diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-05-24 12:48:52 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-05-24 12:48:52 +0700 |
| commit | 017ebcc7e78ded8046a89437dc1b56f9f1eb259f (patch) | |
| tree | a34fed7d1db542e608a195129ea1e20a1a9c57bd | |
| parent | Noekeon improvements (diff) | |
| download | BouncyCastle.NET-ed25519-017ebcc7e78ded8046a89437dc1b56f9f1eb259f.tar.xz | |
Add support for ARIA
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 16 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 18 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 16 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 16 | ||||
| -rw-r--r-- | crypto/src/asn1/nsri/NsriObjectIdentifiers.cs | 59 | ||||
| -rw-r--r-- | crypto/src/crypto/engines/AriaEngine.cs | 421 | ||||
| -rw-r--r-- | crypto/src/security/CipherUtilities.cs | 58 | ||||
| -rw-r--r-- | crypto/src/security/GeneratorUtilities.cs | 49 | ||||
| -rw-r--r-- | crypto/src/security/ParameterUtilities.cs | 40 | ||||
| -rw-r--r-- | crypto/test/UnitTests.csproj | 3 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/AriaTest.cs | 180 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/RegressionTest.cs | 1 |
12 files changed, 837 insertions, 40 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 11ff7d951..af8757ff7 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -56,7 +56,6 @@ <Compile Include="bzip2\src\CBZip2InputStream.cs" /> <Compile Include="bzip2\src\CBZip2OutputStream.cs" /> <Compile Include="bzip2\src\CRC.cs" /> - <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\AssemblyInfo.cs" /> <Compile Include="src\asn1\ASN1Generator.cs" /> <Compile Include="src\asn1\ASN1OctetStringParser.cs" /> @@ -77,6 +76,7 @@ <Compile Include="src\asn1\Asn1Set.cs" /> <Compile Include="src\asn1\Asn1TaggedObject.cs" /> <Compile Include="src\asn1\Asn1Tags.cs" /> + <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\asn1\BERGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringParser.cs" /> @@ -329,6 +329,7 @@ <Compile Include="src\asn1\nist\KMACwithSHAKE256_params.cs" /> <Compile Include="src\asn1\nist\NISTNamedCurves.cs" /> <Compile Include="src\asn1\nist\NISTObjectIdentifiers.cs" /> + <Compile Include="src\asn1\nsri\NsriObjectIdentifiers.cs" /> <Compile Include="src\asn1\ntt\NTTObjectIdentifiers.cs" /> <Compile Include="src\asn1\ocsp\BasicOCSPResponse.cs" /> <Compile Include="src\asn1\ocsp\CertID.cs" /> @@ -670,12 +671,6 @@ <Compile Include="src\crypto\CipherKeyGenerator.cs" /> <Compile Include="src\crypto\CryptoException.cs" /> <Compile Include="src\crypto\DataLengthException.cs" /> - <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> - <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> - <Compile Include="src\crypto\engines\TnepresEngine.cs" /> - <Compile Include="src\crypto\generators\BCrypt.cs" /> - <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> - <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\IAsymmetricBlockCipher.cs" /> <Compile Include="src\crypto\IAsymmetricCipherKeyPairGenerator.cs" /> <Compile Include="src\crypto\IBasicAgreement.cs" /> @@ -762,6 +757,7 @@ <Compile Include="src\crypto\digests\MD2Digest.cs" /> <Compile Include="src\crypto\digests\MD4Digest.cs" /> <Compile Include="src\crypto\digests\MD5Digest.cs" /> + <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> <Compile Include="src\crypto\digests\NullDigest.cs" /> <Compile Include="src\crypto\digests\RipeMD128Digest.cs" /> <Compile Include="src\crypto\digests\RipeMD160Digest.cs" /> @@ -790,6 +786,7 @@ <Compile Include="src\crypto\engines\AesFastEngine.cs" /> <Compile Include="src\crypto\engines\AesLightEngine.cs" /> <Compile Include="src\crypto\engines\AesWrapEngine.cs" /> + <Compile Include="src\crypto\engines\AriaEngine.cs" /> <Compile Include="src\crypto\engines\BlowfishEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaLightEngine.cs" /> @@ -830,17 +827,20 @@ <Compile Include="src\crypto\engines\SEEDWrapEngine.cs" /> <Compile Include="src\crypto\engines\Salsa20Engine.cs" /> <Compile Include="src\crypto\engines\SerpentEngine.cs" /> + <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> <Compile Include="src\crypto\engines\SkipjackEngine.cs" /> <Compile Include="src\crypto\engines\SM2Engine.cs" /> <Compile Include="src\crypto\engines\SM4Engine.cs" /> <Compile Include="src\crypto\engines\TEAEngine.cs" /> <Compile Include="src\crypto\engines\ThreefishEngine.cs" /> + <Compile Include="src\crypto\engines\TnepresEngine.cs" /> <Compile Include="src\crypto\engines\TwofishEngine.cs" /> <Compile Include="src\crypto\engines\VMPCEngine.cs" /> <Compile Include="src\crypto\engines\VMPCKSA3Engine.cs" /> <Compile Include="src\crypto\engines\XSalsa20Engine.cs" /> <Compile Include="src\crypto\engines\XTEAEngine.cs" /> <Compile Include="src\crypto\generators\BaseKdfBytesGenerator.cs" /> + <Compile Include="src\crypto\generators\BCrypt.cs" /> <Compile Include="src\crypto\generators\DHBasicKeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\DHKeyGeneratorHelper.cs" /> <Compile Include="src\crypto\generators\DHKeyPairGenerator.cs" /> @@ -857,6 +857,7 @@ <Compile Include="src\crypto\generators\ElGamalParametersGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410KeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410ParametersGenerator.cs" /> + <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf2BytesGenerator.cs" /> <Compile Include="src\crypto\generators\KDFCounterBytesGenerator.cs" /> @@ -864,6 +865,7 @@ <Compile Include="src\crypto\generators\KDFFeedbackBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Mgf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\NaccacheSternKeyPairGenerator.cs" /> + <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\generators\OpenSSLPBEParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs12ParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs5S1ParametersGenerator.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index 30077e1ef..ab6f3fee5 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -50,7 +50,6 @@ <Compile Include="bzip2\src\CBZip2InputStream.cs" /> <Compile Include="bzip2\src\CBZip2OutputStream.cs" /> <Compile Include="bzip2\src\CRC.cs" /> - <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\AssemblyInfo.cs" /> <Compile Include="src\asn1\ASN1Generator.cs" /> <Compile Include="src\asn1\ASN1OctetStringParser.cs" /> @@ -71,6 +70,7 @@ <Compile Include="src\asn1\Asn1Set.cs" /> <Compile Include="src\asn1\Asn1TaggedObject.cs" /> <Compile Include="src\asn1\Asn1Tags.cs" /> + <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\asn1\BERGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringParser.cs" /> @@ -323,6 +323,7 @@ <Compile Include="src\asn1\nist\KMACwithSHAKE256_params.cs" /> <Compile Include="src\asn1\nist\NISTNamedCurves.cs" /> <Compile Include="src\asn1\nist\NISTObjectIdentifiers.cs" /> + <Compile Include="src\asn1\nsri\NsriObjectIdentifiers.cs" /> <Compile Include="src\asn1\ntt\NTTObjectIdentifiers.cs" /> <Compile Include="src\asn1\ocsp\BasicOCSPResponse.cs" /> <Compile Include="src\asn1\ocsp\CertID.cs" /> @@ -664,12 +665,6 @@ <Compile Include="src\crypto\CipherKeyGenerator.cs" /> <Compile Include="src\crypto\CryptoException.cs" /> <Compile Include="src\crypto\DataLengthException.cs" /> - <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> - <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> - <Compile Include="src\crypto\engines\TnepresEngine.cs" /> - <Compile Include="src\crypto\generators\BCrypt.cs" /> - <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> - <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\IAsymmetricBlockCipher.cs" /> <Compile Include="src\crypto\IAsymmetricCipherKeyPairGenerator.cs" /> <Compile Include="src\crypto\IBasicAgreement.cs" /> @@ -756,6 +751,7 @@ <Compile Include="src\crypto\digests\MD2Digest.cs" /> <Compile Include="src\crypto\digests\MD4Digest.cs" /> <Compile Include="src\crypto\digests\MD5Digest.cs" /> + <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> <Compile Include="src\crypto\digests\NullDigest.cs" /> <Compile Include="src\crypto\digests\RipeMD128Digest.cs" /> <Compile Include="src\crypto\digests\RipeMD160Digest.cs" /> @@ -784,6 +780,7 @@ <Compile Include="src\crypto\engines\AesFastEngine.cs" /> <Compile Include="src\crypto\engines\AesLightEngine.cs" /> <Compile Include="src\crypto\engines\AesWrapEngine.cs" /> + <Compile Include="src\crypto\engines\AriaEngine.cs" /> <Compile Include="src\crypto\engines\BlowfishEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaLightEngine.cs" /> @@ -824,17 +821,20 @@ <Compile Include="src\crypto\engines\SEEDWrapEngine.cs" /> <Compile Include="src\crypto\engines\Salsa20Engine.cs" /> <Compile Include="src\crypto\engines\SerpentEngine.cs" /> + <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> <Compile Include="src\crypto\engines\SkipjackEngine.cs" /> <Compile Include="src\crypto\engines\SM2Engine.cs" /> <Compile Include="src\crypto\engines\SM4Engine.cs" /> <Compile Include="src\crypto\engines\TEAEngine.cs" /> <Compile Include="src\crypto\engines\ThreefishEngine.cs" /> + <Compile Include="src\crypto\engines\TnepresEngine.cs" /> <Compile Include="src\crypto\engines\TwofishEngine.cs" /> <Compile Include="src\crypto\engines\VMPCEngine.cs" /> <Compile Include="src\crypto\engines\VMPCKSA3Engine.cs" /> <Compile Include="src\crypto\engines\XSalsa20Engine.cs" /> <Compile Include="src\crypto\engines\XTEAEngine.cs" /> <Compile Include="src\crypto\generators\BaseKdfBytesGenerator.cs" /> + <Compile Include="src\crypto\generators\BCrypt.cs" /> <Compile Include="src\crypto\generators\DHBasicKeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\DHKeyGeneratorHelper.cs" /> <Compile Include="src\crypto\generators\DHKeyPairGenerator.cs" /> @@ -851,6 +851,7 @@ <Compile Include="src\crypto\generators\ElGamalParametersGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410KeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410ParametersGenerator.cs" /> + <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf2BytesGenerator.cs" /> <Compile Include="src\crypto\generators\KDFCounterBytesGenerator.cs" /> @@ -858,6 +859,7 @@ <Compile Include="src\crypto\generators\KDFFeedbackBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Mgf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\NaccacheSternKeyPairGenerator.cs" /> + <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\generators\OpenSSLPBEParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs12ParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs5S1ParametersGenerator.cs" /> @@ -1670,4 +1672,4 @@ <None Include="checklist.txt" /> </ItemGroup> <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" /> -</Project> \ No newline at end of file +</Project> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index 451411bb2..3f776b98e 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -51,7 +51,6 @@ <Compile Include="bzip2\src\CBZip2InputStream.cs" /> <Compile Include="bzip2\src\CBZip2OutputStream.cs" /> <Compile Include="bzip2\src\CRC.cs" /> - <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\AssemblyInfo.cs" /> <Compile Include="src\asn1\ASN1Generator.cs" /> <Compile Include="src\asn1\ASN1OctetStringParser.cs" /> @@ -72,6 +71,7 @@ <Compile Include="src\asn1\Asn1Set.cs" /> <Compile Include="src\asn1\Asn1TaggedObject.cs" /> <Compile Include="src\asn1\Asn1Tags.cs" /> + <Compile Include="src\asn1\BERBitString.cs" /> <Compile Include="src\asn1\BERGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringGenerator.cs" /> <Compile Include="src\asn1\BEROctetStringParser.cs" /> @@ -324,6 +324,7 @@ <Compile Include="src\asn1\nist\KMACwithSHAKE256_params.cs" /> <Compile Include="src\asn1\nist\NISTNamedCurves.cs" /> <Compile Include="src\asn1\nist\NISTObjectIdentifiers.cs" /> + <Compile Include="src\asn1\nsri\NsriObjectIdentifiers.cs" /> <Compile Include="src\asn1\ntt\NTTObjectIdentifiers.cs" /> <Compile Include="src\asn1\ocsp\BasicOCSPResponse.cs" /> <Compile Include="src\asn1\ocsp\CertID.cs" /> @@ -665,12 +666,6 @@ <Compile Include="src\crypto\CipherKeyGenerator.cs" /> <Compile Include="src\crypto\CryptoException.cs" /> <Compile Include="src\crypto\DataLengthException.cs" /> - <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> - <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> - <Compile Include="src\crypto\engines\TnepresEngine.cs" /> - <Compile Include="src\crypto\generators\BCrypt.cs" /> - <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> - <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\IAsymmetricBlockCipher.cs" /> <Compile Include="src\crypto\IAsymmetricCipherKeyPairGenerator.cs" /> <Compile Include="src\crypto\IBasicAgreement.cs" /> @@ -757,6 +752,7 @@ <Compile Include="src\crypto\digests\MD2Digest.cs" /> <Compile Include="src\crypto\digests\MD4Digest.cs" /> <Compile Include="src\crypto\digests\MD5Digest.cs" /> + <Compile Include="src\crypto\digests\NonMemoableDigest.cs" /> <Compile Include="src\crypto\digests\NullDigest.cs" /> <Compile Include="src\crypto\digests\RipeMD128Digest.cs" /> <Compile Include="src\crypto\digests\RipeMD160Digest.cs" /> @@ -785,6 +781,7 @@ <Compile Include="src\crypto\engines\AesFastEngine.cs" /> <Compile Include="src\crypto\engines\AesLightEngine.cs" /> <Compile Include="src\crypto\engines\AesWrapEngine.cs" /> + <Compile Include="src\crypto\engines\AriaEngine.cs" /> <Compile Include="src\crypto\engines\BlowfishEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaEngine.cs" /> <Compile Include="src\crypto\engines\CamelliaLightEngine.cs" /> @@ -825,17 +822,20 @@ <Compile Include="src\crypto\engines\SEEDWrapEngine.cs" /> <Compile Include="src\crypto\engines\Salsa20Engine.cs" /> <Compile Include="src\crypto\engines\SerpentEngine.cs" /> + <Compile Include="src\crypto\engines\SerpentEngineBase.cs" /> <Compile Include="src\crypto\engines\SkipjackEngine.cs" /> <Compile Include="src\crypto\engines\SM2Engine.cs" /> <Compile Include="src\crypto\engines\SM4Engine.cs" /> <Compile Include="src\crypto\engines\TEAEngine.cs" /> <Compile Include="src\crypto\engines\ThreefishEngine.cs" /> + <Compile Include="src\crypto\engines\TnepresEngine.cs" /> <Compile Include="src\crypto\engines\TwofishEngine.cs" /> <Compile Include="src\crypto\engines\VMPCEngine.cs" /> <Compile Include="src\crypto\engines\VMPCKSA3Engine.cs" /> <Compile Include="src\crypto\engines\XSalsa20Engine.cs" /> <Compile Include="src\crypto\engines\XTEAEngine.cs" /> <Compile Include="src\crypto\generators\BaseKdfBytesGenerator.cs" /> + <Compile Include="src\crypto\generators\BCrypt.cs" /> <Compile Include="src\crypto\generators\DHBasicKeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\DHKeyGeneratorHelper.cs" /> <Compile Include="src\crypto\generators\DHKeyPairGenerator.cs" /> @@ -852,6 +852,7 @@ <Compile Include="src\crypto\generators\ElGamalParametersGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410KeyPairGenerator.cs" /> <Compile Include="src\crypto\generators\GOST3410ParametersGenerator.cs" /> + <Compile Include="src\crypto\generators\HKDFBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\Kdf2BytesGenerator.cs" /> <Compile Include="src\crypto\generators\KDFCounterBytesGenerator.cs" /> @@ -859,6 +860,7 @@ <Compile Include="src\crypto\generators\KDFFeedbackBytesGenerator.cs" /> <Compile Include="src\crypto\generators\Mgf1BytesGenerator.cs" /> <Compile Include="src\crypto\generators\NaccacheSternKeyPairGenerator.cs" /> + <Compile Include="src\crypto\generators\OpenBsdBCrypt.cs" /> <Compile Include="src\crypto\generators\OpenSSLPBEParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs12ParametersGenerator.cs" /> <Compile Include="src\crypto\generators\Pkcs5S1ParametersGenerator.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 38be94ebf..e39070c66 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -1504,6 +1504,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\asn1\nsri\NsriObjectIdentifiers.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\asn1\ntt\NTTObjectIdentifiers.cs" SubType = "Code" BuildAction = "Compile" @@ -3779,6 +3784,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\engines\AriaEngine.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\engines\BlowfishEngine.cs" SubType = "Code" BuildAction = "Compile" @@ -12177,6 +12187,11 @@ BuildAction = "Compile" /> <File + RelPath = "test\src\crypto\test\AriaTest.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "test\src\crypto\test\Blake2bDigestTest.cs" SubType = "Code" BuildAction = "Compile" @@ -13780,4 +13795,3 @@ </Files> </CSHARP> </VisualStudioProject> - diff --git a/crypto/src/asn1/nsri/NsriObjectIdentifiers.cs b/crypto/src/asn1/nsri/NsriObjectIdentifiers.cs new file mode 100644 index 000000000..69d393fc6 --- /dev/null +++ b/crypto/src/asn1/nsri/NsriObjectIdentifiers.cs @@ -0,0 +1,59 @@ +using System; + +namespace Org.BouncyCastle.Asn1.Nsri +{ + public sealed class NsriObjectIdentifiers + { + public static readonly DerObjectIdentifier nsri = new DerObjectIdentifier("1.2.410.200046"); + + public static readonly DerObjectIdentifier id_algorithm = nsri.Branch("1"); + + public static readonly DerObjectIdentifier id_sea = id_algorithm.Branch("1"); + public static readonly DerObjectIdentifier id_pad = id_algorithm.Branch("2"); + + public static readonly DerObjectIdentifier id_pad_null = id_algorithm.Branch("0"); + public static readonly DerObjectIdentifier id_pad_1 = id_algorithm.Branch("1"); + + public static readonly DerObjectIdentifier id_aria128_ecb = id_sea.Branch("1"); + public static readonly DerObjectIdentifier id_aria128_cbc = id_sea.Branch("2"); + public static readonly DerObjectIdentifier id_aria128_cfb = id_sea.Branch("3"); + public static readonly DerObjectIdentifier id_aria128_ofb = id_sea.Branch("4"); + public static readonly DerObjectIdentifier id_aria128_ctr = id_sea.Branch("5"); + + public static readonly DerObjectIdentifier id_aria192_ecb = id_sea.Branch("6"); + public static readonly DerObjectIdentifier id_aria192_cbc = id_sea.Branch("7"); + public static readonly DerObjectIdentifier id_aria192_cfb = id_sea.Branch("8"); + public static readonly DerObjectIdentifier id_aria192_ofb = id_sea.Branch("9"); + public static readonly DerObjectIdentifier id_aria192_ctr = id_sea.Branch("10"); + + public static readonly DerObjectIdentifier id_aria256_ecb = id_sea.Branch("11"); + public static readonly DerObjectIdentifier id_aria256_cbc = id_sea.Branch("12"); + public static readonly DerObjectIdentifier id_aria256_cfb = id_sea.Branch("13"); + public static readonly DerObjectIdentifier id_aria256_ofb = id_sea.Branch("14"); + public static readonly DerObjectIdentifier id_aria256_ctr = id_sea.Branch("15"); + + public static readonly DerObjectIdentifier id_aria128_cmac = id_sea.Branch("21"); + public static readonly DerObjectIdentifier id_aria192_cmac = id_sea.Branch("22"); + public static readonly DerObjectIdentifier id_aria256_cmac = id_sea.Branch("23"); + + public static readonly DerObjectIdentifier id_aria128_ocb2 = id_sea.Branch("31"); + public static readonly DerObjectIdentifier id_aria192_ocb2 = id_sea.Branch("32"); + public static readonly DerObjectIdentifier id_aria256_ocb2 = id_sea.Branch("33"); + + public static readonly DerObjectIdentifier id_aria128_gcm = id_sea.Branch("34"); + public static readonly DerObjectIdentifier id_aria192_gcm = id_sea.Branch("35"); + public static readonly DerObjectIdentifier id_aria256_gcm = id_sea.Branch("36"); + + public static readonly DerObjectIdentifier id_aria128_ccm = id_sea.Branch("37"); + public static readonly DerObjectIdentifier id_aria192_ccm = id_sea.Branch("38"); + public static readonly DerObjectIdentifier id_aria256_ccm = id_sea.Branch("39"); + + public static readonly DerObjectIdentifier id_aria128_kw = id_sea.Branch("40"); + public static readonly DerObjectIdentifier id_aria192_kw = id_sea.Branch("41"); + public static readonly DerObjectIdentifier id_aria256_kw = id_sea.Branch("42"); + + public static readonly DerObjectIdentifier id_aria128_kwp = id_sea.Branch("43"); + public static readonly DerObjectIdentifier id_aria192_kwp = id_sea.Branch("44"); + public static readonly DerObjectIdentifier id_aria256_kwp = id_sea.Branch("45"); + } +} diff --git a/crypto/src/crypto/engines/AriaEngine.cs b/crypto/src/crypto/engines/AriaEngine.cs new file mode 100644 index 000000000..2f94dc048 --- /dev/null +++ b/crypto/src/crypto/engines/AriaEngine.cs @@ -0,0 +1,421 @@ +using System; + +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; + +namespace Org.BouncyCastle.Crypto.Engines +{ + /** + * RFC 5794. + * + * ARIA is a 128-bit block cipher with 128-, 192-, and 256-bit keys. + */ + public class AriaEngine + : IBlockCipher + { + private static readonly byte[][] C = { Hex.DecodeStrict("517cc1b727220a94fe13abe8fa9a6ee0"), + Hex.DecodeStrict("6db14acc9e21c820ff28b1d5ef5de2b0"), Hex.DecodeStrict("db92371d2126e9700324977504e8c90e") }; + + private static readonly byte[] SB1_sbox = { (byte)0x63, (byte)0x7c, (byte)0x77, (byte)0x7b, (byte)0xf2, (byte)0x6b, + (byte)0x6f, (byte)0xc5, (byte)0x30, (byte)0x01, (byte)0x67, (byte)0x2b, (byte)0xfe, (byte)0xd7, (byte)0xab, + (byte)0x76, (byte)0xca, (byte)0x82, (byte)0xc9, (byte)0x7d, (byte)0xfa, (byte)0x59, (byte)0x47, (byte)0xf0, + (byte)0xad, (byte)0xd4, (byte)0xa2, (byte)0xaf, (byte)0x9c, (byte)0xa4, (byte)0x72, (byte)0xc0, (byte)0xb7, + (byte)0xfd, (byte)0x93, (byte)0x26, (byte)0x36, (byte)0x3f, (byte)0xf7, (byte)0xcc, (byte)0x34, (byte)0xa5, + (byte)0xe5, (byte)0xf1, (byte)0x71, (byte)0xd8, (byte)0x31, (byte)0x15, (byte)0x04, (byte)0xc7, (byte)0x23, + (byte)0xc3, (byte)0x18, (byte)0x96, (byte)0x05, (byte)0x9a, (byte)0x07, (byte)0x12, (byte)0x80, (byte)0xe2, + (byte)0xeb, (byte)0x27, (byte)0xb2, (byte)0x75, (byte)0x09, (byte)0x83, (byte)0x2c, (byte)0x1a, (byte)0x1b, + (byte)0x6e, (byte)0x5a, (byte)0xa0, (byte)0x52, (byte)0x3b, (byte)0xd6, (byte)0xb3, (byte)0x29, (byte)0xe3, + (byte)0x2f, (byte)0x84, (byte)0x53, (byte)0xd1, (byte)0x00, (byte)0xed, (byte)0x20, (byte)0xfc, (byte)0xb1, + (byte)0x5b, (byte)0x6a, (byte)0xcb, (byte)0xbe, (byte)0x39, (byte)0x4a, (byte)0x4c, (byte)0x58, (byte)0xcf, + (byte)0xd0, (byte)0xef, (byte)0xaa, (byte)0xfb, (byte)0x43, (byte)0x4d, (byte)0x33, (byte)0x85, (byte)0x45, + (byte)0xf9, (byte)0x02, (byte)0x7f, (byte)0x50, (byte)0x3c, (byte)0x9f, (byte)0xa8, (byte)0x51, (byte)0xa3, + (byte)0x40, (byte)0x8f, (byte)0x92, (byte)0x9d, (byte)0x38, (byte)0xf5, (byte)0xbc, (byte)0xb6, (byte)0xda, + (byte)0x21, (byte)0x10, (byte)0xff, (byte)0xf3, (byte)0xd2, (byte)0xcd, (byte)0x0c, (byte)0x13, (byte)0xec, + (byte)0x5f, (byte)0x97, (byte)0x44, (byte)0x17, (byte)0xc4, (byte)0xa7, (byte)0x7e, (byte)0x3d, (byte)0x64, + (byte)0x5d, (byte)0x19, (byte)0x73, (byte)0x60, (byte)0x81, (byte)0x4f, (byte)0xdc, (byte)0x22, (byte)0x2a, + (byte)0x90, (byte)0x88, (byte)0x46, (byte)0xee, (byte)0xb8, (byte)0x14, (byte)0xde, (byte)0x5e, (byte)0x0b, + (byte)0xdb, (byte)0xe0, (byte)0x32, (byte)0x3a, (byte)0x0a, (byte)0x49, (byte)0x06, (byte)0x24, (byte)0x5c, + (byte)0xc2, (byte)0xd3, (byte)0xac, (byte)0x62, (byte)0x91, (byte)0x95, (byte)0xe4, (byte)0x79, (byte)0xe7, + (byte)0xc8, (byte)0x37, (byte)0x6d, (byte)0x8d, (byte)0xd5, (byte)0x4e, (byte)0xa9, (byte)0x6c, (byte)0x56, + (byte)0xf4, (byte)0xea, (byte)0x65, (byte)0x7a, (byte)0xae, (byte)0x08, (byte)0xba, (byte)0x78, (byte)0x25, + (byte)0x2e, (byte)0x1c, (byte)0xa6, (byte)0xb4, (byte)0xc6, (byte)0xe8, (byte)0xdd, (byte)0x74, (byte)0x1f, + (byte)0x4b, (byte)0xbd, (byte)0x8b, (byte)0x8a, (byte)0x70, (byte)0x3e, (byte)0xb5, (byte)0x66, (byte)0x48, + (byte)0x03, (byte)0xf6, (byte)0x0e, (byte)0x61, (byte)0x35, (byte)0x57, (byte)0xb9, (byte)0x86, (byte)0xc1, + (byte)0x1d, (byte)0x9e, (byte)0xe1, (byte)0xf8, (byte)0x98, (byte)0x11, (byte)0x69, (byte)0xd9, (byte)0x8e, + (byte)0x94, (byte)0x9b, (byte)0x1e, (byte)0x87, (byte)0xe9, (byte)0xce, (byte)0x55, (byte)0x28, (byte)0xdf, + (byte)0x8c, (byte)0xa1, (byte)0x89, (byte)0x0d, (byte)0xbf, (byte)0xe6, (byte)0x42, (byte)0x68, (byte)0x41, + (byte)0x99, (byte)0x2d, (byte)0x0f, (byte)0xb0, (byte)0x54, (byte)0xbb, (byte)0x16 }; + + private static readonly byte[] SB2_sbox = { (byte)0xe2, (byte)0x4e, (byte)0x54, (byte)0xfc, (byte)0x94, (byte)0xc2, + (byte)0x4a, (byte)0xcc, (byte)0x62, (byte)0x0d, (byte)0x6a, (byte)0x46, (byte)0x3c, (byte)0x4d, (byte)0x8b, + (byte)0xd1, (byte)0x5e, (byte)0xfa, (byte)0x64, (byte)0xcb, (byte)0xb4, (byte)0x97, (byte)0xbe, (byte)0x2b, + (byte)0xbc, (byte)0x77, (byte)0x2e, (byte)0x03, (byte)0xd3, (byte)0x19, (byte)0x59, (byte)0xc1, (byte)0x1d, + (byte)0x06, (byte)0x41, (byte)0x6b, (byte)0x55, (byte)0xf0, (byte)0x99, (byte)0x69, (byte)0xea, (byte)0x9c, + (byte)0x18, (byte)0xae, (byte)0x63, (byte)0xdf, (byte)0xe7, (byte)0xbb, (byte)0x00, (byte)0x73, (byte)0x66, + (byte)0xfb, (byte)0x96, (byte)0x4c, (byte)0x85, (byte)0xe4, (byte)0x3a, (byte)0x09, (byte)0x45, (byte)0xaa, + (byte)0x0f, (byte)0xee, (byte)0x10, (byte)0xeb, (byte)0x2d, (byte)0x7f, (byte)0xf4, (byte)0x29, (byte)0xac, + (byte)0xcf, (byte)0xad, (byte)0x91, (byte)0x8d, (byte)0x78, (byte)0xc8, (byte)0x95, (byte)0xf9, (byte)0x2f, + (byte)0xce, (byte)0xcd, (byte)0x08, (byte)0x7a, (byte)0x88, (byte)0x38, (byte)0x5c, (byte)0x83, (byte)0x2a, + (byte)0x28, (byte)0x47, (byte)0xdb, (byte)0xb8, (byte)0xc7, (byte)0x93, (byte)0xa4, (byte)0x12, (byte)0x53, + (byte)0xff, (byte)0x87, (byte)0x0e, (byte)0x31, (byte)0x36, (byte)0x21, (byte)0x58, (byte)0x48, (byte)0x01, + (byte)0x8e, (byte)0x37, (byte)0x74, (byte)0x32, (byte)0xca, (byte)0xe9, (byte)0xb1, (byte)0xb7, (byte)0xab, + (byte)0x0c, (byte)0xd7, (byte)0xc4, (byte)0x56, (byte)0x42, (byte)0x26, (byte)0x07, (byte)0x98, (byte)0x60, + (byte)0xd9, (byte)0xb6, (byte)0xb9, (byte)0x11, (byte)0x40, (byte)0xec, (byte)0x20, (byte)0x8c, (byte)0xbd, + (byte)0xa0, (byte)0xc9, (byte)0x84, (byte)0x04, (byte)0x49, (byte)0x23, (byte)0xf1, (byte)0x4f, (byte)0x50, + (byte)0x1f, (byte)0x13, (byte)0xdc, (byte)0xd8, (byte)0xc0, (byte)0x9e, (byte)0x57, (byte)0xe3, (byte)0xc3, + (byte)0x7b, (byte)0x65, (byte)0x3b, (byte)0x02, (byte)0x8f, (byte)0x3e, (byte)0xe8, (byte)0x25, (byte)0x92, + (byte)0xe5, (byte)0x15, (byte)0xdd, (byte)0xfd, (byte)0x17, (byte)0xa9, (byte)0xbf, (byte)0xd4, (byte)0x9a, + (byte)0x7e, (byte)0xc5, (byte)0x39, (byte)0x67, (byte)0xfe, (byte)0x76, (byte)0x9d, (byte)0x43, (byte)0xa7, + (byte)0xe1, (byte)0xd0, (byte)0xf5, (byte)0x68, (byte)0xf2, (byte)0x1b, (byte)0x34, (byte)0x70, (byte)0x05, + (byte)0xa3, (byte)0x8a, (byte)0xd5, (byte)0x79, (byte)0x86, (byte)0xa8, (byte)0x30, (byte)0xc6, (byte)0x51, + (byte)0x4b, (byte)0x1e, (byte)0xa6, (byte)0x27, (byte)0xf6, (byte)0x35, (byte)0xd2, (byte)0x6e, (byte)0x24, + (byte)0x16, (byte)0x82, (byte)0x5f, (byte)0xda, (byte)0xe6, (byte)0x75, (byte)0xa2, (byte)0xef, (byte)0x2c, + (byte)0xb2, (byte)0x1c, (byte)0x9f, (byte)0x5d, (byte)0x6f, (byte)0x80, (byte)0x0a, (byte)0x72, (byte)0x44, + (byte)0x9b, (byte)0x6c, (byte)0x90, (byte)0x0b, (byte)0x5b, (byte)0x33, (byte)0x7d, (byte)0x5a, (byte)0x52, + (byte)0xf3, (byte)0x61, (byte)0xa1, (byte)0xf7, (byte)0xb0, (byte)0xd6, (byte)0x3f, (byte)0x7c, (byte)0x6d, + (byte)0xed, (byte)0x14, (byte)0xe0, (byte)0xa5, (byte)0x3d, (byte)0x22, (byte)0xb3, (byte)0xf8, (byte)0x89, + (byte)0xde, (byte)0x71, (byte)0x1a, (byte)0xaf, (byte)0xba, (byte)0xb5, (byte)0x81 }; + + private static readonly byte[] SB3_sbox = { (byte)0x52, (byte)0x09, (byte)0x6a, (byte)0xd5, (byte)0x30, (byte)0x36, + (byte)0xa5, (byte)0x38, (byte)0xbf, (byte)0x40, (byte)0xa3, (byte)0x9e, (byte)0x81, (byte)0xf3, (byte)0xd7, + (byte)0xfb, (byte)0x7c, (byte)0xe3, (byte)0x39, (byte)0x82, (byte)0x9b, (byte)0x2f, (byte)0xff, (byte)0x87, + (byte)0x34, (byte)0x8e, (byte)0x43, (byte)0x44, (byte)0xc4, (byte)0xde, (byte)0xe9, (byte)0xcb, (byte)0x54, + (byte)0x7b, (byte)0x94, (byte)0x32, (byte)0xa6, (byte)0xc2, (byte)0x23, (byte)0x3d, (byte)0xee, (byte)0x4c, + (byte)0x95, (byte)0x0b, (byte)0x42, (byte)0xfa, (byte)0xc3, (byte)0x4e, (byte)0x08, (byte)0x2e, (byte)0xa1, + (byte)0x66, (byte)0x28, (byte)0xd9, (byte)0x24, (byte)0xb2, (byte)0x76, (byte)0x5b, (byte)0xa2, (byte)0x49, + (byte)0x6d, (byte)0x8b, (byte)0xd1, (byte)0x25, (byte)0x72, (byte)0xf8, (byte)0xf6, (byte)0x64, (byte)0x86, + (byte)0x68, (byte)0x98, (byte)0x16, (byte)0xd4, (byte)0xa4, (byte)0x5c, (byte)0xcc, (byte)0x5d, (byte)0x65, + (byte)0xb6, (byte)0x92, (byte)0x6c, (byte)0x70, (byte)0x48, (byte)0x50, (byte)0xfd, (byte)0xed, (byte)0xb9, + (byte)0xda, (byte)0x5e, (byte)0x15, (byte)0x46, (byte)0x57, (byte)0xa7, (byte)0x8d, (byte)0x9d, (byte)0x84, + (byte)0x90, (byte)0xd8, (byte)0xab, (byte)0x00, (byte)0x8c, (byte)0xbc, (byte)0xd3, (byte)0x0a, (byte)0xf7, + (byte)0xe4, (byte)0x58, (byte)0x05, (byte)0xb8, (byte)0xb3, (byte)0x45, (byte)0x06, (byte)0xd0, (byte)0x2c, + (byte)0x1e, (byte)0x8f, (byte)0xca, (byte)0x3f, (byte)0x0f, (byte)0x02, (byte)0xc1, (byte)0xaf, (byte)0xbd, + (byte)0x03, (byte)0x01, (byte)0x13, (byte)0x8a, (byte)0x6b, (byte)0x3a, (byte)0x91, (byte)0x11, (byte)0x41, + (byte)0x4f, (byte)0x67, (byte)0xdc, (byte)0xea, (byte)0x97, (byte)0xf2, (byte)0xcf, (byte)0xce, (byte)0xf0, + (byte)0xb4, (byte)0xe6, (byte)0x73, (byte)0x96, (byte)0xac, (byte)0x74, (byte)0x22, (byte)0xe7, (byte)0xad, + (byte)0x35, (byte)0x85, (byte)0xe2, (byte)0xf9, (byte)0x37, (byte)0xe8, (byte)0x1c, (byte)0x75, (byte)0xdf, + (byte)0x6e, (byte)0x47, (byte)0xf1, (byte)0x1a, (byte)0x71, (byte)0x1d, (byte)0x29, (byte)0xc5, (byte)0x89, + (byte)0x6f, (byte)0xb7, (byte)0x62, (byte)0x0e, (byte)0xaa, (byte)0x18, (byte)0xbe, (byte)0x1b, (byte)0xfc, + (byte)0x56, (byte)0x3e, (byte)0x4b, (byte)0xc6, (byte)0xd2, (byte)0x79, (byte)0x20, (byte)0x9a, (byte)0xdb, + (byte)0xc0, (byte)0xfe, (byte)0x78, (byte)0xcd, (byte)0x5a, (byte)0xf4, (byte)0x1f, (byte)0xdd, (byte)0xa8, + (byte)0x33, (byte)0x88, (byte)0x07, (byte)0xc7, (byte)0x31, (byte)0xb1, (byte)0x12, (byte)0x10, (byte)0x59, + (byte)0x27, (byte)0x80, (byte)0xec, (byte)0x5f, (byte)0x60, (byte)0x51, (byte)0x7f, (byte)0xa9, (byte)0x19, + (byte)0xb5, (byte)0x4a, (byte)0x0d, (byte)0x2d, (byte)0xe5, (byte)0x7a, (byte)0x9f, (byte)0x93, (byte)0xc9, + (byte)0x9c, (byte)0xef, (byte)0xa0, (byte)0xe0, (byte)0x3b, (byte)0x4d, (byte)0xae, (byte)0x2a, (byte)0xf5, + (byte)0xb0, (byte)0xc8, (byte)0xeb, (byte)0xbb, (byte)0x3c, (byte)0x83, (byte)0x53, (byte)0x99, (byte)0x61, + (byte)0x17, (byte)0x2b, (byte)0x04, (byte)0x7e, (byte)0xba, (byte)0x77, (byte)0xd6, (byte)0x26, (byte)0xe1, + (byte)0x69, (byte)0x14, (byte)0x63, (byte)0x55, (byte)0x21, (byte)0x0c, (byte)0x7d }; + + private static readonly byte[] SB4_sbox = { (byte)0x30, (byte)0x68, (byte)0x99, (byte)0x1b, (byte)0x87, (byte)0xb9, + (byte)0x21, (byte)0x78, (byte)0x50, (byte)0x39, (byte)0xdb, (byte)0xe1, (byte)0x72, (byte)0x9, (byte)0x62, + (byte)0x3c, (byte)0x3e, (byte)0x7e, (byte)0x5e, (byte)0x8e, (byte)0xf1, (byte)0xa0, (byte)0xcc, (byte)0xa3, + (byte)0x2a, (byte)0x1d, (byte)0xfb, (byte)0xb6, (byte)0xd6, (byte)0x20, (byte)0xc4, (byte)0x8d, (byte)0x81, + (byte)0x65, (byte)0xf5, (byte)0x89, (byte)0xcb, (byte)0x9d, (byte)0x77, (byte)0xc6, (byte)0x57, (byte)0x43, + (byte)0x56, (byte)0x17, (byte)0xd4, (byte)0x40, (byte)0x1a, (byte)0x4d, (byte)0xc0, (byte)0x63, (byte)0x6c, + (byte)0xe3, (byte)0xb7, (byte)0xc8, (byte)0x64, (byte)0x6a, (byte)0x53, (byte)0xaa, (byte)0x38, (byte)0x98, + (byte)0x0c, (byte)0xf4, (byte)0x9b, (byte)0xed, (byte)0x7f, (byte)0x22, (byte)0x76, (byte)0xaf, (byte)0xdd, + (byte)0x3a, (byte)0x0b, (byte)0x58, (byte)0x67, (byte)0x88, (byte)0x06, (byte)0xc3, (byte)0x35, (byte)0x0d, + (byte)0x01, (byte)0x8b, (byte)0x8c, (byte)0xc2, (byte)0xe6, (byte)0x5f, (byte)0x02, (byte)0x24, (byte)0x75, + (byte)0x93, (byte)0x66, (byte)0x1e, (byte)0xe5, (byte)0xe2, (byte)0x54, (byte)0xd8, (byte)0x10, (byte)0xce, + (byte)0x7a, (byte)0xe8, (byte)0x08, (byte)0x2c, (byte)0x12, (byte)0x97, (byte)0x32, (byte)0xab, (byte)0xb4, + (byte)0x27, (byte)0x0a, (byte)0x23, (byte)0xdf, (byte)0xef, (byte)0xca, (byte)0xd9, (byte)0xb8, (byte)0xfa, + (byte)0xdc, (byte)0x31, (byte)0x6b, (byte)0xd1, (byte)0xad, (byte)0x19, (byte)0x49, (byte)0xbd, (byte)0x51, + (byte)0x96, (byte)0xee, (byte)0xe4, (byte)0xa8, (byte)0x41, (byte)0xda, (byte)0xff, (byte)0xcd, (byte)0x55, + (byte)0x86, (byte)0x36, (byte)0xbe, (byte)0x61, (byte)0x52, (byte)0xf8, (byte)0xbb, (byte)0x0e, (byte)0x82, + (byte)0x48, (byte)0x69, (byte)0x9a, (byte)0xe0, (byte)0x47, (byte)0x9e, (byte)0x5c, (byte)0x04, (byte)0x4b, + (byte)0x34, (byte)0x15, (byte)0x79, (byte)0x26, (byte)0xa7, (byte)0xde, (byte)0x29, (byte)0xae, (byte)0x92, + (byte)0xd7, (byte)0x84, (byte)0xe9, (byte)0xd2, (byte)0xba, (byte)0x5d, (byte)0xf3, (byte)0xc5, (byte)0xb0, + (byte)0xbf, (byte)0xa4, (byte)0x3b, (byte)0x71, (byte)0x44, (byte)0x46, (byte)0x2b, (byte)0xfc, (byte)0xeb, + (byte)0x6f, (byte)0xd5, (byte)0xf6, (byte)0x14, (byte)0xfe, (byte)0x7c, (byte)0x70, (byte)0x5a, (byte)0x7d, + (byte)0xfd, (byte)0x2f, (byte)0x18, (byte)0x83, (byte)0x16, (byte)0xa5, (byte)0x91, (byte)0x1f, (byte)0x05, + (byte)0x95, (byte)0x74, (byte)0xa9, (byte)0xc1, (byte)0x5b, (byte)0x4a, (byte)0x85, (byte)0x6d, (byte)0x13, + (byte)0x07, (byte)0x4f, (byte)0x4e, (byte)0x45, (byte)0xb2, (byte)0x0f, (byte)0xc9, (byte)0x1c, (byte)0xa6, + (byte)0xbc, (byte)0xec, (byte)0x73, (byte)0x90, (byte)0x7b, (byte)0xcf, (byte)0x59, (byte)0x8f, (byte)0xa1, + (byte)0xf9, (byte)0x2d, (byte)0xf2, (byte)0xb1, (byte)0x00, (byte)0x94, (byte)0x37, (byte)0x9f, (byte)0xd0, + (byte)0x2e, (byte)0x9c, (byte)0x6e, (byte)0x28, (byte)0x3f, (byte)0x80, (byte)0xf0, (byte)0x3d, (byte)0xd3, + (byte)0x25, (byte)0x8a, (byte)0xb5, (byte)0xe7, (byte)0x42, (byte)0xb3, (byte)0xc7, (byte)0xea, (byte)0xf7, + (byte)0x4c, (byte)0x11, (byte)0x33, (byte)0x03, (byte)0xa2, (byte)0xac, (byte)0x60 }; + + protected const int BlockSize = 16; + + private byte[][] m_roundKeys; + + public virtual void Init(bool forEncryption, ICipherParameters parameters) + { + KeyParameter keyParameter = parameters as KeyParameter; + + if (keyParameter == null) + throw new ArgumentException("invalid parameter passed to ARIA init - " + + Platform.GetTypeName(parameters)); + + this.m_roundKeys = KeySchedule(forEncryption, keyParameter.GetKey()); + } + + public virtual string AlgorithmName + { + get { return "ARIA"; } + } + + public virtual bool IsPartialBlockOkay + { + get { return false; } + } + + public virtual int GetBlockSize() + { + return BlockSize; + } + + public virtual int ProcessBlock(byte[] input, int inOff, byte[] output, int outOff) + { + if (m_roundKeys == null) + throw new InvalidOperationException("ARIA engine not initialised"); + + Check.DataLength(input, inOff, BlockSize, "input buffer too short"); + Check.OutputLength(output, outOff, BlockSize, "output buffer too short"); + + byte[] z = new byte[BlockSize]; + Array.Copy(input, inOff, z, 0, BlockSize); + + int i = 0, rounds = m_roundKeys.Length - 3; + while (i < rounds) + { + FO(z, m_roundKeys[i++]); + FE(z, m_roundKeys[i++]); + } + + FO(z, m_roundKeys[i++]); + Xor(z, m_roundKeys[i++]); + SL2(z); + Xor(z, m_roundKeys[i]); + + Array.Copy(z, 0, output, outOff, BlockSize); + + return BlockSize; + } + + public virtual void Reset() + { + // Empty + } + + protected static void A(byte[] z) + { + byte x0 = z[0], x1 = z[1], x2 = z[2], x3 = z[3], x4 = z[4], x5 = z[5], x6 = z[6], x7 = z[7], x8 = z[8], + x9 = z[9], x10 = z[10], x11 = z[11], x12 = z[12], x13 = z[13], x14 = z[14], x15 = z[15]; + + z[0] = (byte)(x3 ^ x4 ^ x6 ^ x8 ^ x9 ^ x13 ^ x14); + z[1] = (byte)(x2 ^ x5 ^ x7 ^ x8 ^ x9 ^ x12 ^ x15); + z[2] = (byte)(x1 ^ x4 ^ x6 ^ x10 ^ x11 ^ x12 ^ x15); + z[3] = (byte)(x0 ^ x5 ^ x7 ^ x10 ^ x11 ^ x13 ^ x14); + z[4] = (byte)(x0 ^ x2 ^ x5 ^ x8 ^ x11 ^ x14 ^ x15); + z[5] = (byte)(x1 ^ x3 ^ x4 ^ x9 ^ x10 ^ x14 ^ x15); + z[6] = (byte)(x0 ^ x2 ^ x7 ^ x9 ^ x10 ^ x12 ^ x13); + z[7] = (byte)(x1 ^ x3 ^ x6 ^ x8 ^ x11 ^ x12 ^ x13); + z[8] = (byte)(x0 ^ x1 ^ x4 ^ x7 ^ x10 ^ x13 ^ x15); + z[9] = (byte)(x0 ^ x1 ^ x5 ^ x6 ^ x11 ^ x12 ^ x14); + z[10] = (byte)(x2 ^ x3 ^ x5 ^ x6 ^ x8 ^ x13 ^ x15); + z[11] = (byte)(x2 ^ x3 ^ x4 ^ x7 ^ x9 ^ x12 ^ x14); + z[12] = (byte)(x1 ^ x2 ^ x6 ^ x7 ^ x9 ^ x11 ^ x12); + z[13] = (byte)(x0 ^ x3 ^ x6 ^ x7 ^ x8 ^ x10 ^ x13); + z[14] = (byte)(x0 ^ x3 ^ x4 ^ x5 ^ x9 ^ x11 ^ x14); + z[15] = (byte)(x1 ^ x2 ^ x4 ^ x5 ^ x8 ^ x10 ^ x15); + } + + protected static void FE(byte[] D, byte[] RK) + { + Xor(D, RK); + SL2(D); + A(D); + } + + protected static void FO(byte[] D, byte[] RK) + { + Xor(D, RK); + SL1(D); + A(D); + } + + protected static byte[][] KeySchedule(bool forEncryption, byte[] K) + { + int keyLen = K.Length; + if (keyLen < 16 || keyLen > 32 || (keyLen & 7) != 0) + throw new ArgumentException("Key length not 128/192/256 bits."); + + int keyLenIdx = (keyLen >> 3) - 2; + + byte[] CK1 = C[keyLenIdx]; + byte[] CK2 = C[(keyLenIdx + 1) % 3]; + byte[] CK3 = C[(keyLenIdx + 2) % 3]; + + byte[] KL = new byte[16], KR = new byte[16]; + Array.Copy(K, 0, KL, 0, 16); + Array.Copy(K, 16, KR, 0, keyLen - 16); + + byte[] W0 = new byte[16]; + byte[] W1 = new byte[16]; + byte[] W2 = new byte[16]; + byte[] W3 = new byte[16]; + + Array.Copy(KL, 0, W0, 0, 16); + + Array.Copy(W0, 0, W1, 0, 16); + FO(W1, CK1); + Xor(W1, KR); + + Array.Copy(W1, 0, W2, 0, 16); + FE(W2, CK2); + Xor(W2, W0); + + Array.Copy(W2, 0, W3, 0, 16); + FO(W3, CK3); + Xor(W3, W1); + + int numRounds = 12 + (keyLenIdx * 2); + byte[][] rks = new byte[numRounds + 1][]; + + rks[0] = KeyScheduleRound(W0, W1, 19); + rks[1] = KeyScheduleRound(W1, W2, 19); + rks[2] = KeyScheduleRound(W2, W3, 19); + rks[3] = KeyScheduleRound(W3, W0, 19); + + rks[4] = KeyScheduleRound(W0, W1, 31); + rks[5] = KeyScheduleRound(W1, W2, 31); + rks[6] = KeyScheduleRound(W2, W3, 31); + rks[7] = KeyScheduleRound(W3, W0, 31); + + rks[8] = KeyScheduleRound(W0, W1, 67); + rks[9] = KeyScheduleRound(W1, W2, 67); + rks[10] = KeyScheduleRound(W2, W3, 67); + rks[11] = KeyScheduleRound(W3, W0, 67); + + rks[12] = KeyScheduleRound(W0, W1, 97); + if (numRounds > 12) + { + rks[13] = KeyScheduleRound(W1, W2, 97); + rks[14] = KeyScheduleRound(W2, W3, 97); + if (numRounds > 14) + { + rks[15] = KeyScheduleRound(W3, W0, 97); + + rks[16] = KeyScheduleRound(W0, W1, 109); + } + } + + if (!forEncryption) + { + ReverseKeys(rks); + + for (int i = 1; i < numRounds; ++i) + { + A(rks[i]); + } + } + + return rks; + } + + protected static byte[] KeyScheduleRound(byte[] w, byte[] wr, int n) + { + byte[] rk = new byte[16]; + + int off = n >> 3, right = n & 7, left = 8 - right; + + int hi = wr[15 - off] & 0xFF; + + for (int to = 0; to < 16; ++to) + { + int lo = wr[(to - off) & 0xF] & 0xFF; + + int b = (hi << left) | (lo >> right); + b ^= (w[to] & 0xFF); + + rk[to] = (byte)b; + + hi = lo; + } + + return rk; + } + + protected static void ReverseKeys(byte[][] keys) + { + int length = keys.Length, limit = length / 2, last = length - 1; + for (int i = 0; i < limit; ++i) + { + byte[] t = keys[i]; + keys[i] = keys[last - i]; + keys[last - i] = t; + } + } + + protected static byte SB1(byte x) + { + return SB1_sbox[x & 0xFF]; + } + + protected static byte SB2(byte x) + { + return SB2_sbox[x & 0xFF]; + } + + protected static byte SB3(byte x) + { + return SB3_sbox[x & 0xFF]; + } + + protected static byte SB4(byte x) + { + return SB4_sbox[x & 0xFF]; + } + + protected static void SL1(byte[] z) + { + z[0] = SB1(z[0]); + z[1] = SB2(z[1]); + z[2] = SB3(z[2]); + z[3] = SB4(z[3]); + z[4] = SB1(z[4]); + z[5] = SB2(z[5]); + z[6] = SB3(z[6]); + z[7] = SB4(z[7]); + z[8] = SB1(z[8]); + z[9] = SB2(z[9]); + z[10] = SB3(z[10]); + z[11] = SB4(z[11]); + z[12] = SB1(z[12]); + z[13] = SB2(z[13]); + z[14] = SB3(z[14]); + z[15] = SB4(z[15]); + } + + protected static void SL2(byte[] z) + { + z[0] = SB3(z[0]); + z[1] = SB4(z[1]); + z[2] = SB1(z[2]); + z[3] = SB2(z[3]); + z[4] = SB3(z[4]); + z[5] = SB4(z[5]); + z[6] = SB1(z[6]); + z[7] = SB2(z[7]); + z[8] = SB3(z[8]); + z[9] = SB4(z[9]); + z[10] = SB1(z[10]); + z[11] = SB2(z[11]); + z[12] = SB3(z[12]); + z[13] = SB4(z[13]); + z[14] = SB1(z[14]); + z[15] = SB2(z[15]); + } + + protected static void Xor(byte[] z, byte[] x) + { + for (int i = 0; i < 16; ++i) + { + z[i] ^= x[i]; + } + } + } +} diff --git a/crypto/src/security/CipherUtilities.cs b/crypto/src/security/CipherUtilities.cs index 79e3de794..3b92add00 100644 --- a/crypto/src/security/CipherUtilities.cs +++ b/crypto/src/security/CipherUtilities.cs @@ -5,6 +5,7 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.Kisa; using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Nsri; using Org.BouncyCastle.Asn1.Ntt; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; @@ -29,6 +30,7 @@ namespace Org.BouncyCastle.Security private enum CipherAlgorithm { AES, ARC4, + ARIA, BLOWFISH, CAMELLIA, CAST5, @@ -121,6 +123,18 @@ namespace Org.BouncyCastle.Security // TODO Flesh out the list of aliases + algorithms[NistObjectIdentifiers.IdAes128Cbc.Id] = "AES/CBC/PKCS7PADDING"; + algorithms[NistObjectIdentifiers.IdAes192Cbc.Id] = "AES/CBC/PKCS7PADDING"; + algorithms[NistObjectIdentifiers.IdAes256Cbc.Id] = "AES/CBC/PKCS7PADDING"; + + algorithms[NistObjectIdentifiers.IdAes128Ccm.Id] = "AES/CCM/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes192Ccm.Id] = "AES/CCM/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes256Ccm.Id] = "AES/CCM/NOPADDING"; + + algorithms[NistObjectIdentifiers.IdAes128Cfb.Id] = "AES/CFB/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes192Cfb.Id] = "AES/CFB/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes256Cfb.Id] = "AES/CFB/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes128Ecb.Id] = "AES/ECB/PKCS7PADDING"; algorithms[NistObjectIdentifiers.IdAes192Ecb.Id] = "AES/ECB/PKCS7PADDING"; algorithms[NistObjectIdentifiers.IdAes256Ecb.Id] = "AES/ECB/PKCS7PADDING"; @@ -129,17 +143,45 @@ namespace Org.BouncyCastle.Security algorithms["AES//PKCS5"] = "AES/ECB/PKCS7PADDING"; algorithms["AES//PKCS5PADDING"] = "AES/ECB/PKCS7PADDING"; - algorithms[NistObjectIdentifiers.IdAes128Cbc.Id] = "AES/CBC/PKCS7PADDING"; - algorithms[NistObjectIdentifiers.IdAes192Cbc.Id] = "AES/CBC/PKCS7PADDING"; - algorithms[NistObjectIdentifiers.IdAes256Cbc.Id] = "AES/CBC/PKCS7PADDING"; + algorithms[NistObjectIdentifiers.IdAes128Gcm.Id] = "AES/GCM/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes192Gcm.Id] = "AES/GCM/NOPADDING"; + algorithms[NistObjectIdentifiers.IdAes256Gcm.Id] = "AES/GCM/NOPADDING"; algorithms[NistObjectIdentifiers.IdAes128Ofb.Id] = "AES/OFB/NOPADDING"; algorithms[NistObjectIdentifiers.IdAes192Ofb.Id] = "AES/OFB/NOPADDING"; algorithms[NistObjectIdentifiers.IdAes256Ofb.Id] = "AES/OFB/NOPADDING"; - algorithms[NistObjectIdentifiers.IdAes128Cfb.Id] = "AES/CFB/NOPADDING"; - algorithms[NistObjectIdentifiers.IdAes192Cfb.Id] = "AES/CFB/NOPADDING"; - algorithms[NistObjectIdentifiers.IdAes256Cfb.Id] = "AES/CFB/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria128_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_ccm.Id] = "ARIA/CCM/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_ccm.Id] = "ARIA/CCM/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_ccm.Id] = "ARIA/CCM/NOPADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_cfb.Id] = "ARIA/CFB/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_cfb.Id] = "ARIA/CFB/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_cfb.Id] = "ARIA/CFB/NOPADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_ctr.Id] = "ARIA/CTR/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_ctr.Id] = "ARIA/CTR/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_ctr.Id] = "ARIA/CTR/NOPADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; + algorithms["ARIA//PKCS7"] = "ARIA/ECB/PKCS7PADDING"; + algorithms["ARIA//PKCS7PADDING"] = "ARIA/ECB/PKCS7PADDING"; + algorithms["ARIA//PKCS5"] = "ARIA/ECB/PKCS7PADDING"; + algorithms["ARIA//PKCS5PADDING"] = "ARIA/ECB/PKCS7PADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_gcm.Id] = "ARIA/GCM/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_gcm.Id] = "ARIA/GCM/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_gcm.Id] = "ARIA/GCM/NOPADDING"; + + algorithms[NsriObjectIdentifiers.id_aria128_ofb.Id] = "ARIA/OFB/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria192_ofb.Id] = "ARIA/OFB/NOPADDING"; + algorithms[NsriObjectIdentifiers.id_aria256_ofb.Id] = "ARIA/OFB/NOPADDING"; algorithms["RSA/ECB/PKCS1"] = "RSA//PKCS1PADDING"; algorithms["RSA/ECB/PKCS1PADDING"] = "RSA//PKCS1PADDING"; @@ -375,6 +417,9 @@ namespace Org.BouncyCastle.Security case CipherAlgorithm.ARC4: streamCipher = new RC4Engine(); break; + case CipherAlgorithm.ARIA: + blockCipher = new AriaEngine(); + break; case CipherAlgorithm.BLOWFISH: blockCipher = new BlowfishEngine(); break; @@ -761,6 +806,7 @@ namespace Org.BouncyCastle.Security switch (cipherAlgorithm) { case CipherAlgorithm.AES: return new AesEngine(); + case CipherAlgorithm.ARIA: return new AriaEngine(); case CipherAlgorithm.BLOWFISH: return new BlowfishEngine(); case CipherAlgorithm.CAMELLIA: return new CamelliaEngine(); case CipherAlgorithm.CAST5: return new Cast5Engine(); diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs index 8eae2f3cf..8f996bcc6 100644 --- a/crypto/src/security/GeneratorUtilities.cs +++ b/crypto/src/security/GeneratorUtilities.cs @@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1.EdEC; using Org.BouncyCastle.Asn1.Iana; using Org.BouncyCastle.Asn1.Kisa; using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Nsri; using Org.BouncyCastle.Asn1.Ntt; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; @@ -14,7 +15,6 @@ using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.Security { @@ -38,28 +38,62 @@ namespace Org.BouncyCastle.Security AddKgAlgorithm("AES128", "2.16.840.1.101.3.4.2", NistObjectIdentifiers.IdAes128Cbc, + NistObjectIdentifiers.IdAes128Ccm, NistObjectIdentifiers.IdAes128Cfb, NistObjectIdentifiers.IdAes128Ecb, + NistObjectIdentifiers.IdAes128Gcm, NistObjectIdentifiers.IdAes128Ofb, NistObjectIdentifiers.IdAes128Wrap); AddKgAlgorithm("AES192", "2.16.840.1.101.3.4.22", NistObjectIdentifiers.IdAes192Cbc, + NistObjectIdentifiers.IdAes192Ccm, NistObjectIdentifiers.IdAes192Cfb, NistObjectIdentifiers.IdAes192Ecb, + NistObjectIdentifiers.IdAes192Gcm, NistObjectIdentifiers.IdAes192Ofb, NistObjectIdentifiers.IdAes192Wrap); AddKgAlgorithm("AES256", "2.16.840.1.101.3.4.42", NistObjectIdentifiers.IdAes256Cbc, + NistObjectIdentifiers.IdAes256Ccm, NistObjectIdentifiers.IdAes256Cfb, NistObjectIdentifiers.IdAes256Ecb, + NistObjectIdentifiers.IdAes256Gcm, NistObjectIdentifiers.IdAes256Ofb, NistObjectIdentifiers.IdAes256Wrap); AddKgAlgorithm("BLOWFISH", "1.3.6.1.4.1.3029.1.2"); AddKgAlgorithm("CAMELLIA", "CAMELLIAWRAP"); + AddKgAlgorithm("ARIA"); + AddKgAlgorithm("ARIA128", + NsriObjectIdentifiers.id_aria128_cbc, + NsriObjectIdentifiers.id_aria128_ccm, + NsriObjectIdentifiers.id_aria128_cfb, + NsriObjectIdentifiers.id_aria128_ctr, + NsriObjectIdentifiers.id_aria128_ecb, + NsriObjectIdentifiers.id_aria128_gcm, + NsriObjectIdentifiers.id_aria128_ocb2, + NsriObjectIdentifiers.id_aria128_ofb); + AddKgAlgorithm("ARIA192", + NsriObjectIdentifiers.id_aria192_cbc, + NsriObjectIdentifiers.id_aria192_ccm, + NsriObjectIdentifiers.id_aria192_cfb, + NsriObjectIdentifiers.id_aria192_ctr, + NsriObjectIdentifiers.id_aria192_ecb, + NsriObjectIdentifiers.id_aria192_gcm, + NsriObjectIdentifiers.id_aria192_ocb2, + NsriObjectIdentifiers.id_aria192_ofb); + AddKgAlgorithm("ARIA256", + NsriObjectIdentifiers.id_aria256_cbc, + NsriObjectIdentifiers.id_aria256_ccm, + NsriObjectIdentifiers.id_aria256_cfb, + NsriObjectIdentifiers.id_aria256_ctr, + NsriObjectIdentifiers.id_aria256_ecb, + NsriObjectIdentifiers.id_aria256_gcm, + NsriObjectIdentifiers.id_aria256_ocb2, + NsriObjectIdentifiers.id_aria256_ofb); AddKgAlgorithm("CAMELLIA128", NttObjectIdentifiers.IdCamellia128Cbc, NttObjectIdentifiers.IdCamellia128Wrap); @@ -208,19 +242,20 @@ namespace Org.BouncyCastle.Security AddDefaultKeySizeEntries(64, "DES"); AddDefaultKeySizeEntries(80, "SKIPJACK"); - AddDefaultKeySizeEntries(128, "AES128", "BLOWFISH", "CAMELLIA128", "CAST5", "CHACHA", "DESEDE", + AddDefaultKeySizeEntries(128, "AES128", "ARIA128", "BLOWFISH", "CAMELLIA128", "CAST5", "CHACHA", "DESEDE", "HC128", "HMACMD2", "HMACMD4", "HMACMD5", "HMACRIPEMD128", "IDEA", "NOEKEON", "RC2", "RC4", "RC5", "SALSA20", "SEED", "SM4", "TEA", "XTEA", "VMPC", "VMPC-KSA3"); AddDefaultKeySizeEntries(160, "HMACRIPEMD160", "HMACSHA1"); - AddDefaultKeySizeEntries(192, "AES", "AES192", "CAMELLIA192", "DESEDE3", "HMACTIGER", + AddDefaultKeySizeEntries(192, "AES", "AES192", "ARIA192", "CAMELLIA192", "DESEDE3", "HMACTIGER", "RIJNDAEL", "SERPENT", "TNEPRES"); AddDefaultKeySizeEntries(224, "HMACSHA3-224", "HMACKECCAK224", "HMACSHA224", "HMACSHA512/224"); - AddDefaultKeySizeEntries(256, "AES256", "CAMELLIA", "CAMELLIA256", "CAST6", "CHACHA7539", "GOST28147", - "HC256", "HMACGOST3411-2012-256", "HMACSHA3-256", "HMACKECCAK256", "HMACSHA256", "HMACSHA512/256", - "RC5-64", "RC6", "THREEFISH-256", "TWOFISH"); + AddDefaultKeySizeEntries(256, "AES256", "ARIA", "ARIA256", "CAMELLIA", "CAMELLIA256", "CAST6", + "CHACHA7539", "GOST28147", "HC256", "HMACGOST3411-2012-256", "HMACSHA3-256", "HMACKECCAK256", + "HMACSHA256", "HMACSHA512/256", "RC5-64", "RC6", "THREEFISH-256", "TWOFISH"); AddDefaultKeySizeEntries(288, "HMACKECCAK288"); AddDefaultKeySizeEntries(384, "HMACSHA3-384", "HMACKECCAK384", "HMACSHA384"); - AddDefaultKeySizeEntries(512, "HMACGOST3411-2012-512", "HMACSHA3-512", "HMACKECCAK512", "HMACSHA512", "THREEFISH-512"); + AddDefaultKeySizeEntries(512, "HMACGOST3411-2012-512", "HMACSHA3-512", "HMACKECCAK512", "HMACSHA512", + "THREEFISH-512"); AddDefaultKeySizeEntries(1024, "THREEFISH-1024"); } diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs index 0ff1bdb4a..fdb8d86be 100644 --- a/crypto/src/security/ParameterUtilities.cs +++ b/crypto/src/security/ParameterUtilities.cs @@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.Kisa; using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Nsri; using Org.BouncyCastle.Asn1.Ntt; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; @@ -31,24 +32,58 @@ namespace Org.BouncyCastle.Security AddAlgorithm("AES128", "2.16.840.1.101.3.4.2", NistObjectIdentifiers.IdAes128Cbc, + NistObjectIdentifiers.IdAes128Ccm, NistObjectIdentifiers.IdAes128Cfb, NistObjectIdentifiers.IdAes128Ecb, + NistObjectIdentifiers.IdAes128Gcm, NistObjectIdentifiers.IdAes128Ofb, NistObjectIdentifiers.IdAes128Wrap); AddAlgorithm("AES192", "2.16.840.1.101.3.4.22", NistObjectIdentifiers.IdAes192Cbc, + NistObjectIdentifiers.IdAes192Ccm, NistObjectIdentifiers.IdAes192Cfb, NistObjectIdentifiers.IdAes192Ecb, + NistObjectIdentifiers.IdAes192Gcm, NistObjectIdentifiers.IdAes192Ofb, NistObjectIdentifiers.IdAes192Wrap); AddAlgorithm("AES256", "2.16.840.1.101.3.4.42", NistObjectIdentifiers.IdAes256Cbc, + NistObjectIdentifiers.IdAes256Ccm, NistObjectIdentifiers.IdAes256Cfb, NistObjectIdentifiers.IdAes256Ecb, + NistObjectIdentifiers.IdAes256Gcm, NistObjectIdentifiers.IdAes256Ofb, NistObjectIdentifiers.IdAes256Wrap); + AddAlgorithm("ARIA"); + AddAlgorithm("ARIA128", + NsriObjectIdentifiers.id_aria128_cbc, + NsriObjectIdentifiers.id_aria128_ccm, + NsriObjectIdentifiers.id_aria128_cfb, + NsriObjectIdentifiers.id_aria128_ctr, + NsriObjectIdentifiers.id_aria128_ecb, + NsriObjectIdentifiers.id_aria128_gcm, + NsriObjectIdentifiers.id_aria128_ocb2, + NsriObjectIdentifiers.id_aria128_ofb); + AddAlgorithm("ARIA192", + NsriObjectIdentifiers.id_aria192_cbc, + NsriObjectIdentifiers.id_aria192_ccm, + NsriObjectIdentifiers.id_aria192_cfb, + NsriObjectIdentifiers.id_aria192_ctr, + NsriObjectIdentifiers.id_aria192_ecb, + NsriObjectIdentifiers.id_aria192_gcm, + NsriObjectIdentifiers.id_aria192_ocb2, + NsriObjectIdentifiers.id_aria192_ofb); + AddAlgorithm("ARIA256", + NsriObjectIdentifiers.id_aria256_cbc, + NsriObjectIdentifiers.id_aria256_ccm, + NsriObjectIdentifiers.id_aria256_cfb, + NsriObjectIdentifiers.id_aria256_ctr, + NsriObjectIdentifiers.id_aria256_ecb, + NsriObjectIdentifiers.id_aria256_gcm, + NsriObjectIdentifiers.id_aria256_ocb2, + NsriObjectIdentifiers.id_aria256_ofb); AddAlgorithm("BLOWFISH", "1.3.6.1.4.1.3029.1.2"); AddAlgorithm("CAMELLIA", @@ -121,9 +156,8 @@ namespace Org.BouncyCastle.Security AddBasicIVSizeEntries(8, "BLOWFISH", "CHACHA", "DES", "DESEDE", "DESEDE3", "SALSA20"); AddBasicIVSizeEntries(12, "CHACHA7539"); - AddBasicIVSizeEntries(16, "AES", "AES128", "AES192", "AES256", - "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", - "NOEKEON", "SEED", "SM4"); + AddBasicIVSizeEntries(16, "AES", "AES128", "AES192", "AES256", "ARIA", "ARIA128", "ARIA192", "ARIA256", + "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", "NOEKEON", "SEED", "SM4"); // TODO These algorithms support an IV // but JCE doesn't seem to provide an AlgorithmParametersGenerator for them diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj index cdc4d10bc..b70d94a6b 100644 --- a/crypto/test/UnitTests.csproj +++ b/crypto/test/UnitTests.csproj @@ -162,6 +162,7 @@ <Compile Include="src\crypto\test\AESTest.cs" /> <Compile Include="src\crypto\test\AESWrapTest.cs" /> <Compile Include="src\crypto\test\AllTests.cs" /> + <Compile Include="src\crypto\test\AriaTest.cs" /> <Compile Include="src\crypto\test\BCryptTest.cs" /> <Compile Include="src\crypto\test\Blake2bDigestTest.cs" /> <Compile Include="src\crypto\test\Blake2sDigestTest.cs" /> @@ -1345,4 +1346,4 @@ <ItemGroup> <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" /> </ItemGroup> -</Project> +</Project> \ No newline at end of file diff --git a/crypto/test/src/crypto/test/AriaTest.cs b/crypto/test/src/crypto/test/AriaTest.cs new file mode 100644 index 000000000..da92792f9 --- /dev/null +++ b/crypto/test/src/crypto/test/AriaTest.cs @@ -0,0 +1,180 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class AriaTest + : SimpleTest + { + private static readonly SecureRandom R = new SecureRandom(); + + private static readonly string[][] TEST_VECTORS_RFC5794 = { + new string[]{ + "128-Bit Key", + "000102030405060708090a0b0c0d0e0f", + "00112233445566778899aabbccddeeff", + "d718fbd6ab644c739da95f3be6451778" + }, + new string[]{ + "192-Bit Key", + "000102030405060708090a0b0c0d0e0f1011121314151617", + "00112233445566778899aabbccddeeff", + "26449c1805dbe7aa25a468ce263a9e79" + }, + new string[]{ + "256-Bit Key", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "00112233445566778899aabbccddeeff", + "f92bd7c79fb72e2f2b8f80c1972d24fc" + }, + }; + + public override string Name + { + get { return "ARIA"; } + } + + public override void PerformTest() + { + CheckTestVectors_RFC5794(); + + for (int i = 0; i < 100; ++i) + { + CheckRandomRoundtrips(); + } + + new MyAriaEngine().CheckImplementation(); + } + + private void CheckRandomRoundtrips() + { + AriaEngine ce = new AriaEngine(); + AriaEngine cd = new AriaEngine(); + + byte[] txt = new byte[ce.GetBlockSize()]; + byte[] enc = new byte[ce.GetBlockSize()]; + byte[] dec = new byte[ce.GetBlockSize()]; + + for (int keyLen = 16; keyLen <= 32; keyLen += 8) + { + byte[] K = new byte[keyLen]; + + R.NextBytes(K); + + KeyParameter key = new KeyParameter(K); + ce.Init(true, key); + cd.Init(false, key); + + R.NextBytes(txt); + + for (int i = 0; i < 100; ++i) + { + ce.ProcessBlock(txt, 0, enc, 0); + cd.ProcessBlock(enc, 0, dec, 0); + + IsTrue(Arrays.AreEqual(txt, dec)); + + Array.Copy(enc, 0, txt, 0, enc.Length); + } + } + } + + private void CheckTestVector_RFC5794(String[] tv) + { + string name = "'" + tv[0] + "'"; + + IBlockCipher c = new AriaEngine(); + int blockSize = c.GetBlockSize(); + IsTrue("Wrong block size returned from getBlockSize() for " + name, 16 == blockSize); + + KeyParameter key = new KeyParameter(Hex.Decode(tv[1])); + byte[] plaintext = Hex.Decode(tv[2]); + byte[] ciphertext = Hex.Decode(tv[3]); + + IsTrue("Unexpected plaintext length for " + name, blockSize == plaintext.Length); + IsTrue("Unexpected ciphertext length for " + name, blockSize == ciphertext.Length); + + c.Init(true, key); + + byte[] actual = new byte[blockSize]; + int num = c.ProcessBlock(plaintext, 0, actual, 0); + + IsTrue("Wrong length returned from processBlock() (encryption) for " + name, blockSize == num); + IsTrue("Incorrect ciphertext computed for " + name, Arrays.AreEqual(ciphertext, actual)); + + c.Init(false, key); + num = c.ProcessBlock(ciphertext, 0, actual, 0); + + IsTrue("Wrong length returned from processBlock() (decryption) for " + name, blockSize == num); + IsTrue("Incorrect plaintext computed for " + name, Arrays.AreEqual(plaintext, actual)); + } + + private void CheckTestVectors_RFC5794() + { + for (int i = 0; i < TEST_VECTORS_RFC5794.Length; ++i) + { + CheckTestVector_RFC5794(TEST_VECTORS_RFC5794[i]); + } + } + + public static void Main(string[] args) + { + RunTest(new AriaTest()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + private class MyAriaEngine + : AriaEngine + { + public void CheckImplementation() + { + CheckInvolution(); + CheckSBoxes(); + } + + private void CheckInvolution() + { + byte[] x = new byte[16], y = new byte[16]; + + for (int i = 0; i < 100; ++i) + { + R.NextBytes(x); + Array.Copy(x, 0, y, 0, 16); + A(y); + A(y); + Assert.IsTrue(Arrays.AreEqual(x, y)); + } + } + + private void CheckSBoxes() + { + for (int i = 0; i < 256; ++i) + { + byte x = (byte)i; + + Assert.IsTrue(x == SB1(SB3(x))); + Assert.IsTrue(x == SB3(SB1(x))); + + Assert.IsTrue(x == SB2(SB4(x))); + Assert.IsTrue(x == SB4(SB2(x))); + } + } + } + } +} diff --git a/crypto/test/src/crypto/test/RegressionTest.cs b/crypto/test/src/crypto/test/RegressionTest.cs index 4b7b11651..2b863d8bb 100644 --- a/crypto/test/src/crypto/test/RegressionTest.cs +++ b/crypto/test/src/crypto/test/RegressionTest.cs @@ -13,6 +13,7 @@ namespace Org.BouncyCastle.Crypto.Tests new AesLightTest(), new AesFastTest(), new AesWrapTest(), + new AriaTest(), new DesTest(), new DesEdeTest(), new ModeTest(), |