Página inicial Explorar Ajuda
Registrar Entrar
wartheking
/
WaterFlush
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 26b9e86ba4
Branches Tags
WaterFlush
/
Packages
/
com.tivadar.best.http
/
Runtime
/
3rdParty
/
BouncyCastle
/
crypto
/
generators
/
HKDFBytesGenerator.cs

HKDFBytesGenerator.cs 6.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
    2. 

  2. #pragma warning disable
    3. 

  3. using System;
    4. 

  4. 

  5. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs;
    6. 

  6. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
    7. 

  7. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
    8. 

  8. 

  9. namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Generators
    10. 

  10. {
    11. 

  11.     /**
    12. 

  12.      * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented
    13. 

  13.      * according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM
    14. 

  14.      * Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM
    15. 

  15.      * (output keying material) and is likely to have better security properties
    16. 

  16.      * than KDF's based on just a hash function.
    17. 

  17.      */
    18. 

  18.     public sealed class HkdfBytesGenerator
    19. 

  19.         : IDerivationFunction
    20. 

  20.     {
    21. 

  21.         private HMac hMacHash;
    22. 

  22.         private int hashLen;
    23. 

  23. 

  24.         private byte[] info;
    25. 

  25.         private byte[] currentT;
    26. 

  26. 

  27.         private int generatedBytes;
    28. 

  28. 

  29.         /**
    30. 

  30.          * Creates a HKDFBytesGenerator based on the given hash function.
    31. 

  31.          *
    32. 

  32.          * @param hash the digest to be used as the source of generatedBytes bytes
    33. 

  33.          */
    34. 

  34.         public HkdfBytesGenerator(IDigest hash)
    35. 

  35.         {
    36. 

  36.             this.hMacHash = new HMac(hash);
    37. 

  37.             this.hashLen = hash.GetDigestSize();
    38. 

  38.         }
    39. 

  39. 

  40.         public void Init(IDerivationParameters parameters)
    41. 

  41.         {
    42. 

  42.             if (!(parameters is HkdfParameters hkdfParameters))
    43. 

  43.                 throw new ArgumentException("HKDF parameters required for HkdfBytesGenerator", "parameters");
    44. 

  44. 

  45.             if (hkdfParameters.SkipExtract)
    46. 

  46.             {
    47. 

  47.                 // use IKM directly as PRK
    48. 

  48.                 hMacHash.Init(new KeyParameter(hkdfParameters.GetIkm()));
    49. 

  49.             }
    50. 

  50.             else
    51. 

  51.             {
    52. 

  52.                 hMacHash.Init(Extract(hkdfParameters.GetSalt(), hkdfParameters.GetIkm()));
    53. 

  53.             }
    54. 

  54. 

  55.             info = hkdfParameters.GetInfo();
    56. 

  56. 

  57.             generatedBytes = 0;
    58. 

  58.             currentT = new byte[hashLen];
    59. 

  59.         }
    60. 

  60. 

  61.         /**
    62. 

  62.          * Performs the extract part of the key derivation function.
    63. 

  63.          *
    64. 

  64.          * @param salt the salt to use
    65. 

  65.          * @param ikm  the input keying material
    66. 

  66.          * @return the PRK as KeyParameter
    67. 

  67.          */
    68. 

  68.         private KeyParameter Extract(byte[] salt, byte[] ikm)
    69. 

  69.         {
    70. 

  70.             if (salt == null)
    71. 

  71.             {
    72. 

  72.                 // TODO check if hashLen is indeed same as HMAC size
    73. 

  73.                 hMacHash.Init(new KeyParameter(new byte[hashLen]));
    74. 

  74.             }
    75. 

  75.             else
    76. 

  76.             {
    77. 

  77.                 hMacHash.Init(new KeyParameter(salt));
    78. 

  78.             }
    79. 

  79. 

  80.             hMacHash.BlockUpdate(ikm, 0, ikm.Length);
    81. 

  81. 

  82.             byte[] prk = new byte[hashLen];
    83. 

  83.             hMacHash.DoFinal(prk, 0);
    84. 

  84.             return new KeyParameter(prk);
    85. 

  85.         }
    86. 

  86. 

  87.         /**
    88. 

  88.          * Performs the expand part of the key derivation function, using currentT
    89. 

  89.          * as input and output buffer.
    90. 

  90.          *
    91. 

  91.          * @throws DataLengthException if the total number of bytes generated is larger than the one
    92. 

  92.          * specified by RFC 5869 (255 * HashLen)
    93. 

  93.          */
    94. 

  94.         private void ExpandNext()
    95. 

  95.         {
    96. 

  96.             int n = generatedBytes / hashLen + 1;
    97. 

  97.             if (n >= 256)
    98. 

  98.             {
    99. 

  99.                 throw new DataLengthException(
    100. 

  100.                     "HKDF cannot generate more than 255 blocks of HashLen size");
    101. 

  101.             }
    102. 

  102.             // special case for T(0): T(0) is empty, so no update
    103. 

  103.             if (generatedBytes != 0)
    104. 

  104.             {
    105. 

  105.                 hMacHash.BlockUpdate(currentT, 0, hashLen);
    106. 

  106.             }
    107. 

  107.             hMacHash.BlockUpdate(info, 0, info.Length);
    108. 

  108.             hMacHash.Update((byte)n);
    109. 

  109.             hMacHash.DoFinal(currentT, 0);
    110. 

  110.         }
    111. 

  111. 

  112.         public IDigest Digest => hMacHash.GetUnderlyingDigest();
    113. 

  113. 

  114.         public int GenerateBytes(byte[] output, int outOff, int length)
    115. 

  115.         {
    116. 

  116. #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
    117. 

  117.             return GenerateBytes(output.AsSpan(outOff, length));
    118. 

  118. #else
    119. 

  119.             if (generatedBytes > 255 * hashLen - length)
    120. 

  120.                 throw new DataLengthException("HKDF may only be used for 255 * HashLen bytes of output");
    121. 

  121. 

  122.             int toGenerate = length;
    123. 

  123.             int posInT = generatedBytes % hashLen;
    124. 

  124.             if (posInT != 0)
    125. 

  125.             {
    126. 

  126.                 // copy what is left in the currentT (1..hash
    127. 

  127.                 int toCopy = System.Math.Min(hashLen - posInT, toGenerate);
    128. 

  128.                 Array.Copy(currentT, posInT, output, outOff, toCopy);
    129. 

  129.                 generatedBytes += toCopy;
    130. 

  130.                 toGenerate -= toCopy;
    131. 

  131.                 outOff += toCopy;
    132. 

  132.             }
    133. 

  133. 

  134.             while (toGenerate > 0)
    135. 

  135.             {
    136. 

  136.                 ExpandNext();
    137. 

  137.                 int toCopy = System.Math.Min(hashLen, toGenerate);
    138. 

  138.                 Array.Copy(currentT, 0, output, outOff, toCopy);
    139. 

  139.                 generatedBytes += toCopy;
    140. 

  140.                 toGenerate -= toCopy;
    141. 

  141.                 outOff += toCopy;
    142. 

  142.             }
    143. 

  143. 

  144.             return length;
    145. 

  145. #endif
    146. 

  146.         }
    147. 

  147. 

  148. #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
    149. 

  149.         public int GenerateBytes(Span<byte> output)
    150. 

  150.         {
    151. 

  151.             int length = output.Length;
    152. 

  152.             if (generatedBytes > 255 * hashLen - length)
    153. 

  153.                 throw new DataLengthException("HKDF may only be used for 255 * HashLen bytes of output");
    154. 

  154. 

  155.             int posInT = generatedBytes % hashLen;
    156. 

  156.             if (posInT != 0)
    157. 

  157.             {
    158. 

  158.                 // copy what is left in the currentT (1..hash
    159. 

  159.                 int toCopy = System.Math.Min(hashLen - posInT, output.Length);
    160. 

  160.                 currentT.AsSpan(posInT, toCopy).CopyTo(output);
    161. 

  161.                 generatedBytes += toCopy;
    162. 

  162.                 output = output[toCopy..];
    163. 

  163.             }
    164. 

  164. 

  165.             while (!output.IsEmpty)
    166. 

  166.             {
    167. 

  167.                 ExpandNext();
    168. 

  168.                 int toCopy = System.Math.Min(hashLen, output.Length);
    169. 

  169.                 currentT.AsSpan(0, toCopy).CopyTo(output);
    170. 

  170.                 generatedBytes += toCopy;
    171. 

  171.                 output = output[toCopy..];
    172. 

  172.             }
    173. 

  173. 

  174.             return length;
    175. 

  175.         }
    176. 

  176. #endif
    177. 

  177.     }
    178. 

  178. }
    179. 

  179. #pragma warning restore
    180. 

  180. #endif
    181.