From c92ce7eb73aa2f26b40e338b03083444f1a5b2f4 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Thu, 14 Dec 2023 22:15:01 +0700 Subject: Refactoring in BcTlsSecret --- crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs | 143 +++++++++++++-------------- 1 file changed, 68 insertions(+), 75 deletions(-) (limited to 'crypto') diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs index fdd67fc71..c4538531d 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsSecret.cs @@ -98,126 +98,119 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return HkdfExpand(cryptoHashAlgorithm, info.AsSpan(), length); #else - lock (this) - { - if (length < 1) - return m_crypto.AdoptLocalSecret(TlsUtilities.EmptyBytes); + if (length < 1) + return m_crypto.AdoptLocalSecret(TlsUtilities.EmptyBytes); - int hashLen = TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm); - if (length > (255 * hashLen)) - throw new ArgumentException("must be <= 255 * (output size of 'hashAlgorithm')", "length"); + int hashLen = TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm); + if (length > (255 * hashLen)) + throw new ArgumentException("must be <= 255 * (output size of 'hashAlgorithm')", "length"); + HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); + + lock (this) + { CheckAlive(); byte[] prk = m_data; - HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); hmac.Init(new KeyParameter(prk)); + } + + byte[] okm = new byte[length]; - byte[] okm = new byte[length]; + byte[] t = new byte[hashLen]; + byte counter = 0x00; - byte[] t = new byte[hashLen]; - byte counter = 0x00; + int pos = 0; + for (;;) + { + hmac.BlockUpdate(info, 0, info.Length); + hmac.Update(++counter); + hmac.DoFinal(t, 0); - int pos = 0; - for (;;) + int remaining = length - pos; + if (remaining <= hashLen) { - hmac.BlockUpdate(info, 0, info.Length); - hmac.Update(++counter); - hmac.DoFinal(t, 0); - - int remaining = length - pos; - if (remaining <= hashLen) - { - Array.Copy(t, 0, okm, pos, remaining); - break; - } - - Array.Copy(t, 0, okm, pos, hashLen); - pos += hashLen; - hmac.BlockUpdate(t, 0, t.Length); + Array.Copy(t, 0, okm, pos, remaining); + break; } - return m_crypto.AdoptLocalSecret(okm); + Array.Copy(t, 0, okm, pos, hashLen); + pos += hashLen; + hmac.BlockUpdate(t, 0, t.Length); } + + return m_crypto.AdoptLocalSecret(okm); #endif } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public override TlsSecret HkdfExpand(int cryptoHashAlgorithm, ReadOnlySpan info, int length) { - lock (this) - { - if (length < 1) - return m_crypto.AdoptLocalSecret(TlsUtilities.EmptyBytes); + if (length < 1) + return m_crypto.AdoptLocalSecret(TlsUtilities.EmptyBytes); + + int hashLen = TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm); + if (length > (255 * hashLen)) + throw new ArgumentException("must be <= 255 * (output size of 'hashAlgorithm')", "length"); - int hashLen = TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm); - if (length > (255 * hashLen)) - throw new ArgumentException("must be <= 255 * (output size of 'hashAlgorithm')", "length"); + HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); + lock (this) + { CheckAlive(); ReadOnlySpan prk = m_data; - HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); hmac.Init(new KeyParameter(prk)); + } - byte[] okm = new byte[length]; + byte[] okm = new byte[length]; - Span t = hashLen <= 128 - ? stackalloc byte[hashLen] - : new byte[hashLen]; - byte counter = 0x00; + Span t = hashLen <= 128 + ? stackalloc byte[hashLen] + : new byte[hashLen]; + byte counter = 0x00; - int pos = 0; - for (;;) + int pos = 0; + for (;;) + { + hmac.BlockUpdate(info); + hmac.Update(++counter); + hmac.DoFinal(t); + + int remaining = length - pos; + if (remaining <= hashLen) { - hmac.BlockUpdate(info); - hmac.Update(++counter); - hmac.DoFinal(t); - - int remaining = length - pos; - if (remaining <= hashLen) - { - t[..remaining].CopyTo(okm.AsSpan(pos)); - break; - } - - t.CopyTo(okm.AsSpan(pos)); - pos += hashLen; - hmac.BlockUpdate(t); + t[..remaining].CopyTo(okm.AsSpan(pos)); + break; } - return m_crypto.AdoptLocalSecret(okm); + t.CopyTo(okm.AsSpan(pos)); + pos += hashLen; + hmac.BlockUpdate(t); } + + return m_crypto.AdoptLocalSecret(okm); } #endif public override TlsSecret HkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm) { - lock (this) - { - CheckAlive(); - - byte[] salt = m_data; - this.m_data = null; + byte[] salt = Extract(); - HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); - hmac.Init(new KeyParameter(salt)); + HMac hmac = new HMac(m_crypto.CreateDigest(cryptoHashAlgorithm)); + hmac.Init(new KeyParameter(salt)); - Convert(m_crypto, ikm).UpdateMac(hmac); + Convert(m_crypto, ikm).UpdateMac(hmac); - byte[] prk = new byte[hmac.GetMacSize()]; - hmac.DoFinal(prk, 0); + byte[] prk = new byte[hmac.GetMacSize()]; + hmac.DoFinal(prk, 0); - return m_crypto.AdoptLocalSecret(prk); - } + return m_crypto.AdoptLocalSecret(prk); } - protected override AbstractTlsCrypto Crypto - { - get { return m_crypto; } - } + protected override AbstractTlsCrypto Crypto => m_crypto; protected virtual void HmacHash(int cryptoHashAlgorithm, byte[] secret, int secretOff, int secretLen, byte[] seed, byte[] output) -- cgit 1.4.1