protected virtual void CompleteHandshake() { try { mRecordStream.FinaliseHandshake(); mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context); if (!mAppDataReady) { mAppDataReady = true; if (mBlocking) { mTlsStream = new TlsStream(this); } } if (mTlsSession != null) { if (mSessionParameters == null) { mSessionParameters = new SessionParameters.Builder().SetCipherSuite(mSecurityParameters.CipherSuite).SetCompressionAlgorithm(mSecurityParameters.CompressionAlgorithm).SetMasterSecret(mSecurityParameters.MasterSecret) .SetPeerCertificate(mPeerCertificate) .SetPskIdentity(mSecurityParameters.PskIdentity) .SetSrpIdentity(mSecurityParameters.SrpIdentity) .SetServerExtensions(mServerExtensions) .Build(); mTlsSession = new TlsSessionImpl(mTlsSession.SessionID, mSessionParameters); } ContextAdmin.SetResumableSession(mTlsSession); } Peer.NotifyHandshakeComplete(); } finally { CleanupHandshake(); } }
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished, byte[] handshakeHash) { if (version == null) { throw new ArgumentNullException(nameof(version)); } if (handshakeInfo == null) { throw new ArgumentNullException(nameof(handshakeInfo)); } if (handshakeHash == null) { throw new ArgumentNullException(nameof(handshakeHash)); } TlsContext context = new DTLSContext(client, version, handshakeInfo); var asciiLabel = isClientFinished ? ExporterLabel.client_finished : ExporterLabel.server_finished; return(TlsUtilities.IsTlsV11(context) ? TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12) : TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12)); }
public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo) { if (preMasterSecret == null) { throw new ArgumentNullException(nameof(preMasterSecret)); } if (version == null) { throw new ArgumentNullException(nameof(version)); } if (handshakeInfo == null) { throw new ArgumentNullException(nameof(handshakeInfo)); } TlsContext context = new DTLSContext(client, version, handshakeInfo); var securityParameters = context.SecurityParameters; var seed = securityParameters.ClientRandom.Concat(securityParameters.ServerRandom).ToArray(); var asciiLabel = ExporterLabel.master_secret; handshakeInfo.MasterSecret = TlsUtilities.IsTlsV11(context) ? TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48) : TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48); seed = securityParameters.ServerRandom.Concat(securityParameters.ClientRandom).ToArray(); var key_block = TlsUtilities.IsTlsV11(context) ? TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96) : TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96); return(_CipherFactory .CreateCipher(context, _GetEncryptionAlgorithm(handshakeInfo.CipherSuite), _GetMACAlgorithm(handshakeInfo.CipherSuite))); }
public static byte[] CalculateKeyBlock(TlsContext context, int size) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (size < 0) { throw new ArgumentOutOfRangeException(nameof(size)); } var securityParameters = context.SecurityParameters; var master_secret = securityParameters.MasterSecret; var seed = securityParameters.ServerRandom.Concat(securityParameters.ClientRandom).ToArray(); return(TlsUtilities.IsTlsV11(context) ? TlsUtilities.PRF_legacy(master_secret, ExporterLabel.key_expansion, seed, size) : TlsUtilities.PRF(context, master_secret, ExporterLabel.key_expansion, seed, size)); }
/// <exception cref="IOException"></exception> public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize) { this.context = context; this.randomData = new byte[256]; context.NonceRandomGenerator.NextBytes(randomData); this.useExplicitIV = TlsUtilities.IsTlsV11(context); this.encryptThenMac = context.SecurityParameters.encryptThenMac; int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize(); // From TLS 1.1 onwards, block ciphers don't need client_write_IV if (!useExplicitIV) { key_block_size += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize(); } byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size); int offset = 0; TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset, clientWriteDigest.GetDigestSize()); offset += clientWriteDigest.GetDigestSize(); TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset, serverWriteDigest.GetDigestSize()); offset += serverWriteDigest.GetDigestSize(); KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize); offset += cipherKeySize; KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize); offset += cipherKeySize; byte[] client_write_IV, server_write_IV; if (useExplicitIV) { client_write_IV = new byte[clientWriteCipher.GetBlockSize()]; server_write_IV = new byte[serverWriteCipher.GetBlockSize()]; } else { client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + clientWriteCipher.GetBlockSize()); offset += clientWriteCipher.GetBlockSize(); server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + serverWriteCipher.GetBlockSize()); offset += serverWriteCipher.GetBlockSize(); } if (offset != key_block_size) { throw new TlsFatalAlert(AlertDescription.internal_error); } ICipherParameters encryptParams, decryptParams; if (context.IsServer) { this.mWriteMac = serverWriteMac; this.mReadMac = clientWriteMac; this.encryptCipher = serverWriteCipher; this.decryptCipher = clientWriteCipher; encryptParams = new ParametersWithIV(server_write_key, server_write_IV); decryptParams = new ParametersWithIV(client_write_key, client_write_IV); } else { this.mWriteMac = clientWriteMac; this.mReadMac = serverWriteMac; this.encryptCipher = clientWriteCipher; this.decryptCipher = serverWriteCipher; encryptParams = new ParametersWithIV(client_write_key, client_write_IV); decryptParams = new ParametersWithIV(server_write_key, server_write_IV); } this.encryptCipher.Init(true, encryptParams); this.decryptCipher.Init(false, decryptParams); }
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize) { this.context = context; randomData = new byte[256]; context.NonceRandomGenerator.NextBytes(randomData); useExplicitIV = TlsUtilities.IsTlsV11(context); encryptThenMac = context.SecurityParameters.encryptThenMac; int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize(); if (!useExplicitIV) { num += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize(); } byte[] array = TlsUtilities.CalculateKeyBlock(context, num); int num2 = 0; TlsMac tlsMac = new TlsMac(context, clientWriteDigest, array, num2, clientWriteDigest.GetDigestSize()); num2 += clientWriteDigest.GetDigestSize(); TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, array, num2, serverWriteDigest.GetDigestSize()); num2 += serverWriteDigest.GetDigestSize(); KeyParameter parameters = new KeyParameter(array, num2, cipherKeySize); num2 += cipherKeySize; KeyParameter parameters2 = new KeyParameter(array, num2, cipherKeySize); num2 += cipherKeySize; byte[] iv; byte[] iv2; if (useExplicitIV) { iv = new byte[clientWriteCipher.GetBlockSize()]; iv2 = new byte[serverWriteCipher.GetBlockSize()]; } else { iv = Arrays.CopyOfRange(array, num2, num2 + clientWriteCipher.GetBlockSize()); num2 += clientWriteCipher.GetBlockSize(); iv2 = Arrays.CopyOfRange(array, num2, num2 + serverWriteCipher.GetBlockSize()); num2 += serverWriteCipher.GetBlockSize(); } if (num2 != num) { throw new TlsFatalAlert(80); } ICipherParameters parameters3; ICipherParameters parameters4; if (context.IsServer) { mWriteMac = tlsMac2; mReadMac = tlsMac; encryptCipher = serverWriteCipher; decryptCipher = clientWriteCipher; parameters3 = new ParametersWithIV(parameters2, iv2); parameters4 = new ParametersWithIV(parameters, iv); } else { mWriteMac = tlsMac; mReadMac = tlsMac2; encryptCipher = clientWriteCipher; decryptCipher = serverWriteCipher; parameters3 = new ParametersWithIV(parameters, iv); parameters4 = new ParametersWithIV(parameters2, iv2); } encryptCipher.Init(forEncryption: true, parameters3); decryptCipher.Init(forEncryption: false, parameters4); }