diff --git a/Client/Program.cs b/Client/Program.cs
index a5066ed..d837f18 100644
--- a/Client/Program.cs
+++ b/Client/Program.cs
@@ -8,6 +8,7 @@ namespace Client
{
static void Main(string[] args)
{
+ byte[] res = AESFunctions.InvMul(new byte[] { 0b0010_0001 }, new byte[] { 0b0001_1011, 0b0000_0001 });
byte result = AESFunctions.GF28Mod(12);
bool connected = false;
diff --git a/RedpilledOuttaCucktown/AES.cs b/RedpilledOuttaCucktown/AES.cs
index cd83255..7fb6fbc 100644
--- a/RedpilledOuttaCucktown/AES.cs
+++ b/RedpilledOuttaCucktown/AES.cs
@@ -61,7 +61,7 @@ namespace Tofvesson.Crypto
{
rijAlg.Key = Key;
rijAlg.IV = IV;
-
+
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV), CryptoStreamMode.Write))
@@ -132,6 +132,20 @@ namespace Tofvesson.Crypto
}
+ ///
+ /// Object representation of a Galois Field with characteristic 2
+ ///
+ public class Galois2
+ {
+ public static byte[] RijndaelCharacteristic
+ { get { return new byte[] { 0b0001_1011, 0b0000_0001 }; } }
+
+ protected readonly byte[] value;
+ protected readonly byte[] characteristic;
+
+ public Galois2(byte[] value, byte[] characteristic) { }
+ }
+
public static class AESFunctions
{
// Substitution box generated for all 256 possible input bytes from a part of a state
@@ -160,13 +174,18 @@ namespace Tofvesson.Crypto
// MixColumns matrix basis. Used for multiplication over GF(2^8) i.e. mod P(x) where P(x) = x^8 + x^4 + x^3 + x + 1
private static readonly byte[] mix_matrix = new byte[] { 2, 3, 1, 1 };
+ ///
+ /// Rijndael substitution step in the encryption (first thing that happens). This supplied confusion for the algorithm
+ ///
+ /// The AES state
+ /// The substituted bytes for the given state
public static byte[] SBox(byte[] state)
{
for (int i = 0; i < state.Length; ++i) state[i] = rijndael_sbox[state[i]];
return state;
}
- // The AES state is a column-first 4x4 matrix. Demonstrated below are the decimal indices, as would be represented in the state:
+ // The AES state is a column-major 4x4 matrix (for AES-128). Demonstrated below are the decimal indices, as would be represented in the state:
// 00 04 08 12
// 01 05 09 13
// 02 06 10 14
@@ -177,6 +196,12 @@ namespace Tofvesson.Crypto
// 05 09 13 01 - Shifted 1 to the left
// 10 14 02 06 - Shifted 2 to the left
// 15 03 07 11 - Shifted 3 to the left
+
+ ///
+ /// Shifts the rows of the column-major matrix
+ ///
+ ///
+ /// The shifted matrix
public static byte[] ShiftRows(byte[] state)
{
for(int i = 1; i<4; ++i)
@@ -188,7 +213,11 @@ namespace Tofvesson.Crypto
return state;
}
- // MixColumns provides strong diffusion
+ ///
+ /// MixColumns adds diffusion to the algorithm. Performs matrix multiplication under GF(2^8) with the irreducible prime 0x11B (x^8 + x^4 + x^3 + x + 1)
+ ///
+ ///
+ /// A matrix-multiplied and limited state (mixed)
public static byte[] MixColumns(byte[] state)
{
byte[] res = new byte[16];
@@ -210,6 +239,12 @@ namespace Tofvesson.Crypto
return res;
}
+ ///
+ /// Introduces the subkey for this round to the state
+ ///
+ /// The state to introduce the roundkey to
+ /// The subkey
+ /// The state where the roundkey has been added
public static byte[] AddRoundKey(byte[] state, byte[] subkey)
{
for (int i = 0; i < state.Length; ++i) state[i] ^= subkey[i];
@@ -220,21 +255,28 @@ namespace Tofvesson.Crypto
/// Rotate bits to the left by 8 bits. This means that, for example, "0F AB 09 16" becomes "AB 09 16 0F"
///
///
- ///
+ /// Rotated value
public static int Rotate(int i) => ((i >> 24) & 255) & ((i << 8) & ~255);
+ ///
+ /// KDF for a given input string.
+ ///
+ /// Input string to derive key from
+ /// A key and an IV
public static Tuple DeriveKey(string message) =>
new Tuple(
new SHA1CryptoServiceProvider().ComputeHash(Encoding.UTF8.GetBytes(message)).ToLength(128),
new RegularRandomProvider(new Random((int)(new BigInteger(Encoding.UTF8.GetBytes(message)) % int.MaxValue))).GetBytes(new byte[128])
);
+
-
+ // Rijndael helper methods
+ private static byte RCON(int i) => i<=0?(byte)0x8d:GF28Mod(i - 1);
// Finite field arithmetic helper methods
- private static byte RCON(int i) => i<=0?(byte)0x8d:GF28Mod(i - 1);
-
+ private static readonly byte[] ZERO = new byte[1] { 0 };
+ private static readonly byte[] ONE = new byte[1] { 1 };
public static byte GF28Mod(int pow)
{
byte[] val = new byte[1+(pow/8)];
@@ -244,9 +286,9 @@ namespace Tofvesson.Crypto
private static byte GF28Mod(byte[] value)
{
byte[] CA_l;
- while (GT(value, CA_max, true))
+ while (GetFirstSetBit(value)>=8) // In GF(2^8), polynomials may not exceed x^7. This means that a value containing a bit representing x^8 or higher is invalid
{
- CA_l = NeedsAlignment(value) ? AlignCA(value) : CA;
+ CA_l = GetFirstSetBit(value)>=GetFirstSetBit(CA) ? Align(value, (byte[])CA.Clone()) : CA;
byte[] res = new byte[CA_l.Length];
for (int i = 0; i < CA_l.Length; ++i) res[i] = (byte)(value[i] ^ CA_l[i]);
value = ClipZeroes(res);
@@ -255,24 +297,47 @@ namespace Tofvesson.Crypto
}
///
- /// GF(2^8) uses the irreducible polynomial x^8 + x^4 + x^3 + x^1 + x^0 which can be represented as 0001 0001 1011 due to the characteristic of the field
+ /// Performs modulus on a given value by a certain value (mod) over a Galois Field with characteristic 2. This method performs both modulus and division.
+ ///
+ /// Value to perform modular aithmetic on
+ /// Modular value
+ /// The result of the polynomial division and the result of the modulus
+ private static ModResult Mod(byte[] value, byte[] mod)
+ {
+ byte[] divRes = new byte[1];
+ while (GT(value, mod, true))
+ {
+ divRes = FlipBit(divRes, GetFirstSetBit(value) - GetFirstSetBit(mod)); // Notes the bit shift in the division tracker
+ value = Sub(value, Align(mod, value));
+ }
+ return new ModResult(divRes, value);
+ }
+
+ ///
+ /// The rijndael finite field uses the irreducible polynomial x^8 + x^4 + x^3 + x^1 + x^0 which can be represented as 0001 0001 1011 (or 0x11B) due to the characteristic of the field.
+ /// Because 00011011 is the low byte, it is the first value in the array
///
private static readonly byte[] CA = new byte[] { 0b0001_1011, 0b0000_0001 };
private static readonly byte[] CA_max = new byte[] { 0b0000_0000, 0b0000_0001 };
- private static readonly int CA_FSB = 8;
- private static byte[] AlignCA(byte[] value) => SHL((byte[])CA.Clone(), GetFirstSetBit(value) - CA_FSB);
- private static bool NeedsAlignment(byte[] b) => b.Length > 1 && GetFirstSetBit(b) > CA_FSB;
+ private static byte[] Align(byte[] value, byte[] to) => SHL(value, GetFirstSetBit(to) - GetFirstSetBit(value));
+ private static bool NeedsAlignment(byte[] value, byte[] comp) => GetFirstSetBit(value) > GetFirstSetBit(comp);
private static bool GT(byte[] v1, byte[] v2, bool eq)
{
byte[] bigger = v1.Length > v2.Length ? v1 : v2;
byte[] smaller = v1.Length > v2.Length ? v2 : v1;
- for (int i = Math.Max(bigger.Length, smaller.Length)-1; i >= 0; --i)
+ for (int i = bigger.Length-1; i >= 0; --i)
if (i >= smaller.Length && bigger[i] != 0)
return bigger == v1;
else if (i < smaller.Length && bigger[i] != smaller[i])
return (bigger[i] > smaller[i]) ^ (bigger != v1);
return eq;
}
+
+ ///
+ /// Remove preceding zero-bytes
+ ///
+ /// Value to remove preceding zeroes from
+ /// Truncated value (if truncation was necessary)
private static byte[] ClipZeroes(byte[] val)
{
int i = 0;
@@ -282,12 +347,46 @@ namespace Tofvesson.Crypto
return res;
}
+ ///
+ /// Flips the bit at the given binary index in the supplied value. For example, flipping bit 5 in the number 0b0010_0011 would result in 0b0000_0011, whereas flipping index 7 would result in 0b1010_0011.
+ ///
+ /// Value to manipulate bits of
+ /// Index (in bits) of the bit to flip.
+ /// An array (may be the same object as the one given) with a bit flipped.
+ private static byte[] FlipBit(byte[] value, int bitIndex)
+ {
+ if (bitIndex >= value.Length * 8)
+ {
+ byte[] intermediate = new byte[bitIndex/8 + (bitIndex%8==0?0:1)];
+ Array.Copy(value, intermediate, value.Length);
+ value = intermediate;
+ }
+ value[bitIndex / 8] ^= (byte) (1 << (bitIndex % 8));
+ return value;
+ }
+
+ ///
+ /// Get the bit index of the highest bit. This will get the value of the exponent, i.e. index 8 represents x^8
+ ///
+ /// Value to get the highest set bit from
+ /// Index of the highest set bit. -1 if no bits are set
private static int GetFirstSetBit(byte[] b)
{
- for (int i = (b.Length * 8) - 1; i >= 0; --i) if ((b[i / 8] & (1 << (i % 8))) != 0) return i;
+ for (int i = (b.Length * 8) - 1; i >= 0; --i)
+ if (b[i / 8] == 0) i -= i % 8; // Speeds up searches through blank bytes
+ else if ((b[i / 8] & (1 << (i % 8))) != 0)
+ return i;
return -1;
}
+ ///
+ /// Get the state of a bit in the supplied value.
+ ///
+ /// Value to get bit from
+ /// Bit index to get bit from. (Not byte index)
+ ///
+ private static bool BitAt(byte[] value, int index) => (value[index / 8] & (1 << (index % 8))) != 0;
+
private static byte ShiftedBitmask(int start)
{
byte res = 0;
@@ -295,6 +394,73 @@ namespace Tofvesson.Crypto
return res;
}
+ // Addition, Subtraction and XOR are all equivalent under GF(2^8) due to the modular nature of the field
+ private static byte[] Add(byte[] v1, byte[] v2) => XOR(v1, v2);
+ private static byte[] Sub(byte[] v1, byte[] v2) => XOR(v1, v2);
+ private static byte[] XOR(byte[] v1, byte[] v2)
+ {
+ bool size = v1.Length > v2.Length;
+ byte[] bigger = size ? v1 : v2;
+ byte[] smaller = size ? v2 : v1;
+ byte[] res = new byte[bigger.Length];
+ Array.Copy(bigger, res, bigger.Length);
+ for (int i = 0; i < smaller.Length; ++i) res[i] ^= smaller[i];
+ return ClipZeroes(res);
+ }
+
+ ///
+ /// Perform polynomial multiplication under a galois field with characteristic 2
+ ///
+ /// Factor to multiply
+ /// Factor to multiply other value by
+ /// The product of the multiplication
+ private static byte[] Mul(byte[] value, byte[] by)
+ {
+ byte[] result = new byte[0];
+ for (int i = GetFirstSetBit(by); i >= 0; --i)
+ if (BitAt(by, i))
+ result = Add(result, SHL(value, i));
+ return result;
+ }
+
+ ///
+ /// Perform inverse multiplication on a given irreducible polynomial. This is done by performing the extended euclidean algorithm (two-variable linear diophantine equations) on the two inputs.
+ ///
+ ///
+ ///
+ public static byte[] InvMul(byte[] value, byte[] mod)
+ {
+ Stack factors = new Stack();
+ ModResult res;
+ while(!Equals((res = Mod(value, mod)).rem, ZERO))
+ {
+ factors.Push(res.div);
+ value = mod;
+ mod = res.rem;
+ }
+
+ // Values are not coprime. There is no solution!
+ if (!Equals(mod, ONE)) return new byte[0];
+
+ byte[] useful = new byte[1] { 1 };
+ byte[] theOtherOne = factors.Pop();
+ byte[] tmp;
+ while (factors.Count > 0)
+ {
+ tmp = theOtherOne;
+ theOtherOne = Add(useful, Mul(theOtherOne, factors.Pop()));
+ useful = tmp;
+ }
+ return useful;
+ }
+
+ ///
+ /// Shifts bit in the array by 'shift' bits to the left. This means that 0b0010_0000_1000_1111 shited by 2 becomes 0b1000_0010_0011_1100.
+ /// Note: A shift of 0 just acts like a slow value.Clone()
+ ///
+ ///
+ ///
+ ///
private static byte[] SHL(byte[] value, int shift)
{
int set = shift / 8;
@@ -305,8 +471,8 @@ namespace Tofvesson.Crypto
int fsb1 = GetFirstSetBit(value);
if (fsb1 == -1) return value;
byte fsb = (byte)(fsb1 % 8);
- byte[] create = new byte[value.Length + set + (fsb + set >= 7 ? 1: 0)];
- for(int i = set; i= 7 ? 1: 0)];
+ for(int i = set; i> (8-sub));
@@ -314,5 +480,33 @@ namespace Tofvesson.Crypto
create[create.Length - 1] |= carry;
return create;
}
+
+ private static bool Equals(byte[] v1, byte[] v2)
+ {
+ bool cmp = v1.Length > v2.Length;
+ byte[] bigger = cmp ? v1 : v2;
+ byte[] smaller = cmp ? v2 : v1;
+ for (int i = bigger.Length-1; i >= 0; --i)
+ if (i >= smaller.Length)
+ {
+ if (bigger[i] != 0) return false;
+ }
+ else if (bigger[i] != smaller[i]) return false;
+ return true;
+ }
+
+ ///
+ /// Used to store the result of a polynomial division/modulus in GF(2^m)
+ ///
+ private struct ModResult
+ {
+ public ModResult(byte[] div, byte[] rem)
+ {
+ this.div = div;
+ this.rem = rem;
+ }
+ public byte[] div;
+ public byte[] rem;
+ }
}
}
diff --git a/RedpilledOuttaCucktown/Common.csproj b/RedpilledOuttaCucktown/Common.csproj
index de37a5a..70b3f25 100644
--- a/RedpilledOuttaCucktown/Common.csproj
+++ b/RedpilledOuttaCucktown/Common.csproj
@@ -47,7 +47,7 @@
-
+
diff --git a/RedpilledOuttaCucktown/Crypto.cs b/RedpilledOuttaCucktown/RSA.cs
similarity index 100%
rename from RedpilledOuttaCucktown/Crypto.cs
rename to RedpilledOuttaCucktown/RSA.cs
diff --git a/ServerProject b/ServerProject
deleted file mode 160000
index 9963345..0000000
--- a/ServerProject
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 996334583daebe9450069e5d6316d2daf88dd27f