GabrielTofvesson/MLAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Diffie Hellman

Browse Source 
Added PBKDF2-HMAC-SHA1
Added IntX implementation
This commit is contained in:
Gabriel Tofvesson 2018-03-29 01:17:29 +02:00 committed by Albin Corén
parent a793dc6fad
commit 2a26b2417d
4 changed files with 462 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
MLAPI/MLAPI.csproj
View File

@ -44,6 +44,9 @@
<GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
</PropertyGroup>
<ItemGroup>
<Reference Include="IntXLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1744b76c74eaee1e, processorArchitecture=MSIL">
<HintPath>..\packages\IntX.1.0.1.0\lib\net20\IntXLib.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
@ -79,5 +82,8 @@
<Compile Include="Data\ClientIdKey.cs" />
<Compile Include="NetworkingManagerComponents\MessageChunker.cs" />
</ItemGroup>
<ItemGroup>
<None Include="packages.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

263
MLAPI/NetworkingManagerComponents/DiffieHellman.cs Normal file
View File

@ -0,0 +1,263 @@
using System;
using IntXLib;
using System.Text;
namespace ECDH
{
public class EllipticDiffieHellman
{
protected static readonly Random rand = new Random();
protected readonly EllipticCurve curve;
public readonly IntX priv;
protected readonly Point generator, pub;
public EllipticDiffieHellman(EllipticCurve curve, Point generator, IntX order, byte[] priv = null)
{
this.curve = curve;
this.generator = generator;
// Generate private key
if (priv == null)
{
byte[] max = order.ToArray();
do
{
byte[] p1 = new byte[5 /*rand.Next(max.Length) + 1*/];
rand.NextBytes(p1);
if (p1.Length == max.Length) p1[p1.Length - 1] %= max[max.Length - 1];
else p1[p1.Length - 1] &= 127;
this.priv = Helper.FromArray(p1);
} while (this.priv<2);
}
else this.priv = Helper.FromArray(priv);
// Generate public key
pub = curve.Multiply(generator, this.priv);
}
public byte[] GetPublicKey()
{
byte[] p1 = pub.X.ToArray();
byte[] p2 = pub.Y.ToArray();
byte[] ser = new byte[4 + p1.Length + p2.Length];
ser[0] = (byte)(p1.Length & 255);
ser[1] = (byte)((p1.Length >> 8) & 255);
ser[2] = (byte)((p1.Length >> 16) & 255);
ser[3] = (byte)((p1.Length >> 24) & 255);
Array.Copy(p1, 0, ser, 4, p1.Length);
Array.Copy(p2, 0, ser, 4 + p1.Length, p2.Length);
return ser;
}
public byte[] GetPrivateKey() => priv.ToArray();
public byte[] GetSharedSecret(byte[] pK)
{
byte[] p1 = new byte[pK[0] | (pK[1]<<8) | (pK[2]<<16) | (pK[3]<<24)]; // Reconstruct x-axis size
byte[] p2 = new byte[pK.Length - p1.Length - 4];
Array.Copy(pK, 4, p1, 0, p1.Length);
Array.Copy(pK, 4 + p1.Length, p2, 0, p2.Length);
Point remotePublic = new Point(Helper.FromArray(p1), Helper.FromArray(p2));
byte[] secret = curve.Multiply(remotePublic, priv).X.ToArray(); // Use the x-coordinate as the shared secret
// PBKDF2-HMAC-SHA1 (Common shared secret generation method)
return PBKDF2(HMAC_SHA1, secret, Encoding.UTF8.GetBytes("P1sN0R4inb0wPl5P1sPls"), 1024, 32);
}
public delegate byte[] PRF(byte[] key, byte[] salt);
private static byte[] PBKDF2(PRF function, byte[] password, byte[] salt, int iterations, int dklen)
{
byte[] dk = new byte[0]; // Create a placeholder for the derived key
uint iter = 1; // Track the iterations
while (dk.Length < dklen)
{
// F-function
// The F-function (PRF) takes the amount of iterations performed in the opposite endianness format from what C# uses, so we have to swap the endianness
byte[] u = function(password, Concatenate(salt, WriteToArray(new byte[4], SwapEndian(iter), 0)));
byte[] ures = new byte[u.Length];
Array.Copy(u, ures, u.Length);
for (int i = 1; i < iterations; ++i)
{
// Iteratively apply the PRF
u = function(password, u);
for (int j = 0; j < u.Length; ++j) ures[j] ^= u[j];
}
// Concatenate the result to the dk
dk = Concatenate(dk, ures);
++iter;
}
// Clip all bytes past what we needed (yes, that's really what the standard is)
if (dk.Length != dklen)
{
var t1 = new byte[dklen];
Array.Copy(dk, t1, Math.Min(dklen, dk.Length));
return t1;
}
return dk;
}
public delegate byte[] HashFunction(byte[] message);
private static byte[] HMAC(byte[] key, byte[] message, HashFunction func, int blockSizeBytes)
{
if (key.Length > blockSizeBytes) key = func(key);
else if (key.Length < blockSizeBytes)
{
byte[] b = new byte[blockSizeBytes];
Array.Copy(key, b, key.Length);
key = b;
}
byte[] o_key_pad = new byte[blockSizeBytes]; // Outer padding
byte[] i_key_pad = new byte[blockSizeBytes]; // Inner padding
for (int i = 0; i < blockSizeBytes; ++i)
{
// Combine padding with key
o_key_pad[i] = (byte)(key[i] ^ 0x5c);
i_key_pad[i] = (byte)(key[i] ^ 0x36);
}
return func(Concatenate(o_key_pad, func(Concatenate(message, i_key_pad))));
}
private static byte[] HMAC_SHA1(byte[] key, byte[] message) => HMAC(key, message, SHA1, 20);
private static byte[] Concatenate(params byte[][] bytes)
{
int alloc = 0;
foreach (byte[] b in bytes) alloc += b.Length;
byte[] result = new byte[alloc];
alloc = 0;
for (int i = 0; i < bytes.Length; ++i)
{
Array.Copy(bytes[i], 0, result, alloc, bytes[i].Length);
alloc += bytes[i].Length;
}
return result;
}
public static byte[] SHA1(byte[] message)
{
// Initialize buffers
uint h0 = 0x67452301;
uint h1 = 0xEFCDAB89;
uint h2 = 0x98BADCFE;
uint h3 = 0x10325476;
uint h4 = 0xC3D2E1F0;
// Pad message
int ml = message.Length + 1;
byte[] msg = new byte[ml + ((960 - (ml * 8 % 512)) % 512) / 8 + 8];
Array.Copy(message, msg, message.Length);
msg[message.Length] = 0x80;
long len = message.Length * 8;
for (int i = 0; i < 8; ++i) msg[msg.Length - 1 - i] = (byte)((len >> (i * 8)) & 255);
//Support.WriteToArray(msg, message.Length * 8, msg.Length - 8);
//for (int i = 0; i <4; ++i) msg[msg.Length - 5 - i] = (byte)(((message.Length*8) >> (i * 8)) & 255);
int chunks = msg.Length / 64;
// Perform hashing for each 512-bit block
for (int i = 0; i < chunks; ++i)
{
// Split block into words
uint[] w = new uint[80];
for (int j = 0; j < 16; ++j)
w[j] |= (uint)((msg[i * 64 + j * 4] << 24) | (msg[i * 64 + j * 4 + 1] << 16) | (msg[i * 64 + j * 4 + 2] << 8) | (msg[i * 64 + j * 4 + 3] << 0));
// Expand words
for (int j = 16; j < 80; ++j)
w[j] = Rot(w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16], 1);
// Initialize chunk-hash
uint
a = h0,
b = h1,
c = h2,
d = h3,
e = h4;
// Do hash rounds
for (int t = 0; t < 80; ++t)
{
uint tmp = ((a << 5) | (a >> (27))) +
( // Round-function
t < 20 ? (b & c) | ((~b) & d) :
t < 40 ? b ^ c ^ d :
t < 60 ? (b & c) | (b & d) | (c & d) :
/*t<80*/ b ^ c ^ d
) +
e +
( // K-function
t < 20 ? 0x5A827999 :
t < 40 ? 0x6ED9EBA1 :
t < 60 ? 0x8F1BBCDC :
/*t<80*/ 0xCA62C1D6
) +
w[t];
e = d;
d = c;
c = Rot(b, 30);
b = a;
a = tmp;
}
h0 += a;
h1 += b;
h2 += c;
h3 += d;
h4 += e;
}
return WriteContiguous(new byte[20], 0, SwapEndian(h0), SwapEndian(h1), SwapEndian(h2), SwapEndian(h3), SwapEndian(h4));
}
private static uint Rot(uint val, int by) => (val << by) | (val >> (32 - by));
// Swap endianness of a given integer
private static uint SwapEndian(uint value) => (uint)(((value >> 24) & (255 << 0)) | ((value >> 8) & (255 << 8)) | ((value << 8) & (255 << 16)) | ((value << 24) & (255 << 24)));
private static byte[] WriteToArray(byte[] target, uint data, int offset)
{
for (int i = 0; i < 4; ++i)
target[i + offset] = (byte)((data >> (i * 8)) & 255);
return target;
}
private static byte[] WriteContiguous(byte[] target, int offset, params uint[] data)
{
for (int i = 0; i < data.Length; ++i) WriteToArray(target, data[i], offset + i * 4);
return target;
}
}
public static class Helper
{
public static byte[] ToArray(this IntX v)
{
v.GetInternalState(out uint[] digits, out bool negative);
byte[] b = DigitConverter.ToBytes(digits);
byte[] b1 = new byte[b.Length];
Array.Copy(b, b1, b.Length);
b1[b.Length] = (byte)(negative ? 1 : 0);
return b1;
}
public static IntX FromArray(byte[] b)
{
if (b.Length == 0) return new IntX();
byte[] b1 = new byte[b.Length - 1];
Array.Copy(b, b1, b1.Length);
uint[] u = DigitConverter.FromBytes(b1);
return new IntX(u, b[b.Length - 1]==1);
}
public static bool BitAt(this uint[] data, long index) => (data[index/8]&(1<<(int)(index%8)))!=0;
public static IntX Abs(this IntX i) => i < 0 ? -i : i;
}
}

189
MLAPI/NetworkingManagerComponents/EllipticCurve.cs Normal file
View File

@ -0,0 +1,189 @@
using System;
using System.Collections.Generic;
using IntXLib;
namespace ECDH
{
public class Point
{
public static readonly Point POINT_AT_INFINITY = new Point();
public IntX X { get; private set; }
public IntX Y { get; private set; }
private bool pai = false;
public Point(IntX x, IntX y)
{
X = x;
Y = y;
}
private Point() { pai = true; } // Accessing corrdinates causes undocumented behaviour
public override string ToString()
{
return pai ? "(POINT_AT_INFINITY)" : "(" + X + ", " + Y + ")";
}
}
public class EllipticCurve
{
public enum CurveType { Weierstrass, Montgomery }
protected readonly IntX a, b, modulo;
protected readonly CurveType type;
public EllipticCurve(IntX a, IntX b, IntX modulo, CurveType type = CurveType.Weierstrass)
{
if (
(type==CurveType.Weierstrass && (4 * a * a * a) + (27 * b * b) == 0) || // Unfavourable Weierstrass curves
(type==CurveType.Montgomery && b * (a * a - 4)==0) // Unfavourable Montgomery curves
) throw new Exception("Unfavourable curve");
this.a = a;
this.b = b;
this.modulo = modulo;
this.type = type;
}
public Point Add(Point p1, Point p2)
{
#if SAFE_MATH
CheckOnCurve(p1);
CheckOnCurve(p2);
#endif
// Special cases
if (p1 == Point.POINT_AT_INFINITY && p2 == Point.POINT_AT_INFINITY) return Point.POINT_AT_INFINITY;
else if (p1 == Point.POINT_AT_INFINITY) return p2;
else if (p2 == Point.POINT_AT_INFINITY) return p1;
else if (p1.X == p2.X && p1.Y == Inverse(p2).Y) return Point.POINT_AT_INFINITY;
IntX x3 = 0, y3 = 0;
if (type == CurveType.Weierstrass)
{
IntX slope = p1.X == p2.X && p1.Y == p2.Y ? Mod((3 * p1.X * p1.X + a) * MulInverse(2 * p1.Y)) : Mod(Mod(p2.Y - p1.Y) * MulInverse(p2.X - p1.X));
x3 = Mod((slope * slope) - p1.X - p2.X);
y3 = Mod(-((slope * x3) + p1.Y - (slope * p1.X)));
}
else if (type == CurveType.Montgomery)
{
if ((p1.X == p2.X && p1.Y == p2.Y))
{
IntX q = 3 * p1.X;
IntX w = q * p1.X;
IntX e = 2 * a;
IntX r = e * p1.X;
IntX t = 2 * b;
IntX y = t * p1.Y;
IntX u = MulInverse(y);
IntX o = w + e + 1;
IntX p = o * u;
}
IntX co = p1.X == p2.X && p1.Y == p2.Y ? Mod((3 * p1.X * p1.X + 2 * a * p1.X + 1) * MulInverse(2 * b * p1.Y)) : Mod(Mod(p2.Y - p1.Y) * MulInverse(p2.X - p1.X)); // Compute a commonly used coefficient
x3 = Mod(b * co * co - a - p1.X - p2.X);
y3 = Mod(((2 * p1.X + p2.X + a) * co) - (b * co * co * co) - p1.Y);
}
return new Point(x3, y3);
}
public Point Multiply(Point p, IntX scalar)
{
if (scalar <= 0) throw new Exception("Cannot multiply by a scalar which is <= 0");
if (p == Point.POINT_AT_INFINITY) return Point.POINT_AT_INFINITY;
Point p1 = new Point(p.X, p.Y);
scalar.GetInternalState(out uint[] u, out bool b);
long high_bit = -1;
for (int i = u.Length - 1; i>=0; --i)
if (u[i] != 0)
{
for(int j = 31; j>=0; --j)
if ((u[i] & (1<<j))!=0)
{
high_bit = j + i * 32;
goto Next;
}
}
Next:
// Double-and-add method
while(high_bit >= 0)
{
p1 = Add(p1, p1); // Double
if ((u.BitAt(high_bit)))
p1 = Add(p1, p); // Add
--high_bit;
}
return p1;
}
protected IntX MulInverse(IntX eq) => MulInverse(eq, modulo);
public static IntX MulInverse(IntX eq, IntX modulo)
{
eq = Mod(eq, modulo);
Stack<IntX> collect = new Stack<IntX>();
IntX v = modulo; // Copy modulo
IntX m;
while((m = v % eq) != 0)
{
collect.Push(-v/eq/*-(m.l_div)*/);
v = eq;
eq = m;
}
if (collect.Count == 0) return 1;
v = 1;
m = collect.Pop();
while (collect.Count > 0)
{
eq = m;
m = v + (m * collect.Pop());
v = eq;
}
return Mod(m, modulo);
}
public Point Inverse(Point p) => Inverse(p, modulo);
protected static Point Inverse(Point p, IntX modulo) => new Point(p.X, Mod(-p.Y, modulo));
public bool IsOnCurve(Point p)
{
try { CheckOnCurve(p); }
catch { return false; }
return true;
}
protected void CheckOnCurve(Point p)
{
if (
p!=Point.POINT_AT_INFINITY && // The point at infinity is asserted to be on the curve
(type == CurveType.Weierstrass && Mod(p.Y * p.Y) != Mod((p.X * p.X * p.X) + (p.X * a) + b)) || // Weierstrass formula
(type == CurveType.Montgomery && Mod(b * p.Y * p.Y) != Mod((p.X * p.X * p.X) + (p.X * p.X * a) + p.X)) // Montgomery formula
) throw new Exception("Point is not on curve");
}
protected IntX Mod(IntX b) => Mod(b, modulo);
private static IntX Mod(IntX x, IntX m)
{
IntX r = x.Abs() > m ? x % m : x;
return r < 0 ? r + m : r;
}
protected static IntX ModPow(IntX x, IntX power, IntX prime)
{
IntX result = 1;
bool setBit = false;
while(power > 0)
{
x %= prime;
setBit = (power & 1) == 1;
power >>= 1;
if (setBit) result *= x;
x *= x;
}
return result;
}
}
}

4
MLAPI/packages.config Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="IntX" version="1.0.1.0" targetFramework="net35" />
</packages>