public async static Task <TlsClientProtocol> PerformSSLHadshakeWithToken(ConnectionState connectionState, CancellationToken token)
{
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol pkiClientProtocol = new TlsClientProtocol(secureRandomInstance);
MyPKITlsClient pkiClient = new MyPKITlsClient();
pkiClientProtocol.Connect(pkiClient);
await SendSelectSslModuleApduAsync(connectionState, token);
await SendSslResetApduAsync(connectionState, token);
while (pkiClient.handshakeFinished != true)
{
int dataAvailable = pkiClientProtocol.GetAvailableOutputBytes();
byte[] data = new byte[dataAvailable];
pkiClientProtocol.ReadOutput(data, 0, dataAvailable);
byte[] response = await SendHandshakeApduAsync(data, connectionState, token);
pkiClientProtocol.OfferInput((byte[])response);
}
return(pkiClientProtocol);
}
public async static Task EstablishSRPChannelAsync(ConnectionState connectionState, CancellationToken token)
{
string keyAsString;
Settings.GetSrpKey(out keyAsString);
byte[] key = keyAsString.ConvertHexStringToByteArray();
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol srpClientProtocol = new TlsClientProtocol(secureRandomInstance);
var srpClient = new MySrpTlsClient(Encoding.ASCII.GetBytes("user"), key);
srpClientProtocol.Connect(srpClient);
var stream = connectionState.client.GetStream();
byte[] inputBuffer = new byte[4096];
while (srpClient.handshakeFinished != true)
{
int dataAvailable = srpClientProtocol.GetAvailableOutputBytes();
if (dataAvailable != 0)
{
byte[] data = new byte[dataAvailable];
srpClientProtocol.ReadOutput(data, 0, dataAvailable);
await stream.WriteAsync(data, 0, dataAvailable, token);
}
int bytesReceived = await stream.ReadAsync(inputBuffer, 0, inputBuffer.Length, token);
if (bytesReceived != 0)
{
byte[] truncatedInputBuffer = new byte[bytesReceived];
Array.Copy(inputBuffer, 0, truncatedInputBuffer, 0, bytesReceived);
srpClientProtocol.OfferInput(truncatedInputBuffer);
}
}
connectionState.srpClientProtocol = srpClientProtocol;
}
private static byte[] UnwrapApdu(byte[] response, TlsClientProtocol tls)
{
tls.OfferInput(response);
int dataAvailable = tls.GetAvailableInputBytes();
if (dataAvailable == 0)
{
throw new RemoteProtocolException("Error in APDU response");
}
byte[] unwrappedData = new byte[dataAvailable];
tls.ReadInput(unwrappedData, 0, unwrappedData.Length);
return(unwrappedData);
}
public void Connect()
{
BasicTlsPskIdentity pskIdentity = null;
if (_userKey != null)
{
if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet))
{
CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier];
if (kid != null)
{
pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
else
{
pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
}
}
_tlsSession = new TLSClient(null, pskIdentity);
_authKey = _userKey;
TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom());
_client = new TcpClient(_ipEndPoint.AddressFamily);
_client.Connect(_ipEndPoint);
_stm = _client.GetStream();
clientProtocol.Connect(_tlsSession);
while (_tlsSession.InHandshake)
{
bool sleep = true;
int cbToRead = clientProtocol.GetAvailableOutputBytes();
if (cbToRead != 0)
{
byte[] data = new byte[cbToRead];
int cbRead = clientProtocol.ReadOutput(data, 0, cbToRead);
_stm.Write(data, 0, cbRead);
sleep = false;
}
if (_stm.DataAvailable)
{
byte[] data = new byte[1024];
int cbRead = _stm.Read(data, 0, data.Length);
Array.Resize(ref data, cbRead);
clientProtocol.OfferInput(data);
sleep = false;
}
if (sleep)
{
Thread.Sleep(100);
}
}
_tlsClient = clientProtocol;
// Send over the capability block
SendCSMSignal();
//
if (_toSend != null)
{
_queue.Enqueue(_toSend);
_toSend = null;
}
_stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);
WriteData();
}
private void ProcessInput(int cbRead)
{
byte[] data;
byte[] result = new byte[cbRead];
Array.Copy(_buffer, 0, result, 0, cbRead);
if (_tlsClient != null)
{
_tlsClient.OfferInput(result);
data = new byte[_tlsClient.GetAvailableInputBytes()];
_tlsClient.ReadInput(data, 0, data.Length);
}
else
{
_tlsServer.OfferInput(result);
data = new byte[_tlsServer.GetAvailableInputBytes()];
_tlsServer.ReadInput(data, 0, data.Length);
}
if (data.Length == 0)
{
_stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);
return;
}
byte[] bytes = new byte[(_carryOver != null ? _carryOver.Length : 0) + data.Length];
if (_carryOver != null)
{
Array.Copy(_carryOver, bytes, _carryOver.Length);
Array.Copy(data, 0, bytes, _carryOver.Length, cbRead);
}
else
{
Array.Copy(data, bytes, data.Length);
}
int cbLeft = bytes.Length;
while (cbLeft > 0)
{
int messageSize;
// Do I have a full record?
int dataSize = (bytes[0] >> 4) & 0xf;
switch (dataSize)
{
case 13:
messageSize = bytes[1] + 13 + 3;
break;
case 14:
messageSize = (bytes[1] * 256 + bytes[2]) + 269 + 4;
break;
case 15:
messageSize = ((bytes[1] * 256 + bytes[2]) * 256 + bytes[3]) * 256 + bytes[4] + 65805 + 6;
break;
default:
messageSize = dataSize + 2;
break;
}
messageSize += (bytes[0] & 0xf); // Add token buffer
if (cbLeft >= messageSize)
{
byte[] message = new byte[messageSize];
int offset;
Array.Copy(bytes, message, messageSize);
Array.Copy(bytes, messageSize, bytes, 0, cbLeft - messageSize);
offset = cbLeft - messageSize;
cbLeft -= messageSize;
FireDataReceived(message, EndPoint, null, this); // M00BUG
}
else
{
break;
}
}
if (cbLeft > 0)
{
_carryOver = new byte[cbLeft];
Array.Copy(bytes, _carryOver, cbLeft);
}
else
{
_carryOver = null;
}
_stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);
}
