add all
This commit is contained in:
321
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs
vendored
Normal file
321
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs
vendored
Normal file
@@ -0,0 +1,321 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
|
||||
* <p>
|
||||
* CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
|
||||
* </p><p>
|
||||
* CMAC is a NIST recomendation - see
|
||||
* csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
|
||||
* </p><p>
|
||||
* CMAC/OMAC1 is a blockcipher-based message authentication code designed and
|
||||
* analyzed by Tetsu Iwata and Kaoru Kurosawa.
|
||||
* </p><p>
|
||||
* CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
|
||||
* Authentication Code). OMAC stands for One-Key CBC MAC.
|
||||
* </p><p>
|
||||
* It supports 128- or 64-bits block ciphers, with any key size, and returns
|
||||
* a MAC with dimension less or equal to the block size of the underlying
|
||||
* cipher.
|
||||
* </p>
|
||||
*/
|
||||
public class CMac
|
||||
: IMac
|
||||
{
|
||||
private const byte CONSTANT_128 = (byte)0x87;
|
||||
private const byte CONSTANT_64 = (byte)0x1b;
|
||||
|
||||
private byte[] ZEROES;
|
||||
|
||||
private byte[] mac;
|
||||
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
private IBlockCipherMode m_cipherMode;
|
||||
|
||||
private int macSize;
|
||||
|
||||
private byte[] L, Lu, Lu2;
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CBC block cipher (64 or 128 bit block).
|
||||
* This will produce an authentication code the length of the block size
|
||||
* of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
*/
|
||||
public CMac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, cipher.GetBlockSize() * 8)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits.
|
||||
* <p/>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128.
|
||||
*/
|
||||
public CMac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
if (macSizeInBits > (cipher.GetBlockSize() * 8))
|
||||
{
|
||||
throw new ArgumentException(
|
||||
"MAC size must be less or equal to "
|
||||
+ (cipher.GetBlockSize() * 8));
|
||||
}
|
||||
|
||||
if (cipher.GetBlockSize() != 8 && cipher.GetBlockSize() != 16)
|
||||
{
|
||||
throw new ArgumentException(
|
||||
"Block size must be either 64 or 128 bits");
|
||||
}
|
||||
|
||||
m_cipherMode = new CbcBlockCipher(cipher);
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
mac = new byte[cipher.GetBlockSize()];
|
||||
|
||||
buf = new byte[cipher.GetBlockSize()];
|
||||
|
||||
ZEROES = new byte[cipher.GetBlockSize()];
|
||||
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return m_cipherMode.AlgorithmName; }
|
||||
}
|
||||
|
||||
private static int ShiftLeft(byte[] block, byte[] output)
|
||||
{
|
||||
int i = block.Length;
|
||||
uint bit = 0;
|
||||
while (--i >= 0)
|
||||
{
|
||||
uint b = block[i];
|
||||
output[i] = (byte)((b << 1) | bit);
|
||||
bit = (b >> 7) & 1;
|
||||
}
|
||||
return (int)bit;
|
||||
}
|
||||
|
||||
private static byte[] DoubleLu(byte[] input)
|
||||
{
|
||||
byte[] ret = new byte[input.Length];
|
||||
int carry = ShiftLeft(input, ret);
|
||||
int xor = input.Length == 16 ? CONSTANT_128 : CONSTANT_64;
|
||||
|
||||
/*
|
||||
* NOTE: This construction is an attempt at a constant-time implementation.
|
||||
*/
|
||||
ret[input.Length - 1] ^= (byte)(xor >> ((1 - carry) << 3));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is KeyParameter)
|
||||
{
|
||||
m_cipherMode.Init(true, parameters);
|
||||
|
||||
//initializes the L, Lu, Lu2 numbers
|
||||
L = new byte[ZEROES.Length];
|
||||
m_cipherMode.ProcessBlock(ZEROES, 0, L, 0);
|
||||
Lu = DoubleLu(L);
|
||||
Lu2 = DoubleLu(Lu);
|
||||
}
|
||||
else if (parameters != null)
|
||||
{
|
||||
// CMAC mode does not permit IV to underlying CBC mode
|
||||
throw new ArgumentException("CMac mode only permits key to be set.", "parameters");
|
||||
}
|
||||
|
||||
Reset();
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] inBytes, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(inBytes.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(inBytes, inOff, buf, bufOff, gapLen);
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(inBytes, inOff, mac, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(inBytes, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, mac);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(input, mac);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] outBytes, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(outBytes.AsSpan(outOff));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
byte[] lu;
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
lu = Lu;
|
||||
}
|
||||
else
|
||||
{
|
||||
new ISO7816d4Padding().AddPadding(buf, bufOff);
|
||||
lu = Lu2;
|
||||
}
|
||||
|
||||
for (int i = 0; i < mac.Length; i++)
|
||||
{
|
||||
buf[i] ^= lu[i];
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
Array.Copy(mac, 0, outBytes, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
byte[] lu;
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
lu = Lu;
|
||||
}
|
||||
else
|
||||
{
|
||||
new ISO7816d4Padding().AddPadding(buf, bufOff);
|
||||
lu = Lu2;
|
||||
}
|
||||
|
||||
for (int i = 0; i < mac.Length; i++)
|
||||
{
|
||||
buf[i] ^= lu[i];
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, mac);
|
||||
|
||||
mac.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
/*
|
||||
* clean the buffer.
|
||||
*/
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
|
||||
/*
|
||||
* Reset the underlying cipher.
|
||||
*/
|
||||
m_cipherMode.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 6692aa87b4c10614fa5f308823ecf817
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
276
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CbcBlockCipherMac.cs
vendored
Normal file
276
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CbcBlockCipherMac.cs
vendored
Normal file
@@ -0,0 +1,276 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* standard CBC Block Cipher MAC - if no padding is specified the default of
|
||||
* pad of zeroes is used.
|
||||
*/
|
||||
public class CbcBlockCipherMac
|
||||
: IMac
|
||||
{
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
private IBlockCipherMode m_cipherMode;
|
||||
private IBlockCipherPadding padding;
|
||||
private int macSize;
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code half the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
*/
|
||||
public CbcBlockCipherMac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, (cipher.GetBlockSize() * 8) / 2, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code half the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public CbcBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
IBlockCipherPadding padding)
|
||||
: this(cipher, (cipher.GetBlockSize() * 8) / 2, padding)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses CBC mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
*/
|
||||
public CbcBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits)
|
||||
: this(cipher, macSizeInBits, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses CBC mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public CbcBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits,
|
||||
IBlockCipherPadding padding)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
this.m_cipherMode = new CbcBlockCipher(cipher);
|
||||
this.padding = padding;
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
buf = new byte[cipher.GetBlockSize()];
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return m_cipherMode.AlgorithmName; }
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
Reset();
|
||||
|
||||
m_cipherMode.Init(true, parameters);
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(buf, 0, buf, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, buf, bufOff, gapLen);
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, buf, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(input, inOff, buf, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, buf);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(input, buf);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
if (padding == null)
|
||||
{
|
||||
// pad with zeroes
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(buf, 0, buf, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
padding.AddPadding(buf, bufOff);
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, buf, 0);
|
||||
|
||||
Array.Copy(buf, 0, output, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
if (padding == null)
|
||||
{
|
||||
// pad with zeroes
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(buf, buf);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
padding.AddPadding(buf, bufOff);
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, buf);
|
||||
|
||||
buf.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
// Clear the buffer.
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
|
||||
// Reset the underlying cipher.
|
||||
m_cipherMode.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 19806d27dc742d54da8db87992df211b
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
434
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CfbBlockCipherMac.cs
vendored
Normal file
434
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CfbBlockCipherMac.cs
vendored
Normal file
@@ -0,0 +1,434 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
|
||||
*/
|
||||
internal class MacCfbBlockCipher
|
||||
: IBlockCipherMode
|
||||
{
|
||||
private byte[] IV;
|
||||
private byte[] cfbV;
|
||||
private byte[] cfbOutV;
|
||||
|
||||
private readonly int blockSize;
|
||||
private readonly IBlockCipher cipher;
|
||||
|
||||
/**
|
||||
* Basic constructor.
|
||||
*
|
||||
* @param cipher the block cipher to be used as the basis of the
|
||||
* feedback mode.
|
||||
* @param blockSize the block size in bits (note: a multiple of 8)
|
||||
*/
|
||||
public MacCfbBlockCipher(
|
||||
IBlockCipher cipher,
|
||||
int bitBlockSize)
|
||||
{
|
||||
this.cipher = cipher;
|
||||
this.blockSize = bitBlockSize / 8;
|
||||
|
||||
this.IV = new byte[cipher.GetBlockSize()];
|
||||
this.cfbV = new byte[cipher.GetBlockSize()];
|
||||
this.cfbOutV = new byte[cipher.GetBlockSize()];
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialise the cipher and, possibly, the initialisation vector (IV).
|
||||
* If an IV isn't passed as part of the parameter, the IV will be all zeros.
|
||||
* An IV which is too short is handled in FIPS compliant fashion.
|
||||
*
|
||||
* @param param the key and other data required by the cipher.
|
||||
* @exception ArgumentException if the parameters argument is
|
||||
* inappropriate.
|
||||
*/
|
||||
public void Init(bool forEncryption, ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is ParametersWithIV ivParam)
|
||||
{
|
||||
byte[] iv = ivParam.GetIV();
|
||||
|
||||
if (iv.Length < IV.Length)
|
||||
{
|
||||
Array.Copy(iv, 0, IV, IV.Length - iv.Length, iv.Length);
|
||||
}
|
||||
else
|
||||
{
|
||||
Array.Copy(iv, 0, IV, 0, IV.Length);
|
||||
}
|
||||
|
||||
parameters = ivParam.Parameters;
|
||||
}
|
||||
|
||||
Reset();
|
||||
|
||||
cipher.Init(true, parameters);
|
||||
}
|
||||
|
||||
/**
|
||||
* return the algorithm name and mode.
|
||||
*
|
||||
* @return the name of the underlying algorithm followed by "/CFB"
|
||||
* and the block size in bits.
|
||||
*/
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return cipher.AlgorithmName + "/CFB" + (blockSize * 8); }
|
||||
}
|
||||
|
||||
public IBlockCipher UnderlyingCipher => cipher;
|
||||
|
||||
public bool IsPartialBlockOkay
|
||||
{
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
/**
|
||||
* return the block size we are operating at.
|
||||
*
|
||||
* @return the block size we are operating at (in bytes).
|
||||
*/
|
||||
public int GetBlockSize()
|
||||
{
|
||||
return blockSize;
|
||||
}
|
||||
|
||||
public int ProcessBlock(byte[] input, int inOff, byte[] outBytes, int outOff)
|
||||
{
|
||||
Check.DataLength(input, inOff, blockSize, "input buffer too short");
|
||||
Check.OutputLength(outBytes, outOff, blockSize, "output buffer too short");
|
||||
|
||||
cipher.ProcessBlock(cfbV, 0, cfbOutV, 0);
|
||||
|
||||
//
|
||||
// XOR the cfbV with the plaintext producing the cipher text
|
||||
//
|
||||
for (int i = 0; i < blockSize; i++)
|
||||
{
|
||||
outBytes[outOff + i] = (byte)(cfbOutV[i] ^ input[inOff + i]);
|
||||
}
|
||||
|
||||
//
|
||||
// change over the input block.
|
||||
//
|
||||
Array.Copy(cfbV, blockSize, cfbV, 0, cfbV.Length - blockSize);
|
||||
Array.Copy(outBytes, outOff, cfbV, cfbV.Length - blockSize, blockSize);
|
||||
|
||||
return blockSize;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int ProcessBlock(ReadOnlySpan<byte> input, Span<byte> output)
|
||||
{
|
||||
Check.DataLength(input, blockSize, "input buffer too short");
|
||||
Check.OutputLength(output, blockSize, "output buffer too short");
|
||||
|
||||
cipher.ProcessBlock(cfbV, cfbOutV);
|
||||
|
||||
//
|
||||
// XOR the cfbV with the plaintext producing the cipher text
|
||||
//
|
||||
for (int i = 0; i < blockSize; i++)
|
||||
{
|
||||
output[i] = (byte)(cfbOutV[i] ^ input[i]);
|
||||
}
|
||||
|
||||
//
|
||||
// change over the input block.
|
||||
//
|
||||
Array.Copy(cfbV, blockSize, cfbV, 0, cfbV.Length - blockSize);
|
||||
output[..blockSize].CopyTo(cfbV.AsSpan(cfbV.Length - blockSize));
|
||||
|
||||
return blockSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* reset the chaining vector back to the IV and reset the underlying
|
||||
* cipher.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
IV.CopyTo(cfbV, 0);
|
||||
}
|
||||
|
||||
public void GetMacBlock(
|
||||
byte[] mac)
|
||||
{
|
||||
cipher.ProcessBlock(cfbV, 0, mac, 0);
|
||||
}
|
||||
}
|
||||
|
||||
public class CfbBlockCipherMac
|
||||
: IMac
|
||||
{
|
||||
private byte[] mac;
|
||||
private byte[] Buffer;
|
||||
private int bufOff;
|
||||
private MacCfbBlockCipher cipher;
|
||||
private IBlockCipherPadding padding;
|
||||
private int macSize;
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CFB block cipher. This will produce an
|
||||
* authentication code half the length of the block size of the cipher, with
|
||||
* the CFB mode set to 8 bits.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
*/
|
||||
public CfbBlockCipherMac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, 8, (cipher.GetBlockSize() * 8) / 2, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CFB block cipher. This will produce an
|
||||
* authentication code half the length of the block size of the cipher, with
|
||||
* the CFB mode set to 8 bits.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param padding the padding to be used.
|
||||
*/
|
||||
public CfbBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
IBlockCipherPadding padding)
|
||||
: this(cipher, 8, (cipher.GetBlockSize() * 8) / 2, padding)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses CFB mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param cfbBitSize the size of an output block produced by the CFB mode.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
*/
|
||||
public CfbBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
int cfbBitSize,
|
||||
int macSizeInBits)
|
||||
: this(cipher, cfbBitSize, macSizeInBits, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses CFB mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param cfbBitSize the size of an output block produced by the CFB mode.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
* @param padding a padding to be used.
|
||||
*/
|
||||
public CfbBlockCipherMac(
|
||||
IBlockCipher cipher,
|
||||
int cfbBitSize,
|
||||
int macSizeInBits,
|
||||
IBlockCipherPadding padding)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
mac = new byte[cipher.GetBlockSize()];
|
||||
|
||||
this.cipher = new MacCfbBlockCipher(cipher, cfbBitSize);
|
||||
this.padding = padding;
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
Buffer = new byte[this.cipher.GetBlockSize()];
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return cipher.AlgorithmName; }
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
Reset();
|
||||
|
||||
cipher.Init(true, parameters);
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == Buffer.Length)
|
||||
{
|
||||
cipher.ProcessBlock(Buffer, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
Buffer[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
int resultLen = 0;
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, Buffer, bufOff, gapLen);
|
||||
|
||||
resultLen += cipher.ProcessBlock(Buffer, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
resultLen += cipher.ProcessBlock(input, inOff, mac, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, Buffer, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
int resultLen = 0;
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(Buffer.AsSpan(bufOff));
|
||||
|
||||
resultLen += cipher.ProcessBlock(Buffer, mac);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
resultLen += cipher.ProcessBlock(input, mac);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(Buffer.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
|
||||
// pad with zeroes
|
||||
if (this.padding == null)
|
||||
{
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
Buffer[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
padding.AddPadding(Buffer, bufOff);
|
||||
}
|
||||
|
||||
cipher.ProcessBlock(Buffer, 0, mac, 0);
|
||||
|
||||
cipher.GetMacBlock(mac);
|
||||
|
||||
Array.Copy(mac, 0, output, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
|
||||
// pad with zeroes
|
||||
if (this.padding == null)
|
||||
{
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
Buffer[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
padding.AddPadding(Buffer, bufOff);
|
||||
}
|
||||
|
||||
cipher.ProcessBlock(Buffer, 0, mac, 0);
|
||||
|
||||
cipher.GetMacBlock(mac);
|
||||
|
||||
mac.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
// Clear the buffer.
|
||||
Array.Clear(Buffer, 0, Buffer.Length);
|
||||
bufOff = 0;
|
||||
|
||||
// Reset the underlying cipher.
|
||||
cipher.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: eda695edc8c92264c99fbb1a922d249b
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
176
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7564Mac.cs
vendored
Normal file
176
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7564Mac.cs
vendored
Normal file
@@ -0,0 +1,176 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/// <summary>
|
||||
/// Implementation of DSTU7564 mac mode
|
||||
/// </summary>
|
||||
public class Dstu7564Mac
|
||||
: IMac
|
||||
{
|
||||
private Dstu7564Digest engine;
|
||||
private int macSize;
|
||||
|
||||
private ulong inputLength;
|
||||
|
||||
byte[] paddedKey;
|
||||
byte[] invertedKey;
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "DSTU7564Mac"; }
|
||||
}
|
||||
|
||||
public Dstu7564Mac(int macSizeBits)
|
||||
{
|
||||
engine = new Dstu7564Digest(macSizeBits);
|
||||
macSize = macSizeBits / 8;
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is KeyParameter)
|
||||
{
|
||||
byte[] key = ((KeyParameter)parameters).GetKey();
|
||||
|
||||
invertedKey = new byte[key.Length];
|
||||
|
||||
paddedKey = PadKey(key);
|
||||
|
||||
for (int byteIndex = 0; byteIndex < invertedKey.Length; byteIndex++)
|
||||
{
|
||||
invertedKey[byteIndex] = (byte)(key[byteIndex] ^ (byte)0xFF);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("Bad parameter passed");
|
||||
}
|
||||
|
||||
engine.BlockUpdate(paddedKey, 0, paddedKey.Length);
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
Check.DataLength(input, inOff, len, "input buffer too short");
|
||||
|
||||
if (paddedKey == null)
|
||||
throw new InvalidOperationException(AlgorithmName + " not initialised");
|
||||
|
||||
engine.BlockUpdate(input, inOff, len);
|
||||
inputLength += (ulong)len;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
if (paddedKey == null)
|
||||
throw new InvalidOperationException(AlgorithmName + " not initialised");
|
||||
|
||||
engine.BlockUpdate(input);
|
||||
inputLength += (ulong)input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
engine.Update(input);
|
||||
inputLength++;
|
||||
}
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
if (paddedKey == null)
|
||||
throw new InvalidOperationException(AlgorithmName + " not initialised");
|
||||
|
||||
Check.OutputLength(output, outOff, macSize, "output buffer too short");
|
||||
|
||||
Pad();
|
||||
|
||||
engine.BlockUpdate(invertedKey, 0, invertedKey.Length);
|
||||
|
||||
inputLength = 0;
|
||||
|
||||
return engine.DoFinal(output, outOff);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
if (paddedKey == null)
|
||||
throw new InvalidOperationException(AlgorithmName + " not initialised");
|
||||
|
||||
Check.OutputLength(output, macSize, "output buffer too short");
|
||||
|
||||
Pad();
|
||||
|
||||
engine.BlockUpdate(invertedKey);
|
||||
|
||||
inputLength = 0;
|
||||
|
||||
return engine.DoFinal(output);
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
inputLength = 0;
|
||||
engine.Reset();
|
||||
if (paddedKey != null)
|
||||
{
|
||||
engine.BlockUpdate(paddedKey, 0, paddedKey.Length);
|
||||
}
|
||||
}
|
||||
|
||||
private void Pad()
|
||||
{
|
||||
int extra = engine.GetByteLength() - (int)(inputLength % (ulong)engine.GetByteLength());
|
||||
if (extra < 13) // terminator byte + 96 bits of length
|
||||
{
|
||||
extra += engine.GetByteLength();
|
||||
}
|
||||
|
||||
byte[] padded = new byte[extra];
|
||||
|
||||
padded[0] = (byte)0x80; // Defined in standard;
|
||||
|
||||
// Defined in standard;
|
||||
Pack.UInt64_To_LE(inputLength * 8, padded, padded.Length - 12);
|
||||
|
||||
engine.BlockUpdate(padded, 0, padded.Length);
|
||||
}
|
||||
|
||||
private byte[] PadKey(byte[] input)
|
||||
{
|
||||
int paddedLen = ((input.Length + engine.GetByteLength() - 1) / engine.GetByteLength()) * engine.GetByteLength();
|
||||
|
||||
int extra = engine.GetByteLength() - (int)(input.Length % engine.GetByteLength());
|
||||
if (extra < 13) // terminator byte + 96 bits of length
|
||||
{
|
||||
paddedLen += engine.GetByteLength();
|
||||
}
|
||||
|
||||
byte[] padded = new byte[paddedLen];
|
||||
|
||||
Array.Copy(input, 0, padded, 0, input.Length);
|
||||
|
||||
padded[input.Length] = (byte)0x80; // Defined in standard;
|
||||
Pack.UInt32_To_LE((uint)(input.Length * 8), padded, padded.Length - 12); // Defined in standard;
|
||||
|
||||
return padded;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7564Mac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7564Mac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: d69d09dd7ad9f9443b87e0241938ac0d
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
225
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7624Mac.cs
vendored
Normal file
225
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7624Mac.cs
vendored
Normal file
@@ -0,0 +1,225 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Engines;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* implementation of DSTU 7624 MAC
|
||||
*/
|
||||
public class Dstu7624Mac : IMac
|
||||
{
|
||||
private int macSize;
|
||||
|
||||
private Dstu7624Engine engine;
|
||||
private int blockSize;
|
||||
|
||||
private byte[] c, cTemp, kDelta;
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
|
||||
public Dstu7624Mac(int blockSizeBits, int q)
|
||||
{
|
||||
engine = new Dstu7624Engine(blockSizeBits);
|
||||
|
||||
blockSize = blockSizeBits / 8;
|
||||
|
||||
macSize = q / 8;
|
||||
|
||||
c = new byte[blockSize];
|
||||
|
||||
cTemp = new byte[blockSize];
|
||||
|
||||
kDelta = new byte[blockSize];
|
||||
buf = new byte[blockSize];
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is KeyParameter)
|
||||
{
|
||||
engine.Init(true, (KeyParameter)parameters);
|
||||
|
||||
engine.ProcessBlock(kDelta, 0, kDelta, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("invalid parameter passed to Dstu7624Mac init - "
|
||||
+ Org.BouncyCastle.Utilities.Platform.GetTypeName(parameters));
|
||||
}
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "Dstu7624Mac"; }
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
ProcessBlock(buf);
|
||||
#else
|
||||
ProcessBlock(buf, 0);
|
||||
#endif
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = engine.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, buf, bufOff, gapLen);
|
||||
|
||||
ProcessBlock(buf, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
ProcessBlock(input, inOff);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = engine.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
ProcessBlock(buf);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
ProcessBlock(input);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
private void ProcessBlock(ReadOnlySpan<byte> input)
|
||||
{
|
||||
Xor(c, input, cTemp);
|
||||
|
||||
engine.ProcessBlock(cTemp, c);
|
||||
}
|
||||
|
||||
private void Xor(ReadOnlySpan<byte> c, ReadOnlySpan<byte> input, Span<byte> xorResult)
|
||||
{
|
||||
for (int byteIndex = 0; byteIndex < blockSize; byteIndex++)
|
||||
{
|
||||
xorResult[byteIndex] = (byte)(c[byteIndex] ^ input[byteIndex]);
|
||||
}
|
||||
}
|
||||
#else
|
||||
private void ProcessBlock(byte[] input, int inOff)
|
||||
{
|
||||
Xor(c, 0, input, inOff, cTemp);
|
||||
|
||||
engine.ProcessBlock(cTemp, 0, c, 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
private void Xor(byte[] c, int cOff, byte[] input, int inOff, byte[] xorResult)
|
||||
{
|
||||
for (int byteIndex = 0; byteIndex < blockSize; byteIndex++)
|
||||
{
|
||||
xorResult[byteIndex] = (byte)(c[byteIndex + cOff] ^ input[byteIndex + inOff]);
|
||||
}
|
||||
}
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
if (bufOff % buf.Length != 0)
|
||||
throw new DataLengthException("Input must be a multiple of blocksize");
|
||||
|
||||
Check.OutputLength(output, outOff, macSize, "output buffer too short");
|
||||
|
||||
//Last block
|
||||
Xor(c, 0, buf, 0, cTemp);
|
||||
Xor(cTemp, 0, kDelta, 0, c);
|
||||
engine.ProcessBlock(c, 0, c, 0);
|
||||
|
||||
Array.Copy(c, 0, output, outOff, macSize);
|
||||
|
||||
return macSize;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
if (bufOff % buf.Length != 0)
|
||||
throw new DataLengthException("Input must be a multiple of blocksize");
|
||||
|
||||
Check.OutputLength(output, macSize, "output buffer too short");
|
||||
|
||||
//Last block
|
||||
Xor(c, 0, buf, 0, cTemp);
|
||||
Xor(cTemp, 0, kDelta, 0, c);
|
||||
engine.ProcessBlock(c, c);
|
||||
|
||||
c.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
Arrays.Fill(c, (byte)0x00);
|
||||
Arrays.Fill(cTemp, (byte)0x00);
|
||||
Arrays.Fill(kDelta, (byte)0x00);
|
||||
Arrays.Fill(buf, (byte)0x00);
|
||||
engine.ProcessBlock(kDelta, 0, kDelta, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7624Mac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/DSTU7624Mac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 1b0f68b471781c64c913bb2d4613a223
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
133
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GMac.cs
vendored
Normal file
133
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GMac.cs
vendored
Normal file
@@ -0,0 +1,133 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/// <summary>
|
||||
/// The GMAC specialisation of Galois/Counter mode (GCM) detailed in NIST Special Publication
|
||||
/// 800-38D.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// GMac is an invocation of the GCM mode where no data is encrypted (i.e. all input data to the Mac
|
||||
/// is processed as additional authenticated data with the underlying GCM block cipher).
|
||||
/// </remarks>
|
||||
public class GMac
|
||||
: IMac
|
||||
{
|
||||
private readonly GcmBlockCipher cipher;
|
||||
private readonly int macSizeBits;
|
||||
|
||||
/// <summary>
|
||||
/// Creates a GMAC based on the operation of a block cipher in GCM mode.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// This will produce an authentication code the length of the block size of the cipher.
|
||||
/// </remarks>
|
||||
/// <param name="cipher">the cipher to be used in GCM mode to generate the MAC.</param>
|
||||
public GMac(GcmBlockCipher cipher)
|
||||
: this(cipher, 128)
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// This will produce an authentication code the length of the block size of the cipher.
|
||||
/// </remarks>
|
||||
/// <param name="cipher">the cipher to be used in GCM mode to generate the MAC.</param>
|
||||
/// <param name="macSizeBits">the mac size to generate, in bits. Must be a multiple of 8, between 32 and 128 (inclusive).
|
||||
/// Sizes less than 96 are not recommended, but are supported for specialized applications.</param>
|
||||
public GMac(GcmBlockCipher cipher, int macSizeBits)
|
||||
{
|
||||
this.cipher = cipher;
|
||||
this.macSizeBits = macSizeBits;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Initialises the GMAC - requires a <see cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters.ParametersWithIV"/>
|
||||
/// providing a <see cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters.KeyParameter"/> and a nonce.
|
||||
/// </summary>
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is ParametersWithIV param)
|
||||
{
|
||||
byte[] iv = param.GetIV();
|
||||
KeyParameter keyParam = (KeyParameter)param.Parameters;
|
||||
|
||||
// GCM is always operated in encrypt mode to calculate MAC
|
||||
cipher.Init(true, new AeadParameters(keyParam, macSizeBits, iv));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("GMAC requires ParametersWithIV");
|
||||
}
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return cipher.UnderlyingCipher.AlgorithmName + "-GMAC"; }
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSizeBits / 8;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
cipher.ProcessAadByte(input);
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
cipher.ProcessAadBytes(input, inOff, len);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
cipher.ProcessAadBytes(input);
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
try
|
||||
{
|
||||
return cipher.DoFinal(output, outOff);
|
||||
}
|
||||
catch (InvalidCipherTextException e)
|
||||
{
|
||||
// Impossible in encrypt mode
|
||||
throw new InvalidOperationException(e.ToString());
|
||||
}
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
try
|
||||
{
|
||||
return cipher.DoFinal(output);
|
||||
}
|
||||
catch (InvalidCipherTextException e)
|
||||
{
|
||||
// Impossible in encrypt mode
|
||||
throw new InvalidOperationException(e.ToString());
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
cipher.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 74f56097d40442c4bb5949c185df0607
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
377
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GOST28147Mac.cs
vendored
Normal file
377
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GOST28147Mac.cs
vendored
Normal file
@@ -0,0 +1,377 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* implementation of GOST 28147-89 MAC
|
||||
*/
|
||||
public class Gost28147Mac
|
||||
: IMac
|
||||
{
|
||||
private const int BlockSize = 8;
|
||||
private const int MacSize = 4;
|
||||
private int bufOff;
|
||||
private byte[] buf;
|
||||
private byte[] mac;
|
||||
private bool firstStep = true;
|
||||
private int[] workingKey;
|
||||
private byte[] macIV = null;
|
||||
|
||||
//
|
||||
// This is default S-box - E_A.
|
||||
private byte[] S =
|
||||
{
|
||||
0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5,
|
||||
0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1,
|
||||
0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9,
|
||||
0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6,
|
||||
0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6,
|
||||
0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6,
|
||||
0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE,
|
||||
0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4
|
||||
};
|
||||
|
||||
public Gost28147Mac()
|
||||
{
|
||||
mac = new byte[BlockSize];
|
||||
buf = new byte[BlockSize];
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
private static int[] GenerateWorkingKey(
|
||||
byte[] userKey)
|
||||
{
|
||||
if (userKey.Length != 32)
|
||||
throw new ArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!");
|
||||
|
||||
int[] key = new int[8];
|
||||
for(int i=0; i!=8; i++)
|
||||
{
|
||||
key[i] = (int)Pack.LE_To_UInt32(userKey, i * 4);
|
||||
}
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
Reset();
|
||||
buf = new byte[BlockSize];
|
||||
macIV = null;
|
||||
if (parameters is ParametersWithSBox param)
|
||||
{
|
||||
//
|
||||
// Set the S-Box
|
||||
//
|
||||
param.GetSBox().CopyTo(this.S, 0);
|
||||
|
||||
//
|
||||
// set key if there is one
|
||||
//
|
||||
if (param.Parameters != null)
|
||||
{
|
||||
workingKey = GenerateWorkingKey(((KeyParameter)param.Parameters).GetKey());
|
||||
}
|
||||
}
|
||||
else if (parameters is KeyParameter keyParameter)
|
||||
{
|
||||
workingKey = GenerateWorkingKey(keyParameter.GetKey());
|
||||
}
|
||||
else if (parameters is ParametersWithIV ivParam)
|
||||
{
|
||||
workingKey = GenerateWorkingKey(((KeyParameter)ivParam.Parameters).GetKey());
|
||||
macIV = ivParam.GetIV(); // don't skip the initial CM5Func
|
||||
Array.Copy(macIV, 0, mac, 0, mac.Length);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("invalid parameter passed to Gost28147 init - "
|
||||
+ Org.BouncyCastle.Utilities.Platform.GetTypeName(parameters));
|
||||
}
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "Gost28147Mac"; }
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return MacSize;
|
||||
}
|
||||
|
||||
private int Gost28147_mainStep(int n1, int key)
|
||||
{
|
||||
int cm = (key + n1); // CM1
|
||||
|
||||
// S-box replacing
|
||||
|
||||
int om = S[ 0 + ((cm >> (0 * 4)) & 0xF)] << (0 * 4);
|
||||
om += S[ 16 + ((cm >> (1 * 4)) & 0xF)] << (1 * 4);
|
||||
om += S[ 32 + ((cm >> (2 * 4)) & 0xF)] << (2 * 4);
|
||||
om += S[ 48 + ((cm >> (3 * 4)) & 0xF)] << (3 * 4);
|
||||
om += S[ 64 + ((cm >> (4 * 4)) & 0xF)] << (4 * 4);
|
||||
om += S[ 80 + ((cm >> (5 * 4)) & 0xF)] << (5 * 4);
|
||||
om += S[ 96 + ((cm >> (6 * 4)) & 0xF)] << (6 * 4);
|
||||
om += S[112 + ((cm >> (7 * 4)) & 0xF)] << (7 * 4);
|
||||
|
||||
// return om << 11 | om >>> (32-11); // 11-leftshift
|
||||
int omLeft = om << 11;
|
||||
int omRight = (int)(((uint) om) >> (32 - 11)); // Note: Casts required to get unsigned bit rotation
|
||||
|
||||
return omLeft | omRight;
|
||||
}
|
||||
|
||||
private void Gost28147MacFunc(
|
||||
int[] workingKey,
|
||||
byte[] input,
|
||||
int inOff,
|
||||
byte[] output,
|
||||
int outOff)
|
||||
{
|
||||
int N1 = (int)Pack.LE_To_UInt32(input, inOff);
|
||||
int N2 = (int)Pack.LE_To_UInt32(input, inOff + 4);
|
||||
int tmp; //tmp -> for saving N1
|
||||
|
||||
for (int k = 0; k < 2; k++) // 1-16 steps
|
||||
{
|
||||
for (int j = 0; j < 8; j++)
|
||||
{
|
||||
tmp = N1;
|
||||
N1 = N2 ^ Gost28147_mainStep(N1, workingKey[j]); // CM2
|
||||
N2 = tmp;
|
||||
}
|
||||
}
|
||||
|
||||
Pack.UInt32_To_LE((uint)N1, output, outOff);
|
||||
Pack.UInt32_To_LE((uint)N2, output, outOff + 4);
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
byte[] sum = new byte[buf.Length];
|
||||
if (firstStep)
|
||||
{
|
||||
firstStep = false;
|
||||
if (macIV != null)
|
||||
{
|
||||
Cm5Func(buf, 0, macIV, sum);
|
||||
}
|
||||
else
|
||||
{
|
||||
Array.Copy(buf, 0, sum, 0, mac.Length);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Cm5Func(buf, 0, mac, sum);
|
||||
}
|
||||
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int gapLen = BlockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, buf, bufOff, gapLen);
|
||||
|
||||
byte[] sum = new byte[buf.Length];
|
||||
if (firstStep)
|
||||
{
|
||||
firstStep = false;
|
||||
if (macIV != null)
|
||||
{
|
||||
Cm5Func(buf, 0, macIV, sum);
|
||||
}
|
||||
else
|
||||
{
|
||||
Array.Copy(buf, 0, sum, 0, mac.Length);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Cm5Func(buf, 0, mac, sum);
|
||||
}
|
||||
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > BlockSize)
|
||||
{
|
||||
Cm5Func(input, inOff, mac, sum);
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
len -= BlockSize;
|
||||
inOff += BlockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int gapLen = BlockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
byte[] sum = new byte[buf.Length];
|
||||
if (firstStep)
|
||||
{
|
||||
firstStep = false;
|
||||
if (macIV != null)
|
||||
{
|
||||
Cm5Func(buf, macIV, sum);
|
||||
}
|
||||
else
|
||||
{
|
||||
Array.Copy(buf, 0, sum, 0, mac.Length);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Cm5Func(buf, mac, sum);
|
||||
}
|
||||
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > BlockSize)
|
||||
{
|
||||
Cm5Func(input, mac, sum);
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
input = input[BlockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
//padding with zero
|
||||
while (bufOff < BlockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
|
||||
byte[] sum = new byte[buf.Length];
|
||||
if (firstStep)
|
||||
{
|
||||
firstStep = false;
|
||||
Array.Copy(buf, 0, sum, 0, mac.Length);
|
||||
}
|
||||
else
|
||||
{
|
||||
Cm5Func(buf, 0, mac, sum);
|
||||
}
|
||||
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
Array.Copy(mac, (mac.Length/2)-MacSize, output, outOff, MacSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return MacSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
//padding with zero
|
||||
while (bufOff < BlockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
|
||||
byte[] sum = new byte[buf.Length];
|
||||
if (firstStep)
|
||||
{
|
||||
firstStep = false;
|
||||
Array.Copy(buf, 0, sum, 0, mac.Length);
|
||||
}
|
||||
else
|
||||
{
|
||||
Cm5Func(buf, 0, mac, sum);
|
||||
}
|
||||
|
||||
Gost28147MacFunc(workingKey, sum, 0, mac, 0);
|
||||
|
||||
mac.AsSpan((mac.Length / 2) - MacSize, MacSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return MacSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
// Clear the buffer.
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
|
||||
firstStep = true;
|
||||
}
|
||||
|
||||
private static void Cm5Func(byte[] buf, int bufOff, byte[] mac, byte[] sum)
|
||||
{
|
||||
for (int i = 0; i < BlockSize; ++i)
|
||||
{
|
||||
sum[i] = (byte)(buf[bufOff + i] ^ mac[i]);
|
||||
}
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
private static void Cm5Func(ReadOnlySpan<byte> buffer, ReadOnlySpan<byte> mac, Span<byte> sum)
|
||||
{
|
||||
for (int i = 0; i < BlockSize; ++i)
|
||||
{
|
||||
sum[i] = (byte)(buffer[i] ^ mac[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GOST28147Mac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/GOST28147Mac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 1424cc0877fe23443afdd4c15f39f69a
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
203
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/HMac.cs
vendored
Normal file
203
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/HMac.cs
vendored
Normal file
@@ -0,0 +1,203 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* HMAC implementation based on RFC2104
|
||||
*
|
||||
* H(K XOR opad, H(K XOR ipad, text))
|
||||
*/
|
||||
public class HMac
|
||||
: IMac
|
||||
{
|
||||
private const byte IPAD = (byte)0x36;
|
||||
private const byte OPAD = (byte)0x5C;
|
||||
|
||||
private readonly IDigest digest;
|
||||
private readonly int digestSize;
|
||||
private readonly int blockLength;
|
||||
private IMemoable ipadState;
|
||||
private IMemoable opadState;
|
||||
|
||||
private readonly byte[] inputPad;
|
||||
private readonly byte[] outputBuf;
|
||||
|
||||
public HMac(IDigest digest)
|
||||
{
|
||||
this.digest = digest;
|
||||
this.digestSize = digest.GetDigestSize();
|
||||
this.blockLength = digest.GetByteLength();
|
||||
this.inputPad = new byte[blockLength];
|
||||
this.outputBuf = new byte[blockLength + digestSize];
|
||||
}
|
||||
|
||||
public virtual string AlgorithmName
|
||||
{
|
||||
get { return digest.AlgorithmName + "/HMAC"; }
|
||||
}
|
||||
|
||||
public virtual IDigest GetUnderlyingDigest()
|
||||
{
|
||||
return digest;
|
||||
}
|
||||
|
||||
public virtual void Init(ICipherParameters parameters)
|
||||
{
|
||||
digest.Reset();
|
||||
|
||||
byte[] key = ((KeyParameter)parameters).GetKey();
|
||||
int keyLength = key.Length;
|
||||
|
||||
if (keyLength > blockLength)
|
||||
{
|
||||
digest.BlockUpdate(key, 0, keyLength);
|
||||
digest.DoFinal(inputPad, 0);
|
||||
|
||||
keyLength = digestSize;
|
||||
}
|
||||
else
|
||||
{
|
||||
Array.Copy(key, 0, inputPad, 0, keyLength);
|
||||
}
|
||||
|
||||
Array.Clear(inputPad, keyLength, blockLength - keyLength);
|
||||
Array.Copy(inputPad, 0, outputBuf, 0, blockLength);
|
||||
|
||||
XorPad(inputPad, blockLength, IPAD);
|
||||
XorPad(outputBuf, blockLength, OPAD);
|
||||
|
||||
if (digest is IMemoable)
|
||||
{
|
||||
opadState = ((IMemoable)digest).Copy();
|
||||
|
||||
((IDigest)opadState).BlockUpdate(outputBuf, 0, blockLength);
|
||||
}
|
||||
|
||||
digest.BlockUpdate(inputPad, 0, inputPad.Length);
|
||||
|
||||
if (digest is IMemoable)
|
||||
{
|
||||
ipadState = ((IMemoable)digest).Copy();
|
||||
}
|
||||
}
|
||||
|
||||
public virtual int GetMacSize()
|
||||
{
|
||||
return digestSize;
|
||||
}
|
||||
|
||||
public virtual void Update(byte input)
|
||||
{
|
||||
digest.Update(input);
|
||||
}
|
||||
|
||||
public virtual void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
digest.BlockUpdate(input, inOff, len);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public virtual void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
digest.BlockUpdate(input);
|
||||
}
|
||||
#endif
|
||||
|
||||
public virtual int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
digest.DoFinal(outputBuf, blockLength);
|
||||
|
||||
if (opadState != null)
|
||||
{
|
||||
((IMemoable)digest).Reset(opadState);
|
||||
digest.BlockUpdate(outputBuf, blockLength, digestSize);
|
||||
}
|
||||
else
|
||||
{
|
||||
digest.BlockUpdate(outputBuf, 0, outputBuf.Length);
|
||||
}
|
||||
|
||||
int len = digest.DoFinal(output, outOff);
|
||||
|
||||
Array.Clear(outputBuf, blockLength, digestSize);
|
||||
|
||||
if (ipadState != null)
|
||||
{
|
||||
((IMemoable)digest).Reset(ipadState);
|
||||
}
|
||||
else
|
||||
{
|
||||
digest.BlockUpdate(inputPad, 0, inputPad.Length);
|
||||
}
|
||||
|
||||
return len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public virtual int DoFinal(Span<byte> output)
|
||||
{
|
||||
digest.DoFinal(outputBuf.AsSpan(blockLength));
|
||||
|
||||
if (opadState != null)
|
||||
{
|
||||
((IMemoable)digest).Reset(opadState);
|
||||
digest.BlockUpdate(outputBuf.AsSpan(blockLength, digestSize));
|
||||
}
|
||||
else
|
||||
{
|
||||
digest.BlockUpdate(outputBuf);
|
||||
}
|
||||
|
||||
int len = digest.DoFinal(output);
|
||||
|
||||
Array.Clear(outputBuf, blockLength, digestSize);
|
||||
|
||||
if (ipadState != null)
|
||||
{
|
||||
((IMemoable)digest).Reset(ipadState);
|
||||
}
|
||||
else
|
||||
{
|
||||
digest.BlockUpdate(inputPad);
|
||||
}
|
||||
|
||||
return len;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public virtual void Reset()
|
||||
{
|
||||
if (ipadState != null)
|
||||
{
|
||||
((IMemoable)digest).Reset(ipadState);
|
||||
}
|
||||
else
|
||||
{
|
||||
digest.Reset();
|
||||
digest.BlockUpdate(inputPad, 0, inputPad.Length);
|
||||
}
|
||||
}
|
||||
|
||||
private static void XorPad(byte[] pad, int len, byte n)
|
||||
{
|
||||
for (int i = 0; i < len; ++i)
|
||||
{
|
||||
pad[i] ^= n;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/HMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/HMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 35157fb4c25da3d49b28598eaf8c169e
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
353
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/ISO9797Alg3Mac.cs
vendored
Normal file
353
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/ISO9797Alg3Mac.cs
vendored
Normal file
@@ -0,0 +1,353 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Engines;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
|
||||
*
|
||||
* This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
|
||||
* class must be changed to protected
|
||||
*/
|
||||
public class ISO9797Alg3Mac
|
||||
: IMac
|
||||
{
|
||||
private byte[] mac;
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
private IBlockCipher cipher;
|
||||
private IBlockCipherPadding padding;
|
||||
private int macSize;
|
||||
private KeyParameter lastKey2;
|
||||
private KeyParameter lastKey3;
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code of the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation. This must
|
||||
* be DESEngine.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, cipher.GetBlockSize() * 8, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a CBC block cipher. This will produce an
|
||||
* authentication code of the length of the block size of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
IBlockCipherPadding padding)
|
||||
: this(cipher, cipher.GetBlockSize() * 8, padding)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a Retail-MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
|
||||
* MAC generation.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits)
|
||||
: this(cipher, macSizeInBits, null)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
|
||||
* MAC generation. The final block is decrypted and then encrypted using the
|
||||
* middle and right part of the key.
|
||||
* <p>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
* </p>
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
|
||||
* @param padding the padding to be used to complete the last block.
|
||||
*/
|
||||
public ISO9797Alg3Mac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits,
|
||||
IBlockCipherPadding padding)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
if (!(cipher is DesEngine))
|
||||
throw new ArgumentException("cipher must be instance of DesEngine");
|
||||
|
||||
this.cipher = new CbcBlockCipher(cipher);
|
||||
this.padding = padding;
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
mac = new byte[cipher.GetBlockSize()];
|
||||
buf = new byte[cipher.GetBlockSize()];
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "ISO9797Alg3"; }
|
||||
}
|
||||
|
||||
public void Init(
|
||||
ICipherParameters parameters)
|
||||
{
|
||||
Reset();
|
||||
|
||||
if (!(parameters is KeyParameter || parameters is ParametersWithIV))
|
||||
throw new ArgumentException("parameters must be an instance of KeyParameter or ParametersWithIV");
|
||||
|
||||
// KeyParameter must contain a double or triple length DES key,
|
||||
// however the underlying cipher is a single DES. The middle and
|
||||
// right key are used only in the final step.
|
||||
|
||||
KeyParameter kp;
|
||||
if (parameters is KeyParameter)
|
||||
{
|
||||
kp = (KeyParameter)parameters;
|
||||
}
|
||||
else
|
||||
{
|
||||
kp = (KeyParameter)((ParametersWithIV)parameters).Parameters;
|
||||
}
|
||||
|
||||
KeyParameter key1;
|
||||
byte[] keyvalue = kp.GetKey();
|
||||
|
||||
if (keyvalue.Length == 16)
|
||||
{ // Double length DES key
|
||||
key1 = new KeyParameter(keyvalue, 0, 8);
|
||||
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
|
||||
this.lastKey3 = key1;
|
||||
}
|
||||
else if (keyvalue.Length == 24)
|
||||
{ // Triple length DES key
|
||||
key1 = new KeyParameter(keyvalue, 0, 8);
|
||||
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
|
||||
this.lastKey3 = new KeyParameter(keyvalue, 16, 8);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("Key must be either 112 or 168 bit long");
|
||||
}
|
||||
|
||||
if (parameters is ParametersWithIV)
|
||||
{
|
||||
cipher.Init(true, new ParametersWithIV(key1, ((ParametersWithIV)parameters).GetIV()));
|
||||
}
|
||||
else
|
||||
{
|
||||
cipher.Init(true, key1);
|
||||
}
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(
|
||||
byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
int resultLen = 0;
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(input, inOff, buf, bufOff, gapLen);
|
||||
|
||||
resultLen += cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
resultLen += cipher.ProcessBlock(input, inOff, mac, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
int resultLen = 0;
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
resultLen += cipher.ProcessBlock(buf, mac);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
resultLen += cipher.ProcessBlock(input, mac);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
|
||||
if (padding == null)
|
||||
{
|
||||
// pad with zeroes
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
padding.AddPadding(buf, bufOff);
|
||||
}
|
||||
|
||||
cipher.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
// Added to code from base class
|
||||
DesEngine deseng = new DesEngine();
|
||||
|
||||
deseng.Init(false, this.lastKey2);
|
||||
deseng.ProcessBlock(mac, 0, mac, 0);
|
||||
|
||||
deseng.Init(true, this.lastKey3);
|
||||
deseng.ProcessBlock(mac, 0, mac, 0);
|
||||
// ****
|
||||
|
||||
Array.Copy(mac, 0, output, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
int blockSize = cipher.GetBlockSize();
|
||||
|
||||
if (padding == null)
|
||||
{
|
||||
// pad with zeroes
|
||||
while (bufOff < blockSize)
|
||||
{
|
||||
buf[bufOff++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
cipher.ProcessBlock(buf, mac);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
padding.AddPadding(buf, bufOff);
|
||||
}
|
||||
|
||||
cipher.ProcessBlock(buf, mac);
|
||||
|
||||
// Added to code from base class
|
||||
DesEngine deseng = new DesEngine();
|
||||
|
||||
deseng.Init(false, this.lastKey2);
|
||||
deseng.ProcessBlock(mac, mac);
|
||||
|
||||
deseng.Init(true, this.lastKey3);
|
||||
deseng.ProcessBlock(mac, mac);
|
||||
// ****
|
||||
|
||||
mac.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/ISO9797Alg3Mac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/ISO9797Alg3Mac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: f825c88aa1ba0144e848b1ce6908b60e
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
248
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/KMac.cs
vendored
Normal file
248
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/KMac.cs
vendored
Normal file
@@ -0,0 +1,248 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
public class KMac
|
||||
: IMac, IXof
|
||||
{
|
||||
private static readonly byte[] padding = new byte[100];
|
||||
|
||||
private readonly CShakeDigest cshake;
|
||||
private readonly int bitLength;
|
||||
private readonly int outputLength;
|
||||
|
||||
private byte[] key;
|
||||
private bool initialised;
|
||||
private bool firstOutput;
|
||||
|
||||
public KMac(int bitLength, byte[] S)
|
||||
{
|
||||
this.cshake = new CShakeDigest(bitLength, Strings.ToAsciiByteArray("KMAC"), S);
|
||||
this.bitLength = bitLength;
|
||||
this.outputLength = bitLength * 2 / 8;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "KMAC" + cshake.AlgorithmName.Substring(6); }
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
cshake.BlockUpdate(input, inOff, len);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
cshake.BlockUpdate(input);
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
byte[] encOut = XofUtilities.RightEncode(GetMacSize() * 8);
|
||||
|
||||
cshake.BlockUpdate(encOut, 0, encOut.Length);
|
||||
}
|
||||
|
||||
int rv = cshake.OutputFinal(output, outOff, GetMacSize());
|
||||
|
||||
Reset();
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
Span<byte> lengthEncoding = stackalloc byte[9];
|
||||
int count = XofUtilities.RightEncode(GetMacSize() * 8, lengthEncoding);
|
||||
cshake.BlockUpdate(lengthEncoding[..count]);
|
||||
}
|
||||
|
||||
int rv = cshake.OutputFinal(output[..GetMacSize()]);
|
||||
|
||||
Reset();
|
||||
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int OutputFinal(byte[] output, int outOff, int outLen)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
byte[] encOut = XofUtilities.RightEncode(outLen * 8);
|
||||
|
||||
cshake.BlockUpdate(encOut, 0, encOut.Length);
|
||||
}
|
||||
|
||||
int rv = cshake.OutputFinal(output, outOff, outLen);
|
||||
|
||||
Reset();
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int OutputFinal(Span<byte> output)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
Span<byte> lengthEncoding = stackalloc byte[9];
|
||||
int count = XofUtilities.RightEncode(output.Length * 8, lengthEncoding);
|
||||
cshake.BlockUpdate(lengthEncoding[..count]);
|
||||
}
|
||||
|
||||
int rv = cshake.OutputFinal(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int Output(byte[] output, int outOff, int outLen)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
byte[] encOut = XofUtilities.RightEncode(0);
|
||||
|
||||
cshake.BlockUpdate(encOut, 0, encOut.Length);
|
||||
|
||||
firstOutput = false;
|
||||
}
|
||||
|
||||
return cshake.Output(output, outOff, outLen);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int Output(Span<byte> output)
|
||||
{
|
||||
if (firstOutput)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
Span<byte> lengthEncoding = stackalloc byte[9];
|
||||
int count = XofUtilities.RightEncode(0, lengthEncoding);
|
||||
cshake.BlockUpdate(lengthEncoding[..count]);
|
||||
|
||||
firstOutput = false;
|
||||
}
|
||||
|
||||
return cshake.Output(output);
|
||||
}
|
||||
#endif
|
||||
|
||||
public int GetByteLength()
|
||||
{
|
||||
return cshake.GetByteLength();
|
||||
}
|
||||
|
||||
public int GetDigestSize()
|
||||
{
|
||||
return outputLength;
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return outputLength;
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
KeyParameter kParam = (KeyParameter)parameters;
|
||||
this.key = Arrays.Clone(kParam.GetKey());
|
||||
this.initialised = true;
|
||||
Reset();
|
||||
}
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
cshake.Reset();
|
||||
|
||||
if (key != null)
|
||||
{
|
||||
if (bitLength == 128)
|
||||
{
|
||||
bytePad(key, 168);
|
||||
}
|
||||
else
|
||||
{
|
||||
bytePad(key, 136);
|
||||
}
|
||||
}
|
||||
|
||||
firstOutput = true;
|
||||
}
|
||||
|
||||
private void bytePad(byte[] X, int w)
|
||||
{
|
||||
byte[] bytes = XofUtilities.LeftEncode(w);
|
||||
BlockUpdate(bytes, 0, bytes.Length);
|
||||
byte[] encX = encode(X);
|
||||
BlockUpdate(encX, 0, encX.Length);
|
||||
|
||||
int required = w - ((bytes.Length + encX.Length) % w);
|
||||
|
||||
if (required > 0 && required != w)
|
||||
{
|
||||
while (required > padding.Length)
|
||||
{
|
||||
BlockUpdate(padding, 0, padding.Length);
|
||||
required -= padding.Length;
|
||||
}
|
||||
|
||||
BlockUpdate(padding, 0, required);
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] encode(byte[] X)
|
||||
{
|
||||
return Arrays.Concatenate(XofUtilities.LeftEncode(X.Length * 8), X);
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (!initialised)
|
||||
throw new InvalidOperationException("KMAC not initialized");
|
||||
|
||||
cshake.Update(input);
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/KMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/KMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 6f1ea65adc1855c4e9fc3cf3a6ecc454
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
387
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/Poly1305.cs
vendored
Normal file
387
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/Poly1305.cs
vendored
Normal file
@@ -0,0 +1,387 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
using System.Diagnostics;
|
||||
#if NETCOREAPP3_0_OR_GREATER
|
||||
using System.Runtime.CompilerServices;
|
||||
#endif
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
|
||||
/// <summary>
|
||||
/// Poly1305 message authentication code, designed by D. J. Bernstein.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Poly1305 computes a 128-bit (16 bytes) authenticator, using a 128 bit nonce and a 256 bit key
|
||||
/// consisting of a 128 bit key applied to an underlying cipher, and a 128 bit key (with 106
|
||||
/// effective key bits) used in the authenticator.
|
||||
///
|
||||
/// The polynomial calculation in this implementation is adapted from the public domain <a
|
||||
/// href="https://github.com/floodyberry/poly1305-donna">poly1305-donna-unrolled</a> C implementation
|
||||
/// by Andrew M (@floodyberry).
|
||||
/// </remarks>
|
||||
/// <seealso cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Generators.Poly1305KeyGenerator"/>
|
||||
public class Poly1305
|
||||
: IMac
|
||||
{
|
||||
private const int BlockSize = 16;
|
||||
|
||||
private readonly IBlockCipher cipher;
|
||||
|
||||
// Initialised state
|
||||
|
||||
/** Polynomial key */
|
||||
private uint r0, r1, r2, r3, r4;
|
||||
|
||||
/** Precomputed 5 * r[1..4] */
|
||||
private uint s1, s2, s3, s4;
|
||||
|
||||
/** Encrypted nonce */
|
||||
private uint k0, k1, k2, k3;
|
||||
|
||||
// Accumulating state
|
||||
|
||||
/** Current block of buffered input */
|
||||
private byte[] currentBlock = new byte[BlockSize];
|
||||
|
||||
/** Current offset in input buffer */
|
||||
private int currentBlockOffset = 0;
|
||||
|
||||
/** Polynomial accumulator */
|
||||
private uint h0, h1, h2, h3, h4;
|
||||
|
||||
/**
|
||||
* Constructs a Poly1305 MAC, where the key passed to init() will be used directly.
|
||||
*/
|
||||
public Poly1305()
|
||||
{
|
||||
this.cipher = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs a Poly1305 MAC, using a 128 bit block cipher.
|
||||
*/
|
||||
public Poly1305(IBlockCipher cipher)
|
||||
{
|
||||
if (cipher.GetBlockSize() != BlockSize)
|
||||
{
|
||||
throw new ArgumentException("Poly1305 requires a 128 bit block cipher.");
|
||||
}
|
||||
this.cipher = cipher;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Initialises the Poly1305 MAC.
|
||||
/// </summary>
|
||||
/// <param name="parameters">a {@link ParametersWithIV} containing a 128 bit nonce and a {@link KeyParameter} with
|
||||
/// a 256 bit key complying to the {@link Poly1305KeyGenerator Poly1305 key format}.</param>
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
byte[] nonce = null;
|
||||
|
||||
if (cipher != null)
|
||||
{
|
||||
if (!(parameters is ParametersWithIV))
|
||||
throw new ArgumentException("Poly1305 requires an IV when used with a block cipher.", "parameters");
|
||||
|
||||
ParametersWithIV ivParams = (ParametersWithIV)parameters;
|
||||
nonce = ivParams.GetIV();
|
||||
parameters = ivParams.Parameters;
|
||||
}
|
||||
|
||||
if (!(parameters is KeyParameter))
|
||||
throw new ArgumentException("Poly1305 requires a key.");
|
||||
|
||||
KeyParameter keyParams = (KeyParameter)parameters;
|
||||
|
||||
SetKey(keyParams.GetKey(), nonce);
|
||||
|
||||
Reset();
|
||||
}
|
||||
|
||||
private void SetKey(byte[] key, byte[] nonce)
|
||||
{
|
||||
if (key.Length != 32)
|
||||
throw new ArgumentException("Poly1305 key must be 256 bits.");
|
||||
|
||||
if (cipher != null && (nonce == null || nonce.Length != BlockSize))
|
||||
throw new ArgumentException("Poly1305 requires a 128 bit IV.");
|
||||
|
||||
// Extract r portion of key (and "clamp" the values)
|
||||
uint t0 = Pack.LE_To_UInt32(key, 0);
|
||||
uint t1 = Pack.LE_To_UInt32(key, 4);
|
||||
uint t2 = Pack.LE_To_UInt32(key, 8);
|
||||
uint t3 = Pack.LE_To_UInt32(key, 12);
|
||||
|
||||
// NOTE: The masks perform the key "clamping" implicitly
|
||||
r0 = t0 & 0x03FFFFFFU;
|
||||
r1 = ((t0 >> 26) | (t1 << 6)) & 0x03FFFF03U;
|
||||
r2 = ((t1 >> 20) | (t2 << 12)) & 0x03FFC0FFU;
|
||||
r3 = ((t2 >> 14) | (t3 << 18)) & 0x03F03FFFU;
|
||||
r4 = (t3 >> 8) & 0x000FFFFFU;
|
||||
|
||||
// Precompute multipliers
|
||||
s1 = r1 * 5;
|
||||
s2 = r2 * 5;
|
||||
s3 = r3 * 5;
|
||||
s4 = r4 * 5;
|
||||
|
||||
byte[] kBytes;
|
||||
int kOff;
|
||||
|
||||
if (cipher == null)
|
||||
{
|
||||
kBytes = key;
|
||||
kOff = BlockSize;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Compute encrypted nonce
|
||||
kBytes = new byte[BlockSize];
|
||||
kOff = 0;
|
||||
|
||||
cipher.Init(true, new KeyParameter(key, BlockSize, BlockSize));
|
||||
cipher.ProcessBlock(nonce, 0, kBytes, 0);
|
||||
}
|
||||
|
||||
k0 = Pack.LE_To_UInt32(kBytes, kOff + 0);
|
||||
k1 = Pack.LE_To_UInt32(kBytes, kOff + 4);
|
||||
k2 = Pack.LE_To_UInt32(kBytes, kOff + 8);
|
||||
k3 = Pack.LE_To_UInt32(kBytes, kOff + 12);
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return cipher == null ? "Poly1305" : "Poly1305-" + cipher.AlgorithmName; }
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return BlockSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
currentBlock[currentBlockOffset++] = input;
|
||||
if (currentBlockOffset == BlockSize)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
ProcessBlock(currentBlock);
|
||||
#else
|
||||
ProcessBlock(currentBlock, 0);
|
||||
#endif
|
||||
currentBlockOffset = 0;
|
||||
}
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
Check.DataLength(input, inOff, len, "input buffer too short");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(inOff, len));
|
||||
#else
|
||||
int available = BlockSize - currentBlockOffset;
|
||||
if (len < available)
|
||||
{
|
||||
Array.Copy(input, inOff, currentBlock, currentBlockOffset, len);
|
||||
currentBlockOffset += len;
|
||||
return;
|
||||
}
|
||||
|
||||
int pos = 0;
|
||||
if (currentBlockOffset > 0)
|
||||
{
|
||||
Array.Copy(input, inOff, currentBlock, currentBlockOffset, available);
|
||||
pos = available;
|
||||
ProcessBlock(currentBlock, 0);
|
||||
}
|
||||
|
||||
int remaining;
|
||||
while ((remaining = len - pos) >= BlockSize)
|
||||
{
|
||||
ProcessBlock(input, inOff + pos);
|
||||
pos += BlockSize;
|
||||
}
|
||||
|
||||
Array.Copy(input, inOff + pos, currentBlock, 0, remaining);
|
||||
currentBlockOffset = remaining;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int available = BlockSize - currentBlockOffset;
|
||||
if (input.Length < available)
|
||||
{
|
||||
input.CopyTo(currentBlock.AsSpan(currentBlockOffset));
|
||||
currentBlockOffset += input.Length;
|
||||
return;
|
||||
}
|
||||
|
||||
int pos = 0;
|
||||
if (currentBlockOffset > 0)
|
||||
{
|
||||
input[..available].CopyTo(currentBlock.AsSpan(currentBlockOffset));
|
||||
pos = available;
|
||||
ProcessBlock(currentBlock);
|
||||
}
|
||||
|
||||
int remaining;
|
||||
while ((remaining = input.Length - pos) >= BlockSize)
|
||||
{
|
||||
ProcessBlock(input[pos..]);
|
||||
pos += BlockSize;
|
||||
}
|
||||
|
||||
input[pos..].CopyTo(currentBlock);
|
||||
currentBlockOffset = remaining;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
private void ProcessBlock(ReadOnlySpan<byte> block)
|
||||
{
|
||||
uint t0 = Pack.LE_To_UInt32(block);
|
||||
uint t1 = Pack.LE_To_UInt32(block[4..]);
|
||||
uint t2 = Pack.LE_To_UInt32(block[8..]);
|
||||
uint t3 = Pack.LE_To_UInt32(block[12..]);
|
||||
#else
|
||||
private void ProcessBlock(byte[] buf, int off)
|
||||
{
|
||||
uint t0 = Pack.LE_To_UInt32(buf, off + 0);
|
||||
uint t1 = Pack.LE_To_UInt32(buf, off + 4);
|
||||
uint t2 = Pack.LE_To_UInt32(buf, off + 8);
|
||||
uint t3 = Pack.LE_To_UInt32(buf, off + 12);
|
||||
#endif
|
||||
|
||||
h0 += t0 & 0x3ffffffU;
|
||||
h1 += ((t1 << 6) | (t0 >> 26)) & 0x3ffffffU;
|
||||
h2 += ((t2 << 12) | (t1 >> 20)) & 0x3ffffffU;
|
||||
h3 += ((t3 << 18) | (t2 >> 14)) & 0x3ffffffU;
|
||||
h4 += ( 1 << 24) | (t3 >> 8);
|
||||
|
||||
ulong tp0 = (ulong)h0 * r0 + (ulong)h1 * s4 + (ulong)h2 * s3 + (ulong)h3 * s2 + (ulong)h4 * s1;
|
||||
ulong tp1 = (ulong)h0 * r1 + (ulong)h1 * r0 + (ulong)h2 * s4 + (ulong)h3 * s3 + (ulong)h4 * s2;
|
||||
ulong tp2 = (ulong)h0 * r2 + (ulong)h1 * r1 + (ulong)h2 * r0 + (ulong)h3 * s4 + (ulong)h4 * s3;
|
||||
ulong tp3 = (ulong)h0 * r3 + (ulong)h1 * r2 + (ulong)h2 * r1 + (ulong)h3 * r0 + (ulong)h4 * s4;
|
||||
ulong tp4 = (ulong)h0 * r4 + (ulong)h1 * r3 + (ulong)h2 * r2 + (ulong)h3 * r1 + (ulong)h4 * r0;
|
||||
|
||||
h0 = (uint)tp0 & 0x3ffffff; tp1 += (tp0 >> 26);
|
||||
h1 = (uint)tp1 & 0x3ffffff; tp2 += (tp1 >> 26);
|
||||
h2 = (uint)tp2 & 0x3ffffff; tp3 += (tp2 >> 26);
|
||||
h3 = (uint)tp3 & 0x3ffffff; tp4 += (tp3 >> 26);
|
||||
h4 = (uint)tp4 & 0x3ffffff;
|
||||
h0 += (uint)(tp4 >> 26) * 5;
|
||||
h1 += h0 >> 26; h0 &= 0x3ffffff;
|
||||
}
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
Check.OutputLength(output, outOff, BlockSize, "output buffer is too short.");
|
||||
|
||||
if (currentBlockOffset > 0)
|
||||
{
|
||||
// Process padded block
|
||||
if (currentBlockOffset < BlockSize)
|
||||
{
|
||||
currentBlock[currentBlockOffset++] = 1;
|
||||
while (currentBlockOffset < BlockSize)
|
||||
{
|
||||
currentBlock[currentBlockOffset++] = 0;
|
||||
}
|
||||
|
||||
h4 -= (1 << 24);
|
||||
}
|
||||
|
||||
ProcessBlock(currentBlock, 0);
|
||||
}
|
||||
|
||||
Debug.Assert(h4 >> 26 == 0);
|
||||
|
||||
//h0 += (h4 >> 26) * 5U + 5U; h4 &= 0x3ffffff;
|
||||
h0 += 5U;
|
||||
h1 += h0 >> 26; h0 &= 0x3ffffff;
|
||||
h2 += h1 >> 26; h1 &= 0x3ffffff;
|
||||
h3 += h2 >> 26; h2 &= 0x3ffffff;
|
||||
h4 += h3 >> 26; h3 &= 0x3ffffff;
|
||||
|
||||
long c = ((int)(h4 >> 26) - 1) * 5;
|
||||
c += (long)k0 + ((h0 ) | (h1 << 26));
|
||||
Pack.UInt32_To_LE((uint)c, output, outOff ); c >>= 32;
|
||||
c += (long)k1 + ((h1 >> 6) | (h2 << 20));
|
||||
Pack.UInt32_To_LE((uint)c, output, outOff + 4); c >>= 32;
|
||||
c += (long)k2 + ((h2 >> 12) | (h3 << 14));
|
||||
Pack.UInt32_To_LE((uint)c, output, outOff + 8); c >>= 32;
|
||||
c += (long)k3 + ((h3 >> 18) | (h4 << 8));
|
||||
Pack.UInt32_To_LE((uint)c, output, outOff + 12);
|
||||
|
||||
Reset();
|
||||
return BlockSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
Check.OutputLength(output, BlockSize, "output buffer is too short.");
|
||||
|
||||
if (currentBlockOffset > 0)
|
||||
{
|
||||
// Process padded block
|
||||
if (currentBlockOffset < BlockSize)
|
||||
{
|
||||
currentBlock[currentBlockOffset++] = 1;
|
||||
while (currentBlockOffset < BlockSize)
|
||||
{
|
||||
currentBlock[currentBlockOffset++] = 0;
|
||||
}
|
||||
|
||||
h4 -= (1 << 24);
|
||||
}
|
||||
|
||||
ProcessBlock(currentBlock);
|
||||
}
|
||||
|
||||
Debug.Assert(h4 >> 26 == 0);
|
||||
|
||||
//h0 += (h4 >> 26) * 5U + 5U; h4 &= 0x3ffffff;
|
||||
h0 += 5U;
|
||||
h1 += h0 >> 26; h0 &= 0x3ffffff;
|
||||
h2 += h1 >> 26; h1 &= 0x3ffffff;
|
||||
h3 += h2 >> 26; h2 &= 0x3ffffff;
|
||||
h4 += h3 >> 26; h3 &= 0x3ffffff;
|
||||
|
||||
long c = ((int)(h4 >> 26) - 1) * 5;
|
||||
c += (long)k0 + ((h0) | (h1 << 26));
|
||||
Pack.UInt32_To_LE((uint)c, output); c >>= 32;
|
||||
c += (long)k1 + ((h1 >> 6) | (h2 << 20));
|
||||
Pack.UInt32_To_LE((uint)c, output[4..]); c >>= 32;
|
||||
c += (long)k2 + ((h2 >> 12) | (h3 << 14));
|
||||
Pack.UInt32_To_LE((uint)c, output[8..]); c >>= 32;
|
||||
c += (long)k3 + ((h3 >> 18) | (h4 << 8));
|
||||
Pack.UInt32_To_LE((uint)c, output[12..]);
|
||||
|
||||
Reset();
|
||||
return BlockSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
currentBlockOffset = 0;
|
||||
|
||||
h0 = h1 = h2 = h3 = h4 = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/Poly1305.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/Poly1305.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: d56577fc790bfba40b34bc7555228089
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
258
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SipHash.cs
vendored
Normal file
258
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SipHash.cs
vendored
Normal file
@@ -0,0 +1,258 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/// <summary>
|
||||
/// Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe
|
||||
/// Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf).
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of
|
||||
/// compression rounds and the number of finalization rounds. A compression round is identical to a
|
||||
/// finalization round and this round function is called SipRound. Given a 128-bit key k and a
|
||||
/// (possibly empty) byte string m, SipHash-c-d returns a 64-bit value..."
|
||||
/// </remarks>
|
||||
public class SipHash
|
||||
: IMac
|
||||
{
|
||||
protected readonly int c, d;
|
||||
|
||||
protected long k0, k1;
|
||||
protected long v0, v1, v2, v3;
|
||||
|
||||
protected long m = 0;
|
||||
protected int wordPos = 0;
|
||||
protected int wordCount = 0;
|
||||
|
||||
/// <summary>SipHash-2-4</summary>
|
||||
public SipHash()
|
||||
: this(2, 4)
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>SipHash-c-d</summary>
|
||||
/// <param name="c">the number of compression rounds</param>
|
||||
/// <param name="d">the number of finalization rounds</param>
|
||||
public SipHash(int c, int d)
|
||||
{
|
||||
this.c = c;
|
||||
this.d = d;
|
||||
}
|
||||
|
||||
public virtual string AlgorithmName
|
||||
{
|
||||
get { return "SipHash-" + c + "-" + d; }
|
||||
}
|
||||
|
||||
public virtual int GetMacSize()
|
||||
{
|
||||
return 8;
|
||||
}
|
||||
|
||||
public virtual void Init(ICipherParameters parameters)
|
||||
{
|
||||
KeyParameter keyParameter = parameters as KeyParameter;
|
||||
if (keyParameter == null)
|
||||
throw new ArgumentException("must be an instance of KeyParameter", "parameters");
|
||||
byte[] key = keyParameter.GetKey();
|
||||
if (key.Length != 16)
|
||||
throw new ArgumentException("must be a 128-bit key", "parameters");
|
||||
|
||||
this.k0 = (long)Pack.LE_To_UInt64(key, 0);
|
||||
this.k1 = (long)Pack.LE_To_UInt64(key, 8);
|
||||
|
||||
Reset();
|
||||
}
|
||||
|
||||
public virtual void Update(byte input)
|
||||
{
|
||||
m = (long)(((ulong)m >> 8) | ((ulong)input << 56));
|
||||
|
||||
if (++wordPos == 8)
|
||||
{
|
||||
ProcessMessageWord();
|
||||
wordPos = 0;
|
||||
}
|
||||
}
|
||||
|
||||
public virtual void BlockUpdate(byte[] input, int offset, int length)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(input.AsSpan(offset, length));
|
||||
#else
|
||||
int i = 0, fullWords = length & ~7;
|
||||
if (wordPos == 0)
|
||||
{
|
||||
for (; i < fullWords; i += 8)
|
||||
{
|
||||
m = (long)Pack.LE_To_UInt64(input, offset + i);
|
||||
ProcessMessageWord();
|
||||
}
|
||||
for (; i < length; ++i)
|
||||
{
|
||||
m = (long)(((ulong)m >> 8) | ((ulong)input[offset + i] << 56));
|
||||
}
|
||||
wordPos = length - fullWords;
|
||||
}
|
||||
else
|
||||
{
|
||||
int bits = wordPos << 3;
|
||||
for (; i < fullWords; i += 8)
|
||||
{
|
||||
ulong n = Pack.LE_To_UInt64(input, offset + i);
|
||||
m = (long)((n << bits) | ((ulong)m >> -bits));
|
||||
ProcessMessageWord();
|
||||
m = (long)n;
|
||||
}
|
||||
for (; i < length; ++i)
|
||||
{
|
||||
m = (long)(((ulong)m >> 8) | ((ulong)input[offset + i] << 56));
|
||||
|
||||
if (++wordPos == 8)
|
||||
{
|
||||
ProcessMessageWord();
|
||||
wordPos = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public virtual void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int length = input.Length;
|
||||
int i = 0, fullWords = length & ~7;
|
||||
if (wordPos == 0)
|
||||
{
|
||||
for (; i < fullWords; i += 8)
|
||||
{
|
||||
m = (long)Pack.LE_To_UInt64(input[i..]);
|
||||
ProcessMessageWord();
|
||||
}
|
||||
for (; i < length; ++i)
|
||||
{
|
||||
m = (long)(((ulong)m >> 8) | ((ulong)input[i] << 56));
|
||||
}
|
||||
wordPos = length - fullWords;
|
||||
}
|
||||
else
|
||||
{
|
||||
int bits = wordPos << 3;
|
||||
for (; i < fullWords; i += 8)
|
||||
{
|
||||
ulong n = Pack.LE_To_UInt64(input[i..]);
|
||||
m = (long)((n << bits) | ((ulong)m >> -bits));
|
||||
ProcessMessageWord();
|
||||
m = (long)n;
|
||||
}
|
||||
for (; i < length; ++i)
|
||||
{
|
||||
m = (long)(((ulong)m >> 8) | ((ulong)input[i] << 56));
|
||||
|
||||
if (++wordPos == 8)
|
||||
{
|
||||
ProcessMessageWord();
|
||||
wordPos = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
public virtual long DoFinal()
|
||||
{
|
||||
// NOTE: 2 distinct shifts to avoid "64-bit shift" when wordPos == 0
|
||||
m = (long)((ulong)m >> ((7 - wordPos) << 3));
|
||||
m = (long)((ulong)m >> 8);
|
||||
m = (long)((ulong)m | ((ulong)((wordCount << 3) + wordPos) << 56));
|
||||
|
||||
ProcessMessageWord();
|
||||
|
||||
v2 ^= 0xffL;
|
||||
|
||||
ApplySipRounds(d);
|
||||
|
||||
long result = v0 ^ v1 ^ v2 ^ v3;
|
||||
|
||||
Reset();
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
public virtual int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
long result = DoFinal();
|
||||
Pack.UInt64_To_LE((ulong)result, output, outOff);
|
||||
return 8;
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
long result = DoFinal();
|
||||
Pack.UInt64_To_LE((ulong)result, output);
|
||||
return 8;
|
||||
}
|
||||
#endif
|
||||
|
||||
public virtual void Reset()
|
||||
{
|
||||
v0 = k0 ^ 0x736f6d6570736575L;
|
||||
v1 = k1 ^ 0x646f72616e646f6dL;
|
||||
v2 = k0 ^ 0x6c7967656e657261L;
|
||||
v3 = k1 ^ 0x7465646279746573L;
|
||||
|
||||
m = 0;
|
||||
wordPos = 0;
|
||||
wordCount = 0;
|
||||
}
|
||||
|
||||
protected virtual void ProcessMessageWord()
|
||||
{
|
||||
++wordCount;
|
||||
v3 ^= m;
|
||||
ApplySipRounds(c);
|
||||
v0 ^= m;
|
||||
}
|
||||
|
||||
protected virtual void ApplySipRounds(int n)
|
||||
{
|
||||
long r0 = v0, r1 = v1, r2 = v2, r3 = v3;
|
||||
|
||||
for (int r = 0; r < n; ++r)
|
||||
{
|
||||
r0 += r1;
|
||||
r2 += r3;
|
||||
r1 = RotateLeft(r1, 13);
|
||||
r3 = RotateLeft(r3, 16);
|
||||
r1 ^= r0;
|
||||
r3 ^= r2;
|
||||
r0 = RotateLeft(r0, 32);
|
||||
r2 += r1;
|
||||
r0 += r3;
|
||||
r1 = RotateLeft(r1, 17);
|
||||
r3 = RotateLeft(r3, 21);
|
||||
r1 ^= r2;
|
||||
r3 ^= r0;
|
||||
r2 = RotateLeft(r2, 32);
|
||||
}
|
||||
|
||||
v0 = r0; v1 = r1; v2 = r2; v3 = r3;
|
||||
}
|
||||
|
||||
protected static long RotateLeft(long x, int n)
|
||||
{
|
||||
ulong ux = (ulong)x;
|
||||
ux = (ux << n) | (ux >> -n);
|
||||
return (long)ux;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SipHash.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SipHash.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: b3e8cb0bdb193da438a939f63d803762
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
135
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SkeinMac.cs
vendored
Normal file
135
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SkeinMac.cs
vendored
Normal file
@@ -0,0 +1,135 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
|
||||
/// <summary>
|
||||
/// Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes,
|
||||
/// based on the <see cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Engines.ThreefishEngine">Threefish</see> tweakable block cipher.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
|
||||
/// competition in October 2010.
|
||||
/// <p/>
|
||||
/// Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
|
||||
/// Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
|
||||
/// </remarks>
|
||||
/// <seealso cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests.SkeinEngine"/>
|
||||
/// <seealso cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters.SkeinParameters"/>
|
||||
public class SkeinMac
|
||||
: IMac
|
||||
{
|
||||
/// <summary>
|
||||
/// 256 bit block size - Skein-256
|
||||
/// </summary>
|
||||
public const int SKEIN_256 = SkeinEngine.SKEIN_256;
|
||||
/// <summary>
|
||||
/// 512 bit block size - Skein-512
|
||||
/// </summary>
|
||||
public const int SKEIN_512 = SkeinEngine.SKEIN_512;
|
||||
/// <summary>
|
||||
/// 1024 bit block size - Skein-1024
|
||||
/// </summary>
|
||||
public const int SKEIN_1024 = SkeinEngine.SKEIN_1024;
|
||||
|
||||
private readonly SkeinEngine engine;
|
||||
|
||||
/// <summary>
|
||||
/// Constructs a Skein MAC with an internal state size and output size.
|
||||
/// </summary>
|
||||
/// <param name="stateSizeBits">the internal state size in bits - one of <see cref="SKEIN_256"/> <see cref="SKEIN_512"/> or
|
||||
/// <see cref="SKEIN_1024"/>.</param>
|
||||
/// <param name="digestSizeBits">the output/MAC size to produce in bits, which must be an integral number of
|
||||
/// bytes.</param>
|
||||
public SkeinMac(int stateSizeBits, int digestSizeBits)
|
||||
{
|
||||
this.engine = new SkeinEngine(stateSizeBits, digestSizeBits);
|
||||
}
|
||||
|
||||
public SkeinMac(SkeinMac mac)
|
||||
{
|
||||
this.engine = new SkeinEngine(mac.engine);
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return "Skein-MAC-" + (engine.BlockSize * 8) + "-" + (engine.OutputSize * 8); }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Optionally initialises the Skein digest with the provided parameters.
|
||||
/// </summary>
|
||||
/// See <see cref="Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters.SkeinParameters"></see> for details on the parameterisation of the Skein hash function.
|
||||
/// <param name="parameters">the parameters to apply to this engine, or <code>null</code> to use no parameters.</param>
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
SkeinParameters skeinParameters;
|
||||
if (parameters is SkeinParameters)
|
||||
{
|
||||
skeinParameters = (SkeinParameters)parameters;
|
||||
}
|
||||
else if (parameters is KeyParameter)
|
||||
{
|
||||
skeinParameters = new SkeinParameters.Builder().SetKey(((KeyParameter)parameters).GetKey()).Build();
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("Invalid parameter passed to Skein MAC init - "
|
||||
+ Org.BouncyCastle.Utilities.Platform.GetTypeName(parameters));
|
||||
}
|
||||
if (skeinParameters.GetKey() == null)
|
||||
{
|
||||
throw new ArgumentException("Skein MAC requires a key parameter.");
|
||||
}
|
||||
engine.Init(skeinParameters);
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return engine.OutputSize;
|
||||
}
|
||||
|
||||
public void Reset()
|
||||
{
|
||||
engine.Reset();
|
||||
}
|
||||
|
||||
public void Update(byte inByte)
|
||||
{
|
||||
engine.Update(inByte);
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] input, int inOff, int len)
|
||||
{
|
||||
engine.BlockUpdate(input, inOff, len);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
engine.BlockUpdate(input);
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
return engine.DoFinal(output, outOff);
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
return engine.DoFinal(output);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SkeinMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/SkeinMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 4950b87ce259bcd428f78591cb0c52ca
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
242
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/VMPCMac.cs
vendored
Normal file
242
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/VMPCMac.cs
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
public class VmpcMac
|
||||
: IMac
|
||||
{
|
||||
private byte g;
|
||||
|
||||
private byte n = 0;
|
||||
private byte[] P = null;
|
||||
private byte s = 0;
|
||||
|
||||
private byte[] T;
|
||||
private byte[] workingIV;
|
||||
|
||||
private byte[] workingKey;
|
||||
|
||||
private byte x1, x2, x3, x4;
|
||||
|
||||
public virtual int DoFinal(byte[] output, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(output.AsSpan(outOff));
|
||||
#else
|
||||
// Execute the Post-Processing Phase
|
||||
for (int r = 1; r < 25; r++)
|
||||
{
|
||||
s = P[(s + P[n & 0xff]) & 0xff];
|
||||
|
||||
x4 = P[(x4 + x3 + r) & 0xff];
|
||||
x3 = P[(x3 + x2 + r) & 0xff];
|
||||
x2 = P[(x2 + x1 + r) & 0xff];
|
||||
x1 = P[(x1 + s + r) & 0xff];
|
||||
T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
|
||||
T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
|
||||
T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
|
||||
T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
|
||||
g = (byte) ((g + 4) & 0x1f);
|
||||
|
||||
byte temp = P[n & 0xff];
|
||||
P[n & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
n = (byte) ((n + 1) & 0xff);
|
||||
}
|
||||
|
||||
// Input T to the IV-phase of the VMPC KSA
|
||||
for (int m = 0; m < 768; m++)
|
||||
{
|
||||
s = P[(s + P[m & 0xff] + T[m & 0x1f]) & 0xff];
|
||||
byte temp = P[m & 0xff];
|
||||
P[m & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
|
||||
// Store 20 new outputs of the VMPC Stream Cipher input table M
|
||||
byte[] M = new byte[20];
|
||||
for (int i = 0; i < 20; i++)
|
||||
{
|
||||
s = P[(s + P[i & 0xff]) & 0xff];
|
||||
M[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
|
||||
|
||||
byte temp = P[i & 0xff];
|
||||
P[i & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
|
||||
Array.Copy(M, 0, output, outOff, M.Length);
|
||||
Reset();
|
||||
|
||||
return M.Length;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public virtual int DoFinal(Span<byte> output)
|
||||
{
|
||||
// Execute the Post-Processing Phase
|
||||
for (int r = 1; r < 25; r++)
|
||||
{
|
||||
s = P[(s + P[n & 0xff]) & 0xff];
|
||||
|
||||
x4 = P[(x4 + x3 + r) & 0xff];
|
||||
x3 = P[(x3 + x2 + r) & 0xff];
|
||||
x2 = P[(x2 + x1 + r) & 0xff];
|
||||
x1 = P[(x1 + s + r) & 0xff];
|
||||
T[g & 0x1f] = (byte)(T[g & 0x1f] ^ x1);
|
||||
T[(g + 1) & 0x1f] = (byte)(T[(g + 1) & 0x1f] ^ x2);
|
||||
T[(g + 2) & 0x1f] = (byte)(T[(g + 2) & 0x1f] ^ x3);
|
||||
T[(g + 3) & 0x1f] = (byte)(T[(g + 3) & 0x1f] ^ x4);
|
||||
g = (byte)((g + 4) & 0x1f);
|
||||
|
||||
byte temp = P[n & 0xff];
|
||||
P[n & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
n = (byte)((n + 1) & 0xff);
|
||||
}
|
||||
|
||||
// Input T to the IV-phase of the VMPC KSA
|
||||
for (int m = 0; m < 768; m++)
|
||||
{
|
||||
s = P[(s + P[m & 0xff] + T[m & 0x1f]) & 0xff];
|
||||
byte temp = P[m & 0xff];
|
||||
P[m & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
|
||||
// Store 20 new outputs of the VMPC Stream Cipher input table M
|
||||
byte[] M = new byte[20];
|
||||
for (int i = 0; i < 20; i++)
|
||||
{
|
||||
s = P[(s + P[i & 0xff]) & 0xff];
|
||||
M[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
|
||||
|
||||
byte temp = P[i & 0xff];
|
||||
P[i & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
|
||||
M.CopyTo(output);
|
||||
Reset();
|
||||
|
||||
return M.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public virtual string AlgorithmName
|
||||
{
|
||||
get { return "VMPC-MAC"; }
|
||||
}
|
||||
|
||||
public virtual int GetMacSize()
|
||||
{
|
||||
return 20;
|
||||
}
|
||||
|
||||
public virtual void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (!(parameters is ParametersWithIV))
|
||||
throw new ArgumentException("VMPC-MAC Init parameters must include an IV", "parameters");
|
||||
|
||||
ParametersWithIV ivParams = (ParametersWithIV) parameters;
|
||||
KeyParameter key = (KeyParameter) ivParams.Parameters;
|
||||
|
||||
if (!(ivParams.Parameters is KeyParameter))
|
||||
throw new ArgumentException("VMPC-MAC Init parameters must include a key", "parameters");
|
||||
|
||||
this.workingIV = ivParams.GetIV();
|
||||
|
||||
if (workingIV == null || workingIV.Length < 1 || workingIV.Length > 768)
|
||||
throw new ArgumentException("VMPC-MAC requires 1 to 768 bytes of IV", "parameters");
|
||||
|
||||
this.workingKey = key.GetKey();
|
||||
|
||||
Reset();
|
||||
|
||||
}
|
||||
|
||||
private void initKey(byte[] keyBytes, byte[] ivBytes)
|
||||
{
|
||||
s = 0;
|
||||
P = new byte[256];
|
||||
for (int i = 0; i < 256; i++)
|
||||
{
|
||||
P[i] = (byte) i;
|
||||
}
|
||||
for (int m = 0; m < 768; m++)
|
||||
{
|
||||
s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.Length]) & 0xff];
|
||||
byte temp = P[m & 0xff];
|
||||
P[m & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
for (int m = 0; m < 768; m++)
|
||||
{
|
||||
s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.Length]) & 0xff];
|
||||
byte temp = P[m & 0xff];
|
||||
P[m & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
}
|
||||
n = 0;
|
||||
}
|
||||
|
||||
public virtual void Reset()
|
||||
{
|
||||
initKey(this.workingKey, this.workingIV);
|
||||
g = x1 = x2 = x3 = x4 = n = 0;
|
||||
T = new byte[32];
|
||||
for (int i = 0; i < 32; i++)
|
||||
{
|
||||
T[i] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
public virtual void Update(byte input)
|
||||
{
|
||||
s = P[(s + P[n & 0xff]) & 0xff];
|
||||
byte c = (byte) (input ^ P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff]);
|
||||
|
||||
x4 = P[(x4 + x3) & 0xff];
|
||||
x3 = P[(x3 + x2) & 0xff];
|
||||
x2 = P[(x2 + x1) & 0xff];
|
||||
x1 = P[(x1 + s + c) & 0xff];
|
||||
T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
|
||||
T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
|
||||
T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
|
||||
T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
|
||||
g = (byte) ((g + 4) & 0x1f);
|
||||
|
||||
byte temp = P[n & 0xff];
|
||||
P[n & 0xff] = P[s & 0xff];
|
||||
P[s & 0xff] = temp;
|
||||
n = (byte) ((n + 1) & 0xff);
|
||||
}
|
||||
|
||||
public virtual void BlockUpdate(byte[] input, int inOff, int inLen)
|
||||
{
|
||||
Check.DataLength(input, inOff, inLen, "input buffer too short");
|
||||
|
||||
for (int i = 0; i < inLen; i++)
|
||||
{
|
||||
Update(input[inOff + i]);
|
||||
}
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public virtual void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
for (int i = 0; i < input.Length; i++)
|
||||
{
|
||||
Update(input[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/VMPCMac.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/VMPCMac.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: cfd7f83b18ecf2a49b9d69a9cecd38c1
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
Reference in New Issue
Block a user