public virtual void Init(bool forEncryption, ICipherParameters parameters) { ICipherParameters key; this.forEncryption = forEncryption; if (parameters is AeadParameters) { AeadParameters parameters3 = (AeadParameters)parameters; this.nonce = parameters3.GetNonce(); this.initialAssociatedText = parameters3.GetAssociatedText(); this.macSize = parameters3.MacSize / 8; key = parameters3.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to CCM"); } ParametersWithIV hiv = (ParametersWithIV)parameters; this.nonce = hiv.GetIV(); this.initialAssociatedText = null; this.macSize = this.macBlock.Length / 2; key = hiv.Parameters; } if (key != null) { this.keyParam = key; } if (((this.nonce == null) || (this.nonce.Length < 7)) || (this.nonce.Length > 13)) { throw new ArgumentException("nonce must have length from 7 to 13 octets"); } this.Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; ICipherParameters cipherParameters; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; this.nonce = aeadParameters.GetNonce(); this.initialAssociatedText = aeadParameters.GetAssociatedText(); this.macSize = aeadParameters.MacSize / 8; cipherParameters = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to CCM"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; this.nonce = parametersWithIV.GetIV(); this.initialAssociatedText = null; this.macSize = this.macBlock.Length / 2; cipherParameters = parametersWithIV.Parameters; } if (cipherParameters != null) { this.keyParam = cipherParameters; } if (this.nonce == null || this.nonce.Length < 7 || this.nonce.Length > 13) { throw new ArgumentException("nonce must have length from 7 to 13 octets"); } this.Reset(); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); associatedText = param.GetAssociatedText(); macSize = param.MacSize / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); associatedText = null; macSize = macBlock.Length / 2; keyParam = param.Parameters; } else { throw new ArgumentException("invalid parameters passed to CCM"); } }
public void Init(bool pEncrypt, ICipherParameters cipherParameters) { /* Set defaults */ byte[] myInitialAEAD = null; byte[] myNonce = null; KeyParameter myKey = null; /* Access parameters */ if (cipherParameters is AeadParameters) { AeadParameters myAEAD = (AeadParameters)cipherParameters; myInitialAEAD = myAEAD.GetAssociatedText(); myNonce = myAEAD.GetNonce(); myKey = myAEAD.Key; } else if (cipherParameters is ParametersWithIV) { ParametersWithIV myParms = (ParametersWithIV)cipherParameters; myNonce = myParms.GetIV(); myKey = (KeyParameter)myParms.Parameters; } else { throw new ArgumentException("invalid parameters passed to GCM_SIV"); } /* Check nonceSize */ if (myNonce == null || myNonce.Length != NONCELEN) { throw new ArgumentException("Invalid nonce"); } /* Check keysize */ if (myKey == null) { throw new ArgumentException("Invalid key"); } byte[] k = myKey.GetKey(); if (k.Length != BUFLEN && k.Length != (BUFLEN << 1)) { throw new ArgumentException("Invalid key"); } /* Reset details */ forEncryption = pEncrypt; theInitialAEAD = myInitialAEAD; theNonce = myNonce; /* Initialise the keys */ deriveKeys(myKey); resetStreams(); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; KeyParameter keyParam; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); initialAssociatedText = null; keyParam = (KeyParameter)param.Parameters; } else { throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305"); } if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } // Geneate the key ChaChaX tmpCypher = new ChaChaX(); byte[] zero = new byte[32]; byte[] polyKey = new byte[32]; ParametersWithIV tmpKey = new ParametersWithIV(keyParam, nonce); tmpCypher.Init(true, tmpKey); tmpCypher.ProcessBytes(zero, 0, zero.Length, polyKey, 0); poly = new Poly1305(); KeyParameter tmpKey2 = new KeyParameter(polyKey); poly.Init(tmpKey2); chacha20 = new ChaChaX(); chacha20.Init(forEncryption, tmpKey); InitCipher(); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; byte[] nonce; ICipherParameters keyParam; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); macSize = param.MacSize / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); initialAssociatedText = null; macSize = mac.GetMacSize() / 2; keyParam = param.Parameters; } else { throw new ArgumentException("invalid parameters passed to EAX"); } byte[] tag = new byte[blockSize]; // Key reuse implemented in CBC mode of underlying CMac mac.Init(keyParam); tag[blockSize - 1] = (byte)Tag.N; mac.BlockUpdate(tag, 0, blockSize); mac.BlockUpdate(nonce, 0, nonce.Length); mac.DoFinal(nonceMac, 0); tag[blockSize - 1] = (byte)Tag.H; mac.BlockUpdate(tag, 0, blockSize); if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } // Same BlockCipher underlies this and the mac, so reuse last key on cipher cipher.Init(true, new ParametersWithIV(null, nonceMac)); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; byte[] nonce, associatedText; ICipherParameters keyParam; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); associatedText = param.GetAssociatedText(); macSize = param.MacSize / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); associatedText = new byte[0]; macSize = mac.GetMacSize() / 2; keyParam = param.Parameters; } else { throw new ArgumentException("invalid parameters passed to EAX"); } byte[] tag = new byte[blockSize]; mac.Init(keyParam); tag[blockSize - 1] = (byte)Tag.H; mac.BlockUpdate(tag, 0, blockSize); mac.BlockUpdate(associatedText, 0, associatedText.Length); mac.DoFinal(associatedTextMac, 0); tag[blockSize - 1] = (byte)Tag.N; mac.BlockUpdate(tag, 0, blockSize); mac.BlockUpdate(nonce, 0, nonce.Length); mac.DoFinal(nonceMac, 0); tag[blockSize - 1] = (byte)Tag.C; mac.BlockUpdate(tag, 0, blockSize); cipher.Init(true, new ParametersWithIV(keyParam, nonceMac)); }
public void Init(bool forEncryption, ICipherParameters parameters) { Reset(); this.forEncryption = forEncryption; ICipherParameters cipherParameters; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); if (param.MacSize > 512 || param.MacSize < 64) { throw new ArgumentException("invalid mac size parameter passed to KCCM"); } macSize = param.MacSize / 8; cipherParameters = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); initialAssociatedText = null; macSize = cipher.GetBlockSize(); cipherParameters = param.Parameters; } else { throw new ArgumentException("invalid parameters passed to KCCM"); } // NOTE: Very basic support for key re-use, but no performance gain from it if (cipherParameters != null) { keyParam = cipherParameters; } this.mac = new byte[macSize]; cipher.Init(true, keyParam); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; ICipherParameters cipherParameters; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); macSize = param.MacSize / 8; cipherParameters = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); initialAssociatedText = null; macSize = macBlock.Length / 2; cipherParameters = param.Parameters; } else { throw new ArgumentException("invalid parameters passed to CCM"); } // NOTE: Very basic support for key re-use, but no performance gain from it if (cipherParameters != null) { keyParam = cipherParameters; } if (nonce == null || nonce.Length < 7 || nonce.Length > 13) { throw new ArgumentException("nonce must have length from 7 to 13 octets"); } Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { ICipherParameters cipherParameters; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; if (param.MacSize > MAX_MAC_BIT_LENGTH || param.MacSize < MIN_MAC_BIT_LENGTH || param.MacSize % 8 != 0) { throw new ArgumentException("Invalid mac size specified"); } nonce = param.GetNonce(); macSize = param.MacSize / BITS_IN_BYTE; initialAssociatedText = param.GetAssociatedText(); cipherParameters = param.Key; } else if (parameters is ParametersWithIV) { nonce = ((ParametersWithIV)parameters).GetIV(); macSize = engine.GetBlockSize(); // use default blockSize for MAC if it is not specified initialAssociatedText = null; cipherParameters = ((ParametersWithIV)parameters).Parameters; } else { throw new ArgumentException("Invalid parameters specified"); } this.mac = new byte[macSize]; this.forEncryption = forEncryption; engine.Init(true, cipherParameters); counter[0] = 0x01; // defined in standard if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { //IL_007e: Unknown result type (might be due to invalid IL or missing references) this.forEncryption = forEncryption; byte[] array; ICipherParameters parameters2; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; array = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); macSize = aeadParameters.MacSize / 8; parameters2 = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to EAX"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; array = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = mac.GetMacSize() / 2; parameters2 = parametersWithIV.Parameters; } bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)]; byte[] array2 = new byte[blockSize]; mac.Init(parameters2); array2[blockSize - 1] = 0; mac.BlockUpdate(array2, 0, blockSize); mac.BlockUpdate(array, 0, array.Length); mac.DoFinal(nonceMac, 0); cipher.Init(forEncryption: true, new ParametersWithIV(null, nonceMac)); Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { //IL_0085: Unknown result type (might be due to invalid IL or missing references) //IL_00b9: Unknown result type (might be due to invalid IL or missing references) this.forEncryption = forEncryption; ICipherParameters cipherParameters; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; nonce = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); macSize = aeadParameters.MacSize / 8; cipherParameters = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to CCM"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; nonce = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = macBlock.Length / 2; cipherParameters = parametersWithIV.Parameters; } if (cipherParameters != null) { keyParam = cipherParameters; } if (nonce == null || nonce.Length < 7 || nonce.Length > 13) { throw new ArgumentException("nonce must have length from 7 to 13 octets"); } Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { byte[] nonce; ICipherParameters key; this.forEncryption = forEncryption; if (parameters is AeadParameters) { AeadParameters parameters3 = (AeadParameters)parameters; nonce = parameters3.GetNonce(); this.initialAssociatedText = parameters3.GetAssociatedText(); this.macSize = parameters3.MacSize / 8; key = parameters3.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to EAX"); } ParametersWithIV hiv = (ParametersWithIV)parameters; nonce = hiv.GetIV(); this.initialAssociatedText = null; this.macSize = this.mac.GetMacSize() / 2; key = hiv.Parameters; } this.bufBlock = new byte[!forEncryption ? (this.blockSize + this.macSize) : this.blockSize]; byte[] input = new byte[this.blockSize]; this.mac.Init(key); input[this.blockSize - 1] = 0; this.mac.BlockUpdate(input, 0, this.blockSize); this.mac.BlockUpdate(nonce, 0, nonce.Length); this.mac.DoFinal(this.nonceMac, 0); this.cipher.Init(true, new ParametersWithIV(null, this.nonceMac)); this.Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; byte[] array; ICipherParameters parameters2; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; array = aeadParameters.GetNonce(); this.initialAssociatedText = aeadParameters.GetAssociatedText(); this.macSize = aeadParameters.MacSize / 8; parameters2 = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to EAX"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; array = parametersWithIV.GetIV(); this.initialAssociatedText = null; this.macSize = this.mac.GetMacSize() / 2; parameters2 = parametersWithIV.Parameters; } this.bufBlock = new byte[forEncryption ? this.blockSize : (this.blockSize + this.macSize)]; byte[] array2 = new byte[this.blockSize]; this.mac.Init(parameters2); array2[this.blockSize - 1] = 0; this.mac.BlockUpdate(array2, 0, this.blockSize); this.mac.BlockUpdate(array, 0, array.Length); this.mac.DoFinal(this.nonceMac, 0); this.cipher.Init(true, new ParametersWithIV(null, this.nonceMac)); this.Reset(); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { //IL_005e: Unknown result type (might be due to invalid IL or missing references) //IL_00b3: Unknown result type (might be due to invalid IL or missing references) //IL_00f0: Unknown result type (might be due to invalid IL or missing references) //IL_0154: Unknown result type (might be due to invalid IL or missing references) this.forEncryption = forEncryption; macBlock = null; KeyParameter keyParameter; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; nonce = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int num = aeadParameters.MacSize; if (num < 32 || num > 128 || num % 8 != 0) { throw new ArgumentException(string.Concat((object)"Invalid value for MAC size: ", (object)num)); } macSize = num / 8; keyParameter = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to GCM"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; nonce = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter)parametersWithIV.Parameters; } int num2 = (forEncryption ? 16 : (16 + macSize)); bufBlock = new byte[num2]; if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (keyParameter != null) { cipher.Init(forEncryption: true, keyParameter); H = new byte[16]; cipher.ProcessBlock(H, 0, H, 0); multiplier.Init(H); exp = null; } else if (H == null) { throw new ArgumentException("Key must be specified in initial init"); } J0 = new byte[16]; if (nonce.Length == 12) { global::System.Array.Copy((global::System.Array)nonce, 0, (global::System.Array)J0, 0, nonce.Length); J0[15] = 1; } else { gHASH(J0, nonce, nonce.Length); byte[] array = new byte[16]; Pack.UInt64_To_BE((ulong)nonce.Length * 8uL, array, 8); gHASHBlock(J0, array); } S = new byte[16]; S_at = new byte[16]; S_atPre = new byte[16]; atBlock = new byte[16]; atBlockPos = 0; atLength = 0uL; atLengthPre = 0uL; counter = Arrays.Clone(J0); bufOff = 0; totalLength = 0uL; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
// Token: 0x060000E0 RID: 224 RVA: 0x00007CA0 File Offset: 0x00005EA0 public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; this.macBlock = null; this.initialised = true; if (!(parameters is AeadParameters)) { throw new ArgumentException("invalid parameters passed to GCM"); } AeadParameters aeadParameters = (AeadParameters)parameters; byte[] array = aeadParameters.GetNonce(); this.initialAssociatedText = aeadParameters.GetAssociatedText(); int num = aeadParameters.MacSize; if (num < 32 || num > 128 || num % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + num); } this.macSize = num / 8; KeyParameter key = aeadParameters.Key; int num2 = forEncryption ? 16 : (16 + this.macSize); this.bufBlock = new byte[num2]; if (array == null || array.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (forEncryption && this.nonce != null && Arrays.AreEqual(this.nonce, array)) { if (key == null) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } if (this.lastKey != null && Arrays.AreEqual(this.lastKey, key.GetKey())) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } } this.nonce = array; if (key != null) { this.lastKey = key.GetKey(); } if (key != null) { this.cipher.Init(true, key); this.H = new byte[16]; this.cipher.ProcessBlock(this.H, 0, this.H, 0); this.multiplier.Init(this.H); this.exp = null; } else if (this.H == null) { throw new ArgumentException("Key must be specified in initial init"); } this.J0 = new byte[16]; if (this.nonce.Length == 12) { Array.Copy(this.nonce, 0, this.J0, 0, this.nonce.Length); this.J0[15] = 1; } else { this.gHASH(this.J0, this.nonce, this.nonce.Length); byte[] array2 = new byte[16]; Pack.UInt64_To_BE((ulong)((long)this.nonce.Length * 8L), array2, 8); this.gHASHBlock(this.J0, array2); } this.S = new byte[16]; this.S_at = new byte[16]; this.S_atPre = new byte[16]; this.atBlock = new byte[16]; this.atBlockPos = 0; this.atLength = 0UL; this.atLengthPre = 0UL; this.counter = Arrays.Clone(this.J0); this.blocksRemaining = 4294967294U; this.bufOff = 0; this.totalLength = 0UL; if (this.initialAssociatedText != null) { this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length); } }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { bool oldForEncryption = this.forEncryption; this.forEncryption = forEncryption; this.macBlock = null; KeyParameter keyParameter; byte[] N; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; N = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int macSizeBits = aeadParameters.MacSize; if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParameter = aeadParameters.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; N = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter)parametersWithIV.Parameters; } else { throw new ArgumentException("invalid parameters passed to OCB"); } this.hashBlock = new byte[16]; this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)]; if (N == null) { N = new byte[0]; } if (N.Length > 15) { throw new ArgumentException("IV must be no more than 15 bytes"); } /* * KEY-DEPENDENT INITIALISATION */ if (keyParameter != null) { // hashCipher always used in forward mode hashCipher.Init(true, keyParameter); mainCipher.Init(forEncryption, keyParameter); KtopInput = null; } else if (oldForEncryption != forEncryption) { throw new ArgumentException("cannot change encrypting state without providing key."); } this.L_Asterisk = new byte[16]; hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0); this.L_Dollar = OCB_double(L_Asterisk); this.L = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList(); this.L.Add(OCB_double(L_Dollar)); /* * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION */ int bottom = ProcessNonce(N); int bits = bottom % 8, bytes = bottom / 8; if (bits == 0) { Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16); } else { for (int i = 0; i < 16; ++i) { uint b1 = Stretch[bytes]; uint b2 = Stretch[++bytes]; this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits))); } } this.hashBlockPos = 0; this.mainBlockPos = 0; this.hashBlockCount = 0; this.mainBlockCount = 0; this.OffsetHASH = new byte[16]; this.Sum = new byte[16]; Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16); this.Checksum = new byte[16]; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
/// <remarks> /// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits. /// Sizes less than 96 are not recommended, but are supported for specialized applications. /// </remarks> public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; this.macBlock = null; KeyParameter keyParam; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); int macSizeBits = param.MacSize; if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); initialAssociatedText = null; macSize = 16; keyParam = (KeyParameter)param.Parameters; } else { throw new ArgumentException("invalid parameters passed to GCM"); } int bufLength = forEncryption ? BlockSize : (BlockSize + macSize); this.bufBlock = new byte[bufLength]; if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } // TODO Restrict macSize to 16 if nonce length not 12? // Cipher always used in forward mode // if keyParam is null we're reusing the last key. if (keyParam != null) { cipher.Init(true, keyParam); this.H = new byte[BlockSize]; cipher.ProcessBlock(H, 0, H, 0); // if keyParam is null we're reusing the last key and the multiplier doesn't need re-init multiplier.Init(H); exp = null; } else if (this.H == null) { throw new ArgumentException("Key must be specified in initial init"); } this.J0 = new byte[BlockSize]; if (nonce.Length == 12) { Array.Copy(nonce, 0, J0, 0, nonce.Length); this.J0[BlockSize - 1] = 0x01; } else { gHASH(J0, nonce, nonce.Length); byte[] X = new byte[BlockSize]; Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8); gHASHBlock(J0, X); } this.S = new byte[BlockSize]; this.S_at = new byte[BlockSize]; this.S_atPre = new byte[BlockSize]; this.atBlock = new byte[BlockSize]; this.atBlockPos = 0; this.atLength = 0; this.atLengthPre = 0; this.counter = Arrays.Clone(J0); this.bufOff = 0; this.totalLength = 0; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; macBlock = null; initialised = true; byte[] array = null; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; array = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int num = aeadParameters.MacSize; if (num < 32 || num > 128 || num % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + num); } macSize = num / 8; KeyParameter key = aeadParameters.Key; int num2 = forEncryption ? 16 : (16 + macSize); bufBlock = new byte[num2]; if (array == null || array.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (forEncryption && nonce != null && Arrays.AreEqual(nonce, array)) { if (key == null) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } if (lastKey != null && Arrays.AreEqual(lastKey, key.GetKey())) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } } nonce = array; if (key != null) { lastKey = key.GetKey(); } if (key != null) { cipher.Init(forEncryption: true, key); H = new byte[16]; cipher.ProcessBlock(H, 0, H, 0); multiplier.Init(H); exp = null; } else if (H == null) { throw new ArgumentException("Key must be specified in initial init"); } J0 = new byte[16]; if (nonce.Length == 12) { Array.Copy(nonce, 0, J0, 0, nonce.Length); J0[15] = 1; } else { gHASH(J0, nonce, nonce.Length); byte[] array2 = new byte[16]; Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array2, 8); gHASHBlock(J0, array2); } S = new byte[16]; S_at = new byte[16]; S_atPre = new byte[16]; atBlock = new byte[16]; atBlockPos = 0; atLength = 0uL; atLengthPre = 0uL; counter = Arrays.Clone(J0); blocksRemaining = 4294967294u; bufOff = 0; totalLength = 0uL; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } return; } throw new ArgumentException("invalid parameters passed to GCM"); }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; this.macSize = 16; // TODO Make configurable? this.macBlock = null; // TODO If macSize limitation is removed, be very careful about bufBlock int bufLength = forEncryption ? BlockSize : (BlockSize + macSize); this.bufBlock = new byte[bufLength]; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); A = param.GetAssociatedText(); // macSize = param.getMacSize() / 8; if (param.MacSize != 128) { // TODO Make configurable? throw new ArgumentException("only 128-bit MAC supported currently"); } keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); A = null; keyParam = (KeyParameter)param.Parameters; } else { throw new ArgumentException("invalid parameters passed to GCM"); } if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (A == null) { // Avoid lots of null checks A = new byte[0]; } // Cipher always used input forward mode cipher.Init(true, keyParam); // TODO This should be configurable by Init parameters // (but must be 16 if nonce length not 12) (BlockSize?) // this.tagLength = 16; byte[] h = new byte[BlockSize]; cipher.ProcessBlock(Zeroes, 0, h, 0); //trace("H: " + new string(Hex.encode(h))); this.H = new BigInteger(1, h); this.initS = gHASH(A, false); if (nonce.Length == 12) { this.J0 = new byte[16]; Array.Copy(nonce, 0, J0, 0, nonce.Length); this.J0[15] = 0x01; } else { BigInteger N = gHASH(nonce, true); BigInteger X = BigInteger.ValueOf(nonce.Length * 8); //trace("len({})||len(IV): " + dumpBigInt(X)); N = multiply(N.Xor(X), H); //trace("GHASH(H,{},IV): " + dumpBigInt(N)); this.J0 = asBlock(N); } this.S = initS; this.counter = Arrays.Clone(J0); //trace("Y" + yCount + ": " + new string(Hex.encode(counter))); this.bufOff = 0; this.totalLength = 0; }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { KeyParameter key; byte[] nonce; bool flag = this.forEncryption; this.forEncryption = forEncryption; this.macBlock = null; if (parameters is AeadParameters) { AeadParameters parameters2 = (AeadParameters)parameters; nonce = parameters2.GetNonce(); this.initialAssociatedText = parameters2.GetAssociatedText(); int macSize = parameters2.MacSize; if (((macSize < 0x40) || (macSize > 0x80)) || ((macSize % 8) != 0)) { throw new ArgumentException("Invalid value for MAC size: " + macSize); } this.macSize = macSize / 8; key = parameters2.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to OCB"); } ParametersWithIV hiv = (ParametersWithIV)parameters; nonce = hiv.GetIV(); this.initialAssociatedText = null; this.macSize = 0x10; key = (KeyParameter)hiv.Parameters; } this.hashBlock = new byte[0x10]; this.mainBlock = new byte[!forEncryption ? (0x10 + this.macSize) : 0x10]; if (nonce == null) { nonce = new byte[0]; } if (nonce.Length > 15) { throw new ArgumentException("IV must be no more than 15 bytes"); } if (key != null) { this.hashCipher.Init(true, key); this.mainCipher.Init(forEncryption, key); this.KtopInput = null; } else if (flag != forEncryption) { throw new ArgumentException("cannot change encrypting state without providing key."); } this.L_Asterisk = new byte[0x10]; this.hashCipher.ProcessBlock(this.L_Asterisk, 0, this.L_Asterisk, 0); this.L_Dollar = OCB_double(this.L_Asterisk); this.L = Platform.CreateArrayList(); this.L.Add(OCB_double(this.L_Dollar)); int num2 = this.ProcessNonce(nonce); int num3 = num2 % 8; int sourceIndex = num2 / 8; if (num3 == 0) { Array.Copy(this.Stretch, sourceIndex, this.OffsetMAIN_0, 0, 0x10); } else { for (int i = 0; i < 0x10; i++) { uint num6 = this.Stretch[sourceIndex]; uint num7 = this.Stretch[++sourceIndex]; this.OffsetMAIN_0[i] = (byte)((num6 << num3) | (num7 >> (8 - num3))); } } this.hashBlockPos = 0; this.mainBlockPos = 0; this.hashBlockCount = 0L; this.mainBlockCount = 0L; this.OffsetHASH = new byte[0x10]; this.Sum = new byte[0x10]; Array.Copy(this.OffsetMAIN_0, 0, this.OffsetMAIN, 0, 0x10); this.Checksum = new byte[0x10]; if (this.initialAssociatedText != null) { this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length); } }
/// <remarks> /// MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits. /// Sizes less than 96 are not recommended, but are supported for specialized applications. /// </remarks> public /*virtual*/ void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; //this.macBlock = null; if (this.macBlock != null) { Array.Clear(this.macBlock, 0, this.macBlock.Length); } this.initialised = true; KeyParameter keyParam; byte[] newNonce = null; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; newNonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); int macSizeBits = param.MacSize; if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; newNonce = param.GetIV(); initialAssociatedText = null; macSize = 16; keyParam = (KeyParameter)param.Parameters; } else { throw new ArgumentException("invalid parameters passed to GCM"); } this.bufLength = forEncryption ? BlockSize : (BlockSize + macSize); if (this.bufBlock == null || this.bufLength < this.bufBlock.Length) { BufferPool.Resize(ref this.bufBlock, this.bufLength, true, true); } if (newNonce == null || newNonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (forEncryption) { if (nonce != null && Arrays.AreEqual(nonce, newNonce)) { if (keyParam == null) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } if (lastKey != null && Arrays.AreEqual(lastKey, keyParam.GetKey())) { throw new ArgumentException("cannot reuse nonce for GCM encryption"); } } } nonce = newNonce; if (keyParam != null) { lastKey = keyParam.GetKey(); } // TODO Restrict macSize to 16 if nonce length not 12? // Cipher always used in forward mode // if keyParam is null we're reusing the last key. if (keyParam != null) { cipher.Init(true, keyParam); if (this.H == null) { this.H = new byte[BlockSize]; } else { Array.Clear(this.H, 0, BlockSize); } cipher.ProcessBlock(H, 0, H, 0); // if keyParam is null we're reusing the last key and the multiplier doesn't need re-init Tables8kGcmMultiplier_Init(H); exp = null; } else if (this.H == null) { throw new ArgumentException("Key must be specified in initial init"); } if (this.J0 == null) { this.J0 = new byte[BlockSize]; } else { Array.Clear(this.J0, 0, BlockSize); } if (nonce.Length == 12) { Array.Copy(nonce, 0, J0, 0, nonce.Length); this.J0[BlockSize - 1] = 0x01; } else { gHASH(J0, nonce, nonce.Length); byte[] X = BufferPool.Get(BlockSize, false); Pack.UInt64_To_BE((ulong)nonce.Length * 8UL, X, 8); gHASHBlock(J0, X); BufferPool.Release(X); } //BufferPool.Resize(ref this.S, BlockSize, false, true); //BufferPool.Resize(ref this.S_at, BlockSize, false, true); //BufferPool.Resize(ref this.S_atPre, BlockSize, false, true); //BufferPool.Resize(ref this.atBlock, BlockSize, false, true); if (this.S == null) { this.S = new byte[BlockSize]; } else { Array.Clear(this.S, 0, this.S.Length); } if (this.S_at == null) { this.S_at = new byte[BlockSize]; } else { Array.Clear(this.S_at, 0, this.S_at.Length); } if (this.S_atPre == null) { this.S_atPre = new byte[BlockSize]; } else { Array.Clear(this.S_atPre, 0, this.S_atPre.Length); } if (this.atBlock == null) { this.atBlock = new byte[BlockSize]; } else { Array.Clear(this.atBlock, 0, this.atBlock.Length); } this.atBlockPos = 0; this.atLength = 0; this.atLengthPre = 0; //this.counter = Arrays.Clone(J0); //BufferPool.Resize(ref this.counter, BlockSize, false, true); if (this.counter == null) { this.counter = new byte[BlockSize]; } else { Array.Clear(this.counter, 0, this.counter.Length); } Array.Copy(this.J0, 0, this.counter, 0, BlockSize); this.blocksRemaining = uint.MaxValue - 1; // page 8, len(P) <= 2^39 - 256, 1 block used by tag this.bufOff = 0; this.totalLength = 0; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { bool flag = this.forEncryption; this.forEncryption = forEncryption; macBlock = null; byte[] array; KeyParameter keyParameter; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; array = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int num = aeadParameters.MacSize; if (num < 64 || num > 128 || num % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + num); } macSize = num / 8; keyParameter = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to OCB"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; array = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter)parametersWithIV.Parameters; } hashBlock = new byte[16]; mainBlock = new byte[(!forEncryption) ? (16 + macSize) : 16]; if (array == null) { array = new byte[0]; } if (array.Length > 15) { throw new ArgumentException("IV must be no more than 15 bytes"); } if (keyParameter != null) { hashCipher.Init(forEncryption: true, keyParameter); mainCipher.Init(forEncryption, keyParameter); KtopInput = null; } else if (flag != forEncryption) { throw new ArgumentException("cannot change encrypting state without providing key."); } L_Asterisk = new byte[16]; hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0); L_Dollar = OCB_double(L_Asterisk); L = Platform.CreateArrayList(); L.Add(OCB_double(L_Dollar)); int num2 = ProcessNonce(array); int num3 = num2 % 8; int num4 = num2 / 8; if (num3 == 0) { Array.Copy(Stretch, num4, OffsetMAIN_0, 0, 16); } else { for (int i = 0; i < 16; i++) { uint num5 = Stretch[num4]; uint num6 = Stretch[++num4]; OffsetMAIN_0[i] = (byte)((num5 << num3) | (num6 >> 8 - num3)); } } hashBlockPos = 0; mainBlockPos = 0; hashBlockCount = 0L; mainBlockCount = 0L; OffsetHASH = new byte[16]; Sum = new byte[16]; Array.Copy(OffsetMAIN_0, 0, OffsetMAIN, 0, 16); Checksum = new byte[16]; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public virtual void Init( bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; this.macBlock = null; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; nonce = param.GetNonce(); A = param.GetAssociatedText(); int macSizeBits = param.MacSize; if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParam = param.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; nonce = param.GetIV(); A = null; macSize = 16; keyParam = (KeyParameter)param.Parameters; } else { throw new ArgumentException("invalid parameters passed to GCM"); } int bufLength = forEncryption ? BlockSize : (BlockSize + macSize); this.bufBlock = new byte[bufLength]; if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (A == null) { // Avoid lots of null checks A = new byte[0]; } // Cipher always used in forward mode cipher.Init(true, keyParam); // TODO This should be configurable by Init parameters // (but must be 16 if nonce length not 12) (BlockSize?) // this.tagLength = 16; this.H = new byte[BlockSize]; cipher.ProcessBlock(H, 0, H, 0); multiplier.Init(H); this.initS = gHASH(A); if (nonce.Length == 12) { this.J0 = new byte[16]; Array.Copy(nonce, 0, J0, 0, nonce.Length); this.J0[15] = 0x01; } else { this.J0 = gHASH(nonce); byte[] X = new byte[16]; packLength((ulong)nonce.Length * 8UL, X, 8); GcmUtilities.Xor(this.J0, X); multiplier.MultiplyH(this.J0); } this.S = Arrays.Clone(initS); this.counter = Arrays.Clone(J0); this.bufOff = 0; this.totalLength = 0; }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { KeyParameter initKeyParam; byte[] initNonce; ICipherParameters chacha20Params; if (parameters is AeadParameters) { AeadParameters aeadParams = (AeadParameters)parameters; int macSizeBits = aeadParams.MacSize; if ((MacSize * 8) != macSizeBits) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } initKeyParam = aeadParams.Key; initNonce = aeadParams.GetNonce(); chacha20Params = new ParametersWithIV(initKeyParam, initNonce); this.mInitialAad = aeadParams.GetAssociatedText(); } else if (parameters is ParametersWithIV) { ParametersWithIV ivParams = (ParametersWithIV)parameters; initKeyParam = (KeyParameter)ivParams.Parameters; initNonce = ivParams.GetIV(); chacha20Params = ivParams; this.mInitialAad = null; } else { throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305", "parameters"); } // Validate key if (null == initKeyParam) { if (State.Uninitialized == mState) { throw new ArgumentException("Key must be specified in initial init"); } } else { if (KeySize != initKeyParam.GetKey().Length) { throw new ArgumentException("Key must be 256 bits"); } } // Validate nonce if (null == initNonce || NonceSize != initNonce.Length) { throw new ArgumentException("Nonce must be 96 bits"); } // Check for encryption with reused nonce if (State.Uninitialized != mState && forEncryption && Arrays.AreEqual(mNonce, initNonce)) { if (null == initKeyParam || Arrays.AreEqual(mKey, initKeyParam.GetKey())) { throw new ArgumentException("cannot reuse nonce for ChaCha20Poly1305 encryption"); } } if (null != initKeyParam) { Array.Copy(initKeyParam.GetKey(), 0, mKey, 0, KeySize); } Array.Copy(initNonce, 0, mNonce, 0, NonceSize); mChacha20.Init(true, chacha20Params); this.mState = forEncryption ? State.EncInit : State.DecInit; Reset(true, false); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; this.macBlock = null; KeyParameter keyParameter; byte[] N; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; N = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int macSizeBits = aeadParameters.MacSize; if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParameter = aeadParameters.Key; } else if (parameters is ParametersWithIV) { ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; N = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter)parametersWithIV.Parameters; } else { throw new ArgumentException("invalid parameters passed to OCB"); } this.hashBlock = new byte[16]; this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)]; if (N == null) { N = new byte[0]; } if (N.Length > 15) { throw new ArgumentException("IV must be no more than 15 bytes"); } /* * KEY-DEPENDENT INITIALISATION */ // if keyParam is null we're reusing the last key. if (keyParameter != null) { // TODO } // hashCipher always used in forward mode hashCipher.Init(true, keyParameter); mainCipher.Init(forEncryption, keyParameter); this.L_Asterisk = new byte[16]; hashCipher.ProcessBlock(L_Asterisk, 0, L_Asterisk, 0); this.L_Dollar = OCB_double(L_Asterisk); this.L = Platform.CreateArrayList(); this.L.Add(OCB_double(L_Dollar)); /* * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION */ byte[] nonce = new byte[16]; Array.Copy(N, 0, nonce, nonce.Length - N.Length, N.Length); nonce[0] = (byte)(macSize << 4); nonce[15 - N.Length] |= 1; int bottom = nonce[15] & 0x3F; byte[] Ktop = new byte[16]; nonce[15] &= 0xC0; hashCipher.ProcessBlock(nonce, 0, Ktop, 0); byte[] Stretch = new byte[24]; Array.Copy(Ktop, 0, Stretch, 0, 16); for (int i = 0; i < 8; ++i) { Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]); } this.OffsetMAIN_0 = new byte[16]; int bits = bottom % 8, bytes = bottom / 8; if (bits == 0) { Array.Copy(Stretch, bytes, OffsetMAIN_0, 0, 16); } else { for (int i = 0; i < 16; ++i) { uint b1 = Stretch[bytes]; uint b2 = Stretch[++bytes]; this.OffsetMAIN_0[i] = (byte)((b1 << bits) | (b2 >> (8 - bits))); } } this.hashBlockPos = 0; this.mainBlockPos = 0; this.hashBlockCount = 0; this.mainBlockCount = 0; this.OffsetHASH = new byte[16]; this.Sum = new byte[16]; this.OffsetMAIN = Arrays.Clone(this.OffsetMAIN_0); this.Checksum = new byte[16]; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { KeyParameter key; this.forEncryption = forEncryption; this.macBlock = null; if (parameters is AeadParameters) { AeadParameters parameters2 = (AeadParameters)parameters; this.nonce = parameters2.GetNonce(); this.initialAssociatedText = parameters2.GetAssociatedText(); int macSize = parameters2.MacSize; if (((macSize < 0x20) || (macSize > 0x80)) || ((macSize % 8) != 0)) { throw new ArgumentException("Invalid value for MAC size: " + macSize); } this.macSize = macSize / 8; key = parameters2.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to GCM"); } ParametersWithIV hiv = (ParametersWithIV)parameters; this.nonce = hiv.GetIV(); this.initialAssociatedText = null; this.macSize = 0x10; key = (KeyParameter)hiv.Parameters; } int num2 = !forEncryption ? (0x10 + this.macSize) : 0x10; this.bufBlock = new byte[num2]; if ((this.nonce == null) || (this.nonce.Length < 1)) { throw new ArgumentException("IV must be at least 1 byte"); } if (key != null) { this.cipher.Init(true, key); this.H = new byte[0x10]; this.cipher.ProcessBlock(this.H, 0, this.H, 0); this.multiplier.Init(this.H); this.exp = null; } else if (this.H == null) { throw new ArgumentException("Key must be specified in initial init"); } this.J0 = new byte[0x10]; if (this.nonce.Length == 12) { Array.Copy(this.nonce, 0, this.J0, 0, this.nonce.Length); this.J0[15] = 1; } else { this.gHASH(this.J0, this.nonce, this.nonce.Length); byte[] bs = new byte[0x10]; Pack.UInt64_To_BE((ulong)(this.nonce.Length * 8L), bs, 8); this.gHASHBlock(this.J0, bs); } this.S = new byte[0x10]; this.S_at = new byte[0x10]; this.S_atPre = new byte[0x10]; this.atBlock = new byte[0x10]; this.atBlockPos = 0; this.atLength = 0L; this.atLengthPre = 0L; this.counter = Arrays.Clone(this.J0); this.blocksRemaining = 0xfffffffe; this.bufOff = 0; this.totalLength = 0L; if (this.initialAssociatedText != null) { this.ProcessAadBytes(this.initialAssociatedText, 0, this.initialAssociatedText.Length); } }
internal static AeadParameters ReuseKey(AeadParameters p) { return(new AeadParameters(null, p.MacSize, p.GetNonce(), p.GetAssociatedText())); }
public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; macBlock = null; KeyParameter keyParameter; if (parameters is AeadParameters) { AeadParameters aeadParameters = (AeadParameters)parameters; nonce = aeadParameters.GetNonce(); initialAssociatedText = aeadParameters.GetAssociatedText(); int num = aeadParameters.MacSize; if (num < 32 || num > 128 || num % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + num); } macSize = num / 8; keyParameter = aeadParameters.Key; } else { if (!(parameters is ParametersWithIV)) { throw new ArgumentException("invalid parameters passed to GCM"); } ParametersWithIV parametersWithIV = (ParametersWithIV)parameters; nonce = parametersWithIV.GetIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter)parametersWithIV.Parameters; } int num2 = (!forEncryption) ? (16 + macSize) : 16; bufBlock = new byte[num2]; if (nonce == null || nonce.Length < 1) { throw new ArgumentException("IV must be at least 1 byte"); } if (keyParameter != null) { cipher.Init(forEncryption: true, keyParameter); H = new byte[16]; cipher.ProcessBlock(H, 0, H, 0); multiplier.Init(H); exp = null; } else if (H == null) { throw new ArgumentException("Key must be specified in initial init"); } J0 = new byte[16]; if (nonce.Length == 12) { Array.Copy(nonce, 0, J0, 0, nonce.Length); J0[15] = 1; } else { gHASH(J0, nonce, nonce.Length); byte[] array = new byte[16]; Pack.UInt64_To_BE((ulong)((long)nonce.Length * 8L), array, 8); gHASHBlock(J0, array); } S = new byte[16]; S_at = new byte[16]; S_atPre = new byte[16]; atBlock = new byte[16]; atBlockPos = 0; atLength = 0uL; atLengthPre = 0uL; counter = Arrays.Clone(J0); bufOff = 0; totalLength = 0uL; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } }
public void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; KeyParameter engineParam; if (parameters is AeadParameters) { AeadParameters param = (AeadParameters)parameters; byte[] iv = param.GetNonce(); int diff = IV.Length - iv.Length; Array.Copy(iv, 0, IV, diff, iv.Length); Array.Clear(IV, 0, diff); initialAssociatedText = param.GetAssociatedText(); int macSizeBits = param.MacSize; if (macSizeBits < 64 || macSizeBits > cipher.GetBlockSize() * 8 || macSizeBits % 8 != 0) { throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; engineParam = param.Key; if (initialAssociatedText != null) { ProcessAadBytes(initialAssociatedText, 0, initialAssociatedText.Length); } } else if (parameters is ParametersWithIV) { ParametersWithIV param = (ParametersWithIV)parameters; byte[] iv = param.GetIV(); int diff = IV.Length - iv.Length; Array.Copy(iv, 0, IV, diff, iv.Length); Array.Clear(IV, 0, diff); initialAssociatedText = null; macSize = cipher.GetBlockSize(); engineParam = param.Parameters as KeyParameter; } else { throw new ArgumentException("invalid parameters passed to GCM"); } this.macBlock = new byte[cipher.GetBlockSize()]; ctrCipher.Init(true, new ParametersWithIV(engineParam, IV)); cipher.Init(true, engineParam); }