mirrors/LibHac
1
0
Fork 0
mirror of https://github.com/Thealexbarney/LibHac.git synced 2024-11-14 10:49:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rewrite AES CTR classes to give a 6-8x overall speedup

Browse source
This commit is contained in:
Alex Barney 2018-08-24 17:01:27 -05:00
parent 35475ac5a8
commit 26bf0876cb
9 changed files with 258 additions and 314 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
libhac/Aes128CounterMode.cs
View file

@ -1,96 +0,0 @@
// The MIT License (MIT)
// Copyright (c) 2014 Hans Wolff
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Security.Cryptography;
namespace libhac
{
public class CounterModeCryptoTransform
{
private const int BlockSize = 128;
private const int BlockSizeBytes = BlockSize / 8;
private readonly byte[] _counter;
private readonly byte[] _counterEnc = new byte[0x10];
private readonly ICryptoTransform _counterEncryptor;
public CounterModeCryptoTransform(SymmetricAlgorithm symmetricAlgorithm, byte[] key, byte[] counter)
{
if (key == null) throw new ArgumentNullException(nameof(key));
if (counter == null) throw new ArgumentNullException(nameof(counter));
if (counter.Length != BlockSizeBytes)
throw new ArgumentException(String.Format("Counter size must be same as block size (actual: {0}, expected: {1})",
counter.Length, BlockSizeBytes));
_counter = counter;
_counterEncryptor = symmetricAlgorithm.CreateEncryptor(key, new byte[BlockSize / 8]);
}
public int TransformBlock(byte[] inputBuffer, int inputOffset, byte[] outputBuffer, int outputOffset)
{
EncryptCounterThenIncrement();
for (int i = 0; i < 16; i++)
{
outputBuffer[outputOffset + i] = (byte)(inputBuffer[inputOffset + i] ^ _counterEnc[i]);
}
return 16;
}
public void UpdateCounter(long offset)
{
offset >>= 4;
for (uint j = 0; j < 0x8; j++)
{
_counter[0x10 - j - 1] = (byte)(offset & 0xFF);
offset >>= 8;
}
}
public void UpdateCounterSubsection(uint value)
{
_counter[7] = (byte) value;
_counter[6] = (byte) (value >> 8);
_counter[5] = (byte) (value >> 16);
_counter[4] = (byte) (value >> 24);
}
private void EncryptCounterThenIncrement()
{
_counterEncryptor.TransformBlock(_counter, 0, _counter.Length, _counterEnc, 0);
IncrementCounter();
}
private void IncrementCounter()
{
for (var i = _counter.Length - 1; i >= 0; i--)
{
if (++_counter[i] != 0)
break;
}
}
public void Dispose()
{
}
}
}

138
libhac/Aes128CtrStream.cs Normal file
View file

@ -0,0 +1,138 @@
using System;
using System.IO;
using libhac.XTSSharp;
namespace libhac
{
public class Aes128CtrStream : SectorStream
{
private const int CryptChunkSize = 0x4000;
private readonly long _counterOffset;
private readonly byte[] _tempBuffer;
private readonly Aes128CtrTransform _decryptor;
protected readonly byte[] Counter;
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="counterOffset">Offset to add to the counter</param>
/// <param name="ctrHi">The value of the upper 64 bits of the counter</param>
public Aes128CtrStream(Stream baseStream, byte[] key, long counterOffset = 0, byte[] ctrHi = null)
: this(baseStream, key, 0, baseStream.Length, counterOffset, ctrHi) { }
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="counter">The intial counter</param>
public Aes128CtrStream(Stream baseStream, byte[] key, byte[] counter)
: base(baseStream, 0x10, 0)
{
_counterOffset = 0;
Length = baseStream.Length;
_tempBuffer = new byte[CryptChunkSize];
_decryptor = new Aes128CtrTransform(key, counter ?? new byte[0x10], CryptChunkSize);
Counter = _decryptor.Counter;
}
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="offset">Offset to start at in the input stream</param>
/// <param name="length">The length of the created stream</param>
/// <param name="counterOffset">Offset to add to the counter</param>
/// <param name="ctrHi">The value of the upper 64 bits of the counter</param>
public Aes128CtrStream(Stream baseStream, byte[] key, long offset, long length, long counterOffset, byte[] ctrHi = null)
: base(baseStream, CryptChunkSize, offset)
{
var initialCounter = new byte[0x10];
if (ctrHi != null)
{
Array.Copy(ctrHi, initialCounter, 8);
}
_counterOffset = counterOffset;
Length = length;
_tempBuffer = new byte[CryptChunkSize];
_decryptor = new Aes128CtrTransform(key, initialCounter, CryptChunkSize);
Counter = _decryptor.Counter;
UpdateCounter(_counterOffset + base.Position);
}
private void UpdateCounter(long offset)
{
offset >>= 4;
for (uint j = 0; j < 0x8; j++)
{
Counter[0x10 - j - 1] = (byte)(offset & 0xFF);
offset >>= 8;
}
}
public override void Flush()
{
throw new NotImplementedException();
}
public override long Seek(long offset, SeekOrigin origin)
{
switch (origin)
{
case SeekOrigin.Begin:
Position = offset;
break;
case SeekOrigin.Current:
Position += offset;
break;
case SeekOrigin.End:
Position = Length - offset;
break;
}
return Position;
}
public override void SetLength(long value)
{
throw new NotSupportedException();
}
public override void Write(byte[] buffer, int offset, int count)
{
throw new NotImplementedException();
}
public override bool CanRead => true;
public override bool CanSeek => true;
public override bool CanWrite => false;
public override long Length { get; }
public override long Position
{
get => base.Position;
set
{
base.Position = value;
UpdateCounter(_counterOffset + base.Position);
}
}
public override int Read(byte[] buffer, int offset, int count)
{
ValidateSize(count);
var bytesRead = base.Read(_tempBuffer, 0, count);
if (bytesRead == 0) return 0;
return _decryptor.TransformBlock(_tempBuffer, 0, bytesRead, buffer, offset);
}
}
}

94
libhac/Aes128CtrTransform.cs Normal file
View file

@ -0,0 +1,94 @@
using System;
using System.Numerics;
using System.Security.Cryptography;
namespace libhac
{
public class Aes128CtrTransform
{
private const int BlockSize = 128;
private const int BlockSizeBytes = BlockSize / 8;
private readonly int _maxSize;
public readonly byte[] Counter = new byte[BlockSizeBytes];
private readonly byte[] _counterDec;
private readonly byte[] _counterEnc;
private readonly ICryptoTransform _encryptor;
public Aes128CtrTransform(byte[] key, byte[] counter, int maxTransformSize)
{
if (key == null) throw new ArgumentNullException(nameof(key));
if (counter == null) throw new ArgumentNullException(nameof(counter));
if (key.Length != BlockSizeBytes)
throw new ArgumentException($"{nameof(key)} must be {BlockSizeBytes} bytes long");
if (counter.Length != BlockSizeBytes)
throw new ArgumentException($"{nameof(counter)} must be {BlockSizeBytes} bytes long");
Aes aes = Aes.Create();
if (aes == null) throw new CryptographicException("Unable to create AES object");
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.None;
_encryptor = aes.CreateEncryptor(key, new byte[BlockSizeBytes]);
_maxSize = maxTransformSize;
_counterDec = new byte[_maxSize];
_counterEnc = new byte[_maxSize];
Array.Copy(counter, Counter, BlockSizeBytes);
}
public int TransformBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
{
if (inputCount > _maxSize)
throw new ArgumentException($"{nameof(inputCount)} cannot be greater than {_maxSize}");
var blockCount = Util.DivideByRoundUp(inputCount, BlockSizeBytes);
FillDecryptedCounter(blockCount);
_encryptor.TransformBlock(_counterDec, 0, blockCount * BlockSizeBytes, _counterEnc, 0);
XorArrays(inputBuffer, inputOffset, outputBuffer, outputOffset, _counterEnc, inputCount);
return inputCount;
}
private void FillDecryptedCounter(int blockCount)
{
for (int i = 0; i < blockCount; i++)
{
Array.Copy(Counter, 0, _counterDec, i * BlockSizeBytes, BlockSizeBytes);
IncrementCounter();
}
}
private void IncrementCounter()
{
for (int i = Counter.Length - 1; i >= 0; i--)
{
if (++Counter[i] != 0)
break;
}
}
private void XorArrays(byte[] inputBuffer, int inputOffset, byte[] outputBuffer, int outputOffset, byte[] xor, int length)
{
int i = 0;
if (Vector.IsHardwareAccelerated)
{
int simdEnd = Math.Max(length - Vector<byte>.Count, 0);
for (; i < simdEnd; i += Vector<byte>.Count)
{
var inputVec = new Vector<byte>(inputBuffer, inputOffset + i);
var xorVec = new Vector<byte>(xor, i);
var outputVec = inputVec ^ xorVec;
outputVec.CopyTo(outputBuffer, outputOffset + i);
}
}
for (; i < length; i++)
{
outputBuffer[outputOffset + i] = (byte)(inputBuffer[inputOffset + i] ^ xor[i]);
}
}
}
}

200
libhac/AesCtrStream.cs
View file

@ -1,200 +0,0 @@
// Copyright (c) 2010 Gareth Lennox (garethl@dwakn.com)
// All rights reserved.
// Redistribution and use in source and binary forms, with or without modification,
// are permitted provided that the following conditions are met:
// * Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
// * Neither the name of Gareth Lennox nor the names of its
// contributors may be used to endorse or promote products derived from this
// software without specific prior written permission.
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
// THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
using System;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using libhac.XTSSharp;
namespace libhac
{
/// <summary>
/// Xts sector-based
/// </summary>
public class AesCtrStream : SectorStream
{
/// <summary>
/// The default sector size
/// </summary>
public const int DefaultSectorSize = 16;
private readonly byte[] _initialCounter;
private readonly long _counterOffset;
private readonly byte[] _tempBuffer;
private readonly Aes _aes;
protected CounterModeCryptoTransform Decryptor;
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="counterOffset">Offset to add to the counter</param>
/// <param name="ctrHi">The value of the upper 64 bits of the counter</param>
public AesCtrStream(Stream baseStream, byte[] key, long counterOffset = 0, byte[] ctrHi = null)
: this(baseStream, key, 0, baseStream.Length, counterOffset, ctrHi) { }
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="counter">The intial counter</param>
public AesCtrStream(Stream baseStream, byte[] key, byte[] counter)
: base(baseStream, 0x10, 0)
{
_initialCounter = counter.ToArray();
_counterOffset = 0;
Length = baseStream.Length;
_tempBuffer = new byte[0x10];
_aes = Aes.Create();
if (_aes == null) throw new CryptographicException("Unable to create AES object");
_aes.Key = key;
_aes.Mode = CipherMode.ECB;
_aes.Padding = PaddingMode.None;
Decryptor = new CounterModeCryptoTransform(_aes, _aes.Key, _initialCounter ?? new byte[0x10]);
}
/// <summary>
/// Creates a new stream
/// </summary>
/// <param name="baseStream">The base stream</param>
/// <param name="key">The decryption key</param>
/// <param name="offset">Offset to start at in the input stream</param>
/// <param name="length">The length of the created stream</param>
/// <param name="counterOffset">Offset to add to the counter</param>
/// <param name="ctrHi">The value of the upper 64 bits of the counter</param>
public AesCtrStream(Stream baseStream, byte[] key, long offset, long length, long counterOffset, byte[] ctrHi = null)
: base(baseStream, 0x10, offset)
{
_initialCounter = new byte[0x10];
if (ctrHi != null)
{
Array.Copy(ctrHi, _initialCounter, 8);
}
_counterOffset = counterOffset;
Length = length;
_tempBuffer = new byte[0x10];
_aes = Aes.Create();
if (_aes == null) throw new CryptographicException("Unable to create AES object");
_aes.Key = key;
_aes.Mode = CipherMode.ECB;
_aes.Padding = PaddingMode.None;
Decryptor = CreateDecryptor();
}
private CounterModeCryptoTransform CreateDecryptor()
{
var dec = new CounterModeCryptoTransform(_aes, _aes.Key, _initialCounter ?? new byte[0x10]);
dec.UpdateCounter(_counterOffset + Position);
return dec;
}
/// <summary>
/// Releases the unmanaged resources used by the <see cref="T:System.IO.Stream"/> and optionally releases the managed resources.
/// </summary>
/// <param name="disposing">true to release both managed and unmanaged resources; false to release only unmanaged resources.</param>
protected override void Dispose(bool disposing)
{
base.Dispose(disposing);
Decryptor?.Dispose();
}
public override void Flush()
{
throw new NotImplementedException();
}
public override long Seek(long offset, SeekOrigin origin)
{
throw new NotImplementedException();
}
public override void SetLength(long value)
{
throw new NotImplementedException();
}
/// <summary>
/// Writes a sequence of bytes to the current stream and advances the current position within this stream by the number of bytes written.
/// </summary>
/// <param name="buffer">An array of bytes. This method copies <paramref name="count"/> bytes from <paramref name="buffer"/> to the current stream.</param>
/// <param name="offset">The zero-based byte offset in <paramref name="buffer"/> at which to begin copying bytes to the current stream.</param>
/// <param name="count">The number of bytes to be written to the current stream.</param>
public override void Write(byte[] buffer, int offset, int count)
{
throw new NotImplementedException();
}
public override bool CanRead => true;
public override bool CanSeek => true;
public override bool CanWrite => false;
public override long Length { get; }
public override long Position
{
get => base.Position;
set
{
base.Position = value;
Decryptor.UpdateCounter(_counterOffset + base.Position);
}
}
/// <summary>
/// Reads a sequence of bytes from the current stream and advances the position within the stream by the number of bytes read.
/// </summary>
/// <returns>The total number of bytes read into the buffer. This can be less than the number of bytes requested if that many bytes are not currently available, or zero (0) if the end of the stream has been reached.</returns>
/// <param name="buffer">An array of bytes. When this method returns, the buffer contains the specified byte array with the values between <paramref name="offset"/> and (<paramref name="offset"/> + <paramref name="count"/> - 1) replaced by the bytes read from the current source. </param>
/// <param name="offset">The zero-based byte offset in <paramref name="buffer"/> at which to begin storing the data read from the current stream.</param>
/// <param name="count">The maximum number of bytes to be read from the current stream.</param>
public override int Read(byte[] buffer, int offset, int count)
{
ValidateSize(count);
//read the sector from the base stream
var ret = base.Read(_tempBuffer, 0, count);
if (ret == 0)
return 0;
if (Decryptor == null)
Decryptor = CreateDecryptor();
//decrypt the sector
var retV = Decryptor.TransformBlock(_tempBuffer, 0, buffer, offset);
//Console.WriteLine("Decrypting sector {0} == {1} bytes", currentSector, retV);
return retV;
}
}
}

28
libhac/BktrCryptoStream.cs
View file

@ -1,27 +1,23 @@
using System;
using System.Collections.Generic;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using libhac.XTSSharp;
namespace libhac
{
public class BktrCryptoStream : AesCtrStream
public class BktrCryptoStream : Aes128CtrStream
{
public SubsectionBlock SubsectionBlock { get; }
private List<SubsectionEntry> SubsectionEntries { get; } = new List<SubsectionEntry>();
private List<long> SubsectionOffsets { get; }
private SubsectionEntry CurrentEntry { get; set; }
public BktrCryptoStream(Stream baseStream, byte[] key, long offset, long length, long counterOffset, byte[] ctrHi, NcaSection section)
public BktrCryptoStream(Stream baseStream, byte[] key, long offset, long length, long counterOffset, byte[] ctrHi, BktrSuperblock bktr)
: base(baseStream, key, offset, length, counterOffset, ctrHi)
{
if (section.Type != SectionType.Bktr) throw new ArgumentException("Section is not of type BKTR");
var bktr = section.Header.Bktr;
var header = bktr.SubsectionHeader;
BktrHeader header = bktr.SubsectionHeader;
byte[] subsectionBytes;
using (var streamDec = new RandomAccessSectorStream(new AesCtrStream(baseStream, key, offset, length, counterOffset, ctrHi)))
using (var streamDec = new RandomAccessSectorStream(new Aes128CtrStream(baseStream, key, offset, length, counterOffset, ctrHi)))
{
streamDec.Position = header.Offset;
subsectionBytes = new byte[header.Size];
@ -56,7 +52,7 @@ namespace libhac
SubsectionOffsets = SubsectionEntries.Select(x => x.Offset).ToList();
CurrentEntry = GetSubsectionEntry(0);
Decryptor.UpdateCounterSubsection(CurrentEntry.Counter);
UpdateCounterSubsection(CurrentEntry.Counter);
baseStream.Position = offset;
}
@ -67,7 +63,7 @@ namespace libhac
{
base.Position = value;
CurrentEntry = GetSubsectionEntry(value);
Decryptor.UpdateCounterSubsection(CurrentEntry.Counter);
UpdateCounterSubsection(CurrentEntry.Counter);
}
}
@ -77,7 +73,7 @@ namespace libhac
if (Position >= CurrentEntry.OffsetEnd)
{
CurrentEntry = CurrentEntry.Next;
Decryptor.UpdateCounterSubsection(CurrentEntry.Counter);
UpdateCounterSubsection(CurrentEntry.Counter);
}
return ret;
@ -89,5 +85,13 @@ namespace libhac
if (index < 0) index = ~index - 1;
return SubsectionEntries[index];
}
private void UpdateCounterSubsection(uint value)
{
Counter[7] = (byte)value;
Counter[6] = (byte)(value >> 8);
Counter[5] = (byte)(value >> 16);
Counter[4] = (byte)(value >> 24);
}
}
}

2
libhac/Crypto.cs
View file

@ -83,7 +83,7 @@ namespace libhac
Array.Copy(encryptedKey, 0x10, body, 0, 0x230);
var dec = new byte[0x230];
using (var streamDec = new RandomAccessSectorStream(new AesCtrStream(new MemoryStream(body), kek, counter)))
using (var streamDec = new RandomAccessSectorStream(new Aes128CtrStream(new MemoryStream(body), kek, counter)))
{
streamDec.Read(dec, 0, dec.Length);
}

6
libhac/Nca.cs
View file

@ -115,10 +115,10 @@ namespace libhac
case SectionCryptType.XTS:
break;
case SectionCryptType.CTR:
return new RandomAccessSectorStream(new AesCtrStream(sectionStream, DecryptedKeys[2], offset, sect.Header.Ctr), false);
return new RandomAccessSectorStream(new Aes128CtrStream(sectionStream, DecryptedKeys[2], offset, sect.Header.Ctr), false);
case SectionCryptType.BKTR:
var patchStream = new RandomAccessSectorStream(
new BktrCryptoStream(sectionStream, DecryptedKeys[2], 0, size, offset, sect.Header.Ctr, sect),
new BktrCryptoStream(sectionStream, DecryptedKeys[2], 0, size, offset, sect.Header.Ctr, sect.Header.Bktr),
false);
if (BaseNca == null)
{
@ -224,7 +224,7 @@ namespace libhac
private void CheckBktrKey(NcaSection sect)
{
var offset = sect.Header.Bktr.SubsectionHeader.Offset;
using (var streamDec = new RandomAccessSectorStream(new AesCtrStream(GetStream(), DecryptedKeys[2], sect.Offset, sect.Size, sect.Offset, sect.Header.Ctr)))
using (var streamDec = new RandomAccessSectorStream(new Aes128CtrStream(GetStream(), DecryptedKeys[2], sect.Offset, sect.Size, sect.Offset, sect.Header.Ctr)))
{
var reader = new BinaryReader(streamDec);
streamDec.Position = offset + 8;

4
libhac/Romfs.cs
View file

@ -27,9 +27,9 @@ namespace libhac
using (var reader = new BinaryReader(StreamSource.CreateStream(), Encoding.Default, true))
{
Header = new RomfsHeader(reader);
stream.Position = Header.DirMetaTableOffset;
reader.BaseStream.Position = Header.DirMetaTableOffset;
dirMetaTable = reader.ReadBytes((int)Header.DirMetaTableSize);
stream.Position = Header.FileMetaTableOffset;
reader.BaseStream.Position = Header.FileMetaTableOffset;
fileMetaTable = reader.ReadBytes((int)Header.FileMetaTableSize);
}

4
libhac/libhac.csproj
View file

@ -6,4 +6,8 @@
<LangVersion>7.3</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="System.Numerics.Vectors" Version="4.5.0" Condition=" '$(TargetFramework)' == 'net45' " />
</ItemGroup>
</Project>