public override byte[] GetSecretBytes(byte[] secret, string labelString, byte[] random, int requiredLength)
{
var label = Encoding.ASCII.GetBytes(labelString);
var key1 = new Span <byte>(secret).Slice(0, secret.Length / 2).ToArray();
var key2 = new Span <byte>(secret).Slice(secret.Length / 2, secret.Length / 2).ToArray();
var hmacMd5 = new HMACMD5(key1);
var hmacSha = new HMACSHA1(key2);
var md5iterations = (requiredLength / (hmacMd5.HashSize / 8)) + 1;
var shaiterations = (requiredLength / (hmacSha.HashSize / 8)) + 1;
var seed = ByteString.Combine(label, random);
var md5byteArrays = GetAValues(hmacMd5, seed)
.Take(md5iterations)
.Select(a => hmacMd5.ComputeHash(ByteString.Combine(a, seed)));
var md5bytes = ByteString.Combine(md5byteArrays.ToArray());
var shaByteArrays = GetAValues(hmacSha, seed)
.Take(shaiterations)
.Select(a => hmacSha.ComputeHash(ByteString.Combine(a, seed)));
var shabytes = ByteString.Combine(shaByteArrays.ToArray());
byte[] prfbytes = XorBytes(requiredLength, md5bytes, shabytes);
//
return(prfbytes);
}
public void SetServerHello(TlsPacket.TlsServerHello serverHello, TlsPacketContext packetContext)
{
m_tlsDecoder.ProtocolVersion = TlsSecurityParameters.GetSslProtocolVersion(serverHello.Version.Major, serverHello.Version.Minor);
m_tlsDecoder.ServerRandom = ByteString.Combine(serverHello.Random.RandomTime, serverHello.Random.RandomBytes);
m_tlsDecoder.CipherSuite = (TlsCipherSuite)serverHello.CipherSuite.CipherId;
m_tlsDecoder.Compression = serverHello.CompressionMethod;
}
static void TestDecryptTls()
{
ShaPrfAlgorithm.Test100();
var secret = "64e2d01fa9bd9e7da52377465b6ce5d6e2fe37517d54199ed4d2714b4741494c7a702f972fd8d23a94ef89d9f0c3a880";
var clientRandom = "029b68c172bc58b0463396de16b69a64f49109a1af6e8ce177aabd7323645693";
var serverRandom = "79b72bc1cb4465b284b8796b65b08a4b6d8d741b36b5d75634ce612345e6f744";
var cipherBytes = new Span <byte>(File.ReadAllBytes("encrypted.raw"));
var prf = new ShaPrfAlgorithm();
var keyBlockBytes = prf.GetSecretBytes(ByteString.StringToByteArray(secret),
"key expansion",
ByteString.Combine(ByteString.StringToByteArray(serverRandom), ByteString.StringToByteArray(clientRandom)), 40);
var keyBlock = new TlsKeyBlock(keyBlockBytes, 0, 16, 4);
var sequenceNumber = 1ul;
var fixedNonce = keyBlock.ClientIV.Slice(0, 4);
var recordNonce = cipherBytes.Slice(0, 8);
// nonce = client_iv + sequence_id
var nonce = ByteString.Combine(fixedNonce.ToArray(), recordNonce.ToArray());
// additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length;
// TLSCompressed.length = Length - recordIv.size - Mac.size
var additionalData = ByteString.Combine(
BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
new byte[] { 0x17, 0x03, 0x03, 0x01, 0xc7 - (8 + 16) });
var gsm = new GcmBlockCipher(new AesEngine());
var plainBytes = TlsDecoder.DecryptAead(gsm, keyBlock.ClientWriteKey, nonce, cipherBytes.Slice(8), additionalData);
Console.WriteLine(Encoding.ASCII.GetString(plainBytes));
}
private Span <byte> ComputeNonce(TlsKeys tlsKeys, Span <byte> content)
{
var fixedNonce = new Span <byte>(tlsKeys.IV).Slice(0, SecurityParameters.FixedIVLength / 8);
var recordNonceLength = SecurityParameters.RecordIVLength / 8;
var recordNonce = content.Slice(0, recordNonceLength);
var nonce = ByteString.Combine(fixedNonce.ToArray(), recordNonce.ToArray());
return(nonce);
}
public void InitializeKeyBlock(TlsSecurityParameters securityParameters)
{
SecurityParameters = securityParameters;
// key_block = PRF(SecurityParameters.master_secret, "key expansion",
// SecurityParameters.server_random + SecurityParameters.client_random);
var bytes = securityParameters.Prf.GetSecretBytes(MasterSecret, "key expansion",
ByteString.Combine(ServerRandom, ClientRandom),
securityParameters.KeyMaterialSize / 8);
KeyBlock = new TlsKeyBlock(bytes, securityParameters.MacKeyLength, securityParameters.EncodingKeyLength, securityParameters.FixedIVLength);
}
public override byte[] GetSecretBytes(byte[] secret, string labelString, byte[] random, int requiredLength)
{
var keyedHashAlgorithm = this.hashAlgorithm;
keyedHashAlgorithm.Key = secret;
keyedHashAlgorithm.Initialize();
var shaiterations = (requiredLength / (keyedHashAlgorithm.HashSize / 8)) + 1;
var label = Encoding.ASCII.GetBytes(labelString);
var seed = ByteString.Combine(label, random);
var shaByteArrays = GetAValues(keyedHashAlgorithm, seed)
.Take(shaiterations)
.Select(a => keyedHashAlgorithm.ComputeHash(ByteString.Combine(a, seed)));
var prfbytes = new Span <byte>(ByteString.Combine(shaByteArrays.ToArray())).Slice(0, requiredLength).ToArray();
return(prfbytes);
}
public byte[] DecryptApplicationData(TlsKeys tlsKeys, TlsPacket.TlsApplicationData applicationData, ulong sequenceNumber)
{
if (KeyBlock == null)
{
throw new InvalidOperationException($"KeyBlock not initialized. Please, call {nameof(InitializeKeyBlock)} first.");
}
var content = new Span <byte>(applicationData.Body);
if (this.SecurityParameters.CipherType == TlsCipherType.Aead)
{
var macLength = SecurityParameters.MacLength / 8;
var recordNonceLength = SecurityParameters.RecordIVLength / 8;
var nonce = ComputeNonce(tlsKeys, content);
var additionalData = ByteString.Combine(
BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
new byte[] { (byte)applicationData.M_Parent.ContentType,
applicationData.M_Parent.Version.Major,
applicationData.M_Parent.Version.Minor },
BitConverter.GetBytes((ushort)(applicationData.Body.Length - (recordNonceLength + macLength))).Reverse().ToArray()
);
var aead = CreateAeadCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
return(DecryptAead(aead, tlsKeys.EncodingKey, nonce, content.Slice(recordNonceLength), additionalData));
}
if (this.SecurityParameters.CipherType == TlsCipherType.Block)
{
var cbc = CreateBlockCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
var mac = CreateHMacAlgorithm(SecurityParameters.MacAlgorithm);
return(DecryptBlock(cbc, mac, tlsKeys.EncodingKey, tlsKeys.IV, tlsKeys.MacKey, content));
}
if (this.SecurityParameters.CipherType == TlsCipherType.Stream)
{
throw new NotImplementedException();
}
throw new NotSupportedException($"Decrypting {CipherSuite.ToString()} is not supported.");
}
public void SetClientHello(TlsPacket.TlsClientHello clientHello, TlsPacketContext packetContext)
{
m_tlsDecoder.ClientRandom = ByteString.Combine(clientHello.Random.RandomTime, clientHello.Random.RandomBytes);
}