Example #1
0
        public override byte[] GetMasterSecret(PseudoRandomFunction prf, byte[] seed)
        {
            var masterSecret = prf.CreateDeriveBytes(preMasterSecret, "master secret", seed).GetBytes(48);

            this.logger?.Debug("Master Secret: " + BitConverter.ToString(masterSecret));
            return(masterSecret);
        }
Example #2
0
        public static void ClientFinish(TlsConnection connection, int length)
        {
            Log.Info("Recv ClientFinish");

            var sha256        = SHA256.Create();
            var handshakeData = connection.HandshakeMessages.GetRange(0, connection.HandshakeMessages.Count - length - 4).ToArray();
            var handshakeHash = sha256.ComputeHash(handshakeData);

            var prfClient = new PseudoRandomFunction(connection.MasterSecretBytes, "client finished", handshakeHash);

            byte[] clientVerifyData = prfClient.GenerateBytes(12);

            byte[] data = connection.Buffer.Read(12);
            for (uint i = 0; i < 12; i++)
            {
                if (clientVerifyData[i] != data[i])
                {
                    Log.Error("Invalid ClientFinish!");
                    return;
                }
            }

            HandshakeResponse.ServerChangeCipherSpec(connection);
            connection.SendEncrypted = true;
            HandshakeResponse.ServerServerFinish(connection);
        }
        protected override void ProcessFinished(HandshakeMessage finished)
        {
            if (_state != HandshakeState.ReceivedChangeCipherSpec)
            {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Finished received at the wrong time");
            }

            byte[] allMessages       = _handshakeStream.ToArray();
            byte[] handshakeMessages = new byte[allMessages.Length - finished.Encode().Length];
            Buffer.BlockCopy(allMessages, 0, handshakeMessages, 0, handshakeMessages.Length);

            PseudoRandomFunction prf        = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm        verifyHash = prf.CreateVerifyHashAlgorithm(_connectionState.MasterSecret);

            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] ourVerifyData;
            if (_version == ProtocolVersion.SSL3_0)
            {
                byte[] senderBytes = Encoding.ASCII.GetBytes("CLNT");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                ourVerifyData = verifyHash.Hash;
            }
            else
            {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                ourVerifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_connectionState.MasterSecret, "client finished", hash, length);
            }

            // Verify that the received data matches ours
            bool verifyOk = false;

            if (ourVerifyData.Length == finished.Data.Length)
            {
                verifyOk = true;
                for (int i = 0; i < ourVerifyData.Length; i++)
                {
                    if (ourVerifyData[i] != finished.Data[i])
                    {
                        verifyOk = false;
                    }
                }
            }

            if (!verifyOk)
            {
                throw new AlertException(AlertDescription.DecryptError,
                                         "Finished packet contents incorrect");
            }
            _connectionState.ClientVerifyData = ourVerifyData;

            // Send our own change cipher spec
            _state = HandshakeState.SendChangeCipherSpec;
        }
        public override byte[] GetMasterSecret(PseudoRandomFunction prf, byte[] seed)
        {
            if (_preMasterSecret == null)
            {
                throw new CryptographicException("Premaster secret not defined");
            }

            return(prf.CreateDeriveBytes(_preMasterSecret, "master secret", seed).GetBytes(48));
        }
Example #5
0
        public static void ServerServerFinish(TlsConnection connection)
        {
            Log.Info("Send ServerServerFinish");

            var sha256        = SHA256.Create();
            var handshakeHash = sha256.ComputeHash(connection.HandshakeMessages.ToArray());
            var prfClient     = new PseudoRandomFunction(connection.MasterSecretBytes, "server finished", handshakeHash);

            byte[] servVerData = prfClient.GenerateBytes(12);

            TlsResponse.Handshake(connection, 20, ref servVerData);
        }
        public void SendFinished(Stream stream)
        {
            Record record;

            /* change cipher spec */
            record          = new Record(20, VERSION);
            record.Fragment = new byte[] { 0x01 };
            _recordHandler.ProcessOutputRecord(record);
            SendRecord(stream, record);

            /* change our own cipher spec */
            _recordHandler.ChangeLocalState();


            ProtocolVersion version = VERSION;

            byte[] handshakeMessages = _handshakeStream.ToArray();
            Console.WriteLine("handshake messages length " + handshakeMessages.Length);

            PseudoRandomFunction prf        = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm        verifyHash = prf.CreateVerifyHashAlgorithm(_masterSecret);

            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] verifyData;
            if (version == ProtocolVersion.SSL3_0)
            {
                byte[] senderBytes = Encoding.ASCII.GetBytes("CLNT");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                verifyData = verifyHash.Hash;
            }
            else
            {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                verifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_masterSecret, "client finished", hash, length);
            }
            HandshakeMessage finished = new HandshakeMessage(HandshakeMessageType.Finished, VERSION, verifyData);

            PrintBytes("verify data", finished.Data);

            record          = new Record(22, VERSION);
            record.Fragment = finished.Encode();
            _recordHandler.ProcessOutputRecord(record);
            SendRecord(stream, record);

            Console.WriteLine("encrypted finished sent");
        }
Example #7
0
 public override byte[] GetMasterSecret(PseudoRandomFunction prf, byte[] seed)
 {
     // TODO: Add more PRF IDs and their respective master secrets
     byte[] prfID = prf.CreateDeriveBytes(new byte[0], new byte[0]).GetBytes(48);
     if (CompareArrays(prfID, SSLv3ID))
     {
         return(GetSSLv3MasterSecret(seed));
     }
     else if (CompareArrays(prfID, TLSv1ID))
     {
         return(GetTLSv1MasterSecret(seed));
     }
     else
     {
         throw new Exception("Unidentified PRF while getting ECDHE master secret");
     }
 }
        protected override void ProcessLocalChangeCipherSpec()
        {
            if (_state != HandshakeState.SendChangeCipherSpec)
            {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Change cipher spec not after server hello done");
            }
            byte[] handshakeMessages = _handshakeStream.ToArray();

            PseudoRandomFunction prf        = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm        verifyHash = prf.CreateVerifyHashAlgorithm(_connectionState.MasterSecret);

            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] verifyData;
            if (_version == ProtocolVersion.SSL3_0)
            {
                byte[] senderBytes = Encoding.ASCII.GetBytes("SRVR");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                verifyData = verifyHash.Hash;
            }
            else
            {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                verifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_connectionState.MasterSecret, "server finished", hash, length);
            }
            _connectionState.ServerVerifyData = verifyData;

            HandshakeMessage finished = new HandshakeMessage(HandshakeMessageType.Finished, _version, verifyData);

            OutputMessage(finished);

            // Cleanup the handshake stream used for verify hashes
            _handshakeStream = new MemoryStream();

            // Everything done and handshake finished
            _state = HandshakeState.Finished;
        }
Example #9
0
        public void InitCipher()
        {
            byte[] preMasterSecretBytes = PreMasterSecret.ToByteArrayUnsigned();

            var prf = new PseudoRandomFunction(preMasterSecretBytes, "master secret", ClientRandom.Concat(ServerRandom));

            MasterSecretBytes = prf.GenerateBytes(48);

            prf = new PseudoRandomFunction(MasterSecretBytes, "key expansion", ServerRandom.Concat(ClientRandom));
            byte[] keyBlock = prf.GenerateBytes(72);

            using (var memoryStream = new MemoryStream(keyBlock))
            {
                using (var reader = new BinaryReader(memoryStream))
                {
                    ClientWriteMacKey = reader.ReadBytes(20);
                    ServerWriteMacKey = reader.ReadBytes(20);
                    ClientWriteKey    = reader.ReadBytes(16);
                    ServerWriteKey    = reader.ReadBytes(16);
                }
            }
        }
 public override byte[] GetMasterSecret(PseudoRandomFunction prf, byte[] seed)
 {
     return(prf.CreateDeriveBytes(_preMasterSecret, "master secret", seed).GetBytes(48));
 }