| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 |
- #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
- #pragma warning disable
- using System;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Math;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Security;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
- namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Signers
- {
- /**
- * A deterministic K calculator based on the algorithm in section 3.2 of RFC 6979.
- */
- public class HMacDsaKCalculator
- : IDsaKCalculator
- {
- private readonly HMac hMac;
- private readonly byte[] K;
- private readonly byte[] V;
- private BigInteger n;
- /**
- * Base constructor.
- *
- * @param digest digest to build the HMAC on.
- */
- public HMacDsaKCalculator(IDigest digest)
- {
- this.hMac = new HMac(digest);
- this.V = new byte[hMac.GetMacSize()];
- this.K = new byte[hMac.GetMacSize()];
- }
- public virtual bool IsDeterministic
- {
- get { return true; }
- }
- public virtual void Init(BigInteger n, SecureRandom random)
- {
- throw new InvalidOperationException("Operation not supported");
- }
- public void Init(BigInteger n, BigInteger d, byte[] message)
- {
- this.n = n;
- Arrays.Fill(V, (byte)0x01);
- Arrays.Fill(K, (byte)0);
- int size = BigIntegers.GetUnsignedByteLength(n);
- byte[] x = new byte[size];
- byte[] dVal = BigIntegers.AsUnsignedByteArray(d);
- Array.Copy(dVal, 0, x, x.Length - dVal.Length, dVal.Length);
- byte[] m = new byte[size];
- BigInteger mInt = BitsToInt(message);
- if (mInt.CompareTo(n) >= 0)
- {
- mInt = mInt.Subtract(n);
- }
- byte[] mVal = BigIntegers.AsUnsignedByteArray(mInt);
- Array.Copy(mVal, 0, m, m.Length - mVal.Length, mVal.Length);
- hMac.Init(new KeyParameter(K));
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.Update((byte)0x00);
- hMac.BlockUpdate(x, 0, x.Length);
- hMac.BlockUpdate(m, 0, m.Length);
- hMac.DoFinal(K, 0);
- hMac.Init(new KeyParameter(K));
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.DoFinal(V, 0);
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.Update((byte)0x01);
- hMac.BlockUpdate(x, 0, x.Length);
- hMac.BlockUpdate(m, 0, m.Length);
- hMac.DoFinal(K, 0);
- hMac.Init(new KeyParameter(K));
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.DoFinal(V, 0);
- }
- public virtual BigInteger NextK()
- {
- byte[] t = new byte[BigIntegers.GetUnsignedByteLength(n)];
- for (;;)
- {
- int tOff = 0;
- while (tOff < t.Length)
- {
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.DoFinal(V, 0);
- int len = System.Math.Min(t.Length - tOff, V.Length);
- Array.Copy(V, 0, t, tOff, len);
- tOff += len;
- }
- BigInteger k = BitsToInt(t);
- if (k.SignValue > 0 && k.CompareTo(n) < 0)
- {
- return k;
- }
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.Update((byte)0x00);
- hMac.DoFinal(K, 0);
- hMac.Init(new KeyParameter(K));
- hMac.BlockUpdate(V, 0, V.Length);
- hMac.DoFinal(V, 0);
- }
- }
- private BigInteger BitsToInt(byte[] t)
- {
- BigInteger v = new BigInteger(1, t);
- if (t.Length * 8 > n.BitLength)
- {
- v = v.ShiftRight(t.Length * 8 - n.BitLength);
- }
- return v;
- }
- }
- }
- #pragma warning restore
- #endif
|
