protected override void SetKey(byte[] keyBytes, byte[] ivBytes)
{
if (keyBytes.Length != 32)
{
throw new ArgumentException(this.AlgorithmName + " requires a 256 bit key");
}
base.SetKey(keyBytes, ivBytes);
this.engineState[8] = Pack.LE_To_UInt32(ivBytes, 8);
this.engineState[9] = Pack.LE_To_UInt32(ivBytes, 12);
uint[] array = new uint[this.engineState.Length];
Salsa20Engine.SalsaCore(20, this.engineState, array);
this.engineState[1] = array[0] - this.engineState[0];
this.engineState[2] = array[5] - this.engineState[5];
this.engineState[3] = array[10] - this.engineState[10];
this.engineState[4] = array[15] - this.engineState[15];
this.engineState[11] = array[6] - this.engineState[6];
this.engineState[12] = array[7] - this.engineState[7];
this.engineState[13] = array[8] - this.engineState[8];
this.engineState[14] = array[9] - this.engineState[9];
this.engineState[6] = Pack.LE_To_UInt32(ivBytes, 16);
this.engineState[7] = Pack.LE_To_UInt32(ivBytes, 20);
this.ResetCounter();
}
protected override void SetKey(byte[] keyBytes, byte[] ivBytes)
{
//IL_0017: Unknown result type (might be due to invalid IL or missing references)
if (keyBytes.Length != 32)
{
throw new ArgumentException(AlgorithmName + " requires a 256 bit key");
}
base.SetKey(keyBytes, ivBytes);
engineState[8] = Pack.LE_To_UInt32(ivBytes, 8);
engineState[9] = Pack.LE_To_UInt32(ivBytes, 12);
uint[] array = new uint[engineState.Length];
Salsa20Engine.SalsaCore(20, engineState, array);
engineState[1] = array[0] - engineState[0];
engineState[2] = array[5] - engineState[5];
engineState[3] = array[10] - engineState[10];
engineState[4] = array[15] - engineState[15];
engineState[11] = array[6] - engineState[6];
engineState[12] = array[7] - engineState[7];
engineState[13] = array[8] - engineState[8];
engineState[14] = array[9] - engineState[9];
engineState[6] = Pack.LE_To_UInt32(ivBytes, 16);
engineState[7] = Pack.LE_To_UInt32(ivBytes, 20);
ResetCounter();
}
public static IBufferedCipher GetCipher(
string algorithm)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
algorithm = Platform.ToUpperInvariant(algorithm);
{
string aliased = (string) algorithms[algorithm];
if (aliased != null)
algorithm = aliased;
}
IBasicAgreement iesAgreement = null;
if (algorithm == "IES")
{
iesAgreement = new DHBasicAgreement();
}
else if (algorithm == "ECIES")
{
iesAgreement = new ECDHBasicAgreement();
}
if (iesAgreement != null)
{
return new BufferedIesCipher(
new IesEngine(
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
}
if (algorithm.StartsWith("PBE"))
{
if (algorithm.EndsWith("-CBC"))
{
if (algorithm == "PBEWITHSHA1ANDDES-CBC")
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEngine()));
}
else if (algorithm == "PBEWITHSHA1ANDRC2-CBC")
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
else if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEdeEngine()));
}
else if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
}
else if (algorithm.EndsWith("-BC") || algorithm.EndsWith("-OPENSSL"))
{
if (Strings.IsOneOf(algorithm,
"PBEWITHSHAAND128BITAES-CBC-BC",
"PBEWITHSHAAND192BITAES-CBC-BC",
"PBEWITHSHAAND256BITAES-CBC-BC",
"PBEWITHSHA256AND128BITAES-CBC-BC",
"PBEWITHSHA256AND192BITAES-CBC-BC",
"PBEWITHSHA256AND256BITAES-CBC-BC",
"PBEWITHMD5AND128BITAES-CBC-OPENSSL",
"PBEWITHMD5AND192BITAES-CBC-OPENSSL",
"PBEWITHMD5AND256BITAES-CBC-OPENSSL"))
{
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new AesFastEngine()));
}
}
}
string[] parts = algorithm.Split('/');
IBlockCipher blockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IStreamCipher streamCipher = null;
string algorithmName = parts[0];
{
string aliased = (string)algorithms[algorithmName];
if (aliased != null)
algorithmName = aliased;
}
CipherAlgorithm cipherAlgorithm;
try
{
cipherAlgorithm = (CipherAlgorithm)Enums.GetEnumValue(typeof(CipherAlgorithm), algorithmName);
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
switch (cipherAlgorithm)
{
case CipherAlgorithm.AES:
blockCipher = new AesFastEngine();
break;
case CipherAlgorithm.ARC4:
streamCipher = new RC4Engine();
break;
case CipherAlgorithm.BLOWFISH:
blockCipher = new BlowfishEngine();
break;
case CipherAlgorithm.CAMELLIA:
blockCipher = new CamelliaEngine();
break;
case CipherAlgorithm.CAST5:
blockCipher = new Cast5Engine();
break;
case CipherAlgorithm.CAST6:
blockCipher = new Cast6Engine();
break;
case CipherAlgorithm.DES:
blockCipher = new DesEngine();
break;
case CipherAlgorithm.DESEDE:
blockCipher = new DesEdeEngine();
break;
case CipherAlgorithm.ELGAMAL:
asymBlockCipher = new ElGamalEngine();
break;
case CipherAlgorithm.GOST28147:
blockCipher = new Gost28147Engine();
break;
case CipherAlgorithm.HC128:
streamCipher = new HC128Engine();
break;
case CipherAlgorithm.HC256:
streamCipher = new HC256Engine();
break;
case CipherAlgorithm.IDEA:
blockCipher = new IdeaEngine();
break;
case CipherAlgorithm.NOEKEON:
blockCipher = new NoekeonEngine();
break;
case CipherAlgorithm.PBEWITHSHAAND128BITRC4:
case CipherAlgorithm.PBEWITHSHAAND40BITRC4:
streamCipher = new RC4Engine();
break;
case CipherAlgorithm.RC2:
blockCipher = new RC2Engine();
break;
case CipherAlgorithm.RC5:
blockCipher = new RC532Engine();
break;
case CipherAlgorithm.RC5_64:
blockCipher = new RC564Engine();
break;
case CipherAlgorithm.RC6:
blockCipher = new RC6Engine();
break;
case CipherAlgorithm.RIJNDAEL:
blockCipher = new RijndaelEngine();
break;
case CipherAlgorithm.RSA:
asymBlockCipher = new RsaBlindedEngine();
break;
case CipherAlgorithm.SALSA20:
streamCipher = new Salsa20Engine();
break;
case CipherAlgorithm.SEED:
blockCipher = new SeedEngine();
break;
case CipherAlgorithm.SERPENT:
blockCipher = new SerpentEngine();
break;
case CipherAlgorithm.SKIPJACK:
blockCipher = new SkipjackEngine();
break;
case CipherAlgorithm.TEA:
blockCipher = new TeaEngine();
break;
case CipherAlgorithm.TWOFISH:
blockCipher = new TwofishEngine();
break;
case CipherAlgorithm.VMPC:
streamCipher = new VmpcEngine();
break;
case CipherAlgorithm.VMPC_KSA3:
streamCipher = new VmpcKsa3Engine();
break;
case CipherAlgorithm.XTEA:
blockCipher = new XteaEngine();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
if (streamCipher != null)
{
if (parts.Length > 1)
throw new ArgumentException("Modes and paddings not used for stream ciphers");
return new BufferedStreamCipher(streamCipher);
}
bool cts = false;
bool padded = true;
IBlockCipherPadding padding = null;
IAeadBlockCipher aeadBlockCipher = null;
if (parts.Length > 2)
{
if (streamCipher != null)
throw new ArgumentException("Paddings not used for stream ciphers");
string paddingName = parts[2];
CipherPadding cipherPadding;
if (paddingName == "")
{
cipherPadding = CipherPadding.RAW;
}
else if (paddingName == "X9.23PADDING")
{
cipherPadding = CipherPadding.X923PADDING;
}
else
{
try
{
cipherPadding = (CipherPadding)Enums.GetEnumValue(typeof(CipherPadding), paddingName);
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
switch (cipherPadding)
{
case CipherPadding.NOPADDING:
padded = false;
break;
case CipherPadding.RAW:
break;
case CipherPadding.ISO10126PADDING:
case CipherPadding.ISO10126D2PADDING:
case CipherPadding.ISO10126_2PADDING:
padding = new ISO10126d2Padding();
break;
case CipherPadding.ISO7816_4PADDING:
case CipherPadding.ISO9797_1PADDING:
padding = new ISO7816d4Padding();
break;
case CipherPadding.ISO9796_1:
case CipherPadding.ISO9796_1PADDING:
asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
break;
case CipherPadding.OAEP:
case CipherPadding.OAEPPADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher);
break;
case CipherPadding.OAEPWITHMD5ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
break;
case CipherPadding.OAEPWITHSHA1ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_1ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
break;
case CipherPadding.OAEPWITHSHA224ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_224ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
break;
case CipherPadding.OAEPWITHSHA256ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_256ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
break;
case CipherPadding.OAEPWITHSHA384ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_384ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
break;
case CipherPadding.OAEPWITHSHA512ANDMGF1PADDING:
case CipherPadding.OAEPWITHSHA_512ANDMGF1PADDING:
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
break;
case CipherPadding.PKCS1:
case CipherPadding.PKCS1PADDING:
asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
break;
case CipherPadding.PKCS5:
case CipherPadding.PKCS5PADDING:
case CipherPadding.PKCS7:
case CipherPadding.PKCS7PADDING:
padding = new Pkcs7Padding();
break;
case CipherPadding.TBCPADDING:
padding = new TbcPadding();
break;
case CipherPadding.WITHCTS:
cts = true;
break;
case CipherPadding.X923PADDING:
padding = new X923Padding();
break;
case CipherPadding.ZEROBYTEPADDING:
padding = new ZeroBytePadding();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
string mode = "";
if (parts.Length > 1)
{
mode = parts[1];
int di = GetDigitIndex(mode);
string modeName = di >= 0 ? mode.Substring(0, di) : mode;
try
{
CipherMode cipherMode = modeName == ""
? CipherMode.NONE
: (CipherMode)Enums.GetEnumValue(typeof(CipherMode), modeName);
switch (cipherMode)
{
case CipherMode.ECB:
case CipherMode.NONE:
break;
case CipherMode.CBC:
blockCipher = new CbcBlockCipher(blockCipher);
break;
case CipherMode.CCM:
aeadBlockCipher = new CcmBlockCipher(blockCipher);
break;
case CipherMode.CFB:
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new CfbBlockCipher(blockCipher, bits);
break;
}
case CipherMode.CTR:
blockCipher = new SicBlockCipher(blockCipher);
break;
case CipherMode.CTS:
cts = true;
blockCipher = new CbcBlockCipher(blockCipher);
break;
case CipherMode.EAX:
aeadBlockCipher = new EaxBlockCipher(blockCipher);
break;
case CipherMode.GCM:
aeadBlockCipher = new GcmBlockCipher(blockCipher);
break;
case CipherMode.GOFB:
blockCipher = new GOfbBlockCipher(blockCipher);
break;
case CipherMode.OCB:
aeadBlockCipher = new OcbBlockCipher(blockCipher, CreateBlockCipher(cipherAlgorithm));
break;
case CipherMode.OFB:
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new OfbBlockCipher(blockCipher, bits);
break;
}
case CipherMode.OPENPGPCFB:
blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
break;
case CipherMode.SIC:
if (blockCipher.GetBlockSize() < 16)
{
throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
}
blockCipher = new SicBlockCipher(blockCipher);
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
catch (ArgumentException)
{
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
if (aeadBlockCipher != null)
{
if (cts)
throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
if (padded && parts.Length > 2 && parts[2] != "")
throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");
return new BufferedAeadBlockCipher(aeadBlockCipher);
}
if (blockCipher != null)
{
if (cts)
{
return new CtsBlockCipher(blockCipher);
}
if (padding != null)
{
return new PaddedBufferedBlockCipher(blockCipher, padding);
}
if (!padded || blockCipher.IsPartialBlockOkay)
{
return new BufferedBlockCipher(blockCipher);
}
return new PaddedBufferedBlockCipher(blockCipher);
}
if (asymBlockCipher != null)
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
public static IBufferedCipher GetCipher(
string algorithm)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
algorithm = algorithm.ToUpper(CultureInfo.InvariantCulture);
string aliased = (string) algorithms[algorithm];
if (aliased != null)
algorithm = aliased;
IBasicAgreement iesAgreement = null;
if (algorithm == "IES")
{
iesAgreement = new DHBasicAgreement();
}
else if (algorithm == "ECIES")
{
iesAgreement = new ECDHBasicAgreement();
}
if (iesAgreement != null)
{
return new BufferedIesCipher(
new IesEngine(
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
}
if (algorithm.StartsWith("PBE"))
{
switch (algorithm)
{
case "PBEWITHSHAAND2-KEYTRIPLEDES-CBC":
case "PBEWITHSHAAND3-KEYTRIPLEDES-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEdeEngine()));
case "PBEWITHSHAAND128BITRC2-CBC":
case "PBEWITHSHAAND40BITRC2-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
case "PBEWITHSHAAND128BITAES-CBC-BC":
case "PBEWITHSHAAND192BITAES-CBC-BC":
case "PBEWITHSHAAND256BITAES-CBC-BC":
case "PBEWITHSHA256AND128BITAES-CBC-BC":
case "PBEWITHSHA256AND192BITAES-CBC-BC":
case "PBEWITHSHA256AND256BITAES-CBC-BC":
case "PBEWITHMD5AND128BITAES-CBC-OPENSSL":
case "PBEWITHMD5AND192BITAES-CBC-OPENSSL":
case "PBEWITHMD5AND256BITAES-CBC-OPENSSL":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new AesFastEngine()));
case "PBEWITHSHA1ANDDES-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new DesEngine()));
case "PBEWITHSHA1ANDRC2-CBC":
return new PaddedBufferedBlockCipher(
new CbcBlockCipher(new RC2Engine()));
}
}
string[] parts = algorithm.Split('/');
IBlockCipher blockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IStreamCipher streamCipher = null;
switch (parts[0])
{
case "AES":
blockCipher = new AesFastEngine();
break;
case "ARC4":
streamCipher = new RC4Engine();
break;
case "BLOWFISH":
blockCipher = new BlowfishEngine();
break;
case "CAMELLIA":
blockCipher = new CamelliaEngine();
break;
case "CAST5":
blockCipher = new Cast5Engine();
break;
case "CAST6":
blockCipher = new Cast6Engine();
break;
case "DES":
blockCipher = new DesEngine();
break;
case "DESEDE":
blockCipher = new DesEdeEngine();
break;
case "ELGAMAL":
asymBlockCipher = new ElGamalEngine();
break;
case "GOST28147":
blockCipher = new Gost28147Engine();
break;
case "HC128":
streamCipher = new HC128Engine();
break;
case "HC256":
streamCipher = new HC256Engine();
break;
#if INCLUDE_IDEA
case "IDEA":
blockCipher = new IdeaEngine();
break;
#endif
case "NOEKEON":
blockCipher = new NoekeonEngine();
break;
case "PBEWITHSHAAND128BITRC4":
case "PBEWITHSHAAND40BITRC4":
streamCipher = new RC4Engine();
break;
case "RC2":
blockCipher = new RC2Engine();
break;
case "RC5":
blockCipher = new RC532Engine();
break;
case "RC5-64":
blockCipher = new RC564Engine();
break;
case "RC6":
blockCipher = new RC6Engine();
break;
case "RIJNDAEL":
blockCipher = new RijndaelEngine();
break;
case "RSA":
asymBlockCipher = new RsaBlindedEngine();
break;
case "SALSA20":
streamCipher = new Salsa20Engine();
break;
case "SEED":
blockCipher = new SeedEngine();
break;
case "SERPENT":
blockCipher = new SerpentEngine();
break;
case "SKIPJACK":
blockCipher = new SkipjackEngine();
break;
case "TEA":
blockCipher = new TeaEngine();
break;
case "TWOFISH":
blockCipher = new TwofishEngine();
break;
case "VMPC":
streamCipher = new VmpcEngine();
break;
case "VMPC-KSA3":
streamCipher = new VmpcKsa3Engine();
break;
case "XTEA":
blockCipher = new XteaEngine();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
if (streamCipher != null)
{
if (parts.Length > 1)
throw new ArgumentException("Modes and paddings not used for stream ciphers");
return new BufferedStreamCipher(streamCipher);
}
bool cts = false;
bool padded = true;
IBlockCipherPadding padding = null;
IAeadBlockCipher aeadBlockCipher = null;
if (parts.Length > 2)
{
if (streamCipher != null)
throw new ArgumentException("Paddings not used for stream ciphers");
switch (parts[2])
{
case "NOPADDING":
padded = false;
break;
case "":
case "RAW":
break;
case "ISO10126PADDING":
case "ISO10126D2PADDING":
case "ISO10126-2PADDING":
padding = new ISO10126d2Padding();
break;
case "ISO7816-4PADDING":
case "ISO9797-1PADDING":
padding = new ISO7816d4Padding();
break;
case "ISO9796-1":
case "ISO9796-1PADDING":
asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
break;
case "OAEP":
case "OAEPPADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher);
break;
case "OAEPWITHMD5ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
break;
case "OAEPWITHSHA1ANDMGF1PADDING":
case "OAEPWITHSHA-1ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
break;
case "OAEPWITHSHA224ANDMGF1PADDING":
case "OAEPWITHSHA-224ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
break;
case "OAEPWITHSHA256ANDMGF1PADDING":
case "OAEPWITHSHA-256ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
break;
case "OAEPWITHSHA384ANDMGF1PADDING":
case "OAEPWITHSHA-384ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
break;
case "OAEPWITHSHA512ANDMGF1PADDING":
case "OAEPWITHSHA-512ANDMGF1PADDING":
asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
break;
case "PKCS1":
case "PKCS1PADDING":
asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
break;
case "PKCS5":
case "PKCS5PADDING":
case "PKCS7":
case "PKCS7PADDING":
padding = new Pkcs7Padding();
break;
case "TBCPADDING":
padding = new TbcPadding();
break;
case "WITHCTS":
cts = true;
break;
case "X9.23PADDING":
case "X923PADDING":
padding = new X923Padding();
break;
case "ZEROBYTEPADDING":
padding = new ZeroBytePadding();
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
string mode = "";
if (parts.Length > 1)
{
mode = parts[1];
int di = GetDigitIndex(mode);
string modeName = di >= 0 ? mode.Substring(0, di) : mode;
switch (modeName)
{
case "":
case "ECB":
case "NONE":
break;
case "CBC":
blockCipher = new CbcBlockCipher(blockCipher);
break;
case "CCM":
aeadBlockCipher = new CcmBlockCipher(blockCipher);
break;
case "CFB":
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new CfbBlockCipher(blockCipher, bits);
break;
}
case "CTR":
blockCipher = new SicBlockCipher(blockCipher);
break;
case "CTS":
cts = true;
blockCipher = new CbcBlockCipher(blockCipher);
break;
case "EAX":
aeadBlockCipher = new EaxBlockCipher(blockCipher);
break;
case "GCM":
aeadBlockCipher = new GcmBlockCipher(blockCipher);
break;
case "GOFB":
blockCipher = new GOfbBlockCipher(blockCipher);
break;
case "OFB":
{
int bits = (di < 0)
? 8 * blockCipher.GetBlockSize()
: int.Parse(mode.Substring(di));
blockCipher = new OfbBlockCipher(blockCipher, bits);
break;
}
case "OPENPGPCFB":
blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
break;
case "SIC":
if (blockCipher.GetBlockSize() < 16)
{
throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
}
blockCipher = new SicBlockCipher(blockCipher);
break;
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
if (aeadBlockCipher != null)
{
if (cts)
throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
if (padded && parts.Length > 2 && parts[2] != "")
throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");
return new BufferedAeadBlockCipher(aeadBlockCipher);
}
if (blockCipher != null)
{
if (cts)
{
return new CtsBlockCipher(blockCipher);
}
if (padding != null)
{
return new PaddedBufferedBlockCipher(blockCipher, padding);
}
if (!padded || blockCipher.IsPartialBlockOkay)
{
return new BufferedBlockCipher(blockCipher);
}
return new PaddedBufferedBlockCipher(blockCipher);
}
if (asymBlockCipher != null)
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
internal static void SalsaCore(int rounds, uint[] input, uint[] x)
{
if (input.Length != 16)
{
throw new ArgumentException();
}
if (x.Length != 16)
{
throw new ArgumentException();
}
if (rounds % 2 != 0)
{
throw new ArgumentException("Number of rounds must be even");
}
uint num = input[0];
uint num2 = input[1];
uint num3 = input[2];
uint num4 = input[3];
uint num5 = input[4];
uint num6 = input[5];
uint num7 = input[6];
uint num8 = input[7];
uint num9 = input[8];
uint num10 = input[9];
uint num11 = input[10];
uint num12 = input[11];
uint num13 = input[12];
uint num14 = input[13];
uint num15 = input[14];
uint num16 = input[15];
for (int i = rounds; i > 0; i -= 2)
{
num5 ^= Salsa20Engine.R(num + num13, 7);
num9 ^= Salsa20Engine.R(num5 + num, 9);
num13 ^= Salsa20Engine.R(num9 + num5, 13);
num ^= Salsa20Engine.R(num13 + num9, 18);
num10 ^= Salsa20Engine.R(num6 + num2, 7);
num14 ^= Salsa20Engine.R(num10 + num6, 9);
num2 ^= Salsa20Engine.R(num14 + num10, 13);
num6 ^= Salsa20Engine.R(num2 + num14, 18);
num15 ^= Salsa20Engine.R(num11 + num7, 7);
num3 ^= Salsa20Engine.R(num15 + num11, 9);
num7 ^= Salsa20Engine.R(num3 + num15, 13);
num11 ^= Salsa20Engine.R(num7 + num3, 18);
num4 ^= Salsa20Engine.R(num16 + num12, 7);
num8 ^= Salsa20Engine.R(num4 + num16, 9);
num12 ^= Salsa20Engine.R(num8 + num4, 13);
num16 ^= Salsa20Engine.R(num12 + num8, 18);
num2 ^= Salsa20Engine.R(num + num4, 7);
num3 ^= Salsa20Engine.R(num2 + num, 9);
num4 ^= Salsa20Engine.R(num3 + num2, 13);
num ^= Salsa20Engine.R(num4 + num3, 18);
num7 ^= Salsa20Engine.R(num6 + num5, 7);
num8 ^= Salsa20Engine.R(num7 + num6, 9);
num5 ^= Salsa20Engine.R(num8 + num7, 13);
num6 ^= Salsa20Engine.R(num5 + num8, 18);
num12 ^= Salsa20Engine.R(num11 + num10, 7);
num9 ^= Salsa20Engine.R(num12 + num11, 9);
num10 ^= Salsa20Engine.R(num9 + num12, 13);
num11 ^= Salsa20Engine.R(num10 + num9, 18);
num13 ^= Salsa20Engine.R(num16 + num15, 7);
num14 ^= Salsa20Engine.R(num13 + num16, 9);
num15 ^= Salsa20Engine.R(num14 + num13, 13);
num16 ^= Salsa20Engine.R(num15 + num14, 18);
}
x[0] = num + input[0];
x[1] = num2 + input[1];
x[2] = num3 + input[2];
x[3] = num4 + input[3];
x[4] = num5 + input[4];
x[5] = num6 + input[5];
x[6] = num7 + input[6];
x[7] = num8 + input[7];
x[8] = num9 + input[8];
x[9] = num10 + input[9];
x[10] = num11 + input[10];
x[11] = num12 + input[11];
x[12] = num13 + input[12];
x[13] = num14 + input[13];
x[14] = num15 + input[14];
x[15] = num16 + input[15];
}
protected virtual void GenerateKeyStream(byte[] output)
{
Salsa20Engine.SalsaCore(this.rounds, this.engineState, this.x);
Pack.UInt32_To_LE(this.x, output, 0);
}
internal static void ChachaCore(int rounds, uint[] input, uint[] x)
{
if (input.Length != 16)
{
throw new ArgumentException();
}
if (x.Length != 16)
{
throw new ArgumentException();
}
if (rounds % 2 != 0)
{
throw new ArgumentException("Number of rounds must be even");
}
uint num = input[0];
uint num2 = input[1];
uint num3 = input[2];
uint num4 = input[3];
uint num5 = input[4];
uint num6 = input[5];
uint num7 = input[6];
uint num8 = input[7];
uint num9 = input[8];
uint num10 = input[9];
uint num11 = input[10];
uint num12 = input[11];
uint num13 = input[12];
uint num14 = input[13];
uint num15 = input[14];
uint num16 = input[15];
for (int i = rounds; i > 0; i -= 2)
{
num += num5;
num13 = Salsa20Engine.R(num13 ^ num, 16);
num9 += num13;
num5 = Salsa20Engine.R(num5 ^ num9, 12);
num += num5;
num13 = Salsa20Engine.R(num13 ^ num, 8);
num9 += num13;
num5 = Salsa20Engine.R(num5 ^ num9, 7);
num2 += num6;
num14 = Salsa20Engine.R(num14 ^ num2, 16);
num10 += num14;
num6 = Salsa20Engine.R(num6 ^ num10, 12);
num2 += num6;
num14 = Salsa20Engine.R(num14 ^ num2, 8);
num10 += num14;
num6 = Salsa20Engine.R(num6 ^ num10, 7);
num3 += num7;
num15 = Salsa20Engine.R(num15 ^ num3, 16);
num11 += num15;
num7 = Salsa20Engine.R(num7 ^ num11, 12);
num3 += num7;
num15 = Salsa20Engine.R(num15 ^ num3, 8);
num11 += num15;
num7 = Salsa20Engine.R(num7 ^ num11, 7);
num4 += num8;
num16 = Salsa20Engine.R(num16 ^ num4, 16);
num12 += num16;
num8 = Salsa20Engine.R(num8 ^ num12, 12);
num4 += num8;
num16 = Salsa20Engine.R(num16 ^ num4, 8);
num12 += num16;
num8 = Salsa20Engine.R(num8 ^ num12, 7);
num += num6;
num16 = Salsa20Engine.R(num16 ^ num, 16);
num11 += num16;
num6 = Salsa20Engine.R(num6 ^ num11, 12);
num += num6;
num16 = Salsa20Engine.R(num16 ^ num, 8);
num11 += num16;
num6 = Salsa20Engine.R(num6 ^ num11, 7);
num2 += num7;
num13 = Salsa20Engine.R(num13 ^ num2, 16);
num12 += num13;
num7 = Salsa20Engine.R(num7 ^ num12, 12);
num2 += num7;
num13 = Salsa20Engine.R(num13 ^ num2, 8);
num12 += num13;
num7 = Salsa20Engine.R(num7 ^ num12, 7);
num3 += num8;
num14 = Salsa20Engine.R(num14 ^ num3, 16);
num9 += num14;
num8 = Salsa20Engine.R(num8 ^ num9, 12);
num3 += num8;
num14 = Salsa20Engine.R(num14 ^ num3, 8);
num9 += num14;
num8 = Salsa20Engine.R(num8 ^ num9, 7);
num4 += num5;
num15 = Salsa20Engine.R(num15 ^ num4, 16);
num10 += num15;
num5 = Salsa20Engine.R(num5 ^ num10, 12);
num4 += num5;
num15 = Salsa20Engine.R(num15 ^ num4, 8);
num10 += num15;
num5 = Salsa20Engine.R(num5 ^ num10, 7);
}
x[0] = num + input[0];
x[1] = num2 + input[1];
x[2] = num3 + input[2];
x[3] = num4 + input[3];
x[4] = num5 + input[4];
x[5] = num6 + input[5];
x[6] = num7 + input[6];
x[7] = num8 + input[7];
x[8] = num9 + input[8];
x[9] = num10 + input[9];
x[10] = num11 + input[10];
x[11] = num12 + input[11];
x[12] = num13 + input[12];
x[13] = num14 + input[13];
x[14] = num15 + input[14];
x[15] = num16 + input[15];
}
internal static void ChachaCore(int rounds, uint[] input, uint[] x)
{
//IL_0007: Unknown result type (might be due to invalid IL or missing references)
//IL_0014: Unknown result type (might be due to invalid IL or missing references)
//IL_0024: Unknown result type (might be due to invalid IL or missing references)
if (input.Length != 16)
{
throw new ArgumentException();
}
if (x.Length != 16)
{
throw new ArgumentException();
}
if (rounds % 2 != 0)
{
throw new ArgumentException("Number of rounds must be even");
}
uint num = input[0];
uint num2 = input[1];
uint num3 = input[2];
uint num4 = input[3];
uint num5 = input[4];
uint num6 = input[5];
uint num7 = input[6];
uint num8 = input[7];
uint num9 = input[8];
uint num10 = input[9];
uint num11 = input[10];
uint num12 = input[11];
uint num13 = input[12];
uint num14 = input[13];
uint num15 = input[14];
uint num16 = input[15];
for (int num17 = rounds; num17 > 0; num17 -= 2)
{
num += num5;
num13 = Salsa20Engine.R(num13 ^ num, 16);
num9 += num13;
num5 = Salsa20Engine.R(num5 ^ num9, 12);
num += num5;
num13 = Salsa20Engine.R(num13 ^ num, 8);
num9 += num13;
num5 = Salsa20Engine.R(num5 ^ num9, 7);
num2 += num6;
num14 = Salsa20Engine.R(num14 ^ num2, 16);
num10 += num14;
num6 = Salsa20Engine.R(num6 ^ num10, 12);
num2 += num6;
num14 = Salsa20Engine.R(num14 ^ num2, 8);
num10 += num14;
num6 = Salsa20Engine.R(num6 ^ num10, 7);
num3 += num7;
num15 = Salsa20Engine.R(num15 ^ num3, 16);
num11 += num15;
num7 = Salsa20Engine.R(num7 ^ num11, 12);
num3 += num7;
num15 = Salsa20Engine.R(num15 ^ num3, 8);
num11 += num15;
num7 = Salsa20Engine.R(num7 ^ num11, 7);
num4 += num8;
num16 = Salsa20Engine.R(num16 ^ num4, 16);
num12 += num16;
num8 = Salsa20Engine.R(num8 ^ num12, 12);
num4 += num8;
num16 = Salsa20Engine.R(num16 ^ num4, 8);
num12 += num16;
num8 = Salsa20Engine.R(num8 ^ num12, 7);
num += num6;
num16 = Salsa20Engine.R(num16 ^ num, 16);
num11 += num16;
num6 = Salsa20Engine.R(num6 ^ num11, 12);
num += num6;
num16 = Salsa20Engine.R(num16 ^ num, 8);
num11 += num16;
num6 = Salsa20Engine.R(num6 ^ num11, 7);
num2 += num7;
num13 = Salsa20Engine.R(num13 ^ num2, 16);
num12 += num13;
num7 = Salsa20Engine.R(num7 ^ num12, 12);
num2 += num7;
num13 = Salsa20Engine.R(num13 ^ num2, 8);
num12 += num13;
num7 = Salsa20Engine.R(num7 ^ num12, 7);
num3 += num8;
num14 = Salsa20Engine.R(num14 ^ num3, 16);
num9 += num14;
num8 = Salsa20Engine.R(num8 ^ num9, 12);
num3 += num8;
num14 = Salsa20Engine.R(num14 ^ num3, 8);
num9 += num14;
num8 = Salsa20Engine.R(num8 ^ num9, 7);
num4 += num5;
num15 = Salsa20Engine.R(num15 ^ num4, 16);
num10 += num15;
num5 = Salsa20Engine.R(num5 ^ num10, 12);
num4 += num5;
num15 = Salsa20Engine.R(num15 ^ num4, 8);
num10 += num15;
num5 = Salsa20Engine.R(num5 ^ num10, 7);
}
x[0] = num + input[0];
x[1] = num2 + input[1];
x[2] = num3 + input[2];
x[3] = num4 + input[3];
x[4] = num5 + input[4];
x[5] = num6 + input[5];
x[6] = num7 + input[6];
x[7] = num8 + input[7];
x[8] = num9 + input[8];
x[9] = num10 + input[9];
x[10] = num11 + input[10];
x[11] = num12 + input[11];
x[12] = num13 + input[12];
x[13] = num14 + input[13];
x[14] = num15 + input[14];
x[15] = num16 + input[15];
}
private void reinitBug()
{
KeyParameter key = new KeyParameter(Hex.Decode("80000000000000000000000000000000"));
ParametersWithIV parameters = new ParametersWithIV(key, Hex.Decode("0000000000000000"));
IStreamCipher salsa = new Salsa20Engine();
salsa.Init(true, parameters);
try
{
salsa.Init(true, key);
Fail("Salsa20 should throw exception if no IV in Init");
}
catch (ArgumentException)
{
}
}
private void salsa20Test2(
ICipherParameters parameters,
string v0,
string v65472,
string v65536)
{
IStreamCipher salsa = new Salsa20Engine();
byte[] buf = new byte[64];
salsa.Init(true, parameters);
for (int i = 0; i != 1025; i++)
{
salsa.ProcessBytes(zeroes, 0, 64, buf, 0);
switch (i)
{
case 0:
if (!AreEqual(buf, Hex.Decode(v0)))
{
mismatch("v0", v0, buf);
}
break;
case 1023:
if (!AreEqual(buf, Hex.Decode(v65472)))
{
mismatch("v65472", v65472, buf);
}
break;
case 1024:
if (!AreEqual(buf, Hex.Decode(v65536)))
{
mismatch("v65536", v65536, buf);
}
break;
default:
// ignore
break;
}
}
}
private void salsa20Test1(
int rounds,
ICipherParameters parameters,
string v0,
string v192,
string v256,
string v448)
{
IStreamCipher salsa = new Salsa20Engine(rounds);
byte[] buf = new byte[64];
salsa.Init(true, parameters);
for (int i = 0; i != 7; i++)
{
salsa.ProcessBytes(zeroes, 0, 64, buf, 0);
switch (i)
{
case 0:
if (!AreEqual(buf, Hex.Decode(v0)))
{
mismatch("v0/" + rounds, v0, buf);
}
break;
case 3:
if (!AreEqual(buf, Hex.Decode(v192)))
{
mismatch("v192/" + rounds, v192, buf);
}
break;
case 4:
if (!AreEqual(buf, Hex.Decode(v256)))
{
mismatch("v256/" + rounds, v256, buf);
}
break;
default:
// ignore
break;
}
}
for (int i = 0; i != 64; i++)
{
buf[i] = salsa.ReturnByte(zeroes[i]);
}
if (!AreEqual(buf, Hex.Decode(v448)))
{
mismatch("v448", v448, buf);
}
}
private BufferedStreamCipher CreateSstreamEngine()
{
IStreamCipher engine;
switch (_MSec.Algorithm)
{
case ESec.SSTREAM_HC128:
engine = new HC128Engine();
_MSec.KeySize = 16;//128
_MSec.IVSize = 16;
break;
case ESec.SSTREAM_HC256:
engine = new HC256Engine();
_MSec.KeySize = 32;
_MSec.IVSize = 16;
break;
case ESec.SSTREAM_ISAAC:
engine = new IsaacEngine();
_MSec.KeySize = 10;
_MSec.IVSize = 0;
break;
case ESec.SSTREAM_RC4:
engine = new RC4Engine();
_MSec.KeySize = 10;
_MSec.IVSize = 0;
break;
case ESec.SSTREAM_SALSA20:
engine = new Salsa20Engine();
_MSec.KeySize = 16;
_MSec.IVSize = 8;
break;
case ESec.SSTREAM_VMPC:
engine = new VmpcEngine();
_MSec.KeySize = 10;
_MSec.IVSize = 16;
break;
case ESec.SSTREAM_VMPCKSA3:
engine = new VmpcKsa3Engine();
_MSec.KeySize = 10;
_MSec.IVSize = 16;
break;
default:
engine = null;
_MSec.KeySize = 0;
_MSec.IVSize = 0;
break;
}
return new BufferedStreamCipher(engine);
}