public CipherSuiteInfo(BulkCipherAlgorithm cipher, CipherType cipherType,
byte encKeyLen, byte blockLen, byte ivLen, byte recordIVLen, MACAlgorithm mac,
KeyExchangeAlgorithm exchangeAlgo)
{
_bulk_cipher = cipher;
_cipherType = cipherType;
_enc_key_length = encKeyLen;
_block_length = blockLen;
_fixed_iv_length = ivLen;
_record_iv_length = recordIVLen;
_mac = mac;
_exchangeAlgo = exchangeAlgo;
switch (mac)
{
case MACAlgorithm.HMAC_MD5: _mac_length = _mac_key_length = 16; break;
case MACAlgorithm.HMAC_SHA1: _mac_length = _mac_key_length = 20; break;
case MACAlgorithm.HMAC_SHA256: _mac_length = _mac_key_length = 32; break;
case MACAlgorithm.HMAC_SHA384: _mac_length = _mac_key_length = 48; break;
case MACAlgorithm.HMAC_SHA512: _mac_length = _mac_key_length = 64; break;
default: throw new ArgumentOutOfRangeException();
}
_isECC = exchangeAlgo == KeyExchangeAlgorithm.ECDH_anon ||
exchangeAlgo == KeyExchangeAlgorithm.ECDH_ECDSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDH_RSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDHE_ECDSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDHE_RSA;
}
public CipherSuiteInfo(BulkCipherAlgorithm cipher, CipherType cipherType,
byte encKeyLen, byte blockLen, byte ivLen, byte recordIVLen, MACAlgorithm mac,
KeyExchangeAlgorithm exchangeAlgo)
{
_bulk_cipher = cipher;
_cipherType = cipherType;
_enc_key_length = encKeyLen;
_block_length = blockLen;
_fixed_iv_length = ivLen;
_record_iv_length = recordIVLen;
_mac = mac;
_exchangeAlgo = exchangeAlgo;
switch (mac) {
case MACAlgorithm.HMAC_MD5: _mac_length = _mac_key_length = 16; break;
case MACAlgorithm.HMAC_SHA1: _mac_length = _mac_key_length = 20; break;
case MACAlgorithm.HMAC_SHA256: _mac_length = _mac_key_length = 32; break;
case MACAlgorithm.HMAC_SHA384: _mac_length = _mac_key_length = 48; break;
case MACAlgorithm.HMAC_SHA512: _mac_length = _mac_key_length = 64; break;
default: throw new ArgumentOutOfRangeException ();
}
_isECC = exchangeAlgo == KeyExchangeAlgorithm.ECDH_anon ||
exchangeAlgo == KeyExchangeAlgorithm.ECDH_ECDSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDH_RSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDHE_ECDSA ||
exchangeAlgo == KeyExchangeAlgorithm.ECDHE_RSA;
}
public static MAC CreateMAC(MACAlgorithm algorithm, byte[] key)
{
if (algorithm == MACAlgorithm.HMACSHA1)
{
return(new MACSHA1(key));
}
else
{
throw new SSHException("unknown algorithm " + algorithm);
}
}
public static int GetSize(MACAlgorithm algorithm)
{
if (algorithm == MACAlgorithm.HMACSHA1)
{
return(20);
}
else
{
throw new SSHException("unknown algorithm " + algorithm);
}
}
public Cipher(CipherSuite suite, BulkEncryptionAlgorithm encrypalgo, MACAlgorithm macalgo,
byte nBlockSize, byte nIVSize, int nKeyBits, byte nKeyMaterialSize)
{
CipherSuite = suite;
BulkEncryptionAlgorithm = encrypalgo;
MACAlgorithm = macalgo;
BlockSizeBytes = nBlockSize;
IVSize = nIVSize;
KeySizeBits = nKeyBits;
KeyMaterialLength = nKeyMaterialSize;
KeyBlockSize = (this.KeyMaterialLength + this.HashSize + this.IVSize) << 1;
}
private void Setup(string strTripleDES, byte[] rgbKey)
{
this.tdes = TripleDES.Create(strTripleDES);
this.tdes.Padding = PaddingMode.Zeros;
if (rgbKey != null)
{
this.tdes.Key = rgbKey;
}
this.HashSizeValue = this.tdes.BlockSize;
this.Key = this.tdes.Key;
this.mac = new MACAlgorithm(this.tdes);
this.m_disposed = false;
}
public void SetCipherSuite(CipherSuite suite, AsymmetricAlgorithm signAlgo)
{
CipherSuiteInfo info = SupportedCipherSuites.GetSuiteInfo(suite);
if (info == null)
{
throw new NotSupportedException();
}
_bulk_cipher = info.BulkCipherAlgorithm;
_cipherType = info.CipherType;
_enc_key_length = info.EncKeyLength;
_block_length = info.BlockLength;
_fixed_iv_length = info.FixedIVLength;
_record_iv_length = info.RecordIVLength;
_mac = info.MACAlgorithm;
_mac_length = info.MACLength;
_mac_key_length = info.MACKeyLength;
_keyExchange = info.KeyExchangeAlgorithm;
// TODO: TLS1.2spec ?
switch (_prfType)
{
case PRFAlgorithm.MD5_AND_SHA1: _prf = new MD5_AND_SHA1(); break;
case PRFAlgorithm.SSL3: _prf = new SSL3_PRF(this); break;
default: throw new NotSupportedException();
}
switch (_keyExchange)
{
case KeyExchangeAlgorithm.ECDHE_ECDSA:
_keyExchanger = new ECDHE_ECDSA((openCrypto.EllipticCurve.Signature.ECDSA)signAlgo);
break;
case KeyExchangeAlgorithm.DHE_DSS:
_keyExchanger = new DHE_DSS((DSACryptoServiceProvider)signAlgo);
break;
case KeyExchangeAlgorithm.RSA:
_keyExchanger = new KeyExchange.RSA((RSACryptoServiceProvider)signAlgo);
break;
default:
throw new NotImplementedException();
}
}
/// <summary>
/// Creates a <see cref="MAC"/> object.
/// </summary>
/// <param name="algorithm">MAC algorithm</param>
/// <param name="key">key data</param>
/// <returns>new MAC object.</returns>
public static MAC CreateMAC(MACAlgorithm algorithm, byte[] key)
{
switch (algorithm)
{
case MACAlgorithm.HMACSHA1:
return(new MACImpl(new HMACSHA1(key)));
case MACAlgorithm.HMACSHA256:
return(new MACImpl(new HMACSHA256(key)));
case MACAlgorithm.HMACSHA512:
return(new MACImpl(new HMACSHA512(key)));
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
/// <summary>
/// Gets length of the MAC in bytes.
/// </summary>
/// <param name="algorithm">MAC algorithm</param>
/// <returns>length of the MAC</returns>
public static int GetSize(MACAlgorithm algorithm)
{
switch (algorithm)
{
case MACAlgorithm.HMACSHA1:
return(20);
case MACAlgorithm.HMACSHA256:
return(32);
case MACAlgorithm.HMACSHA512:
return(64);
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
/// <summary>
/// Gets name of a MAC algorithm for SSH2.
/// </summary>
/// <param name="algorithm">MAC algorithm</param>
/// <returns></returns>
public static string AlgorithmToSSH2Name(MACAlgorithm algorithm)
{
switch (algorithm)
{
case MACAlgorithm.HMACSHA1:
return("hmac-sha1");
case MACAlgorithm.HMACSHA256:
return("hmac-sha2-256");
case MACAlgorithm.HMACSHA512:
return("hmac-sha2-512");
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="hostName">Host name</param>
/// <param name="portNumber">port number</param>
/// <param name="protocol">SSH protocol version</param>
/// <param name="authType">authentication type</param>
/// <param name="userName">user name for login</param>
/// <param name="password">password for login. pass empty string for the keyboard interactive mode.</param>
public SSHConnectionParameter(string hostName, int portNumber, SSHProtocol protocol, AuthenticationType authType, string userName, string password)
{
HostName = hostName;
PortNumber = portNumber;
Protocol = protocol;
PreferableCipherAlgorithms = new CipherAlgorithm[] { CipherAlgorithm.AES256CTR, CipherAlgorithm.AES256, CipherAlgorithm.AES192CTR, CipherAlgorithm.AES192, CipherAlgorithm.AES128CTR, CipherAlgorithm.AES128, CipherAlgorithm.Blowfish, CipherAlgorithm.TripleDES };
PreferableMacAlgorithms = new MACAlgorithm[] { MACAlgorithm.HMACSHA256, MACAlgorithm.HMACSHA512, MACAlgorithm.HMACSHA1 };
PreferableHostKeyAlgorithms = new PublicKeyAlgorithm[] { PublicKeyAlgorithm.DSA, PublicKeyAlgorithm.RSA };
AuthenticationType = authType;
UserName = userName;
Password = password;
TerminalName = "vt100";
WindowSize = 0x1000;
MaxPacketSize = 0x10000;
CheckMACError = true;
VerifySSHHostKey = p => true;
Timeouts = new SSHTimeouts();
}
private void Setup(string strTripleDES, byte[] rgbKey)
{
tdes = TripleDES.Create(strTripleDES);
// default padding (as using in Fx 1.0 and 1.1)
tdes.Padding = PaddingMode.Zeros;
// if rgbKey is null we keep the randomly generated key
if (rgbKey != null)
{
// this way we get the TripleDES key validation (like weak
// and semi-weak keys)
tdes.Key = rgbKey;
}
HashSizeValue = tdes.BlockSize;
// we use Key property to get the additional validations
// (from KeyedHashAlgorithm ancestor)
Key = tdes.Key;
mac = new MACAlgorithm(tdes);
m_disposed = false;
}
public SSL3CompatibleHMAC(MACAlgorithm algo, byte[] secret)
{
_mac = algo;
switch (algo)
{
case MACAlgorithm.HMAC_MD5:
_hash = new MD5CryptoServiceProvider();
HashSizeValue = 128;
_padLen = 48;
break;
case MACAlgorithm.HMAC_SHA1:
_hash = new SHA1Managed();
HashSizeValue = 160;
_padLen = 40;
break;
default:
// SSL3はMD5 or SHA1のみ
throw new Exception();
}
KeyValue = (byte[])secret.Clone();
}
public void SetCipherSuite(CipherSuite suite, AsymmetricAlgorithm signAlgo)
{
CipherSuiteInfo info = SupportedCipherSuites.GetSuiteInfo (suite);
if (info == null)
throw new NotSupportedException ();
_bulk_cipher = info.BulkCipherAlgorithm;
_cipherType = info.CipherType;
_enc_key_length = info.EncKeyLength;
_block_length = info.BlockLength;
_fixed_iv_length = info.FixedIVLength;
_record_iv_length = info.RecordIVLength;
_mac = info.MACAlgorithm;
_mac_length = info.MACLength;
_mac_key_length = info.MACKeyLength;
_keyExchange = info.KeyExchangeAlgorithm;
// TODO: TLS1.2spec ?
switch (_prfType) {
case PRFAlgorithm.MD5_AND_SHA1: _prf = new MD5_AND_SHA1 (); break;
case PRFAlgorithm.SSL3: _prf = new SSL3_PRF (this); break;
default: throw new NotSupportedException ();
}
switch (_keyExchange) {
case KeyExchangeAlgorithm.ECDHE_ECDSA:
_keyExchanger = new ECDHE_ECDSA ((openCrypto.EllipticCurve.Signature.ECDSA)signAlgo);
break;
case KeyExchangeAlgorithm.DHE_DSS:
_keyExchanger = new DHE_DSS ((DSACryptoServiceProvider)signAlgo);
break;
case KeyExchangeAlgorithm.RSA:
_keyExchanger = new KeyExchange.RSA ((RSACryptoServiceProvider)signAlgo);
break;
default:
throw new NotImplementedException ();
}
}
public static int GetSize(MACAlgorithm algorithm) {
if (algorithm == MACAlgorithm.HMACSHA1)
return 20;
else
throw new SSHException("unknown algorithm " + algorithm);
}
public static MAC CreateMAC(MACAlgorithm algorithm, byte[] key) {
if (algorithm == MACAlgorithm.HMACSHA1)
return new MACSHA1(key);
else
throw new SSHException("unknown algorithm " + algorithm);
}
public Cipher(CipherSuite suite, BulkEncryptionAlgorithm encrypalgo, MACAlgorithm macalgo,
byte nBlockSize, byte nIVSize, int nKeyBits, byte nKeyMaterialSize)
{
CipherSuite = suite;
BulkEncryptionAlgorithm = encrypalgo;
MACAlgorithm = macalgo;
BlockSizeBytes = nBlockSize;
IVSize = nIVSize;
KeySizeBits= nKeyBits;
KeyMaterialLength = nKeyMaterialSize;
KeyBlockSize = (this.KeyMaterialLength + this.HashSize + this.IVSize) << 1;
}
