Ejemplo n.º 1
0
 /// <summary>
 /// Create a PSK version of a TLS Key Pair
 /// </summary>
 /// <param name="sharedSecret">PSK value</param>
 public TlsKeyPair(OneKey sharedSecret)
 {
     this.PrivateKey = sharedSecret ?? throw new ArgumentNullException(nameof(sharedSecret));
     if (!sharedSecret.HasKeyType((int)GeneralValuesInt.KeyType_Octet))
     {
         throw new ArgumentException("Not a shared secret key");
     }
     CertType = 0;
 }
Ejemplo n.º 2
0
        protected TlsSignerCredentials GetECDsaSignerCredentials()
        {
#if SUPPORT_RPK
            if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
            {
                OneKey k = _tlsKeyPair.PublicKey;
                if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                    k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                {
                    X9ECParameters         p          = k.GetCurve();
                    ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                    ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                    ECPoint point = k.GetPoint();
                    ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);

                    SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                    return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                }
            }
#endif

#if SUPPORT_TLS_CWT
            if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
            {
                OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key;
                if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                    k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                {
                    X9ECParameters         p          = k.GetCurve();
                    ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                    ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                    return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                }
            }
#endif

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
            {
                CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            if (e.SignerCredentials != null)
            {
                return(e.SignerCredentials);
            }
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }
Ejemplo n.º 3
0
            public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
            {
                if (certificateRequest.CertificateTypes == null ||
                    !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
                {
                    return(null);
                }

#if SUPPORT_RPK
                if (_rawPublicKey != null)
                {
                    OneKey k = _rawPublicKey;
                    if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
                        k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
                    {
                        X9ECParameters         p          = k.GetCurve();
                        ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                        ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                        ECPoint point = k.GetPoint();
                        ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);

                        SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                        return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                    }
                }

                /*
                 * byte[] certificateTypes = certificateRequest.CertificateTypes;
                 * if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
                 *  return null;
                 *
                 * return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms,
                 *  SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
                 */
#endif
                // If we did not fine appropriate signer credientials - ask for help

                TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
                {
                    CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (e.SignerCredentials != null)
                {
                    return(e.SignerCredentials);
                }
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
Ejemplo n.º 4
0
            public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
            {
                if (certificateRequest.CertificateTypes == null ||
                    !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
                {
                    return(null);
                }

                if (TlsKey != null)
                {
                    if (TlsKey.CertType == CertificateType.X509)
                    {
                        return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(),
                                                               new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                    }
#if SUPPORT_RPK
                    else if (TlsKey.CertType == CertificateType.RawPublicKey)
                    {
                        OneKey k = TlsKey.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            X9ECParameters         p          = k.GetCurve();
                            ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                            ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                            ECPoint point = k.GetPoint();
                            ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);

                            SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                            return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
#endif
#if SUPPORT_TLS_CWT
                    else if (TlsKey.CertType == CertificateType.CwtPublicKey)
                    {
                        OneKey k = TlsKey.PublicCwt.Cnf.Key;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey();

                            return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey,
                                                                   new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
#endif
                }

                // If we did not fine appropriate signer credentials - ask for help

                TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
                {
                    CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (e.SignerCredentials != null)
                {
                    return(e.SignerCredentials);
                }
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
Ejemplo n.º 5
0
        protected override TlsSignerCredentials GetECDsaSignerCredentials()
        {
            byte[] certTypes;

            if (mClientExtensions.Contains(ExtensionType.server_certificate_type))
            {
                certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type];
            }
            else
            {
                certTypes = new byte[] { CertificateType.X509 };
            }

            foreach (byte b in certTypes)
            {
                if (b == CertificateType.X509)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            return(new DefaultTlsSignerCredentials(
                                       mContext,
                                       new Certificate(kp.X509Certificate),
                                       kp.PrivateKey.AsPrivateKey(),
                                       new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#if SUPPORT_RPK
                if (b == CertificateType.RawPublicKey)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PublicKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            AsymmetricKeyParameter param = k.AsPublicKey();

                            SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                            return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(),
                                                                   new SignatureAndHashAlgorithm(
                                                                       HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#endif
#if SUPPORT_TLS_CWT
                if (b == CertificateType.CwtPublicKey)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            CwtPublicKey           cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes());
                            AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey();
                            cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey));

                            return(new DefaultTlsSignerCredentials(
                                       mContext, cwtKey, kp.PrivateKey.AsPrivateKey(),
                                       new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#endif
            }

            // If we did not fine appropriate signer credentials - ask for help

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
            {
                CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            if (e.SignerCredentials != null)
            {
                return(e.SignerCredentials);
            }
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }
Ejemplo n.º 6
0
        public void Connect()
        {
            BasicTlsPskIdentity pskIdentity = null;

            if (_userKey != null)
            {
                if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet))
                {
                    CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier];

                    if (kid != null)
                    {
                        pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
                    }
                    else
                    {
                        pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
                    }
                }
            }

            _tlsSession = new TLSClient(null, pskIdentity);
            _authKey    = _userKey;

            TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom());

            _client = new TcpClient(_ipEndPoint.AddressFamily);

            _client.Connect(_ipEndPoint);
            _stm = _client.GetStream();

            clientProtocol.Connect(_tlsSession);

            while (_tlsSession.InHandshake)
            {
                bool sleep    = true;
                int  cbToRead = clientProtocol.GetAvailableOutputBytes();
                if (cbToRead != 0)
                {
                    byte[] data   = new byte[cbToRead];
                    int    cbRead = clientProtocol.ReadOutput(data, 0, cbToRead);
                    _stm.Write(data, 0, cbRead);
                    sleep = false;
                }

                if (_stm.DataAvailable)
                {
                    byte[] data   = new byte[1024];
                    int    cbRead = _stm.Read(data, 0, data.Length);
                    Array.Resize(ref data, cbRead);
                    clientProtocol.OfferInput(data);
                    sleep = false;
                }

                if (sleep)
                {
                    Thread.Sleep(100);
                }
            }

            _tlsClient = clientProtocol;

            //  Send over the capability block

            SendCSMSignal();

            //

            if (_toSend != null)
            {
                _queue.Enqueue(_toSend);
                _toSend = null;
            }

            _stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);

            WriteData();
        }