protected virtual KeyParameter InitRecordMac(ChaChaEngine cipher, bool forEncryption, long seqNo)
{
byte[] array = new byte[8];
TlsUtilities.WriteUint64(seqNo, array, 0);
cipher.Init(forEncryption, new ParametersWithIV(null, array));
byte[] array2 = new byte[64];
cipher.ProcessBytes(array2, 0, array2.Length, array2, 0);
Array.Copy(array2, 0, array2, 32, 16);
KeyParameter keyParameter = new KeyParameter(array2, 16, 32);
Poly1305KeyGenerator.Clamp(keyParameter.GetKey());
return(keyParameter);
}
protected virtual KeyParameter GenerateRecordMacKey(IStreamCipher cipher)
{
byte[] firstBlock = new byte[64];
cipher.ProcessBytes(firstBlock, 0, firstBlock.Length, firstBlock, 0);
// NOTE: The BC implementation puts 'r' after 'k'
Array.Copy(firstBlock, 0, firstBlock, 32, 16);
Poly1305KeyGenerator.Clamp(firstBlock, 16);
KeyParameter macKey = new KeyParameter(firstBlock, 16, 32);
Arrays.Fill(firstBlock, (byte)0);
return(macKey);
}
private void testKeyGenerator()
{
CipherKeyGenerator gen = new Poly1305KeyGenerator();
gen.Init(new KeyGenerationParameters(new SecureRandom(), 256));
byte[] k = gen.GenerateKey();
if (k.Length != 32)
{
Fail("Poly1305 key should be 256 bits.");
}
try
{
Poly1305KeyGenerator.CheckKey(k);
}
catch (ArgumentException)
{
Fail("Poly1305 key should be Clamped on generation.");
}
byte[] k2 = new byte[k.Length];
Array.Copy(k, 0, k2, 0, k2.Length);
Poly1305KeyGenerator.Clamp(k);
if (!Arrays.AreEqual(k, k2))
{
Fail("Poly1305 key should be Clamped on generation.");
}
/*
* try
* {
* k2[19] = (byte)0xff;
* Poly1305KeyGenerator.CheckKey(k2);
* Fail("UnClamped key should fail check.");
* }
* catch (ArgumentException)
* {
* // Expected
* }
*/
}