internal static TlsSignerCredentials LoadSignerCredentials(TlsContext context, string[] certResources,
string keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
Certificate certificate = LoadCertificateChain(certResources);
AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
return new DefaultTlsSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm);
}
public static bool IsAlgorithmSupported (SignatureAndHashAlgorithm algorithm)
{
if (algorithm.Signature != SignatureAlgorithmType.Rsa)
return false;
switch (algorithm.Hash) {
case HashAlgorithmType.Md5:
case HashAlgorithmType.Sha512:
case HashAlgorithmType.Sha384:
case HashAlgorithmType.Sha256:
case HashAlgorithmType.Sha224:
case HashAlgorithmType.Sha1:
return true;
default:
return false;
}
}
protected override void Read (TlsBuffer incoming)
{
var length = incoming.ReadByte ();
for (int i = 0; i < length; i++)
Parameters.CertificateTypes.Add ((ClientCertificateType)incoming.ReadByte ());
if (Protocol == TlsProtocolCode.Tls12) {
var length2 = incoming.ReadInt16 ();
if ((length2 % 2) != 0)
throw new TlsException (AlertDescription.IlegalParameter);
var signatureTypes = new SignatureAndHashAlgorithm [length2 >> 1];
for (int i = 0; i < signatureTypes.Length; i++)
Parameters.SignatureParameters.SignatureAndHashAlgorithms.Add (new SignatureAndHashAlgorithm (incoming));
}
var length3 = incoming.ReadInt16 ();
if (incoming.Remaining != length3)
throw new TlsException (AlertDescription.DecodeError);
/*
* Read requested certificate authorities (Distinguised Names)
*
* Name ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeValueAssertion
*
* AttributeValueAssertion ::= SEQUENCE {
* attributeType OBJECT IDENTIFIER
* attributeValue ANY
* }
*
*/
while (incoming.Remaining > 0) {
var rdn = new ASN1 (incoming.ReadBytes (incoming.ReadInt16 ()));
Parameters.CertificateAuthorities.Add (X501.ToString (rdn));
}
}
public override byte[] GenerateServerKeyExchange()
{
mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(2), mContext.SecureRandom);
BigInteger b = mSrpServer.GenerateServerCredentials();
ServerSrpParams serverSrpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, b);
DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
serverSrpParams.Encode(digestInputBuffer);
if (mServerCredentials != null)
{
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
SecurityParameters securityParameters = mContext.SecurityParameters;
digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
digestInputBuffer.UpdateDigest(digest);
byte[] array = new byte[digest.GetDigestSize()];
digest.DoFinal(array, 0);
byte[] signature = mServerCredentials.GenerateCertificateSignature(array);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
digitallySigned.Encode(digestInputBuffer);
}
return(digestInputBuffer.ToArray());
}
public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (_client.CertificateData.getCertificate() == null)
{
return(null);
}
IList sigAlgs = certificateRequest.SupportedSignatureAlgorithms;
if (sigAlgs != null)
{
for (int i = 0; i < sigAlgs.Count; ++i)
{
SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)sigAlgs[i];
TlsSignerCredentials signer = _client.CertificateData.getSignerCredentials(sigAlg);
if (signer != null)
{
return(signer);
}
}
}
return(null);
}
public SignatureTls12 (SignatureAndHashAlgorithm algorithm)
{
SignatureAlgorithm = algorithm;
}
public SignatureTls12 (TlsBuffer incoming)
{
SignatureAlgorithm = new SignatureAndHashAlgorithm (incoming);
Signature = Add (incoming.ReadSecureBuffer (incoming.ReadInt16 ()));
}
public TlsCertificateVerify(SignatureAndHashAlgorithm algorithm, SecureBuffer signature)
: base(HandshakeType.CertificateVerify)
{
Algorithm = algorithm;
Signature = signature;
}
public override ISigner CreateSigner(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey)
{
return(MakeSigner(algorithm, raw: false, forSigning: true, new ParametersWithRandom(privateKey, mContext.SecureRandom)));
}
public override void AssertCertificateVerifySignatureAlgorithm(ITlsContext ctx, SignatureAndHashAlgorithm algorithm)
{
Context.Assert(ctx.IsServer, Is.True, "is server");
AssertTls12(ctx);
VerifySignatureAlgorithm(ctx, algorithm);
if (Parameters.ExpectCertificateVerifySignatureAlgorithm != null)
{
Context.Expect(algorithm, Is.EqualTo(Parameters.ExpectCertificateVerifySignatureAlgorithm.Value), "certificate validate signature algorithm");
return;
}
ClientCertificateParameters parameters;
if (ctx.HasClientCertificateParameters && ctx.ClientCertificateParameters != null)
{
parameters = ctx.ClientCertificateParameters;
}
else
{
parameters = null;
}
if (parameters != null && parameters.HasSignatureParameters && parameters.SignatureParameters != null)
{
if (!parameters.SignatureParameters.SignatureAndHashAlgorithms.Contains(algorithm))
{
throw new TlsException(AlertDescription.IlegalParameter);
}
}
else if (!algorithm.Equals(SignatureParameters.DefaultAlgorithm))
{
throw new TlsException(AlertDescription.IlegalParameter);
}
}
public IByteBuffer Encode(short sequence)
{
int length = DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH;
if (CertificateTypes == null || CertificateTypes.Length == 0)
{
length++;
}
else
{
length += 1 + CertificateTypes.Length;
}
if (SupportedSignatureAlgorithms != null)
{
for (int i = 0; i < SupportedSignatureAlgorithms.Count; ++i)
{
SignatureAndHashAlgorithm entry = (SignatureAndHashAlgorithm)SupportedSignatureAlgorithms[i];
if (entry.Signature == SignatureAlgorithm.anonymous)
{
throw new ArgumentException("SignatureAlgorithm.anonymous MUST NOT appear in the signature_algorithms extension");
}
}
length += 2 * SupportedSignatureAlgorithms.Count + 2;
}
IList <byte[]> derEncodings = new List <byte[]>(CertificateAuthorities.Count);
int totalLength = 0;
if (CertificateAuthorities == null || CertificateAuthorities.Count == 0)
{
length += 2;
}
else
{
length += 2;
for (int i = 0; i < CertificateAuthorities.Count; ++i)
{
X509Name certificateAuthority = (X509Name)CertificateAuthorities[i];
byte[] derEncoding = certificateAuthority.GetEncoded(Asn1Encodable.Der);
derEncodings.Add(derEncoding);
length += derEncoding.Length + 2;
totalLength += derEncoding.Length + 2;
}
}
IByteBuffer buffer = Unpooled.Buffer(length);
DtlsHelper.WriteHandshakeHeader(sequence, MessageType.CERTIFICATE_REQUEST, buffer, length - DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH);
if (CertificateTypes == null || CertificateTypes.Length == 0)
{
buffer.WriteByte(0);
}
else
{
buffer.WriteByte(CertificateTypes.Length);
foreach (byte curr in CertificateTypes)
{
buffer.WriteByte(curr);
}
}
if (SupportedSignatureAlgorithms != null)
{
buffer.WriteShort(2 * SupportedSignatureAlgorithms.Count);
for (int i = 0; i < SupportedSignatureAlgorithms.Count; ++i)
{
SignatureAndHashAlgorithm entry = (SignatureAndHashAlgorithm)SupportedSignatureAlgorithms[i];
buffer.WriteByte(entry.Hash);
buffer.WriteByte(entry.Signature);
}
}
if (CertificateAuthorities == null || CertificateAuthorities.Count == 0)
{
buffer.WriteShort(0);
}
else
{
buffer.WriteShort(totalLength);
for (int i = 0; i < derEncodings.Count; ++i)
{
byte[] derEncoding = (byte[])derEncodings[i];
buffer.WriteShort(derEncoding.Length);
buffer.WriteBytes(derEncoding);
}
}
return(buffer);
}
public void PostProcessServerHelloDone()
{
IList <SupplementalDataEntry> clientSupplementalData = (IList <SupplementalDataEntry>)clientState.Client.GetClientSupplementalData();
if (clientSupplementalData != null)
{
int totalLength = 3 + DtlsHelper.CalculateSupplementalDataLength(clientSupplementalData);
IByteBuffer supplementalDataOutput = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + totalLength);
short sdataSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(sdataSequence, MessageType.SUPPLEMENTAL_DATA, supplementalDataOutput, totalLength);
DtlsHelper.WriteSupplementalData(supplementalDataOutput, clientSupplementalData);
recordLayer.Send(sdataSequence, MessageType.SUPPLEMENTAL_DATA, supplementalDataOutput);
}
if (clientState.CertificateRequest != null)
{
clientState.ClientCredentials = clientState.Authentication.GetClientCredentials(clientState.CertificateRequest);
Certificate clientCertificate = null;
if (clientState.ClientCredentials != null)
{
clientCertificate = clientState.ClientCredentials.Certificate;
}
if (clientCertificate == null)
{
clientCertificate = Certificate.EmptyChain;
}
short certificateSequence = sequence++;
IByteBuffer certificateOutput = DtlsHelper.WriteCertificate(certificateSequence, clientCertificate);
recordLayer.Send(certificateSequence, MessageType.CERTIFICATE, certificateOutput);
}
if (clientState.ClientCredentials != null)
{
clientState.KeyExchange.ProcessClientCredentials(clientState.ClientCredentials);
}
else
{
clientState.KeyExchange.SkipClientCredentials();
}
MemoryStream buf = new MemoryStream();
clientState.KeyExchange.GenerateClientKeyExchange(buf);
byte[] clientKeyExchange = buf.GetBuffer();
Array.Resize(ref clientKeyExchange, clientKeyExchange[0] + 1);
IByteBuffer keyExchangeOutput = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + clientKeyExchange.Length);
short currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.CLIENT_KEY_EXCHANGE, keyExchangeOutput, clientKeyExchange.Length);
keyExchangeOutput.WriteBytes(clientKeyExchange);
recordLayer.Send(currSequence, MessageType.CLIENT_KEY_EXCHANGE, keyExchangeOutput);
TlsHandshakeHash prepareFinishHash = clientState.HandshakeHash;
//clientState.setHandshakeHash(clientState.getHandshakeHash().stopTracking());
((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters).SetSessionHash(DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, prepareFinishHash, null));
DtlsHelper.EstablishMasterSecret((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters, clientState.ClientContext, clientState.KeyExchange);
recordLayer.InitPendingEpoch(clientState.Client.GetCipher());
if (clientState.ClientCredentials != null && clientState.ClientCredentials is TlsSignerCredentials)
{
TlsSignerCredentials signerCredentials = (TlsSignerCredentials)clientState.ClientCredentials;
SignatureAndHashAlgorithm signatureAndHashAlgorithm = DtlsHelper.GetSignatureAndHashAlgorithm(clientState.ClientContext, signerCredentials);
byte[] hash;
if (signatureAndHashAlgorithm == null)
{
hash = ((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters).SessionHash;
}
else
{
hash = prepareFinishHash.GetFinalHash(signatureAndHashAlgorithm.Hash);
}
byte[] signature = signerCredentials.GenerateCertificateSignature(hash);
int addon = 0;
if (signatureAndHashAlgorithm != null)
{
addon = 2;
}
IByteBuffer certificateVerifyBody = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + addon + 2 + signature.Length);
currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.CERTIFICATE_VERIFY, certificateVerifyBody, addon + 2 + signature.Length);
if (signatureAndHashAlgorithm != null)
{
certificateVerifyBody.WriteByte(signatureAndHashAlgorithm.Hash);
certificateVerifyBody.WriteByte(signatureAndHashAlgorithm.Signature);
}
certificateVerifyBody.WriteShort(signature.Length);
certificateVerifyBody.WriteBytes(signature);
recordLayer.Send(currSequence, MessageType.CERTIFICATE_VERIFY, certificateVerifyBody);
}
byte[] clientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.client_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
IByteBuffer serverVerifyBuffer = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + clientVerifyData.Length);
currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.FINISHED, serverVerifyBuffer, clientVerifyData.Length);
serverVerifyBuffer.WriteBytes(clientVerifyData);
recordLayer.Send(currSequence, MessageType.FINISHED, serverVerifyBuffer);
clientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.client_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
}
public override void AssertCertificateVerifySignatureAlgorithm (ITlsContext ctx, SignatureAndHashAlgorithm algorithm)
{
Context.Assert (ctx.IsServer, Is.True, "is server");
AssertTls12 (ctx);
VerifySignatureAlgorithm (ctx, algorithm);
if (Parameters.ExpectCertificateVerifySignatureAlgorithm != null) {
Context.Expect (algorithm, Is.EqualTo (Parameters.ExpectCertificateVerifySignatureAlgorithm.Value), "certificate validate signature algorithm");
return;
}
ClientCertificateParameters parameters;
if (ctx.HasClientCertificateParameters && ctx.ClientCertificateParameters != null)
parameters = ctx.ClientCertificateParameters;
else
parameters = null;
if (parameters != null && parameters.HasSignatureParameters && parameters.SignatureParameters != null) {
if (!parameters.SignatureParameters.SignatureAndHashAlgorithms.Contains (algorithm))
throw new TlsException (AlertDescription.IlegalParameter);
} else if (!algorithm.Equals (SignatureParameters.DefaultAlgorithm)) {
throw new TlsException (AlertDescription.IlegalParameter);
}
}
public override void AssertServerSignatureAlgorithm (ITlsContext ctx, SignatureAndHashAlgorithm algorithm)
{
Context.Assert (ctx.IsServer, Is.False, "is client");
AssertTls12 (ctx);
VerifySignatureAlgorithm (ctx, algorithm);
if (Parameters.ExpectServerSignatureAlgorithm != null)
Context.Expect (algorithm, Is.EqualTo (Parameters.ExpectServerSignatureAlgorithm.Value), "server signature algorithm");
else if (ctx.HasCurrentSignatureParameters && ctx.CurrentSignatureParameters != null) {
if (!ctx.CurrentSignatureParameters.SignatureAndHashAlgorithms.Contains (algorithm))
throw new TlsException (AlertDescription.IlegalParameter);
} else if (!algorithm.Equals (SignatureParameters.DefaultAlgorithm)) {
throw new TlsException (AlertDescription.IlegalParameter);
}
}
public override void AssertClientSignatureAlgorithm (ITlsContext ctx, SignatureAndHashAlgorithm algorithm)
{
AssertTls12 (ctx);
VerifySignatureAlgorithm (ctx, algorithm);
if (Parameters.ExpectClientSignatureAlgorithm != null)
Context.Expect (algorithm, Is.EqualTo (Parameters.ExpectClientSignatureAlgorithm.Value), "client signature algorithm");
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (certificate.IsEmpty)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (privateKey == null)
{
throw new ArgumentNullException("privateKey");
}
if (!privateKey.IsPrivate)
{
throw new ArgumentException("must be private", "privateKey");
}
if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
{
throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");
}
if (privateKey is RsaKeyParameters)
{
mSigner = new TlsRsaSigner();
}
else if (privateKey is DsaPrivateKeyParameters)
{
mSigner = new TlsDssSigner();
}
else
{
if (!(privateKey is ECPrivateKeyParameters))
{
throw new ArgumentException("type not supported: " + Platform.GetTypeName(privateKey), "privateKey");
}
mSigner = new TlsECDsaSigner();
}
mSigner.Init(context);
mContext = context;
mCertificate = certificate;
mPrivateKey = privateKey;
mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
public SignatureTls12(SignatureAndHashAlgorithm algorithm)
{
SignatureAlgorithm = algorithm;
}
public SignatureTls12(TlsBuffer incoming)
{
SignatureAlgorithm = new SignatureAndHashAlgorithm(incoming);
Signature = Add(incoming.ReadSecureBuffer(incoming.ReadInt16()));
}
static SignatureInstrumentParameters Create (
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters ();
signatureParameters.Add (algorithm);
switch (type) {
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
public abstract byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm,
AsymmetricKeyParameter privateKey, byte[] hash);
internal static TlsSignerCredentials LoadSignerCredentials(TlsContext context, string[] certResources,
string keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
Certificate certificate = LoadCertificateChain(certResources);
AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
return(new DefaultTlsSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm));
}
public abstract ISigner CreateVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey);
public static SecureBuffer CreateSignature (SignatureAndHashAlgorithm type, byte[] hash, AsymmetricAlgorithm key)
{
if (type.Signature != SignatureAlgorithmType.Rsa)
throw new TlsException (AlertDescription.IlegalParameter);
return CreateSignature (type.Hash, hash, key);
}
public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
#endif
{
if (privateKey == null && rsaKey == null)
{
throw new ArgumentException("No key or Rsa CSP provided");
}
if (privateKey == null)
{
if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
{
return(SignRsa(rsaKey, hash));
}
throw new ArgumentException("Need private key for non-RSA Algorithms");
}
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
if (signatureHashAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureHashAlgorithm));
}
if (hash == null)
{
throw new ArgumentNullException(nameof(hash));
}
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
var context = new DTLSContext(client, version, handshakeInfo);
var randomGenerator = new CryptoApiRandomGenerator();
context.SecureRandom = new SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
var signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
}
else
{
return(signer.GenerateRawSignature(privateKey, hash));
}
}
public abstract bool VerifyRawSignature(SignatureAndHashAlgorithm algorithm, byte[] sigBytes,
AsymmetricKeyParameter publicKey, byte[] hash);
public static bool VerifySignature (SignatureAndHashAlgorithm type, byte[] hash, AsymmetricAlgorithm key, SecureBuffer signature)
{
if (type.Signature != SignatureAlgorithmType.Rsa)
throw new TlsException (AlertDescription.IlegalParameter);
return VerifySignature (type.Hash, hash, key, signature);
}
public override ISigner CreateVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey)
{
return(MakeSigner(algorithm, raw: false, forSigning: false, publicKey));
}
public static void EncodeSignatureAndHashAlgorithm(SignatureAndHashAlgorithm algorithm, TlsBuffer buffer)
{
buffer.Write((byte)algorithm.Hash);
buffer.Write((byte)algorithm.Signature);
}
public static void EncodeSignatureAndHashAlgorithm(SignatureAndHashAlgorithm algorithm, TlsStream stream)
{
stream.Write((byte)algorithm.Hash);
stream.Write((byte)algorithm.Signature);
}
protected override void Read(TlsBuffer incoming)
{
Algorithm = new SignatureAndHashAlgorithm(incoming);
Signature = incoming.ReadSecureBuffer(incoming.ReadInt16());
}
