chenbin/tianrunCRM
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

up

Browse Source
This commit is contained in:
陈彬
2020-07-09 08:50:24 +08:00
parent 13d25f4707
commit c523462b82
1818 changed files with 174940 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

261
Assets/BestHTTP/SecureProtocol/crypto/macs/CMac.cs Normal file
View File

@@ -0,0 +1,261 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
* <p>
* CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
* </p><p>
* CMAC is a NIST recomendation - see
* csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
* </p><p>
* CMAC/OMAC1 is a blockcipher-based message authentication code designed and
* analyzed by Tetsu Iwata and Kaoru Kurosawa.
* </p><p>
* CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
* Authentication Code). OMAC stands for One-Key CBC MAC.
* </p><p>
* It supports 128- or 64-bits block ciphers, with any key size, and returns
* a MAC with dimension less or equal to the block size of the underlying
* cipher.
* </p>
*/
public class CMac
: IMac
{
private const byte CONSTANT_128 = (byte)0x87;
private const byte CONSTANT_64 = (byte)0x1b;
private byte[] ZEROES;
private byte[] mac;
private byte[] buf;
private int bufOff;
private IBlockCipher cipher;
private int macSize;
private byte[] L, Lu, Lu2;
/**
* create a standard MAC based on a CBC block cipher (64 or 128 bit block).
* This will produce an authentication code the length of the block size
* of the cipher.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
*/
public CMac(
IBlockCipher cipher)
: this(cipher, cipher.GetBlockSize() * 8)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits.
* <p/>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
*
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128.
*/
public CMac(
IBlockCipher cipher,
int macSizeInBits)
{
if ((macSizeInBits % 8) != 0)
throw new ArgumentException("MAC size must be multiple of 8");
if (macSizeInBits > (cipher.GetBlockSize() * 8))
{
throw new ArgumentException(
"MAC size must be less or equal to "
+ (cipher.GetBlockSize() * 8));
}
if (cipher.GetBlockSize() != 8 && cipher.GetBlockSize() != 16)
{
throw new ArgumentException(
"Block size must be either 64 or 128 bits");
}
this.cipher = new CbcBlockCipher(cipher);
this.macSize = macSizeInBits / 8;
mac = new byte[cipher.GetBlockSize()];
buf = new byte[cipher.GetBlockSize()];
ZEROES = new byte[cipher.GetBlockSize()];
bufOff = 0;
}
public string AlgorithmName
{
get { return cipher.AlgorithmName; }
}
private static int ShiftLeft(byte[] block, byte[] output)
{
int i = block.Length;
uint bit = 0;
while (--i >= 0)
{
uint b = block[i];
output[i] = (byte)((b << 1) | bit);
bit = (b >> 7) & 1;
}
return (int)bit;
}
private static byte[] DoubleLu(byte[] input)
{
byte[] ret = new byte[input.Length];
int carry = ShiftLeft(input, ret);
int xor = input.Length == 16 ? CONSTANT_128 : CONSTANT_64;
/*
* NOTE: This construction is an attempt at a constant-time implementation.
*/
ret[input.Length - 1] ^= (byte)(xor >> ((1 - carry) << 3));
return ret;
}
public void Init(
ICipherParameters parameters)
{
if (parameters is KeyParameter)
{
cipher.Init(true, parameters);
//initializes the L, Lu, Lu2 numbers
L = new byte[ZEROES.Length];
cipher.ProcessBlock(ZEROES, 0, L, 0);
Lu = DoubleLu(L);
Lu2 = DoubleLu(Lu);
}
else if (parameters != null)
{
// CMAC mode does not permit IV to underlying CBC mode
throw new ArgumentException("CMac mode only permits key to be set.", "parameters");
}
Reset();
}
public int GetMacSize()
{
return macSize;
}
public void Update(
byte input)
{
if (bufOff == buf.Length)
{
cipher.ProcessBlock(buf, 0, mac, 0);
bufOff = 0;
}
buf[bufOff++] = input;
}
public void BlockUpdate(
byte[] inBytes,
int inOff,
int len)
{
if (len < 0)
throw new ArgumentException("Can't have a negative input length!");
int blockSize = cipher.GetBlockSize();
int gapLen = blockSize - bufOff;
if (len > gapLen)
{
Array.Copy(inBytes, inOff, buf, bufOff, gapLen);
cipher.ProcessBlock(buf, 0, mac, 0);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > blockSize)
{
cipher.ProcessBlock(inBytes, inOff, mac, 0);
len -= blockSize;
inOff += blockSize;
}
}
Array.Copy(inBytes, inOff, buf, bufOff, len);
bufOff += len;
}
public int DoFinal(
byte[] outBytes,
int outOff)
{
int blockSize = cipher.GetBlockSize();
byte[] lu;
if (bufOff == blockSize)
{
lu = Lu;
}
else
{
new ISO7816d4Padding().AddPadding(buf, bufOff);
lu = Lu2;
}
for (int i = 0; i < mac.Length; i++)
{
buf[i] ^= lu[i];
}
cipher.ProcessBlock(buf, 0, mac, 0);
Array.Copy(mac, 0, outBytes, outOff, macSize);
Reset();
return macSize;
}
/**
* Reset the mac generator.
*/
public void Reset()
{
/*
* clean the buffer.
*/
Array.Clear(buf, 0, buf.Length);
bufOff = 0;
/*
* Reset the underlying cipher.
*/
cipher.Reset();
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/CMac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 99d5fa1b810324f5ab53c4cf8d4eb85b
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

213
Assets/BestHTTP/SecureProtocol/crypto/macs/CbcBlockCipherMac.cs Normal file
View File

@@ -0,0 +1,213 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* standard CBC Block Cipher MAC - if no padding is specified the default of
* pad of zeroes is used.
*/
public class CbcBlockCipherMac
: IMac
{
private byte[] buf;
private int bufOff;
private IBlockCipher cipher;
private IBlockCipherPadding padding;
private int macSize;
/**
* create a standard MAC based on a CBC block cipher. This will produce an
* authentication code half the length of the block size of the cipher.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
*/
public CbcBlockCipherMac(
IBlockCipher cipher)
: this(cipher, (cipher.GetBlockSize() * 8) / 2, null)
{
}
/**
* create a standard MAC based on a CBC block cipher. This will produce an
* authentication code half the length of the block size of the cipher.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param padding the padding to be used to complete the last block.
*/
public CbcBlockCipherMac(
IBlockCipher cipher,
IBlockCipherPadding padding)
: this(cipher, (cipher.GetBlockSize() * 8) / 2, padding)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses CBC mode as the basis for the
* MAC generation.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
*/
public CbcBlockCipherMac(
IBlockCipher cipher,
int macSizeInBits)
: this(cipher, macSizeInBits, null)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses CBC mode as the basis for the
* MAC generation.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
* @param padding the padding to be used to complete the last block.
*/
public CbcBlockCipherMac(
IBlockCipher cipher,
int macSizeInBits,
IBlockCipherPadding padding)
{
if ((macSizeInBits % 8) != 0)
throw new ArgumentException("MAC size must be multiple of 8");
this.cipher = new CbcBlockCipher(cipher);
this.padding = padding;
this.macSize = macSizeInBits / 8;
buf = new byte[cipher.GetBlockSize()];
bufOff = 0;
}
public string AlgorithmName
{
get { return cipher.AlgorithmName; }
}
public void Init(
ICipherParameters parameters)
{
Reset();
cipher.Init(true, parameters);
}
public int GetMacSize()
{
return macSize;
}
public void Update(
byte input)
{
if (bufOff == buf.Length)
{
cipher.ProcessBlock(buf, 0, buf, 0);
bufOff = 0;
}
buf[bufOff++] = input;
}
public void BlockUpdate(
byte[] input,
int inOff,
int len)
{
if (len < 0)
throw new ArgumentException("Can't have a negative input length!");
int blockSize = cipher.GetBlockSize();
int gapLen = blockSize - bufOff;
if (len > gapLen)
{
Array.Copy(input, inOff, buf, bufOff, gapLen);
cipher.ProcessBlock(buf, 0, buf, 0);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > blockSize)
{
cipher.ProcessBlock(input, inOff, buf, 0);
len -= blockSize;
inOff += blockSize;
}
}
Array.Copy(input, inOff, buf, bufOff, len);
bufOff += len;
}
public int DoFinal(
byte[] output,
int outOff)
{
int blockSize = cipher.GetBlockSize();
if (padding == null)
{
// pad with zeroes
while (bufOff < blockSize)
{
buf[bufOff++] = 0;
}
}
else
{
if (bufOff == blockSize)
{
cipher.ProcessBlock(buf, 0, buf, 0);
bufOff = 0;
}
padding.AddPadding(buf, bufOff);
}
cipher.ProcessBlock(buf, 0, buf, 0);
Array.Copy(buf, 0, output, outOff, macSize);
Reset();
return macSize;
}
/**
* Reset the mac generator.
*/
public void Reset()
{
// Clear the buffer.
Array.Clear(buf, 0, buf.Length);
bufOff = 0;
// Reset the underlying cipher.
cipher.Reset();
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/CbcBlockCipherMac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 9ef71be1c42124f6aa49f5dca11b5865
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

372
Assets/BestHTTP/SecureProtocol/crypto/macs/CfbBlockCipherMac.cs Normal file
View File

@@ -0,0 +1,372 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
*/
class MacCFBBlockCipher
: IBlockCipher
{
private byte[] IV;
private byte[] cfbV;
private byte[] cfbOutV;
private readonly int blockSize;
private readonly IBlockCipher cipher;
/**
* Basic constructor.
*
* @param cipher the block cipher to be used as the basis of the
* feedback mode.
* @param blockSize the block size in bits (note: a multiple of 8)
*/
public MacCFBBlockCipher(
IBlockCipher cipher,
int bitBlockSize)
{
this.cipher = cipher;
this.blockSize = bitBlockSize / 8;
this.IV = new byte[cipher.GetBlockSize()];
this.cfbV = new byte[cipher.GetBlockSize()];
this.cfbOutV = new byte[cipher.GetBlockSize()];
}
/**
* Initialise the cipher and, possibly, the initialisation vector (IV).
* If an IV isn't passed as part of the parameter, the IV will be all zeros.
* An IV which is too short is handled in FIPS compliant fashion.
*
* @param param the key and other data required by the cipher.
* @exception ArgumentException if the parameters argument is
* inappropriate.
*/
public void Init(
bool forEncryption,
ICipherParameters parameters)
{
if (parameters is ParametersWithIV)
{
ParametersWithIV ivParam = (ParametersWithIV)parameters;
byte[] iv = ivParam.GetIV();
if (iv.Length < IV.Length)
{
Array.Copy(iv, 0, IV, IV.Length - iv.Length, iv.Length);
}
else
{
Array.Copy(iv, 0, IV, 0, IV.Length);
}
parameters = ivParam.Parameters;
}
Reset();
cipher.Init(true, parameters);
}
/**
* return the algorithm name and mode.
*
* @return the name of the underlying algorithm followed by "/CFB"
* and the block size in bits.
*/
public string AlgorithmName
{
get { return cipher.AlgorithmName + "/CFB" + (blockSize * 8); }
}
public bool IsPartialBlockOkay
{
get { return true; }
}
/**
* return the block size we are operating at.
*
* @return the block size we are operating at (in bytes).
*/
public int GetBlockSize()
{
return blockSize;
}
/**
* Process one block of input from the array in and write it to
* the out array.
*
* @param in the array containing the input data.
* @param inOff offset into the in array the data starts at.
* @param out the array the output data will be copied into.
* @param outOff the offset into the out array the output will start at.
* @exception DataLengthException if there isn't enough data in in, or
* space in out.
* @exception InvalidOperationException if the cipher isn't initialised.
* @return the number of bytes processed and produced.
*/
public int ProcessBlock(
byte[] input,
int inOff,
byte[] outBytes,
int outOff)
{
if ((inOff + blockSize) > input.Length)
throw new DataLengthException("input buffer too short");
if ((outOff + blockSize) > outBytes.Length)
throw new DataLengthException("output buffer too short");
cipher.ProcessBlock(cfbV, 0, cfbOutV, 0);
//
// XOR the cfbV with the plaintext producing the cipher text
//
for (int i = 0; i < blockSize; i++)
{
outBytes[outOff + i] = (byte)(cfbOutV[i] ^ input[inOff + i]);
}
//
// change over the input block.
//
Array.Copy(cfbV, blockSize, cfbV, 0, cfbV.Length - blockSize);
Array.Copy(outBytes, outOff, cfbV, cfbV.Length - blockSize, blockSize);
return blockSize;
}
/**
* reset the chaining vector back to the IV and reset the underlying
* cipher.
*/
public void Reset()
{
IV.CopyTo(cfbV, 0);
cipher.Reset();
}
public void GetMacBlock(
byte[] mac)
{
cipher.ProcessBlock(cfbV, 0, mac, 0);
}
}
public class CfbBlockCipherMac
: IMac
{
private byte[] mac;
private byte[] Buffer;
private int bufOff;
private MacCFBBlockCipher cipher;
private IBlockCipherPadding padding;
private int macSize;
/**
* create a standard MAC based on a CFB block cipher. This will produce an
* authentication code half the length of the block size of the cipher, with
* the CFB mode set to 8 bits.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
*/
public CfbBlockCipherMac(
IBlockCipher cipher)
: this(cipher, 8, (cipher.GetBlockSize() * 8) / 2, null)
{
}
/**
* create a standard MAC based on a CFB block cipher. This will produce an
* authentication code half the length of the block size of the cipher, with
* the CFB mode set to 8 bits.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param padding the padding to be used.
*/
public CfbBlockCipherMac(
IBlockCipher cipher,
IBlockCipherPadding padding)
: this(cipher, 8, (cipher.GetBlockSize() * 8) / 2, padding)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses CFB mode as the basis for the
* MAC generation.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param cfbBitSize the size of an output block produced by the CFB mode.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
*/
public CfbBlockCipherMac(
IBlockCipher cipher,
int cfbBitSize,
int macSizeInBits)
: this(cipher, cfbBitSize, macSizeInBits, null)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses CFB mode as the basis for the
* MAC generation.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param cfbBitSize the size of an output block produced by the CFB mode.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
* @param padding a padding to be used.
*/
public CfbBlockCipherMac(
IBlockCipher cipher,
int cfbBitSize,
int macSizeInBits,
IBlockCipherPadding padding)
{
if ((macSizeInBits % 8) != 0)
throw new ArgumentException("MAC size must be multiple of 8");
mac = new byte[cipher.GetBlockSize()];
this.cipher = new MacCFBBlockCipher(cipher, cfbBitSize);
this.padding = padding;
this.macSize = macSizeInBits / 8;
Buffer = new byte[this.cipher.GetBlockSize()];
bufOff = 0;
}
public string AlgorithmName
{
get { return cipher.AlgorithmName; }
}
public void Init(
ICipherParameters parameters)
{
Reset();
cipher.Init(true, parameters);
}
public int GetMacSize()
{
return macSize;
}
public void Update(
byte input)
{
if (bufOff == Buffer.Length)
{
cipher.ProcessBlock(Buffer, 0, mac, 0);
bufOff = 0;
}
Buffer[bufOff++] = input;
}
public void BlockUpdate(
byte[] input,
int inOff,
int len)
{
if (len < 0)
throw new ArgumentException("Can't have a negative input length!");
int blockSize = cipher.GetBlockSize();
int resultLen = 0;
int gapLen = blockSize - bufOff;
if (len > gapLen)
{
Array.Copy(input, inOff, Buffer, bufOff, gapLen);
resultLen += cipher.ProcessBlock(Buffer, 0, mac, 0);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > blockSize)
{
resultLen += cipher.ProcessBlock(input, inOff, mac, 0);
len -= blockSize;
inOff += blockSize;
}
}
Array.Copy(input, inOff, Buffer, bufOff, len);
bufOff += len;
}
public int DoFinal(
byte[] output,
int outOff)
{
int blockSize = cipher.GetBlockSize();
// pad with zeroes
if (this.padding == null)
{
while (bufOff < blockSize)
{
Buffer[bufOff++] = 0;
}
}
else
{
padding.AddPadding(Buffer, bufOff);
}
cipher.ProcessBlock(Buffer, 0, mac, 0);
cipher.GetMacBlock(mac);
Array.Copy(mac, 0, output, outOff, macSize);
Reset();
return macSize;
}
/**
* Reset the mac generator.
*/
public void Reset()
{
// Clear the buffer.
Array.Clear(Buffer, 0, Buffer.Length);
bufOff = 0;
// Reset the underlying cipher.
cipher.Reset();
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/CfbBlockCipherMac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 01dd88803ea6c4039985ad2b73d39679
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

301
Assets/BestHTTP/SecureProtocol/crypto/macs/GOST28147Mac.cs Normal file
View File

@@ -0,0 +1,301 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* implementation of GOST 28147-89 MAC
*/
public class Gost28147Mac : IMac
{
private const int blockSize = 8;
private const int macSize = 4;
private int bufOff;
private byte[] buf;
private byte[] mac;
private bool firstStep = true;
private int[] workingKey;
//
// This is default S-box - E_A.
private byte[] S =
{
0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5,
0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1,
0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9,
0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6,
0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6,
0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6,
0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE,
0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4
};
public Gost28147Mac()
{
mac = new byte[blockSize];
buf = new byte[blockSize];
bufOff = 0;
}
private static int[] generateWorkingKey(
byte[] userKey)
{
if (userKey.Length != 32)
throw new ArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!");
int[] key = new int[8];
for(int i=0; i!=8; i++)
{
key[i] = bytesToint(userKey,i*4);
}
return key;
}
public void Init(
ICipherParameters parameters)
{
Reset();
buf = new byte[blockSize];
if (parameters is ParametersWithSBox)
{
ParametersWithSBox param = (ParametersWithSBox)parameters;
//
// Set the S-Box
//
param.GetSBox().CopyTo(this.S, 0);
//
// set key if there is one
//
if (param.Parameters != null)
{
workingKey = generateWorkingKey(((KeyParameter)param.Parameters).GetKey());
}
}
else if (parameters is KeyParameter)
{
workingKey = generateWorkingKey(((KeyParameter)parameters).GetKey());
}
else
{
throw new ArgumentException("invalid parameter passed to Gost28147 init - "
+ Platform.GetTypeName(parameters));
}
}
public string AlgorithmName
{
get { return "Gost28147Mac"; }
}
public int GetMacSize()
{
return macSize;
}
private int gost28147_mainStep(int n1, int key)
{
int cm = (key + n1); // CM1
// S-box replacing
int om = S[ 0 + ((cm >> (0 * 4)) & 0xF)] << (0 * 4);
om += S[ 16 + ((cm >> (1 * 4)) & 0xF)] << (1 * 4);
om += S[ 32 + ((cm >> (2 * 4)) & 0xF)] << (2 * 4);
om += S[ 48 + ((cm >> (3 * 4)) & 0xF)] << (3 * 4);
om += S[ 64 + ((cm >> (4 * 4)) & 0xF)] << (4 * 4);
om += S[ 80 + ((cm >> (5 * 4)) & 0xF)] << (5 * 4);
om += S[ 96 + ((cm >> (6 * 4)) & 0xF)] << (6 * 4);
om += S[112 + ((cm >> (7 * 4)) & 0xF)] << (7 * 4);
// return om << 11 | om >>> (32-11); // 11-leftshift
int omLeft = om << 11;
int omRight = (int)(((uint) om) >> (32 - 11)); // Note: Casts required to get unsigned bit rotation
return omLeft | omRight;
}
private void gost28147MacFunc(
int[] workingKey,
byte[] input,
int inOff,
byte[] output,
int outOff)
{
int N1, N2, tmp; //tmp -> for saving N1
N1 = bytesToint(input, inOff);
N2 = bytesToint(input, inOff + 4);
for (int k = 0; k < 2; k++) // 1-16 steps
{
for (int j = 0; j < 8; j++)
{
tmp = N1;
N1 = N2 ^ gost28147_mainStep(N1, workingKey[j]); // CM2
N2 = tmp;
}
}
intTobytes(N1, output, outOff);
intTobytes(N2, output, outOff + 4);
}
//array of bytes to type int
private static int bytesToint(
byte[] input,
int inOff)
{
return (int)((input[inOff + 3] << 24) & 0xff000000) + ((input[inOff + 2] << 16) & 0xff0000)
+ ((input[inOff + 1] << 8) & 0xff00) + (input[inOff] & 0xff);
}
//int to array of bytes
private static void intTobytes(
int num,
byte[] output,
int outOff)
{
output[outOff + 3] = (byte)(num >> 24);
output[outOff + 2] = (byte)(num >> 16);
output[outOff + 1] = (byte)(num >> 8);
output[outOff] = (byte)num;
}
private static byte[] CM5func(
byte[] buf,
int bufOff,
byte[] mac)
{
byte[] sum = new byte[buf.Length - bufOff];
Array.Copy(buf, bufOff, sum, 0, mac.Length);
for (int i = 0; i != mac.Length; i++)
{
sum[i] = (byte)(sum[i] ^ mac[i]);
}
return sum;
}
public void Update(
byte input)
{
if (bufOff == buf.Length)
{
byte[] sumbuf = new byte[buf.Length];
Array.Copy(buf, 0, sumbuf, 0, mac.Length);
if (firstStep)
{
firstStep = false;
}
else
{
sumbuf = CM5func(buf, 0, mac);
}
gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
bufOff = 0;
}
buf[bufOff++] = input;
}
public void BlockUpdate(
byte[] input,
int inOff,
int len)
{
if (len < 0)
throw new ArgumentException("Can't have a negative input length!");
int gapLen = blockSize - bufOff;
if (len > gapLen)
{
Array.Copy(input, inOff, buf, bufOff, gapLen);
byte[] sumbuf = new byte[buf.Length];
Array.Copy(buf, 0, sumbuf, 0, mac.Length);
if (firstStep)
{
firstStep = false;
}
else
{
sumbuf = CM5func(buf, 0, mac);
}
gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > blockSize)
{
sumbuf = CM5func(input, inOff, mac);
gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
len -= blockSize;
inOff += blockSize;
}
}
Array.Copy(input, inOff, buf, bufOff, len);
bufOff += len;
}
public int DoFinal(
byte[] output,
int outOff)
{
//padding with zero
while (bufOff < blockSize)
{
buf[bufOff++] = 0;
}
byte[] sumbuf = new byte[buf.Length];
Array.Copy(buf, 0, sumbuf, 0, mac.Length);
if (firstStep)
{
firstStep = false;
}
else
{
sumbuf = CM5func(buf, 0, mac);
}
gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
Array.Copy(mac, (mac.Length/2)-macSize, output, outOff, macSize);
Reset();
return macSize;
}
public void Reset()
{
// Clear the buffer.
Array.Clear(buf, 0, buf.Length);
bufOff = 0;
firstStep = true;
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/GOST28147Mac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: e223e484fb30047a4886ba2333e6d982
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

158
Assets/BestHTTP/SecureProtocol/crypto/macs/HMac.cs Normal file
View File

@@ -0,0 +1,158 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using System.Collections;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* HMAC implementation based on RFC2104
*
* H(K XOR opad, H(K XOR ipad, text))
*/
public class HMac
: IMac
{
private const byte IPAD = (byte)0x36;
private const byte OPAD = (byte)0x5C;
private readonly IDigest digest;
private readonly int digestSize;
private readonly int blockLength;
private IMemoable ipadState;
private IMemoable opadState;
private readonly byte[] inputPad;
private readonly byte[] outputBuf;
public HMac(IDigest digest)
{
this.digest = digest;
this.digestSize = digest.GetDigestSize();
this.blockLength = digest.GetByteLength();
this.inputPad = new byte[blockLength];
this.outputBuf = new byte[blockLength + digestSize];
}
public virtual string AlgorithmName
{
get { return digest.AlgorithmName + "/HMAC"; }
}
public virtual IDigest GetUnderlyingDigest()
{
return digest;
}
public virtual void Init(ICipherParameters parameters)
{
digest.Reset();
byte[] key = ((KeyParameter)parameters).GetKey();
int keyLength = key.Length;
if (keyLength > blockLength)
{
digest.BlockUpdate(key, 0, keyLength);
digest.DoFinal(inputPad, 0);
keyLength = digestSize;
}
else
{
Array.Copy(key, 0, inputPad, 0, keyLength);
}
Array.Clear(inputPad, keyLength, blockLength - keyLength);
Array.Copy(inputPad, 0, outputBuf, 0, blockLength);
XorPad(inputPad, blockLength, IPAD);
XorPad(outputBuf, blockLength, OPAD);
if (digest is IMemoable)
{
opadState = ((IMemoable)digest).Copy();
((IDigest)opadState).BlockUpdate(outputBuf, 0, blockLength);
}
digest.BlockUpdate(inputPad, 0, inputPad.Length);
if (digest is IMemoable)
{
ipadState = ((IMemoable)digest).Copy();
}
}
public virtual int GetMacSize()
{
return digestSize;
}
public virtual void Update(byte input)
{
digest.Update(input);
}
public virtual void BlockUpdate(byte[] input, int inOff, int len)
{
digest.BlockUpdate(input, inOff, len);
}
public virtual int DoFinal(byte[] output, int outOff)
{
digest.DoFinal(outputBuf, blockLength);
if (opadState != null)
{
((IMemoable)digest).Reset(opadState);
digest.BlockUpdate(outputBuf, blockLength, digest.GetDigestSize());
}
else
{
digest.BlockUpdate(outputBuf, 0, outputBuf.Length);
}
int len = digest.DoFinal(output, outOff);
Array.Clear(outputBuf, blockLength, digestSize);
if (ipadState != null)
{
((IMemoable)digest).Reset(ipadState);
}
else
{
digest.BlockUpdate(inputPad, 0, inputPad.Length);
}
return len;
}
/**
* Reset the mac generator.
*/
public virtual void Reset()
{
// Reset underlying digest
digest.Reset();
// Initialise the digest
digest.BlockUpdate(inputPad, 0, inputPad.Length);
}
private static void XorPad(byte[] pad, int len, byte n)
{
for (int i = 0; i < len; ++i)
{
pad[i] ^= n;
}
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/HMac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 06aa2fe23f38c488abe74bf86e2075df
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

279
Assets/BestHTTP/SecureProtocol/crypto/macs/ISO9797Alg3Mac.cs Normal file
View File

@@ -0,0 +1,279 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Crypto.Macs
{
/**
* DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
*
* This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
* class must be changed to protected
*/
public class ISO9797Alg3Mac : IMac
{
private byte[] mac;
private byte[] buf;
private int bufOff;
private IBlockCipher cipher;
private IBlockCipherPadding padding;
private int macSize;
private KeyParameter lastKey2;
private KeyParameter lastKey3;
/**
* create a Retail-MAC based on a CBC block cipher. This will produce an
* authentication code of the length of the block size of the cipher.
*
* @param cipher the cipher to be used as the basis of the MAC generation. This must
* be DESEngine.
*/
public ISO9797Alg3Mac(
IBlockCipher cipher)
: this(cipher, cipher.GetBlockSize() * 8, null)
{
}
/**
* create a Retail-MAC based on a CBC block cipher. This will produce an
* authentication code of the length of the block size of the cipher.
*
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param padding the padding to be used to complete the last block.
*/
public ISO9797Alg3Mac(
IBlockCipher cipher,
IBlockCipherPadding padding)
: this(cipher, cipher.GetBlockSize() * 8, padding)
{
}
/**
* create a Retail-MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
* MAC generation.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
*/
public ISO9797Alg3Mac(
IBlockCipher cipher,
int macSizeInBits)
: this(cipher, macSizeInBits, null)
{
}
/**
* create a standard MAC based on a block cipher with the size of the
* MAC been given in bits. This class uses single DES CBC mode as the basis for the
* MAC generation. The final block is decrypted and then encrypted using the
* middle and right part of the key.
* <p>
* Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
* or 16 bits if being used as a data authenticator (FIPS Publication 113),
* and in general should be less than the size of the block cipher as it reduces
* the chance of an exhaustive attack (see Handbook of Applied Cryptography).
* </p>
* @param cipher the cipher to be used as the basis of the MAC generation.
* @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
* @param padding the padding to be used to complete the last block.
*/
public ISO9797Alg3Mac(
IBlockCipher cipher,
int macSizeInBits,
IBlockCipherPadding padding)
{
if ((macSizeInBits % 8) != 0)
throw new ArgumentException("MAC size must be multiple of 8");
if (!(cipher is DesEngine))
throw new ArgumentException("cipher must be instance of DesEngine");
this.cipher = new CbcBlockCipher(cipher);
this.padding = padding;
this.macSize = macSizeInBits / 8;
mac = new byte[cipher.GetBlockSize()];
buf = new byte[cipher.GetBlockSize()];
bufOff = 0;
}
public string AlgorithmName
{
get { return "ISO9797Alg3"; }
}
public void Init(
ICipherParameters parameters)
{
Reset();
if (!(parameters is KeyParameter || parameters is ParametersWithIV))
throw new ArgumentException("parameters must be an instance of KeyParameter or ParametersWithIV");
// KeyParameter must contain a double or triple length DES key,
// however the underlying cipher is a single DES. The middle and
// right key are used only in the final step.
KeyParameter kp;
if (parameters is KeyParameter)
{
kp = (KeyParameter)parameters;
}
else
{
kp = (KeyParameter)((ParametersWithIV)parameters).Parameters;
}
KeyParameter key1;
byte[] keyvalue = kp.GetKey();
if (keyvalue.Length == 16)
{ // Double length DES key
key1 = new KeyParameter(keyvalue, 0, 8);
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
this.lastKey3 = key1;
}
else if (keyvalue.Length == 24)
{ // Triple length DES key
key1 = new KeyParameter(keyvalue, 0, 8);
this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
this.lastKey3 = new KeyParameter(keyvalue, 16, 8);
}
else
{
throw new ArgumentException("Key must be either 112 or 168 bit long");
}
if (parameters is ParametersWithIV)
{
cipher.Init(true, new ParametersWithIV(key1, ((ParametersWithIV)parameters).GetIV()));
}
else
{
cipher.Init(true, key1);
}
}
public int GetMacSize()
{
return macSize;
}
public void Update(
byte input)
{
if (bufOff == buf.Length)
{
cipher.ProcessBlock(buf, 0, mac, 0);
bufOff = 0;
}
buf[bufOff++] = input;
}
public void BlockUpdate(
byte[] input,
int inOff,
int len)
{
if (len < 0)
throw new ArgumentException("Can't have a negative input length!");
int blockSize = cipher.GetBlockSize();
int resultLen = 0;
int gapLen = blockSize - bufOff;
if (len > gapLen)
{
Array.Copy(input, inOff, buf, bufOff, gapLen);
resultLen += cipher.ProcessBlock(buf, 0, mac, 0);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > blockSize)
{
resultLen += cipher.ProcessBlock(input, inOff, mac, 0);
len -= blockSize;
inOff += blockSize;
}
}
Array.Copy(input, inOff, buf, bufOff, len);
bufOff += len;
}
public int DoFinal(
byte[] output,
int outOff)
{
int blockSize = cipher.GetBlockSize();
if (padding == null)
{
// pad with zeroes
while (bufOff < blockSize)
{
buf[bufOff++] = 0;
}
}
else
{
if (bufOff == blockSize)
{
cipher.ProcessBlock(buf, 0, mac, 0);
bufOff = 0;
}
padding.AddPadding(buf, bufOff);
}
cipher.ProcessBlock(buf, 0, mac, 0);
// Added to code from base class
DesEngine deseng = new DesEngine();
deseng.Init(false, this.lastKey2);
deseng.ProcessBlock(mac, 0, mac, 0);
deseng.Init(true, this.lastKey3);
deseng.ProcessBlock(mac, 0, mac, 0);
// ****
Array.Copy(mac, 0, output, outOff, macSize);
Reset();
return macSize;
}
/**
* Reset the mac generator.
*/
public void Reset()
{
Array.Clear(buf, 0, buf.Length);
bufOff = 0;
// reset the underlying cipher.
cipher.Reset();
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/ISO9797Alg3Mac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: ce6f6870d71e74a868806c9c24124835
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

299
Assets/BestHTTP/SecureProtocol/crypto/macs/Poly1305.cs Normal file
View File

@@ -0,0 +1,299 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Utilities;
namespace Org.BouncyCastle.Crypto.Macs
{
/// <summary>
/// Poly1305 message authentication code, designed by D. J. Bernstein.
/// </summary>
/// <remarks>
/// Poly1305 computes a 128-bit (16 bytes) authenticator, using a 128 bit nonce and a 256 bit key
/// consisting of a 128 bit key applied to an underlying cipher, and a 128 bit key (with 106
/// effective key bits) used in the authenticator.
///
/// The polynomial calculation in this implementation is adapted from the public domain <a
/// href="https://github.com/floodyberry/poly1305-donna">poly1305-donna-unrolled</a> C implementation
/// by Andrew M (@floodyberry).
/// </remarks>
/// <seealso cref="Org.BouncyCastle.Crypto.Generators.Poly1305KeyGenerator"/>
public class Poly1305
: IMac
{
private const int BlockSize = 16;
private readonly IBlockCipher cipher;
private readonly byte[] singleByte = new byte[1];
// Initialised state
/** Polynomial key */
private uint r0, r1, r2, r3, r4;
/** Precomputed 5 * r[1..4] */
private uint s1, s2, s3, s4;
/** Encrypted nonce */
private uint k0, k1, k2, k3;
// Accumulating state
/** Current block of buffered input */
private byte[] currentBlock = new byte[BlockSize];
/** Current offset in input buffer */
private int currentBlockOffset = 0;
/** Polynomial accumulator */
private uint h0, h1, h2, h3, h4;
/**
* Constructs a Poly1305 MAC, where the key passed to init() will be used directly.
*/
public Poly1305()
{
this.cipher = null;
}
/**
* Constructs a Poly1305 MAC, using a 128 bit block cipher.
*/
public Poly1305(IBlockCipher cipher)
{
if (cipher.GetBlockSize() != BlockSize)
{
throw new ArgumentException("Poly1305 requires a 128 bit block cipher.");
}
this.cipher = cipher;
}
/// <summary>
/// Initialises the Poly1305 MAC.
/// </summary>
/// <param name="parameters">a {@link ParametersWithIV} containing a 128 bit nonce and a {@link KeyParameter} with
/// a 256 bit key complying to the {@link Poly1305KeyGenerator Poly1305 key format}.</param>
public void Init(ICipherParameters parameters)
{
byte[] nonce = null;
if (cipher != null)
{
if (!(parameters is ParametersWithIV))
throw new ArgumentException("Poly1305 requires an IV when used with a block cipher.", "parameters");
ParametersWithIV ivParams = (ParametersWithIV)parameters;
nonce = ivParams.GetIV();
parameters = ivParams.Parameters;
}
if (!(parameters is KeyParameter))
throw new ArgumentException("Poly1305 requires a key.");
KeyParameter keyParams = (KeyParameter)parameters;
SetKey(keyParams.GetKey(), nonce);
Reset();
}
private void SetKey(byte[] key, byte[] nonce)
{
if (key.Length != 32)
throw new ArgumentException("Poly1305 key must be 256 bits.");
if (cipher != null && (nonce == null || nonce.Length != BlockSize))
throw new ArgumentException("Poly1305 requires a 128 bit IV.");
// Extract r portion of key (and "clamp" the values)
uint t0 = Pack.LE_To_UInt32(key, 0);
uint t1 = Pack.LE_To_UInt32(key, 4);
uint t2 = Pack.LE_To_UInt32(key, 8);
uint t3 = Pack.LE_To_UInt32(key, 12);
// NOTE: The masks perform the key "clamping" implicitly
r0 = t0 & 0x03FFFFFFU;
r1 = ((t0 >> 26) | (t1 << 6)) & 0x03FFFF03U;
r2 = ((t1 >> 20) | (t2 << 12)) & 0x03FFC0FFU;
r3 = ((t2 >> 14) | (t3 << 18)) & 0x03F03FFFU;
r4 = (t3 >> 8) & 0x000FFFFFU;
// Precompute multipliers
s1 = r1 * 5;
s2 = r2 * 5;
s3 = r3 * 5;
s4 = r4 * 5;
byte[] kBytes;
int kOff;
if (cipher == null)
{
kBytes = key;
kOff = BlockSize;
}
else
{
// Compute encrypted nonce
kBytes = new byte[BlockSize];
kOff = 0;
cipher.Init(true, new KeyParameter(key, BlockSize, BlockSize));
cipher.ProcessBlock(nonce, 0, kBytes, 0);
}
k0 = Pack.LE_To_UInt32(kBytes, kOff + 0);
k1 = Pack.LE_To_UInt32(kBytes, kOff + 4);
k2 = Pack.LE_To_UInt32(kBytes, kOff + 8);
k3 = Pack.LE_To_UInt32(kBytes, kOff + 12);
}
public string AlgorithmName
{
get { return cipher == null ? "Poly1305" : "Poly1305-" + cipher.AlgorithmName; }
}
public int GetMacSize()
{
return BlockSize;
}
public void Update(byte input)
{
singleByte[0] = input;
BlockUpdate(singleByte, 0, 1);
}
public void BlockUpdate(byte[] input, int inOff, int len)
{
int copied = 0;
while (len > copied)
{
if (currentBlockOffset == BlockSize)
{
ProcessBlock();
currentBlockOffset = 0;
}
int toCopy = System.Math.Min((len - copied), BlockSize - currentBlockOffset);
Array.Copy(input, copied + inOff, currentBlock, currentBlockOffset, toCopy);
copied += toCopy;
currentBlockOffset += toCopy;
}
}
private void ProcessBlock()
{
if (currentBlockOffset < BlockSize)
{
currentBlock[currentBlockOffset] = 1;
for (int i = currentBlockOffset + 1; i < BlockSize; i++)
{
currentBlock[i] = 0;
}
}
ulong t0 = Pack.LE_To_UInt32(currentBlock, 0);
ulong t1 = Pack.LE_To_UInt32(currentBlock, 4);
ulong t2 = Pack.LE_To_UInt32(currentBlock, 8);
ulong t3 = Pack.LE_To_UInt32(currentBlock, 12);
h0 += (uint)(t0 & 0x3ffffffU);
h1 += (uint)((((t1 << 32) | t0) >> 26) & 0x3ffffff);
h2 += (uint)((((t2 << 32) | t1) >> 20) & 0x3ffffff);
h3 += (uint)((((t3 << 32) | t2) >> 14) & 0x3ffffff);
h4 += (uint)(t3 >> 8);
if (currentBlockOffset == BlockSize)
{
h4 += (1 << 24);
}
ulong tp0 = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1);
ulong tp1 = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2);
ulong tp2 = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3);
ulong tp3 = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4);
ulong tp4 = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0);
ulong b;
h0 = (uint)tp0 & 0x3ffffff; b = (tp0 >> 26);
tp1 += b; h1 = (uint)tp1 & 0x3ffffff; b = (tp1 >> 26);
tp2 += b; h2 = (uint)tp2 & 0x3ffffff; b = (tp2 >> 26);
tp3 += b; h3 = (uint)tp3 & 0x3ffffff; b = (tp3 >> 26);
tp4 += b; h4 = (uint)tp4 & 0x3ffffff; b = (tp4 >> 26);
h0 += (uint)(b * 5);
}
public int DoFinal(byte[] output, int outOff)
{
Check.DataLength(output, outOff, BlockSize, "Output buffer is too short.");
if (currentBlockOffset > 0)
{
// Process padded block
ProcessBlock();
}
ulong f0, f1, f2, f3;
uint b = h0 >> 26;
h0 = h0 & 0x3ffffff;
h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff;
h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff;
h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff;
h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff;
h0 += b * 5;
uint g0, g1, g2, g3, g4;
g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff;
g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff;
g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff;
g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff;
g4 = h4 + b - (1 << 26);
b = (g4 >> 31) - 1;
uint nb = ~b;
h0 = (h0 & nb) | (g0 & b);
h1 = (h1 & nb) | (g1 & b);
h2 = (h2 & nb) | (g2 & b);
h3 = (h3 & nb) | (g3 & b);
h4 = (h4 & nb) | (g4 & b);
f0 = ((h0 ) | (h1 << 26)) + (ulong)k0;
f1 = ((h1 >> 6 ) | (h2 << 20)) + (ulong)k1;
f2 = ((h2 >> 12) | (h3 << 14)) + (ulong)k2;
f3 = ((h3 >> 18) | (h4 << 8 )) + (ulong)k3;
Pack.UInt32_To_LE((uint)f0, output, outOff);
f1 += (f0 >> 32);
Pack.UInt32_To_LE((uint)f1, output, outOff + 4);
f2 += (f1 >> 32);
Pack.UInt32_To_LE((uint)f2, output, outOff + 8);
f3 += (f2 >> 32);
Pack.UInt32_To_LE((uint)f3, output, outOff + 12);
Reset();
return BlockSize;
}
public void Reset()
{
currentBlockOffset = 0;
h0 = h1 = h2 = h3 = h4 = 0;
}
private static ulong mul32x32_64(uint i1, uint i2)
{
return ((ulong)i1) * i2;
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/Poly1305.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: b26ffb61ade2043f683f610ed40ad5f6
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

203
Assets/BestHTTP/SecureProtocol/crypto/macs/SipHash.cs Normal file
View File

@@ -0,0 +1,203 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Utilities;
namespace Org.BouncyCastle.Crypto.Macs
{
/// <summary>
/// Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe
/// Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf).
/// </summary>
/// <remarks>
/// "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of
/// compression rounds and the number of finalization rounds. A compression round is identical to a
/// finalization round and this round function is called SipRound. Given a 128-bit key k and a
/// (possibly empty) byte string m, SipHash-c-d returns a 64-bit value..."
/// </remarks>
public class SipHash
: IMac
{
protected readonly int c, d;
protected long k0, k1;
protected long v0, v1, v2, v3;
protected long m = 0;
protected int wordPos = 0;
protected int wordCount = 0;
/// <summary>SipHash-2-4</summary>
public SipHash()
: this(2, 4)
{
}
/// <summary>SipHash-c-d</summary>
/// <param name="c">the number of compression rounds</param>
/// <param name="d">the number of finalization rounds</param>
public SipHash(int c, int d)
{
this.c = c;
this.d = d;
}
public virtual string AlgorithmName
{
get { return "SipHash-" + c + "-" + d; }
}
public virtual int GetMacSize()
{
return 8;
}
public virtual void Init(ICipherParameters parameters)
{
KeyParameter keyParameter = parameters as KeyParameter;
if (keyParameter == null)
throw new ArgumentException("must be an instance of KeyParameter", "parameters");
byte[] key = keyParameter.GetKey();
if (key.Length != 16)
throw new ArgumentException("must be a 128-bit key", "parameters");
this.k0 = (long)Pack.LE_To_UInt64(key, 0);
this.k1 = (long)Pack.LE_To_UInt64(key, 8);
Reset();
}
public virtual void Update(byte input)
{
m = (long)(((ulong)m >> 8) | ((ulong)input << 56));
if (++wordPos == 8)
{
ProcessMessageWord();
wordPos = 0;
}
}
public virtual void BlockUpdate(byte[] input, int offset, int length)
{
int i = 0, fullWords = length & ~7;
if (wordPos == 0)
{
for (; i < fullWords; i += 8)
{
m = (long)Pack.LE_To_UInt64(input, offset + i);
ProcessMessageWord();
}
for (; i < length; ++i)
{
m = (long)(((ulong)m >> 8) | ((ulong)input[offset + i] << 56));
}
wordPos = length - fullWords;
}
else
{
int bits = wordPos << 3;
for (; i < fullWords; i += 8)
{
ulong n = Pack.LE_To_UInt64(input, offset + i);
m = (long)((n << bits) | ((ulong)m >> -bits));
ProcessMessageWord();
m = (long)n;
}
for (; i < length; ++i)
{
m = (long)(((ulong)m >> 8) | ((ulong)input[offset + i] << 56));
if (++wordPos == 8)
{
ProcessMessageWord();
wordPos = 0;
}
}
}
}
public virtual long DoFinal()
{
// NOTE: 2 distinct shifts to avoid "64-bit shift" when wordPos == 0
m = (long)((ulong)m >> ((7 - wordPos) << 3));
m = (long)((ulong)m >> 8);
m = (long)((ulong)m | ((ulong)((wordCount << 3) + wordPos) << 56));
ProcessMessageWord();
v2 ^= 0xffL;
ApplySipRounds(d);
long result = v0 ^ v1 ^ v2 ^ v3;
Reset();
return result;
}
public virtual int DoFinal(byte[] output, int outOff)
{
long result = DoFinal();
Pack.UInt64_To_LE((ulong)result, output, outOff);
return 8;
}
public virtual void Reset()
{
v0 = k0 ^ 0x736f6d6570736575L;
v1 = k1 ^ 0x646f72616e646f6dL;
v2 = k0 ^ 0x6c7967656e657261L;
v3 = k1 ^ 0x7465646279746573L;
m = 0;
wordPos = 0;
wordCount = 0;
}
protected virtual void ProcessMessageWord()
{
++wordCount;
v3 ^= m;
ApplySipRounds(c);
v0 ^= m;
}
protected virtual void ApplySipRounds(int n)
{
long r0 = v0, r1 = v1, r2 = v2, r3 = v3;
for (int r = 0; r < n; ++r)
{
r0 += r1;
r2 += r3;
r1 = RotateLeft(r1, 13);
r3 = RotateLeft(r3, 16);
r1 ^= r0;
r3 ^= r2;
r0 = RotateLeft(r0, 32);
r2 += r1;
r0 += r3;
r1 = RotateLeft(r1, 17);
r3 = RotateLeft(r3, 21);
r1 ^= r2;
r3 ^= r0;
r2 = RotateLeft(r2, 32);
}
v0 = r0; v1 = r1; v2 = r2; v3 = r3;
}
protected static long RotateLeft(long x, int n)
{
ulong ux = (ulong)x;
ux = (ux << n) | (ux >> -n);
return (long)ux;
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/SipHash.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 3d460592c2e744626ad4c5452f73ddb6
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

177
Assets/BestHTTP/SecureProtocol/crypto/macs/VMPCMac.cs Normal file
View File

@@ -0,0 +1,177 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
using System;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Crypto.Macs
{
public class VmpcMac
: IMac
{
private byte g;
private byte n = 0;
private byte[] P = null;
private byte s = 0;
private byte[] T;
private byte[] workingIV;
private byte[] workingKey;
private byte x1, x2, x3, x4;
public virtual int DoFinal(byte[] output, int outOff)
{
// Execute the Post-Processing Phase
for (int r = 1; r < 25; r++)
{
s = P[(s + P[n & 0xff]) & 0xff];
x4 = P[(x4 + x3 + r) & 0xff];
x3 = P[(x3 + x2 + r) & 0xff];
x2 = P[(x2 + x1 + r) & 0xff];
x1 = P[(x1 + s + r) & 0xff];
T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
g = (byte) ((g + 4) & 0x1f);
byte temp = P[n & 0xff];
P[n & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
n = (byte) ((n + 1) & 0xff);
}
// Input T to the IV-phase of the VMPC KSA
for (int m = 0; m < 768; m++)
{
s = P[(s + P[m & 0xff] + T[m & 0x1f]) & 0xff];
byte temp = P[m & 0xff];
P[m & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
}
// Store 20 new outputs of the VMPC Stream Cipher input table M
byte[] M = new byte[20];
for (int i = 0; i < 20; i++)
{
s = P[(s + P[i & 0xff]) & 0xff];
M[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
byte temp = P[i & 0xff];
P[i & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
}
Array.Copy(M, 0, output, outOff, M.Length);
Reset();
return M.Length;
}
public virtual string AlgorithmName
{
get { return "VMPC-MAC"; }
}
public virtual int GetMacSize()
{
return 20;
}
public virtual void Init(ICipherParameters parameters)
{
if (!(parameters is ParametersWithIV))
throw new ArgumentException("VMPC-MAC Init parameters must include an IV", "parameters");
ParametersWithIV ivParams = (ParametersWithIV) parameters;
KeyParameter key = (KeyParameter) ivParams.Parameters;
if (!(ivParams.Parameters is KeyParameter))
throw new ArgumentException("VMPC-MAC Init parameters must include a key", "parameters");
this.workingIV = ivParams.GetIV();
if (workingIV == null || workingIV.Length < 1 || workingIV.Length > 768)
throw new ArgumentException("VMPC-MAC requires 1 to 768 bytes of IV", "parameters");
this.workingKey = key.GetKey();
Reset();
}
private void initKey(byte[] keyBytes, byte[] ivBytes)
{
s = 0;
P = new byte[256];
for (int i = 0; i < 256; i++)
{
P[i] = (byte) i;
}
for (int m = 0; m < 768; m++)
{
s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.Length]) & 0xff];
byte temp = P[m & 0xff];
P[m & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
}
for (int m = 0; m < 768; m++)
{
s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.Length]) & 0xff];
byte temp = P[m & 0xff];
P[m & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
}
n = 0;
}
public virtual void Reset()
{
initKey(this.workingKey, this.workingIV);
g = x1 = x2 = x3 = x4 = n = 0;
T = new byte[32];
for (int i = 0; i < 32; i++)
{
T[i] = 0;
}
}
public virtual void Update(byte input)
{
s = P[(s + P[n & 0xff]) & 0xff];
byte c = (byte) (input ^ P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff]);
x4 = P[(x4 + x3) & 0xff];
x3 = P[(x3 + x2) & 0xff];
x2 = P[(x2 + x1) & 0xff];
x1 = P[(x1 + s + c) & 0xff];
T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
g = (byte) ((g + 4) & 0x1f);
byte temp = P[n & 0xff];
P[n & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
n = (byte) ((n + 1) & 0xff);
}
public virtual void BlockUpdate(byte[] input, int inOff, int len)
{
if ((inOff + len) > input.Length)
throw new DataLengthException("input buffer too short");
for (int i = 0; i < len; i++)
{
Update(input[inOff + i]);
}
}
}
}
#endif

11
Assets/BestHTTP/SecureProtocol/crypto/macs/VMPCMac.cs.meta Normal file
View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 75ae7a5006f1a4dccaab1ee13d19081e
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant: