This commit is contained in:
2026-06-15 18:18:16 +08:00
parent 97c9fba14e
commit 2b9f134e5f
4164 changed files with 386922 additions and 79 deletions

View File

@@ -0,0 +1,19 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public abstract class CryptoHashAlgorithm
{
public const int md5 = 1;
public const int sha1 = 2;
public const int sha224 = 3;
public const int sha256 = 4;
public const int sha384 = 5;
public const int sha512 = 6;
public const int sm3 = 7;
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 6d936dc47006b56419947d9f121fde07
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,29 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public abstract class CryptoSignatureAlgorithm
{
public const int rsa = 1;
public const int dsa = 2;
public const int ecdsa = 3;
public const int rsa_pss_rsae_sha256 = 4;
public const int rsa_pss_rsae_sha384 = 5;
public const int rsa_pss_rsae_sha512 = 6;
public const int ed25519 = 7;
public const int ed448 = 8;
public const int rsa_pss_pss_sha256 = 9;
public const int rsa_pss_pss_sha384 = 10;
public const int rsa_pss_pss_sha512 = 11;
public const int ecdsa_brainpoolP256r1tls13_sha256 = 26;
public const int ecdsa_brainpoolP384r1tls13_sha384 = 27;
public const int ecdsa_brainpoolP512r1tls13_sha512 = 28;
public const int gostr34102012_256 = 64;
public const int gostr34102012_512 = 65;
public const int sm2 = 200;
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: a9c21464a3cafb84eb1d1ea41410a84e
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,50 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Carrier class for Diffie-Hellman group parameters.</summary>
public class DHGroup
{
private readonly BigInteger g, p, q;
private readonly int l;
/// <summary>Base constructor with the prime factor of (p - 1).</summary>
/// <param name="p">the prime modulus.</param>
/// <param name="q">specifies the prime factor of (p - 1).</param>
/// <param name="g">the base generator.</param>
/// <param name="l"></param>
public DHGroup(BigInteger p, BigInteger q, BigInteger g, int l)
{
this.p = p;
this.g = g;
this.q = q;
this.l = l;
}
public virtual BigInteger G
{
get { return g; }
}
public virtual int L
{
get { return l; }
}
public virtual BigInteger P
{
get { return p; }
}
public virtual BigInteger Q
{
get { return q; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: b0c3655356273524bbb61396c8f664fa
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,252 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Encoders;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Standard Diffie-Hellman groups from various IETF specifications.</summary>
public class DHStandardGroups
{
private static readonly BigInteger Two = BigInteger.Two;
private static BigInteger FromHex(string hex)
{
return new BigInteger(1, Hex.DecodeStrict(hex));
}
//private static DHGroup FromPG(string hexP, string hexG)
//{
// return new DHGroup(FromHex(hexP), null, FromHex(hexG), 0);
//}
private static DHGroup SafePrimeGen2(string hexP)
{
return SafePrimeGen2(hexP, 0);
}
private static DHGroup SafePrimeGen2(string hexP, int l)
{
// NOTE: A group using a safe prime (i.e. q = (p-1)/2), and generator g = 2
BigInteger p = FromHex(hexP);
return new DHGroup(p, p.ShiftRight(1), Two, l);
}
/*
* RFC 2409
*/
private static readonly string rfc2409_768_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
public static readonly DHGroup rfc2409_768 = SafePrimeGen2(rfc2409_768_p);
private static readonly string rfc2409_1024_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
+ "FFFFFFFFFFFFFFFF";
public static readonly DHGroup rfc2409_1024 = SafePrimeGen2(rfc2409_1024_p);
/*
* RFC 3526
*/
private static readonly string rfc3526_1536_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
private static readonly int rfc3526_1536_l = 200; // RFC3526/RFC7919
public static readonly DHGroup rfc3526_1536 = SafePrimeGen2(rfc3526_1536_p, rfc3526_1536_l);
private static readonly string rfc3526_2048_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
private static readonly int rfc3526_2048_l = System.Math.Max(225, 112 * 2); // MAX(RFC3526/RFC7919,FIPS)
public static readonly DHGroup rfc3526_2048 = SafePrimeGen2(rfc3526_2048_p, rfc3526_2048_l);
private static readonly string rfc3526_3072_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
private static readonly int rfc3526_3072_l = System.Math.Max(275, 128 * 2); // MAX(RFC3526/RFC7919,FIPS)
public static readonly DHGroup rfc3526_3072 = SafePrimeGen2(rfc3526_3072_p, rfc3526_3072_l);
private static readonly string rfc3526_4096_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+ "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
+ "FFFFFFFFFFFFFFFF";
private static readonly int rfc3526_4096_l = System.Math.Max(325, 152 * 2); // MAX(RFC3526/RFC7919,FIPS)
public static readonly DHGroup rfc3526_4096 = SafePrimeGen2(rfc3526_4096_p, rfc3526_4096_l);
private static readonly string rfc3526_6144_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+ "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+ "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+ "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+ "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+ "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+ "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+ "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+ "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+ "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+ "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+ "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+ "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+ "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+ "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+ "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+ "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+ "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+ "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+ "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
+ "6DCC4024FFFFFFFFFFFFFFFF";
private static readonly int rfc3526_6144_l = System.Math.Max(375, 176 * 2); // MAX(RFC3526/RFC7919,FIPS)
public static readonly DHGroup rfc3526_6144 = SafePrimeGen2(rfc3526_6144_p, rfc3526_6144_l);
private static readonly string rfc3526_8192_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+ "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" + "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+ "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" + "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+ "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" + "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+ "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+ "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" + "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+ "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" + "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
+ "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" + "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+ "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" + "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
+ "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" + "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
+ "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" + "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
+ "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" + "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
private static readonly int rfc3526_8192_l = System.Math.Max(400, 200 * 2); // MAX(RFC3526/RFC7919,FIPS)
public static readonly DHGroup rfc3526_8192 = SafePrimeGen2(rfc3526_8192_p, rfc3526_8192_l);
/*
* RFC 4306
*/
public static readonly DHGroup rfc4306_768 = rfc2409_768;
public static readonly DHGroup rfc4306_1024 = rfc2409_1024;
/*
* RFC 5996
*/
public static readonly DHGroup rfc5996_768 = rfc4306_768;
public static readonly DHGroup rfc5996_1024 = rfc4306_1024;
/*
* RFC 7919
*/
private static readonly string rfc7919_ffdhe2048_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B423861285C97FFFFFFFFFFFFFFFF";
private static readonly int rfc7919_ffdhe2048_l = System.Math.Max(225, 112 * 2); // MAX(RFC7919,FIPS)
public static readonly DHGroup rfc7919_ffdhe2048 = SafePrimeGen2(rfc7919_ffdhe2048_p, rfc7919_ffdhe2048_l);
private static readonly string rfc7919_ffdhe3072_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+ "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+ "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+ "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF";
private static readonly int rfc7919_ffdhe3072_l = System.Math.Max(275, 128 * 2); // MAX(RFC7919,FIPS)
public static readonly DHGroup rfc7919_ffdhe3072 = SafePrimeGen2(rfc7919_ffdhe3072_p, rfc7919_ffdhe3072_l);
private static readonly string rfc7919_ffdhe4096_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+ "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+ "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+ "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+ "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+ "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A"
+ "FFFFFFFFFFFFFFFF";
private static readonly int rfc7919_ffdhe4096_l = System.Math.Max(325, 152 * 2); // MAX(RFC7919,FIPS)
public static readonly DHGroup rfc7919_ffdhe4096 = SafePrimeGen2(rfc7919_ffdhe4096_p, rfc7919_ffdhe4096_l);
private static readonly string rfc7919_ffdhe6144_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+ "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+ "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+ "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+ "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+ "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902"
+ "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A"
+ "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3"
+ "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6"
+ "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + "D72B03746AE77F5E62292C311562A846505DC82DB854338A"
+ "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1"
+ "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF";
private static readonly int rfc7919_ffdhe6144_l = System.Math.Max(375, 176 * 2); // MAX(RFC7919,FIPS)
public static readonly DHGroup rfc7919_ffdhe6144 = SafePrimeGen2(rfc7919_ffdhe6144_p, rfc7919_ffdhe6144_l);
private static readonly string rfc7919_ffdhe8192_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+ "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+ "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+ "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+ "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+ "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902"
+ "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A"
+ "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3"
+ "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6"
+ "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + "D72B03746AE77F5E62292C311562A846505DC82DB854338A"
+ "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1"
+ "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" + "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E"
+ "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" + "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282"
+ "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" + "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C"
+ "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" + "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457"
+ "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" + "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D"
+ "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" + "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF";
private static readonly int rfc7919_ffdhe8192_l = System.Math.Max(400, 200 * 2); // MAX(RFC7919,FIPS)
public static readonly DHGroup rfc7919_ffdhe8192 = SafePrimeGen2(rfc7919_ffdhe8192_p, rfc7919_ffdhe8192_l);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 4bcf0622142dc4f46b48a2f7bba37c73
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,35 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Carrier class for SRP-6 group parameters.</summary>
public class Srp6Group
{
private readonly BigInteger n, g;
/// <summary>Base constructor.</summary>
/// <param name="n">the n value.</param>
/// <param name="g">the g value.</param>
public Srp6Group(BigInteger n, BigInteger g)
{
this.n = n;
this.g = g;
}
public virtual BigInteger G
{
get { return g; }
}
public virtual BigInteger N
{
get { return n; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 93f0369e9df00e04882ce37436107a44
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,163 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Encoders;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>A selection of standard groups for SRP-6.</summary>
public class Srp6StandardGroups
{
private static BigInteger FromHex(string hex)
{
return new BigInteger(1, Hex.DecodeStrict(hex));
}
private static Srp6Group FromNG(string hexN, string hexG)
{
return new Srp6Group(FromHex(hexN), FromHex(hexG));
}
/*
* RFC 5054
*/
private static readonly string rfc5054_1024_N = "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C"
+ "9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE4"
+ "8E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B29"
+ "7BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9A" + "FD5138FE8376435B9FC61D2FC0EB06E3";
private static readonly string rfc5054_1024_g = "02";
public static readonly Srp6Group rfc5054_1024 = FromNG(rfc5054_1024_N, rfc5054_1024_g);
private static readonly string rfc5054_1536_N = "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA961"
+ "4B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F843"
+ "80B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0B"
+ "E3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF5"
+ "6EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734A"
+ "F7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E"
+ "8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB";
private static readonly string rfc5054_1536_g = "02";
public static readonly Srp6Group rfc5054_1536 = FromNG(rfc5054_1536_N, rfc5054_1536_g);
private static readonly string rfc5054_2048_N = "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC319294"
+ "3DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310D"
+ "CD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FB"
+ "D5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF74"
+ "7359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A"
+ "436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D"
+ "5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E73"
+ "03CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6"
+ "94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F" + "9E4AFF73";
private static readonly string rfc5054_2048_g = "02";
public static readonly Srp6Group rfc5054_2048 = FromNG(rfc5054_2048_N, rfc5054_2048_g);
private static readonly string rfc5054_3072_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+ "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+ "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+ "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+ "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+ "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+ "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" + "E0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
private static readonly string rfc5054_3072_g = "05";
public static readonly Srp6Group rfc5054_3072 = FromNG(rfc5054_3072_N, rfc5054_3072_g);
private static readonly string rfc5054_4096_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+ "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+ "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+ "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+ "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+ "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+ "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+ "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+ "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+ "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+ "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+ "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" + "FFFFFFFFFFFFFFFF";
private static readonly string rfc5054_4096_g = "05";
public static readonly Srp6Group rfc5054_4096 = FromNG(rfc5054_4096_N, rfc5054_4096_g);
private static readonly string rfc5054_6144_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+ "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+ "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+ "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+ "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+ "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+ "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+ "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+ "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+ "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+ "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+ "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+ "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+ "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+ "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+ "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+ "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+ "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+ "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+ "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" + "6DCC4024FFFFFFFFFFFFFFFF";
private static readonly string rfc5054_6144_g = "05";
public static readonly Srp6Group rfc5054_6144 = FromNG(rfc5054_6144_N, rfc5054_6144_g);
private static readonly string rfc5054_8192_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+ "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+ "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+ "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+ "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+ "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+ "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+ "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+ "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+ "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+ "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+ "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+ "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+ "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+ "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+ "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+ "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+ "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+ "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+ "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
+ "6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA"
+ "3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C"
+ "5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+ "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC886"
+ "2F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A6"
+ "6D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC5"
+ "0846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268"
+ "359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6"
+ "FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" + "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
private static readonly string rfc5054_8192_g = "13";
public static readonly Srp6Group rfc5054_8192 = FromNG(rfc5054_8192_N, rfc5054_8192_g);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 205519e32004ec443a23ee9eff3923d5
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,18 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public interface Tls13Verifier
{
/// <exception cref="IOException"/>
Stream Stream { get; }
/// <exception cref="IOException"/>
bool VerifySignature(byte[] signature);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 1ea3189791a7d584795742784a615f67
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,28 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for ephemeral key agreement calculator.</summary>
public interface TlsAgreement
{
/// <summary>Generate an ephemeral key pair, returning the encoding of the public key.</summary>
/// <returns>a byte encoding of the public key.</returns>
/// <exception cref="IOException"/>
byte[] GenerateEphemeral();
/// <summary>Pass in the public key for the peer to the agreement calculator.</summary>
/// <param name="peerValue">a byte encoding of the peer public key.</param>
/// <exception cref="IOException"/>
void ReceivePeerValue(byte[] peerValue);
/// <summary>Calculate the agreed secret based on the calculator's current state.</summary>
/// <returns>the calculated secret.</returns>
/// <exception cref="IOException"/>
TlsSecret CalculateSecret();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 24670de321572894ba49d4b6a1541cbb
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,61 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface providing the functional representation of a single X.509 certificate.</summary>
public interface TlsCertificate
{
/// <summary>Return an encryptor based on the public key in this certificate.</summary>
/// <param name="tlsCertificateRole"><see cref="TlsCertificateRole"/></param>
/// <returns>a <see cref="TlsEncryptor"/> based on this certificate's public key.</returns>
/// <exception cref="IOException"/>
TlsEncryptor CreateEncryptor(int tlsCertificateRole);
/// <param name="signatureAlgorithm"><see cref="SignatureAlgorithm"/></param>
/// <exception cref="IOException"/>
TlsVerifier CreateVerifier(short signatureAlgorithm);
/// <param name="signatureScheme"><see cref="SignatureScheme"/></param>
/// <exception cref="IOException"/>
Tls13Verifier CreateVerifier(int signatureScheme);
/// <exception cref="IOException"/>
byte[] GetEncoded();
/// <exception cref="IOException"/>
byte[] GetExtension(DerObjectIdentifier extensionOid);
BigInteger SerialNumber { get; }
/// <returns>the OID of this certificate's 'signatureAlgorithm', as a string.</returns>
string SigAlgOid { get; }
/// <exception cref="IOException"/>
Asn1Encodable GetSigAlgParams();
/// <returns><see cref="SignatureAlgorithm"/></returns>
/// <exception cref="IOException"/>
short GetLegacySignatureAlgorithm();
/// <param name="signatureAlgorithm"><see cref="SignatureAlgorithm"/></param>
/// <returns>true if (and only if) this certificate can be used to verify the given signature algorithm.
/// </returns>
/// <exception cref="IOException"/>
bool SupportsSignatureAlgorithm(short signatureAlgorithm);
/// <exception cref="IOException"/>
bool SupportsSignatureAlgorithmCA(short signatureAlgorithm);
/// <param name="tlsCertificateRole"><see cref="TlsCertificateRole"/></param>
/// <exception cref="IOException"/>
TlsCertificate CheckUsageInRole(int tlsCertificateRole);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: f094c228f79705f4ea97f12cdf31b47e
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,16 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public abstract class TlsCertificateRole
{
public const int DH = 1;
public const int ECDH = 2;
public const int RsaEncryption = 3;
public const int Sm2Encryption = 4;
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 0a2666397e244784c857e835885555ed
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,70 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for a TLS bulk cipher.</summary>
public interface TlsCipher
{
/// <summary>Return the maximum input size for a ciphertext given a maximum output size for the plaintext of
/// plaintextLimit bytes.</summary>
/// <param name="plaintextLimit">the maximum output size for the plaintext.</param>
/// <returns>the maximum input size of the ciphertext for plaintextlimit bytes of output.</returns>
int GetCiphertextDecodeLimit(int plaintextLimit);
/// <summary>Return the maximum output size for a ciphertext given an actual input plaintext size of
/// plaintextLength bytes and a maximum input plaintext size of plaintextLimit bytes.</summary>
/// <param name="plaintextLength">the actual input size for the plaintext.</param>
/// <param name="plaintextLimit">the maximum input size for the plaintext.</param>
/// <returns>the maximum output size of the ciphertext for plaintextlimit bytes of input.</returns>
int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit);
/// <summary>Return the maximum size for the plaintext given ciphertextlimit bytes of ciphertext.</summary>
/// <param name="ciphertextLimit">the maximum number of bytes of ciphertext.</param>
/// <returns>the maximum size of the plaintext for ciphertextlimit bytes of input.</returns>
int GetPlaintextLimit(int ciphertextLimit);
/// <summary>Encode the passed in plaintext using the current bulk cipher.</summary>
/// <param name="seqNo">sequence number of the message represented by plaintext.</param>
/// <param name="contentType">content type of the message represented by plaintext.</param>
/// <param name="recordVersion"><see cref="ProtocolVersion"/> used for the record.</param>
/// <param name="headerAllocation">extra bytes to allocate at start of returned byte array.</param>
/// <param name="plaintext">array holding input plaintext to the cipher.</param>
/// <param name="offset">offset into input array the plaintext starts at.</param>
/// <param name="len">length of the plaintext in the array.</param>
/// <returns>A <see cref="TlsEncodeResult"/> containing the result of encoding (after 'headerAllocation' unused
/// bytes).</returns>
/// <exception cref="IOException"/>
TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext);
#endif
/// <summary>Decode the passed in ciphertext using the current bulk cipher.</summary>
/// <param name="seqNo">sequence number of the message represented by ciphertext.</param>
/// <param name="recordType">content type used in the record for this message.</param>
/// <param name="recordVersion"><see cref="ProtocolVersion"/> used for the record.</param>
/// <param name="ciphertext">array holding input ciphertext to the cipher.</param>
/// <param name="offset">offset into input array the ciphertext starts at.</param>
/// <param name="len">length of the ciphertext in the array.</param>
/// <returns>A <see cref="TlsDecodeResult"/> containing the result of decoding.</returns>
/// <exception cref="IOException"/>
TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len);
/// <exception cref="IOException"/>
void RekeyDecoder();
/// <exception cref="IOException"/>
void RekeyEncoder();
bool UsesOpaqueRecordType { get; }
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 0b77c7e74f9f80944804026db5cfa431
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,213 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Security;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Service and object creation interface for the primitive types and services that are associated with
/// cryptography in the API.</summary>
public interface TlsCrypto
{
/// <summary>Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.
/// </summary>
/// <remarks>This method is only relevant to handshakes negotiating (D)TLS 1.2.</remarks>
/// <param name="signatureAndHashAlgorithms">A <see cref="IList{T}">list</see> of
/// <see cref="SignatureAndHashAlgorithm"/> values.</param>
/// <returns>true if this instance would use a stream verifier for any of the passed in algorithms, otherwise
/// false.</returns>
bool HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm> signatureAndHashAlgorithms);
/// <summary>Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.
/// </summary>
/// <remarks>This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.</remarks>
/// <param name="clientCertificateTypes">An array of <see cref="ClientCertificateType"/> values.</param>
/// <returns>true if this instance would use a stream verifier for any of the passed in algorithms, otherwise
/// false.</returns>
bool HasAnyStreamVerifiersLegacy(short[] clientCertificateTypes);
/// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary>
/// <param name="cryptoHashAlgorithm">the algorithm of interest.</param>
/// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns>
bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
/// combination with EVERY hash algorithm).</summary>
/// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param>
/// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns>
bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
/// <summary>Return true if this TlsCrypto can support DH key agreement.</summary>
/// <returns>true if this instance can support DH key agreement, false otherwise.</returns>
bool HasDHAgreement();
/// <summary>Return true if this TlsCrypto can support ECDH key agreement.</summary>
/// <returns>true if this instance can support ECDH key agreement, false otherwise.</returns>
bool HasECDHAgreement();
/// <summary>Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
/// </summary>
/// <param name="encryptionAlgorithm">the algorithm of interest.</param>
/// <returns>true if encryptionAlgorithm is supported, false otherwise.</returns>
bool HasEncryptionAlgorithm(int encryptionAlgorithm);
/// <summary>Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.</summary>
/// <param name="cryptoHashAlgorithm">the algorithm of interest.</param>
/// <returns>true if HKDF is supported with cryptoHashAlgorithm, false otherwise.</returns>
bool HasHkdfAlgorithm(int cryptoHashAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in MAC algorithm.</summary>
/// <param name="macAlgorithm">the algorithm of interest.</param>
/// <returns>true if macAlgorithm is supported, false otherwise.</returns>
bool HasMacAlgorithm(int macAlgorithm);
/// <summary>Return true if this TlsCrypto supports the passed in <see cref="NamedGroup">named group</see>
/// value.</summary>
/// <returns>true if this instance supports the passed in <see cref="NamedGroup">named group</see> value.
/// </returns>
bool HasNamedGroup(int namedGroup);
/// <summary>Return true if this TlsCrypto can support RSA encryption/decryption.</summary>
/// <returns>true if this instance can support RSA encryption/decryption, false otherwise.</returns>
bool HasRsaEncryption();
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
/// combination with EVERY hash algorithm).</summary>
/// <returns>true if signatureAlgorithm is supported, false otherwise.</returns>
bool HasSignatureAlgorithm(short signatureAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm.</summary>
/// <param name="sigAndHashAlgorithm">the algorithm of interest.</param>
/// <returns>true if sigAndHashAlgorithm is supported, false otherwise.</returns>
bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature scheme.</summary>
/// <param name="signatureScheme">the scheme of interest.</param>
/// <returns>true if signatureScheme is supported, false otherwise.</returns>
bool HasSignatureScheme(int signatureScheme);
/// <summary>Return true if this TlsCrypto can support SRP authentication.</summary>
/// <returns>true if this instance can support SRP authentication, false otherwise.</returns>
bool HasSrpAuthentication();
/// <summary>Create a TlsSecret object based on provided data.</summary>
/// <param name="data">the data to base the TlsSecret on.</param>
/// <returns>a TlsSecret based on the provided data.</returns>
TlsSecret CreateSecret(byte[] data);
/// <summary>Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret</summary>
/// <param name="clientVersion">the client version to place in the first 2 bytes</param>
/// <returns>a TlsSecret containing the PreMasterSecret.</returns>
TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion clientVersion);
/// <summary>Return the primary (safest) SecureRandom for this crypto.</summary>
/// <returns>a SecureRandom suitable for key generation.</returns>
SecureRandom SecureRandom { get; }
/// <summary>Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.</summary>
/// <param name="encoding">DER/BER encoding of the certificate of interest.</param>
/// <returns>a TlsCertificate.</returns>
/// <exception cref="IOException">if there is an issue on decoding or constructing the certificate.</exception>
TlsCertificate CreateCertificate(byte[] encoding);
/// <summary>Create a TlsCertificate from an ASN.1 binary encoding of a certificate.</summary>
/// <param name="type">Certificate type as per IANA TLS Certificate Types registry.</param>
/// <param name="encoding">DER/BER encoding of the certificate of interest.</param>
/// <returns>a TlsCertificate.</returns>
/// <exception cref="IOException">if there is an issue on decoding or constructing the certificate.</exception>
TlsCertificate CreateCertificate(short type, byte[] encoding);
/// <summary>Create a cipher for the specified encryption and MAC algorithms.</summary>
/// <remarks>
/// See enumeration classes <see cref="EncryptionAlgorithm"/>, <see cref="MacAlgorithm"/> for appropriate
/// argument values.
/// </remarks>
/// <param name="cryptoParams">context specific parameters.</param>
/// <param name="encryptionAlgorithm">the encryption algorithm to be employed by the cipher.</param>
/// <param name="macAlgorithm">the MAC algorithm to be employed by the cipher.</param>
/// <returns>a <see cref="TlsCipher"/> implementing the encryption and MAC algorithms.</returns>
/// <exception cref="IOException"/>
TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm);
/// <summary>Create a domain object supporting the domain parameters described in dhConfig.</summary>
/// <param name="dhConfig">the config describing the DH parameters to use.</param>
/// <returns>a TlsDHDomain supporting the parameters in dhConfig.</returns>
TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig);
/// <summary>Create a domain object supporting the domain parameters described in ecConfig.</summary>
/// <param name="ecConfig">the config describing the EC parameters to use.</param>
/// <returns>a TlsECDomain supporting the parameters in ecConfig.</returns>
TlsECDomain CreateECDomain(TlsECConfig ecConfig);
/// <summary>Adopt the passed in secret, creating a new copy of it.</summary>
/// <param name="secret">the secret to make a copy of.</param>
/// <returns>a TlsSecret based on the original secret.</returns>
TlsSecret AdoptSecret(TlsSecret secret);
/// <summary>Create a suitable hash for the hash algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="CryptoHashAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm the hash needs to implement.</param>
/// <returns>a <see cref="TlsHash"/>.</returns>
TlsHash CreateHash(int cryptoHashAlgorithm);
/// <summary>Create a suitable HMAC for the MAC algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="MacAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="macAlgorithm">the MAC algorithm the HMAC needs to match.</param>
/// <returns>a <see cref="TlsHmac"/>.</returns>
TlsHmac CreateHmac(int macAlgorithm);
/// <summary>Create a suitable HMAC using the hash algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="CryptoHashAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm the HMAC should use.</param>
/// <returns>a <see cref="TlsHmac"/>.</returns>
TlsHmac CreateHmacForHash(int cryptoHashAlgorithm);
/// <summary>Create a nonce generator.</summary>
/// <remarks>
/// Each call should construct a new generator, and the generator should be returned from this call only after
/// automatically seeding from this <see cref="TlsCrypto"/>'s entropy source, and from the provided additional
/// seed material. The output of each returned generator must be completely independent of the others.
/// </remarks>
/// <param name="additionalSeedMaterial">context-specific seed material</param>
/// <returns>a <see cref="TlsNonceGenerator"/>.</returns>
TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
TlsNonceGenerator CreateNonceGenerator(ReadOnlySpan<byte> additionalSeedMaterial);
#endif
/// <summary>Create an SRP-6 client.</summary>
/// <param name="srpConfig">client config.</param>
/// <returns>an initialised SRP6 client object.</returns>
TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig);
/// <summary>Create an SRP-6 server.</summary>
/// <param name="srpConfig">server config.</param>
/// <param name="srpVerifier">the SRP6 verifier value.</param>
/// <returns>an initialised SRP6 server object.</returns>
TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier);
/// <summary>Create an SRP-6 verifier generator.</summary>
/// <param name="srpConfig">generator config.</param>
/// <returns>an initialized SRP6 verifier generator.</returns>
TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig);
/// <summary>Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen
/// zeroes.</summary>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
TlsSecret HkdfInit(int cryptoHashAlgorithm);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: bc2f369987b63394e9ca2b8c392d3305
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,35 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Runtime.Serialization;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Basic exception class for crypto services to pass back a cause.</summary>
[Serializable]
public class TlsCryptoException
: TlsException
{
public TlsCryptoException()
: base()
{
}
public TlsCryptoException(string message)
: base(message)
{
}
public TlsCryptoException(string message, Exception innerException)
: base(message, innerException)
{
}
protected TlsCryptoException(SerializationInfo info, StreamingContext context)
: base(info, context)
{
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 32c1bc5a5e541124cb019e44d6feab9f
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,53 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
// TODO[tls-port] Would rather this be sealed
/// <summary>Carrier class for context-related parameters needed for creating secrets and ciphers.</summary>
public class TlsCryptoParameters
{
private readonly TlsContext m_context;
/// <summary>Base constructor.</summary>
/// <param name="context">the context for this parameters object.</param>
public TlsCryptoParameters(TlsContext context)
{
this.m_context = context;
}
public SecurityParameters SecurityParameters
{
get { return m_context.SecurityParameters; }
}
public ProtocolVersion ClientVersion
{
get { return m_context.ClientVersion; }
}
public ProtocolVersion RsaPreMasterSecretVersion
{
get { return m_context.RsaPreMasterSecretVersion; }
}
// TODO[tls-port] Would rather this be non-virtual
public virtual ProtocolVersion ServerVersion
{
get { return m_context.ServerVersion; }
}
public bool IsServer
{
get { return m_context.IsServer; }
}
public TlsNonceGenerator NonceGenerator
{
get { return m_context.NonceGenerator; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 5552d77408907594282bf61c6c6b311b
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,278 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public abstract class TlsCryptoUtilities
{
// "tls13 "
private static readonly byte[] Tls13Prefix = new byte[] { 0x74, 0x6c, 0x73, 0x31, 0x33, 0x20 };
public static int GetHash(short hashAlgorithm)
{
switch (hashAlgorithm)
{
case HashAlgorithm.md5:
return CryptoHashAlgorithm.md5;
case HashAlgorithm.sha1:
return CryptoHashAlgorithm.sha1;
case HashAlgorithm.sha224:
return CryptoHashAlgorithm.sha224;
case HashAlgorithm.sha256:
return CryptoHashAlgorithm.sha256;
case HashAlgorithm.sha384:
return CryptoHashAlgorithm.sha384;
case HashAlgorithm.sha512:
return CryptoHashAlgorithm.sha512;
default:
throw new ArgumentException("specified HashAlgorithm invalid: " + HashAlgorithm.GetText(hashAlgorithm));
}
}
public static int GetHashForHmac(int macAlgorithm)
{
switch (macAlgorithm)
{
case MacAlgorithm.hmac_md5:
return CryptoHashAlgorithm.md5;
case MacAlgorithm.hmac_sha1:
return CryptoHashAlgorithm.sha1;
case MacAlgorithm.hmac_sha256:
return CryptoHashAlgorithm.sha256;
case MacAlgorithm.hmac_sha384:
return CryptoHashAlgorithm.sha384;
case MacAlgorithm.hmac_sha512:
return CryptoHashAlgorithm.sha512;
default:
throw new ArgumentException("specified MacAlgorithm not an HMAC: " + MacAlgorithm.GetText(macAlgorithm));
}
}
public static int GetHashForPrf(int prfAlgorithm)
{
switch (prfAlgorithm)
{
case PrfAlgorithm.ssl_prf_legacy:
case PrfAlgorithm.tls_prf_legacy:
throw new ArgumentException("legacy PRF not a valid algorithm");
case PrfAlgorithm.tls_prf_sha256:
case PrfAlgorithm.tls13_hkdf_sha256:
return CryptoHashAlgorithm.sha256;
case PrfAlgorithm.tls_prf_sha384:
case PrfAlgorithm.tls13_hkdf_sha384:
return CryptoHashAlgorithm.sha384;
case PrfAlgorithm.tls13_hkdf_sm3:
return CryptoHashAlgorithm.sm3;
default:
throw new ArgumentException("unknown PrfAlgorithm: " + PrfAlgorithm.GetText(prfAlgorithm));
}
}
public static int GetHashInternalSize(int cryptoHashAlgorithm)
{
switch (cryptoHashAlgorithm)
{
case CryptoHashAlgorithm.md5:
case CryptoHashAlgorithm.sha1:
case CryptoHashAlgorithm.sha224:
case CryptoHashAlgorithm.sha256:
case CryptoHashAlgorithm.sm3:
return 64;
case CryptoHashAlgorithm.sha384:
case CryptoHashAlgorithm.sha512:
return 128;
default:
throw new ArgumentException();
}
}
public static int GetHashOutputSize(int cryptoHashAlgorithm)
{
switch (cryptoHashAlgorithm)
{
case CryptoHashAlgorithm.md5:
return 16;
case CryptoHashAlgorithm.sha1:
return 20;
case CryptoHashAlgorithm.sha224:
return 28;
case CryptoHashAlgorithm.sha256:
case CryptoHashAlgorithm.sm3:
return 32;
case CryptoHashAlgorithm.sha384:
return 48;
case CryptoHashAlgorithm.sha512:
return 64;
default:
throw new ArgumentException();
}
}
public static DerObjectIdentifier GetOidForHash(int cryptoHashAlgorithm)
{
switch (cryptoHashAlgorithm)
{
case CryptoHashAlgorithm.md5:
return PkcsObjectIdentifiers.MD5;
case CryptoHashAlgorithm.sha1:
return X509ObjectIdentifiers.IdSha1;
case CryptoHashAlgorithm.sha224:
return NistObjectIdentifiers.IdSha224;
case CryptoHashAlgorithm.sha256:
return NistObjectIdentifiers.IdSha256;
case CryptoHashAlgorithm.sha384:
return NistObjectIdentifiers.IdSha384;
case CryptoHashAlgorithm.sha512:
return NistObjectIdentifiers.IdSha512;
// TODO[RFC 8998]
//case CryptoHashAlgorithm.sm3:
// return GMObjectIdentifiers.sm3;
default:
throw new ArgumentException();
}
}
public static int GetSignature(short signatureAlgorithm)
{
switch (signatureAlgorithm)
{
case SignatureAlgorithm.rsa:
return CryptoSignatureAlgorithm.rsa;
case SignatureAlgorithm.dsa:
return CryptoSignatureAlgorithm.dsa;
case SignatureAlgorithm.ecdsa:
return CryptoSignatureAlgorithm.ecdsa;
case SignatureAlgorithm.rsa_pss_rsae_sha256:
return CryptoSignatureAlgorithm.rsa_pss_rsae_sha256;
case SignatureAlgorithm.rsa_pss_rsae_sha384:
return CryptoSignatureAlgorithm.rsa_pss_rsae_sha384;
case SignatureAlgorithm.rsa_pss_rsae_sha512:
return CryptoSignatureAlgorithm.rsa_pss_rsae_sha512;
case SignatureAlgorithm.ed25519:
return CryptoSignatureAlgorithm.ed25519;
case SignatureAlgorithm.ed448:
return CryptoSignatureAlgorithm.ed448;
case SignatureAlgorithm.rsa_pss_pss_sha256:
return CryptoSignatureAlgorithm.rsa_pss_pss_sha256;
case SignatureAlgorithm.rsa_pss_pss_sha384:
return CryptoSignatureAlgorithm.rsa_pss_pss_sha384;
case SignatureAlgorithm.rsa_pss_pss_sha512:
return CryptoSignatureAlgorithm.rsa_pss_pss_sha512;
case SignatureAlgorithm.ecdsa_brainpoolP256r1tls13_sha256:
return CryptoSignatureAlgorithm.ecdsa_brainpoolP256r1tls13_sha256;
case SignatureAlgorithm.ecdsa_brainpoolP384r1tls13_sha384:
return CryptoSignatureAlgorithm.ecdsa_brainpoolP384r1tls13_sha384;
case SignatureAlgorithm.ecdsa_brainpoolP512r1tls13_sha512:
return CryptoSignatureAlgorithm.ecdsa_brainpoolP512r1tls13_sha512;
case SignatureAlgorithm.gostr34102012_256:
return CryptoSignatureAlgorithm.gostr34102012_256;
case SignatureAlgorithm.gostr34102012_512:
return CryptoSignatureAlgorithm.gostr34102012_512;
default:
throw new ArgumentException("specified SignatureAlgorithm invalid: "
+ SignatureAlgorithm.GetText(signatureAlgorithm));
}
}
/// <exception cref="IOException"/>
public static TlsSecret HkdfExpandLabel(TlsSecret secret, int cryptoHashAlgorithm, string label,
byte[] context, int length)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
return HkdfExpandLabel(secret, cryptoHashAlgorithm, label.AsSpan(), context.AsSpan(), length);
#else
int labelLength = label.Length;
if (labelLength < 1)
throw new TlsFatalAlert(AlertDescription.internal_error);
int contextLength = context.Length;
int expandedLabelLength = Tls13Prefix.Length + labelLength;
byte[] hkdfLabel = new byte[2 + (1 + expandedLabelLength) + (1 + contextLength)];
// uint16 length
{
TlsUtilities.CheckUint16(length);
TlsUtilities.WriteUint16(length, hkdfLabel, 0);
}
// opaque label<7..255>
{
TlsUtilities.CheckUint8(expandedLabelLength);
TlsUtilities.WriteUint8(expandedLabelLength, hkdfLabel, 2);
Array.Copy(Tls13Prefix, 0, hkdfLabel, 2 + 1, Tls13Prefix.Length);
int labelPos = 2 + (1 + Tls13Prefix.Length);
for (int i = 0; i < labelLength; ++i)
{
char c = label[i];
hkdfLabel[labelPos + i] = (byte)c;
}
}
// context
{
TlsUtilities.WriteOpaque8(context, hkdfLabel, 2 + (1 + expandedLabelLength));
}
return secret.HkdfExpand(cryptoHashAlgorithm, hkdfLabel, length);
#endif
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
/// <exception cref="IOException"/>
public static TlsSecret HkdfExpandLabel(TlsSecret secret, int cryptoHashAlgorithm, ReadOnlySpan<char> label,
ReadOnlySpan<byte> context, int length)
{
int labelLength = label.Length;
if (labelLength < 1)
throw new TlsFatalAlert(AlertDescription.internal_error);
int contextLength = context.Length;
int expandedLabelLength = Tls13Prefix.Length + labelLength;
int hkdfLabelLength = 2 + (1 + expandedLabelLength) + (1 + contextLength);
Span<byte> hkdfLabel = hkdfLabelLength <= 512
? stackalloc byte[hkdfLabelLength]
: new byte[hkdfLabelLength];
// uint16 length
{
TlsUtilities.CheckUint16(length);
TlsUtilities.WriteUint16(length, hkdfLabel);
}
// opaque label<7..255>
{
TlsUtilities.CheckUint8(expandedLabelLength);
TlsUtilities.WriteUint8(expandedLabelLength, hkdfLabel[2..]);
Tls13Prefix.CopyTo(hkdfLabel[3..]);
int labelPos = 2 + (1 + Tls13Prefix.Length);
for (int i = 0; i < labelLength; ++i)
{
hkdfLabel[labelPos + i] = (byte)label[i];
}
}
// context
{
TlsUtilities.WriteOpaque8(context, hkdfLabel.Slice(2 + (1 + expandedLabelLength)));
}
return secret.HkdfExpand(cryptoHashAlgorithm, hkdfLabel, length);
}
#endif
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 5a4c8bc3b91696042aa554bc9fdd7ad9
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,45 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Basic config for Diffie-Hellman.</summary>
public class TlsDHConfig
{
protected readonly DHGroup m_explicitGroup;
protected readonly int m_namedGroup;
protected readonly bool m_padded;
public TlsDHConfig(DHGroup explicitGroup)
{
this.m_explicitGroup = explicitGroup;
this.m_namedGroup = -1;
this.m_padded = false;
}
public TlsDHConfig(int namedGroup, bool padded)
{
this.m_explicitGroup = null;
this.m_namedGroup = namedGroup;
this.m_padded = padded;
}
public virtual DHGroup ExplicitGroup
{
get { return m_explicitGroup; }
}
public virtual int NamedGroup
{
get { return m_namedGroup; }
}
public virtual bool IsPadded
{
get { return m_padded; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 748773f6e1dff094cb0f790cd14e3555
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,16 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Domain interface to service factory for creating Diffie-Hellman operators.</summary>
public interface TlsDHDomain
{
/// <summary>Return an agreement operator suitable for ephemeral Diffie-Hellman.</summary>
/// <returns>a key agreement operator.</returns>
TlsAgreement CreateDH();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: fa1eab0ee5788854da1284cc99dc5804
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,35 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public sealed class TlsDecodeResult
{
public readonly byte[] buf;
public readonly int off, len;
public readonly short contentType;
public readonly bool fromBufferPool;
public TlsDecodeResult(byte[] buf, int off, int len, short contentType)
{
this.buf = buf;
this.off = off;
this.len = len;
this.contentType = contentType;
this.fromBufferPool = false;
}
public TlsDecodeResult(byte[] buf, int off, int len, short contentType, bool fromPool)
{
this.buf = buf;
this.off = off;
this.len = len;
this.contentType = contentType;
this.fromBufferPool = fromPool;
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: b924eab0ba3728a42be192b3a9b1a3cd
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,26 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Carrier class for Elliptic Curve parameter configuration.</summary>
public class TlsECConfig
{
protected readonly int m_namedGroup;
public TlsECConfig(int namedGroup)
{
this.m_namedGroup = namedGroup;
}
/// <summary>Return the group used.</summary>
/// <returns>the <see cref="NamedGroup">named group</see> used.</returns>
public virtual int NamedGroup
{
get { return m_namedGroup; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 1ade4e9b429294542967a145103922c4
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,16 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Domain interface to service factory for creating Elliptic-Curve (EC) based operators.</summary>
public interface TlsECDomain
{
/// <summary>Return an agreement operator suitable for ephemeral EC Diffie-Hellman.</summary>
/// <returns>a key agreement operator.</returns>
TlsAgreement CreateECDH();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 10e062c0536b4c44d9448289ee7590ae
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,34 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public readonly struct TlsEncodeResult
{
public readonly byte[] buf;
public readonly int off, len;
public readonly short recordType;
public readonly bool fromBufferPool;
public TlsEncodeResult(byte[] buf, int off, int len, short recordType)
{
this.buf = buf;
this.off = off;
this.len = len;
this.recordType = recordType;
this.fromBufferPool = false;
}
public TlsEncodeResult(byte[] buf, int off, int len, short recordType, bool fromPool)
{
this.buf = buf;
this.off = off;
this.len = len;
this.recordType = recordType;
this.fromBufferPool = fromPool;
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 5cfbddb26f474c741983d651383cd999
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,21 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for an encryptor.</summary>
public interface TlsEncryptor
{
/// <summary>Encrypt data from the passed in input array.</summary>
/// <param name="input">byte array containing the input data.</param>
/// <param name="inOff">offset into input where the data starts.</param>
/// <param name="length">the length of the data to encrypt.</param>
/// <returns>the encrypted data.</returns>
/// <exception cref="IOException"/>
byte[] Encrypt(byte[] input, int inOff, int length);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: e69e056457e8f0648ba3ecc52a488126
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,33 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface for message digest, or hash, services.</summary>
public interface TlsHash
{
/// <summary>Update the hash with the passed in input.</summary>
/// <param name="input">input array containing the data.</param>
/// <param name="inOff">offset into the input array the input starts at.</param>
/// <param name="length">the length of the input data.</param>
void Update(byte[] input, int inOff, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void Update(ReadOnlySpan<byte> input);
#endif
/// <summary>Return calculated hash for any input passed in.</summary>
/// <returns>the hash value.</returns>
byte[] CalculateHash();
/// <summary>Return a clone of this hash object representing its current state.</summary>
/// <returns>a clone of the current hash.</returns>
TlsHash CloneHash();
/// <summary>Reset the hash underlying this service.</summary>
void Reset();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 387cc504bb8ab384fab899dea727bf18
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,51 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public class TlsHashSink
: BaseOutputStream
{
private readonly TlsHash m_hash;
public TlsHashSink(TlsHash hash)
{
this.m_hash = hash;
}
public virtual TlsHash Hash
{
get { return m_hash; }
}
public override void Write(byte[] buffer, int offset, int count)
{
Streams.ValidateBufferArguments(buffer, offset, count);
if (count > 0)
{
m_hash.Update(buffer, offset, count);
}
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public override void Write(ReadOnlySpan<byte> buffer)
{
if (!buffer.IsEmpty)
{
m_hash.Update(buffer);
}
}
#endif
public override void WriteByte(byte value)
{
m_hash.Update(new byte[]{ value }, 0, 1);
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 463860056c41f4346b6be85b9accb68e
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,17 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface for MAC services based on HMAC.</summary>
public interface TlsHmac
: TlsMac
{
/// <summary>Return the internal block size for the message digest underlying this HMAC service.</summary>
/// <returns>the internal block size for the digest (in bytes).</returns>
int InternalBlockSize { get; }
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 4b362f49fe3ef084cb107a1e44e043e0
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,48 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface for MAC services.</summary>
public interface TlsMac
{
/// <summary>Set the key to be used by the MAC implementation supporting this service.</summary>
/// <param name="key">array holding the MAC key.</param>
/// <param name="keyOff">offset into the array the key starts at.</param>
/// <param name="keyLen">length of the key in the array.</param>
void SetKey(byte[] key, int keyOff, int keyLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void SetKey(ReadOnlySpan<byte> key);
#endif
/// <summary>Update the MAC with the passed in input.</summary>
/// <param name="input">input array containing the data.</param>
/// <param name="inOff">offset into the input array the input starts at.</param>
/// <param name="length">the length of the input data.</param>
void Update(byte[] input, int inOff, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void Update(ReadOnlySpan<byte> input);
#endif
/// <summary>Return calculated MAC for any input passed in.</summary>
/// <returns>the MAC value.</returns>
byte[] CalculateMac();
/// <summary>Write the calculated MAC to an output buffer.</summary>
/// <param name="output">output array to write the MAC to.</param>
/// <param name="outOff">offset into the output array to write the MAC to.</param>
void CalculateMac(byte[] output, int outOff);
/// <summary>Return the length of the MAC generated by this service.</summary>
/// <returns>the MAC length.</returns>
int MacLength { get; }
/// <summary>Reset the MAC underlying this service.</summary>
void Reset();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 81261daf0b292bb43ade1651aa7ed471
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,51 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public class TlsMacSink
: BaseOutputStream
{
private readonly TlsMac m_mac;
public TlsMacSink(TlsMac mac)
{
this.m_mac = mac;
}
public virtual TlsMac Mac
{
get { return m_mac; }
}
public override void Write(byte[] buffer, int offset, int count)
{
Streams.ValidateBufferArguments(buffer, offset, count);
if (count > 0)
{
m_mac.Update(buffer, offset, count);
}
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public override void Write(ReadOnlySpan<byte> buffer)
{
if (!buffer.IsEmpty)
{
m_mac.Update(buffer);
}
}
#endif
public override void WriteByte(byte value)
{
m_mac.Update(new byte[]{ value }, 0, 1);
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 9a296a68917660a4c8926c6c82e6ec25
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,16 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public interface TlsNonceGenerator
{
/// <summary>Generate a nonce byte[] string.</summary>
/// <param name="size">the length, in bytes, of the nonce to generate.</param>
/// <returns>the nonce value.</returns>
byte[] GenerateNonce(int size);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 717feeb79537785489328fadeb2e5424
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,69 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>The cipher for TLS_NULL_WITH_NULL_NULL.</summary>
public sealed class TlsNullNullCipher
: TlsCipher
{
public static readonly TlsNullNullCipher Instance = new TlsNullNullCipher();
public int GetCiphertextDecodeLimit(int plaintextLimit)
{
return plaintextLimit;
}
public int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
return plaintextLength;
}
public int GetPlaintextLimit(int ciphertextLimit)
{
return ciphertextLimit;
}
public TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len)
{
byte[] result = new byte[headerAllocation + len];
Array.Copy(plaintext, offset, result, headerAllocation, len);
return new TlsEncodeResult(result, 0, result.Length, contentType);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
byte[] result = new byte[headerAllocation + plaintext.Length];
plaintext.CopyTo(result.AsSpan(headerAllocation));
return new TlsEncodeResult(result, 0, result.Length, contentType);
}
#endif
public TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len)
{
return new TlsDecodeResult(ciphertext, offset, len, recordType);
}
public void RekeyDecoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public void RekeyEncoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public bool UsesOpaqueRecordType
{
get { return false; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 7ccd0e8d7f3664448b160e2c75a447ca
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,86 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.
/// </summary>
public interface TlsSecret
{
/// <summary>Calculate an HMAC with this secret's data as the key.</summary>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
/// <param name="buf">array containing the input data.</param>
/// <param name="off">offset into the input array the input starts at.</param>
/// <param name="len">the length of the input data.</param>
byte[] CalculateHmac(int cryptoHashAlgorithm, byte[] buf, int off, int len);
/// <summary>Return a new secret based on applying a PRF to this one.</summary>
/// <param name="prfAlgorithm">PRF algorithm to use.</param>
/// <param name="label">the label details.</param>
/// <param name="seed">the seed details.</param>
/// <param name="length">the size (in bytes) of the secret to generate.</param>
/// <returns>the new secret.</returns>
TlsSecret DeriveUsingPrf(int prfAlgorithm, string label, byte[] seed, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
TlsSecret DeriveUsingPrf(int prfAlgorithm, ReadOnlySpan<char> label, ReadOnlySpan<byte> seed, int length);
#endif
/// <summary>Destroy the internal state of the secret.</summary>
/// <remarks>
/// After this call, any attempt to use the <see cref="TlsSecret"/> will result in an
/// <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
void Destroy();
/// <summary>Return an encrypted copy of the data this secret is based on.</summary>
/// <param name="encryptor">the encryptor to use for protecting the internal data.</param>
/// <returns>an encrypted copy of this secret's internal data.</returns>
/// <exception cref="IOException"/>
byte[] Encrypt(TlsEncryptor encryptor);
/// <summary>Return the internal data from this secret.</summary>
/// <remarks>
/// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use the
/// <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
/// <returns>the secret's internal data.</returns>
byte[] Extract();
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void ExtractTo(Span<byte> output);
#endif
/// <summary>RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').</summary>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
/// <param name="info">optional context and application specific information (can be zero-length).</param>
/// <param name="length">length of output keying material in octets.</param>
/// <returns> output keying material (of 'length' octets).</returns>
TlsSecret HkdfExpand(int cryptoHashAlgorithm, byte[] info, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
TlsSecret HkdfExpand(int cryptoHashAlgorithm, ReadOnlySpan<byte> info, int length);
#endif
/// <summary>RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.</summary>
/// <remarks>
/// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use
/// the <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
/// <param name="ikm">input keying material.</param>
/// <returns>a pseudo-random key (of HashLen octets).</returns>
TlsSecret HkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm);
bool IsAlive();
int Length { get; }
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 6f16cce2acdd6e548bffafcfe575bf55
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,23 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for a TLS signer that works on raw message digests.</summary>
public interface TlsSigner
{
/// <summary>Generate an encoded signature based on the passed in hash.</summary>
/// <param name="algorithm">the signature algorithm to use.</param>
/// <param name="hash">the hash calculated for the signature.</param>
/// <returns>an encoded signature.</returns>
/// <exception cref="IOException">in case of an exception processing the hash.</exception>
byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash);
/// <exception cref="IOException"/>
TlsStreamSigner GetStreamSigner(SignatureAndHashAlgorithm algorithm);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: c609c0931be8d5e4b84e415f8ed9ca31
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,28 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Basic interface for an SRP-6 client implementation.</summary>
public interface TlsSrp6Client
{
/// <summary>Generates the secret S given the server's credentials</summary>
/// <param name="serverB">The server's credentials</param>
/// <returns>Client's verification message for the server</returns>
/// <exception cref="IOException">If server's credentials are invalid</exception>
BigInteger CalculateSecret(BigInteger serverB);
/// <summary>Generates client's credentials given the client's salt, identity and password</summary>
/// <param name="salt">The salt used in the client's verifier.</param>
/// <param name="identity">The user's identity (eg. username)</param>
/// <param name="password">The user's password</param>
/// <returns>Client's public value to send to server</returns>
BigInteger GenerateClientCredentials(byte[] salt, byte[] identity, byte[] password);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 41a27b95c3714ac4ca31e0197be1bf90
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,26 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Basic interface for an SRP-6 server implementation.</summary>
public interface TlsSrp6Server
{
/// <summary>Generates the server's credentials that are to be sent to the client.</summary>
/// <returns>The server's public value to the client</returns>
BigInteger GenerateServerCredentials();
/// <summary>Processes the client's credentials. If valid the shared secret is generated and returned.
/// </summary>
/// <param name="clientA">The client's credentials.</param>
/// <returns>A shared secret <see cref="BigInteger"/>.</returns>
/// <exception cref="IOException">If client's credentials are invalid.</exception>
BigInteger CalculateSecret(BigInteger clientA);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: a798c5ab8db5b5d4d9e09bba2238c81f
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,21 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for a generator for SRP-6 verifiers.</summary>
public interface TlsSrp6VerifierGenerator
{
/// <summary>Creates a new SRP-6 verifier value.</summary>
/// <param name="salt">The salt to use, generally should be large and random</param>
/// <param name="identity">The user's identifying information (eg. username)</param>
/// <param name="password">The user's password</param>
/// <returns>A new verifier for use in future SRP authentication</returns>
BigInteger GenerateVerifier(byte[] salt, byte[] identity, byte[] password);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: c6067341625c3494aabbf45ded1554ee
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,30 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Basic config for SRP.</summary>
public class TlsSrpConfig
{
protected BigInteger[] m_explicitNG;
/// <summary>Return the (N, g) values used in SRP-6.</summary>
/// <returns>(N, g) as a BigInteger array (N=[0], g=[1]).</returns>
public BigInteger[] GetExplicitNG()
{
return (BigInteger[])m_explicitNG.Clone();
}
/// <summary>Set the (N, g) values used for SRP-6.</summary>
/// <param name="explicitNG">(N, g) as a BigInteger array (N=[0], g=[1]).</param>
public void SetExplicitNG(BigInteger[] explicitNG)
{
this.m_explicitNG = (BigInteger[])explicitNG.Clone();
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: f652b9b598c392b4180b81525345bd82
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,18 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public interface TlsStreamSigner
{
/// <exception cref="IOException"/>
Stream Stream { get; }
/// <exception cref="IOException"/>
byte[] GetSignature();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 03ab1650caa08b34eb0ae69200df4a4a
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,18 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
public interface TlsStreamVerifier
{
/// <exception cref="IOException"/>
Stream Stream { get; }
/// <exception cref="IOException"/>
bool IsVerified();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 1ec649f72a473a64f889da81b4b108f4
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,24 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto
{
/// <summary>Base interface for a TLS verifier that works with signatures and either raw message digests, or entire
/// messages.</summary>
public interface TlsVerifier
{
/// <exception cref="IOException"/>
TlsStreamVerifier GetStreamVerifier(DigitallySigned digitallySigned);
/// <summary>Return true if the passed in signature and hash represent a real signature.</summary>
/// <param name="digitallySigned">the signature object containing the signature to be verified.</param>
/// <param name="hash">the hash calculated for the signature.</param>
/// <returns>true if signature verifies, false otherwise.</returns>
/// <exception cref="IOException">in case of an exception verifying signature.</exception>
bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: ec72a295b17351e48a3bf0680e05a613
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,8 @@
fileFormatVersion: 2
guid: f838c3e33cb9a32408bf9e4d4d4a4955
folderAsset: yes
DefaultImporter:
externalObjects: {}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,101 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Security;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Base class for a TlsCrypto implementation that provides some needed methods from elsewhere in the impl
/// package.</summary>
public abstract class AbstractTlsCrypto
: TlsCrypto
{
public abstract bool HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm> signatureAndHashAlgorithms);
public abstract bool HasAnyStreamVerifiersLegacy(short[] clientCertificateTypes);
public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
public abstract bool HasDHAgreement();
public abstract bool HasECDHAgreement();
public abstract bool HasEncryptionAlgorithm(int encryptionAlgorithm);
public abstract bool HasHkdfAlgorithm(int cryptoHashAlgorithm);
public abstract bool HasMacAlgorithm(int macAlgorithm);
public abstract bool HasNamedGroup(int namedGroup);
public abstract bool HasRsaEncryption();
public abstract bool HasSignatureAlgorithm(short signatureAlgorithm);
public abstract bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm);
public abstract bool HasSignatureScheme(int signatureScheme);
public abstract bool HasSrpAuthentication();
public abstract TlsSecret CreateSecret(byte[] data);
public abstract TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion clientVersion);
public abstract SecureRandom SecureRandom { get; }
public virtual TlsCertificate CreateCertificate(byte[] encoding)
{
return CreateCertificate(CertificateType.X509, encoding);
}
public abstract TlsCertificate CreateCertificate(short type, byte[] encoding);
public abstract TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm);
public abstract TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig);
public abstract TlsECDomain CreateECDomain(TlsECConfig ecConfig);
public virtual TlsSecret AdoptSecret(TlsSecret secret)
{
// TODO[tls] Need an alternative that doesn't require AbstractTlsSecret (which holds literal data)
if (secret is AbstractTlsSecret)
{
AbstractTlsSecret sec = (AbstractTlsSecret)secret;
return CreateSecret(sec.CopyData());
}
throw new ArgumentException("unrecognized TlsSecret - cannot copy data: " + Org.BouncyCastle.Utilities.Platform.GetTypeName(secret));
}
public abstract TlsHash CreateHash(int cryptoHashAlgorithm);
public abstract TlsHmac CreateHmac(int macAlgorithm);
public abstract TlsHmac CreateHmacForHash(int cryptoHashAlgorithm);
public abstract TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public abstract TlsNonceGenerator CreateNonceGenerator(ReadOnlySpan<byte> additionalSeedMaterial);
#endif
public abstract TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig);
public abstract TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier);
public abstract TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig);
public abstract TlsSecret HkdfInit(int cryptoHashAlgorithm);
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: d1a4a126833da2e40844fa8069bfeb86
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,144 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Base class for a TlsSecret implementation which captures common code and fields.</summary>
public abstract class AbstractTlsSecret
: TlsSecret
{
protected static byte[] CopyData(AbstractTlsSecret other)
{
return other.CopyData();
}
protected byte[] m_data;
/// <summary>Base constructor.</summary>
/// <param name="data">the byte[] making up the secret value.</param>
protected AbstractTlsSecret(byte[] data)
{
m_data = data;
}
protected virtual void CheckAlive()
{
if (m_data == null)
throw new InvalidOperationException("Secret has already been extracted or destroyed");
}
protected abstract AbstractTlsCrypto Crypto { get; }
public virtual byte[] CalculateHmac(int cryptoHashAlgorithm, byte[] buf, int off, int len)
{
lock (this)
{
CheckAlive();
TlsHmac hmac = Crypto.CreateHmacForHash(cryptoHashAlgorithm);
hmac.SetKey(m_data, 0, m_data.Length);
hmac.Update(buf, off, len);
return hmac.CalculateMac();
}
}
public abstract TlsSecret DeriveUsingPrf(int prfAlgorithm, string label, byte[] seed, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public abstract TlsSecret DeriveUsingPrf(int prfAlgorithm, ReadOnlySpan<char> label, ReadOnlySpan<byte> seed,
int length);
#endif
public virtual void Destroy()
{
lock (this)
{
if (m_data != null)
{
// TODO Is there a way to ensure the data is really overwritten?
Array.Clear(m_data, 0, m_data.Length);
m_data = null;
}
}
}
/// <exception cref="IOException"/>
public virtual byte[] Encrypt(TlsEncryptor encryptor)
{
lock (this)
{
CheckAlive();
return encryptor.Encrypt(m_data, 0, m_data.Length);
}
}
public virtual byte[] Extract()
{
lock (this)
{
CheckAlive();
byte[] result = m_data;
m_data = null;
return result;
}
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public virtual void ExtractTo(Span<byte> output)
{
lock (this)
{
CheckAlive();
m_data.CopyTo(output);
m_data = null;
}
}
#endif
public abstract TlsSecret HkdfExpand(int cryptoHashAlgorithm, byte[] info, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public abstract TlsSecret HkdfExpand(int cryptoHashAlgorithm, ReadOnlySpan<byte> info, int length);
#endif
public abstract TlsSecret HkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm);
public virtual bool IsAlive()
{
lock (this)
{
return null != m_data;
}
}
public virtual int Length
{
get
{
lock (this)
{
CheckAlive();
return m_data.Length;
}
}
}
internal virtual byte[] CopyData()
{
lock (this)
{
return Arrays.Clone(m_data);
}
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: ef94305ee072ddf41a9532746428c761
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,64 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
public sealed class LegacyTls13Verifier
: TlsVerifier
{
private readonly int m_signatureScheme;
private readonly Tls13Verifier m_tls13Verifier;
public LegacyTls13Verifier(int signatureScheme, Tls13Verifier tls13Verifier)
{
if (!TlsUtilities.IsValidUint16(signatureScheme))
throw new ArgumentException("signatureScheme");
if (tls13Verifier == null)
throw new ArgumentNullException("tls13Verifier");
this.m_signatureScheme = signatureScheme;
this.m_tls13Verifier = tls13Verifier;
}
public TlsStreamVerifier GetStreamVerifier(DigitallySigned digitallySigned)
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme)
throw new InvalidOperationException("Invalid algorithm: " + algorithm);
return new TlsStreamVerifierImpl(m_tls13Verifier, digitallySigned.Signature);
}
public bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash)
{
throw new NotSupportedException();
}
private class TlsStreamVerifierImpl
: TlsStreamVerifier
{
private readonly Tls13Verifier m_tls13Verifier;
private readonly byte[] m_signature;
internal TlsStreamVerifierImpl(Tls13Verifier tls13Verifier, byte[] signature)
{
this.m_tls13Verifier = tls13Verifier;
this.m_signature = signature;
}
public Stream Stream
{
get { return m_tls13Verifier.Stream; }
}
public bool IsVerified()
{
return m_tls13Verifier.VerifySignature(m_signature);
}
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 8723fad84fcafb34b816778c033680f2
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,140 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
public abstract class RsaUtilities
{
private static readonly byte[] RSAPSSParams_256_A, RSAPSSParams_384_A, RSAPSSParams_512_A;
private static readonly byte[] RSAPSSParams_256_B, RSAPSSParams_384_B, RSAPSSParams_512_B;
static RsaUtilities()
{
/*
* RFC 4055
*/
AlgorithmIdentifier sha256Identifier_A = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256);
AlgorithmIdentifier sha384Identifier_A = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384);
AlgorithmIdentifier sha512Identifier_A = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512);
AlgorithmIdentifier sha256Identifier_B = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
AlgorithmIdentifier sha384Identifier_B = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
AlgorithmIdentifier sha512Identifier_B = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
AlgorithmIdentifier mgf1SHA256Identifier_A = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha256Identifier_A);
AlgorithmIdentifier mgf1SHA384Identifier_A = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha384Identifier_A);
AlgorithmIdentifier mgf1SHA512Identifier_A = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha512Identifier_A);
AlgorithmIdentifier mgf1SHA256Identifier_B = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha256Identifier_B);
AlgorithmIdentifier mgf1SHA384Identifier_B = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha384Identifier_B);
AlgorithmIdentifier mgf1SHA512Identifier_B = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, sha512Identifier_B);
DerInteger sha256Size = new DerInteger(TlsCryptoUtilities.GetHashOutputSize(CryptoHashAlgorithm.sha256));
DerInteger sha384Size = new DerInteger(TlsCryptoUtilities.GetHashOutputSize(CryptoHashAlgorithm.sha384));
DerInteger sha512Size = new DerInteger(TlsCryptoUtilities.GetHashOutputSize(CryptoHashAlgorithm.sha512));
DerInteger trailerField = new DerInteger(1);
try
{
RSAPSSParams_256_A = new RsassaPssParameters(sha256Identifier_A, mgf1SHA256Identifier_A, sha256Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
RSAPSSParams_384_A = new RsassaPssParameters(sha384Identifier_A, mgf1SHA384Identifier_A, sha384Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
RSAPSSParams_512_A = new RsassaPssParameters(sha512Identifier_A, mgf1SHA512Identifier_A, sha512Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
RSAPSSParams_256_B = new RsassaPssParameters(sha256Identifier_B, mgf1SHA256Identifier_B, sha256Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
RSAPSSParams_384_B = new RsassaPssParameters(sha384Identifier_B, mgf1SHA384Identifier_B, sha384Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
RSAPSSParams_512_B = new RsassaPssParameters(sha512Identifier_B, mgf1SHA512Identifier_B, sha512Size, trailerField)
.GetEncoded(Asn1Encodable.Der);
}
catch (IOException e)
{
throw new InvalidOperationException(e.Message);
}
}
public static bool SupportsPkcs1(AlgorithmIdentifier pubKeyAlgID)
{
DerObjectIdentifier oid = pubKeyAlgID.Algorithm;
return PkcsObjectIdentifiers.RsaEncryption.Equals(oid)
|| X509ObjectIdentifiers.IdEARsa.Equals(oid);
}
public static bool SupportsPss_Pss(short signatureAlgorithm, AlgorithmIdentifier pubKeyAlgID)
{
DerObjectIdentifier oid = pubKeyAlgID.Algorithm;
if (!PkcsObjectIdentifiers.IdRsassaPss.Equals(oid))
return false;
/*
* TODO ASN.1 NULL shouldn't really be allowed here; it's a workaround for e.g. Oracle JDK
* 1.8.0_241, where the X.509 certificate implementation adds the NULL when re-encoding the
* original parameters. It appears it was fixed at some later date (OpenJDK 12.0.2 does not
* have the issue), but not sure exactly when.
*/
Asn1Encodable pssParams = pubKeyAlgID.Parameters;
if (null == pssParams || pssParams is DerNull)
{
switch (signatureAlgorithm)
{
case SignatureAlgorithm.rsa_pss_pss_sha256:
case SignatureAlgorithm.rsa_pss_pss_sha384:
case SignatureAlgorithm.rsa_pss_pss_sha512:
return true;
default:
return false;
}
}
byte[] encoded;
try
{
encoded = pssParams.ToAsn1Object().GetEncoded(Asn1Encodable.Der);
}
catch (Exception)
{
return false;
}
byte[] expected_A, expected_B;
switch (signatureAlgorithm)
{
case SignatureAlgorithm.rsa_pss_pss_sha256:
expected_A = RSAPSSParams_256_A;
expected_B = RSAPSSParams_256_B;
break;
case SignatureAlgorithm.rsa_pss_pss_sha384:
expected_A = RSAPSSParams_384_A;
expected_B = RSAPSSParams_384_B;
break;
case SignatureAlgorithm.rsa_pss_pss_sha512:
expected_A = RSAPSSParams_512_A;
expected_B = RSAPSSParams_512_B;
break;
default:
return false;
}
return Arrays.AreEqual(expected_A, encoded)
|| Arrays.AreEqual(expected_B, encoded);
}
public static bool SupportsPss_Rsae(AlgorithmIdentifier pubKeyAlgID)
{
DerObjectIdentifier oid = pubKeyAlgID.Algorithm;
return PkcsObjectIdentifiers.RsaEncryption.Equals(oid);
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: f935fb480e2cd004491dcdde3d7ff10c
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,497 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>A generic TLS 1.2 AEAD cipher.</summary>
public class TlsAeadCipher
: TlsCipher
{
public const int AEAD_CCM = 1;
public const int AEAD_CHACHA20_POLY1305 = 2;
public const int AEAD_GCM = 3;
private const int NONCE_RFC5288 = 1;
private const int NONCE_RFC7905 = 2;
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly int m_keySize;
protected readonly int m_macSize;
protected readonly int m_fixed_iv_length;
protected readonly int m_record_iv_length;
protected readonly TlsAeadCipherImpl m_decryptCipher, m_encryptCipher;
protected readonly byte[] m_decryptNonce, m_encryptNonce;
protected readonly bool m_isTlsV13;
protected readonly int m_nonceMode;
/// <exception cref="IOException"/>
public TlsAeadCipher(TlsCryptoParameters cryptoParams, TlsAeadCipherImpl encryptCipher,
TlsAeadCipherImpl decryptCipher, int keySize, int macSize, int aeadType)
{
SecurityParameters securityParameters = cryptoParams.SecurityParameters;
ProtocolVersion negotiatedVersion = securityParameters.NegotiatedVersion;
if (!TlsImplUtilities.IsTlsV12(negotiatedVersion))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.m_isTlsV13 = TlsImplUtilities.IsTlsV13(negotiatedVersion);
this.m_nonceMode = GetNonceMode(m_isTlsV13, aeadType);
switch (m_nonceMode)
{
case NONCE_RFC5288:
this.m_fixed_iv_length = 4;
this.m_record_iv_length = 8;
break;
case NONCE_RFC7905:
this.m_fixed_iv_length = 12;
this.m_record_iv_length = 0;
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.m_cryptoParams = cryptoParams;
this.m_keySize = keySize;
this.m_macSize = macSize;
this.m_decryptCipher = decryptCipher;
this.m_encryptCipher = encryptCipher;
this.m_decryptNonce = new byte[m_fixed_iv_length];
this.m_encryptNonce = new byte[m_fixed_iv_length];
bool isServer = cryptoParams.IsServer;
if (m_isTlsV13)
{
RekeyCipher(securityParameters, decryptCipher, m_decryptNonce, !isServer);
RekeyCipher(securityParameters, encryptCipher, m_encryptNonce, isServer);
return;
}
int keyBlockSize = (2 * keySize) + (2 * m_fixed_iv_length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
Span<byte> keyBlock = keyBlockSize <= 512
? stackalloc byte[keyBlockSize]
: new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
if (isServer)
{
decryptCipher.SetKey(keyBlock[..keySize]); keyBlock = keyBlock[keySize..];
encryptCipher.SetKey(keyBlock[..keySize]); keyBlock = keyBlock[keySize..];
keyBlock[..m_fixed_iv_length].CopyTo(m_decryptNonce); keyBlock = keyBlock[m_fixed_iv_length..];
keyBlock[..m_fixed_iv_length].CopyTo(m_encryptNonce); keyBlock = keyBlock[m_fixed_iv_length..];
}
else
{
encryptCipher.SetKey(keyBlock[..keySize]); keyBlock = keyBlock[keySize..];
decryptCipher.SetKey(keyBlock[..keySize]); keyBlock = keyBlock[keySize..];
keyBlock[..m_fixed_iv_length].CopyTo(m_encryptNonce); keyBlock = keyBlock[m_fixed_iv_length..];
keyBlock[..m_fixed_iv_length].CopyTo(m_decryptNonce); keyBlock = keyBlock[m_fixed_iv_length..];
}
if (!keyBlock.IsEmpty)
throw new TlsFatalAlert(AlertDescription.internal_error);
#else
byte[] keyBlock = TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlockSize);
int pos = 0;
if (isServer)
{
decryptCipher.SetKey(keyBlock, pos, keySize); pos += keySize;
encryptCipher.SetKey(keyBlock, pos, keySize); pos += keySize;
Array.Copy(keyBlock, pos, m_decryptNonce, 0, m_fixed_iv_length); pos += m_fixed_iv_length;
Array.Copy(keyBlock, pos, m_encryptNonce, 0, m_fixed_iv_length); pos += m_fixed_iv_length;
}
else
{
encryptCipher.SetKey(keyBlock, pos, keySize); pos += keySize;
decryptCipher.SetKey(keyBlock, pos, keySize); pos += keySize;
Array.Copy(keyBlock, pos, m_encryptNonce, 0, m_fixed_iv_length); pos += m_fixed_iv_length;
Array.Copy(keyBlock, pos, m_decryptNonce, 0, m_fixed_iv_length); pos += m_fixed_iv_length;
}
if (pos != keyBlockSize)
throw new TlsFatalAlert(AlertDescription.internal_error);
#endif
int nonceLength = m_fixed_iv_length + m_record_iv_length;
// NOTE: Ensure dummy nonce is not part of the generated sequence(s)
byte[] dummyNonce = new byte[nonceLength];
dummyNonce[0] = (byte)~m_encryptNonce[0];
dummyNonce[1] = (byte)~m_decryptNonce[1];
encryptCipher.Init(dummyNonce, macSize, null);
decryptCipher.Init(dummyNonce, macSize, null);
}
public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
return plaintextLimit + m_macSize + m_record_iv_length + (m_isTlsV13 ? 1 : 0);
}
public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
int innerPlaintextLimit = plaintextLength;
if (m_isTlsV13)
{
// TODO[tls13] Add support for padding
int maxPadding = 0;
innerPlaintextLimit = 1 + System.Math.Min(plaintextLimit, plaintextLength + maxPadding);
}
return innerPlaintextLimit + m_macSize + m_record_iv_length;
}
public virtual int GetPlaintextLimit(int ciphertextLimit)
{
return ciphertextLimit - m_macSize - m_record_iv_length - (m_isTlsV13 ? 1 : 0);
}
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
return EncodePlaintext(seqNo, contentType, recordVersion, headerAllocation,
plaintext.AsSpan(plaintextOffset, plaintextLength));
#else
byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];
switch (m_nonceMode)
{
case NONCE_RFC5288:
Array.Copy(m_encryptNonce, 0, nonce, 0, m_encryptNonce.Length);
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
TlsUtilities.WriteUint64(seqNo, nonce, m_encryptNonce.Length);
break;
case NONCE_RFC7905:
TlsUtilities.WriteUint64(seqNo, nonce, nonce.Length - 8);
for (int i = 0; i < m_encryptNonce.Length; ++i)
{
nonce[i] ^= m_encryptNonce[i];
}
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
int extraLength = m_isTlsV13 ? 1 : 0;
// TODO[tls13] If we support adding padding to TLSInnerPlaintext, this will need review
int encryptionLength = m_encryptCipher.GetOutputSize(plaintextLength + extraLength);
int ciphertextLength = m_record_iv_length + encryptionLength;
byte[] output = new byte[headerAllocation + ciphertextLength];
int outputPos = headerAllocation;
if (m_record_iv_length != 0)
{
Array.Copy(nonce, nonce.Length - m_record_iv_length, output, outputPos, m_record_iv_length);
outputPos += m_record_iv_length;
}
short recordType = m_isTlsV13 ? ContentType.application_data : contentType;
byte[] additionalData = GetAdditionalData(seqNo, recordType, recordVersion, ciphertextLength,
plaintextLength);
try
{
Array.Copy(plaintext, plaintextOffset, output, outputPos, plaintextLength);
if (m_isTlsV13)
{
output[outputPos + plaintextLength] = (byte)contentType;
}
m_encryptCipher.Init(nonce, m_macSize, additionalData);
outputPos += m_encryptCipher.DoFinal(output, outputPos, plaintextLength + extraLength, output,
outputPos);
}
catch (IOException e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.internal_error, e);
}
if (outputPos != output.Length)
{
// NOTE: The additional data mechanism for AEAD ciphers requires exact output size prediction.
throw new TlsFatalAlert(AlertDescription.internal_error);
}
return new TlsEncodeResult(output, 0, output.Length, recordType);
#endif
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];
switch (m_nonceMode)
{
case NONCE_RFC5288:
Array.Copy(m_encryptNonce, 0, nonce, 0, m_encryptNonce.Length);
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
TlsUtilities.WriteUint64(seqNo, nonce, m_encryptNonce.Length);
break;
case NONCE_RFC7905:
TlsUtilities.WriteUint64(seqNo, nonce, nonce.Length - 8);
for (int i = 0; i < m_encryptNonce.Length; ++i)
{
nonce[i] ^= m_encryptNonce[i];
}
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
int extraLength = m_isTlsV13 ? 1 : 0;
// TODO[tls13] If we support adding padding to TLSInnerPlaintext, this will need review
int encryptionLength = m_encryptCipher.GetOutputSize(plaintext.Length + extraLength);
int ciphertextLength = m_record_iv_length + encryptionLength;
byte[] output = new byte[headerAllocation + ciphertextLength];
int outputPos = headerAllocation;
if (m_record_iv_length != 0)
{
Array.Copy(nonce, nonce.Length - m_record_iv_length, output, outputPos, m_record_iv_length);
outputPos += m_record_iv_length;
}
short recordType = m_isTlsV13 ? ContentType.application_data : contentType;
byte[] additionalData = GetAdditionalData(seqNo, recordType, recordVersion, ciphertextLength,
plaintext.Length);
try
{
plaintext.CopyTo(output.AsSpan(outputPos));
if (m_isTlsV13)
{
output[outputPos + plaintext.Length] = (byte)contentType;
}
m_encryptCipher.Init(nonce, m_macSize, additionalData);
outputPos += m_encryptCipher.DoFinal(output, outputPos, plaintext.Length + extraLength, output,
outputPos);
}
catch (IOException e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.internal_error, e);
}
if (outputPos != output.Length)
{
// NOTE: The additional data mechanism for AEAD ciphers requires exact output size prediction.
throw new TlsFatalAlert(AlertDescription.internal_error);
}
return new TlsEncodeResult(output, 0, output.Length, recordType);
}
#endif
public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int ciphertextOffset, int ciphertextLength)
{
if (GetPlaintextLimit(ciphertextLength) < 0)
throw new TlsFatalAlert(AlertDescription.decode_error);
byte[] nonce = new byte[m_decryptNonce.Length + m_record_iv_length];
switch (m_nonceMode)
{
case NONCE_RFC5288:
Array.Copy(m_decryptNonce, 0, nonce, 0, m_decryptNonce.Length);
Array.Copy(ciphertext, ciphertextOffset, nonce, nonce.Length - m_record_iv_length,
m_record_iv_length);
break;
case NONCE_RFC7905:
TlsUtilities.WriteUint64(seqNo, nonce, nonce.Length - 8);
for (int i = 0; i < m_decryptNonce.Length; ++i)
{
nonce[i] ^= m_decryptNonce[i];
}
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
int encryptionOffset = ciphertextOffset + m_record_iv_length;
int encryptionLength = ciphertextLength - m_record_iv_length;
int plaintextLength = m_decryptCipher.GetOutputSize(encryptionLength);
byte[] additionalData = GetAdditionalData(seqNo, recordType, recordVersion, ciphertextLength,
plaintextLength);
int outputPos;
try
{
m_decryptCipher.Init(nonce, m_macSize, additionalData);
outputPos = m_decryptCipher.DoFinal(ciphertext, encryptionOffset, encryptionLength, ciphertext,
encryptionOffset);
}
catch (TlsFatalAlert fatalAlert)
{
if (AlertDescription.bad_record_mac == fatalAlert.AlertDescription)
{
m_decryptCipher.Reset();
}
throw fatalAlert;
}
catch (IOException e)
{
throw e;
}
catch (Exception e)
{
m_decryptCipher.Reset();
throw new TlsFatalAlert(AlertDescription.bad_record_mac, e);
}
if (outputPos != plaintextLength)
{
// NOTE: The additional data mechanism for AEAD ciphers requires exact output size prediction.
throw new TlsFatalAlert(AlertDescription.internal_error);
}
short contentType = recordType;
if (m_isTlsV13)
{
// Strip padding and read true content type from TLSInnerPlaintext
int pos = plaintextLength;
for (;;)
{
if (--pos < 0)
throw new TlsFatalAlert(AlertDescription.unexpected_message);
byte octet = ciphertext[encryptionOffset + pos];
if (0 != octet)
{
contentType = (short)(octet & 0xFF);
plaintextLength = pos;
break;
}
}
}
return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType);
}
public virtual void RekeyDecoder()
{
RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer);
}
public virtual void RekeyEncoder()
{
RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer);
}
public virtual bool UsesOpaqueRecordType
{
get { return m_isTlsV13; }
}
protected virtual byte[] GetAdditionalData(long seqNo, short recordType, ProtocolVersion recordVersion,
int ciphertextLength, int plaintextLength)
{
if (m_isTlsV13)
{
/*
* TLSCiphertext.opaque_type || TLSCiphertext.legacy_record_version || TLSCiphertext.length
*/
byte[] additional_data = new byte[5];
TlsUtilities.WriteUint8(recordType, additional_data, 0);
TlsUtilities.WriteVersion(recordVersion, additional_data, 1);
TlsUtilities.WriteUint16(ciphertextLength, additional_data, 3);
return additional_data;
}
else
{
/*
* seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length
*/
byte[] additional_data = new byte[13];
TlsUtilities.WriteUint64(seqNo, additional_data, 0);
TlsUtilities.WriteUint8(recordType, additional_data, 8);
TlsUtilities.WriteVersion(recordVersion, additional_data, 9);
TlsUtilities.WriteUint16(plaintextLength, additional_data, 11);
return additional_data;
}
}
protected virtual void RekeyCipher(SecurityParameters securityParameters, TlsAeadCipherImpl cipher,
byte[] nonce, bool serverSecret)
{
if (!m_isTlsV13)
throw new TlsFatalAlert(AlertDescription.internal_error);
TlsSecret secret = serverSecret
? securityParameters.TrafficSecretServer
: securityParameters.TrafficSecretClient;
// TODO[tls13] For early data, have to disable server->client
if (null == secret)
throw new TlsFatalAlert(AlertDescription.internal_error);
Setup13Cipher(cipher, nonce, secret, securityParameters.PrfCryptoHashAlgorithm);
}
protected virtual void Setup13Cipher(TlsAeadCipherImpl cipher, byte[] nonce, TlsSecret secret,
int cryptoHashAlgorithm)
{
byte[] key = TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, "key",
TlsUtilities.EmptyBytes, m_keySize).Extract();
byte[] iv = TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, "iv", TlsUtilities.EmptyBytes,
m_fixed_iv_length).Extract();
cipher.SetKey(key, 0, m_keySize);
Array.Copy(iv, 0, nonce, 0, m_fixed_iv_length);
// NOTE: Ensure dummy nonce is not part of the generated sequence(s)
iv [0] ^= 0x80;
cipher.Init(iv, m_macSize, null);
}
private static int GetNonceMode(bool isTLSv13, int aeadType)
{
switch (aeadType)
{
case AEAD_CCM:
case AEAD_GCM:
return isTLSv13 ? NONCE_RFC7905 : NONCE_RFC5288;
case AEAD_CHACHA20_POLY1305:
return NONCE_RFC7905;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 5fdf671c05679fb4a9235bb34a12cec0
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,51 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Base interface for services supporting AEAD encryption/decryption.</summary>
public interface TlsAeadCipherImpl
{
/// <summary>Set the key to be used by the AEAD cipher implementation supporting this service.</summary>
/// <param name="key">array holding the AEAD cipher key.</param>
/// <param name="keyOff">offset into the array the key starts at.</param>
/// <param name="keyLen">length of the key in the array.</param>
/// <exception cref="IOException"/>
void SetKey(byte[] key, int keyOff, int keyLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void SetKey(ReadOnlySpan<byte> key);
#endif
/// <summary>Initialise the parameters for the AEAD operator.</summary>
/// <param name="nonce">the nonce.</param>
/// <param name="macSize">MAC size in bytes.</param>
/// <param name="additionalData">any additional data to be included in the MAC calculation.</param>
/// <exception cref="IOException">if the parameters are inappropriate.</exception>
void Init(byte[] nonce, int macSize, byte[] additionalData);
/// <summary>Return the maximum size of the output for input of inputLength bytes.</summary>
/// <param name="inputLength">the length (in bytes) of the proposed input.</param>
/// <returns>the maximum size of the output.</returns>
int GetOutputSize(int inputLength);
/// <summary>Perform the cipher encryption/decryption returning the output in output.</summary>
/// <remarks>
/// Note: we have to use DoFinal() here as it is the only way to guarantee output from the underlying cipher.
/// </remarks>
/// <param name="input">array holding input data to the cipher.</param>
/// <param name="inputOffset">offset into input array data starts at.</param>
/// <param name="inputLength">length of the input data in the array.</param>
/// <param name="output">array to hold the cipher output.</param>
/// <param name="outputOffset">offset into output array to start saving output.</param>
/// <returns>the amount of data written to output.</returns>
/// <exception cref="IOException">in case of failure.</exception>
int DoFinal(byte[] input, int inputOffset, int inputLength, byte[] output, int outputOffset);
void Reset();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 9f52f1077f381fd4285eaf40e6ac99f8
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,532 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary>
public class TlsBlockCipher
: TlsCipher
{
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly byte[] m_randomData;
protected readonly bool m_encryptThenMac;
protected readonly bool m_useExplicitIV;
protected readonly bool m_acceptExtraPadding;
protected readonly bool m_useExtraPadding;
protected readonly TlsBlockCipherImpl m_decryptCipher, m_encryptCipher;
protected readonly TlsSuiteMac m_readMac, m_writeMac;
/// <exception cref="IOException"/>
public TlsBlockCipher(TlsCryptoParameters cryptoParams, TlsBlockCipherImpl encryptCipher,
TlsBlockCipherImpl decryptCipher, TlsHmac clientMac, TlsHmac serverMac, int cipherKeySize)
{
SecurityParameters securityParameters = cryptoParams.SecurityParameters;
ProtocolVersion negotiatedVersion = securityParameters.NegotiatedVersion;
if (TlsImplUtilities.IsTlsV13(negotiatedVersion))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.m_cryptoParams = cryptoParams;
this.m_randomData = cryptoParams.NonceGenerator.GenerateNonce(256);
this.m_encryptThenMac = securityParameters.IsEncryptThenMac;
this.m_useExplicitIV = TlsImplUtilities.IsTlsV11(negotiatedVersion);
this.m_acceptExtraPadding = !negotiatedVersion.IsSsl;
/*
* Don't use variable-length padding with truncated MACs.
*
* See "Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol", Paterson,
* Ristenpart, Shrimpton.
*
* TODO[DTLS] Consider supporting in DTLS (without exceeding send limit though)
*/
this.m_useExtraPadding = securityParameters.IsExtendedPadding
&& ProtocolVersion.TLSv10.IsEqualOrEarlierVersionOf(negotiatedVersion)
&& (m_encryptThenMac || !securityParameters.IsTruncatedHmac);
this.m_encryptCipher = encryptCipher;
this.m_decryptCipher = decryptCipher;
TlsBlockCipherImpl clientCipher, serverCipher;
if (cryptoParams.IsServer)
{
clientCipher = decryptCipher;
serverCipher = encryptCipher;
}
else
{
clientCipher = encryptCipher;
serverCipher = decryptCipher;
}
int keyBlockSize = (2 * cipherKeySize) + clientMac.MacLength + serverMac.MacLength;
// From TLS 1.1 onwards, block ciphers don't need IVs from the key_block
if (!m_useExplicitIV)
{
keyBlockSize += clientCipher.GetBlockSize() + serverCipher.GetBlockSize();
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
Span<byte> keyBlock = keyBlockSize <= 512
? stackalloc byte[keyBlockSize]
: new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
serverMac.SetKey(keyBlock[..serverMac.MacLength]); keyBlock = keyBlock[serverMac.MacLength..];
clientCipher.SetKey(keyBlock[..cipherKeySize]); keyBlock = keyBlock[cipherKeySize..];
serverCipher.SetKey(keyBlock[..cipherKeySize]); keyBlock = keyBlock[cipherKeySize..];
int clientIVLength = clientCipher.GetBlockSize();
int serverIVLength = serverCipher.GetBlockSize();
if (m_useExplicitIV)
{
clientCipher.Init(clientIVLength <= 64 ? stackalloc byte[clientIVLength] : new byte[clientIVLength]);
serverCipher.Init(serverIVLength <= 64 ? stackalloc byte[serverIVLength] : new byte[serverIVLength]);
}
else
{
clientCipher.Init(keyBlock[..clientIVLength]); keyBlock = keyBlock[clientIVLength..];
serverCipher.Init(keyBlock[..serverIVLength]); keyBlock = keyBlock[serverIVLength..];
}
if (!keyBlock.IsEmpty)
throw new TlsFatalAlert(AlertDescription.internal_error);
#else
byte[] keyBlock = TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlockSize);
int pos = 0;
clientMac.SetKey(keyBlock, pos, clientMac.MacLength);
pos += clientMac.MacLength;
serverMac.SetKey(keyBlock, pos, serverMac.MacLength);
pos += serverMac.MacLength;
clientCipher.SetKey(keyBlock, pos, cipherKeySize);
pos += cipherKeySize;
serverCipher.SetKey(keyBlock, pos, cipherKeySize);
pos += cipherKeySize;
int clientIVLength = clientCipher.GetBlockSize();
int serverIVLength = serverCipher.GetBlockSize();
if (m_useExplicitIV)
{
clientCipher.Init(new byte[clientIVLength], 0, clientIVLength);
serverCipher.Init(new byte[serverIVLength], 0, serverIVLength);
}
else
{
clientCipher.Init(keyBlock, pos, clientIVLength);
pos += clientIVLength;
serverCipher.Init(keyBlock, pos, serverIVLength);
pos += serverIVLength;
}
if (pos != keyBlockSize)
throw new TlsFatalAlert(AlertDescription.internal_error);
#endif
if (cryptoParams.IsServer)
{
this.m_writeMac = new TlsSuiteHmac(cryptoParams, serverMac);
this.m_readMac = new TlsSuiteHmac(cryptoParams, clientMac);
}
else
{
this.m_writeMac = new TlsSuiteHmac(cryptoParams, clientMac);
this.m_readMac = new TlsSuiteHmac(cryptoParams, serverMac);
}
}
public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
int blockSize = m_decryptCipher.GetBlockSize();
int macSize = m_readMac.Size;
int maxPadding = 256;
return GetCiphertextLength(blockSize, macSize, maxPadding, plaintextLimit);
}
public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
int blockSize = m_encryptCipher.GetBlockSize();
int macSize = m_writeMac.Size;
int maxPadding = m_useExtraPadding ? 256 : blockSize;
return GetCiphertextLength(blockSize, macSize, maxPadding, plaintextLength);
}
public virtual int GetPlaintextLimit(int ciphertextLimit)
{
int blockSize = m_encryptCipher.GetBlockSize();
int macSize = m_writeMac.Size;
int plaintextLimit = ciphertextLimit;
// Leave room for the MAC, and require block-alignment
if (m_encryptThenMac)
{
plaintextLimit -= macSize;
plaintextLimit -= plaintextLimit % blockSize;
}
else
{
plaintextLimit -= plaintextLimit % blockSize;
plaintextLimit -= macSize;
}
// Minimum 1 byte of padding
--plaintextLimit;
// An explicit IV consumes 1 block
if (m_useExplicitIV)
{
plaintextLimit -= blockSize;
}
return plaintextLimit;
}
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
return EncodePlaintext(seqNo, contentType, recordVersion, headerAllocation, plaintext.AsSpan(offset, len));
#else
int blockSize = m_encryptCipher.GetBlockSize();
int macSize = m_writeMac.Size;
int enc_input_length = len;
if (!m_encryptThenMac)
{
enc_input_length += macSize;
}
int padding_length = blockSize - (enc_input_length % blockSize);
if (m_useExtraPadding)
{
// Add a random number of extra blocks worth of padding
int maxExtraPadBlocks = (256 - padding_length) / blockSize;
int actualExtraPadBlocks = ChooseExtraPadBlocks(maxExtraPadBlocks);
padding_length += actualExtraPadBlocks * blockSize;
}
int totalSize = len + macSize + padding_length;
if (m_useExplicitIV)
{
totalSize += blockSize;
}
byte[] outBuf = new byte[headerAllocation + totalSize];
int outOff = headerAllocation;
if (m_useExplicitIV)
{
// Technically the explicit IV will be the encryption of this nonce
byte[] explicitIV = m_cryptoParams.NonceGenerator.GenerateNonce(blockSize);
Array.Copy(explicitIV, 0, outBuf, outOff, blockSize);
outOff += blockSize;
}
Array.Copy(plaintext, offset, outBuf, outOff, len);
outOff += len;
if (!m_encryptThenMac)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext, offset, len);
Array.Copy(mac, 0, outBuf, outOff, mac.Length);
outOff += mac.Length;
}
byte padByte = (byte)(padding_length - 1);
for (int i = 0; i < padding_length; ++i)
{
outBuf[outOff++] = padByte;
}
m_encryptCipher.DoFinal(outBuf, headerAllocation, outOff - headerAllocation, outBuf, headerAllocation);
if (m_encryptThenMac)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, outBuf, headerAllocation,
outOff - headerAllocation);
Array.Copy(mac, 0, outBuf, outOff, mac.Length);
outOff += mac.Length;
}
if (outOff != outBuf.Length)
throw new TlsFatalAlert(AlertDescription.internal_error);
return new TlsEncodeResult(outBuf, 0, outBuf.Length, contentType);
#endif
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
int blockSize = m_encryptCipher.GetBlockSize();
int macSize = m_writeMac.Size;
int enc_input_length = plaintext.Length;
if (!m_encryptThenMac)
{
enc_input_length += macSize;
}
int padding_length = blockSize - (enc_input_length % blockSize);
if (m_useExtraPadding)
{
// Add a random number of extra blocks worth of padding
int maxExtraPadBlocks = (256 - padding_length) / blockSize;
int actualExtraPadBlocks = ChooseExtraPadBlocks(maxExtraPadBlocks);
padding_length += actualExtraPadBlocks * blockSize;
}
int totalSize = plaintext.Length + macSize + padding_length;
if (m_useExplicitIV)
{
totalSize += blockSize;
}
byte[] outBuf = new byte[headerAllocation + totalSize];
int outOff = headerAllocation;
if (m_useExplicitIV)
{
// Technically the explicit IV will be the encryption of this nonce
byte[] explicitIV = m_cryptoParams.NonceGenerator.GenerateNonce(blockSize);
Array.Copy(explicitIV, 0, outBuf, outOff, blockSize);
outOff += blockSize;
}
plaintext.CopyTo(outBuf.AsSpan(outOff));
outOff += plaintext.Length;
if (!m_encryptThenMac)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext);
mac.CopyTo(outBuf.AsSpan(outOff));
outOff += mac.Length;
}
byte padByte = (byte)(padding_length - 1);
for (int i = 0; i < padding_length; ++i)
{
outBuf[outOff++] = padByte;
}
m_encryptCipher.DoFinal(outBuf, headerAllocation, outOff - headerAllocation, outBuf, headerAllocation);
if (m_encryptThenMac)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, outBuf, headerAllocation,
outOff - headerAllocation);
Array.Copy(mac, 0, outBuf, outOff, mac.Length);
outOff += mac.Length;
}
if (outOff != outBuf.Length)
throw new TlsFatalAlert(AlertDescription.internal_error);
return new TlsEncodeResult(outBuf, 0, outBuf.Length, contentType);
}
#endif
public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len)
{
int blockSize = m_decryptCipher.GetBlockSize();
int macSize = m_readMac.Size;
int minLen = blockSize;
if (m_encryptThenMac)
{
minLen += macSize;
}
else
{
minLen = System.Math.Max(minLen, macSize + 1);
}
if (m_useExplicitIV)
{
minLen += blockSize;
}
if (len < minLen)
throw new TlsFatalAlert(AlertDescription.decode_error);
int blocks_length = len;
if (m_encryptThenMac)
{
blocks_length -= macSize;
}
if (blocks_length % blockSize != 0)
throw new TlsFatalAlert(AlertDescription.decryption_failed);
if (m_encryptThenMac)
{
byte[] expectedMac = m_readMac.CalculateMac(seqNo, recordType, ciphertext, offset, len - macSize);
bool checkMac = TlsUtilities.ConstantTimeAreEqual(macSize, expectedMac, 0, ciphertext,
offset + len - macSize);
if (!checkMac)
{
/*
* RFC 7366 3. The MAC SHALL be evaluated before any further processing such as
* decryption is performed, and if the MAC verification fails, then processing SHALL
* terminate immediately. For TLS, a fatal bad_record_mac MUST be generated [2]. For
* DTLS, the record MUST be discarded, and a fatal bad_record_mac MAY be generated
* [4]. This immediate response to a bad MAC eliminates any timing channels that may
* be available through the use of manipulated packet data.
*/
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
}
}
m_decryptCipher.DoFinal(ciphertext, offset, blocks_length, ciphertext, offset);
if (m_useExplicitIV)
{
offset += blockSize;
blocks_length -= blockSize;
}
// If there's anything wrong with the padding, this will return zero
int totalPad = CheckPaddingConstantTime(ciphertext, offset, blocks_length, blockSize,
m_encryptThenMac ? 0 : macSize);
bool badMac = (totalPad == 0);
int dec_output_length = blocks_length - totalPad;
if (!m_encryptThenMac)
{
dec_output_length -= macSize;
byte[] expectedMac = m_readMac.CalculateMacConstantTime(seqNo, recordType, ciphertext, offset,
dec_output_length, blocks_length - macSize, m_randomData);
badMac |= !TlsUtilities.ConstantTimeAreEqual(macSize, expectedMac, 0, ciphertext,
offset + dec_output_length);
}
if (badMac)
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
return new TlsDecodeResult(ciphertext, offset, dec_output_length, recordType);
}
public virtual void RekeyDecoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual void RekeyEncoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual bool UsesOpaqueRecordType
{
get { return false; }
}
protected virtual int CheckPaddingConstantTime(byte[] buf, int off, int len, int blockSize, int macSize)
{
int end = off + len;
byte lastByte = buf[end - 1];
int padlen = lastByte & 0xff;
int totalPad = padlen + 1;
int dummyIndex = 0;
byte padDiff = 0;
int totalPadLimit = System.Math.Min(m_acceptExtraPadding ? 256 : blockSize, len - macSize);
if (totalPad > totalPadLimit)
{
totalPad = 0;
}
else
{
int padPos = end - totalPad;
do
{
padDiff |= (byte)(buf[padPos++] ^ lastByte);
}
while (padPos < end);
dummyIndex = totalPad;
if (padDiff != 0)
{
totalPad = 0;
}
}
// Run some extra dummy checks so the number of checks is always constant
{
byte[] dummyPad = m_randomData;
while (dummyIndex < 256)
{
padDiff |= (byte)(dummyPad[dummyIndex++] ^ lastByte);
}
// Ensure the above loop is not eliminated
dummyPad[0] ^= padDiff;
}
return totalPad;
}
protected virtual int ChooseExtraPadBlocks(int max)
{
byte[] random = m_cryptoParams.NonceGenerator.GenerateNonce(4);
int x = (int)Pack.LE_To_UInt32(random, 0);
int n = Integers.NumberOfTrailingZeros(x);
return System.Math.Min(n, max);
}
protected virtual int GetCiphertextLength(int blockSize, int macSize, int maxPadding, int plaintextLength)
{
int ciphertextLength = plaintextLength;
// An explicit IV consumes 1 block
if (m_useExplicitIV)
{
ciphertextLength += blockSize;
}
// Leave room for the MAC and (block-aligning) padding
ciphertextLength += maxPadding;
if (m_encryptThenMac)
{
ciphertextLength -= (ciphertextLength % blockSize);
ciphertextLength += macSize;
}
else
{
ciphertextLength += macSize;
ciphertextLength -= (ciphertextLength % blockSize);
}
return ciphertextLength;
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: a85161e5ba712cb4883536de2b0fce4a
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,52 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Interface for block cipher services.</summary>
public interface TlsBlockCipherImpl
{
/// <summary>Set the key to be used by the block cipher implementation supporting this service.</summary>
/// <param name="key">array holding the block cipher key.</param>
/// <param name="keyOff">offset into the array the key starts at.</param>
/// <param name="keyLen">length of the key in the array.</param>
/// <exception cref="IOException"/>
void SetKey(byte[] key, int keyOff, int keyLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void SetKey(ReadOnlySpan<byte> key);
#endif
/// <summary>Initialise the parameters for operator.</summary>
/// <param name="iv">array holding the initialization vector (IV).</param>
/// <param name="ivOff">offset into the array the IV starts at.</param>
/// <param name="ivLen">length of the IV in the array.</param>
/// <exception cref="IOException">if the parameters are inappropriate.</exception>
void Init(byte[] iv, int ivOff, int ivLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
void Init(ReadOnlySpan<byte> iv);
#endif
/// <summary>Perform the cipher encryption/decryption returning the output in output.</summary>
/// <remarks>
/// Note: we have to use DoFinal() here as it is the only way to guarantee output from the underlying cipher.
/// </remarks>
/// <param name="input">array holding input data to the cipher.</param>
/// <param name="inputOffset">offset into input array data starts at.</param>
/// <param name="inputLength">length of the input data in the array.</param>
/// <param name="output">array to hold the cipher output.</param>
/// <param name="outputOffset">offset into output array to start saving output.</param>
/// <returns>the amount of data written to output.</returns>
/// <exception cref="IOException">in case of failure.</exception>
int DoFinal(byte[] input, int inputOffset, int inputLength, byte[] output, int outputOffset);
/// <summary>Return the blocksize (in bytes) of the underlying block cipher.</summary>
/// <returns>the cipher's blocksize.</returns>
int GetBlockSize();
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: c9525369b45ed6042817ffbc5e90e0cc
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,86 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Useful utility methods.</summary>
public abstract class TlsImplUtilities
{
public static bool IsSsl(TlsCryptoParameters cryptoParams)
{
return cryptoParams.ServerVersion.IsSsl;
}
public static bool IsTlsV10(ProtocolVersion version)
{
return ProtocolVersion.TLSv10.IsEqualOrEarlierVersionOf(version.GetEquivalentTlsVersion());
}
public static bool IsTlsV10(TlsCryptoParameters cryptoParams)
{
return IsTlsV10(cryptoParams.ServerVersion);
}
public static bool IsTlsV11(ProtocolVersion version)
{
return ProtocolVersion.TLSv11.IsEqualOrEarlierVersionOf(version.GetEquivalentTlsVersion());
}
public static bool IsTlsV11(TlsCryptoParameters cryptoParams)
{
return IsTlsV11(cryptoParams.ServerVersion);
}
public static bool IsTlsV12(ProtocolVersion version)
{
return ProtocolVersion.TLSv12.IsEqualOrEarlierVersionOf(version.GetEquivalentTlsVersion());
}
public static bool IsTlsV12(TlsCryptoParameters cryptoParams)
{
return IsTlsV12(cryptoParams.ServerVersion);
}
public static bool IsTlsV13(ProtocolVersion version)
{
return ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(version.GetEquivalentTlsVersion());
}
public static bool IsTlsV13(TlsCryptoParameters cryptoParams)
{
return IsTlsV13(cryptoParams.ServerVersion);
}
public static byte[] CalculateKeyBlock(TlsCryptoParameters cryptoParams, int length)
{
SecurityParameters securityParameters = cryptoParams.SecurityParameters;
TlsSecret master_secret = securityParameters.MasterSecret;
int prfAlgorithm = securityParameters.PrfAlgorithm;
byte[] seed = Arrays.Concatenate(securityParameters.ServerRandom, securityParameters.ClientRandom);
return master_secret.DeriveUsingPrf(prfAlgorithm, ExporterLabel.key_expansion, seed, length).Extract();
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public static void CalculateKeyBlock(TlsCryptoParameters cryptoParams, Span<byte> keyBlock)
{
SecurityParameters securityParameters = cryptoParams.SecurityParameters;
TlsSecret master_secret = securityParameters.MasterSecret;
int prfAlgorithm = securityParameters.PrfAlgorithm;
Span<byte> cr = securityParameters.ClientRandom, sr = securityParameters.ServerRandom;
Span<byte> seed = stackalloc byte[sr.Length + cr.Length];
sr.CopyTo(seed);
cr.CopyTo(seed[sr.Length..]);
TlsSecret derived = master_secret.DeriveUsingPrf(prfAlgorithm, ExporterLabel.key_expansion, seed,
keyBlock.Length);
derived.ExtractTo(keyBlock);
}
#endif
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 87bfbb1614880a14989169d07561dd32
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,133 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.IO;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>The NULL cipher.</summary>
public class TlsNullCipher
: TlsCipher
{
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly TlsSuiteHmac m_readMac, m_writeMac;
/// <exception cref="IOException"/>
public TlsNullCipher(TlsCryptoParameters cryptoParams, TlsHmac clientMac, TlsHmac serverMac)
{
if (TlsImplUtilities.IsTlsV13(cryptoParams))
throw new TlsFatalAlert(AlertDescription.internal_error);
m_cryptoParams = cryptoParams;
int keyBlockSize = clientMac.MacLength + serverMac.MacLength;
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
Span<byte> keyBlock = keyBlockSize <= 512
? stackalloc byte[keyBlockSize]
: new byte[keyBlockSize];
TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlock);
clientMac.SetKey(keyBlock[..clientMac.MacLength]); keyBlock = keyBlock[clientMac.MacLength..];
serverMac.SetKey(keyBlock[..serverMac.MacLength]); keyBlock = keyBlock[serverMac.MacLength..];
if (!keyBlock.IsEmpty)
throw new TlsFatalAlert(AlertDescription.internal_error);
#else
byte[] keyBlock = TlsImplUtilities.CalculateKeyBlock(cryptoParams, keyBlockSize);
int pos = 0;
clientMac.SetKey(keyBlock, pos, clientMac.MacLength);
pos += clientMac.MacLength;
serverMac.SetKey(keyBlock, pos, serverMac.MacLength);
pos += serverMac.MacLength;
if (pos != keyBlockSize)
throw new TlsFatalAlert(AlertDescription.internal_error);
#endif
if (cryptoParams.IsServer)
{
this.m_writeMac = new TlsSuiteHmac(cryptoParams, serverMac);
this.m_readMac = new TlsSuiteHmac(cryptoParams, clientMac);
}
else
{
this.m_writeMac = new TlsSuiteHmac(cryptoParams, clientMac);
this.m_readMac = new TlsSuiteHmac(cryptoParams, serverMac);
}
}
public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
return plaintextLimit + m_writeMac.Size;
}
public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
return plaintextLength + m_writeMac.Size;
}
public virtual int GetPlaintextLimit(int ciphertextLimit)
{
return ciphertextLimit - m_writeMac.Size;
}
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext, offset, len);
byte[] ciphertext = new byte[headerAllocation + len + mac.Length];
Array.Copy(plaintext, offset, ciphertext, headerAllocation, len);
Array.Copy(mac, 0, ciphertext, headerAllocation + len, mac.Length);
return new TlsEncodeResult(ciphertext, 0, ciphertext.Length, contentType);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext);
byte[] ciphertext = new byte[headerAllocation + plaintext.Length + mac.Length];
plaintext.CopyTo(ciphertext.AsSpan(headerAllocation));
mac.CopyTo(ciphertext.AsSpan(headerAllocation + plaintext.Length));
return new TlsEncodeResult(ciphertext, 0, ciphertext.Length, contentType);
}
#endif
public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len)
{
int macSize = m_readMac.Size;
if (len < macSize)
throw new TlsFatalAlert(AlertDescription.decode_error);
int macInputLen = len - macSize;
byte[] expectedMac = m_readMac.CalculateMac(seqNo, recordType, ciphertext, offset, macInputLen);
bool badMac = !TlsUtilities.ConstantTimeAreEqual(macSize, expectedMac, 0, ciphertext, offset + macInputLen);
if (badMac)
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
return new TlsDecodeResult(ciphertext, offset, macInputLen, recordType);
}
public virtual void RekeyDecoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual void RekeyEncoder()
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual bool UsesOpaqueRecordType
{
get { return false; }
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 4997ddc18edf0d749b1c186f7fc1bbf8
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,151 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>A generic TLS MAC implementation, acting as an HMAC based on some underlying Digest.</summary>
public class TlsSuiteHmac
: TlsSuiteMac
{
protected static int GetMacSize(TlsCryptoParameters cryptoParams, TlsMac mac)
{
int macSize = mac.MacLength;
if (cryptoParams.SecurityParameters.IsTruncatedHmac)
{
macSize = System.Math.Min(macSize, 10);
}
return macSize;
}
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly TlsHmac m_mac;
protected readonly int m_digestBlockSize;
protected readonly int m_digestOverhead;
protected readonly int m_macSize;
/// <summary>Generate a new instance of a TlsMac.</summary>
/// <param name="cryptoParams">the TLS client context specific crypto parameters.</param>
/// <param name="mac">The MAC to use.</param>
public TlsSuiteHmac(TlsCryptoParameters cryptoParams, TlsHmac mac)
{
this.m_cryptoParams = cryptoParams;
this.m_mac = mac;
this.m_macSize = GetMacSize(cryptoParams, mac);
this.m_digestBlockSize = mac.InternalBlockSize;
// TODO This should check the actual algorithm, not assume based on the digest size
if (TlsImplUtilities.IsSsl(cryptoParams) && mac.MacLength == 20)
{
/*
* NOTE: For the SSL 3.0 MAC with SHA-1, the secret + input pad is not block-aligned.
*/
this.m_digestOverhead = 4;
}
else
{
this.m_digestOverhead = m_digestBlockSize / 8;
}
}
public virtual int Size
{
get { return m_macSize; }
}
public virtual byte[] CalculateMac(long seqNo, short type, byte[] msg, int msgOff, int msgLen)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
return CalculateMac(seqNo, type, msg.AsSpan(msgOff, msgLen));
#else
ProtocolVersion serverVersion = m_cryptoParams.ServerVersion;
bool isSsl = serverVersion.IsSsl;
byte[] macHeader = new byte[isSsl ? 11 : 13];
TlsUtilities.WriteUint64(seqNo, macHeader, 0);
TlsUtilities.WriteUint8(type, macHeader, 8);
if (!isSsl)
{
TlsUtilities.WriteVersion(serverVersion, macHeader, 9);
}
TlsUtilities.WriteUint16(msgLen, macHeader, macHeader.Length - 2);
m_mac.Update(macHeader, 0, macHeader.Length);
m_mac.Update(msg, msgOff, msgLen);
return Truncate(m_mac.CalculateMac());
#endif
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
public virtual byte[] CalculateMac(long seqNo, short type, ReadOnlySpan<byte> message)
{
ProtocolVersion serverVersion = m_cryptoParams.ServerVersion;
bool isSsl = serverVersion.IsSsl;
byte[] macHeader = new byte[isSsl ? 11 : 13];
TlsUtilities.WriteUint64(seqNo, macHeader, 0);
TlsUtilities.WriteUint8(type, macHeader, 8);
if (!isSsl)
{
TlsUtilities.WriteVersion(serverVersion, macHeader, 9);
}
TlsUtilities.WriteUint16(message.Length, macHeader, macHeader.Length - 2);
m_mac.Update(macHeader);
m_mac.Update(message);
return Truncate(m_mac.CalculateMac());
}
#endif
public virtual byte[] CalculateMacConstantTime(long seqNo, short type, byte[] msg, int msgOff, int msgLen,
int fullLength, byte[] dummyData)
{
/*
* Actual MAC only calculated on 'length' bytes...
*/
byte[] result = CalculateMac(seqNo, type, msg, msgOff, msgLen);
/*
* ...but ensure a constant number of complete digest blocks are processed (as many as would
* be needed for 'fullLength' bytes of input).
*/
int headerLength = TlsImplUtilities.IsSsl(m_cryptoParams) ? 11 : 13;
// How many extra full blocks do we need to calculate?
int extra = GetDigestBlockCount(headerLength + fullLength) - GetDigestBlockCount(headerLength + msgLen);
while (--extra >= 0)
{
m_mac.Update(dummyData, 0, m_digestBlockSize);
}
// One more byte in case the implementation is "lazy" about processing blocks
m_mac.Update(dummyData, 0, 1);
m_mac.Reset();
return result;
}
protected virtual int GetDigestBlockCount(int inputLength)
{
// NOTE: The input pad for HMAC is always a full digest block
// NOTE: This calculation assumes a minimum of 1 pad byte
return (inputLength + m_digestOverhead) / m_digestBlockSize;
}
protected virtual byte[] Truncate(byte[] bs)
{
if (bs.Length <= m_macSize)
return bs;
return Arrays.CopyOf(bs, m_macSize);
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 842fbe759a5c520499b0ae24cc9a7b8d
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,41 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>Base interface for a generic TLS MAC implementation for use with a bulk cipher.</summary>
public interface TlsSuiteMac
{
/// <summary>Return the output length (in bytes) of this MAC.</summary>
/// <returns>The output length of this MAC.</returns>
int Size { get; }
/// <summary>Calculate the MAC for some given data.</summary>
/// <param name="seqNo">The sequence number of the record.</param>
/// <param name="type">The content type of the message.</param>
/// <param name="message">A byte array containing the message.</param>
/// <param name="offset">The number of bytes to skip, before the message starts.</param>
/// <param name="length">The length of the message.</param>
/// <returns>A new byte array containing the MAC value.</returns>
byte[] CalculateMac(long seqNo, short type, byte[] message, int offset, int length);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
byte[] CalculateMac(long seqNo, short type, ReadOnlySpan<byte> message);
#endif
/// <summary>Constant time calculation of the MAC for some given data with a given expected length.</summary>
/// <param name="seqNo">The sequence number of the record.</param>
/// <param name="type">The content type of the message.</param>
/// <param name="message">A byte array containing the message.</param>
/// <param name="offset">The number of bytes to skip, before the message starts.</param>
/// <param name="length">The length of the message.</param>
/// <param name="expectedLength">The expected length of the full message.</param>
/// <param name="randomData">Random data for padding out the MAC calculation if required.</param>
/// <returns>A new byte array containing the MAC value.</returns>
byte[] CalculateMacConstantTime(long seqNo, short type, byte[] message, int offset, int length,
int expectedLength, byte[] randomData);
}
}
#pragma warning restore
#endif

Some files were not shown because too many files have changed in this diff Show More