1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
using System;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
{
/// <summary>HMAC implementation based on original internet draft for HMAC (RFC 2104).</summary>
/// <remarks>
/// The difference is that padding is concatenated versus XORed with the key, e.g:
/// <code>H(K + opad, H(K + ipad, text))</code>
/// </remarks>
internal class BcSsl3Hmac
: TlsHmac
{
private const byte IPAD_BYTE = (byte)0x36;
private const byte OPAD_BYTE = (byte)0x5C;
private static readonly byte[] IPAD = GenPad(IPAD_BYTE, 48);
private static readonly byte[] OPAD = GenPad(OPAD_BYTE, 48);
private readonly IDigest m_digest;
private readonly int m_padLength;
private byte[] m_secret;
/// <summary>Base constructor for one of the standard digest algorithms for which the byteLength is known.
/// </summary>
/// <remarks>
/// Behaviour is undefined for digests other than MD5 or SHA1.
/// </remarks>
/// <param name="digest">the digest.</param>
internal BcSsl3Hmac(IDigest digest)
{
this.m_digest = digest;
if (digest.GetDigestSize() == 20)
{
this.m_padLength = 40;
}
else
{
this.m_padLength = 48;
}
}
public virtual void SetKey(byte[] key, int keyOff, int keyLen)
{
this.m_secret = TlsUtilities.CopyOfRangeExact(key, keyOff, keyOff + keyLen);
Reset();
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
public void SetKey(ReadOnlySpan<byte> key)
{
this.m_secret = key.ToArray();
Reset();
}
#endif
public virtual void Update(byte[] input, int inOff, int len)
{
m_digest.BlockUpdate(input, inOff, len);
}
public virtual byte[] CalculateMac()
{
byte[] result = new byte[m_digest.GetDigestSize()];
DoFinal(result, 0);
return result;
}
public virtual void CalculateMac(byte[] output, int outOff)
{
DoFinal(output, outOff);
}
public virtual int InternalBlockSize
{
get { return m_digest.GetByteLength(); }
}
public virtual int MacLength
{
get { return m_digest.GetDigestSize(); }
}
/**
* Reset the mac generator.
*/
public virtual void Reset()
{
m_digest.Reset();
m_digest.BlockUpdate(m_secret, 0, m_secret.Length);
m_digest.BlockUpdate(IPAD, 0, m_padLength);
}
private void DoFinal(byte[] output, int outOff)
{
byte[] tmp = new byte[m_digest.GetDigestSize()];
m_digest.DoFinal(tmp, 0);
m_digest.BlockUpdate(m_secret, 0, m_secret.Length);
m_digest.BlockUpdate(OPAD, 0, m_padLength);
m_digest.BlockUpdate(tmp, 0, tmp.Length);
m_digest.DoFinal(output, outOff);
Reset();
}
private static byte[] GenPad(byte b, int count)
{
byte[] padding = new byte[count];
Arrays.Fill(padding, b);
return padding;
}
}
}
|