YDL
/
HK_LongZhiMeng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
上海虹口龙之梦项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
2 Branches
0 Tags
418 MiB
Tree: edc492738b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'edc492738b'
${ noResults }
HK_LongZhiMeng/Assets/Plugins/Best HTTP/Source/SecureProtocol/crypto/fpe/SP80038G.cs

699 lines
21 KiB
Raw Normal View History Unescape

初始化
1 year ago
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Utilities;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Math;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Fpe
{
/*
* SP800-38G Format-Preserving Encryption
*
* TODOs
* - Initialize the cipher internally or externally?
* 1. Algs 7-10 don't appear to require forward vs. inverse transform, although sample data is forward.
* 2. Algs 9-10 specify reversal of the cipher key!
* - Separate construction/initialization stage for "prerequisites"
*/
internal class SP80038G
{
internal static readonly string FPE_DISABLED = "BestHTTP.SecureProtocol.Org.BouncyCastle.Fpe.Disable";
internal static readonly string FF1_DISABLED = "BestHTTP.SecureProtocol.Org.BouncyCastle.Fpe.Disable_Ff1";
protected static readonly int BLOCK_SIZE = 16;
protected static readonly double LOG2 = System.Math.Log(2.0);
protected static readonly double TWO_TO_96 = System.Math.Pow(2, 96);
public static byte[] DecryptFF1(IBlockCipher cipher, int radix, byte[] tweak, byte[] buf, int off, int len)
{
checkArgs(cipher, true, radix, buf, off, len);
// Algorithm 8
int n = len;
int u = n / 2, v = n - u;
ushort[] A = toShort(buf, off, u);
ushort[] B = toShort(buf, off + u, v);
ushort[] rv = decFF1(cipher, radix, tweak, n, u, v, A, B);
return toByte(rv);
}
public static ushort[] DecryptFF1w(IBlockCipher cipher, int radix, byte[] tweak, ushort[] buf, int off, int len)
{
checkArgs(cipher, true, radix, buf, off, len);
// Algorithm 8
int n = len;
int u = n / 2, v = n - u;
ushort[] A = new ushort[u];
ushort[] B = new ushort[v];
Array.Copy(buf, off, A, 0, u);
Array.Copy(buf, off + u, B, 0, v);
return decFF1(cipher, radix, tweak, n, u, v, A, B);
}
private static ushort[] decFF1(IBlockCipher cipher, int radix, byte[] T, int n, int u, int v, ushort[] A, ushort[] B)
{
int t = T.Length;
int b = ((int)Ceil(System.Math.Log((double)radix) * (double)v / LOG2) + 7) / 8;
int d = (((b + 3) / 4) * 4) + 4;
byte[] P = calculateP_FF1(radix, (byte)u, n, t);
BigInteger bigRadix = BigInteger.ValueOf(radix);
BigInteger[] modUV = calculateModUV(bigRadix, u, v);
int m = u;
for (int i = 9; i >= 0; --i)
{
// i. - iv.
BigInteger y = calculateY_FF1(cipher, bigRadix, T, b, d, i, P, A);
// v.
m = n - m;
BigInteger modulus = modUV[i & 1];
// vi.
BigInteger c = num(bigRadix, B).Subtract(y).Mod(modulus);
// vii. - ix.
ushort[] C = B;
B = A;
A = C;
str(bigRadix, c, m, C, 0);
}
return Arrays.Concatenate(A, B);
}
public static byte[] DecryptFF3(IBlockCipher cipher, int radix, byte[] tweak64, byte[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak64.Length != 8)
{
throw new ArgumentException();
}
return implDecryptFF3(cipher, radix, tweak64, buf, off, len);
}
public static byte[] DecryptFF3_1(IBlockCipher cipher, int radix, byte[] tweak56, byte[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak56.Length != 7)
{
throw new ArgumentException("tweak should be 56 bits");
}
byte[] tweak64 = calculateTweak64_FF3_1(tweak56);
return implDecryptFF3(cipher, radix, tweak64, buf, off, len);
}
public static ushort[] DecryptFF3_1w(IBlockCipher cipher, int radix, byte[] tweak56, ushort[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak56.Length != 7)
{
throw new ArgumentException("tweak should be 56 bits");
}
byte[] tweak64 = calculateTweak64_FF3_1(tweak56);
return implDecryptFF3w(cipher, radix, tweak64, buf, off, len);
}
public static byte[] EncryptFF1(IBlockCipher cipher, int radix, byte[] tweak, byte[] buf, int off, int len)
{
checkArgs(cipher, true, radix, buf, off, len);
// Algorithm 7
int n = len;
int u = n / 2, v = n - u;
ushort[] A = toShort(buf, off, u);
ushort[] B = toShort(buf, off + u, v);
return toByte(encFF1(cipher, radix, tweak, n, u, v, A, B));
}
public static ushort[] EncryptFF1w(IBlockCipher cipher, int radix, byte[] tweak, ushort[] buf, int off, int len)
{
checkArgs(cipher, true, radix, buf, off, len);
// Algorithm 7
int n = len;
int u = n / 2, v = n - u;
ushort[] A = new ushort[u];
ushort[] B = new ushort[v];
Array.Copy(buf, off, A, 0, u);
Array.Copy(buf, off + u, B, 0, v);
return encFF1(cipher, radix, tweak, n, u, v, A, B);
}
private static ushort[] encFF1(IBlockCipher cipher, int radix, byte[] T, int n, int u, int v, ushort[] A, ushort[] B)
{
int t = T.Length;
int b = ((int)Ceil(System.Math.Log((double)radix) * (double)v / LOG2) + 7) / 8;
int d = (((b + 3) / 4) * 4) + 4;
byte[] P = calculateP_FF1(radix, (byte)u, n, t);
BigInteger bigRadix = BigInteger.ValueOf(radix);
BigInteger[] modUV = calculateModUV(bigRadix, u, v);
int m = v;
for (int i = 0; i < 10; ++i)
{
// i. - iv.
BigInteger y = calculateY_FF1(cipher, bigRadix, T, b, d, i, P, B);
// v.
m = n - m;
BigInteger modulus = modUV[i & 1];
// vi.
BigInteger c = num(bigRadix, A).Add(y).Mod(modulus);
// vii. - ix.
ushort[] C = A;
A = B;
B = C;
str(bigRadix, c, m, C, 0);
}
return Arrays.Concatenate(A, B);
}
public static byte[] EncryptFF3(IBlockCipher cipher, int radix, byte[] tweak64, byte[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak64.Length != 8)
{
throw new ArgumentException();
}
return implEncryptFF3(cipher, radix, tweak64, buf, off, len);
}
public static ushort[] EncryptFF3w(IBlockCipher cipher, int radix, byte[] tweak64, ushort[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak64.Length != 8)
{
throw new ArgumentException();
}
return implEncryptFF3w(cipher, radix, tweak64, buf, off, len);
}
public static ushort[] EncryptFF3_1w(IBlockCipher cipher, int radix, byte[] tweak56, ushort[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak56.Length != 7)
{
throw new ArgumentException("tweak should be 56 bits");
}
byte[] tweak64 = calculateTweak64_FF3_1(tweak56);
return EncryptFF3w(cipher, radix, tweak64, buf, off, len);
}
public static byte[] EncryptFF3_1(IBlockCipher cipher, int radix, byte[] tweak56, byte[] buf, int off, int len)
{
checkArgs(cipher, false, radix, buf, off, len);
if (tweak56.Length != 7)
{
throw new ArgumentException("tweak should be 56 bits");
}
byte[] tweak64 = calculateTweak64_FF3_1(tweak56);
return EncryptFF3(cipher, radix, tweak64, buf, off, len);
}
protected static BigInteger[] calculateModUV(BigInteger bigRadix, int u, int v)
{
BigInteger[] modUV = new BigInteger[2];
modUV[0] = bigRadix.Pow(u);
modUV[1] = modUV[0];
if (v != u)
{
modUV[1] = modUV[1].Multiply(bigRadix);
}
return modUV;
}
protected static byte[] calculateP_FF1(int radix, byte uLow, int n, int t)
{
byte[] P = new byte[BLOCK_SIZE];
P[0] = 1;
P[1] = 2;
P[2] = 1;
// Radix
P[3] = 0;
P[4] = (byte)(radix >> 8);
P[5] = (byte)radix;
P[6] = 10;
P[7] = uLow;
Pack.UInt32_To_BE((uint)n, P, 8);
Pack.UInt32_To_BE((uint)t, P, 12);
return P;
}
protected static byte[] calculateTweak64_FF3_1(byte[] tweak56)
{
byte[] tweak64 = new byte[8];
tweak64[0] = tweak56[0];
tweak64[1] = tweak56[1];
tweak64[2] = tweak56[2];
tweak64[3] = (byte)(tweak56[3] & 0xF0);
tweak64[4] = tweak56[4];
tweak64[5] = tweak56[5];
tweak64[6] = tweak56[6];
tweak64[7] = (byte)(tweak56[3] << 4);
return tweak64;
}
protected static BigInteger calculateY_FF1(IBlockCipher cipher, BigInteger bigRadix, byte[] T, int b, int d, int round, byte[] P, ushort[] AB)
{
int t = T.Length;
// i.
BigInteger numAB = num(bigRadix, AB);
byte[] bytesAB = BigIntegers.AsUnsignedByteArray(numAB);
int zeroes = -(t + b + 1) & 15;
byte[] Q = new byte[t + zeroes + 1 + b];
Array.Copy(T, 0, Q, 0, t);
Q[t + zeroes] = (byte)round;
Array.Copy(bytesAB, 0, Q, Q.Length - bytesAB.Length, bytesAB.Length);
// ii.
byte[] R = prf(cipher, Arrays.Concatenate(P, Q));
// iii.
byte[] sBlocks = R;
if (d > BLOCK_SIZE)
{
int sBlocksLen = (d + BLOCK_SIZE - 1) / BLOCK_SIZE;
sBlocks = new byte[sBlocksLen * BLOCK_SIZE];
Array.Copy(R, 0, sBlocks, 0, BLOCK_SIZE);
byte[] uint32 = new byte[4];
for (uint j = 1; j < sBlocksLen; ++j)
{
int sOff = (int)(j * BLOCK_SIZE);
Array.Copy(R, 0, sBlocks, sOff, BLOCK_SIZE);
Pack.UInt32_To_BE(j, uint32, 0);
xor(uint32, 0, sBlocks, sOff + BLOCK_SIZE - 4, 4);
cipher.ProcessBlock(sBlocks, sOff, sBlocks, sOff);
}
}
// iv.
return num(sBlocks, 0, d);
}
protected static BigInteger calculateY_FF3(IBlockCipher cipher, BigInteger bigRadix, byte[] T, int wOff, uint round, ushort[] AB)
{
// ii.
byte[] P = new byte[BLOCK_SIZE];
Pack.UInt32_To_BE(round, P, 0);
xor(T, wOff, P, 0, 4);
BigInteger numAB = num(bigRadix, AB);
byte[] bytesAB = BigIntegers.AsUnsignedByteArray(numAB);
if ((P.Length - bytesAB.Length) < 4) // to be sure...
{
throw new InvalidOperationException("input out of range");
}
Array.Copy(bytesAB, 0, P, P.Length - bytesAB.Length, bytesAB.Length);
// iii.
rev(P);
cipher.ProcessBlock(P, 0, P, 0);
rev(P);
byte[] S = P;
// iv.
return num(S, 0, S.Length);
}
protected static void checkArgs(IBlockCipher cipher, bool isFF1, int radix, ushort[] buf, int off, int len)
{
checkCipher(cipher);
if (radix < 2 || radix > (1 << 16))
{
throw new ArgumentException();
}
checkData(isFF1, radix, buf, off, len);
}
protected static void checkArgs(IBlockCipher cipher, bool isFF1, int radix, byte[] buf, int off, int len)
{
checkCipher(cipher);
if (radix < 2 || radix > (1 << 8))
{
throw new ArgumentException();
}
checkData(isFF1, radix, buf, off, len);
}
protected static void checkCipher(IBlockCipher cipher)
{
if (BLOCK_SIZE != cipher.GetBlockSize())
{
throw new ArgumentException();
}
}
protected static void checkData(bool isFF1, int radix, ushort[] buf, int off, int len)
{
checkLength(isFF1, radix, len);
for (int i = 0; i < len; ++i)
{
int b = buf[off + i] & 0xFFFF;
if (b >= radix)
{
throw new ArgumentException("input data outside of radix");
}
}
}
protected static void checkData(bool isFF1, int radix, byte[] buf, int off, int len)
{
checkLength(isFF1, radix, len);
for (int i = 0; i < len; ++i)
{
int b = buf[off + i] & 0xFF;
if (b >= radix)
{
throw new ArgumentException("input data outside of radix");
}
}
}
private static void checkLength(bool isFF1, int radix, int len)
{
if (len < 2 || System.Math.Pow(radix, len) < 1000000)
{
throw new ArgumentException("input too short");
}
if (!isFF1)
{
int maxLen = 2 * (int)(System.Math.Floor(System.Math.Log(TWO_TO_96) / System.Math.Log(radix)));
if (len > maxLen)
{
throw new ArgumentException("maximum input length is " + maxLen);
}
}
}
protected static byte[] implDecryptFF3(IBlockCipher cipher, int radix, byte[] tweak64, byte[] buf, int off, int len)
{
// Algorithm 10
byte[] T = tweak64;
int n = len;
int v = n / 2, u = n - v;
ushort[] A = toShort(buf, off, u);
ushort[] B = toShort(buf, off + u, v);
ushort[] rv = decFF3_1(cipher, radix, T, n, v, u, A, B);
return toByte(rv);
}
protected static ushort[] implDecryptFF3w(IBlockCipher cipher, int radix, byte[] tweak64, ushort[] buf, int off, int len)
{
// Algorithm 10
byte[] T = tweak64;
int n = len;
int v = n / 2, u = n - v;
ushort[] A = new ushort[u];
ushort[] B = new ushort[v];
Array.Copy(buf, off, A, 0, u);
Array.Copy(buf, off + u, B, 0, v);
return decFF3_1(cipher, radix, T, n, v, u, A, B);
}
private static ushort[] decFF3_1(IBlockCipher cipher, int radix, byte[] T, int n, int v, int u, ushort[] A, ushort[] B)
{
BigInteger bigRadix = BigInteger.ValueOf(radix);
BigInteger[] modVU = calculateModUV(bigRadix, v, u);
int m = u;
// Note we keep A, B in reverse order throughout
rev(A);
rev(B);
for (int i = 7; i >= 0; --i)
{
// i.
m = n - m;
BigInteger modulus = modVU[1 - (i & 1)];
int wOff = 4 - ((i & 1) * 4);
// ii. - iv.
BigInteger y = calculateY_FF3(cipher, bigRadix, T, wOff, (uint)i, A);
// v.
BigInteger c = num(bigRadix, B).Subtract(y).Mod(modulus);
// vi. - viii.
ushort[] C = B;
B = A;
A = C;
str(bigRadix, c, m, C, 0);
}
rev(A);
rev(B);
return Arrays.Concatenate(A, B);
}
protected static byte[] implEncryptFF3(IBlockCipher cipher, int radix, byte[] tweak64, byte[] buf, int off, int len)
{
// Algorithm 9
byte[] T = tweak64;
int n = len;
int v = n / 2, u = n - v;
ushort[] A = toShort(buf, off, u);
ushort[] B = toShort(buf, off + u, v);
ushort[] rv = encFF3_1(cipher, radix, T, n, v, u, A, B);
return toByte(rv);
}
protected static ushort[] implEncryptFF3w(IBlockCipher cipher, int radix, byte[] tweak64, ushort[] buf, int off, int len)
{
// Algorithm 9
byte[] T = tweak64;
int n = len;
int v = n / 2, u = n - v;
ushort[] A = new ushort[u];
ushort[] B = new ushort[v];
Array.Copy(buf, off, A, 0, u);
Array.Copy(buf, off + u, B, 0, v);
return encFF3_1(cipher, radix, T, n, v, u, A, B);
}
private static ushort[] encFF3_1(IBlockCipher cipher, int radix, byte[] t, int n, int v, int u, ushort[] a, ushort[] b)
{
BigInteger bigRadix = BigInteger.ValueOf(radix);
BigInteger[] modVU = calculateModUV(bigRadix, v, u);
int m = v;
// Note we keep A, B in reverse order throughout
rev(a);
rev(b);
for (uint i = 0; i < 8; ++i)
{
// i.
m = n - m;
BigInteger modulus = modVU[1 - (i & 1)];
int wOff = 4 - (int)((i & 1) * 4);
// ii. - iv.
BigInteger y = calculateY_FF3(cipher, bigRadix, t, wOff, i, b);
// v.
BigInteger c = num(bigRadix, a).Add(y).Mod(modulus);
// vi. - viii.
ushort[] C = a;
a = b;
b = C;
str(bigRadix, c, m, C, 0);
}
rev(a);
rev(b);
return Arrays.Concatenate(a, b);
}
protected static BigInteger num(byte[] buf, int off, int len)
{
return new BigInteger(1, Arrays.CopyOfRange(buf, off, off + len));
}
protected static BigInteger num(BigInteger R, ushort[] x)
{
BigInteger result = BigInteger.Zero;
for (int i = 0; i < x.Length; ++i)
{
result = result.Multiply(R).Add(BigInteger.ValueOf(x[i] & 0xFFFF));
}
return result;
}
protected static byte[] prf(IBlockCipher c, byte[] x)
{
if ((x.Length % BLOCK_SIZE) != 0)
{
throw new ArgumentException();
}
int m = x.Length / BLOCK_SIZE;
byte[] y = new byte[BLOCK_SIZE];
for (int i = 0; i < m; ++i)
{
xor(x, i * BLOCK_SIZE, y, 0, BLOCK_SIZE);
c.ProcessBlock(y, 0, y, 0);
}
return y;
}
// protected static void rev(byte[] x, int xOff, byte[] y, int yOff, int len)
// {
// for (int i = 1; i <= len; ++i)
// {
// y[yOff + len - i] = x[xOff + i - 1];
// }
// }
protected static void rev(byte[] x)
{
int half = x.Length / 2, end = x.Length - 1;
for (int i = 0; i < half; ++i)
{
byte tmp = x[i];
x[i] = x[end - i];
x[end - i] = tmp;
}
}
protected static void rev(ushort[] x)
{
int half = x.Length / 2, end = x.Length - 1;
for (int i = 0; i < half; ++i)
{
ushort tmp = x[i];
x[i] = x[end - i];
x[end - i] = tmp;
}
}
protected static void str(BigInteger R, BigInteger x, int m, ushort[] output, int off)
{
if (x.SignValue < 0)
{
throw new ArgumentException();
}
for (int i = 1; i <= m; ++i)
{
BigInteger[] qr = x.DivideAndRemainder(R);
output[off + m - i] = (ushort)qr[1].IntValue;
x = qr[0];
}
if (x.SignValue != 0)
{
throw new ArgumentException();
}
}
protected static void xor(byte[] x, int xOff, byte[] y, int yOff, int len)
{
for (int i = 0; i < len; ++i)
{
y[yOff + i] ^= x[xOff + i];
}
}
private static byte[] toByte(ushort[] buf)
{
byte[] s = new byte[buf.Length];
for (int i = 0; i != s.Length; i++)
{
s[i] = (byte)buf[i];
}
return s;
}
private static ushort[] toShort(byte[] buf, int off, int len)
{
ushort[] s = new ushort[len];
for (int i = 0; i != s.Length; i++)
{
s[i] = (ushort)(buf[off + i] & 0xFF);
}
return s;
}
private static int Ceil(double v)
{
int rv = (int)v;
if ((double)rv < v)
return rv + 1;
return rv;
}
}
}
#pragma warning restore
#endif