiplier m) { int kLength = 16 + 8 * srng.Next(3); byte[] K = new byte[kLength]; srng.NextBytes(K); int pLength = srng.Next(65536); byte[] P = new byte[pLength]; srng.NextBytes(P); int aLength = srng.Next(256); byte[] A = new byte[aLength]; srng.NextBytes(A); int saLength = srng.Next(256); byte[] SA = new byte[saLength]; srng.NextBytes(SA); int ivLength = 1 + srng.Next(256); byte[] IV = new byte[ivLength]; srng.NextBytes(IV); AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, IV, A); GcmBlockCipher cipher = InitCipher(m, true, parameters); byte[] C = new byte[cipher.GetOutputSize(P.Length)]; int predicted = cipher.GetUpdateOutputSize(P.Length); int split = srng.Next(SA.Length + 1); cipher.ProcessAadBytes(SA, 0, split); int len = cipher.ProcessBytes(P, 0, P.Length, C, 0); cipher.ProcessAadBytes(SA, split, SA.Length - split); if (predicted != len) { Fail("encryption reported incorrect update length in randomised test"); } len += cipher.DoFinal(C, len); if (C.Length != len) { Fail("encryption reported incorrect length in randomised test"); } byte[] encT = cipher.GetMac(); byte[] tail = new byte[C.Length - P.Length]; Array.Copy(C, P.Length, tail, 0, tail.Length); if (!AreEqual(encT, tail)) { Fail("stream contained wrong mac in randomised test"); } cipher.Init(false, parameters); byte[] decP = new byte[cipher.GetOutputSize(C.Length)]; predicted = cipher.GetUpdateOutputSize(C.Length); split = srng.Next(SA.Length + 1); cipher.ProcessAadBytes(SA, 0, split); len = cipher.ProcessBytes(C, 0, C.Length, decP, 0); cipher.ProcessAadBytes(SA, split, SA.Length - split); if (predicted != len) { Fail("decryption reported incorrect update length in randomised test"); } len += cipher.DoFinal(decP, len); if (!AreEqual(P, decP)) { Fail("incorrect decrypt in randomised test"); } byte[] decT = cipher.GetMac(); if (!AreEqual(encT, decT)) { Fail("decryption produced different mac from encryption"); } // // key reuse test // cipher.Init(false, AeadTestUtilities.ReuseKey(parameters)); decP = new byte[cipher.GetOutputSize(C.Length)]; split = NextInt(srng, SA.Length + 1); cipher.ProcessAadBytes(SA, 0, split); len = cipher.ProcessBytes(C, 0, C.Length, decP, 0); cipher.ProcessAadBytes(SA, split, SA.Length - split); len += cipher.DoFinal(decP, len); if (!AreEqual(P, decP)) { Fail("incorrect decrypt in randomised test"); } decT = cipher.GetMac(); if (!AreEqual(encT, decT)) { Fail("decryption produced different mac from encryption"); } }
internal static byte[] GenerateIV(int length, SecureRandom random) { byte[] iv = new byte[length]; random.NextBytes(iv); return(iv); }
protected virtual DsaParameters GenerateParameters_FIPS186_2() { byte[] seed = new byte[20]; byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; int n = (L - 1) / 160; byte[] w = new byte[L / 8]; if (!(digest is Sha1Digest)) { throw new InvalidOperationException("can only use SHA-1 for generating FIPS 186-2 parameters"); } for (;;) { random.NextBytes(seed); Hash(digest, seed, part1); Array.Copy(seed, 0, part2, 0, seed.Length); Inc(part2); Hash(digest, part2, part2); for (int i = 0; i != u.Length; i++) { u[i] = (byte)(part1[i] ^ part2[i]); } u[0] |= (byte)0x80; u[19] |= (byte)0x01; BigInteger q = new BigInteger(1, u); if (!q.IsProbablePrime(certainty)) { continue; } byte[] offset = Arrays.Clone(seed); Inc(offset); for (int counter = 0; counter < 4096; ++counter) { for (int k = 0; k < n; k++) { Inc(offset); Hash(digest, offset, part1); Array.Copy(part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length); } Inc(offset); Hash(digest, offset, part1); Array.Copy(part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length); w[0] |= (byte)0x80; BigInteger x = new BigInteger(1, w); BigInteger c = x.Mod(q.ShiftLeft(1)); BigInteger p = x.Subtract(c.Subtract(BigInteger.One)); if (p.BitLength != L) { continue; } if (p.IsProbablePrime(certainty)) { BigInteger g = CalculateGenerator_FIPS186_2(p, q, random); return(new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter))); } } } }
public async void Handle(TLUpdatePhoneCall update) { await VoIPConnection.Current.SendUpdateAsync(update); await Task.Delay(2000); //if (update.PhoneCall is TLPhoneCallDiscarded discarded) //{ // if (discarded.IsNeedRating) // { // Debugger.Break(); // } // if (discarded.IsNeedDebug) // { // Debugger.Break(); // } //} return; if (update.PhoneCall is TLPhoneCallRequested callRequested) { var reqReceived = new TLPhoneReceivedCall(); reqReceived.Peer = new TLInputPhoneCall(); reqReceived.Peer.Id = callRequested.Id; reqReceived.Peer.AccessHash = callRequested.AccessHash; ProtoService.SendRequestAsync <bool>("phone.receivedCall", reqReceived, null, null); var user = CacheService.GetUser(callRequested.AdminId) as TLUser; Execute.BeginOnUIThread(async() => { var dialog = await TLMessageDialog.ShowAsync(user.DisplayName, "CAAAALLL", "OK", "Cancel"); if (dialog == Windows.UI.Xaml.Controls.ContentDialogResult.Primary) { var config = await ProtoService.GetDHConfigAsync(0, 256); if (config.IsSucceeded) { var dh = config.Result; if (!TLUtils.CheckPrime(dh.P, dh.G)) { return; } secretP = dh.P; var salt = new byte[256]; var secureRandom = new SecureRandom(); secureRandom.NextBytes(salt); a_or_b = salt; var g_b = MTProtoService.GetGB(salt, dh.G, dh.P); var request = new TLPhoneAcceptCall { GB = g_b, Peer = new TLInputPhoneCall { Id = callRequested.Id, AccessHash = callRequested.AccessHash }, Protocol = new TLPhoneCallProtocol { IsUdpP2p = true, IsUdpReflector = true, MinLayer = 65, MaxLayer = 65, } }; var response = await ProtoService.SendRequestAsync <TLPhonePhoneCall>("phone.acceptCall", request); if (response.IsSucceeded) { } } } else { var req = new TLPhoneDiscardCall(); req.Peer = new TLInputPhoneCall(); req.Peer.Id = callRequested.Id; req.Peer.AccessHash = callRequested.AccessHash; req.Reason = new TLPhoneCallDiscardReasonHangup(); ProtoService.SendRequestAsync <TLPhonePhoneCall>("phone.acceptCall", req, null, null); } }); } else if (update.PhoneCall is TLPhoneCall call) { var auth_key = computeAuthKey(call); var g_a = call.GAOrB; var buffer = TLUtils.Combine(auth_key, g_a); var sha256 = Utils.ComputeSHA256(buffer); var emoji = EncryptionKeyEmojifier.EmojifyForCall(sha256); var user = CacheService.GetUser(call.AdminId) as TLUser; Execute.BeginOnUIThread(async() => { var dialog = await TLMessageDialog.ShowAsync(user.DisplayName, string.Join(" ", emoji), "OK"); }); } }
public static TLEncryptedTransportMessage Encrypt(TLEncryptedTransportMessage transportMessage, byte[] authKey) { #if MTPROTO var random = new SecureRandom(); var data = transportMessage.Data; var length = data.Length; var padding = 16 - (length % 16); byte[] paddingBytes = null; if (padding < 12) { padding += 16; } if (padding >= 12 && padding <= 1024) { paddingBytes = new byte[padding]; random.NextBytes(paddingBytes); } var dataWithPadding = data; if (paddingBytes != null) { dataWithPadding = TLUtils.Combine(data, paddingBytes); } var msgKey = TLUtils.GetEncryptMsgKey(authKey, dataWithPadding); var keyIV = TLUtils.GetEncryptKeyIV(authKey, msgKey); var encryptedData = Utils.AesIge(dataWithPadding, keyIV.Item1, keyIV.Item2, true); var authKeyId = TLUtils.GenerateLongAuthKeyId(authKey); transportMessage.AuthKeyId = new TLLong(authKeyId); transportMessage.MsgKey = msgKey; transportMessage.Data = encryptedData; return(transportMessage); #else var random = new SecureRandom(); var data = transportMessage.Data; var length = data.Length; var padding = 16 - (length % 16); byte[] paddingBytes = null; if (padding > 0 && padding < 16) { paddingBytes = new byte[padding]; random.NextBytes(paddingBytes); } byte[] dataWithPadding = data; if (paddingBytes != null) { dataWithPadding = TLUtils.Combine(data, paddingBytes); } var msgKey = TLUtils.GetMsgKey(data); var keyIV = TLUtils.GetEncryptKeyIV(authKey, msgKey); var encryptedData = Utils.AesIge(dataWithPadding, keyIV.Item1, keyIV.Item2, true); var authKeyId = TLUtils.GenerateLongAuthKeyId(authKey); transportMessage.AuthKeyId = new TLLong(authKeyId); transportMessage.MsgKey = msgKey; transportMessage.Data = encryptedData; return(transportMessage); #endif }
public byte[] GenerateRandomBytes(int size) { byte[] bytes = new byte[size]; Random.NextBytes(bytes); return(bytes); }
public void Encryption(Stream inputStream, int subBlockSize) { bool ifBlock = false; byte[] data; using (MemoryStream ms = new MemoryStream()) { inputStream.CopyTo(ms); data = ms.ToArray(); } IBlockCipher engine = null; switch (this.Algorithm) { case "IDEA": engine = new IdeaEngine(); break; case "DES": engine = new DesEngine(); break; case "AES": engine = new AesEngine(); break; } IBufferedCipher cipher = null; BufferedBlockCipher blockCipher = null; switch (this.CipherMode) { case "CBC": blockCipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(engine), new Pkcs7Padding()); ifBlock = true; break; case "ECB": cipher = CipherUtilities.GetCipher(this.Algorithm + "/ECB/PKCS7Padding"); cipher.Init(true, new KeyParameter(this.Key)); this.EncryptedData = cipher.DoFinal(data); break; case "CFB": blockCipher = new PaddedBufferedBlockCipher(new CfbBlockCipher(engine, subBlockSize), new Pkcs7Padding()); ifBlock = true; break; case "OFB": blockCipher = new PaddedBufferedBlockCipher(new OfbBlockCipher(engine, subBlockSize), new Pkcs7Padding()); ifBlock = true; break; default: Console.WriteLine("Default case"); break; } if (ifBlock) { ICipherParameters cipherParams = null; this.IvVector = new byte[8]; SecureRandom rand = new SecureRandom(); rand.NextBytes(this.IvVector); KeyParameter kluczParam = new KeyParameter(this.Key); cipherParams = new ParametersWithIV(kluczParam, this.IvVector); blockCipher.Init(true, cipherParams); this.EncryptedData = new byte[blockCipher.GetOutputSize(data.Length)]; int bytesLength = blockCipher.ProcessBytes(data, 0, data.Length, this.EncryptedData, 0); blockCipher.DoFinal(this.EncryptedData, bytesLength); ifBlock = false; } }
public byte[] GenerateKey() { var key = new byte[KeyBitSize / 8]; _random.NextBytes(key); key[^ 1] &= 0x7F;
public void StartOutgoingCall(TLInputUserBase userId) { var salt = new Byte[256]; var random = new SecureRandom(); random.NextBytes(salt); var version = _lastVersion ?? new TLInt(0); var randomLength = new TLInt(256); _mtProtoService.GetDHConfigAsync(version, randomLength, result => { ConfigureDeviceForCall(); ShowNotifications(); StartConnectionSound(); DispatchStateChanged(PhoneCallState.STATE_REQUESTING); _eventAggregator.Publish(new PhoneCallEventArgs("NotificationCenter.didStartedCall")); var dhConfig = result as TLDHConfig; if (dhConfig != null) { if (!TLUtils.CheckPrime(dhConfig.P.Data, dhConfig.G.Value)) { CallFailed(); return; } _secretP = dhConfig.P; _secretG = dhConfig.G; _secretRandom = dhConfig.Random; } for (var i = 0; i < 256; i++) { salt[i] = (byte)(salt[i] ^ _secretRandom.Data[i]); } var gaBytes = MTProtoService.GetGB(salt, _secretG, _secretP); var protocol = new TLPhoneCallProtocol { Flags = new TLInt(0), UdpP2P = true, UdpReflector = true, MinLayer = new TLInt(CALL_MIN_LAYER), MaxLayer = new TLInt(CALL_MAX_LAYER) }; _ga = gaBytes; var gaHash = Utils.ComputeSHA256(_ga); _mtProtoService.RequestCallAsync(userId, TLInt.Random(), TLString.FromBigEndianData(gaHash), protocol, result2 => { _call = result2; _aOrB = salt; DispatchStateChanged(PhoneCallState.STATE_WAITING); //if (_endCallAfterRequest) //{ // Hangup(); // return; //} }, error2 => { }); }, error => { Helpers.Execute.ShowDebugMessage("messages.getDHConfig error " + error); CallFailed(); }); }
/// <summary> /// Creates a new KeyStoreAccount. /// </summary> /// <param name="name">Name of account</param> /// <param name="id">identifier (public address)</param> /// <param name="key">private key</param> public KeyStoreProfile(string name, HoardID id, byte[] key) : base(name, id) { Random.NextBytes(localKey); encryptedKey = Encode(key); }
public static string DemonstrateFileEncryption(string plainText, string password) { #region INITIALIZATION SecureRandom Random = new SecureRandom(); byte[] dataForEncryption = Encoding.UTF8.GetBytes(plainText); Pkcs5S2ParametersGenerator pkcs5S2ParametersGenerator = new Pkcs5S2ParametersGenerator(); byte[] salt = new byte[16]; Random.NextBytes(salt); pkcs5S2ParametersGenerator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()), salt, 10000); KeyParameter key = (KeyParameter)pkcs5S2ParametersGenerator.GenerateDerivedMacParameters(256); byte[] nonce = new byte[16]; Random.NextBytes(nonce); GcmBlockCipher gcmBlockCipher = new GcmBlockCipher(new AesEngine()); AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key.GetKey()), 128, nonce, salt); gcmBlockCipher.Init(true, aeadParameters); #endregion #region ENCRYPTION //Generate ciphertext with authentication tag. byte[] cipherTextAsByteArray = new byte[gcmBlockCipher.GetOutputSize(dataForEncryption.Length)]; int length = gcmBlockCipher.ProcessBytes(dataForEncryption, 0, dataForEncryption.Length, cipherTextAsByteArray, 0); gcmBlockCipher.DoFinal(cipherTextAsByteArray, length); byte[] output = null; //Put the pices of the message together. using (MemoryStream memoryStream = new MemoryStream()) { using (BinaryWriter binaryWriter = new BinaryWriter(memoryStream)) { binaryWriter.Write(salt); binaryWriter.Write(nonce); binaryWriter.Write(cipherTextAsByteArray); } output = memoryStream.ToArray(); } File.WriteAllBytes("encryptedFile.enc", output); #endregion #region DECRYPTION byte[] encryptedMessageAsByteArray = File.ReadAllBytes("encryptedFile.enc"); salt = new byte[16]; Array.Copy(encryptedMessageAsByteArray, salt, salt.Length); using (MemoryStream memoryStream = new MemoryStream(encryptedMessageAsByteArray)) using (BinaryReader binaryReader = new BinaryReader(memoryStream)) { salt = binaryReader.ReadBytes(salt.Length); nonce = binaryReader.ReadBytes(16); gcmBlockCipher = new GcmBlockCipher(new AesEngine()); aeadParameters = new AeadParameters(new KeyParameter(key.GetKey()), 128, nonce, salt); gcmBlockCipher.Init(false, aeadParameters); cipherTextAsByteArray = binaryReader.ReadBytes(encryptedMessageAsByteArray.Length - salt.Length - nonce.Length); byte[] decryptedTextAsByteArray = new byte[gcmBlockCipher.GetOutputSize(cipherTextAsByteArray.Length)]; try { //Authentication check. length = gcmBlockCipher.ProcessBytes(cipherTextAsByteArray, 0, cipherTextAsByteArray.Length, decryptedTextAsByteArray, 0); gcmBlockCipher.DoFinal(decryptedTextAsByteArray, length); } catch (InvalidCipherTextException e) { //Authentication failed. Log.Error("Error: {0}", e.Message); return(null); } Log.Information("Decrypted file content and original plain text are the same: {0}", plainText.Equals(Encoding.UTF8.GetString(decryptedTextAsByteArray))); return(Encoding.UTF8.GetString(decryptedTextAsByteArray)); } #endregion }
/// <summary> Generate a signature for the loaded message using the key we were /// initialised with. /// </summary> public byte[] GenerateSignature() { int digSize = digest.GetDigestSize(); byte[] m2Hash = new byte[digSize]; digest.DoFinal(m2Hash, 0); byte[] C = new byte[8]; LtoOSP(messageLength * 8, C); digest.BlockUpdate(C, 0, C.Length); digest.BlockUpdate(mBuf, 0, messageLength); digest.BlockUpdate(m2Hash, 0, m2Hash.Length); byte[] salt; if (standardSalt != null) { salt = standardSalt; } else { salt = new byte[saltLength]; random.NextBytes(salt); } digest.BlockUpdate(salt, 0, salt.Length); byte[] hash = new byte[digest.GetDigestSize()]; digest.DoFinal(hash, 0); int tLength = 2; if (trailer == TrailerImplicit) { tLength = 1; } int off = block.Length - messageLength - salt.Length - hLen - tLength - 1; block[off] = (byte)(0x01); Array.Copy(mBuf, 0, block, off + 1, messageLength); Array.Copy(salt, 0, block, off + 1 + messageLength, salt.Length); byte[] dbMask = MaskGeneratorFunction1(hash, 0, hash.Length, block.Length - hLen - tLength); for (int i = 0; i != dbMask.Length; i++) { block[i] ^= dbMask[i]; } Array.Copy(hash, 0, block, block.Length - hLen - tLength, hLen); if (trailer == TrailerImplicit) { block[block.Length - 1] = (byte)TrailerImplicit; } else { block[block.Length - 2] = (byte)((uint)trailer >> 8); block[block.Length - 1] = (byte)trailer; } block[0] &= (byte)(0x7f); byte[] b = cipher.ProcessBlock(block, 0, block.Length); ClearBlock(mBuf); ClearBlock(block); messageLength = 0; return(b); }
private void FillCryptoBytes(byte[] bytes) { random.NextBytes(bytes); // generates 8 random bytes }
public void InitAsync(Action <Tuple <byte[], long?, long?> > callback, Action <TLRPCError> faultCallback = null) { var authTime = Stopwatch.StartNew(); var newNonce = TLInt256.Random(); #if LOG_REGISTRATION TLUtils.WriteLog("Start ReqPQ"); #endif var nonce = TLInt128.Random(); ReqPQAsync(nonce, resPQ => { var serverNonce = resPQ.ServerNonce; if (nonce != resPQ.Nonce) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect nonce" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqPQ with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqPQ"); #endif TimeSpan calcTime; Tuple <ulong, ulong> pqPair; var innerData = GetInnerData(resPQ, newNonce, out calcTime, out pqPair); var encryptedInnerData = GetEncryptedInnerData(innerData, null); #if LOG_REGISTRATION var pq = BitConverter.ToUInt64(resPQ.PQ.Reverse().ToArray(), 0); var logPQString = new StringBuilder(); logPQString.AppendLine("PQ Counters"); logPQString.AppendLine(); logPQString.AppendLine("pq: " + pq); logPQString.AppendLine("p: " + pqPair.Item1); logPQString.AppendLine("q: " + pqPair.Item2); logPQString.AppendLine("encrypted_data length: " + encryptedInnerData.Length); TLUtils.WriteLog(logPQString.ToString()); TLUtils.WriteLog("Start ReqDHParams"); #endif ReqDHParamsAsync( resPQ.Nonce, resPQ.ServerNonce, innerData.P, innerData.Q, resPQ.ServerPublicKeyFingerprints[0], encryptedInnerData, serverDHParams => { if (nonce != serverDHParams.Nonce) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect nonce" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } if (serverNonce != serverDHParams.ServerNonce) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect server_nonce" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams"); #endif var random = new SecureRandom(); var serverDHParamsOk = serverDHParams as TLServerDHParamsOk; if (serverDHParamsOk == null) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "Incorrect serverDHParams " + serverDHParams.GetType() }; if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); #if LOG_REGISTRATION TLUtils.WriteLog("ServerDHParams " + serverDHParams); #endif return; } var aesParams = GetAesKeyIV(resPQ.ServerNonce.ToArray(), newNonce.ToArray()); var decryptedAnswerWithHash = Utils.AesIge(serverDHParamsOk.EncryptedAnswer, aesParams.Item1, aesParams.Item2, false); //var position = 0; //var serverDHInnerData = (TLServerDHInnerData)new TLServerDHInnerData().FromBytes(decryptedAnswerWithHash.Skip(20).ToArray(), ref position); var serverDHInnerData = TLFactory.From <TLServerDHInnerData>(decryptedAnswerWithHash.Skip(20).ToArray()); var sha1 = Utils.ComputeSHA1(serverDHInnerData.ToArray()); if (!TLUtils.ByteArraysEqual(sha1, decryptedAnswerWithHash.Take(20).ToArray())) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect sha1 TLServerDHInnerData" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } if (!TLUtils.CheckPrime(serverDHInnerData.DHPrime, serverDHInnerData.G)) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect (p, q) pair" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } if (!TLUtils.CheckGaAndGb(serverDHInnerData.GA, serverDHInnerData.DHPrime)) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect g_a" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } var bBytes = new byte[256]; //big endian B random.NextBytes(bBytes); var gbBytes = GetGB(bBytes, serverDHInnerData.G, serverDHInnerData.DHPrime); var clientDHInnerData = new TLClientDHInnerData { Nonce = resPQ.Nonce, ServerNonce = resPQ.ServerNonce, RetryId = 0, GB = gbBytes }; var encryptedClientDHInnerData = GetEncryptedClientDHInnerData(clientDHInnerData, aesParams); #if LOG_REGISTRATION TLUtils.WriteLog("Start SetClientDHParams"); #endif SetClientDHParamsAsync(resPQ.Nonce, resPQ.ServerNonce, encryptedClientDHInnerData, dhGen => { if (nonce != dhGen.Nonce) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect nonce" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop SetClientDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } if (serverNonce != dhGen.ServerNonce) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "incorrect server_nonce" }; #if LOG_REGISTRATION TLUtils.WriteLog("Stop SetClientDHParams with error " + error); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); } var dhGenOk = dhGen as TLDHGenOk; if (dhGenOk == null) { var error = new TLRPCError { ErrorCode = 404, ErrorMessage = "Incorrect dhGen " + dhGen.GetType() }; if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); #if LOG_REGISTRATION TLUtils.WriteLog("DHGen result " + serverDHParams); #endif return; } _authTimeElapsed = authTime.Elapsed; #if LOG_REGISTRATION TLUtils.WriteLog("Stop SetClientDHParams"); #endif var getKeyTimer = Stopwatch.StartNew(); var authKey = GetAuthKey(bBytes, serverDHInnerData.GA.ToBytes(), serverDHInnerData.DHPrime.ToBytes()); var logCountersString = new StringBuilder(); logCountersString.AppendLine("Auth Counters"); logCountersString.AppendLine(); logCountersString.AppendLine("pq factorization time: " + calcTime); logCountersString.AppendLine("calc auth key time: " + getKeyTimer.Elapsed); logCountersString.AppendLine("auth time: " + _authTimeElapsed); #if LOG_REGISTRATION TLUtils.WriteLog(logCountersString.ToString()); #endif //newNonce - little endian //authResponse.ServerNonce - little endian var salt = GetSalt(newNonce.ToArray(), resPQ.ServerNonce.ToArray()); var sessionId = new byte[8]; random.NextBytes(sessionId); TLUtils.WriteLine("Salt " + BitConverter.ToInt64(salt, 0) + " (" + BitConverter.ToString(salt) + ")"); TLUtils.WriteLine("Session id " + BitConverter.ToInt64(sessionId, 0) + " (" + BitConverter.ToString(sessionId) + ")"); callback(new Tuple <byte[], long?, long?>(authKey, BitConverter.ToInt64(salt, 0), BitConverter.ToInt64(sessionId, 0))); }, error => { #if LOG_REGISTRATION TLUtils.WriteLog("Stop SetClientDHParams with error " + error.ToString()); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); }); }, error => { #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqDHParams with error " + error.ToString()); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); }); }, error => { #if LOG_REGISTRATION TLUtils.WriteLog("Stop ReqPQ with error " + error.ToString()); #endif if (faultCallback != null) { faultCallback(error); } TLUtils.WriteLine(error.ToString()); }); }
public void WriteObject( object obj, string algorithm, char[] password, SecureRandom random) { if (obj == null) { throw new ArgumentNullException("obj"); } if (algorithm == null) { throw new ArgumentNullException("algorithm"); } if (password == null) { throw new ArgumentNullException("password"); } if (random == null) { throw new ArgumentNullException("random"); } if (obj is AsymmetricCipherKeyPair) { WriteObject(((AsymmetricCipherKeyPair)obj).Private, algorithm, password, random); return; } string type = null; byte[] keyData = null; if (obj is AsymmetricKeyParameter) { AsymmetricKeyParameter akp = (AsymmetricKeyParameter)obj; if (akp.IsPrivate) { string keyType; keyData = EncodePrivateKey(akp, out keyType); type = keyType + " PRIVATE KEY"; } } if (type == null || keyData == null) { // TODO Support other types? throw new ArgumentException("Object type not supported: " + obj.GetType().FullName, "obj"); } string dekAlgName = algorithm.ToUpper(CultureInfo.InvariantCulture); // Note: For backward compatibility if (dekAlgName == "DESEDE") { dekAlgName = "DES-EDE3-CBC"; } int ivLength = dekAlgName.StartsWith("AES-") ? 16 : 8; byte[] iv = new byte[ivLength]; random.NextBytes(iv); byte[] encData = PemUtilities.Crypt(true, keyData, password, dekAlgName, iv); byte[] hexIV = Hex.Encode(iv); WritePemBlock(type, encData, "Proc-Type: 4,ENCRYPTED", "DEK-Info: " + dekAlgName + "," + Encoding.ASCII.GetString(hexIV, 0, hexIV.Length)); }
public Tuple <string, byte[]> Post(byte[] body, ControllerSession session) { var parts = TLVParser.Parse(body); var state = parts.GetTypeAsInt(Constants.State); if (state == 1) { Console.WriteLine("* Pair Verify Step 1/4"); Console.WriteLine("* Verify Start Request"); var clientPublicKey = parts.GetType(Constants.PublicKey); byte[] privateKey = new byte[32]; SecureRandom random = new SecureRandom(); random.NextBytes(privateKey); var publicKey = Curve25519.GetPublicKey(privateKey); var sharedSecret = Curve25519.GetSharedSecret(privateKey, clientPublicKey); var serverUsername = Encoding.UTF8.GetBytes(Program.ID); byte[] material = publicKey.Concat(serverUsername).Concat(clientPublicKey).ToArray(); var accessoryLTSK = File.ReadAllBytes("PrivateKey"); byte[] proof = Ed25519.Sign(material, accessoryLTSK); HKDF g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Info")); var outputKey = g.GetBytes(32); TLV encoder = new TLV(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.Signature, proof); byte[] plaintext = TLVParser.Serialise(encoder); var nonce = Cnv.FromHex("00000000").Concat(Encoding.UTF8.GetBytes("PV-Msg02")).ToArray(); var aad = new byte[0]; byte[] outputTag = new byte[0]; var encryptedOutput = Aead.Encrypt(out outputTag, plaintext, outputKey, nonce, aad, Aead.Algorithm.Chacha20_Poly1305); byte[] ret = encryptedOutput.Concat(outputTag).ToArray(); TLV responseTLV = new TLV(); responseTLV.AddType(Constants.State, 2); responseTLV.AddType(Constants.PublicKey, publicKey); responseTLV.AddType(Constants.EncryptedData, ret); // Store the details on the session. // session.ClientPublicKey = clientPublicKey; session.PrivateKey = privateKey; session.PublicKey = publicKey; session.SharedSecret = sharedSecret; session.HkdfPairEncKey = outputKey; var encSalt = Encoding.UTF8.GetBytes("Control-Salt"); var infoRead = Encoding.UTF8.GetBytes("Control-Read-Encryption-Key"); var infoWrite = Encoding.UTF8.GetBytes("Control-Write-Encryption-Key"); g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, encSalt, infoRead); session.AccessoryToControllerKey = g.GetBytes(32); g = new HKDF(() => { return(new HMACSHA512()); }, sharedSecret, encSalt, infoWrite); session.ControllerToAccessoryKey = g.GetBytes(32); var output = TLVParser.Serialise(responseTLV); return(new Tuple <string, byte[]>("application/pairing+tlv8", output)); } else if (state == 3) { Console.WriteLine("* Pair Verify Step 3/4"); Console.WriteLine("* Verify Start Request"); // We're looking good here. Need to set the encryption/settings on this session. // session.IsVerified = true; session.SkipFirstEncryption = true; TLV responseTLV = new TLV(); responseTLV.AddType(Constants.State, 4); var output = TLVParser.Serialise(responseTLV); return(new Tuple <string, byte[]>("application/pairing+tlv8", output)); } return(null); }
// private string GetHexEncoded(byte[] bytes) // { // bytes = Hex.Encode(bytes); // // char[] chars = new char[bytes.Length]; // // for (int i = 0; i != bytes.Length; i++) // { // chars[i] = (char)bytes[i]; // } // // return new string(chars); // } private static PemObject CreatePemObject( object obj, string algorithm, char[] password, SecureRandom random) { if (obj == null) { throw new ArgumentNullException("obj"); } if (algorithm == null) { throw new ArgumentNullException("algorithm"); } if (password == null) { throw new ArgumentNullException("password"); } if (random == null) { throw new ArgumentNullException("random"); } if (obj is AsymmetricCipherKeyPair) { return(CreatePemObject(((AsymmetricCipherKeyPair)obj).Private, algorithm, password, random)); } string type = null; byte[] keyData = null; if (obj is AsymmetricKeyParameter) { AsymmetricKeyParameter akp = (AsymmetricKeyParameter)obj; if (akp.IsPrivate) { string keyType; keyData = EncodePrivateKey(akp, out keyType); type = keyType + " PRIVATE KEY"; } } if (type == null || keyData == null) { // TODO Support other types? throw new PemGenerationException("Object type not supported: " + Platform.GetTypeName(obj)); } string dekAlgName = Platform.ToUpperInvariant(algorithm); // Note: For backward compatibility if (dekAlgName == "DESEDE") { dekAlgName = "DES-EDE3-CBC"; } int ivLength = Platform.StartsWith(dekAlgName, "AES-") ? 16 : 8; byte[] iv = new byte[ivLength]; random.NextBytes(iv); byte[] encData = PemUtilities.Crypt(true, keyData, password, dekAlgName, iv); IList headers = Platform.CreateArrayList(2); headers.Add(new PemHeader("Proc-Type", "4,ENCRYPTED")); headers.Add(new PemHeader("DEK-Info", dekAlgName + "," + Hex.ToHexString(iv))); return(new PemObject(type, headers, encData)); }
public virtual void Connect(TlsClient tlsClient) { if (tlsClient == null) { throw new ArgumentNullException("tlsClient"); } if (this.tlsClient != null) { throw new InvalidOperationException("Connect can only be called once"); } /* * Send Client hello * * First, generate some random data. */ this.securityParameters = new SecurityParameters(); this.securityParameters.clientRandom = new byte[32]; random.NextBytes(securityParameters.clientRandom, 4, 28); TlsUtilities.WriteGmtUnixTime(securityParameters.clientRandom, 0); this.tlsClientContext = new TlsClientContextImpl(random, securityParameters); this.tlsClient = tlsClient; this.tlsClient.Init(tlsClientContext); MemoryStream outStr = new MemoryStream(); TlsUtilities.WriteVersion(outStr); outStr.Write(securityParameters.clientRandom, 0, 32); /* * Length of Session id */ TlsUtilities.WriteUint8(0, outStr); this.offeredCipherSuites = this.tlsClient.GetCipherSuites(); // ExtensionType -> byte[] this.clientExtensions = this.tlsClient.GetClientExtensions(); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. * The client MUST include either an empty "renegotiation_info" * extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling * cipher suite value in the ClientHello. Including both is NOT * RECOMMENDED. */ bool noRenegExt = clientExtensions == null || !clientExtensions.Contains(ExtensionType.renegotiation_info); int count = offeredCipherSuites.Length; if (noRenegExt) { // Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV ++count; } TlsUtilities.WriteUint16(2 * count, outStr); for (int i = 0; i < offeredCipherSuites.Length; ++i) { TlsUtilities.WriteUint16((int)offeredCipherSuites[i], outStr); } if (noRenegExt) { TlsUtilities.WriteUint16((int)CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, outStr); } } /* * Compression methods, just the null method. */ this.offeredCompressionMethods = tlsClient.GetCompressionMethods(); { TlsUtilities.WriteUint8((byte)offeredCompressionMethods.Length, outStr); for (int i = 0; i < offeredCompressionMethods.Length; ++i) { TlsUtilities.WriteUint8((byte)offeredCompressionMethods[i], outStr); } } // Extensions if (clientExtensions != null) { MemoryStream ext = new MemoryStream(); foreach (ExtensionType extType in clientExtensions.Keys) { WriteExtension(ext, extType, (byte[])clientExtensions[extType]); } TlsUtilities.WriteOpaque16(ext.ToArray(), outStr); } MemoryStream bos = new MemoryStream(); TlsUtilities.WriteUint8((byte)HandshakeType.client_hello, bos); TlsUtilities.WriteUint24((int)outStr.Length, bos); byte[] outBytes = outStr.ToArray(); bos.Write(outBytes, 0, outBytes.Length); byte[] message = bos.ToArray(); SafeWriteMessage(ContentType.handshake, message, 0, message.Length); connection_state = CS_CLIENT_HELLO_SEND; /* * We will now read data, until we have completed the handshake. */ while (connection_state != CS_DONE) { SafeReadData(); } this.tlsStream = new TlsStream(this); }
public void SetupGenerateKey() { privateKey = new byte[Ed25519.SecretKeySize]; publicKey = new byte[Ed25519.PublicKeySize]; Random.NextBytes(privateKey); }
/// <summary> /// <p> /// If buffer is non null stream assumed to be partial, otherwise the length will be used /// to output a fixed length packet. /// </p> /// <p> /// The stream created can be closed off by either calling Close() /// on the stream or Close() on the generator. Closing the returned /// stream does not close off the Stream parameter <c>outStr</c>. /// </p> /// </summary> private Stream Open( Stream outStr, long length, byte[] buffer) { if (cOut != null) { throw new InvalidOperationException("generator already in open state"); } if (methods.Count == 0) { throw new InvalidOperationException("No encryption methods specified"); } if (outStr == null) { throw new ArgumentNullException("outStr"); } pOut = new BcpgOutputStream(outStr); KeyParameter key; if (methods.Count == 1) { if (methods[0] is PbeMethod) { PbeMethod m = (PbeMethod)methods[0]; key = m.GetKey(); } else { key = PgpUtilities.MakeRandomKey(defAlgorithm, rand); byte[] sessionInfo = CreateSessionInfo(defAlgorithm, key); PubMethod m = (PubMethod)methods[0]; try { m.AddSessionInfo(sessionInfo, rand); } catch (Exception e) { throw new PgpException("exception encrypting session key", e); } } pOut.WritePacket((ContainedPacket)methods[0]); } else // multiple methods { key = PgpUtilities.MakeRandomKey(defAlgorithm, rand); byte[] sessionInfo = CreateSessionInfo(defAlgorithm, key); for (int i = 0; i != methods.Count; i++) { EncMethod m = (EncMethod)methods[i]; try { m.AddSessionInfo(sessionInfo, rand); } catch (Exception e) { throw new PgpException("exception encrypting session key", e); } pOut.WritePacket(m); } } string cName = PgpUtilities.GetSymmetricCipherName(defAlgorithm); if (cName == null) { throw new PgpException("null cipher specified"); } try { if (withIntegrityPacket) { cName += "/CFB/NoPadding"; } else { cName += "/OpenPGPCFB/NoPadding"; } c = CipherUtilities.GetCipher(cName); // TODO Confirm the IV should be all zero bytes (not inLineIv - see below) byte[] iv = new byte[c.GetBlockSize()]; c.Init(true, new ParametersWithRandom(new ParametersWithIV(key, iv), rand)); if (buffer == null) { // // we have to Add block size + 2 for the Generated IV and + 1 + 22 if integrity protected // if (withIntegrityPacket) { pOut = new BcpgOutputStream(outStr, PacketTag.SymmetricEncryptedIntegrityProtected, length + c.GetBlockSize() + 2 + 1 + 22); pOut.WriteByte(1); // version number } else { pOut = new BcpgOutputStream(outStr, PacketTag.SymmetricKeyEncrypted, length + c.GetBlockSize() + 2, oldFormat); } } else { if (withIntegrityPacket) { pOut = new BcpgOutputStream(outStr, PacketTag.SymmetricEncryptedIntegrityProtected, buffer); pOut.WriteByte(1); // version number } else { pOut = new BcpgOutputStream(outStr, PacketTag.SymmetricKeyEncrypted, buffer); } } int blockSize = c.GetBlockSize(); byte[] inLineIv = new byte[blockSize + 2]; rand.NextBytes(inLineIv, 0, blockSize); Array.Copy(inLineIv, inLineIv.Length - 4, inLineIv, inLineIv.Length - 2, 2); Stream myOut = cOut = new CipherStream(pOut, null, c); if (withIntegrityPacket) { string digestName = PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1); IDigest digest = DigestUtilities.GetDigest(digestName); myOut = digestOut = new DigestStream(myOut, null, digest); } myOut.Write(inLineIv, 0, inLineIv.Length); return(new WrappedGeneratorStream(this, myOut)); } catch (Exception e) { throw new PgpException("Exception creating cipher", e); } }
public void GenerateBits() { using (var random = new SecureRandom()) { random.NextBytes(new byte[10]); } }
/// <summary> /// Helper that generates a random new key on each call. /// </summary> /// <returns></returns> public static byte[] NewKey() { byte[] key = new byte[KeyBitSize / 8]; Random.NextBytes(key); return(key); }
public void GenerateBitsWithNullArgument() { using (var random = new SecureRandom()) { random.NextBytes(null); } }
internal RecipientInfo ToRecipientInfo( KeyParameter key, SecureRandom random) { byte[] keyBytes = key.GetKey(); if (pubKey != null) { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, new ParametersWithRandom(pubKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientIdentifier recipId; if (cert != null) { TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray(cert.GetTbsCertificate())); Asn1.Cms.IssuerAndSerialNumber encSid = new Asn1.Cms.IssuerAndSerialNumber( tbs.Issuer, tbs.SerialNumber.Value); recipId = new RecipientIdentifier(encSid); } else { recipId = new RecipientIdentifier(subKeyId); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncAlg, encKey))); } else if (originator != null) { IWrapper keyWrapper = Helper.CreateWrapper( DerObjectIdentifier.GetInstance( Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id); keyWrapper.Init(true, new ParametersWithRandom(secKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientEncryptedKey rKey = new RecipientEncryptedKey( new KeyAgreeRecipientIdentifier( new Asn1.Cms.IssuerAndSerialNumber( PrincipalUtilities.GetIssuerX509Principal(cert), cert.SerialNumber)), encKey); return(new RecipientInfo( new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg, new DerSequence(rKey)))); } else if (derivationAlg != null) { string rfc3211WrapperName = Helper.GetRfc3211WrapperName(secKeyAlgorithm); IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName); // Note: In Java build, the IV is automatically generated in JCE layer int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16; byte[] iv = new byte[ivLength]; random.NextBytes(iv); ICipherParameters parameters = new ParametersWithIV(secKey, iv); keyWrapper.Init(true, new ParametersWithRandom(parameters, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); // byte[] iv = keyWrapper.GetIV(); DerSequence seq = new DerSequence( new DerObjectIdentifier(secKeyAlgorithm), new DerOctetString(iv)); keyEncAlg = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgPwriKek, seq); return(new RecipientInfo(new PasswordRecipientInfo(derivationAlg, keyEncAlg, encKey))); } else { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, new ParametersWithRandom(secKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); return(new RecipientInfo(new KekRecipientInfo(secKeyId, keyEncAlg, encKey))); } }
private static double MeasureChiSquared(SecureRandom random, int rounds) { byte[] opts = random.GenerateSeed(2); int[] counts = new int[256]; byte[] bs = new byte[256]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b]]; } } byte mask = opts[0]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b] ^ mask]; } ++mask; } byte shift = opts[1]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[(byte)(bs[b] + shift)]; } ++shift; } int total = 3 * rounds; double chi2 = 0; for (int k = 0; k < counts.Length; ++k) { double diff = ((double) counts[k]) - total; double diff2 = diff * diff; chi2 += diff2; } chi2 /= total; return chi2; }
/** * which Generates the p and g values from the given parameters, * returning the DsaParameters object. * <p> * Note: can take a while... */ public DsaParameters GenerateParameters() { byte[] seed = new byte[20]; byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; Sha1Digest sha1 = new Sha1Digest(); int n = (size - 1) / 160; byte[] w = new byte[size / 8]; BigInteger q = null, p = null, g = null; int counter = 0; bool primesFound = false; while (!primesFound) { do { random.NextBytes(seed); sha1.BlockUpdate(seed, 0, seed.Length); sha1.DoFinal(part1, 0); Array.Copy(seed, 0, part2, 0, seed.Length); Add(part2, seed, 1); sha1.BlockUpdate(part2, 0, part2.Length); sha1.DoFinal(part2, 0); for (int i = 0; i != u.Length; i++) { u[i] = (byte)(part1[i] ^ part2[i]); } u[0] |= (byte)0x80; u[19] |= (byte)0x01; q = new BigInteger(1, u); }while (!q.IsProbablePrime(certainty)); counter = 0; int offset = 2; while (counter < 4096) { for (int k = 0; k < n; k++) { Add(part1, seed, offset + k); sha1.BlockUpdate(part1, 0, part1.Length); sha1.DoFinal(part1, 0); Array.Copy(part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length); } Add(part1, seed, offset + n); sha1.BlockUpdate(part1, 0, part1.Length); sha1.DoFinal(part1, 0); Array.Copy(part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length); w[0] |= (byte)0x80; BigInteger x = new BigInteger(1, w); BigInteger c = x.Mod(q.ShiftLeft(1)); p = x.Subtract(c.Subtract(BigInteger.One)); if (p.TestBit(size - 1)) { if (p.IsProbablePrime(certainty)) { primesFound = true; break; } } counter += 1; offset += n + 1; } } // // calculate the generator g // BigInteger pMinusOneOverQ = p.Subtract(BigInteger.One).Divide(q); for (;;) { BigInteger h = new BigInteger(size, random); if (h.CompareTo(BigInteger.One) <= 0 || h.CompareTo(p.Subtract(BigInteger.One)) >= 0) { continue; } g = h.ModPow(pMinusOneOverQ, p); if (g.CompareTo(BigInteger.One) <= 0) { continue; } break; } return(new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter))); }
public void Save( Stream stream, char[] password, SecureRandom random) { if (stream == null) { throw new ArgumentNullException("stream"); } if (password == null) { throw new ArgumentNullException("password"); } if (random == null) { throw new ArgumentNullException("random"); } // // handle the key // Asn1EncodableVector keyS = new Asn1EncodableVector(); foreach (string name in keys.Keys) { byte[] kSalt = new byte[SaltSize]; random.NextBytes(kSalt); AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name]; EncryptedPrivateKeyInfo kInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( keyAlgorithm, password, kSalt, MinIterations, privKey.Key); Asn1EncodableVector kName = new Asn1EncodableVector(); foreach (string oid in privKey.BagAttributeKeys) { Asn1Encodable entry = privKey[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } kName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { X509CertificateEntry ct = GetCertificate(name); AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } SafeBag kBag = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, kInfo.ToAsn1Object(), new DerSet(kName)); keyS.Add(kBag); } byte[] derEncodedBytes = new DerSequence(keyS).GetDerEncoded(); BerOctetString keyString = new BerOctetString(derEncodedBytes); // // certificate processing // byte[] cSalt = new byte[SaltSize]; random.NextBytes(cSalt); Asn1EncodableVector certSeq = new Asn1EncodableVector(); Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations); AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object()); ISet doneCerts = new HashSet(); foreach (string name in keys.Keys) { X509CertificateEntry certEntry = GetCertificate(name); CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certEntry.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in certEntry.BagAttributeKeys) { Asn1Encodable entry = certEntry[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } SafeBag sBag = new SafeBag( PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); doneCerts.Add(certEntry.Certificate); } foreach (string certId in certs.Keys) { X509CertificateEntry cert = (X509CertificateEntry)certs[certId]; if (keys[certId] != null) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } Asn1Encodable entry = cert[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'certId' //if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(certId)))); } SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); doneCerts.Add(cert.Certificate); } foreach (CertId certId in chainCerts.Keys) { X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId]; if (doneCerts.Contains(cert.Certificate)) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(cert[oid]))); } SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); } derEncodedBytes = new DerSequence(certSeq).GetDerEncoded(); byte[] certBytes = CryptPbeData(true, cAlgId, password, false, derEncodedBytes); EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes)); ContentInfo[] info = new ContentInfo[] { new ContentInfo(PkcsObjectIdentifiers.Data, keyString), new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object()) }; byte[] data = new AuthenticatedSafe(info).GetEncoded( useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber); ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data)); // // create the mac // byte[] mSalt = new byte[20]; random.NextBytes(mSalt); byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1, mSalt, MinIterations, password, false, data); AlgorithmIdentifier algId = new AlgorithmIdentifier( OiwObjectIdentifiers.IdSha1, DerNull.Instance); DigestInfo dInfo = new DigestInfo(algId, mac); MacData mData = new MacData(dInfo, mSalt, MinIterations); // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); DerOutputStream derOut; if (useDerEncoding) { derOut = new DerOutputStream(stream); } else { derOut = new BerOutputStream(stream); } derOut.WriteObject(pfx); }
/// <summary> /// Encryption constructor to create a new random key from an intermediate /// </summary> public Bip38KeyPair(Bip38Intermediate intermediate, bool retainPrivateKeyWhenPossible = false) { // generate seedb byte[] seedb = new byte[24]; SecureRandom sr = new SecureRandom(); sr.NextBytes(seedb); // get factorb as sha256(sha256(seedb)) Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(seedb, 0, 24); factorb = new byte[32]; sha256.DoFinal(factorb, 0); sha256.BlockUpdate(factorb, 0, 32); sha256.DoFinal(factorb, 0); // get ECPoint from passpoint PublicKey pk = new PublicKey(intermediate.passpoint); ECPoint generatedpoint = pk.GetECPoint().Multiply(new BigInteger(1, factorb)); byte[] generatedpointbytes = generatedpoint.GetEncoded(); PublicKey generatedaddress = new PublicKey(generatedpointbytes); // get addresshash UTF8Encoding utf8 = new UTF8Encoding(false); byte[] generatedaddressbytes = utf8.GetBytes(generatedaddress.AddressBase58); sha256.BlockUpdate(generatedaddressbytes, 0, generatedaddressbytes.Length); byte[] addresshashfull = new byte[32]; sha256.DoFinal(addresshashfull, 0); sha256.BlockUpdate(addresshashfull, 0, 32); sha256.DoFinal(addresshashfull, 0); byte[] addresshashplusownerentropy = new byte[12]; Array.Copy(addresshashfull, 0, addresshashplusownerentropy, 0, 4); Array.Copy(intermediate.ownerentropy, 0, addresshashplusownerentropy, 4, 8); // derive encryption key material derived = new byte[64]; CryptSharp.Utility.SCrypt.ComputeKey(intermediate.passpoint, addresshashplusownerentropy, 1024, 1, 1, 1, derived); byte[] derivedhalf2 = new byte[32]; Array.Copy(derived, 32, derivedhalf2, 0, 32); byte[] unencryptedpart1 = new byte[16]; for (int i = 0; i < 16; i++) { unencryptedpart1[i] = (byte)(seedb[i] ^ derived[i]); } byte[] encryptedpart1 = new byte[16]; // encrypt it var aes = Aes.Create(); aes.KeySize = 256; aes.Mode = CipherMode.ECB; aes.Key = derivedhalf2; ICryptoTransform encryptor = aes.CreateEncryptor(); encryptor.TransformBlock(unencryptedpart1, 0, 16, encryptedpart1, 0); encryptor.TransformBlock(unencryptedpart1, 0, 16, encryptedpart1, 0); byte[] unencryptedpart2 = new byte[16]; for (int i = 0; i < 8; i++) { unencryptedpart2[i] = (byte)(encryptedpart1[i + 8] ^ derived[i + 16]); } for (int i = 0; i < 8; i++) { unencryptedpart2[i + 8] = (byte)(seedb[i + 16] ^ derived[i + 24]); } byte[] encryptedpart2 = new byte[16]; encryptor.TransformBlock(unencryptedpart2, 0, 16, encryptedpart2, 0); encryptor.TransformBlock(unencryptedpart2, 0, 16, encryptedpart2, 0); byte[] result = new byte[39]; result[0] = 0x01; result[1] = 0x43; result[2] = generatedaddress.IsCompressedPoint ? (byte)0x20 : (byte)0x00; if (intermediate.LotSequencePresent) { result[2] |= 0x04; } Array.Copy(addresshashfull, 0, result, 3, 4); Array.Copy(intermediate.ownerentropy, 0, result, 7, 8); Array.Copy(encryptedpart1, 0, result, 15, 8); Array.Copy(encryptedpart2, 0, result, 23, 16); _encryptedKey = Util.ByteArrayToBase58Check(result); _pubKey = generatedaddress.PublicKeyBytes; _hash160 = generatedaddress.Hash160; var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); if (retainPrivateKeyWhenPossible && intermediate.passfactor != null) { BigInteger privatekey = new BigInteger(1, intermediate.passfactor).Multiply(new BigInteger(1, factorb)).Mod(ps.N); _privKey = new KeyPair(privatekey).PrivateKeyBytes; } // create the confirmation code confirmationCodeInfo = new byte[51]; // constant provides for prefix "cfrm38" confirmationCodeInfo[0] = 0x64; confirmationCodeInfo[1] = 0x3B; confirmationCodeInfo[2] = 0xF6; confirmationCodeInfo[3] = 0xA8; confirmationCodeInfo[4] = 0x9A; // fields for flagbyte, addresshash, and ownerentropy all copy verbatim Array.Copy(result, 2, confirmationCodeInfo, 5, 1 + 4 + 8); }