Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005
상속: IStreamCipher
예제 #1
0
 protected override void SetKey(byte[] keyBytes, byte[] ivBytes)
 {
     if (keyBytes.Length != 32)
     {
         throw new ArgumentException(this.AlgorithmName + " requires a 256 bit key");
     }
     base.SetKey(keyBytes, ivBytes);
     this.engineState[8] = Pack.LE_To_UInt32(ivBytes, 8);
     this.engineState[9] = Pack.LE_To_UInt32(ivBytes, 12);
     uint[] array = new uint[this.engineState.Length];
     Salsa20Engine.SalsaCore(20, this.engineState, array);
     this.engineState[1]  = array[0] - this.engineState[0];
     this.engineState[2]  = array[5] - this.engineState[5];
     this.engineState[3]  = array[10] - this.engineState[10];
     this.engineState[4]  = array[15] - this.engineState[15];
     this.engineState[11] = array[6] - this.engineState[6];
     this.engineState[12] = array[7] - this.engineState[7];
     this.engineState[13] = array[8] - this.engineState[8];
     this.engineState[14] = array[9] - this.engineState[9];
     this.engineState[6]  = Pack.LE_To_UInt32(ivBytes, 16);
     this.engineState[7]  = Pack.LE_To_UInt32(ivBytes, 20);
     this.ResetCounter();
 }
예제 #2
0
 protected override void SetKey(byte[] keyBytes, byte[] ivBytes)
 {
     //IL_0017: Unknown result type (might be due to invalid IL or missing references)
     if (keyBytes.Length != 32)
     {
         throw new ArgumentException(AlgorithmName + " requires a 256 bit key");
     }
     base.SetKey(keyBytes, ivBytes);
     engineState[8] = Pack.LE_To_UInt32(ivBytes, 8);
     engineState[9] = Pack.LE_To_UInt32(ivBytes, 12);
     uint[] array = new uint[engineState.Length];
     Salsa20Engine.SalsaCore(20, engineState, array);
     engineState[1]  = array[0] - engineState[0];
     engineState[2]  = array[5] - engineState[5];
     engineState[3]  = array[10] - engineState[10];
     engineState[4]  = array[15] - engineState[15];
     engineState[11] = array[6] - engineState[6];
     engineState[12] = array[7] - engineState[7];
     engineState[13] = array[8] - engineState[8];
     engineState[14] = array[9] - engineState[9];
     engineState[6]  = Pack.LE_To_UInt32(ivBytes, 16);
     engineState[7]  = Pack.LE_To_UInt32(ivBytes, 20);
     ResetCounter();
 }
예제 #3
0
        public static IBufferedCipher GetCipher(
            string algorithm)
        {
            if (algorithm == null)
                throw new ArgumentNullException("algorithm");

            algorithm = Platform.ToUpperInvariant(algorithm);

            {
                string aliased = (string) algorithms[algorithm];

                if (aliased != null)
                    algorithm = aliased;
            }

            IBasicAgreement iesAgreement = null;
            if (algorithm == "IES")
            {
                iesAgreement = new DHBasicAgreement();
            }
            else if (algorithm == "ECIES")
            {
                iesAgreement = new ECDHBasicAgreement();
            }

            if (iesAgreement != null)
            {
                return new BufferedIesCipher(
                    new IesEngine(
                    iesAgreement,
                    new Kdf2BytesGenerator(
                    new Sha1Digest()),
                    new HMac(
                    new Sha1Digest())));
            }



            if (algorithm.StartsWith("PBE"))
            {
                if (algorithm.EndsWith("-CBC"))
                {
                    if (algorithm == "PBEWITHSHA1ANDDES-CBC")
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEngine()));
                    }
                    else if (algorithm == "PBEWITHSHA1ANDRC2-CBC")
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                    }
                    else if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEdeEngine()));
                    }
                    else if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                    }
                }
                else if (algorithm.EndsWith("-BC") || algorithm.EndsWith("-OPENSSL"))
                {
                    if (Strings.IsOneOf(algorithm,
                        "PBEWITHSHAAND128BITAES-CBC-BC",
                        "PBEWITHSHAAND192BITAES-CBC-BC",
                        "PBEWITHSHAAND256BITAES-CBC-BC",
                        "PBEWITHSHA256AND128BITAES-CBC-BC",
                        "PBEWITHSHA256AND192BITAES-CBC-BC",
                        "PBEWITHSHA256AND256BITAES-CBC-BC",
                        "PBEWITHMD5AND128BITAES-CBC-OPENSSL",
                        "PBEWITHMD5AND192BITAES-CBC-OPENSSL",
                        "PBEWITHMD5AND256BITAES-CBC-OPENSSL"))
                    {
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new AesFastEngine()));
                    }
                }
            }



            string[] parts = algorithm.Split('/');

            IBlockCipher blockCipher = null;
            IAsymmetricBlockCipher asymBlockCipher = null;
            IStreamCipher streamCipher = null;

            string algorithmName = parts[0];

            {
                string aliased = (string)algorithms[algorithmName];

                if (aliased != null)
                    algorithmName = aliased;
            }

            CipherAlgorithm cipherAlgorithm;
            try
            {
                cipherAlgorithm = (CipherAlgorithm)Enums.GetEnumValue(typeof(CipherAlgorithm), algorithmName);
            }
            catch (ArgumentException)
            {
                throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            switch (cipherAlgorithm)
            {
                case CipherAlgorithm.AES:
                    blockCipher = new AesFastEngine();
                    break;
                case CipherAlgorithm.ARC4:
                    streamCipher = new RC4Engine();
                    break;
                case CipherAlgorithm.BLOWFISH:
                    blockCipher = new BlowfishEngine();
                    break;
                case CipherAlgorithm.CAMELLIA:
                    blockCipher = new CamelliaEngine();
                    break;
                case CipherAlgorithm.CAST5:
                    blockCipher = new Cast5Engine();
                    break;
                case CipherAlgorithm.CAST6:
                    blockCipher = new Cast6Engine();
                    break;
                case CipherAlgorithm.DES:
                    blockCipher = new DesEngine();
                    break;
                case CipherAlgorithm.DESEDE:
                    blockCipher = new DesEdeEngine();
                    break;
                case CipherAlgorithm.ELGAMAL:
                    asymBlockCipher = new ElGamalEngine();
                    break;
                case CipherAlgorithm.GOST28147:
                    blockCipher = new Gost28147Engine();
                    break;
                case CipherAlgorithm.HC128:
                    streamCipher = new HC128Engine();
                    break;
                case CipherAlgorithm.HC256:
                    streamCipher = new HC256Engine();
                    break;
                case CipherAlgorithm.IDEA:
                    blockCipher = new IdeaEngine();
                    break;
                case CipherAlgorithm.NOEKEON:
                    blockCipher = new NoekeonEngine();
                    break;
                case CipherAlgorithm.PBEWITHSHAAND128BITRC4:
                case CipherAlgorithm.PBEWITHSHAAND40BITRC4:
                    streamCipher = new RC4Engine();
                    break;
                case CipherAlgorithm.RC2:
                    blockCipher = new RC2Engine();
                    break;
                case CipherAlgorithm.RC5:
                    blockCipher = new RC532Engine();
                    break;
                case CipherAlgorithm.RC5_64:
                    blockCipher = new RC564Engine();
                    break;
                case CipherAlgorithm.RC6:
                    blockCipher = new RC6Engine();
                    break;
                case CipherAlgorithm.RIJNDAEL:
                    blockCipher = new RijndaelEngine();
                    break;
                case CipherAlgorithm.RSA:
                    asymBlockCipher = new RsaBlindedEngine();
                    break;
                case CipherAlgorithm.SALSA20:
                    streamCipher = new Salsa20Engine();
                    break;
                case CipherAlgorithm.SEED:
                    blockCipher = new SeedEngine();
                    break;
                case CipherAlgorithm.SERPENT:
                    blockCipher = new SerpentEngine();
                    break;
                case CipherAlgorithm.SKIPJACK:
                    blockCipher = new SkipjackEngine();
                    break;
                case CipherAlgorithm.TEA:
                    blockCipher = new TeaEngine();
                    break;
                case CipherAlgorithm.TWOFISH:
                    blockCipher = new TwofishEngine();
                    break;
                case CipherAlgorithm.VMPC:
                    streamCipher = new VmpcEngine();
                    break;
                case CipherAlgorithm.VMPC_KSA3:
                    streamCipher = new VmpcKsa3Engine();
                    break;
                case CipherAlgorithm.XTEA:
                    blockCipher = new XteaEngine();
                    break;
                default:
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            if (streamCipher != null)
            {
                if (parts.Length > 1)
                    throw new ArgumentException("Modes and paddings not used for stream ciphers");

                return new BufferedStreamCipher(streamCipher);
            }


            bool cts = false;
            bool padded = true;
            IBlockCipherPadding padding = null;
            IAeadBlockCipher aeadBlockCipher = null;

            if (parts.Length > 2)
            {
                if (streamCipher != null)
                    throw new ArgumentException("Paddings not used for stream ciphers");

                string paddingName = parts[2];

                CipherPadding cipherPadding;
                if (paddingName == "")
                {
                    cipherPadding = CipherPadding.RAW;
                }
                else if (paddingName == "X9.23PADDING")
                {
                    cipherPadding = CipherPadding.X923PADDING;
                }
                else
                {
                    try
                    {
                        cipherPadding = (CipherPadding)Enums.GetEnumValue(typeof(CipherPadding), paddingName);
                    }
                    catch (ArgumentException)
                    {
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                    }
                }

                switch (cipherPadding)
                {
                    case CipherPadding.NOPADDING:
                        padded = false;
                        break;
                    case CipherPadding.RAW:
                        break;
                    case CipherPadding.ISO10126PADDING:
                    case CipherPadding.ISO10126D2PADDING:
                    case CipherPadding.ISO10126_2PADDING:
                        padding = new ISO10126d2Padding();
                        break;
                    case CipherPadding.ISO7816_4PADDING:
                    case CipherPadding.ISO9797_1PADDING:
                        padding = new ISO7816d4Padding();
                        break;
                    case CipherPadding.ISO9796_1:
                    case CipherPadding.ISO9796_1PADDING:
                        asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
                        break;
                    case CipherPadding.OAEP:
                    case CipherPadding.OAEPPADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher);
                        break;
                    case CipherPadding.OAEPWITHMD5ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA1ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_1ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA224ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_224ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA256ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_256ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA384ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_384ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
                        break;
                    case CipherPadding.OAEPWITHSHA512ANDMGF1PADDING:
                    case CipherPadding.OAEPWITHSHA_512ANDMGF1PADDING:
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
                        break;
                    case CipherPadding.PKCS1:
                    case CipherPadding.PKCS1PADDING:
                        asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
                        break;
                    case CipherPadding.PKCS5:
                    case CipherPadding.PKCS5PADDING:
                    case CipherPadding.PKCS7:
                    case CipherPadding.PKCS7PADDING:
                        padding = new Pkcs7Padding();
                        break;
                    case CipherPadding.TBCPADDING:
                        padding = new TbcPadding();
                        break;
                    case CipherPadding.WITHCTS:
                        cts = true;
                        break;
                    case CipherPadding.X923PADDING:
                        padding = new X923Padding();
                        break;
                    case CipherPadding.ZEROBYTEPADDING:
                        padding = new ZeroBytePadding();
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            string mode = "";
            if (parts.Length > 1)
            {
                mode = parts[1];

                int di = GetDigitIndex(mode);
                string modeName = di >= 0 ? mode.Substring(0, di) : mode;

                try
                {
                    CipherMode cipherMode = modeName == ""
                        ? CipherMode.NONE
                        : (CipherMode)Enums.GetEnumValue(typeof(CipherMode), modeName);

                    switch (cipherMode)
                    {
                        case CipherMode.ECB:
                        case CipherMode.NONE:
                            break;
                        case CipherMode.CBC:
                            blockCipher = new CbcBlockCipher(blockCipher);
                            break;
                        case CipherMode.CCM:
                            aeadBlockCipher = new CcmBlockCipher(blockCipher);
                            break;
                        case CipherMode.CFB:
                        {
                            int bits = (di < 0)
                                ?	8 * blockCipher.GetBlockSize()
                                :	int.Parse(mode.Substring(di));
    
                            blockCipher = new CfbBlockCipher(blockCipher, bits);
                            break;
                        }
                        case CipherMode.CTR:
                            blockCipher = new SicBlockCipher(blockCipher);
                            break;
                        case CipherMode.CTS:
                            cts = true;
                            blockCipher = new CbcBlockCipher(blockCipher);
                            break;
                        case CipherMode.EAX:
                            aeadBlockCipher = new EaxBlockCipher(blockCipher);
                            break;
                        case CipherMode.GCM:
                            aeadBlockCipher = new GcmBlockCipher(blockCipher);
                            break;
                        case CipherMode.GOFB:
                            blockCipher = new GOfbBlockCipher(blockCipher);
                            break;
                        case CipherMode.OCB:
                            aeadBlockCipher = new OcbBlockCipher(blockCipher, CreateBlockCipher(cipherAlgorithm));
                            break;
                        case CipherMode.OFB:
                        {
                            int bits = (di < 0)
                                ?	8 * blockCipher.GetBlockSize()
                                :	int.Parse(mode.Substring(di));
    
                            blockCipher = new OfbBlockCipher(blockCipher, bits);
                            break;
                        }
                        case CipherMode.OPENPGPCFB:
                            blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
                            break;
                        case CipherMode.SIC:
                            if (blockCipher.GetBlockSize() < 16)
                            {
                                throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
                            }
                            blockCipher = new SicBlockCipher(blockCipher);
                            break;
                        default:
                            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                    }
                }
                catch (ArgumentException)
                {
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            if (aeadBlockCipher != null)
            {
                if (cts)
                    throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
                if (padded && parts.Length > 2 && parts[2] != "")
                    throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");

                return new BufferedAeadBlockCipher(aeadBlockCipher);
            }

            if (blockCipher != null)
            {
                if (cts)
                {
                    return new CtsBlockCipher(blockCipher);
                }

                if (padding != null)
                {
                    return new PaddedBufferedBlockCipher(blockCipher, padding);
                }

                if (!padded || blockCipher.IsPartialBlockOkay)
                {
                    return new BufferedBlockCipher(blockCipher);
                }

                return new PaddedBufferedBlockCipher(blockCipher);
            }

            if (asymBlockCipher != null)
            {
                return new BufferedAsymmetricBlockCipher(asymBlockCipher);
            }

            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
        }
예제 #4
0
        public static IBufferedCipher GetCipher(
            string algorithm)
        {
            if (algorithm == null)
                throw new ArgumentNullException("algorithm");

            algorithm = algorithm.ToUpper(CultureInfo.InvariantCulture);

            string aliased = (string) algorithms[algorithm];

            if (aliased != null)
                algorithm = aliased;

            IBasicAgreement iesAgreement = null;
            if (algorithm == "IES")
            {
                iesAgreement = new DHBasicAgreement();
            }
            else if (algorithm == "ECIES")
            {
                iesAgreement = new ECDHBasicAgreement();
            }

            if (iesAgreement != null)
            {
                return new BufferedIesCipher(
                    new IesEngine(
                    iesAgreement,
                    new Kdf2BytesGenerator(
                    new Sha1Digest()),
                    new HMac(
                    new Sha1Digest())));
            }

            if (algorithm.StartsWith("PBE"))
            {
                switch (algorithm)
                {
                    case "PBEWITHSHAAND2-KEYTRIPLEDES-CBC":
                    case "PBEWITHSHAAND3-KEYTRIPLEDES-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEdeEngine()));

                    case "PBEWITHSHAAND128BITRC2-CBC":
                    case "PBEWITHSHAAND40BITRC2-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));

                    case "PBEWITHSHAAND128BITAES-CBC-BC":
                    case "PBEWITHSHAAND192BITAES-CBC-BC":
                    case "PBEWITHSHAAND256BITAES-CBC-BC":
                    case "PBEWITHSHA256AND128BITAES-CBC-BC":
                    case "PBEWITHSHA256AND192BITAES-CBC-BC":
                    case "PBEWITHSHA256AND256BITAES-CBC-BC":
                    case "PBEWITHMD5AND128BITAES-CBC-OPENSSL":
                    case "PBEWITHMD5AND192BITAES-CBC-OPENSSL":
                    case "PBEWITHMD5AND256BITAES-CBC-OPENSSL":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new AesFastEngine()));

                    case "PBEWITHSHA1ANDDES-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new DesEngine()));

                    case "PBEWITHSHA1ANDRC2-CBC":
                        return new PaddedBufferedBlockCipher(
                            new CbcBlockCipher(new RC2Engine()));
                }
            }

            string[] parts = algorithm.Split('/');

            IBlockCipher blockCipher = null;
            IAsymmetricBlockCipher asymBlockCipher = null;
            IStreamCipher streamCipher = null;

            switch (parts[0])
            {
                case "AES":
                    blockCipher = new AesFastEngine();
                    break;
                case "ARC4":
                    streamCipher = new RC4Engine();
                    break;
                case "BLOWFISH":
                    blockCipher = new BlowfishEngine();
                    break;
                case "CAMELLIA":
                    blockCipher = new CamelliaEngine();
                    break;
                case "CAST5":
                    blockCipher = new Cast5Engine();
                    break;
                case "CAST6":
                    blockCipher = new Cast6Engine();
                    break;
                case "DES":
                    blockCipher = new DesEngine();
                    break;
                case "DESEDE":
                    blockCipher = new DesEdeEngine();
                    break;
                case "ELGAMAL":
                    asymBlockCipher = new ElGamalEngine();
                    break;
                case "GOST28147":
                    blockCipher = new Gost28147Engine();
                    break;
                case "HC128":
                    streamCipher = new HC128Engine();
                    break;
                case "HC256":
                    streamCipher = new HC256Engine();
                    break;
            #if INCLUDE_IDEA
                case "IDEA":
                    blockCipher = new IdeaEngine();
                    break;
            #endif
                case "NOEKEON":
                    blockCipher = new NoekeonEngine();
                    break;
                case "PBEWITHSHAAND128BITRC4":
                case "PBEWITHSHAAND40BITRC4":
                    streamCipher = new RC4Engine();
                    break;
                case "RC2":
                    blockCipher = new RC2Engine();
                    break;
                case "RC5":
                    blockCipher = new RC532Engine();
                    break;
                case "RC5-64":
                    blockCipher = new RC564Engine();
                    break;
                case "RC6":
                    blockCipher = new RC6Engine();
                    break;
                case "RIJNDAEL":
                    blockCipher = new RijndaelEngine();
                    break;
                case "RSA":
                    asymBlockCipher = new RsaBlindedEngine();
                    break;
                case "SALSA20":
                    streamCipher = new Salsa20Engine();
                    break;
                case "SEED":
                    blockCipher = new SeedEngine();
                    break;
                case "SERPENT":
                    blockCipher = new SerpentEngine();
                    break;
                case "SKIPJACK":
                    blockCipher = new SkipjackEngine();
                    break;
                case "TEA":
                    blockCipher = new TeaEngine();
                    break;
                case "TWOFISH":
                    blockCipher = new TwofishEngine();
                    break;
                case "VMPC":
                    streamCipher = new VmpcEngine();
                    break;
                case "VMPC-KSA3":
                    streamCipher = new VmpcKsa3Engine();
                    break;
                case "XTEA":
                    blockCipher = new XteaEngine();
                    break;
                default:
                    throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
            }

            if (streamCipher != null)
            {
                if (parts.Length > 1)
                    throw new ArgumentException("Modes and paddings not used for stream ciphers");

                return new BufferedStreamCipher(streamCipher);
            }

            bool cts = false;
            bool padded = true;
            IBlockCipherPadding padding = null;
            IAeadBlockCipher aeadBlockCipher = null;

            if (parts.Length > 2)
            {
                if (streamCipher != null)
                    throw new ArgumentException("Paddings not used for stream ciphers");

                switch (parts[2])
                {
                    case "NOPADDING":
                        padded = false;
                        break;
                    case "":
                    case "RAW":
                        break;
                    case "ISO10126PADDING":
                    case "ISO10126D2PADDING":
                    case "ISO10126-2PADDING":
                        padding = new ISO10126d2Padding();
                        break;
                    case "ISO7816-4PADDING":
                    case "ISO9797-1PADDING":
                        padding = new ISO7816d4Padding();
                        break;
                    case "ISO9796-1":
                    case "ISO9796-1PADDING":
                        asymBlockCipher = new ISO9796d1Encoding(asymBlockCipher);
                        break;
                    case "OAEP":
                    case "OAEPPADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher);
                        break;
                    case "OAEPWITHMD5ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new MD5Digest());
                        break;
                    case "OAEPWITHSHA1ANDMGF1PADDING":
                    case "OAEPWITHSHA-1ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha1Digest());
                        break;
                    case "OAEPWITHSHA224ANDMGF1PADDING":
                    case "OAEPWITHSHA-224ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha224Digest());
                        break;
                    case "OAEPWITHSHA256ANDMGF1PADDING":
                    case "OAEPWITHSHA-256ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha256Digest());
                        break;
                    case "OAEPWITHSHA384ANDMGF1PADDING":
                    case "OAEPWITHSHA-384ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha384Digest());
                        break;
                    case "OAEPWITHSHA512ANDMGF1PADDING":
                    case "OAEPWITHSHA-512ANDMGF1PADDING":
                        asymBlockCipher = new OaepEncoding(asymBlockCipher, new Sha512Digest());
                        break;
                    case "PKCS1":
                    case "PKCS1PADDING":
                        asymBlockCipher = new Pkcs1Encoding(asymBlockCipher);
                        break;
                    case "PKCS5":
                    case "PKCS5PADDING":
                    case "PKCS7":
                    case "PKCS7PADDING":
                        padding = new Pkcs7Padding();
                        break;
                    case "TBCPADDING":
                        padding = new TbcPadding();
                        break;
                    case "WITHCTS":
                        cts = true;
                        break;
                    case "X9.23PADDING":
                    case "X923PADDING":
                        padding = new X923Padding();
                        break;
                    case "ZEROBYTEPADDING":
                        padding = new ZeroBytePadding();
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            string mode = "";
            if (parts.Length > 1)
            {
                mode = parts[1];

                int di = GetDigitIndex(mode);
                string modeName = di >= 0 ? mode.Substring(0, di) : mode;

                switch (modeName)
                {
                    case "":
                    case "ECB":
                    case "NONE":
                        break;
                    case "CBC":
                        blockCipher = new CbcBlockCipher(blockCipher);
                        break;
                    case "CCM":
                        aeadBlockCipher = new CcmBlockCipher(blockCipher);
                        break;
                    case "CFB":
                    {
                        int bits = (di < 0)
                            ?	8 * blockCipher.GetBlockSize()
                            :	int.Parse(mode.Substring(di));

                        blockCipher = new CfbBlockCipher(blockCipher, bits);
                        break;
                    }
                    case "CTR":
                        blockCipher = new SicBlockCipher(blockCipher);
                        break;
                    case "CTS":
                        cts = true;
                        blockCipher = new CbcBlockCipher(blockCipher);
                        break;
                    case "EAX":
                        aeadBlockCipher = new EaxBlockCipher(blockCipher);
                        break;
                    case "GCM":
                        aeadBlockCipher = new GcmBlockCipher(blockCipher);
                        break;
                    case "GOFB":
                        blockCipher = new GOfbBlockCipher(blockCipher);
                        break;
                    case "OFB":
                    {
                        int bits = (di < 0)
                            ?	8 * blockCipher.GetBlockSize()
                            :	int.Parse(mode.Substring(di));

                        blockCipher = new OfbBlockCipher(blockCipher, bits);
                        break;
                    }
                    case "OPENPGPCFB":
                        blockCipher = new OpenPgpCfbBlockCipher(blockCipher);
                        break;
                    case "SIC":
                        if (blockCipher.GetBlockSize() < 16)
                        {
                            throw new ArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
                        }
                        blockCipher = new SicBlockCipher(blockCipher);
                        break;
                    default:
                        throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
                }
            }

            if (aeadBlockCipher != null)
            {
                if (cts)
                    throw new SecurityUtilityException("CTS mode not valid for AEAD ciphers.");
                if (padded && parts.Length > 2 && parts[2] != "")
                    throw new SecurityUtilityException("Bad padding specified for AEAD cipher.");

                return new BufferedAeadBlockCipher(aeadBlockCipher);
            }

            if (blockCipher != null)
            {
                if (cts)
                {
                    return new CtsBlockCipher(blockCipher);
                }

                if (padding != null)
                {
                    return new PaddedBufferedBlockCipher(blockCipher, padding);
                }

                if (!padded || blockCipher.IsPartialBlockOkay)
                {
                    return new BufferedBlockCipher(blockCipher);
                }

                return new PaddedBufferedBlockCipher(blockCipher);
            }

            if (asymBlockCipher != null)
            {
                return new BufferedAsymmetricBlockCipher(asymBlockCipher);
            }

            throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
        }
예제 #5
0
        internal static void SalsaCore(int rounds, uint[] input, uint[] x)
        {
            if (input.Length != 16)
            {
                throw new ArgumentException();
            }
            if (x.Length != 16)
            {
                throw new ArgumentException();
            }
            if (rounds % 2 != 0)
            {
                throw new ArgumentException("Number of rounds must be even");
            }
            uint num   = input[0];
            uint num2  = input[1];
            uint num3  = input[2];
            uint num4  = input[3];
            uint num5  = input[4];
            uint num6  = input[5];
            uint num7  = input[6];
            uint num8  = input[7];
            uint num9  = input[8];
            uint num10 = input[9];
            uint num11 = input[10];
            uint num12 = input[11];
            uint num13 = input[12];
            uint num14 = input[13];
            uint num15 = input[14];
            uint num16 = input[15];

            for (int i = rounds; i > 0; i -= 2)
            {
                num5  ^= Salsa20Engine.R(num + num13, 7);
                num9  ^= Salsa20Engine.R(num5 + num, 9);
                num13 ^= Salsa20Engine.R(num9 + num5, 13);
                num   ^= Salsa20Engine.R(num13 + num9, 18);
                num10 ^= Salsa20Engine.R(num6 + num2, 7);
                num14 ^= Salsa20Engine.R(num10 + num6, 9);
                num2  ^= Salsa20Engine.R(num14 + num10, 13);
                num6  ^= Salsa20Engine.R(num2 + num14, 18);
                num15 ^= Salsa20Engine.R(num11 + num7, 7);
                num3  ^= Salsa20Engine.R(num15 + num11, 9);
                num7  ^= Salsa20Engine.R(num3 + num15, 13);
                num11 ^= Salsa20Engine.R(num7 + num3, 18);
                num4  ^= Salsa20Engine.R(num16 + num12, 7);
                num8  ^= Salsa20Engine.R(num4 + num16, 9);
                num12 ^= Salsa20Engine.R(num8 + num4, 13);
                num16 ^= Salsa20Engine.R(num12 + num8, 18);
                num2  ^= Salsa20Engine.R(num + num4, 7);
                num3  ^= Salsa20Engine.R(num2 + num, 9);
                num4  ^= Salsa20Engine.R(num3 + num2, 13);
                num   ^= Salsa20Engine.R(num4 + num3, 18);
                num7  ^= Salsa20Engine.R(num6 + num5, 7);
                num8  ^= Salsa20Engine.R(num7 + num6, 9);
                num5  ^= Salsa20Engine.R(num8 + num7, 13);
                num6  ^= Salsa20Engine.R(num5 + num8, 18);
                num12 ^= Salsa20Engine.R(num11 + num10, 7);
                num9  ^= Salsa20Engine.R(num12 + num11, 9);
                num10 ^= Salsa20Engine.R(num9 + num12, 13);
                num11 ^= Salsa20Engine.R(num10 + num9, 18);
                num13 ^= Salsa20Engine.R(num16 + num15, 7);
                num14 ^= Salsa20Engine.R(num13 + num16, 9);
                num15 ^= Salsa20Engine.R(num14 + num13, 13);
                num16 ^= Salsa20Engine.R(num15 + num14, 18);
            }
            x[0]  = num + input[0];
            x[1]  = num2 + input[1];
            x[2]  = num3 + input[2];
            x[3]  = num4 + input[3];
            x[4]  = num5 + input[4];
            x[5]  = num6 + input[5];
            x[6]  = num7 + input[6];
            x[7]  = num8 + input[7];
            x[8]  = num9 + input[8];
            x[9]  = num10 + input[9];
            x[10] = num11 + input[10];
            x[11] = num12 + input[11];
            x[12] = num13 + input[12];
            x[13] = num14 + input[13];
            x[14] = num15 + input[14];
            x[15] = num16 + input[15];
        }
예제 #6
0
 protected virtual void GenerateKeyStream(byte[] output)
 {
     Salsa20Engine.SalsaCore(this.rounds, this.engineState, this.x);
     Pack.UInt32_To_LE(this.x, output, 0);
 }
예제 #7
0
        internal static void ChachaCore(int rounds, uint[] input, uint[] x)
        {
            if (input.Length != 16)
            {
                throw new ArgumentException();
            }
            if (x.Length != 16)
            {
                throw new ArgumentException();
            }
            if (rounds % 2 != 0)
            {
                throw new ArgumentException("Number of rounds must be even");
            }
            uint num   = input[0];
            uint num2  = input[1];
            uint num3  = input[2];
            uint num4  = input[3];
            uint num5  = input[4];
            uint num6  = input[5];
            uint num7  = input[6];
            uint num8  = input[7];
            uint num9  = input[8];
            uint num10 = input[9];
            uint num11 = input[10];
            uint num12 = input[11];
            uint num13 = input[12];
            uint num14 = input[13];
            uint num15 = input[14];
            uint num16 = input[15];

            for (int i = rounds; i > 0; i -= 2)
            {
                num   += num5;
                num13  = Salsa20Engine.R(num13 ^ num, 16);
                num9  += num13;
                num5   = Salsa20Engine.R(num5 ^ num9, 12);
                num   += num5;
                num13  = Salsa20Engine.R(num13 ^ num, 8);
                num9  += num13;
                num5   = Salsa20Engine.R(num5 ^ num9, 7);
                num2  += num6;
                num14  = Salsa20Engine.R(num14 ^ num2, 16);
                num10 += num14;
                num6   = Salsa20Engine.R(num6 ^ num10, 12);
                num2  += num6;
                num14  = Salsa20Engine.R(num14 ^ num2, 8);
                num10 += num14;
                num6   = Salsa20Engine.R(num6 ^ num10, 7);
                num3  += num7;
                num15  = Salsa20Engine.R(num15 ^ num3, 16);
                num11 += num15;
                num7   = Salsa20Engine.R(num7 ^ num11, 12);
                num3  += num7;
                num15  = Salsa20Engine.R(num15 ^ num3, 8);
                num11 += num15;
                num7   = Salsa20Engine.R(num7 ^ num11, 7);
                num4  += num8;
                num16  = Salsa20Engine.R(num16 ^ num4, 16);
                num12 += num16;
                num8   = Salsa20Engine.R(num8 ^ num12, 12);
                num4  += num8;
                num16  = Salsa20Engine.R(num16 ^ num4, 8);
                num12 += num16;
                num8   = Salsa20Engine.R(num8 ^ num12, 7);
                num   += num6;
                num16  = Salsa20Engine.R(num16 ^ num, 16);
                num11 += num16;
                num6   = Salsa20Engine.R(num6 ^ num11, 12);
                num   += num6;
                num16  = Salsa20Engine.R(num16 ^ num, 8);
                num11 += num16;
                num6   = Salsa20Engine.R(num6 ^ num11, 7);
                num2  += num7;
                num13  = Salsa20Engine.R(num13 ^ num2, 16);
                num12 += num13;
                num7   = Salsa20Engine.R(num7 ^ num12, 12);
                num2  += num7;
                num13  = Salsa20Engine.R(num13 ^ num2, 8);
                num12 += num13;
                num7   = Salsa20Engine.R(num7 ^ num12, 7);
                num3  += num8;
                num14  = Salsa20Engine.R(num14 ^ num3, 16);
                num9  += num14;
                num8   = Salsa20Engine.R(num8 ^ num9, 12);
                num3  += num8;
                num14  = Salsa20Engine.R(num14 ^ num3, 8);
                num9  += num14;
                num8   = Salsa20Engine.R(num8 ^ num9, 7);
                num4  += num5;
                num15  = Salsa20Engine.R(num15 ^ num4, 16);
                num10 += num15;
                num5   = Salsa20Engine.R(num5 ^ num10, 12);
                num4  += num5;
                num15  = Salsa20Engine.R(num15 ^ num4, 8);
                num10 += num15;
                num5   = Salsa20Engine.R(num5 ^ num10, 7);
            }
            x[0]  = num + input[0];
            x[1]  = num2 + input[1];
            x[2]  = num3 + input[2];
            x[3]  = num4 + input[3];
            x[4]  = num5 + input[4];
            x[5]  = num6 + input[5];
            x[6]  = num7 + input[6];
            x[7]  = num8 + input[7];
            x[8]  = num9 + input[8];
            x[9]  = num10 + input[9];
            x[10] = num11 + input[10];
            x[11] = num12 + input[11];
            x[12] = num13 + input[12];
            x[13] = num14 + input[13];
            x[14] = num15 + input[14];
            x[15] = num16 + input[15];
        }
예제 #8
0
        internal static void ChachaCore(int rounds, uint[] input, uint[] x)
        {
            //IL_0007: Unknown result type (might be due to invalid IL or missing references)
            //IL_0014: Unknown result type (might be due to invalid IL or missing references)
            //IL_0024: Unknown result type (might be due to invalid IL or missing references)
            if (input.Length != 16)
            {
                throw new ArgumentException();
            }
            if (x.Length != 16)
            {
                throw new ArgumentException();
            }
            if (rounds % 2 != 0)
            {
                throw new ArgumentException("Number of rounds must be even");
            }
            uint num   = input[0];
            uint num2  = input[1];
            uint num3  = input[2];
            uint num4  = input[3];
            uint num5  = input[4];
            uint num6  = input[5];
            uint num7  = input[6];
            uint num8  = input[7];
            uint num9  = input[8];
            uint num10 = input[9];
            uint num11 = input[10];
            uint num12 = input[11];
            uint num13 = input[12];
            uint num14 = input[13];
            uint num15 = input[14];
            uint num16 = input[15];

            for (int num17 = rounds; num17 > 0; num17 -= 2)
            {
                num   += num5;
                num13  = Salsa20Engine.R(num13 ^ num, 16);
                num9  += num13;
                num5   = Salsa20Engine.R(num5 ^ num9, 12);
                num   += num5;
                num13  = Salsa20Engine.R(num13 ^ num, 8);
                num9  += num13;
                num5   = Salsa20Engine.R(num5 ^ num9, 7);
                num2  += num6;
                num14  = Salsa20Engine.R(num14 ^ num2, 16);
                num10 += num14;
                num6   = Salsa20Engine.R(num6 ^ num10, 12);
                num2  += num6;
                num14  = Salsa20Engine.R(num14 ^ num2, 8);
                num10 += num14;
                num6   = Salsa20Engine.R(num6 ^ num10, 7);
                num3  += num7;
                num15  = Salsa20Engine.R(num15 ^ num3, 16);
                num11 += num15;
                num7   = Salsa20Engine.R(num7 ^ num11, 12);
                num3  += num7;
                num15  = Salsa20Engine.R(num15 ^ num3, 8);
                num11 += num15;
                num7   = Salsa20Engine.R(num7 ^ num11, 7);
                num4  += num8;
                num16  = Salsa20Engine.R(num16 ^ num4, 16);
                num12 += num16;
                num8   = Salsa20Engine.R(num8 ^ num12, 12);
                num4  += num8;
                num16  = Salsa20Engine.R(num16 ^ num4, 8);
                num12 += num16;
                num8   = Salsa20Engine.R(num8 ^ num12, 7);
                num   += num6;
                num16  = Salsa20Engine.R(num16 ^ num, 16);
                num11 += num16;
                num6   = Salsa20Engine.R(num6 ^ num11, 12);
                num   += num6;
                num16  = Salsa20Engine.R(num16 ^ num, 8);
                num11 += num16;
                num6   = Salsa20Engine.R(num6 ^ num11, 7);
                num2  += num7;
                num13  = Salsa20Engine.R(num13 ^ num2, 16);
                num12 += num13;
                num7   = Salsa20Engine.R(num7 ^ num12, 12);
                num2  += num7;
                num13  = Salsa20Engine.R(num13 ^ num2, 8);
                num12 += num13;
                num7   = Salsa20Engine.R(num7 ^ num12, 7);
                num3  += num8;
                num14  = Salsa20Engine.R(num14 ^ num3, 16);
                num9  += num14;
                num8   = Salsa20Engine.R(num8 ^ num9, 12);
                num3  += num8;
                num14  = Salsa20Engine.R(num14 ^ num3, 8);
                num9  += num14;
                num8   = Salsa20Engine.R(num8 ^ num9, 7);
                num4  += num5;
                num15  = Salsa20Engine.R(num15 ^ num4, 16);
                num10 += num15;
                num5   = Salsa20Engine.R(num5 ^ num10, 12);
                num4  += num5;
                num15  = Salsa20Engine.R(num15 ^ num4, 8);
                num10 += num15;
                num5   = Salsa20Engine.R(num5 ^ num10, 7);
            }
            x[0]  = num + input[0];
            x[1]  = num2 + input[1];
            x[2]  = num3 + input[2];
            x[3]  = num4 + input[3];
            x[4]  = num5 + input[4];
            x[5]  = num6 + input[5];
            x[6]  = num7 + input[6];
            x[7]  = num8 + input[7];
            x[8]  = num9 + input[8];
            x[9]  = num10 + input[9];
            x[10] = num11 + input[10];
            x[11] = num12 + input[11];
            x[12] = num13 + input[12];
            x[13] = num14 + input[13];
            x[14] = num15 + input[14];
            x[15] = num16 + input[15];
        }
예제 #9
0
		private void reinitBug()
		{
			KeyParameter key = new KeyParameter(Hex.Decode("80000000000000000000000000000000"));
			ParametersWithIV parameters = new ParametersWithIV(key, Hex.Decode("0000000000000000"));

			IStreamCipher salsa = new Salsa20Engine();

			salsa.Init(true, parameters);

			try
			{
				salsa.Init(true, key);
				Fail("Salsa20 should throw exception if no IV in Init");
			}
			catch (ArgumentException)
			{
			}
		}
예제 #10
0
		private void salsa20Test2(
			ICipherParameters	parameters,
			string				v0,
			string				v65472,
			string				v65536)
		{
			IStreamCipher salsa = new Salsa20Engine();
			byte[]       buf = new byte[64];

			salsa.Init(true, parameters);

			for (int i = 0; i != 1025; i++)
			{
				salsa.ProcessBytes(zeroes, 0, 64, buf, 0);
				switch (i)
				{
				case 0:
					if (!AreEqual(buf, Hex.Decode(v0)))
					{
						mismatch("v0", v0, buf);
					}
					break;
				case 1023:
					if (!AreEqual(buf, Hex.Decode(v65472)))
					{
						mismatch("v65472", v65472, buf);
					}
					break;
				case 1024:
					if (!AreEqual(buf, Hex.Decode(v65536)))
					{
						mismatch("v65536", v65536, buf);
					}
					break;
				default:
					// ignore
					break;
				}
			}
		}
예제 #11
0
		private void salsa20Test1(
			int rounds,
			ICipherParameters	parameters,
			string				v0,
			string				v192,
			string				v256,
			string				v448)
		{
			IStreamCipher salsa = new Salsa20Engine(rounds);
			byte[]       buf = new byte[64];

			salsa.Init(true, parameters);

			for (int i = 0; i != 7; i++)
			{
				salsa.ProcessBytes(zeroes, 0, 64, buf, 0);
				switch (i)
				{
				case 0:
					if (!AreEqual(buf, Hex.Decode(v0)))
					{
						mismatch("v0/" + rounds, v0, buf);
					}
					break;
				case 3:
					if (!AreEqual(buf, Hex.Decode(v192)))
					{
						mismatch("v192/" + rounds, v192, buf);
					}
					break;
				case 4:
					if (!AreEqual(buf, Hex.Decode(v256)))
					{
						mismatch("v256/" + rounds, v256, buf);
					}
					break;
				default:
					// ignore
					break;
				}
			}

			for (int i = 0; i != 64; i++)
			{
				buf[i] = salsa.ReturnByte(zeroes[i]);
			}

			if (!AreEqual(buf, Hex.Decode(v448)))
			{
				mismatch("v448", v448, buf);
			}       
		}
예제 #12
0
파일: AWiz.cs 프로젝트: burstas/rmps
        private BufferedStreamCipher CreateSstreamEngine()
        {
            IStreamCipher engine;
            switch (_MSec.Algorithm)
            {
                case ESec.SSTREAM_HC128:
                    engine = new HC128Engine();
                    _MSec.KeySize = 16;//128
                    _MSec.IVSize = 16;
                    break;
                case ESec.SSTREAM_HC256:
                    engine = new HC256Engine();
                    _MSec.KeySize = 32;
                    _MSec.IVSize = 16;
                    break;
                case ESec.SSTREAM_ISAAC:
                    engine = new IsaacEngine();
                    _MSec.KeySize = 10;
                    _MSec.IVSize = 0;
                    break;
                case ESec.SSTREAM_RC4:
                    engine = new RC4Engine();
                    _MSec.KeySize = 10;
                    _MSec.IVSize = 0;
                    break;
                case ESec.SSTREAM_SALSA20:
                    engine = new Salsa20Engine();
                    _MSec.KeySize = 16;
                    _MSec.IVSize = 8;
                    break;
                case ESec.SSTREAM_VMPC:
                    engine = new VmpcEngine();
                    _MSec.KeySize = 10;
                    _MSec.IVSize = 16;
                    break;
                case ESec.SSTREAM_VMPCKSA3:
                    engine = new VmpcKsa3Engine();
                    _MSec.KeySize = 10;
                    _MSec.IVSize = 16;
                    break;
                default:
                    engine = null;
                    _MSec.KeySize = 0;
                    _MSec.IVSize = 0;
                    break;
            }

            return new BufferedStreamCipher(engine);
        }