Initial Commit
This commit is contained in:
259
iTechSharp/srcbc/crypto/macs/ISO9797Alg3Mac.cs
Normal file
259
iTechSharp/srcbc/crypto/macs/ISO9797Alg3Mac.cs
Normal file
@@ -0,0 +1,259 @@
|
||||
using System;
|
||||
|
||||
using Org.BouncyCastle.Crypto.Engines;
|
||||
using Org.BouncyCastle.Crypto.Modes;
|
||||
using Org.BouncyCastle.Crypto.Paddings;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
|
||||
*
|
||||
* This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
|
||||
* class must be changed to protected
|
||||
*/
|
||||
public class ISO9797Alg3Mac : IMac
|
||||
{
|
||||
private byte[] mac;
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
private IBlockCipher cipher;
|
||||
private IBlockCipherPadding padding;
|
||||
private int macSize;
|
||||
private KeyParameter lastKey2;
|
||||
private KeyParameter lastKey3;
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code of the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation. This must
|
||||
* be DESEngine.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, cipher.GetBlockSize() * 8, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code of the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
IBlockCipherPadding padding)
|
||||
: this(cipher, cipher.GetBlockSize() * 8, padding)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits)
|
||||
: this(cipher, macSizeInBits, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
|
||||
* MAC generation. The final block is decrypted and then encrypted using the
|
||||
* middle and right part of the key.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits,
|
||||
IBlockCipherPadding padding)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
if (!(cipher is DesEngine))
|
||||
throw new ArgumentException("cipher must be instance of DesEngine");
|
||||
|
||||
this.cipher = new CbcBlockCipher(cipher);
|
||||
this.padding = padding;
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
mac = new byte[cipher.GetBlockSize()];
|
||||
buf = new byte[cipher.GetBlockSize()];
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "ISO9797Alg3"; }
|
||||
}
|
||||
|
||||
public void Init(
|
||||
ICipherParameters parameters)
|
||||
{
|
||||
Reset();
|
||||
|
||||
if (!(parameters is KeyParameter))
|
||||
throw new ArgumentException("parameters must be an instance of KeyParameter");
|
||||
|
||||
// KeyParameter must contain a double or triple length DES key,
|
||||
// however the underlying cipher is a single DES. The middle and
|
||||
// right key are used only in the final step.
|
||||
|
||||
KeyParameter kp = (KeyParameter)parameters;
|
||||
KeyParameter key1;
|
||||
byte[] keyvalue = kp.GetKey();
|
||||
|
||||
if (keyvalue.Length == 16)
|
||||
{ // Double length DES key
|
||||
key1 = new KeyParameter(keyvalue, 0, 8);
|
||||
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
|
||||
this.lastKey3 = key1;
|
||||
}
|
||||
else if (keyvalue.Length == 24)
|
||||
{ // Triple length DES key
|
||||
key1 = new KeyParameter(keyvalue, 0, 8);
|
||||
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
|
||||
this.lastKey3 = new KeyParameter(keyvalue, 16, 8);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("Key must be either 112 or 168 bit long");
|
||||
}
|
||||
|
||||
cipher.Init(true, key1);
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(
|
||||
byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(
|
||||
byte[] input,
|
||||
int inOff,
|
||||
int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
int resultLen = 0;
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, buf, bufOff, gapLen);
|
||||
|
||||
resultLen += cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
resultLen += cipher.ProcessBlock(input, inOff, mac, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
}
|
||||
|
||||
public int DoFinal(
|
||||
byte[] output,
|
||||
int outOff)
|
||||
{
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
|
||||
if (padding == null)
|
||||
{
|
||||
// pad with zeroes
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
padding.AddPadding(buf, bufOff);
|
||||
}
|
||||
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
// Added to code from base class
|
||||
DesEngine deseng = new DesEngine();
|
||||
|
||||
deseng.Init(false, this.lastKey2);
|
||||
deseng.ProcessBlock(mac, 0, mac, 0);
|
||||
|
||||
deseng.Init(true, this.lastKey3);
|
||||
deseng.ProcessBlock(mac, 0, mac, 0);
|
||||
// ****
|
||||
|
||||
Array.Copy(mac, 0, output, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
|
||||
// reset the underlying cipher.
|
||||
cipher.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user