public static string Format(byte[] bytes)
{
SecurityAssert.NotNull(bytes);
SecurityAssert.Assert(bytes.Length > 0);
var oid = new StringBuilder();
var firstOctet = bytes[0];
var index = 1;
oid.AppendFormat("{0}.{1}", firstOctet / 40, firstOctet % 40);
while (index < bytes.Length)
{
var value = new BigInteger();
while (true)
{
var b = bytes[index++];
if ((b & 0x80) == 0)
{
value = value << 7 | b;
break;
}
SecurityAssert.Assert(index < bytes.Length);
value = value << 7 | (b & 0x7F);
}
oid.AppendFormat(".{0}", value);
}
return(oid.ToString());
}
public CertificateMessage(IReadOnlyCollection <X509Certificate> certificates)
: base(HandshakeType.Certificate)
{
SecurityAssert.NotNull(certificates);
SecurityAssert.Assert(certificates.Count <= 0xFFFFFF);
Certificates = certificates;
}
public AlertMessage(AlertLevel level, AlertDescription description)
{
SecurityAssert.Assert(level.IsAllowed(description));
Level = level;
Description = description;
}
public Record Read(RecordType type, TLSVersion version, ushort length)
{
var cipher = GetCipher();
cipher.Init(GetParameters(ConnectionDirection.Read));
var payload = _connection.Reader.ReadBytes(length);
var plaintext = new byte[payload.Length];
cipher.Decrypt(payload, 0, plaintext, 0, payload.Length);
var macAlgo = GetMAC(ConnectionDirection.Read);
var macLength = macAlgo.HashSize / 8;
var contentLength = plaintext.Length - macLength;
SecurityAssert.Assert(contentLength >= 0);
var mac = new byte[macLength];
Array.Copy(plaintext, contentLength, mac, 0, macLength);
var content = new byte[contentLength];
Array.Copy(plaintext, 0, content, 0, content.Length);
var seqNum = _sequenceConfig.GetThenIncrement(ConnectionDirection.Read);
var computedMac = ComputeMAC(macAlgo, seqNum, type, version, content);
SecurityAssert.AssertHash(mac, computedMac);
return(new Record(type, version, content));
}
public void AssertHash_WhenEqual_ShouldDoNothing()
{
var a = new byte[] { 0, 1, 2, 3 };
var b = new byte[] { 0, 1, 2, 3 };
SecurityAssert.AssertHash(a, b);
}
public RC4KeyParameter(byte[] key, int offset, int length)
{
SecurityAssert.AssertBuffer(key, offset, length);
Key = new byte[length];
Array.Copy(key, offset, Key, 0, length);
}
public void Decrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
{
SecurityAssert.AssertBuffer(input, inputOffset, length);
SecurityAssert.AssertBuffer(output, outputOffset, length);
Array.Copy(input, inputOffset, output, outputOffset, length);
}
public void Decrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
{
SecurityAssert.AssertBuffer(input, inputOffset, length);
SecurityAssert.NotNull(PrivateKey);
var k = PrivateKey !.Modulus.GetByteLength();
SecurityAssert.Assert(k >= 11);
SecurityAssert.Assert(length == k);
var c = OS2IP(input, inputOffset, length);
var m = DecryptPrimative(c, PrivateKey !);
var em = I2OSP(m, k);
SecurityAssert.Assert(em[0] == 0 && em[1] == 2);
var mIdx = 2;
while (mIdx < k && em[mIdx] != 0)
{
mIdx++;
}
SecurityAssert.Assert(mIdx - 2 > 8);
// advance past zero
mIdx++;
SecurityAssert.AssertBuffer(output, outputOffset, k - mIdx);
Array.Copy(em, mIdx, output, outputOffset, k - mIdx);
}
public void EncryptBlock(byte[] input, int inputOffset, byte[] output, int outputOffset)
{
SecurityAssert.Assert(_keyInitialised);
SecurityAssert.AssertBuffer(input, inputOffset, BlockLength);
SecurityAssert.AssertBuffer(output, outputOffset, BlockLength);
var rounds = KeySize / 4 + 6;
var state = ToState(input, inputOffset);
AddRoundKey(state, 0);
for (var round = 1; round < rounds; round++)
{
SubBytes(state);
ShiftRows(state);
MixColumns(state);
AddRoundKey(state, round);
}
SubBytes(state);
ShiftRows(state);
AddRoundKey(state, rounds);
FromState(state, output, outputOffset);
}
public byte[] Take(int maxLength)
{
SecurityAssert.Assert(maxLength > 0);
_read.Wait();
byte[] result;
var head = _data.Peek();
if (maxLength < head.Length - _offset)
{
result = new byte[maxLength];
Array.Copy(head, _offset, result, 0, maxLength);
_offset += maxLength;
}
else
{
result = _data.Dequeue();
_offset = 0;
_write.Release();
}
return(result);
}
public void Encrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
{
SecurityAssert.AssertBuffer(input, inputOffset, length);
SecurityAssert.NotNull(PublicKey);
var k = PublicKey !.Modulus.GetByteLength();
SecurityAssert.Assert(length <= k - 11);
var ps = _random.RandomNonZeroBytes(k - length - 3);
SecurityAssert.Assert(ps.Length >= 8);
var em = new byte[k];
em[0] = 0;
em[1] = 2;
Array.Copy(ps, 0, em, 2, ps.Length);
em[ps.Length + 2] = 0;
Array.Copy(input, inputOffset, em, ps.Length + 3, length);
var m = OS2IP(em, 0, em.Length);
var c = EncryptPrimative(m, PublicKey !);
var result = I2OSP(c, k);
SecurityAssert.AssertBuffer(output, outputOffset, result.Length);
Array.Copy(result, 0, output, outputOffset, result.Length);
}
public override void Digest(Span <byte> output)
{
SecurityAssert.AssertBuffer(output, HashSize / 8);
SecurityAssert.Assert(WorkBufferEmpty);
_y.CopyTo(output);
}
protected override void Reset()
{
SecurityAssert.Assert(IVInitialised);
_counter = new byte[BlockLength];
Array.Copy(IV, 0, _counter, 0, BlockLength);
}
public static byte[] GetBytes(string oid)
{
SecurityAssert.NotNull(oid);
SecurityAssert.Assert(oid.Length > 0);
var parts = oid.Split('.').Select(BigInteger.Parse).ToArray();
SecurityAssert.Assert(parts.Length >= 2);
var bytes = new List <byte>();
SecurityAssert.Assert(parts[0] >= 0 && parts[0] <= 6);
SecurityAssert.Assert(parts[1] >= 0 && parts[1] < 40);
var firstByte = parts[0] * 40 + parts[1];
bytes.Add((byte)firstByte);
for (var i = 2; i < parts.Length; i++)
{
SecurityAssert.Assert(parts[i] >= 0);
bytes.AddRange(EncodeBase128(parts[i]).Reverse());
}
return(bytes.ToArray());
}
public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier algorithm, byte[] input)
{
var parameters = CreateParameters(algorithm);
using (var ms = new MemoryStream(input))
{
var asn1 = new DERReader(ms).Read();
var seq = asn1 as ASN1Sequence;
SecurityAssert.NotNull(seq);
SecurityAssert.Assert(seq !.Count >= 2);
var version = seq !.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(version);
SecurityAssert.Assert(version !.Value == 1);
var dString = seq !.Elements[1] as ASN1OctetString;
SecurityAssert.NotNull(dString);
var d = parameters.Field.Value(dString !.Value.ToBigInteger(Endianness.BigEndian));
var q = Point.Multiply(
parameters.Curve,
d,
parameters.Generator
);
var pub = new ECPublicKey(parameters, q);
return(new ECPrivateKey(pub, d));
}
}
public void DecryptBlock(byte[] input, int inputOffset, byte[] output, int outputOffset)
{
SecurityAssert.Assert(_keyInitialised);
SecurityAssert.AssertBuffer(input, inputOffset, BlockLength);
SecurityAssert.AssertBuffer(output, outputOffset, BlockLength);
var rounds = KeySize / 4 + 6;
var state = ToState(input, inputOffset);
AddRoundKey(state, rounds);
for (var i = rounds - 1; i > 0; i--)
{
InvShiftRows(state);
InvSubBytes(state);
AddRoundKey(state, i);
InvMixColumns(state);
}
InvShiftRows(state);
InvSubBytes(state);
AddRoundKey(state, 0);
FromState(state, output, outputOffset);
}
private static List <int> SievePrimes(int max)
{
SecurityAssert.Assert(max > 1);
var maxSqrt = (int)Math.Ceiling(Math.Sqrt(max));
var a = new BitArray(max + 1, true);
for (var i = 2; i < maxSqrt; i++)
{
if (a[i])
{
var j = i * i;
while (j <= max)
{
a[j] = false;
j += i;
}
}
}
var list = new List <int>();
for (var i = 2; i <= max; i++)
{
if (a[i])
{
list.Add(i);
}
}
return(list);
}
private static void LoadCertificates(CertificateManager certificates)
{
var rsaCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.cert"));
SecurityAssert.Assert(rsaCert.Count == 1);
certificates.AddCertificate(rsaCert[0].RawData);
var rsaKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.key"));
SecurityAssert.Assert(rsaKey.Count == 1);
certificates.AddPrivateKey(rsaKey[0].RawData);
var ecCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.cert"));
SecurityAssert.Assert(ecCert.Count == 1);
certificates.AddCertificate(ecCert[0].RawData);
var ecKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.key"));
SecurityAssert.Assert(ecKey.Count == 1);
certificates.AddPrivateKey(ecKey[0].RawData);
var dhCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.cert"));
SecurityAssert.Assert(dhCert.Count == 1);
certificates.AddCertificate(dhCert[0].RawData);
var dhKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.key"));
SecurityAssert.Assert(dhKey.Count == 1);
certificates.AddPrivateKey(dhKey[0].RawData);
}
public RC4KeyParameter(byte[] key)
{
SecurityAssert.NotNull(key);
Key = new byte[key.Length];
Array.Copy(key, Key, key.Length);
}
public RSAPrivateKey(ASN1Object asn1Key)
{
// NOTE: currently only supporting PKCS#1 without optional OtherPrimeInfos
var keySeq = asn1Key as ASN1Sequence;
SecurityAssert.NotNull(keySeq);
SecurityAssert.Assert(keySeq !.Count == 9);
Modulus = GetInteger(keySeq, 1);
var publicExponent = GetInteger(keySeq, 2);
Exponent = GetInteger(keySeq, 3);
var prime1 = GetInteger(keySeq, 4);
var prime2 = GetInteger(keySeq, 5);
var exponent1 = GetInteger(keySeq, 6);
var exponent2 = GetInteger(keySeq, 7);
// TODO var coefficent = GetInteger(keySeq, 8);
SecurityAssert.Assert(Modulus == prime1 * prime2);
SecurityAssert.Assert(exponent1 == Exponent % (prime1 - 1));
SecurityAssert.Assert(exponent2 == Exponent % (prime2 - 1));
// TODO assert Coefficent == ((inverse of q) mod p)
PublicKey = new RSAPublicKey(Modulus, publicExponent);
}
public override void Digest(Span <byte> output)
{
SecurityAssert.AssertBuffer(output, HashSize / 8);
var paddingLength = 64 - MessageSize % BlockSize / 8;
if (paddingLength <= 8)
{
paddingLength += 64;
}
var padding = new byte[paddingLength];
// first bit is 1
padding[0] = 0x80;
Array.Copy(EndianBitConverter.Big.GetBytes(MessageSize), 0, padding, paddingLength - 8, 8);
Update(padding);
SecurityAssert.Assert(WorkBufferEmpty);
_complete = true;
EndianBitConverter.Big.GetBytes(_h0).CopyTo(output);
EndianBitConverter.Big.GetBytes(_h1).CopyTo(output.Slice(4));
EndianBitConverter.Big.GetBytes(_h2).CopyTo(output.Slice(8));
EndianBitConverter.Big.GetBytes(_h3).CopyTo(output.Slice(12));
EndianBitConverter.Big.GetBytes(_h4).CopyTo(output.Slice(16));
}
public PrivateKey ReadKey(byte[] input)
{
// PKCS#8 only
var asn1 = GetASN1(input);
SecurityAssert.Assert(asn1.HasValue);
var seq = asn1.Value as ASN1Sequence;
SecurityAssert.NotNull(seq);
SecurityAssert.Assert(seq !.Count == 3);
var version = seq !.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(version);
SecurityAssert.Assert(version !.Value == 0);
var algorithm = X509AlgorithmIdentifier.FromObject(seq.Elements[1]);
var keyOctetString = seq !.Elements[2] as ASN1OctetString;
SecurityAssert.NotNull(keyOctetString);
var reader = _keyReaderRegistry.Resolve(algorithm.Algorithm);
return(reader.ReadPrivateKey(algorithm, keyOctetString !.Value));
}
public virtual void Update(ReadOnlySpan <byte> input)
{
var workBuffer = _workBuffer.AsSpan();
while (input.Length > 0)
{
SecurityAssert.Assert(_workBufferLength < BlockSize / 8);
var lengthToTake = Math.Min(input.Length, _workBuffer.Length - _workBufferLength);
var(inputToCopy, inputRemaining) = input.Split(lengthToTake);
inputToCopy.CopyTo(workBuffer.Slice(_workBufferLength));
_workBufferLength += lengthToTake;
input = inputRemaining;
MessageSize += lengthToTake * 8;
SecurityAssert.Assert(_workBufferLength <= BlockSize / 8);
if (_workBufferLength != BlockSize / 8)
{
continue;
}
UpdateBlock(_workBuffer);
_workBufferLength = 0;
workBuffer.Fill(0);
}
}
public void Decrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
{
SecurityAssert.AssertBuffer(input, inputOffset, length);
SecurityAssert.AssertBuffer(output, outputOffset, length - TagLength);
Cipher.DecryptFinal(Cipher.Decrypt(input, output));
}
public void AssertHash_WhenValuesAreDifferent_ShouldThrowSecurityException()
{
var a = new byte[] { 0, 1, 2, 3 };
var b = new byte[] { 0, 1, 2, 4 };
Assert.Throws <SecurityException>(() => SecurityAssert.AssertHash(a, b));
}
private FieldValue Invert(FieldValue a)
{
SecurityAssert.Assert(a.Value != 0);
var u = a.Value;
var v = (BigInteger.One << _m) | _ks.Aggregate(BigInteger.One, (current, k) => current | BigInteger.One << k);
var g1 = BigInteger.One;
var g2 = BigInteger.Zero;
while (u != 1)
{
var j = u.GetBitLength() - v.GetBitLength();
if (j < 0)
{
(u, v) = (v, u);
(g1, g2) = (g2, g1);
j = -j;
}
u ^= v << j;
g1 ^= g2 << j;
}
return(Value(g1));
}
public static CertificateMessage Read(byte[] body, Func <byte[], X509Reader> x509ReaderFactory)
{
using (var stream = new MemoryStream(body))
{
var reader = new EndianBinaryReader(EndianBitConverter.Big, stream);
var certs = new List <X509Certificate>();
var length = reader.ReadUInt24();
while (length > 0)
{
SecurityAssert.Assert(length >= 3);
var certLength = reader.ReadUInt24();
length -= 3;
SecurityAssert.Assert(length >= certLength);
length -= certLength;
var certBytes = reader.ReadBytes((int)certLength);
SecurityAssert.Assert(certBytes.Length == certLength);
var cert = x509ReaderFactory(certBytes).ReadCertificate();
certs.Add(cert);
}
return(new CertificateMessage(certs));
}
}
public GCMCipher(IBlockCipher cipher)
{
SecurityAssert.Assert(cipher.BlockLength == 16);
SecurityAssert.Assert(cipher.KeySize >= 16);
_cipher = cipher;
}
protected override void Reset()
{
SecurityAssert.Assert(IVInitialised);
_workingIV = new byte[BlockLength];
Array.Copy(IV, _workingIV, BlockLength);
}
public PublicKey ReadPublicKey(X509AlgorithmIdentifier algorithm, BitArray bits)
{
SecurityAssert.Assert(IsRSAIdentifier(algorithm.Algorithm));
SecurityAssert.Assert(algorithm.Parameters.Count == 1 && algorithm.Parameters[0] is ASN1Null);
var data = bits.ToArray();
ASN1Object asn1;
using (var ms = new MemoryStream(data))
{
asn1 = new DERReader(ms).Read();
}
var keySeq = asn1 as ASN1Sequence;
SecurityAssert.Assert(keySeq != null && keySeq.Count == 2);
var modulusInt = keySeq !.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(modulusInt);
var exponentInt = keySeq !.Elements[1] as ASN1Integer;
SecurityAssert.NotNull(exponentInt);
return(new RSAPublicKey(modulusInt !.Value, exponentInt !.Value));
}
