SerpentEngineBase.cs 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
  2. using System;
  3. using Org.BouncyCastle.Crypto.Parameters;
  4. using Org.BouncyCastle.Utilities;
  5. namespace Org.BouncyCastle.Crypto.Engines
  6. {
  7. public abstract class SerpentEngineBase
  8. : IBlockCipher
  9. {
  10. protected static readonly int BlockSize = 16;
  11. internal const int ROUNDS = 32;
  12. internal const int PHI = unchecked((int)0x9E3779B9); // (sqrt(5) - 1) * 2**31
  13. protected bool encrypting;
  14. protected int[] wKey;
  15. protected int X0, X1, X2, X3; // registers
  16. protected SerpentEngineBase()
  17. {
  18. }
  19. /**
  20. * initialise a Serpent cipher.
  21. *
  22. * @param encrypting whether or not we are for encryption.
  23. * @param params the parameters required to set up the cipher.
  24. * @throws IllegalArgumentException if the params argument is
  25. * inappropriate.
  26. */
  27. public virtual void Init(bool encrypting, ICipherParameters parameters)
  28. {
  29. if (!(parameters is KeyParameter))
  30. throw new ArgumentException("invalid parameter passed to " + AlgorithmName + " init - " + Org.BouncyCastle.Utilities.Platform.GetTypeName(parameters));
  31. this.encrypting = encrypting;
  32. this.wKey = MakeWorkingKey(((KeyParameter)parameters).GetKey());
  33. }
  34. public virtual string AlgorithmName
  35. {
  36. get { return "Serpent"; }
  37. }
  38. public virtual bool IsPartialBlockOkay
  39. {
  40. get { return false; }
  41. }
  42. public virtual int GetBlockSize()
  43. {
  44. return BlockSize;
  45. }
  46. /**
  47. * Process one block of input from the array in and write it to
  48. * the out array.
  49. *
  50. * @param in the array containing the input data.
  51. * @param inOff offset into the in array the data starts at.
  52. * @param out the array the output data will be copied into.
  53. * @param outOff the offset into the out array the output will start at.
  54. * @return the number of bytes processed and produced.
  55. * @throws DataLengthException if there isn't enough data in in, or
  56. * space in out.
  57. * @throws IllegalStateException if the cipher isn't initialised.
  58. */
  59. public int ProcessBlock(byte[] input, int inOff, byte[] output, int outOff)
  60. {
  61. if (wKey == null)
  62. throw new InvalidOperationException(AlgorithmName + " not initialised");
  63. Check.DataLength(input, inOff, BlockSize, "input buffer too short");
  64. Check.OutputLength(output, outOff, BlockSize, "output buffer too short");
  65. if (encrypting)
  66. {
  67. EncryptBlock(input, inOff, output, outOff);
  68. }
  69. else
  70. {
  71. DecryptBlock(input, inOff, output, outOff);
  72. }
  73. return BlockSize;
  74. }
  75. public virtual void Reset()
  76. {
  77. }
  78. protected static int RotateLeft(int x, int bits)
  79. {
  80. return ((x << bits) | (int) ((uint)x >> (32 - bits)));
  81. }
  82. private static int RotateRight(int x, int bits)
  83. {
  84. return ( (int)((uint)x >> bits) | (x << (32 - bits)));
  85. }
  86. /*
  87. * The sboxes below are based on the work of Brian Gladman and
  88. * Sam Simpson, whose original notice appears below.
  89. * <p>
  90. * For further details see:
  91. * http://fp.gladman.plus.com/cryptography_technology/serpent/
  92. * </p>
  93. */
  94. /* Partially optimised Serpent S Box boolean functions derived */
  95. /* using a recursive descent analyser but without a full search */
  96. /* of all subtrees. This set of S boxes is the result of work */
  97. /* by Sam Simpson and Brian Gladman using the spare time on a */
  98. /* cluster of high capacity servers to search for S boxes with */
  99. /* this customised search engine. There are now an average of */
  100. /* 15.375 terms per S box. */
  101. /* */
  102. /* Copyright: Dr B. R Gladman (gladman@seven77.demon.co.uk) */
  103. /* and Sam Simpson (s.simpson@mia.co.uk) */
  104. /* 17th December 1998 */
  105. /* */
  106. /* We hereby give permission for information in this file to be */
  107. /* used freely subject only to acknowledgement of its origin. */
  108. /*
  109. * S0 - { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } - 15 terms.
  110. */
  111. protected void Sb0(int a, int b, int c, int d)
  112. {
  113. int t1 = a ^ d;
  114. int t3 = c ^ t1;
  115. int t4 = b ^ t3;
  116. X3 = (a & d) ^ t4;
  117. int t7 = a ^ (b & t1);
  118. X2 = t4 ^ (c | t7);
  119. int t12 = X3 & (t3 ^ t7);
  120. X1 = (~t3) ^ t12;
  121. X0 = t12 ^ (~t7);
  122. }
  123. /**
  124. * InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms.
  125. */
  126. protected void Ib0(int a, int b, int c, int d)
  127. {
  128. int t1 = ~a;
  129. int t2 = a ^ b;
  130. int t4 = d ^ (t1 | t2);
  131. int t5 = c ^ t4;
  132. X2 = t2 ^ t5;
  133. int t8 = t1 ^ (d & t2);
  134. X1 = t4 ^ (X2 & t8);
  135. X3 = (a & t4) ^ (t5 | X1);
  136. X0 = X3 ^ (t5 ^ t8);
  137. }
  138. /**
  139. * S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms.
  140. */
  141. protected void Sb1(int a, int b, int c, int d)
  142. {
  143. int t2 = b ^ (~a);
  144. int t5 = c ^ (a | t2);
  145. X2 = d ^ t5;
  146. int t7 = b ^ (d | t2);
  147. int t8 = t2 ^ X2;
  148. X3 = t8 ^ (t5 & t7);
  149. int t11 = t5 ^ t7;
  150. X1 = X3 ^ t11;
  151. X0 = t5 ^ (t8 & t11);
  152. }
  153. /**
  154. * InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps.
  155. */
  156. protected void Ib1(int a, int b, int c, int d)
  157. {
  158. int t1 = b ^ d;
  159. int t3 = a ^ (b & t1);
  160. int t4 = t1 ^ t3;
  161. X3 = c ^ t4;
  162. int t7 = b ^ (t1 & t3);
  163. int t8 = X3 | t7;
  164. X1 = t3 ^ t8;
  165. int t10 = ~X1;
  166. int t11 = X3 ^ t7;
  167. X0 = t10 ^ t11;
  168. X2 = t4 ^ (t10 | t11);
  169. }
  170. /**
  171. * S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms.
  172. */
  173. protected void Sb2(int a, int b, int c, int d)
  174. {
  175. int t1 = ~a;
  176. int t2 = b ^ d;
  177. int t3 = c & t1;
  178. X0 = t2 ^ t3;
  179. int t5 = c ^ t1;
  180. int t6 = c ^ X0;
  181. int t7 = b & t6;
  182. X3 = t5 ^ t7;
  183. X2 = a ^ ((d | t7) & (X0 | t5));
  184. X1 = (t2 ^ X3) ^ (X2 ^ (d | t1));
  185. }
  186. /**
  187. * InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps.
  188. */
  189. protected void Ib2(int a, int b, int c, int d)
  190. {
  191. int t1 = b ^ d;
  192. int t2 = ~t1;
  193. int t3 = a ^ c;
  194. int t4 = c ^ t1;
  195. int t5 = b & t4;
  196. X0 = t3 ^ t5;
  197. int t7 = a | t2;
  198. int t8 = d ^ t7;
  199. int t9 = t3 | t8;
  200. X3 = t1 ^ t9;
  201. int t11 = ~t4;
  202. int t12 = X0 | X3;
  203. X1 = t11 ^ t12;
  204. X2 = (d & t11) ^ (t3 ^ t12);
  205. }
  206. /**
  207. * S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms.
  208. */
  209. protected void Sb3(int a, int b, int c, int d)
  210. {
  211. int t1 = a ^ b;
  212. int t2 = a & c;
  213. int t3 = a | d;
  214. int t4 = c ^ d;
  215. int t5 = t1 & t3;
  216. int t6 = t2 | t5;
  217. X2 = t4 ^ t6;
  218. int t8 = b ^ t3;
  219. int t9 = t6 ^ t8;
  220. int t10 = t4 & t9;
  221. X0 = t1 ^ t10;
  222. int t12 = X2 & X0;
  223. X1 = t9 ^ t12;
  224. X3 = (b | d) ^ (t4 ^ t12);
  225. }
  226. /**
  227. * InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms
  228. */
  229. protected void Ib3(int a, int b, int c, int d)
  230. {
  231. int t1 = a | b;
  232. int t2 = b ^ c;
  233. int t3 = b & t2;
  234. int t4 = a ^ t3;
  235. int t5 = c ^ t4;
  236. int t6 = d | t4;
  237. X0 = t2 ^ t6;
  238. int t8 = t2 | t6;
  239. int t9 = d ^ t8;
  240. X2 = t5 ^ t9;
  241. int t11 = t1 ^ t9;
  242. int t12 = X0 & t11;
  243. X3 = t4 ^ t12;
  244. X1 = X3 ^ (X0 ^ t11);
  245. }
  246. /**
  247. * S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms.
  248. */
  249. protected void Sb4(int a, int b, int c, int d)
  250. {
  251. int t1 = a ^ d;
  252. int t2 = d & t1;
  253. int t3 = c ^ t2;
  254. int t4 = b | t3;
  255. X3 = t1 ^ t4;
  256. int t6 = ~b;
  257. int t7 = t1 | t6;
  258. X0 = t3 ^ t7;
  259. int t9 = a & X0;
  260. int t10 = t1 ^ t6;
  261. int t11 = t4 & t10;
  262. X2 = t9 ^ t11;
  263. X1 = (a ^ t3) ^ (t10 & X2);
  264. }
  265. /**
  266. * InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms.
  267. */
  268. protected void Ib4(int a, int b, int c, int d)
  269. {
  270. int t1 = c | d;
  271. int t2 = a & t1;
  272. int t3 = b ^ t2;
  273. int t4 = a & t3;
  274. int t5 = c ^ t4;
  275. X1 = d ^ t5;
  276. int t7 = ~a;
  277. int t8 = t5 & X1;
  278. X3 = t3 ^ t8;
  279. int t10 = X1 | t7;
  280. int t11 = d ^ t10;
  281. X0 = X3 ^ t11;
  282. X2 = (t3 & t11) ^ (X1 ^ t7);
  283. }
  284. /**
  285. * S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms.
  286. */
  287. protected void Sb5(int a, int b, int c, int d)
  288. {
  289. int t1 = ~a;
  290. int t2 = a ^ b;
  291. int t3 = a ^ d;
  292. int t4 = c ^ t1;
  293. int t5 = t2 | t3;
  294. X0 = t4 ^ t5;
  295. int t7 = d & X0;
  296. int t8 = t2 ^ X0;
  297. X1 = t7 ^ t8;
  298. int t10 = t1 | X0;
  299. int t11 = t2 | t7;
  300. int t12 = t3 ^ t10;
  301. X2 = t11 ^ t12;
  302. X3 = (b ^ t7) ^ (X1 & t12);
  303. }
  304. /**
  305. * InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms.
  306. */
  307. protected void Ib5(int a, int b, int c, int d)
  308. {
  309. int t1 = ~c;
  310. int t2 = b & t1;
  311. int t3 = d ^ t2;
  312. int t4 = a & t3;
  313. int t5 = b ^ t1;
  314. X3 = t4 ^ t5;
  315. int t7 = b | X3;
  316. int t8 = a & t7;
  317. X1 = t3 ^ t8;
  318. int t10 = a | d;
  319. int t11 = t1 ^ t7;
  320. X0 = t10 ^ t11;
  321. X2 = (b & t10) ^ (t4 | (a ^ c));
  322. }
  323. /**
  324. * S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms.
  325. */
  326. protected void Sb6(int a, int b, int c, int d)
  327. {
  328. int t1 = ~a;
  329. int t2 = a ^ d;
  330. int t3 = b ^ t2;
  331. int t4 = t1 | t2;
  332. int t5 = c ^ t4;
  333. X1 = b ^ t5;
  334. int t7 = t2 | X1;
  335. int t8 = d ^ t7;
  336. int t9 = t5 & t8;
  337. X2 = t3 ^ t9;
  338. int t11 = t5 ^ t8;
  339. X0 = X2 ^ t11;
  340. X3 = (~t5) ^ (t3 & t11);
  341. }
  342. /**
  343. * InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms.
  344. */
  345. protected void Ib6(int a, int b, int c, int d)
  346. {
  347. int t1 = ~a;
  348. int t2 = a ^ b;
  349. int t3 = c ^ t2;
  350. int t4 = c | t1;
  351. int t5 = d ^ t4;
  352. X1 = t3 ^ t5;
  353. int t7 = t3 & t5;
  354. int t8 = t2 ^ t7;
  355. int t9 = b | t8;
  356. X3 = t5 ^ t9;
  357. int t11 = b | X3;
  358. X0 = t8 ^ t11;
  359. X2 = (d & t1) ^ (t3 ^ t11);
  360. }
  361. /**
  362. * S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms.
  363. */
  364. protected void Sb7(int a, int b, int c, int d)
  365. {
  366. int t1 = b ^ c;
  367. int t2 = c & t1;
  368. int t3 = d ^ t2;
  369. int t4 = a ^ t3;
  370. int t5 = d | t1;
  371. int t6 = t4 & t5;
  372. X1 = b ^ t6;
  373. int t8 = t3 | X1;
  374. int t9 = a & t4;
  375. X3 = t1 ^ t9;
  376. int t11 = t4 ^ t8;
  377. int t12 = X3 & t11;
  378. X2 = t3 ^ t12;
  379. X0 = (~t11) ^ (X3 & X2);
  380. }
  381. /**
  382. * InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms.
  383. */
  384. protected void Ib7(int a, int b, int c, int d)
  385. {
  386. int t3 = c | (a & b);
  387. int t4 = d & (a | b);
  388. X3 = t3 ^ t4;
  389. int t6 = ~d;
  390. int t7 = b ^ t4;
  391. int t9 = t7 | (X3 ^ t6);
  392. X1 = a ^ t9;
  393. X0 = (c ^ t7) ^ (d | X1);
  394. X2 = (t3 ^ X1) ^ (X0 ^ (a & X3));
  395. }
  396. /**
  397. * Apply the linear transformation to the register set.
  398. */
  399. protected void LT()
  400. {
  401. int x0 = RotateLeft(X0, 13);
  402. int x2 = RotateLeft(X2, 3);
  403. int x1 = X1 ^ x0 ^ x2;
  404. int x3 = X3 ^ x2 ^ x0 << 3;
  405. X1 = RotateLeft(x1, 1);
  406. X3 = RotateLeft(x3, 7);
  407. X0 = RotateLeft(x0 ^ X1 ^ X3, 5);
  408. X2 = RotateLeft(x2 ^ X3 ^ (X1 << 7), 22);
  409. }
  410. /**
  411. * Apply the inverse of the linear transformation to the register set.
  412. */
  413. protected void InverseLT()
  414. {
  415. int x2 = RotateRight(X2, 22) ^ X3 ^ (X1 << 7);
  416. int x0 = RotateRight(X0, 5) ^ X1 ^ X3;
  417. int x3 = RotateRight(X3, 7);
  418. int x1 = RotateRight(X1, 1);
  419. X3 = x3 ^ x2 ^ x0 << 3;
  420. X1 = x1 ^ x0 ^ x2;
  421. X2 = RotateRight(x2, 3);
  422. X0 = RotateRight(x0, 13);
  423. }
  424. protected abstract int[] MakeWorkingKey(byte[] key);
  425. protected abstract void EncryptBlock(byte[] input, int inOff, byte[] output, int outOff);
  426. protected abstract void DecryptBlock(byte[] input, int inOff, byte[] output, int outOff);
  427. }
  428. }
  429. #endif