add all
This commit is contained in:
321
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs
vendored
Normal file
321
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/crypto/macs/CMac.cs
vendored
Normal file
@@ -0,0 +1,321 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs
|
||||
{
|
||||
/**
|
||||
* CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
|
||||
* <p>
|
||||
* CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
|
||||
* </p><p>
|
||||
* CMAC is a NIST recomendation - see
|
||||
* csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
|
||||
* </p><p>
|
||||
* CMAC/OMAC1 is a blockcipher-based message authentication code designed and
|
||||
* analyzed by Tetsu Iwata and Kaoru Kurosawa.
|
||||
* </p><p>
|
||||
* CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
|
||||
* Authentication Code). OMAC stands for One-Key CBC MAC.
|
||||
* </p><p>
|
||||
* It supports 128- or 64-bits block ciphers, with any key size, and returns
|
||||
* a MAC with dimension less or equal to the block size of the underlying
|
||||
* cipher.
|
||||
* </p>
|
||||
*/
|
||||
public class CMac
|
||||
: IMac
|
||||
{
|
||||
private const byte CONSTANT_128 = (byte)0x87;
|
||||
private const byte CONSTANT_64 = (byte)0x1b;
|
||||
|
||||
private byte[] ZEROES;
|
||||
|
||||
private byte[] mac;
|
||||
|
||||
private byte[] buf;
|
||||
private int bufOff;
|
||||
private IBlockCipherMode m_cipherMode;
|
||||
|
||||
private int macSize;
|
||||
|
||||
private byte[] L, Lu, Lu2;
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a CBC block cipher (64 or 128 bit block).
|
||||
* This will produce an authentication code the length of the block size
|
||||
* of the cipher.
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
*/
|
||||
public CMac(
|
||||
IBlockCipher cipher)
|
||||
: this(cipher, cipher.GetBlockSize() * 8)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* create a standard MAC based on a block cipher with the size of the
|
||||
* MAC been given in bits.
|
||||
* <p/>
|
||||
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
|
||||
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
|
||||
* and in general should be less than the size of the block cipher as it reduces
|
||||
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
|
||||
*
|
||||
* @param cipher the cipher to be used as the basis of the MAC generation.
|
||||
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128.
|
||||
*/
|
||||
public CMac(
|
||||
IBlockCipher cipher,
|
||||
int macSizeInBits)
|
||||
{
|
||||
if ((macSizeInBits % 8) != 0)
|
||||
throw new ArgumentException("MAC size must be multiple of 8");
|
||||
|
||||
if (macSizeInBits > (cipher.GetBlockSize() * 8))
|
||||
{
|
||||
throw new ArgumentException(
|
||||
"MAC size must be less or equal to "
|
||||
+ (cipher.GetBlockSize() * 8));
|
||||
}
|
||||
|
||||
if (cipher.GetBlockSize() != 8 && cipher.GetBlockSize() != 16)
|
||||
{
|
||||
throw new ArgumentException(
|
||||
"Block size must be either 64 or 128 bits");
|
||||
}
|
||||
|
||||
m_cipherMode = new CbcBlockCipher(cipher);
|
||||
this.macSize = macSizeInBits / 8;
|
||||
|
||||
mac = new byte[cipher.GetBlockSize()];
|
||||
|
||||
buf = new byte[cipher.GetBlockSize()];
|
||||
|
||||
ZEROES = new byte[cipher.GetBlockSize()];
|
||||
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
{
|
||||
get { return m_cipherMode.AlgorithmName; }
|
||||
}
|
||||
|
||||
private static int ShiftLeft(byte[] block, byte[] output)
|
||||
{
|
||||
int i = block.Length;
|
||||
uint bit = 0;
|
||||
while (--i >= 0)
|
||||
{
|
||||
uint b = block[i];
|
||||
output[i] = (byte)((b << 1) | bit);
|
||||
bit = (b >> 7) & 1;
|
||||
}
|
||||
return (int)bit;
|
||||
}
|
||||
|
||||
private static byte[] DoubleLu(byte[] input)
|
||||
{
|
||||
byte[] ret = new byte[input.Length];
|
||||
int carry = ShiftLeft(input, ret);
|
||||
int xor = input.Length == 16 ? CONSTANT_128 : CONSTANT_64;
|
||||
|
||||
/*
|
||||
* NOTE: This construction is an attempt at a constant-time implementation.
|
||||
*/
|
||||
ret[input.Length - 1] ^= (byte)(xor >> ((1 - carry) << 3));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
public void Init(ICipherParameters parameters)
|
||||
{
|
||||
if (parameters is KeyParameter)
|
||||
{
|
||||
m_cipherMode.Init(true, parameters);
|
||||
|
||||
//initializes the L, Lu, Lu2 numbers
|
||||
L = new byte[ZEROES.Length];
|
||||
m_cipherMode.ProcessBlock(ZEROES, 0, L, 0);
|
||||
Lu = DoubleLu(L);
|
||||
Lu2 = DoubleLu(Lu);
|
||||
}
|
||||
else if (parameters != null)
|
||||
{
|
||||
// CMAC mode does not permit IV to underlying CBC mode
|
||||
throw new ArgumentException("CMac mode only permits key to be set.", "parameters");
|
||||
}
|
||||
|
||||
Reset();
|
||||
}
|
||||
|
||||
public int GetMacSize()
|
||||
{
|
||||
return macSize;
|
||||
}
|
||||
|
||||
public void Update(byte input)
|
||||
{
|
||||
if (bufOff == buf.Length)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
bufOff = 0;
|
||||
}
|
||||
|
||||
buf[bufOff++] = input;
|
||||
}
|
||||
|
||||
public void BlockUpdate(byte[] inBytes, int inOff, int len)
|
||||
{
|
||||
if (len < 0)
|
||||
throw new ArgumentException("Can't have a negative input length!");
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
BlockUpdate(inBytes.AsSpan(inOff, len));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (len > gapLen)
|
||||
{
|
||||
Array.Copy(inBytes, inOff, buf, bufOff, gapLen);
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
bufOff = 0;
|
||||
len -= gapLen;
|
||||
inOff += gapLen;
|
||||
|
||||
while (len > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(inBytes, inOff, mac, 0);
|
||||
|
||||
len -= blockSize;
|
||||
inOff += blockSize;
|
||||
}
|
||||
}
|
||||
|
||||
Array.Copy(inBytes, inOff, buf, bufOff, len);
|
||||
|
||||
bufOff += len;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public void BlockUpdate(ReadOnlySpan<byte> input)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
int gapLen = blockSize - bufOff;
|
||||
|
||||
if (input.Length > gapLen)
|
||||
{
|
||||
input[..gapLen].CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, mac);
|
||||
|
||||
bufOff = 0;
|
||||
input = input[gapLen..];
|
||||
|
||||
while (input.Length > blockSize)
|
||||
{
|
||||
m_cipherMode.ProcessBlock(input, mac);
|
||||
input = input[blockSize..];
|
||||
}
|
||||
}
|
||||
|
||||
input.CopyTo(buf.AsSpan(bufOff));
|
||||
|
||||
bufOff += input.Length;
|
||||
}
|
||||
#endif
|
||||
|
||||
public int DoFinal(byte[] outBytes, int outOff)
|
||||
{
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
return DoFinal(outBytes.AsSpan(outOff));
|
||||
#else
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
byte[] lu;
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
lu = Lu;
|
||||
}
|
||||
else
|
||||
{
|
||||
new ISO7816d4Padding().AddPadding(buf, bufOff);
|
||||
lu = Lu2;
|
||||
}
|
||||
|
||||
for (int i = 0; i < mac.Length; i++)
|
||||
{
|
||||
buf[i] ^= lu[i];
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, 0, mac, 0);
|
||||
|
||||
Array.Copy(mac, 0, outBytes, outOff, macSize);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
|
||||
public int DoFinal(Span<byte> output)
|
||||
{
|
||||
int blockSize = m_cipherMode.GetBlockSize();
|
||||
|
||||
byte[] lu;
|
||||
if (bufOff == blockSize)
|
||||
{
|
||||
lu = Lu;
|
||||
}
|
||||
else
|
||||
{
|
||||
new ISO7816d4Padding().AddPadding(buf, bufOff);
|
||||
lu = Lu2;
|
||||
}
|
||||
|
||||
for (int i = 0; i < mac.Length; i++)
|
||||
{
|
||||
buf[i] ^= lu[i];
|
||||
}
|
||||
|
||||
m_cipherMode.ProcessBlock(buf, mac);
|
||||
|
||||
mac.AsSpan(0, macSize).CopyTo(output);
|
||||
|
||||
Reset();
|
||||
|
||||
return macSize;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Reset the mac generator.
|
||||
*/
|
||||
public void Reset()
|
||||
{
|
||||
/*
|
||||
* clean the buffer.
|
||||
*/
|
||||
Array.Clear(buf, 0, buf.Length);
|
||||
bufOff = 0;
|
||||
|
||||
/*
|
||||
* Reset the underlying cipher.
|
||||
*/
|
||||
m_cipherMode.Reset();
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
Reference in New Issue
Block a user