/// <summary>
/// Instance of AES with pre-defined key and IV.
/// </summary>
/// <param name="encoding"></param>
/// <param name="key"></param>
/// <param name="iv"></param>
public AES(Encoding encoding, byte[] key, byte[] iv)
{
this.encoding = encoding;
this.mode = new SicBlockCipher(new AesFastEngine());
this.key = key;
this.iv = iv;
}
private SicBlockCipher CreateDecryptor(string key)
{
SicBlockCipher decryptor = new SicBlockCipher(aes);
decryptor.Init(false, new ParametersWithIV(new KeyParameter(DecodeKey(key)), new byte[aes.GetBlockSize()]));
return decryptor;
}
/// <summary>
/// Generate a new key and IV.
/// </summary>
/// <param name="encoding"></param>
public AES(Encoding encoding)
{
this.mode = new SicBlockCipher(new AesFastEngine());
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
// Generate random key and IV
rngCsp.GetBytes(key);
rngCsp.GetBytes(iv);
this.encoding = encoding;
}
/// <summary>
/// Load the key and IV from a file.
/// </summary>
/// <param name="encoding"></param>
/// <param name="encryptionFile"></param>
public AES(Encoding encoding, string encryptionFile)
{
this.mode = new SicBlockCipher(new AesFastEngine());
byte[] combinedKey = new byte[32 * 2];
combinedKey = File.ReadAllBytes(encryptionFile);
combinedKey.Take(32).ToArray().CopyTo(key, 0);
combinedKey.Skip(32).Take(32).ToArray().CopyTo(iv, 0);
this.encoding = encoding;
}
public EaxBlockCipher(IBlockCipher cipher)
{
this.blockSize = cipher.GetBlockSize();
this.mac = new CMac(cipher);
this.macBlock = new byte[this.blockSize];
this.associatedTextMac = new byte[this.mac.GetMacSize()];
this.nonceMac = new byte[this.mac.GetMacSize()];
this.cipher = new SicBlockCipher(cipher);
}
public Packet MessageEncrypt(ICipherSetRemoteInfo remoteInfo, Packet inner)
{
CS1ARemoteInfo ri = (CS1ARemoteInfo)remoteInfo;
var agreedValue = ECDHAgree (ri.RemotePublicKey, ri.EphemeralKeys.PrivateKey);
// Hash the agreed key
var hashedValue = Helpers.SHA256Hash (Helpers.ToByteArray(agreedValue, 20));
// Fold to get the actual key for AES
byte[] aesKey = Helpers.Fold (hashedValue);
Random rnd = new Random ();
// Setup and encrypt the actual data
byte[] aesIV = new byte[16];
rnd.NextBytes (aesIV);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (aesKey), aesIV);
cipher.Init (true, parameters);
var encryptedInner = new byte[inner.FullPacket.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (inner.FullPacket, encryptedInner, 0);
bufferCipher.DoFinal (encryptedInner, offset);
// Construct the packet minus the hmac
Packet outPacket = new Packet ();
outPacket.Body = new byte[29 + encryptedInner.Length];
Buffer.BlockCopy (ri.EphemeralKeys.PublicKey, 0, outPacket.Body, 0, ri.EphemeralKeys.PublicKey.Length);
Buffer.BlockCopy (aesIV, 0, outPacket.Body, 21, 4);
Buffer.BlockCopy (encryptedInner, 0, outPacket.Body, 25, encryptedInner.Length);
// ECDH for the hmac key using
var idAgreedValue = ECDHAgree (ri.RemotePublicKey, Key.PrivateKey);
// Mash on the IV for the compound key
byte[] macKey = new byte[24];
byte[] idAgreedValueArray = Helpers.ToByteArray(idAgreedValue, 20);
Buffer.BlockCopy(idAgreedValueArray, 0, macKey, 0, idAgreedValueArray.Length);
Buffer.BlockCopy(aesIV, 0, macKey, idAgreedValueArray.Length, 4);
// Actually hmac all the data now
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (macKey, 0, 24));
hmac.BlockUpdate(outPacket.Body, 0, 25 + encryptedInner.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
// Fold it up, shove it in and we're done
var foldedMac = Helpers.Fold(mac, 3);
Buffer.BlockCopy(foldedMac, 0, outPacket.Body, 25 + encryptedInner.Length, foldedMac.Length);
return outPacket;
}
/**
* Constructor that accepts an instance of a block cipher engine.
*
* @param cipher the engine to use
*/
public EaxBlockCipher(
IBlockCipher cipher)
{
blockSize = cipher.GetBlockSize();
mac = new CMac(cipher);
macBlock = new byte[blockSize];
associatedTextMac = new byte[mac.GetMacSize()];
nonceMac = new byte[mac.GetMacSize()];
this.cipher = new SicBlockCipher(cipher);
}
/**
* Constructor that accepts an instance of a block cipher engine.
*
* @param cipher the engine to use
*/
public EaxBlockCipher(
IBlockCipher cipher)
{
blockSize = cipher.GetBlockSize();
mac = new CMac(cipher);
macBlock = new byte[blockSize];
bufBlock = new byte[blockSize * 2];
associatedTextMac = new byte[mac.GetMacSize()];
nonceMac = new byte[mac.GetMacSize()];
this.cipher = new SicBlockCipher(cipher);
}
public static IBufferedCipher GetCipher(
string algorithm)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
algorithm = Platform.ToUpperInvariant(algorithm);
{
string aliased = (string) algorithms[algorithm];
if (aliased != null)
algorithm = aliased;
}
IBasicAgreement iesAgreement = null;
if (algorithm == "IES")
{
iesAgreement = new DHBasicAgreement();
}
else if (algorithm == "ECIES")
{
iesAgreement = new ECDHBasicAgreement();
}
if (iesAgreement != null)
{
return new BufferedIesCipher(
new IesEngine(
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
}
if (algorithm.StartsWith("PBE"))
{
if (algorithm.EndsWith("-CBC"))
{
if (algorithm == "PBEWITHSHA1ANDDES-CBC")
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEngine()));
}
else if (algorithm == "PBEWITHSHA1ANDRC2-CBC")
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
else if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEdeEngine()));
}
else if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
}
else if (algorithm.EndsWith("-BC") || algorithm.EndsWith("-OPENSSL"))
{
if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND128BITAES-CBC-BC",
"PBEWITHSHAAND192BITAES-CBC-BC",
"PBEWITHSHAAND256BITAES-CBC-BC",
"PBEWITHSHA256AND128BITAES-CBC-BC",
"PBEWITHSHA256AND192BITAES-CBC-BC",
"PBEWITHSHA256AND256BITAES-CBC-BC",
"PBEWITHMD5AND128BITAES-CBC-OPENSSL",
"PBEWITHMD5AND192BITAES-CBC-OPENSSL",
"PBEWITHMD5AND256BITAES-CBC-OPENSSL"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new AesFastEngine()));
}
}
}
string[] parts = algorithm.Split('/');
IBlockCipher blockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IStreamCipher streamCipher = null;
string algorithmName = parts[0];
{
string aliased = (string)algorithms[algorithmName];
if (aliased != null)
algorithmName = aliased;
}
CipherAlgorithm cipherAlgorithm;
try
{
cipherAlgorithm = (CipherAlgorithm)Enums.GetEnumValue(typeof(CipherAlgorithm), algorithmName);
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
switch (cipherAlgorithm)
{
case CipherAlgorithm.AES:
blockCipher = new AesFastEngine();
break;
case CipherAlgorithm.ARC4:
streamCipher = new RC4Engine();
break;
case CipherAlgorithm.BLOWFISH:
blockCipher = new BlowfishEngine();
break;
case CipherAlgorithm.CAMELLIA:
blockCipher = new CamelliaEngine();
break;
case CipherAlgorithm.CAST5:
blockCipher = new Cast5Engine();
break;
case CipherAlgorithm.CAST6:
blockCipher = new Cast6Engine();
break;
case CipherAlgorithm.DES:
blockCipher = new DesEngine();
break;
case CipherAlgorithm.DESEDE:
blockCipher = new DesEdeEngine();
break;
case CipherAlgorithm.ELGAMAL:
asymBlockCipher = new ElGamalEngine();
break;
case CipherAlgorithm.GOST28147:
blockCipher = new Gost28147Engine();
break;
case CipherAlgorithm.HC128:
streamCipher = new HC128Engine();
break;
case CipherAlgorithm.HC256:
streamCipher = new HC256Engine();
break;
case CipherAlgorithm.IDEA:
blockCipher = new IdeaEngine();
break;
case CipherAlgorithm.NOEKEON:
blockCipher = new NoekeonEngine();
break;
case CipherAlgorithm.PBEWITHSHAAND128BITRC4:
case CipherAlgorithm.PBEWITHSHAAND40BITRC4:
streamCipher = new RC4Engine();
break;
case CipherAlgorithm.RC2:
blockCipher = new RC2Engine();
break;
case CipherAlgorithm.RC5:
blockCipher = new RC532Engine();
break;
case CipherAlgorithm.RC5_64:
blockCipher = new RC564Engine();
break;
case CipherAlgorithm.RC6:
blockCipher = new RC6Engine();
break;
case CipherAlgorithm.RIJNDAEL:
blockCipher = new RijndaelEngine();
break;
case CipherAlgorithm.RSA:
asymBlockCipher = new RsaBlindedEngine();
break;
case CipherAlgorithm.SALSA20:
streamCipher = new Salsa20Engine();
break;
case CipherAlgorithm.SEED:
blockCipher = new SeedEngine();
break;
case CipherAlgorithm.SERPENT:
blockCipher = new SerpentEngine();
break;
case CipherAlgorithm.SKIPJACK:
blockCipher = new SkipjackEngine();
break;
case CipherAlgorithm.TEA:
blockCipher = new TeaEngine();
break;
case CipherAlgorithm.TWOFISH:
blockCipher = new TwofishEngine();
break;
case CipherAlgorithm.VMPC:
streamCipher = new VmpcEngine();
break;
case CipherAlgorithm.VMPC_KSA3:
streamCipher = new VmpcKsa3Engine();
break;
case CipherAlgorithm.XTEA:
blockCipher = new XteaEngine();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
if (streamCipher != null)
{
if (parts.Length > 1)
throw new ArgumentException("Modes and paddings not used for stream ciphers");
return new BufferedStreamCipher(streamCipher);
}
bool cts = false;
bool padded = true;
IBlockCipherPadding padding = null;
IAeadBlockCipher aeadBlockCipher = null;
if (parts.Length > 2)
{
if (streamCipher != null)
throw new ArgumentException("Paddings not used for stream ciphers");
string paddingName = parts[2];
CipherPadding cipherPadding;
if (paddingName == "")
{
cipherPadding = CipherPadding.RAW;
}
else if (paddingName == "X9.23PADDING")
{
cipherPadding = CipherPadding.X923PADDING;
}
else
{
try
{
cipherPadding = (CipherPadding)Enums.GetEnumValue(typeof(CipherPadding), paddingName);
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
switch (cipherPadding)
{
case CipherPadding.NOPADDING:
padded = false;
break;
case CipherPadding.RAW:
break;
case CipherPadding.ISO10126PADDING:
case CipherPadding.ISO10126D2PADDING:
case CipherPadding.ISO10126_2PADDING:
padding = new ISO10126d2Padding();
break;
case CipherPadding.ISO7816_4PADDING:
case CipherPadding.ISO9797_1PADDING:
padding = new ISO7816d4Padding();
break;
case CipherPadding.ISO9796_1:
case CipherPadding.ISO9796_1PADDING:
asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
break;
case CipherPadding.OAEP:
case CipherPadding.OAEPPADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher);
break;
case CipherPadding.OAEPWITHMD5ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
break;
case CipherPadding.OAEPWITHSHA1ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_1ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
break;
case CipherPadding.OAEPWITHSHA224ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_224ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
break;
case CipherPadding.OAEPWITHSHA256ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_256ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
break;
case CipherPadding.OAEPWITHSHA384ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_384ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
break;
case CipherPadding.OAEPWITHSHA512ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_512ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
break;
case CipherPadding.PKCS1:
case CipherPadding.PKCS1PADDING:
asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
break;
case CipherPadding.PKCS5:
case CipherPadding.PKCS5PADDING:
case CipherPadding.PKCS7:
case CipherPadding.PKCS7PADDING:
padding = new Pkcs7Padding();
break;
case CipherPadding.TBCPADDING:
padding = new TbcPadding();
break;
case CipherPadding.WITHCTS:
cts = true;
break;
case CipherPadding.X923PADDING:
padding = new X923Padding();
break;
case CipherPadding.ZEROBYTEPADDING:
padding = new ZeroBytePadding();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
string mode = "";
if (parts.Length > 1)
{
mode = parts[1];
int di = GetDigitIndex(mode);
string modeName = di >= 0 ? mode.Substring(0, di) : mode;
try
{
CipherMode cipherMode = modeName == ""
? CipherMode.NONE
: (CipherMode)Enums.GetEnumValue(typeof(CipherMode), modeName);
switch (cipherMode)
{
case CipherMode.ECB:
case CipherMode.NONE:
break;
case CipherMode.CBC:
blockCipher = new CbcBlockCipher(blockCipher);
break;
case CipherMode.CCM:
aeadBlockCipher = new CcmBlockCipher(blockCipher);
break;
case CipherMode.CFB:
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new CfbBlockCipher(blockCipher, bits);
break;
}
case CipherMode.CTR:
blockCipher = new SicBlockCipher(blockCipher);
break;
case CipherMode.CTS:
cts = true;
blockCipher = new CbcBlockCipher(blockCipher);
break;
case CipherMode.EAX:
aeadBlockCipher = new EaxBlockCipher(blockCipher);
break;
case CipherMode.GCM:
aeadBlockCipher = new GcmBlockCipher(blockCipher);
break;
case CipherMode.GOFB:
blockCipher = new GOfbBlockCipher(blockCipher);
break;
case CipherMode.OCB:
aeadBlockCipher = new OcbBlockCipher(blockCipher, CreateBlockCipher(cipherAlgorithm));
break;
case CipherMode.OFB:
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new OfbBlockCipher(blockCipher, bits);
break;
}
case CipherMode.OPENPGPCFB:
blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
break;
case CipherMode.SIC:
if (blockCipher.GetBlockSize() < 16)
{
throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
}
blockCipher = new SicBlockCipher(blockCipher);
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
if (aeadBlockCipher != null)
{
if (cts)
throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
if (padded && parts.Length > 2 && parts[2] != "")
throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");
return new BufferedAeadBlockCipher(aeadBlockCipher);
}
if (blockCipher != null)
{
if (cts)
{
return new CtsBlockCipher(blockCipher);
}
if (padding != null)
{
return new PaddedBufferedBlockCipher(blockCipher, padding);
}
if (!padded || blockCipher.IsPartialBlockOkay)
{
return new BufferedBlockCipher(blockCipher);
}
return new PaddedBufferedBlockCipher(blockCipher);
}
if (asymBlockCipher != null)
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
/**
* Process a packet of data for either CCM decryption or encryption.
*
* @param in data for processing.
* @param inOff offset at which data starts in the input array.
* @param inLen length of the data in the input array.
* @param output output array.
* @param outOff offset into output array to start putting processed bytes.
* @return the number of bytes added to output.
* @throws IllegalStateException if the cipher is not appropriately set up.
* @throws InvalidCipherTextException if the input data is truncated or the mac check fails.
* @throws DataLengthException if output buffer too short.
*/
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int n = nonce.Length;
int q = 15 - n;
if (q < 4)
{
int limitLen = 1 << (8 * q);
if (inLen >= limitLen)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] iv = new byte[BlockSize];
iv[0] = (byte)((q - 1) & 0x7);
nonce.CopyTo(iv, 1);
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
int outputLen;
int inIndex = inOff;
int outIndex = outOff;
if (forEncryption)
{
outputLen = inLen + macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (inIndex < (inOff + inLen - BlockSize)) // S1...
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, inLen + inOff - inIndex);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, inLen + inOff - inIndex);
Array.Copy(macBlock, 0, output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
{
throw new InvalidCipherTextException("data too short");
}
outputLen = inLen - macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
Array.Copy(input, inOff + outputLen, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (inIndex < (inOff + outputLen - BlockSize))
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, outputLen - (inIndex - inOff));
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, outputLen - (inIndex - inOff));
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, outOff, outputLen, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(outputLen);
}
public static IBufferedCipher GetCipher(
string algorithm)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
algorithm = algorithm.ToUpper(CultureInfo.InvariantCulture);
string aliased = (string) algorithms[algorithm];
if (aliased != null)
algorithm = aliased;
IBasicAgreement iesAgreement = null;
if (algorithm == "IES")
{
iesAgreement = new DHBasicAgreement();
}
else if (algorithm == "ECIES")
{
iesAgreement = new ECDHBasicAgreement();
}
if (iesAgreement != null)
{
return new BufferedIesCipher(
new IesEngine(
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
}
if (algorithm.StartsWith("PBE"))
{
switch (algorithm)
{
case "PBEWITHSHAAND2-KEYTRIPLEDES-CBC":
case "PBEWITHSHAAND3-KEYTRIPLEDES-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEdeEngine()));
case "PBEWITHSHAAND128BITRC2-CBC":
case "PBEWITHSHAAND40BITRC2-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
case "PBEWITHSHAAND128BITAES-CBC-BC":
case "PBEWITHSHAAND192BITAES-CBC-BC":
case "PBEWITHSHAAND256BITAES-CBC-BC":
case "PBEWITHSHA256AND128BITAES-CBC-BC":
case "PBEWITHSHA256AND192BITAES-CBC-BC":
case "PBEWITHSHA256AND256BITAES-CBC-BC":
case "PBEWITHMD5AND128BITAES-CBC-OPENSSL":
case "PBEWITHMD5AND192BITAES-CBC-OPENSSL":
case "PBEWITHMD5AND256BITAES-CBC-OPENSSL":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new AesFastEngine()));
case "PBEWITHSHA1ANDDES-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEngine()));
case "PBEWITHSHA1ANDRC2-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
}
string[] parts = algorithm.Split('/');
IBlockCipher blockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IStreamCipher streamCipher = null;
switch (parts[0])
{
case "AES":
blockCipher = new AesFastEngine();
break;
case "ARC4":
streamCipher = new RC4Engine();
break;
case "BLOWFISH":
blockCipher = new BlowfishEngine();
break;
case "CAMELLIA":
blockCipher = new CamelliaEngine();
break;
case "CAST5":
blockCipher = new Cast5Engine();
break;
case "CAST6":
blockCipher = new Cast6Engine();
break;
case "DES":
blockCipher = new DesEngine();
break;
case "DESEDE":
blockCipher = new DesEdeEngine();
break;
case "ELGAMAL":
asymBlockCipher = new ElGamalEngine();
break;
case "GOST28147":
blockCipher = new Gost28147Engine();
break;
case "HC128":
streamCipher = new HC128Engine();
break;
case "HC256":
streamCipher = new HC256Engine();
break;
#if INCLUDE_IDEA
case "IDEA":
blockCipher = new IdeaEngine();
break;
#endif
case "NOEKEON":
blockCipher = new NoekeonEngine();
break;
case "PBEWITHSHAAND128BITRC4":
case "PBEWITHSHAAND40BITRC4":
streamCipher = new RC4Engine();
break;
case "RC2":
blockCipher = new RC2Engine();
break;
case "RC5":
blockCipher = new RC532Engine();
break;
case "RC5-64":
blockCipher = new RC564Engine();
break;
case "RC6":
blockCipher = new RC6Engine();
break;
case "RIJNDAEL":
blockCipher = new RijndaelEngine();
break;
case "RSA":
asymBlockCipher = new RsaBlindedEngine();
break;
case "SALSA20":
streamCipher = new Salsa20Engine();
break;
case "SEED":
blockCipher = new SeedEngine();
break;
case "SERPENT":
blockCipher = new SerpentEngine();
break;
case "SKIPJACK":
blockCipher = new SkipjackEngine();
break;
case "TEA":
blockCipher = new TeaEngine();
break;
case "TWOFISH":
blockCipher = new TwofishEngine();
break;
case "VMPC":
streamCipher = new VmpcEngine();
break;
case "VMPC-KSA3":
streamCipher = new VmpcKsa3Engine();
break;
case "XTEA":
blockCipher = new XteaEngine();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
if (streamCipher != null)
{
if (parts.Length > 1)
throw new ArgumentException("Modes and paddings not used for stream ciphers");
return new BufferedStreamCipher(streamCipher);
}
bool cts = false;
bool padded = true;
IBlockCipherPadding padding = null;
IAeadBlockCipher aeadBlockCipher = null;
if (parts.Length > 2)
{
if (streamCipher != null)
throw new ArgumentException("Paddings not used for stream ciphers");
switch (parts[2])
{
case "NOPADDING":
padded = false;
break;
case "":
case "RAW":
break;
case "ISO10126PADDING":
case "ISO10126D2PADDING":
case "ISO10126-2PADDING":
padding = new ISO10126d2Padding();
break;
case "ISO7816-4PADDING":
case "ISO9797-1PADDING":
padding = new ISO7816d4Padding();
break;
case "ISO9796-1":
case "ISO9796-1PADDING":
asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
break;
case "OAEP":
case "OAEPPADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher);
break;
case "OAEPWITHMD5ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
break;
case "OAEPWITHSHA1ANDMGF1PADDING":
case "OAEPWITHSHA-1ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
break;
case "OAEPWITHSHA224ANDMGF1PADDING":
case "OAEPWITHSHA-224ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
break;
case "OAEPWITHSHA256ANDMGF1PADDING":
case "OAEPWITHSHA-256ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
break;
case "OAEPWITHSHA384ANDMGF1PADDING":
case "OAEPWITHSHA-384ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
break;
case "OAEPWITHSHA512ANDMGF1PADDING":
case "OAEPWITHSHA-512ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
break;
case "PKCS1":
case "PKCS1PADDING":
asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
break;
case "PKCS5":
case "PKCS5PADDING":
case "PKCS7":
case "PKCS7PADDING":
padding = new Pkcs7Padding();
break;
case "TBCPADDING":
padding = new TbcPadding();
break;
case "WITHCTS":
cts = true;
break;
case "X9.23PADDING":
case "X923PADDING":
padding = new X923Padding();
break;
case "ZEROBYTEPADDING":
padding = new ZeroBytePadding();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
string mode = "";
if (parts.Length > 1)
{
mode = parts[1];
int di = GetDigitIndex(mode);
string modeName = di >= 0 ? mode.Substring(0, di) : mode;
switch (modeName)
{
case "":
case "ECB":
case "NONE":
break;
case "CBC":
blockCipher = new CbcBlockCipher(blockCipher);
break;
case "CCM":
aeadBlockCipher = new CcmBlockCipher(blockCipher);
break;
case "CFB":
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new CfbBlockCipher(blockCipher, bits);
break;
}
case "CTR":
blockCipher = new SicBlockCipher(blockCipher);
break;
case "CTS":
cts = true;
blockCipher = new CbcBlockCipher(blockCipher);
break;
case "EAX":
aeadBlockCipher = new EaxBlockCipher(blockCipher);
break;
case "GCM":
aeadBlockCipher = new GcmBlockCipher(blockCipher);
break;
case "GOFB":
blockCipher = new GOfbBlockCipher(blockCipher);
break;
case "OFB":
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new OfbBlockCipher(blockCipher, bits);
break;
}
case "OPENPGPCFB":
blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
break;
case "SIC":
if (blockCipher.GetBlockSize() < 16)
{
throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
}
blockCipher = new SicBlockCipher(blockCipher);
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
if (aeadBlockCipher != null)
{
if (cts)
throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
if (padded && parts.Length > 2 && parts[2] != "")
throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");
return new BufferedAeadBlockCipher(aeadBlockCipher);
}
if (blockCipher != null)
{
if (cts)
{
return new CtsBlockCipher(blockCipher);
}
if (padding != null)
{
return new PaddedBufferedBlockCipher(blockCipher, padding);
}
if (!padded || blockCipher.IsPartialBlockOkay)
{
return new BufferedBlockCipher(blockCipher);
}
return new PaddedBufferedBlockCipher(blockCipher);
}
if (asymBlockCipher != null)
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
public byte[] ProcessPacket(
byte[] input,
int inOff,
int inLen)
{
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[BlockSize];
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - BlockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - BlockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(output);
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
if (this.keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int num = this.nonce.Length;
int num2 = 15 - num;
if (num2 < 4)
{
int num3 = 1 << 8 * num2;
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[CcmBlockCipher.BlockSize];
array[0] = (byte)(num2 - 1 & 7);
this.nonce.CopyTo(array, 1);
IBlockCipher blockCipher = new SicBlockCipher(this.cipher);
blockCipher.Init(this.forEncryption, new ParametersWithIV(this.keyParam, array));
int i = inOff;
int num4 = outOff;
int num5;
if (this.forEncryption)
{
num5 = inLen + this.macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
this.calculateMac(input, inOff, inLen, this.macBlock);
blockCipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
while (i < inOff + inLen - CcmBlockCipher.BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += CcmBlockCipher.BlockSize;
i += CcmBlockCipher.BlockSize;
}
byte[] array2 = new byte[CcmBlockCipher.BlockSize];
Array.Copy(input, i, array2, 0, inLen + inOff - i);
blockCipher.ProcessBlock(array2, 0, array2, 0);
Array.Copy(array2, 0, output, num4, inLen + inOff - i);
Array.Copy(this.macBlock, 0, output, outOff + inLen, this.macSize);
}
else
{
if (inLen < this.macSize)
{
throw new InvalidCipherTextException("data too short");
}
num5 = inLen - this.macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
Array.Copy(input, inOff + num5, this.macBlock, 0, this.macSize);
blockCipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
for (int num6 = this.macSize; num6 != this.macBlock.Length; num6++)
{
this.macBlock[num6] = 0;
}
while (i < inOff + num5 - CcmBlockCipher.BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += CcmBlockCipher.BlockSize;
i += CcmBlockCipher.BlockSize;
}
byte[] array3 = new byte[CcmBlockCipher.BlockSize];
Array.Copy(input, i, array3, 0, num5 - (i - inOff));
blockCipher.ProcessBlock(array3, 0, array3, 0);
Array.Copy(array3, 0, output, num4, num5 - (i - inOff));
byte[] b = new byte[CcmBlockCipher.BlockSize];
this.calculateMac(output, outOff, num5, b);
if (!Arrays.ConstantTimeAreEqual(this.macBlock, b))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(num5);
}
public byte[] ProcessPacket(
byte[] input,
int inOff,
int inLen)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
throw new InvalidOperationException("CCM cipher unitialized.");
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[BlockSize];
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - BlockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - BlockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += BlockSize;
index += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
throw new InvalidCipherTextException("mac check in CCM failed");
}
return output;
}
private BufferedBlockCipher CreateScryptoEngine()
{
IBlockCipher engine;
switch (_MSec.Algorithm)
{
case ESec.SCRYPTO_AES:
engine = new AesEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_AESFAST:
engine = new AesFastEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_AESLIGHT:
engine = new AesLightEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_BLOWFISH:
engine = new BlowfishEngine();
_MSec.KeySize = 56;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_CAMELLIA:
engine = new CamelliaEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_CAMELLIALIGHT:
engine = new CamelliaLightEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_CAST5:
engine = new Cast5Engine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_CAST6:
engine = new Cast6Engine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_DES:
engine = new DesEngine();
_MSec.KeySize = 8;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_DESEDE:
engine = new DesEdeEngine();
_MSec.KeySize = 24;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_GOST28147:
engine = new Gost28147Engine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_NOEKEON:
engine = new NoekeonEngine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_NULL:
engine = new NullEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 16;
break;
case ESec.SCRYPTO_RC2:
engine = new RC2Engine();
_MSec.KeySize = 128;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_RC532:
engine = new RC532Engine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_RC564:
engine = new RC564Engine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_RC6:
engine = new RC6Engine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_RIJNDAEL:
engine = new RijndaelEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_SEED:
engine = new SeedEngine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_SERPENT:
engine = new SerpentEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_SKIPJACK:
engine = new SkipjackEngine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_TEA:
engine = new TeaEngine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_TWOFISH:
engine = new TwofishEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
case ESec.SCRYPTO_XTEA:
engine = new XteaEngine();
_MSec.KeySize = 16;
_MSec.IVSize = 0;
break;
default:
engine = new AesEngine();
_MSec.KeySize = 32;
_MSec.IVSize = 0;
break;
}
switch (_MSec.Mode)
{
case ESec.MODE_CBC:
engine = new CbcBlockCipher(engine);
break;
case ESec.MODE_CFB:
engine = new CfbBlockCipher(engine, 8);
break;
case ESec.MODE_GOFB:
engine = new GOfbBlockCipher(engine);
break;
case ESec.MODE_OFB:
engine = new OfbBlockCipher(engine, 8);
break;
case ESec.MODE_OPENPGPCFB:
engine = new OpenPgpCfbBlockCipher(engine);
break;
case ESec.MODE_SIC:
engine = new SicBlockCipher(engine);
break;
default:
engine = new CbcBlockCipher(engine);
break;
}
IBlockCipherPadding padding = null;
switch (_MSec.Padding)
{
case ESec.PADDING_ISO10126d2:
padding = new ISO10126d2Padding();
break;
case ESec.PADDING_ISO7816d4:
padding = new ISO7816d4Padding();
break;
case ESec.PADDING_PKCS7:
padding = new Pkcs7Padding();
break;
case ESec.PADDING_TBC:
padding = new TbcPadding();
break;
case ESec.PADDING_X923:
padding = new X923Padding();
break;
case ESec.PADDING_ZEROBYTE:
padding = new ZeroBytePadding();
break;
default:
padding = new Pkcs7Padding();
break;
}
return new PaddedBufferedBlockCipher(engine, padding);
}
/**
* Process a packet of data for either CCM decryption or encryption.
*
* @param in data for processing.
* @param inOff offset at which data starts in the input array.
* @param inLen length of the data in the input array.
* @param output output array.
* @param outOff offset into output array to start putting processed bytes.
* @return the number of bytes added to output.
* @throws IllegalStateException if the cipher is not appropriately set up.
* @throws InvalidCipherTextException if the input data is truncated or the mac check fails.
* @throws DataLengthException if output buffer too short.
*/
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
// TODO: handle null keyParam (e.g. via RepeatedKeySpec)
// Need to keep the CTR and CBC Mac parts around and reset
if (keyParam == null)
throw new InvalidOperationException("CCM cipher unitialized.");
int n = nonce.Length;
int q = 15 - n;
if (q < 4)
{
int limitLen = 1 << (8 * q);
if (inLen >= limitLen)
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
byte[] iv = new byte[BlockSize];
iv[0] = (byte)((q - 1) & 0x7);
nonce.CopyTo(iv, 1);
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
ctrCipher.Init(forEncryption, new ParametersWithIV(keyParam, iv));
int outputLen;
int inIndex = inOff;
int outIndex = outOff;
if (forEncryption)
{
outputLen = inLen + macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (inIndex < (inOff + inLen - BlockSize)) // S1...
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, inLen + inOff - inIndex);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, inLen + inOff - inIndex);
Array.Copy(macBlock, 0, output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
throw new InvalidCipherTextException("data too short");
outputLen = inLen - macSize;
Check.OutputLength(output, outOff, outputLen, "Output buffer too short.");
Array.Copy(input, inOff + outputLen, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (inIndex < (inOff + outputLen - BlockSize))
{
ctrCipher.ProcessBlock(input, inIndex, output, outIndex);
outIndex += BlockSize;
inIndex += BlockSize;
}
byte[] block = new byte[BlockSize];
Array.Copy(input, inIndex, block, 0, outputLen - (inIndex - inOff));
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outIndex, outputLen - (inIndex - inOff));
byte[] calculatedMacBlock = new byte[BlockSize];
calculateMac(output, outOff, outputLen, calculatedMacBlock);
if (!Arrays.ConstantTimeAreEqual(macBlock, calculatedMacBlock))
throw new InvalidCipherTextException("mac check in CCM failed");
}
return outputLen;
}
public Packet ChannelDecrypt(ICipherSetRemoteInfo channelInfo, Packet outer)
{
// We gotta have the primary components and something to decrypt
if (outer.Body.Length < 25) {
return null;
}
var ci = (CS1ARemoteInfo)channelInfo;
// Rip apart our packet
byte[] token = outer.Body.Take (16).ToArray ();
byte[] iv = outer.Body.Skip (16).Take (4).ToArray ();
byte[] encryptedData = outer.Body.Skip (20).Take (outer.Body.Length - 24).ToArray ();
byte[] dataMac = outer.Body.Skip (outer.Body.Length - 4).Take (4).ToArray ();
// Make sure we're on the right channel
if (!token.SequenceEqual (ci.Token)) {
return null;
}
// Validate us some hmac
byte[] hmacKey = new byte[20];
Buffer.BlockCopy (ci.DecryptionKey, 0, hmacKey, 0, 16);
Buffer.BlockCopy (iv, 0, hmacKey, 16, 4);
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (hmacKey));
hmac.BlockUpdate(encryptedData, 0, encryptedData.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
var foldedMac = Helpers.Fold (mac, 3);
if (!foldedMac.SequenceEqual (dataMac)) {
// Get out of here with your bad data
return null;
}
// Everything seems ok. Get it decrypted
byte[] aesIV = new byte[16];
Buffer.BlockCopy (iv, 0, aesIV, 0, 4);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (ci.DecryptionKey), aesIV);
cipher.Init (false, parameters);
var decryptedData = new byte[encryptedData.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (encryptedData, decryptedData, 0);
bufferCipher.DoFinal (decryptedData, offset);
// Build a packet and ship it off
return Packet.DecodePacket (decryptedData);
}
public Packet ChannelEncrypt(ICipherSetRemoteInfo channelInfo, Packet inner)
{
var ci = (CS1ARemoteInfo)channelInfo;
// TODO: Validate we don't care about endianess of IV here
// Setup and encrypt the actual data
byte[] aesIV = new byte[16];
Buffer.BlockCopy (BitConverter.GetBytes(ci.IV), 0, aesIV, 0, 4);
Array.Clear (aesIV, 4, 12);
var cipher = new SicBlockCipher (new AesFastEngine ());
var parameters = new ParametersWithIV (new KeyParameter (ci.EncryptionKey), aesIV);
cipher.Init (true, parameters);
var encryptedInner = new byte[inner.FullPacket.Length];
BufferedBlockCipher bufferCipher = new BufferedBlockCipher (cipher);
var offset = bufferCipher.ProcessBytes (inner.FullPacket, encryptedInner, 0);
bufferCipher.DoFinal (encryptedInner, offset);
// Hmac the output
byte[] hmacKey = new byte[20];
Buffer.BlockCopy (ci.EncryptionKey, 0, hmacKey, 0, 16);
Buffer.BlockCopy (BitConverter.GetBytes(ci.IV), 0, hmacKey, 16, 4);
var hmac = new HMac (new Sha256Digest ());
hmac.Init(new KeyParameter (hmacKey));
hmac.BlockUpdate(encryptedInner, 0, encryptedInner.Length);
byte[] mac = new byte[hmac.GetMacSize()];
hmac.DoFinal(mac, 0);
var foldedMac = Helpers.Fold (mac, 3);
// Create the outgoing packet
Packet outPacket = new Packet();
outPacket.Body = new byte[encryptedInner.Length + 24];
Buffer.BlockCopy(ci.Token, 0, outPacket.Body, 0, 16);
Buffer.BlockCopy(BitConverter.GetBytes(ci.IV), 0, outPacket.Body, 16, 4);
Buffer.BlockCopy(encryptedInner, 0, outPacket.Body, 20, encryptedInner.Length);
Buffer.BlockCopy(foldedMac, 0, outPacket.Body, outPacket.Body.Length - 4, 4);
// Next IV next packet
++ci.IV;
return outPacket;
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
int num4;
if (this.keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int length = this.nonce.Length;
int num2 = 15 - length;
if (num2 < 4)
{
int num3 = ((int)1) << (8 * num2);
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[BlockSize];
array[0] = (byte)((num2 - 1) & 7);
this.nonce.CopyTo(array, 1);
IBlockCipher cipher = new SicBlockCipher(this.cipher);
cipher.Init(this.forEncryption, new ParametersWithIV(this.keyParam, array));
int num5 = inOff;
int num6 = outOff;
if (this.forEncryption)
{
num4 = inLen + this.macSize;
Check.OutputLength(output, outOff, num4, "Output buffer too short.");
this.CalculateMac(input, inOff, inLen, this.macBlock);
byte[] outBuf = new byte[BlockSize];
cipher.ProcessBlock(this.macBlock, 0, outBuf, 0);
while (num5 < ((inOff + inLen) - BlockSize))
{
cipher.ProcessBlock(input, num5, output, num6);
num6 += BlockSize;
num5 += BlockSize;
}
byte[] buffer3 = new byte[BlockSize];
Array.Copy(input, num5, buffer3, 0, (inLen + inOff) - num5);
cipher.ProcessBlock(buffer3, 0, buffer3, 0);
Array.Copy(buffer3, 0, output, num6, (inLen + inOff) - num5);
Array.Copy(outBuf, 0, output, outOff + inLen, this.macSize);
return(num4);
}
if (inLen < this.macSize)
{
throw new InvalidCipherTextException("data too short");
}
num4 = inLen - this.macSize;
Check.OutputLength(output, outOff, num4, "Output buffer too short.");
Array.Copy(input, inOff + num4, this.macBlock, 0, this.macSize);
cipher.ProcessBlock(this.macBlock, 0, this.macBlock, 0);
for (int i = this.macSize; i != this.macBlock.Length; i++)
{
this.macBlock[i] = 0;
}
while (num5 < ((inOff + num4) - BlockSize))
{
cipher.ProcessBlock(input, num5, output, num6);
num6 += BlockSize;
num5 += BlockSize;
}
byte[] destinationArray = new byte[BlockSize];
Array.Copy(input, num5, destinationArray, 0, num4 - (num5 - inOff));
cipher.ProcessBlock(destinationArray, 0, destinationArray, 0);
Array.Copy(destinationArray, 0, output, num6, num4 - (num5 - inOff));
byte[] macBlock = new byte[BlockSize];
this.CalculateMac(output, outOff, num4, macBlock);
if (!Arrays.ConstantTimeAreEqual(this.macBlock, macBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
return(num4);
}
public byte[] ProcessPacket(byte[] input, int inOff, int inLen)
{
if (parameters == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
IBlockCipher ctrCipher = new SicBlockCipher(cipher);
byte[] iv = new byte[blockSize];
byte[] nonce = parameters.GetNonce();
int macSize = parameters.MacSize / 8;
byte[] output;
iv[0] = (byte)(((15 - nonce.Length) - 1) & 0x7);
Array.Copy(nonce, 0, iv, 1, nonce.Length);
ctrCipher.Init(forEncryption, new ParametersWithIV(parameters.Key, iv));
if (forEncryption)
{
int index = inOff;
int outOff = 0;
output = new byte[inLen + macSize];
calculateMac(input, inOff, inLen, macBlock);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0); // S0
while (index < inLen - blockSize) // S1...
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += blockSize;
index += blockSize;
}
byte[] block = new byte[blockSize];
Array.Copy(input, index, block, 0, inLen - index);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, inLen - index);
outOff += inLen - index;
Array.Copy(macBlock, 0, output, outOff, output.Length - outOff);
}
else
{
int index = inOff;
int outOff = 0;
output = new byte[inLen - macSize];
Array.Copy(input, inOff + inLen - macSize, macBlock, 0, macSize);
ctrCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int i = macSize; i != macBlock.Length; i++)
{
macBlock[i] = 0;
}
while (outOff < output.Length - blockSize)
{
ctrCipher.ProcessBlock(input, index, output, outOff);
outOff += blockSize;
index += blockSize;
}
byte[] block = new byte[blockSize];
Array.Copy(input, index, block, 0, output.Length - outOff);
ctrCipher.ProcessBlock(block, 0, block, 0);
Array.Copy(block, 0, output, outOff, output.Length - outOff);
byte[] calculatedMacBlock = new byte[blockSize];
calculateMac(output, 0, output.Length, calculatedMacBlock);
if (!areEqual(macBlock, calculatedMacBlock))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return output;
}
public virtual int ProcessPacket(byte[] input, int inOff, int inLen, byte[] output, int outOff)
{
//IL_000d: Unknown result type (might be due to invalid IL or missing references)
//IL_0037: Unknown result type (might be due to invalid IL or missing references)
if (keyParam == null)
{
throw new InvalidOperationException("CCM cipher unitialized.");
}
int num = nonce.Length;
int num2 = 15 - num;
if (num2 < 4)
{
int num3 = 1 << 8 * num2;
if (inLen >= num3)
{
throw new InvalidOperationException("CCM packet too large for choice of q.");
}
}
byte[] array = new byte[BlockSize];
array[0] = (byte)((uint)(num2 - 1) & 7u);
((global::System.Array)nonce).CopyTo((global::System.Array)array, 1);
IBlockCipher blockCipher = new SicBlockCipher(cipher);
blockCipher.Init(forEncryption, new ParametersWithIV(keyParam, array));
int i = inOff;
int num4 = outOff;
int num5;
if (forEncryption)
{
num5 = inLen + macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
CalculateMac(input, inOff, inLen, macBlock);
byte[] array2 = new byte[BlockSize];
blockCipher.ProcessBlock(macBlock, 0, array2, 0);
for (; i < inOff + inLen - BlockSize; i += BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += BlockSize;
}
byte[] array3 = new byte[BlockSize];
global::System.Array.Copy((global::System.Array)input, i, (global::System.Array)array3, 0, inLen + inOff - i);
blockCipher.ProcessBlock(array3, 0, array3, 0);
global::System.Array.Copy((global::System.Array)array3, 0, (global::System.Array)output, num4, inLen + inOff - i);
global::System.Array.Copy((global::System.Array)array2, 0, (global::System.Array)output, outOff + inLen, macSize);
}
else
{
if (inLen < macSize)
{
throw new InvalidCipherTextException("data too short");
}
num5 = inLen - macSize;
Check.OutputLength(output, outOff, num5, "Output buffer too short.");
global::System.Array.Copy((global::System.Array)input, inOff + num5, (global::System.Array)macBlock, 0, macSize);
blockCipher.ProcessBlock(macBlock, 0, macBlock, 0);
for (int j = macSize; j != macBlock.Length; j++)
{
macBlock[j] = 0;
}
for (; i < inOff + num5 - BlockSize; i += BlockSize)
{
blockCipher.ProcessBlock(input, i, output, num4);
num4 += BlockSize;
}
byte[] array4 = new byte[BlockSize];
global::System.Array.Copy((global::System.Array)input, i, (global::System.Array)array4, 0, num5 - (i - inOff));
blockCipher.ProcessBlock(array4, 0, array4, 0);
global::System.Array.Copy((global::System.Array)array4, 0, (global::System.Array)output, num4, num5 - (i - inOff));
byte[] b = new byte[BlockSize];
CalculateMac(output, outOff, num5, b);
if (!Arrays.ConstantTimeAreEqual(macBlock, b))
{
throw new InvalidCipherTextException("mac check in CCM failed");
}
}
return(num5);
}
