// TODO Move this when other JCE tests are ported from Java
/**
* signature with a "forged signature" (sig block not at end of plain text)
*/
private void doTestBadSig()//PrivateKey priv, PublicKey pub)
{
// Signature sig = Signature.getInstance("SHA1WithRSAEncryption", "BC");
ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
// KeyPairGenerator fact;
// KeyPair keyPair;
// byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
// fact = KeyPairGenerator.getInstance("RSA", "BC");
RsaKeyPairGenerator fact = new RsaKeyPairGenerator();
// fact.initialize(768, new SecureRandom());
RsaKeyGenerationParameters factParams = new RsaKeyGenerationParameters(
// BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);
BigInteger.ValueOf(3), new SecureRandom(), 768, 25);
fact.Init(factParams);
// keyPair = fact.generateKeyPair();
//
// PrivateKey signingKey = keyPair.getPrivate();
// PublicKey verifyKey = keyPair.getPublic();
AsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair();
AsymmetricKeyParameter priv = keyPair.Private;
AsymmetricKeyParameter pub = keyPair.Public;
// testBadSig(signingKey, verifyKey);
// MessageDigest sha1 = MessageDigest.getInstance("SHA1", "BC");
IDigest sha1 = DigestUtilities.GetDigest("SHA1");
// Cipher signer = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
// IBufferedCipher signer = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding");
IAsymmetricBlockCipher signer = new Pkcs1Encoding(new RsaEngine());
// signer.init(Cipher.ENCRYPT_MODE, priv);
signer.Init(true, priv);
// byte[] block = new byte[signer.getBlockSize()];
// byte[] block = new byte[signer.GetBlockSize()];
byte[] block = new byte[signer.GetInputBlockSize()];
// sha1.update((byte)0);
sha1.Update(0);
// byte[] sigHeader = Hex.decode("3021300906052b0e03021a05000414");
byte[] sigHeader = Hex.Decode("3021300906052b0e03021a05000414");
// System.arraycopy(sigHeader, 0, block, 0, sigHeader.length);
Array.Copy(sigHeader, 0, block, 0, sigHeader.Length);
// sha1.digest(block, sigHeader.length, sha1.getDigestLength());
sha1.DoFinal(block, sigHeader.Length);
// System.arraycopy(sigHeader, 0, block,
// sigHeader.length + sha1.getDigestLength(), sigHeader.length);
Array.Copy(sigHeader, 0, block,
sigHeader.Length + sha1.GetDigestSize(), sigHeader.Length);
// byte[] sigBytes = signer.doFinal(block);
byte[] sigBytes = signer.ProcessBlock(block, 0, block.Length);
// Signature verifier = Signature.getInstance("SHA1WithRSA", "BC");
ISigner verifier = SignerUtilities.GetSigner("SHA1WithRSA");
// verifier.initVerify(pub);
verifier.Init(false, pub);
// verifier.update((byte)0);
verifier.Update(0);
// if (verifier.verify(sig))
if (verifier.VerifySignature(sigBytes))
{
// fail("bad signature passed");
Fail("bad signature passed");
}
}
public static byte[] SafeDecryptPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPrivateKey,
byte[] encryptedPreMasterSecret)
{
/*
* RFC 5246 7.4.7.1.
*/
ProtocolVersion clientVersion = context.ClientVersion;
// TODO Provide as configuration option?
bool versionNumberCheckDisabled = false;
/*
* Generate 48 random bytes we can use as a Pre-Master-Secret, if the
* PKCS1 padding check should fail.
*/
byte[] fallback = new byte[48];
context.SecureRandom.NextBytes(fallback);
byte[] M = Arrays.Clone(fallback);
try
{
Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine(), fallback);
encoding.Init(false,
new ParametersWithRandom(rsaServerPrivateKey, context.SecureRandom));
M = encoding.ProcessBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length);
}
catch (Exception)
{
/*
* This should never happen since the decryption should never throw an exception
* and return a random value instead.
*
* In any case, a TLS server MUST NOT generate an alert if processing an
* RSA-encrypted premaster secret message fails, or the version number is not as
* expected. Instead, it MUST continue the handshake with a randomly generated
* premaster secret.
*/
}
/*
* If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST
* check the version number [..].
*/
if (versionNumberCheckDisabled && clientVersion.IsEqualOrEarlierVersionOf(ProtocolVersion.TLSv10))
{
/*
* If the version number is TLS 1.0 or earlier, server
* implementations SHOULD check the version number, but MAY have a
* configuration option to disable the check.
*
* So there is nothing to do here.
*/
}
else
{
/*
* OK, we need to compare the version number in the decrypted Pre-Master-Secret with the
* clientVersion received during the handshake. If they don't match, we replace the
* decrypted Pre-Master-Secret with a random one.
*/
int correct = (clientVersion.MajorVersion ^ (M[0] & 0xff))
| (clientVersion.MinorVersion ^ (M[1] & 0xff));
correct |= correct >> 1;
correct |= correct >> 2;
correct |= correct >> 4;
int mask = ~((correct & 1) - 1);
/*
* mask will be all bits set to 0xff if the version number differed.
*/
for (int i = 0; i < 48; i++)
{
M[i] = (byte)((M[i] & (~mask)) | (fallback[i] & mask));
}
}
return(M);
}
public byte[] Decrypt(int cbitKey, EncryptMessage msg)
{
JWK key = _mKey;
if (key == null)
{
throw new JoseException("No key specified.");
}
string alg;
alg = FindAttr("alg", msg).AsString();
switch (alg)
{
case "dir":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(key.AsBytes("k"));
case "ECDH-ES": {
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, cbitKey, FindAttr("enc", msg).AsString());
return(kwKey);
}
case "A128KW":
case "A192KW":
case "A256KW":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(AES_KeyWrap(key.AsBytes("k")));
case "A128GCMKW":
case "A192GCMKW":
case "A256GCMKW":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(AESGCM_KeyWrap(key.AsBytes("k"), msg));
case "PBES2-HS256+A128KW":
case "PBES2-HS384+A192KW":
case "PBES2-HS512+A256KW": {
if (key.AsString("kty") != "oct")
{
return(null);
}
byte[] saltInput = Message.base64urldecode(FindAttr("p2s", msg).AsString());
byte[] algBytes = Encoding.UTF8.GetBytes(alg);
byte[] salt = new byte[alg.Length + 1 + saltInput.Length];
Array.Copy(algBytes, salt, algBytes.Length);
Array.Copy(saltInput, 0, salt, algBytes.Length + 1, saltInput.Length);
int iterCount = FindAttr("p2c", msg).AsInt32();
byte[] rgbSecret = PBKDF2(key.AsBytes("k"), salt, iterCount, 256 / 8, new Sha512Digest());
return(AES_KeyWrap(rgbSecret));
}
case "RSA-OAEP-256":
case "RSA-OAEP": {
IAsymmetricBlockCipher cipher = new OaepEncoding(new RsaEngine(), alg == "RSA-OAEP" ? (IDigest) new Sha1Digest() : new Sha256Digest());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(key.AsBigInteger("n"), key.AsBigInteger("e"), key.AsBigInteger("d"), key.AsBigInteger("p"), key.AsBigInteger("q"),
key.AsBigInteger("dp"), key.AsBigInteger("dq"), key.AsBigInteger("qi"));
cipher.Init(false, prv);
byte[] outBytes = cipher.ProcessBlock(_rgbEncrypted, 0, _rgbEncrypted.Length);
return(outBytes);
}
case "ECDH-ES+A128KW": {
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 128, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "ECDH-ES+A192KW": {
if (key.AsString("kty") != "EC")
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 192, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "ECDH-ES+A256KW": {
if (key.AsString("kty") != "EC")
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 256, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "RSA1_5": {
if (key.AsString("kty") != "RSA")
{
return(null);
}
IAsymmetricBlockCipher cipher = new Pkcs1Encoding(new RsaEngine());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(key.AsBigInteger("n"), key.AsBigInteger("e"), key.AsBigInteger("d"), key.AsBigInteger("p"), key.AsBigInteger("q"),
key.AsBigInteger("dp"), key.AsBigInteger("dq"), key.AsBigInteger("qi"));
cipher.Init(false, prv);
return(cipher.ProcessBlock(_rgbEncrypted, 0, _rgbEncrypted.Length));
}
}
return(null);
}
/// <summary>
/// Answers the message.
/// </summary>
/// <param name='messageStream'>Message stream.</param>
/// <param name="process">The calling process or <c>null</c> if the process
/// could not be obtained.</param>
/// <remarks>code based on winpgnt.c from PuTTY source code</remarks>
public void AnswerMessage(Stream messageStream, Process process = null)
{
if (messageStream.CanTimeout)
{
messageStream.ReadTimeout = 5000;
}
var messageParser = new BlobParser(messageStream);
var responseBuilder = new BlobBuilder();
BlobHeader header;
try {
header = messageParser.ReadHeader();
if (MessageReceived != null)
{
var eventArgs = new MessageReceivedEventArgs(header);
MessageReceived(this, eventArgs);
if (eventArgs.Fail)
{
throw new Exception();
}
}
} catch (Exception) {
header = new BlobHeader();
header.Message = Message.UNKNOWN;
// this will cause the switch statement below to use the default case
// which returns an error to the stream.
}
switch (header.Message)
{
case Message.SSH1_AGENTC_REQUEST_RSA_IDENTITIES:
/*
* Reply with SSH1_AGENT_RSA_IDENTITIES_ANSWER.
*/
try {
if (header.BlobLength > 1)
{
// ruby net-ssh tries to send a SSH2_AGENT_REQUEST_VERSION message
// which has the same id number as SSH1_AGENTC_REQUEST_RSA_IDENTITIES
// with a string tacked on. We need to read the string from the
// stream, but it is not used for anything.
messageParser.ReadString();
}
var keyList = ListKeys(SshVersion.SSH1);
if (FilterKeyListCallback != null)
{
keyList = FilterKeyListCallback(keyList);
}
foreach (SshKey key in keyList)
{
responseBuilder.AddBytes(key.GetPublicKeyBlob());
responseBuilder.AddStringBlob(key.Comment);
}
responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_IDENTITIES_ANSWER,
keyList.Count);
// TODO may want to check that there is enough room in the message stream
break; // succeeded
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_REQUEST_IDENTITIES:
/*
* Reply with SSH2_AGENT_IDENTITIES_ANSWER.
*/
try {
var keyList = ListKeys(SshVersion.SSH2);
if (FilterKeyListCallback != null)
{
keyList = FilterKeyListCallback(keyList);
}
foreach (SshKey key in keyList)
{
responseBuilder.AddBlob(key.GetPublicKeyBlob());
responseBuilder.AddStringBlob(key.Comment);
}
responseBuilder.InsertHeader(Message.SSH2_AGENT_IDENTITIES_ANSWER,
keyList.Count);
// TODO may want to check that there is enough room in the message stream
break; // succeeded
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_RSA_CHALLENGE:
/*
* Reply with either SSH1_AGENT_RSA_RESPONSE or
* SSH_AGENT_FAILURE, depending on whether we have that key
* or not.
*/
try {
//Reading publicKey information
var publicKeyParams = messageParser.ReadSsh1PublicKeyData(true);
//Searching for Key here
var matchingKey = mKeyList.Where(key => key.Version == SshVersion.SSH1 &&
(key.GetPublicKeyParameters().Equals(publicKeyParams))).Single();
//Reading challenge
var encryptedChallenge = messageParser.ReadSsh1BigIntBlob();
var sessionId = messageParser.ReadBytes(16);
//Checking responseType field
if (messageParser.ReadUInt32() != 1)
{
goto default; //responseType !=1 is not longer supported
}
//Answering to the challenge
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(false /* decrypt */, matchingKey.GetPrivateKeyParameters());
var decryptedChallenge = engine.ProcessBlock(encryptedChallenge,
0, encryptedChallenge.Length);
using (MD5 md5 = MD5.Create()) {
var md5Buffer = new byte[48];
decryptedChallenge.CopyTo(md5Buffer, 0);
sessionId.CopyTo(md5Buffer, 32);
responseBuilder.AddBytes(md5.ComputeHash(md5Buffer));
responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_RESPONSE);
break;
}
} catch (InvalidOperationException) {
// this is expected if there is not a matching key
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_SIGN_REQUEST:
/*
* Reply with either SSH2_AGENT_SIGN_RESPONSE or SSH_AGENT_FAILURE,
* depending on whether we have that key or not.
*/
try {
var keyBlob = messageParser.ReadBlob();
var reqData = messageParser.ReadBlob();
var flags = new SignRequestFlags();
try {
// usually, there are no flags, so parser will throw
flags = (SignRequestFlags)messageParser.ReadUInt32();
} catch { }
var matchingKey =
mKeyList.Where(key => key.Version == SshVersion.SSH2 &&
key.GetPublicKeyBlob().SequenceEqual(keyBlob)).First();
var confirmConstraints = matchingKey.Constraints
.Where(constraint => constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
if (confirmConstraints.Count() > 0)
{
if (!ConfirmUserPermissionCallback.Invoke(matchingKey, process))
{
goto default;
}
}
/* create signature */
var signKey = matchingKey;
var signer = signKey.GetSigner();
var algName = signKey.Algorithm.GetIdentifierString();
signer.Init(true, signKey.GetPrivateKeyParameters());
signer.BlockUpdate(reqData, 0, reqData.Length);
byte[] signature = signer.GenerateSignature();
signature = signKey.FormatSignature(signature);
BlobBuilder signatureBuilder = new BlobBuilder();
if (!flags.HasFlag(SignRequestFlags.SSH_AGENT_OLD_SIGNATURE))
{
signatureBuilder.AddStringBlob(algName);
}
signatureBuilder.AddBlob(signature);
responseBuilder.AddBlob(signatureBuilder.GetBlob());
responseBuilder.InsertHeader(Message.SSH2_AGENT_SIGN_RESPONSE);
try {
KeyUsed(this, new KeyUsedEventArgs(signKey, process));
} catch { }
break; // succeeded
} catch (InvalidOperationException) {
// this is expected if there is not a matching key
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failure
case Message.SSH1_AGENTC_ADD_RSA_IDENTITY:
case Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED:
/*
* Add to the list and return SSH_AGENT_SUCCESS, or
* SSH_AGENT_FAILURE if the key was malformed.
*/
if (IsLocked)
{
goto default;
}
bool ssh1constrained = (header.Message == Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
try {
var publicKeyParams = messageParser.ReadSsh1PublicKeyData(false);
var keyPair = messageParser.ReadSsh1KeyData(publicKeyParams);
SshKey key = new SshKey(SshVersion.SSH1, keyPair);
key.Comment = messageParser.ReadString();
key.Source = "External client";
if (ssh1constrained)
{
while (messageStream.Position < header.BlobLength + 4)
{
KeyConstraint constraint = new KeyConstraint();
constraint.Type = (KeyConstraintType)messageParser.ReadUInt8();
if (constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME)
{
constraint.Data = messageParser.ReadUInt32();
}
key.AddConstraint(constraint);
}
}
AddKey(key);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
} catch (CallbackNullException) {
// this is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_ADD_IDENTITY:
case Message.SSH2_AGENTC_ADD_ID_CONSTRAINED:
/*
* Add to the list and return SSH_AGENT_SUCCESS, or
* SSH_AGENT_FAILURE if the key was malformed.
*/
if (IsLocked)
{
goto default;
}
bool constrained = (header.Message ==
Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
try {
OpensshCertificate cert;
var publicKeyParams = messageParser.ReadSsh2PublicKeyData(out cert);
var keyPair = messageParser.ReadSsh2KeyData(publicKeyParams);
SshKey key = new SshKey(SshVersion.SSH2, keyPair, null, cert);
key.Comment = messageParser.ReadString();
key.Source = "External client";
if (constrained)
{
while (messageStream.Position < header.BlobLength + 4)
{
KeyConstraint constraint = new KeyConstraint();
constraint.Type =
(KeyConstraintType)messageParser.ReadUInt8();
if (constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME)
{
constraint.Data = messageParser.ReadUInt32();
}
key.AddConstraint(constraint);
}
}
AddKey(key);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; // success!
} catch (CallbackNullException) {
// this is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY:
case Message.SSH2_AGENTC_REMOVE_IDENTITY:
/*
* Remove from the list and return SSH_AGENT_SUCCESS, or
* perhaps SSH_AGENT_FAILURE if it wasn't in the list to
* start with.
*/
if (IsLocked)
{
goto default;
}
SshVersion removeVersion;
byte[] rKeyBlob;
if (header.Message == Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY)
{
removeVersion = SshVersion.SSH1;
rKeyBlob = messageParser.ReadBytes(header.BlobLength - 1);
}
else if (header.Message == Message.SSH2_AGENTC_REMOVE_IDENTITY)
{
removeVersion = SshVersion.SSH2;
rKeyBlob = messageParser.ReadBlob();
}
else
{
Debug.Fail("Should not get here.");
goto default;
}
try {
var matchingKey = mKeyList.Get(removeVersion, rKeyBlob);
var startKeyListLength = mKeyList.Count;
RemoveKey(matchingKey);
// only succeed if key was removed
if (mKeyList.Count == startKeyListLength - 1)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; //success!
}
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
case Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
/*
* Remove all SSH-1 or SSH-2 keys.
*/
if (IsLocked)
{
goto default;
}
SshVersion removeAllVersion;
if (header.Message == Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES)
{
removeAllVersion = SshVersion.SSH1;
}
else if (header.Message == Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES)
{
removeAllVersion = SshVersion.SSH2;
}
else
{
Debug.Fail("Should not get here.");
goto default;
}
try {
RemoveAllKeys(removeAllVersion);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; //success!
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH_AGENTC_LOCK:
try {
var passphrase = new PinnedArray <byte>(messageParser.ReadBlob());
try {
Lock(passphrase.Data);
} finally {
passphrase.Clear();
}
if (IsLocked)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
}
} catch (AgentLockedException) {
// This is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default;
case Message.SSH_AGENTC_UNLOCK:
try {
var passphrase = new PinnedArray <byte>(messageParser.ReadBlob());
try {
Unlock(passphrase.Data);
} finally {
passphrase.Clear();
}
if (!IsLocked)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
}
} catch (AgentLockedException) {
// This is expected
} catch (PassphraseException) {
// This is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default;
default:
responseBuilder.Clear();
responseBuilder.InsertHeader(Message.SSH_AGENT_FAILURE);
break;
}
/* write response to stream */
if (messageStream.CanSeek)
{
messageStream.Position = 0;
}
messageStream.Write(responseBuilder.GetBlob(), 0, responseBuilder.Length);
messageStream.Flush();
}
private void processHandshake()
{
bool read;
do
{
read = false;
/*
* We need the first 4 bytes, they contain type and length of
* the message.
*/
if (handshakeQueue.Available >= 4)
{
byte[] beginning = new byte[4];
handshakeQueue.Read(beginning, 0, 4, 0);
MemoryStream bis = new MemoryStream(beginning, false);
short type = TlsUtilities.ReadUint8(bis);
int len = TlsUtilities.ReadUint24(bis);
/*
* Check if we have enough bytes in the buffer to read
* the full message.
*/
if (handshakeQueue.Available >= (len + 4))
{
/*
* Read the message.
*/
byte[] buf = new byte[len];
handshakeQueue.Read(buf, 0, len, 4);
handshakeQueue.RemoveData(len + 4);
/*
* If it is not a finished message, update our hashes
* we prepare for the finish message.
*/
if (type != HP_FINISHED)
{
rs.hash1.BlockUpdate(beginning, 0, 4);
rs.hash2.BlockUpdate(beginning, 0, 4);
rs.hash1.BlockUpdate(buf, 0, len);
rs.hash2.BlockUpdate(buf, 0, len);
}
/*
* Now, parse the message.
*/
MemoryStream inStr = new MemoryStream(buf, false);
/*
* Check the type.
*/
switch (type)
{
case HP_CERTIFICATE:
{
switch (connection_state)
{
case CS_SERVER_HELLO_RECEIVED:
{
/*
* Parse the certificates.
*/
Certificate cert = Certificate.Parse(inStr);
AssertEmpty(inStr);
X509CertificateStructure x509Cert = cert.certs[0];
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception)
{
this.FailWithError(AL_fatal, AP_unsupported_certificate);
}
// Sanity check the PublicKeyFactory
if (this.serverPublicKey.IsPrivate)
{
this.FailWithError(AL_fatal, AP_internal_error);
}
/*
* Perform various checks per RFC2246 7.4.2
* TODO "Unless otherwise specified, the signing algorithm for the certificate
* must be the same as the algorithm for the certificate key."
*/
switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
{
case TlsCipherSuite.KE_RSA:
if (!(this.serverPublicKey is RsaKeyParameters))
{
this.FailWithError(AL_fatal, AP_certificate_unknown);
}
validateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
break;
case TlsCipherSuite.KE_DHE_RSA:
if (!(this.serverPublicKey is RsaKeyParameters))
{
this.FailWithError(AL_fatal, AP_certificate_unknown);
}
validateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
break;
case TlsCipherSuite.KE_DHE_DSS:
if (!(this.serverPublicKey is DsaPublicKeyParameters))
{
this.FailWithError(AL_fatal, AP_certificate_unknown);
}
break;
default:
this.FailWithError(AL_fatal, AP_unsupported_certificate);
break;
}
/*
* Verify them.
*/
if (!this.verifyer.IsValid(cert.GetCerts()))
{
this.FailWithError(AL_fatal, AP_user_canceled);
}
break;
}
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
read = true;
break;
}
case HP_FINISHED:
switch (connection_state)
{
case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
/*
* Read the checksum from the finished message,
* it has always 12 bytes.
*/
byte[] receivedChecksum = new byte[12];
TlsUtilities.ReadFully(receivedChecksum, inStr);
AssertEmpty(inStr);
/*
* Calculate our own checksum.
*/
byte[] checksum = new byte[12];
byte[] md5andsha1 = new byte[16 + 20];
rs.hash2.DoFinal(md5andsha1, 0);
TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum);
/*
* Compare both checksums.
*/
for (int i = 0; i < receivedChecksum.Length; i++)
{
if (receivedChecksum[i] != checksum[i])
{
/*
* Wrong checksum in the finished message.
*/
this.FailWithError(AL_fatal, AP_handshake_failure);
}
}
connection_state = CS_DONE;
/*
* We are now ready to receive application data.
*/
this.appDataReady = true;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_SERVER_HELLO:
switch (connection_state)
{
case CS_CLIENT_HELLO_SEND:
/*
* Read the server hello message
*/
TlsUtilities.CheckVersion(inStr, this);
/*
* Read the server random
*/
this.serverRandom = new byte[32];
TlsUtilities.ReadFully(this.serverRandom, inStr);
/*
* Currently, we don't support session ids
*/
short sessionIdLength = TlsUtilities.ReadUint8(inStr);
byte[] sessionId = new byte[sessionIdLength];
TlsUtilities.ReadFully(sessionId, inStr);
/*
* Find out which ciphersuite the server has
* chosen. If we don't support this ciphersuite,
* the TlsCipherSuiteManager will throw an
* exception.
*/
this.chosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite(
TlsUtilities.ReadUint16(inStr), this);
/*
* We support only the null compression which
* means no compression.
*/
short compressionMethod = TlsUtilities.ReadUint8(inStr);
if (compressionMethod != 0)
{
this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
}
AssertEmpty(inStr);
connection_state = CS_SERVER_HELLO_RECEIVED;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_SERVER_HELLO_DONE:
switch (connection_state)
{
case CS_SERVER_CERTIFICATE_RECEIVED:
case CS_SERVER_KEY_EXCHANGE_RECEIVED:
case CS_CERTIFICATE_REQUEST_RECEIVED:
// NB: Original code used case label fall-through
if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
{
/*
* There was no server key exchange message, check
* that we are doing RSA key exchange.
*/
if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
{
this.FailWithError(AL_fatal, AP_unexpected_message);
}
}
AssertEmpty(inStr);
bool isCertReq = (connection_state == CS_CERTIFICATE_REQUEST_RECEIVED);
connection_state = CS_SERVER_HELLO_DONE_RECEIVED;
if (isCertReq)
{
sendClientCertificate();
}
/*
* Send the client key exchange message, depending
* on the key exchange we are using in our
* ciphersuite.
*/
switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
{
case TlsCipherSuite.KE_RSA:
{
/*
* We are doing RSA key exchange. We will
* choose a pre master secret and send it
* rsa encrypted to the server.
*
* Prepare pre master secret.
*/
pms = new byte[48];
pms[0] = 3;
pms[1] = 1;
random.NextBytes(pms, 2, 46);
/*
* Encode the pms and send it to the server.
*
* Prepare an Pkcs1Encoding with good random
* padding.
*/
RsaBlindedEngine rsa = new RsaBlindedEngine();
Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
encoding.Init(true, new ParametersWithRandom(this.serverPublicKey, this.random));
byte[] encrypted = null;
try
{
encrypted = encoding.ProcessBlock(pms, 0, pms.Length);
}
catch (InvalidCipherTextException)
{
/*
* This should never happen, only during decryption.
*/
this.FailWithError(AL_fatal, AP_internal_error);
}
/*
* Send the encrypted pms.
*/
sendClientKeyExchange(encrypted);
break;
}
case TlsCipherSuite.KE_DHE_DSS:
case TlsCipherSuite.KE_DHE_RSA:
{
/*
* Send the Client Key Exchange message for
* DHE key exchange.
*/
byte[] YcByte = BigIntegers.AsUnsignedByteArray(this.Yc);
sendClientKeyExchange(YcByte);
break;
}
default:
/*
* Problem during handshake, we don't know
* how to handle this key exchange method.
*/
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;
/*
* Now, we send change cipher state
*/
byte[] cmessage = new byte[1];
cmessage[0] = 1;
rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length);
connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;
/*
* Calculate the ms
*/
this.ms = new byte[48];
byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length];
Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length);
Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length);
TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms);
/*
* Initialize our cipher suite
*/
rs.writeSuite = this.chosenCipherSuite;
rs.writeSuite.Init(this.ms, clientRandom, serverRandom);
/*
* Send our finished message.
*/
byte[] checksum = new byte[12];
byte[] md5andsha1 = new byte[16 + 20];
rs.hash1.DoFinal(md5andsha1, 0);
TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum);
MemoryStream bos2 = new MemoryStream();
TlsUtilities.WriteUint8(HP_FINISHED, bos2);
TlsUtilities.WriteUint24(12, bos2);
bos2.Write(checksum, 0, checksum.Length);
byte[] message2 = bos2.ToArray();
rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length);
this.connection_state = CS_CLIENT_FINISHED_SEND;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_handshake_failure);
break;
}
break;
case HP_SERVER_KEY_EXCHANGE:
{
switch (connection_state)
{
case CS_SERVER_CERTIFICATE_RECEIVED:
{
/*
* Check that we are doing DHE key exchange
*/
switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
{
case TlsCipherSuite.KE_DHE_RSA:
{
processDHEKeyExchange(inStr, new TlsRsaSigner());
break;
}
case TlsCipherSuite.KE_DHE_DSS:
{
processDHEKeyExchange(inStr, new TlsDssSigner());
break;
}
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
}
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
read = true;
break;
}
case HP_CERTIFICATE_REQUEST:
switch (connection_state)
{
case CS_SERVER_CERTIFICATE_RECEIVED:
case CS_SERVER_KEY_EXCHANGE_RECEIVED:
{
// NB: Original code used case label fall-through
if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
{
/*
* There was no server key exchange message, check
* that we are doing RSA key exchange.
*/
if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
{
this.FailWithError(AL_fatal, AP_unexpected_message);
}
}
int typesLength = TlsUtilities.ReadUint8(inStr);
byte[] types = new byte[typesLength];
TlsUtilities.ReadFully(types, inStr);
int authsLength = TlsUtilities.ReadUint16(inStr);
byte[] auths = new byte[authsLength];
TlsUtilities.ReadFully(auths, inStr);
AssertEmpty(inStr);
break;
}
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
this.connection_state = CS_CERTIFICATE_REQUEST_RECEIVED;
read = true;
break;
case HP_HELLO_REQUEST:
case HP_CLIENT_KEY_EXCHANGE:
case HP_CERTIFICATE_VERIFY:
case HP_CLIENT_HELLO:
default:
// We do not support this!
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
}
}
}while (read);
}
public override void PerformTest()
{
RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
byte[] data = Hex.Decode(edgeInput);
//
// RAW
//
IAsymmetricBlockCipher eng = new RsaEngine();
eng.Init(true, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("RSA: failed - exception " + e.ToString());
}
eng.Init(false, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!edgeInput.Equals(Hex.ToHexString(data)))
{
Fail("failed RAW edge Test");
}
data = Hex.Decode(input);
eng.Init(true, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
eng.Init(false, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed RAW Test");
}
//
// PKCS1 - public encrypt, private decrypt
//
eng = new Pkcs1Encoding(eng);
eng.Init(true, pubParameters);
if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize())
{
Fail("PKCS1 output block size incorrect");
}
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
eng.Init(false, privParameters);
byte[] plainData = null;
try
{
plainData = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!input.Equals(Hex.ToHexString(plainData)))
{
Fail("failed PKCS1 public/private Test");
}
Pkcs1Encoding fEng = new Pkcs1Encoding(new RsaEngine(), input.Length / 2);
fEng.Init(false, new ParametersWithRandom(privParameters, new SecureRandom()));
try
{
plainData = fEng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(plainData)))
{
Fail("failed PKCS1 public/private fixed Test");
}
fEng = new Pkcs1Encoding(new RsaEngine(), input.Length);
fEng.Init(false, new ParametersWithRandom(privParameters, new SecureRandom()));
try
{
data = fEng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (input.Equals(Hex.ToHexString(data)))
{
Fail("failed to recognise incorrect plaint text length");
}
data = plainData;
//
// PKCS1 - private encrypt, public decrypt
//
eng = new Pkcs1Encoding(((Pkcs1Encoding)eng).GetUnderlyingCipher());
eng.Init(true, privParameters);
try
{
data = eng.ProcessBlock(plainData, 0, plainData.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
eng.Init(false, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed PKCS1 private/public Test");
}
testZeroBlock(pubParameters, privParameters);
testZeroBlock(privParameters, pubParameters);
//
// key generation test
//
RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
eng = new RsaEngine();
if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 768)
{
Fail("failed key generation (768) length test");
}
eng.Init(true, pair.Public);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
eng.Init(false, pair.Private);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed key generation (768) Test");
}
genParam = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x11), new SecureRandom(), 1024, 25);
pGen.Init(genParam);
pair = pGen.GenerateKeyPair();
eng.Init(true, pair.Public);
if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 1024)
{
Fail("failed key generation (1024) length test");
}
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
eng.Init(false, pair.Private);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString());
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed key generation (1024) test");
}
genParam = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x11), new SecureRandom(), 128, 25);
pGen.Init(genParam);
for (int i = 0; i < 100; ++i)
{
pair = pGen.GenerateKeyPair();
RsaPrivateCrtKeyParameters privKey = (RsaPrivateCrtKeyParameters)pair.Private;
BigInteger pqDiff = privKey.P.Subtract(privKey.Q).Abs();
if (pqDiff.BitLength < 42)
{
Fail("P and Q too close in RSA key pair");
}
}
doTestBadSig();
doTestOaep(pubParameters, privParameters);
doTestStrictPkcs1Length(pubParameters, privParameters);
doTestDudPkcs1Block(pubParameters, privParameters);
doTestMissingDataPkcs1Block(pubParameters, privParameters);
doTestTruncatedPkcs1Block(pubParameters, privParameters);
doTestWrongPaddingPkcs1Block(pubParameters, privParameters);
doTest_CVE_2017_15361();
try
{
new RsaEngine().ProcessBlock(new byte[] { 1 }, 0, 1);
Fail("failed initialisation check");
}
catch (InvalidOperationException)
{
// expected
}
}
public override void PerformTest()
{
RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
byte[] data = Hex.Decode(edgeInput);
//
// RAW
//
IAsymmetricBlockCipher eng = new RsaBlindedEngine();
eng.Init(true, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("RSA: failed - exception " + e.ToString(), e);
}
eng.Init(false, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!edgeInput.Equals(Hex.ToHexString(data)))
{
Fail("failed RAW edge Test");
}
data = Hex.Decode(input);
eng.Init(true, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
eng.Init(false, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed RAW Test");
}
//
// PKCS1 - public encrypt, private decrypt
//
eng = new Pkcs1Encoding(eng);
eng.Init(true, pubParameters);
if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize())
{
Fail("PKCS1 output block size incorrect");
}
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
eng.Init(false, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed PKCS1 public/private Test");
}
//
// PKCS1 - private encrypt, public decrypt
//
eng = new Pkcs1Encoding(((Pkcs1Encoding)eng).GetUnderlyingCipher());
eng.Init(true, privParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
eng.Init(false, pubParameters);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed PKCS1 private/public Test");
}
//
// key generation test
//
RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
eng = new RsaBlindedEngine();
if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 768)
{
Fail("failed key generation (768) length test");
}
eng.Init(true, pair.Public);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
eng.Init(false, pair.Private);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed key generation (768) Test");
}
genParam = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x11), new SecureRandom(), 1024, 25);
pGen.Init(genParam);
pair = pGen.GenerateKeyPair();
eng.Init(true, pair.Public);
if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 1024)
{
Fail("failed key generation (1024) length test");
}
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
eng.Init(false, pair.Private);
try
{
data = eng.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("failed - exception " + e.ToString(), e);
}
if (!input.Equals(Hex.ToHexString(data)))
{
Fail("failed key generation (1024) test");
}
doTestOaep(pubParameters, privParameters);
doTestStrictPkcs1Length(pubParameters, privParameters);
doTestDudPkcs1Block(pubParameters, privParameters);
doTestMissingDataPkcs1Block(pubParameters, privParameters);
doTestTruncatedPkcs1Block(pubParameters, privParameters);
doTestWrongPaddingPkcs1Block(pubParameters, privParameters);
try
{
new RsaBlindedEngine().ProcessBlock(new byte[] { 1 }, 0, 1);
Fail("failed initialisation check");
}
catch (InvalidOperationException)
{
// expected
}
}
private void processHandshake()
{
bool read;
do
{
read = false;
/*
* We need the first 4 bytes, they contain type and length of
* the message.
*/
if (handshakeQueue.Available >= 4)
{
byte[] beginning = new byte[4];
handshakeQueue.Read(beginning, 0, 4, 0);
MemoryStream bis = new MemoryStream(beginning, false);
short type = TlsUtilities.ReadUint8(bis);
int len = TlsUtilities.ReadUint24(bis);
/*
* Check if we have enough bytes in the buffer to read
* the full message.
*/
if (handshakeQueue.Available >= (len + 4))
{
/*
* Read the message.
*/
byte[] buf = new byte[len];
handshakeQueue.Read(buf, 0, len, 4);
handshakeQueue.RemoveData(len + 4);
/*
* If it is not a finished message, update our hashes
* we prepare for the finish message.
*/
if (type != HP_FINISHED)
{
rs.hash1.BlockUpdate(beginning, 0, 4);
rs.hash2.BlockUpdate(beginning, 0, 4);
rs.hash1.BlockUpdate(buf, 0, len);
rs.hash2.BlockUpdate(buf, 0, len);
}
/*
* Now, parse the message.
*/
MemoryStream inStr = new MemoryStream(buf, false);
/*
* Check the type.
*/
switch (type)
{
case HP_CERTIFICATE:
switch (connection_state)
{
case CS_SERVER_HELLO_RECEIVED:
/*
* Parse the certificates.
*/
Certificate cert = Certificate.Parse(inStr);
AssertEmpty(inStr);
/*
* Verify them.
*/
if (!this.verifyer.IsValid(cert.GetCerts()))
{
this.FailWithError(AL_fatal, AP_user_canceled);
}
/*
* We only support RSA certificates. Lets hope
* this is one.
*/
RsaPublicKeyStructure rsaKey = null;
try
{
rsaKey = RsaPublicKeyStructure.GetInstance(
cert.certs[0].TbsCertificate.SubjectPublicKeyInfo.GetPublicKey());
}
catch (Exception)
{
/*
* Sorry, we have to fail ;-(
*/
this.FailWithError(AL_fatal, AP_unsupported_certificate);
}
/*
* Parse the servers public RSA key.
*/
this.serverRsaKey = new RsaKeyParameters(
false,
rsaKey.Modulus,
rsaKey.PublicExponent);
connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_FINISHED:
switch (connection_state)
{
case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
/*
* Read the checksum from the finished message,
* it has always 12 bytes.
*/
byte[] receivedChecksum = new byte[12];
TlsUtilities.ReadFully(receivedChecksum, inStr);
AssertEmpty(inStr);
/*
* Calculate our owne checksum.
*/
byte[] checksum = new byte[12];
byte[] md5andsha1 = new byte[16 + 20];
rs.hash2.DoFinal(md5andsha1, 0);
TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum);
/*
* Compare both checksums.
*/
for (int i = 0; i < receivedChecksum.Length; i++)
{
if (receivedChecksum[i] != checksum[i])
{
/*
* Wrong checksum in the finished message.
*/
this.FailWithError(AL_fatal, AP_handshake_failure);
}
}
connection_state = CS_DONE;
/*
* We are now ready to receive application data.
*/
this.appDataReady = true;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_SERVER_HELLO:
switch (connection_state)
{
case CS_CLIENT_HELLO_SEND:
/*
* Read the server hello message
*/
TlsUtilities.CheckVersion(inStr, this);
/*
* Read the server random
*/
this.serverRandom = new byte[32];
TlsUtilities.ReadFully(this.serverRandom, inStr);
/*
* Currenty, we don't support session ids
*/
short sessionIdLength = TlsUtilities.ReadUint8(inStr);
byte[] sessionId = new byte[sessionIdLength];
TlsUtilities.ReadFully(sessionId, inStr);
/*
* Find out which ciphersuite the server has
* choosen. If we don't support this ciphersuite,
* the TlsCipherSuiteManager will throw an
* exception.
*/
this.choosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite(
TlsUtilities.ReadUint16(inStr), this);
/*
* We support only the null compression which
* means no compression.
*/
short compressionMethod = TlsUtilities.ReadUint8(inStr);
if (compressionMethod != 0)
{
this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
}
AssertEmpty(inStr);
connection_state = CS_SERVER_HELLO_RECEIVED;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_SERVER_HELLO_DONE:
switch (connection_state)
{
case CS_SERVER_CERTIFICATE_RECEIVED:
case CS_SERVER_KEY_EXCHANGE_RECEIVED:
// NB: Original code used case label fall-through
if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
{
/*
* There was no server key exchange message, check
* that we are doing RSA key exchange.
*/
if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
{
this.FailWithError(AL_fatal, AP_unexpected_message);
}
}
AssertEmpty(inStr);
connection_state = CS_SERVER_HELLO_DONE_RECEIVED;
/*
* Send the client key exchange message, depending
* on the key exchange we are using in our
* ciphersuite.
*/
short ke = this.choosenCipherSuite.KeyExchangeAlgorithm;
switch (ke)
{
case TlsCipherSuite.KE_RSA:
/*
* We are doing RSA key exchange. We will
* choose a pre master secret and send it
* rsa encrypted to the server.
*
* Prepare pre master secret.
*/
pms = new byte[48];
pms[0] = 3;
pms[1] = 1;
random.NextBytes(pms, 2, 46);
/*
* Encode the pms and send it to the server.
*
* Prepare an Pkcs1Encoding with good random
* padding.
*/
RsaBlindedEngine rsa = new RsaBlindedEngine();
Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
encoding.Init(true, new ParametersWithRandom(this.serverRsaKey, this.random));
byte[] encrypted = null;
try
{
encrypted = encoding.ProcessBlock(pms, 0, pms.Length);
}
catch (InvalidCipherTextException)
{
/*
* This should never happen, only during decryption.
*/
this.FailWithError(AL_fatal, AP_internal_error);
}
/*
* Send the encrypted pms.
*/
MemoryStream bos = new MemoryStream();
TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, bos);
TlsUtilities.WriteUint24(encrypted.Length + 2, bos);
TlsUtilities.WriteUint16(encrypted.Length, bos);
bos.Write(encrypted, 0, encrypted.Length);
byte[] message = bos.ToArray();
rs.WriteMessage((short)RL_HANDSHAKE, message, 0, message.Length);
break;
case TlsCipherSuite.KE_DHE_RSA:
/*
* Send the Client Key Exchange message for
* DHE key exchange.
*/
byte[] YcByte = this.Yc.ToByteArray();
MemoryStream DHbos = new MemoryStream();
TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, DHbos);
TlsUtilities.WriteUint24(YcByte.Length + 2, DHbos);
TlsUtilities.WriteUint16(YcByte.Length, DHbos);
DHbos.Write(YcByte, 0, YcByte.Length);
byte[] DHmessage = DHbos.ToArray();
rs.WriteMessage((short)RL_HANDSHAKE, DHmessage, 0, DHmessage.Length);
break;
default:
/*
* Proble during handshake, we don't know
* how to thandle this key exchange method.
*/
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;
/*
* Now, we send change cipher state
*/
byte[] cmessage = new byte[1];
cmessage[0] = 1;
rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length);
connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;
/*
* Calculate the ms
*/
this.ms = new byte[48];
byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length];
Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length);
Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length);
TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms);
/*
* Initialize our cipher suite
*/
rs.writeSuite = this.choosenCipherSuite;
rs.writeSuite.Init(this.ms, clientRandom, serverRandom);
/*
* Send our finished message.
*/
byte[] checksum = new byte[12];
byte[] md5andsha1 = new byte[16 + 20];
rs.hash1.DoFinal(md5andsha1, 0);
TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum);
MemoryStream bos2 = new MemoryStream();
TlsUtilities.WriteUint8(HP_FINISHED, bos2);
TlsUtilities.WriteUint24(12, bos2);
bos2.Write(checksum, 0, checksum.Length);
byte[] message2 = bos2.ToArray();
rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length);
this.connection_state = CS_CLIENT_FINISHED_SEND;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_handshake_failure);
break;
}
break;
case HP_SERVER_KEY_EXCHANGE:
switch (connection_state)
{
case CS_SERVER_CERTIFICATE_RECEIVED:
/*
* Check that we are doing DHE key exchange
*/
if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_DHE_RSA)
{
this.FailWithError(AL_fatal, AP_unexpected_message);
}
/*
* Parse the Structure
*/
int pLength = TlsUtilities.ReadUint16(inStr);
byte[] pByte = new byte[pLength];
TlsUtilities.ReadFully(pByte, inStr);
int gLength = TlsUtilities.ReadUint16(inStr);
byte[] gByte = new byte[gLength];
TlsUtilities.ReadFully(gByte, inStr);
int YsLength = TlsUtilities.ReadUint16(inStr);
byte[] YsByte = new byte[YsLength];
TlsUtilities.ReadFully(YsByte, inStr);
int sigLength = TlsUtilities.ReadUint16(inStr);
byte[] sigByte = new byte[sigLength];
TlsUtilities.ReadFully(sigByte, inStr);
this.AssertEmpty(inStr);
/*
* Verify the Signature.
*
* First, calculate the hash.
*/
CombinedHash sigDigest = new CombinedHash();
MemoryStream signedData = new MemoryStream();
TlsUtilities.WriteUint16(pLength, signedData);
signedData.Write(pByte, 0, pByte.Length);
TlsUtilities.WriteUint16(gLength, signedData);
signedData.Write(gByte, 0, gByte.Length);
TlsUtilities.WriteUint16(YsLength, signedData);
signedData.Write(YsByte, 0, YsByte.Length);
byte[] signed = signedData.ToArray();
sigDigest.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
sigDigest.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);
sigDigest.BlockUpdate(signed, 0, signed.Length);
byte[] hash = new byte[sigDigest.GetDigestSize()];
sigDigest.DoFinal(hash, 0);
/*
* Now, do the RSA operation
*/
RsaBlindedEngine rsa = new RsaBlindedEngine();
Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
encoding.Init(false, this.serverRsaKey);
/*
* The data which was signed
*/
byte[] sigHash = null;
try
{
sigHash = encoding.ProcessBlock(sigByte, 0, sigByte.Length);
}
catch (InvalidCipherTextException)
{
this.FailWithError(AL_fatal, AP_bad_certificate);
}
/*
* Check if the data which was signed is equal to
* the hash we calculated.
*/
if (sigHash.Length != hash.Length)
{
this.FailWithError(AL_fatal, AP_bad_certificate);
}
for (int i = 0; i < sigHash.Length; i++)
{
if (sigHash[i] != hash[i])
{
this.FailWithError(AL_fatal, AP_bad_certificate);
}
}
/*
* OK, Signature was correct.
*
* Do the DH calculation.
*/
BigInteger p = new BigInteger(1, pByte);
BigInteger g = new BigInteger(1, gByte);
BigInteger Ys = new BigInteger(1, YsByte);
BigInteger x = new BigInteger(p.BitLength - 1, this.random);
Yc = g.ModPow(x, p);
this.pms = (Ys.ModPow(x, p)).ToByteArray();
/*
* Remove leading zero byte, if present.
*/
if (this.pms[0] == 0)
{
byte[] tmp = new byte[this.pms.Length - 1];
Array.Copy(this.pms, 1, tmp, 0, tmp.Length);
this.pms = tmp;
}
this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
read = true;
break;
default:
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
break;
case HP_HELLO_REQUEST:
case HP_CLIENT_KEY_EXCHANGE:
case HP_CERTIFICATE_REQUEST:
case HP_CERTIFICATE_VERIFY:
case HP_CLIENT_HELLO:
default:
// We do not support this!
this.FailWithError(AL_fatal, AP_unexpected_message);
break;
}
}
}
}while (read);
}
private void doTestStrictPkcs1Length(RsaKeyParameters pubParameters, RsaKeyParameters privParameters)
{
IAsymmetricBlockCipher eng = new RsaEngine();
eng.Init(true, privParameters);
byte[] data = null;
byte[] overSized = null;
try
{
overSized = data = eng.ProcessBlock(oversizedSig, 0, oversizedSig.Length);
}
catch (Exception e)
{
Fail("RSA: failed - exception " + e.ToString(), e);
}
eng = new Pkcs1Encoding(eng);
eng.Init(false, pubParameters);
try
{
data = eng.ProcessBlock(overSized, 0, overSized.Length);
Fail("oversized signature block not recognised");
}
catch (InvalidCipherTextException e)
{
if (!e.Message.Equals("block incorrect size"))
{
Fail("RSA: failed - exception " + e.ToString(), e);
}
}
eng = new Pkcs1Encoding(new RsaEngine(), Hex.Decode("feedbeeffeedbeeffeedbeef"));
eng.Init(false, new ParametersWithRandom(privParameters, new SecureRandom()));
try
{
data = eng.ProcessBlock(overSized, 0, overSized.Length);
IsTrue("not fallback", Arrays.AreEqual(Hex.Decode("feedbeeffeedbeeffeedbeef"), data));
}
catch (InvalidCipherTextException e)
{
Fail("RSA: failed - exception " + e.ToString(), e);
}
// Create the encoding with StrictLengthEnabled=false (done thru environment in Java version)
Pkcs1Encoding.StrictLengthEnabled = false;
eng = new Pkcs1Encoding(new RsaEngine());
eng.Init(false, pubParameters);
try
{
data = eng.ProcessBlock(overSized, 0, overSized.Length);
}
catch (InvalidCipherTextException e)
{
Fail("RSA: failed - exception " + e.ToString(), e);
}
Pkcs1Encoding.StrictLengthEnabled = true;
}
public void DoLogin(SteamWeb web, LoginCallback callback)
{
var postData = new Dictionary <string, string>();
CookieContainer cookies = this._cookies;
WebCallback hasCookies = (res, code) =>
{
postData.Add("username", this.Username);
web.MobileLoginRequest(ApiEndpoints.COMMUNITY_BASE + "/login/getrsakey", "POST", postData, cookies, (rsaRawResponse, rsaCode) =>
{
if (rsaRawResponse == null || rsaCode != HttpStatusCode.OK || rsaRawResponse.Contains("<BODY>\nAn error occurred while processing your request."))
{
callback(LoginResult.GeneralFailure);
return;
}
var rsaResponse = JsonConvert.DeserializeObject <RSAResponse>(rsaRawResponse);
if (!rsaResponse.Success)
{
callback(LoginResult.BadRsa);
return;
}
var mod = new BigInteger(rsaResponse.Modulus, 16);
var exp = new BigInteger(rsaResponse.Exponent, 16);
var encryptEngine = new Pkcs1Encoding(new RsaEngine());
var rsaParams = new RsaKeyParameters(false, mod, exp);
encryptEngine.Init(true, rsaParams);
byte[] passwordArr = Encoding.UTF8.GetBytes(this.Password);
string encryptedPassword = Convert.ToBase64String(encryptEngine.ProcessBlock(passwordArr, 0, passwordArr.Length));
postData.Clear();
postData.Add("username", this.Username);
postData.Add("password", encryptedPassword);
postData.Add("twofactorcode", this.TwoFactorCode ?? "");
postData.Add("captchagid", this.RequiresCaptcha ? this.CaptchaGID : "-1");
postData.Add("captcha_text", this.RequiresCaptcha ? this.CaptchaText : "");
postData.Add("emailsteamid", this.Requires2FA || this.RequiresEmail ? this.SteamID.ToString() : "");
postData.Add("emailauth", this.RequiresEmail ? this.EmailCode : "");
postData.Add("rsatimestamp", rsaResponse.Timestamp);
postData.Add("remember_login", "false");
postData.Add("oauth_client_id", "DE45CD61");
postData.Add("oauth_scope", "read_profile write_profile read_client write_client");
postData.Add("loginfriendlyname", "#login_emailauth_friendlyname_mobile");
postData.Add("donotcache", Util.GetSystemUnixTime().ToString());
web.MobileLoginRequest(ApiEndpoints.COMMUNITY_BASE + "/login/dologin", "POST", postData, cookies, (rawLoginResponse, loginCode) =>
{
LoginResponse loginResponse = null;
if (rawLoginResponse != null && loginCode == HttpStatusCode.OK)
{
loginResponse = JsonConvert.DeserializeObject <LoginResponse>(rawLoginResponse);
}
if (loginResponse == null)
{
callback(LoginResult.GeneralFailure);
return;
}
if (loginResponse.Message != null && loginResponse.Message.Contains("Incorrect login"))
{
callback(LoginResult.BadCredentials);
return;
}
if (loginResponse.CaptchaNeeded)
{
this.RequiresCaptcha = true;
this.CaptchaGID = loginResponse.CaptchaGid;
callback(LoginResult.NeedCaptcha);
return;
}
if (loginResponse.EmailAuthNeeded)
{
this.RequiresEmail = true;
this.SteamID = loginResponse.EmailSteamId;
callback(LoginResult.NeedEmail);
return;
}
if (loginResponse.TwoFactorNeeded && !loginResponse.Success)
{
this.Requires2FA = true;
callback(LoginResult.Need2Fa);
return;
}
if (loginResponse.Message != null && loginResponse.Message.Contains("too many login failures"))
{
callback(LoginResult.TooManyFailedLogins);
return;
}
if (string.IsNullOrEmpty(loginResponse.OAuthData?.OAuthToken))
{
callback(LoginResult.GeneralFailure);
return;
}
if (!loginResponse.LoginComplete)
{
callback(LoginResult.BadCredentials);
return;
}
CookieCollection readableCookies = cookies.GetCookies(new Uri("https://steamcommunity.com"));
OAuth oAuthData = loginResponse.OAuthData;
this.Session = new SessionData
{
OAuthToken = oAuthData.OAuthToken,
SteamID = oAuthData.SteamId,
SteamLogin = oAuthData.SteamId + "%7C%7C" + oAuthData.SteamLogin,
SteamLoginSecure = oAuthData.SteamId + "%7C%7C" + oAuthData.SteamLoginSecure,
WebCookie = oAuthData.Webcookie,
SessionID = readableCookies["sessionid"].Value,
Username = this.Username
};
this.LoggedIn = true;
callback(LoginResult.LoginOkay);
});
});
};
if (cookies.Count == 0)
{
//Generate a SessionID
const string url = "https://steamcommunity.com/login?oauth_client_id=DE45CD61&oauth_scope=read_profile%20write_profile%20read_client%20write_client";
cookies.Add(SteamWeb.uri, new Cookie("mobileClientVersion", "0 (2.1.3)", "/"));
cookies.Add(SteamWeb.uri, new Cookie("mobileClient", "android", "/"));
cookies.Add(SteamWeb.uri, new Cookie("Steam_Language", "english", "/"));
var headers = new WebHeaderCollection
{
["X-Requested-With"] = "com.valvesoftware.android.steam.community"
};
web.MobileLoginRequest(url, "GET", null, cookies, headers, hasCookies);
}
else
{
hasCookies("", HttpStatusCode.OK);
}
}
internal string Encrypt(string plainText, string encryptionKey, bool isPrivate)
{
RsaKeyParameters key;
byte[] data = null;
List <byte> output = new List <byte>();
string result = null;
try
{
if (isPrivate)
{
key = RsaPrivateStringToRsaKey(encryptionKey);
}
else
{
key = RsaPublicStringToRsaKey(encryptionKey);
}
data = StringToByteArray(plainText);
IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher();
e.Init(true, key);
int blockSize = e.GetInputBlockSize();
if (data != null)
{
for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize)
{
int chunkSize;
if (data.Length <= blockSize)
{
chunkSize = data.Length; // If we have less data then the blockSize, do it all
}
else if ((chunkPosition + blockSize) > data.Length) // Do we have any remainder data
{
chunkSize = data.Length - chunkPosition;
}
else
{
chunkSize = blockSize; // Normal process, chunk to blockSize
}
// No more blocks to process
if (chunkSize <= 0)
{
break;
}
output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize));
}
result = Encoding.ASCII.GetString(Hex.Encode(output.ToArray()));
}
}
catch (Exception)
{
}
return(result);
}
internal string Decrypt(string cryptText, string encryptionKey, bool isPrivate)
{
RsaKeyParameters key;
byte[] data = null;
List <byte> output = new List <byte>();
string result = null;
try
{
if (isPrivate)
{
key = RsaPrivateStringToRsaKey(encryptionKey);
}
else
{
key = RsaPublicStringToRsaKey(encryptionKey);
}
data = Hex.Decode(cryptText);
IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher();
e.Init(false, key);
int blockSize = e.GetInputBlockSize();
if (data != null)
{
for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize)
{
int chunkSize;
if (data.Length <= blockSize)
{
chunkSize = data.Length;
}
else if ((chunkPosition + blockSize) > data.Length)
{
chunkSize = data.Length - chunkPosition;
}
else
{
chunkSize = blockSize;
}
if (chunkSize <= 0)
{
break;
}
output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize));
}
result = ByteArrayToString(output.ToArray());
}
}
catch (Exception ex)
{
Debug.Write(ex.ToString());
}
return(result);
}
private void BSend_Click(object sender, EventArgs e)
{
if (TBTopic.Text == "" || TBMessageS.Text == "" || CBRecNames.Text == "")
{
MessageBox.Show("Odbiorca, temat wiadomości i jej treść nie mogą być puste!", "Błąd!!");
}
else
{
//Get recipient ID from Combobox
int recipientID = (int)CBRecNames.SelectedValue;
Certificate recipientCert = GetEmployeeCertificate(recipientID);
if (recipientCert != null)//If recipient has valid certificate...
{
if (recipientCert.cert != "")
{
Certificate myCert = GetEmployeeCertificate(infoAboutMe.id);
if (myCert != null)
{
if (myCert.cert != "") //If I have certificate
{
var reader = new StringReader(myCert.cert);
//Parsed certificate
var parsedCert = (Org.BouncyCastle.X509.X509Certificate) new PemReader(reader).ReadObject();
//Encryption
var encryptEngine = new Pkcs1Encoding(new RsaEngine());
encryptEngine.Init(true, parsedCert.GetPublicKey());
int inBlockSize = encryptEngine.GetInputBlockSize();
//int outputBlockSize = encryptEngine.GetOutputBlockSize();
List <byte> topicOutBytes = new List <byte>();
List <byte> messageOutBytes = new List <byte>();
int chunkSize = 0;
//Encrypt topic with your public key
byte[] topic = Encoding.UTF8.GetBytes(TBTopic.Text);
for (int i = 0; i < topic.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, topic.Length - ((i / inBlockSize) * inBlockSize));
topicOutBytes.AddRange(encryptEngine.ProcessBlock(topic, i, chunkSize));
}
string encTopic = Convert.ToBase64String(topicOutBytes.ToArray());
//Encrypt message with your public key
byte[] message = Encoding.UTF8.GetBytes(TBMessageS.Text);
for (int i = 0; i < message.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, message.Length - ((i / inBlockSize) * inBlockSize));
messageOutBytes.AddRange(encryptEngine.ProcessBlock(message, i, chunkSize));
}
string encMessage = Convert.ToBase64String(messageOutBytes.ToArray());
//Get time
string timeNow = DateTime.Now.ToString();
var request = new RestRequest("api/message/", Method.POST);
request.AddHeader("Authorization", "Token " + Program.token);
request.AddParameter("certificate_id", myCert.id);
request.AddParameter("sender_id", infoAboutMe.id);
request.AddParameter("recipient_id", recipientID);
request.AddParameter("enc_topic", encTopic);
request.AddParameter("enc_message", encMessage);
request.AddParameter("send_date", timeNow);
request.AddParameter("copy", true);
IRestResponse <Message> response = Program.client.Execute <Message>(request);
if (response.StatusCode != System.Net.HttpStatusCode.Created)
{
MessageBox.Show("Błąd wewnętrzny aplikacji, skontaktuj się z administratorem", "Błąd!");
return;
}
var reader2 = new StringReader(recipientCert.cert);
//Parsed certificate
var parsedCert2 = (Org.BouncyCastle.X509.X509Certificate) new PemReader(reader2).ReadObject();
//Encryption
var encryptEngine2 = new Pkcs1Encoding(new RsaEngine());
encryptEngine2.Init(true, parsedCert2.GetPublicKey());
//int outputBlockSize = encryptEngine.GetOutputBlockSize();
topicOutBytes.Clear();
messageOutBytes.Clear();
chunkSize = 0;
//Encrypt topic with your public key
topic = Encoding.UTF8.GetBytes(TBTopic.Text);
for (int i = 0; i < topic.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, topic.Length - ((i / inBlockSize) * inBlockSize));
topicOutBytes.AddRange(encryptEngine2.ProcessBlock(topic, i, chunkSize));
}
encTopic = Convert.ToBase64String(topicOutBytes.ToArray());
//Encrypt message with your public key
message = Encoding.UTF8.GetBytes(TBMessageS.Text);
for (int i = 0; i < message.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, message.Length - ((i / inBlockSize) * inBlockSize));
messageOutBytes.AddRange(encryptEngine2.ProcessBlock(message, i, chunkSize));
}
encMessage = Convert.ToBase64String(messageOutBytes.ToArray());
var request1 = new RestRequest("api/message/", Method.POST);
request1.AddHeader("Authorization", "Token " + Program.token);
request1.AddParameter("certificate_id", recipientCert.id);
request1.AddParameter("sender_id", infoAboutMe.id);
request1.AddParameter("recipient_id", recipientID);
request1.AddParameter("enc_topic", encTopic);
request1.AddParameter("enc_message", encMessage);
request1.AddParameter("send_date", timeNow);
request1.AddParameter("copy", false);
var response1 = Program.client.Execute(request1);
if (response1.StatusCode == System.Net.HttpStatusCode.Created)
{
DataGridViewRow dgvRow = new DataGridViewRow();
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = response.Data.id
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = employeeMail[recipientID]
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = TBTopic.Text
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = (DateTime.Parse(timeNow)).ToString("dd-MM-yy HH:mm:ss")
});
outbox.Add(response.Data.id, TBMessageS.Text);
DGVOutBox.Rows.Add(dgvRow);
MessageBox.Show("Wiadomość wysłano", "Sukces!");
TBTopic.Text = "";
TBMessageS.Text = "";
}
else
{
MessageBox.Show("Błąd wewnętrzny aplikacji, skontaktuj się z administratorem", "Błąd!");
}
}
else //If I have empty certificate...
{
MessageBox.Show("Nie możesz wysłać wiadomości - nie masz ważnego certyfikatu", "Uwaga!");
}
}
else //If I don't have valid certificate...
{
MessageBox.Show("Nie możesz wysłać wiadomości - nie masz ważnego certyfikatu", "Uwaga!");
}
}
else //If recipient has empty certificate...
{
MessageBox.Show("Nie możesz wysłać wiadomości - odbiorca nie ma ważnego certyfikatu", "Uwaga!");
}
}
else //If recipient doesn't have valid certificate...
{
MessageBox.Show("Nie możesz wysłać wiadomości - odbiorca nie ma ważnego certyfikatu", "Uwaga!");
}
}
}
private void BInBox_Click(object sender, EventArgs e)
{
focusedButton = 1;
panel2.Enabled = true;
//highlight font in the clicked button
BNewMessage.ForeColor = Color.Gray;
BInBox.ForeColor = Color.Black;
BOutBox.ForeColor = Color.Gray;
BApplyForTheCertificate.ForeColor = Color.Gray;
BRevokeTheCertificate.ForeColor = Color.Gray;
BChangePassword.ForeColor = Color.Gray;
BChangePassword.ForeColor = Color.Gray;
POutBox.Visible = false;
DGVOutBox.Visible = false;
TBMessageR.Visible = true;
PInBox.Visible = true;
PSendMessage.Visible = false;
TBMessageS.Visible = false;
DGVInBox.Visible = true;
int newestMsgID;
if (inbox.Count != 0)
{
//Check if something new in inbox
newestMsgID = inbox.Keys.Max();
}
else
{
newestMsgID = 0;
}
var request = new RestRequest("api/refresh_inbox/", Method.POST);
request.AddHeader("Authorization", "Token " + Program.token);
request.AddParameter("id", newestMsgID);
IRestResponse <List <Message> > response = Program.client.Execute <List <Message> >(request);
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
foreach (Message item in response.Data)
{
var reader = new StringReader(myPrivateKeys[item.certificate_id].privatekey);
//Parsed private key
AsymmetricKeyParameter parsedPrivateKey = (AsymmetricKeyParameter) new PemReader(reader).ReadObject();
RSACryptoServiceProvider rsaPrivate = new RSACryptoServiceProvider(1024);
var messageToDecrypt = Convert.FromBase64String(item.enc_message);
var topicToDecrypt = Convert.FromBase64String(item.enc_topic);
var decryptEngine = new Pkcs1Encoding(new RsaEngine());
decryptEngine.Init(false, parsedPrivateKey);
int inBlockSize = decryptEngine.GetInputBlockSize();
List <byte> topicOutBytes = new List <byte>();
List <byte> messageOutBytes = new List <byte>();
int chunkSize = 0;
//Decrypt topic with your public key
for (int i = 0; i < topicToDecrypt.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, topicToDecrypt.Length - ((i / inBlockSize) * inBlockSize));
topicOutBytes.AddRange(decryptEngine.ProcessBlock(topicToDecrypt, i, chunkSize));
}
string decTopic = Encoding.UTF8.GetString(topicOutBytes.ToArray());
//Decrypt message with your public key
for (int i = 0; i < messageToDecrypt.Length; i += inBlockSize)
{
chunkSize = Math.Min(inBlockSize, messageToDecrypt.Length - ((i / inBlockSize) * inBlockSize));
messageOutBytes.AddRange(decryptEngine.ProcessBlock(messageToDecrypt, i, chunkSize));
}
string decMessage = Encoding.UTF8.GetString(messageOutBytes.ToArray());
DataGridViewRow dgvRow = new DataGridViewRow();
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = item.id
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = employeeMail[item.sender_id]
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = decTopic
});
dgvRow.Cells.Add(new DataGridViewTextBoxCell {
Value = (DateTime.Parse(item.send_date)).ToString("dd-MM-yy HH:mm:ss")
});
inbox.Add(item.id, decMessage);
DGVInBox.Rows.Add(dgvRow);
}
}
else
{
//User won't see more messages in session
}
SearchInDGV(null, null);
//TBMessageR.Text = "";
//OutboxSelectionChanged(this.DGVMessagesS, null);
}