ProcessBlock() public méthode

public ProcessBlock ( byte input, int inOff, int length ) : byte[]
input byte
inOff int
length int
Résultat byte[]
Exemple #1
1
        /// <summary>
        /// The decrypt.
        /// </summary>
        /// <param name="encrypted">
        /// The encrypted.
        /// </param>
        /// <param name="pk">
        /// The pk.
        /// </param>
        /// <returns>
        /// The <see cref="string"/>.
        /// </returns>
        private string Decrypt(string encrypted, PrivateKey pk)
        {
            var keyParam = pk.GetPrivateKeyParam();
            var engine = new Pkcs1Encoding(new RsaEngine());
            engine.Init(false, keyParam);
            var blockSize = engine.GetInputBlockSize();

            byte[] bytes = Convert.FromBase64String(encrypted);
            byte[] dec = engine.ProcessBlock(bytes, 0, blockSize);
            var clear = this.ToUTF8String(dec);
            return clear;
        }
		internal string Decrypt(string cryptText, string encryptionKey, bool isPrivate)
		{
			RsaKeyParameters key;
			byte[] data = null;
			List<byte> output = new List<byte>();
			string result = null;

			try
			{
				if (isPrivate)
					key = RsaPrivateStringToRsaKey(encryptionKey);
				else
					key = RsaPublicStringToRsaKey(encryptionKey);

				data = Hex.Decode(cryptText);

				IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher();
				e.Init(false, key);

				int blockSize = e.GetInputBlockSize();

				if (data != null)
				{
					for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize)
					{
						int chunkSize;

						if (data.Length <= blockSize)
							chunkSize = data.Length;
						else if ((chunkPosition + blockSize) > data.Length)
							chunkSize = data.Length - chunkPosition;
						else
							chunkSize = blockSize;

						if (chunkSize <= 0)
							break;

						output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize));
					}

					result = ByteArrayToString(output.ToArray());
				}
			}
			catch (Exception ex)
			{
				Debug.Write(ex.ToString());
			}

			return result;
		}
		public static byte[] GenerateEncryptedPreMasterSecret(SecureRandom random,
			RsaKeyParameters rsaServerPublicKey, Stream output)
		{
			/*
			 * Choose a PremasterSecret and send it encrypted to the server
			 */
			byte[] premasterSecret = new byte[48];
			random.NextBytes(premasterSecret);
			TlsUtilities.WriteVersion(premasterSecret, 0);

			Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine());
			encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, random));

			try
			{
				byte[] keData = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length);
                TlsUtilities.WriteOpaque16(keData, output);
			}
			catch (InvalidCipherTextException)
			{
				/*
				* This should never happen, only during decryption.
				*/
				throw new TlsFatalAlert(AlertDescription.internal_error);
			}

			return premasterSecret;
		}
        public virtual void GenerateClientKeyExchange(Stream output)
        {
            /*
            * Choose a PremasterSecret and send it encrypted to the server
            */
            premasterSecret = new byte[48];
            context.SecureRandom.NextBytes(premasterSecret);
            TlsUtilities.WriteVersion(premasterSecret, 0);

            Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine());
            encoding.Init(true, new ParametersWithRandom(this.rsaServerPublicKey, context.SecureRandom));

            try
            {
                byte[] keData = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length);
                TlsUtilities.WriteUint24(keData.Length + 2, output);
                TlsUtilities.WriteOpaque16(keData, output);
            }
            catch (InvalidCipherTextException)
            {
                /*
                * This should never happen, only during decryption.
                */
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
        }
    	public  string decryptPasswordUsingPem(string password)
    	{
			try
			{
				var passwordBytes = Convert.FromBase64String(password);  
				AsymmetricCipherKeyPair keyPair; 
				PathToPemKey =  PathToPemKey ?? "Where is the PEM private Key".askUser();
				
				if (PathToPemKey.isFolder())
					PathToPemKey = PathToPemKey.files("*.pem").first();
					
				if (PathToPemKey.valid() && PathToPemKey.fileExists())
				{
					using (var reader = File.OpenText(PathToPemKey))  
				    	keyPair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject(); 				
					var decryptEngine = new Pkcs1Encoding(new RsaEngine());
					decryptEngine.Init(false, keyPair.Private); 				 
					var decryptedPassword = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(passwordBytes, 0, passwordBytes.Length)); 				 
					return decryptedPassword; 
				}
				"in decryptPasswordUsingPem, there was no PEM file provided or found".error();
			}
			catch(Exception ex)
			{
				"[API_RSA] in decryptPasswordUsingPem: {0}".error(ex.Message);				
			}
			return null;
		}
Exemple #6
0
 public string Decrypt(string str)
 {
     if (string.IsNullOrEmpty(str)) return "";
     var dat = Convert.FromBase64String(str);
     var encoding = new Pkcs1Encoding(engine);
     encoding.Init(false, key);
     return Encoding.UTF8.GetString(encoding.ProcessBlock(dat, 0, dat.Length));
 }
Exemple #7
0
 public string Encrypt(string str)
 {
     if (string.IsNullOrEmpty(str)) return "";
     var dat = Encoding.UTF8.GetBytes(str);
     var encoding = new Pkcs1Encoding(engine);
     encoding.Init(true, key);
     return Convert.ToBase64String(encoding.ProcessBlock(dat, 0, dat.Length));
 }
Exemple #8
0
 public string RsaEncrypt(string clearText, AsymmetricKeyParameter prywatny)
 {
     AsymmetricKeyParameter key = prywatny;
     var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText);
     var encryptEngine = new Pkcs1Encoding(new RsaEngine());
     encryptEngine.Init(true, key);
     var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length));
     return encrypted;
 }
Exemple #9
0
        public byte[] DeSignData(byte[] data)
        {
            if (OnlyPublic)
                throw new NotSupportedException("Private key not available");

            var eng = new Pkcs1Encoding(new RsaEngine());
            eng.Init(false, RSAKeyPair.Private);
            return eng.ProcessBlock(data, 0, data.Length);
        }
		private void doTestStrictPkcs1Length(RsaKeyParameters pubParameters, RsaKeyParameters privParameters)
		{
			IAsymmetricBlockCipher eng = new RsaBlindedEngine();

			eng.Init(true, privParameters);

			byte[] data = null;

			try
			{
				data = eng.ProcessBlock(oversizedSig, 0, oversizedSig.Length);
			}
			catch (Exception e)
			{
				Fail("RSA: failed - exception " + e.ToString(), e);
			}

			eng = new Pkcs1Encoding(eng);

			eng.Init(false, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);

				Fail("oversized signature block not recognised");
			}
			catch (InvalidCipherTextException e)
			{
				if (!e.Message.Equals("block incorrect size"))
				{
					Fail("RSA: failed - exception " + e.ToString(), e);
				}
			}


			// Create the encoding with StrictLengthEnabled=false (done thru environment in Java version)
			Pkcs1Encoding.StrictLengthEnabled = false;

			eng = new Pkcs1Encoding(new RsaBlindedEngine());

			eng.Init(false, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (InvalidCipherTextException e)
			{
				Fail("RSA: failed - exception " + e.ToString(), e);
			}

			Pkcs1Encoding.StrictLengthEnabled = true;
		}
Exemple #11
0
        public static byte[] Decrypt(byte[] buffer)
        {
            using (TextReader sr = new StringReader(PRIVATE_KEY))
            {
                PemReader pemReader = new PemReader(sr);
                AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject();
                RsaKeyParameters privateKey = (RsaKeyParameters)keyPair.Private;
                IAsymmetricBlockCipher cipher = new Pkcs1Encoding(new RsaEngine());

                cipher.Init(false, privateKey);
                return cipher.ProcessBlock(buffer, 0, buffer.Length);
            }
        }
        public string RsaEncryptWithPrivate(string clearText, string privateKey)
        {
            var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText);

            var encryptEngine = new Pkcs1Encoding(new RsaEngine());

            using (var txtreader = new StringReader(privateKey))
            {
                var keyPair = (AsymmetricCipherKeyPair)new PemReader(txtreader).ReadObject();

                encryptEngine.Init(true, keyPair.Public);
            }

            var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length));
            return encrypted;
        }
        public static string Crypt(string input)
        {
            RsaKeyParameters parameters;
            AsymmetricCipherKeyPair keyPair;

            using (var reader = File.OpenText(@"publickey.pem")) // file containing RSA PKCS1 private key
                parameters = (RsaKeyParameters)new PemReader(reader).ReadObject();

            keyPair = new AsymmetricCipherKeyPair(parameters, new AsymmetricKeyParameter(true));

            var encryptEngine = new Pkcs1Encoding(new RsaEngine());
            encryptEngine.Init(true, keyPair.Public);

            byte[] utf = Encoding.UTF8.GetBytes(input);
            return Convert.ToBase64String(encryptEngine.ProcessBlock(utf, 0, utf.Length));
        }
        // Decryption:

        public string RsaDecrypt(string base64Input, string privateKey)
        {
            var bytesToDecrypt = Convert.FromBase64String(base64Input);

            //get a stream from the string
            AsymmetricCipherKeyPair keyPair;
            var decryptEngine = new Pkcs1Encoding(new RsaEngine());

            using (var txtreader = new StringReader(privateKey))
            {
                keyPair = (AsymmetricCipherKeyPair)new PemReader(txtreader).ReadObject();

                decryptEngine.Init(false, keyPair.Private);
            }

            var decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));
            return decrypted;
        }
		public static string DecryptString(string encrypted = null, string keyName = "key")
		{
			string decrypted = null;
			//	If no encrypted string, return
			if (encrypted == "")
			{
				return null;
			}
			var bytesToDecrypt = Convert.FromBase64String(encrypted);
			AsymmetricCipherKeyPair keypair;
			string path = Path.Combine(Directory.GetCurrentDirectory(), @"..\..\Keys\" + keyName + ".pem");
			path = Path.GetFullPath(path);
			using (var reader = File.OpenText(path))
			{
				keypair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
			}
			var decryptEngine = new Pkcs1Encoding(new RsaEngine());
			decryptEngine.Init(false, keypair.Private);
			decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));

			return decrypted;
		}
Exemple #16
0
        /// <exception cref="IOException"></exception>
        public static byte[] GenerateEncryptedPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPublicKey,
            Stream output)
        {
            /*
             * Choose a PremasterSecret and send it encrypted to the server
             */
            byte[] premasterSecret = new byte[48];
            context.SecureRandom.NextBytes(premasterSecret);
            TlsUtilities.WriteVersion(context.ClientVersion, premasterSecret, 0);

            Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine());
            encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, context.SecureRandom));

            try
            {
                byte[] encryptedPreMasterSecret = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length);

                if (TlsUtilities.IsSsl(context))
                {
                    // TODO Do any SSLv3 servers actually expect the length?
                    output.Write(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length);
                }
                else
                {
                    TlsUtilities.WriteOpaque16(encryptedPreMasterSecret, output);
                }
            }
            catch (InvalidCipherTextException e)
            {
                /*
                 * This should never happen, only during decryption.
                 */
                throw new TlsFatalAlert(AlertDescription.internal_error, e);
            }

            return premasterSecret;
        }
Exemple #17
0
        public static byte[] SafeDecryptPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPrivateKey,
            byte[] encryptedPreMasterSecret)
        {
            /*
             * RFC 5246 7.4.7.1.
             */
            ProtocolVersion clientVersion = context.ClientVersion;

            // TODO Provide as configuration option?
            bool versionNumberCheckDisabled = false;

            /*
             * Generate 48 random bytes we can use as a Pre-Master-Secret, if the
             * PKCS1 padding check should fail.
             */
            byte[] fallback = new byte[48];
            context.SecureRandom.NextBytes(fallback);

            byte[] M = Arrays.Clone(fallback);
            try
            {
                Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine(), fallback);
                encoding.Init(false,
                    new ParametersWithRandom(rsaServerPrivateKey, context.SecureRandom));

                M = encoding.ProcessBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length);
            }
            catch (Exception)
            {
                /*
                 * This should never happen since the decryption should never throw an exception
                 * and return a random value instead.
                 *
                 * In any case, a TLS server MUST NOT generate an alert if processing an
                 * RSA-encrypted premaster secret message fails, or the version number is not as
                 * expected. Instead, it MUST continue the handshake with a randomly generated
                 * premaster secret.
                 */
            }

            /*
             * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST
             * check the version number [..].
             */
            if (versionNumberCheckDisabled && clientVersion.IsEqualOrEarlierVersionOf(ProtocolVersion.TLSv10))
            {
                /*
                 * If the version number is TLS 1.0 or earlier, server
                 * implementations SHOULD check the version number, but MAY have a
                 * configuration option to disable the check.
                 *
                 * So there is nothing to do here.
                 */
            }
            else
            {
                /*
                 * OK, we need to compare the version number in the decrypted Pre-Master-Secret with the
                 * clientVersion received during the handshake. If they don't match, we replace the
                 * decrypted Pre-Master-Secret with a random one.
                 */
                int correct = (clientVersion.MajorVersion ^ (M[0] & 0xff))
                    | (clientVersion.MinorVersion ^ (M[1] & 0xff));
                correct |= correct >> 1;
                correct |= correct >> 2;
                correct |= correct >> 4;
                int mask = ~((correct & 1) - 1);

                /*
                 * mask will be all bits set to 0xff if the version number differed.
                 */
                for (int i = 0; i < 48; i++)
                {
                    M[i] = (byte)((M[i] & (~mask)) | (fallback[i] & mask));
                }
            }
            return M;
        }
		internal string Encrypt(string plainText, string encryptionKey, bool isPrivate)
		{
			RsaKeyParameters key;
			byte[] data = null;
			List<byte> output = new List<byte>();
			string result = null;

			try
			{
				if (isPrivate)
					key = RsaPrivateStringToRsaKey(encryptionKey);
				else
					key = RsaPublicStringToRsaKey(encryptionKey);

				data = StringToByteArray(plainText);

				IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher();
				e.Init(true, key);

				int blockSize = e.GetInputBlockSize();

				if (data != null)
				{
					for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize)
					{
						int chunkSize;

						if (data.Length <= blockSize)
							chunkSize = data.Length; // If we have less data then the blockSize, do it all
						else if ((chunkPosition + blockSize) > data.Length) // Do we have any remainder data
							chunkSize = data.Length - chunkPosition;
						else
							chunkSize = blockSize; // Normal process, chunk to blockSize

						// No more blocks to process
						if (chunkSize <= 0)
							break;

						output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize));
					}

					result = Encoding.ASCII.GetString(Hex.Encode(output.ToArray()));
				}
			}
			catch (Exception)
			{

			}

			return result;
		}
        private void testZeroBlock(ICipherParameters encParameters, ICipherParameters decParameters)
        {
            IAsymmetricBlockCipher eng = new Pkcs1Encoding(new RsaEngine());

            eng.Init(true, encParameters);

            if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize())
            {
                Fail("PKCS1 output block size incorrect");
            }

            byte[] zero = new byte[0];
            byte[] data = null;

            try
            {
                data = eng.ProcessBlock(zero, 0, zero.Length);
            }
            catch (Exception e)
            {
                Fail("failed - exception " + e.ToString(), e);
            }

            eng.Init(false, decParameters);

            try
            {
                data = eng.ProcessBlock(data, 0, data.Length);
            }
            catch (Exception e)
            {
                Fail("failed - exception " + e.ToString(), e);
            }

            if (!Arrays.AreEqual(zero, data))
            {
                Fail("failed PKCS1 zero Test");
            }
        }
Exemple #20
0
 /// <summary>
 /// The encrypt.
 /// </summary>
 /// <param name="data">
 /// The data.
 /// </param>
 /// <param name="pk">
 /// The pk.
 /// </param>
 /// <returns>
 /// The <see cref="string"/>.
 /// </returns>
 private string Encrypt(string data, PublicKey pk)
 {
     byte[] bytes = Encoding.UTF8.GetBytes(data);
     var keyParam = pk.GetPublicKeyParam();
     var engine = new Pkcs1Encoding(new RsaEngine());
     engine.Init(true, keyParam);
     var blockSize = bytes.Length; // engine.GetInputBlockSize();
     byte[] enc = engine.ProcessBlock(bytes, 0, blockSize);
     return Convert.ToBase64String(enc);
 }
		private void checkForPkcs1Exception(RsaKeyParameters pubParameters, RsaKeyParameters privParameters, byte[] inputData, string expectedMessage)
		{
			IAsymmetricBlockCipher eng = new RsaBlindedEngine();

			eng.Init(true, privParameters);

			byte[] data = null;

			try
			{
				data = eng.ProcessBlock(inputData, 0, inputData.Length);
			}
			catch (Exception e)
			{
				Fail("RSA: failed - exception " + e.ToString(), e);
			}

			eng = new Pkcs1Encoding(eng);

			eng.Init(false, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);

				Fail("missing data block not recognised");
			}
			catch (InvalidCipherTextException e)
			{
				if (!e.Message.Equals(expectedMessage))
				{
					Fail("RSA: failed - exception " + e.ToString(), e);
				}
			}
		}
        private void processHandshake()
        {
            bool read;
            do
            {
                read = false;

                /*
                * We need the first 4 bytes, they contain type and length of
                * the message.
                */
                if (handshakeQueue.Available >= 4)
                {
                    byte[] beginning = new byte[4];
                    handshakeQueue.Read(beginning, 0, 4, 0);
                    MemoryStream bis = new MemoryStream(beginning, false);
                    short type = TlsUtilities.ReadUint8(bis);
                    int len = TlsUtilities.ReadUint24(bis);

                    /*
                    * Check if we have enough bytes in the buffer to read
                    * the full message.
                    */
                    if (handshakeQueue.Available >= (len + 4))
                    {
                        /*
                        * Read the message.
                        */
                        byte[] buf = new byte[len];
                        handshakeQueue.Read(buf, 0, len, 4);
                        handshakeQueue.RemoveData(len + 4);

                        /*
                        * If it is not a finished message, update our hashes
                        * we prepare for the finish message.
                        */
                        if (type != HP_FINISHED)
                        {
                            rs.hash1.BlockUpdate(beginning, 0, 4);
                            rs.hash2.BlockUpdate(beginning, 0, 4);
                            rs.hash1.BlockUpdate(buf, 0, len);
                            rs.hash2.BlockUpdate(buf, 0, len);
                        }

                        /*
                        * Now, parse the message.
                        */
                        MemoryStream inStr = new MemoryStream(buf, false);

                        /*
                        * Check the type.
                        */
                        switch (type)
                        {
                            case HP_CERTIFICATE:
                                switch (connection_state)
                                {
                                    case CS_SERVER_HELLO_RECEIVED:
                                        /*
                                        * Parse the certificates.
                                        */
                                        Certificate cert = Certificate.Parse(inStr);
                                        AssertEmpty(inStr);

                                        /*
                                        * Verify them.
                                        */
                                        if (!this.verifyer.IsValid(cert.GetCerts()))
                                        {
                                            this.FailWithError(AL_fatal, AP_user_canceled);
                                        }

                                        /*
                                        * We only support RSA certificates. Lets hope
                                        * this is one.
                                        */
                                        RsaPublicKeyStructure rsaKey = null;
                                        try
                                        {
                                            rsaKey = RsaPublicKeyStructure.GetInstance(
                                                cert.certs[0].TbsCertificate.SubjectPublicKeyInfo.GetPublicKey());
                                        }
                                        catch (Exception)
                                        {
                                            /*
                                            * Sorry, we have to fail ;-(
                                            */
                                            this.FailWithError(AL_fatal, AP_unsupported_certificate);
                                        }

                                        /*
                                        * Parse the servers public RSA key.
                                        */
                                        this.serverRsaKey = new RsaKeyParameters(
                                            false,
                                            rsaKey.Modulus,
                                            rsaKey.PublicExponent);

                                        connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
                                        read = true;
                                        break;
                                    default:
                                        this.FailWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                }
                                break;
                            case HP_FINISHED:
                                switch (connection_state)
                                {
                                    case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
                                        /*
                                        * Read the checksum from the finished message,
                                        * it has always 12 bytes.
                                        */
                                        byte[] receivedChecksum = new byte[12];
                                        TlsUtilities.ReadFully(receivedChecksum, inStr);
                                        AssertEmpty(inStr);

                                        /*
                                        * Calculate our owne checksum.
                                        */
                                        byte[] checksum = new byte[12];
                                        byte[] md5andsha1 = new byte[16 + 20];
                                        rs.hash2.DoFinal(md5andsha1, 0);
                                        TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum);

                                        /*
                                        * Compare both checksums.
                                        */
                                        for (int i = 0; i < receivedChecksum.Length; i++)
                                        {
                                            if (receivedChecksum[i] != checksum[i])
                                            {
                                                /*
                                                * Wrong checksum in the finished message.
                                                */
                                                this.FailWithError(AL_fatal, AP_handshake_failure);
                                            }
                                        }

                                        connection_state = CS_DONE;

                                        /*
                                        * We are now ready to receive application data.
                                        */
                                        this.appDataReady = true;
                                        read = true;
                                        break;
                                    default:
                                        this.FailWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                }
                                break;
                            case HP_SERVER_HELLO:
                                switch (connection_state)
                                {
                                    case CS_CLIENT_HELLO_SEND:
                                        /*
                                        * Read the server hello message
                                        */
                                        TlsUtilities.CheckVersion(inStr, this);

                                        /*
                                        * Read the server random
                                        */
                                        this.serverRandom = new byte[32];
                                        TlsUtilities.ReadFully(this.serverRandom, inStr);

                                        /*
                                        * Currenty, we don't support session ids
                                        */
                                        short sessionIdLength = TlsUtilities.ReadUint8(inStr);
                                        byte[] sessionId = new byte[sessionIdLength];
                                        TlsUtilities.ReadFully(sessionId, inStr);

                                        /*
                                        * Find out which ciphersuite the server has
                                        * choosen. If we don't support this ciphersuite,
                                        * the TlsCipherSuiteManager will throw an
                                        * exception.
                                        */
                                        this.choosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite(
                                            TlsUtilities.ReadUint16(inStr), this);

                                        /*
                                        * We support only the null compression which
                                        * means no compression.
                                        */
                                        short compressionMethod = TlsUtilities.ReadUint8(inStr);
                                        if (compressionMethod != 0)
                                        {
                                            this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
                                        }
                                        AssertEmpty(inStr);

                                        connection_state = CS_SERVER_HELLO_RECEIVED;
                                        read = true;
                                        break;
                                    default:
                                        this.FailWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                }
                                break;
                            case HP_SERVER_HELLO_DONE:
                                switch (connection_state)
                                {
                                    case CS_SERVER_CERTIFICATE_RECEIVED:
                                    case CS_SERVER_KEY_EXCHANGE_RECEIVED:

                                        // NB: Original code used case label fall-through
                                        if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
                                        {
                                            /*
                                            * There was no server key exchange message, check
                                            * that we are doing RSA key exchange.
                                            */
                                            if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
                                            {
                                                this.FailWithError(AL_fatal, AP_unexpected_message);
                                            }
                                        }

                                        AssertEmpty(inStr);
                                        connection_state = CS_SERVER_HELLO_DONE_RECEIVED;

                                        /*
                                        * Send the client key exchange message, depending
                                        * on the key exchange we are using in our
                                        * ciphersuite.
                                        */
                                        short ke = this.choosenCipherSuite.KeyExchangeAlgorithm;

                                        switch (ke)
                                        {
                                            case TlsCipherSuite.KE_RSA:
                                                /*
                                                * We are doing RSA key exchange. We will
                                                * choose a pre master secret and send it
                                                * rsa encrypted to the server.
                                                *
                                                * Prepare pre master secret.
                                                */
                                                pms = new byte[48];
                                                pms[0] = 3;
                                                pms[1] = 1;
                                                random.NextBytes(pms, 2, 46);

                                                /*
                                                * Encode the pms and send it to the server.
                                                *
                                                * Prepare an Pkcs1Encoding with good random
                                                * padding.
                                                */
                                                RsaBlindedEngine rsa = new RsaBlindedEngine();
                                                Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
                                                encoding.Init(true, new ParametersWithRandom(this.serverRsaKey, this.random));
                                                byte[] encrypted = null;
                                                try
                                                {
                                                    encrypted = encoding.ProcessBlock(pms, 0, pms.Length);
                                                }
                                                catch (InvalidCipherTextException)
                                                {
                                                    /*
                                                    * This should never happen, only during decryption.
                                                    */
                                                    this.FailWithError(AL_fatal, AP_internal_error);
                                                }

                                                /*
                                                * Send the encrypted pms.
                                                */
                                                MemoryStream bos = new MemoryStream();
                                                TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, bos);
                                                TlsUtilities.WriteUint24(encrypted.Length + 2, bos);
                                                TlsUtilities.WriteUint16(encrypted.Length, bos);
                                                bos.Write(encrypted, 0, encrypted.Length);
                                                byte[] message = bos.ToArray();

                                                rs.WriteMessage((short)RL_HANDSHAKE, message, 0, message.Length);
                                                break;
                                            case TlsCipherSuite.KE_DHE_RSA:
                                                /*
                                                * Send the Client Key Exchange message for
                                                * DHE key exchange.
                                                */
                                                byte[] YcByte = this.Yc.ToByteArray();
                                                MemoryStream DHbos = new MemoryStream();
                                                TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, DHbos);
                                                TlsUtilities.WriteUint24(YcByte.Length + 2, DHbos);
                                                TlsUtilities.WriteUint16(YcByte.Length, DHbos);
                                                DHbos.Write(YcByte, 0, YcByte.Length);
                                                byte[] DHmessage = DHbos.ToArray();

                                                rs.WriteMessage((short)RL_HANDSHAKE, DHmessage, 0, DHmessage.Length);

                                                break;
                                            default:
                                                /*
                                                * Proble during handshake, we don't know
                                                * how to thandle this key exchange method.
                                                */
                                                this.FailWithError(AL_fatal, AP_unexpected_message);
                                                break;

                                        }

                                        connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;

                                        /*
                                        * Now, we send change cipher state
                                        */
                                        byte[] cmessage = new byte[1];
                                        cmessage[0] = 1;
                                        rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length);

                                        connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;

                                        /*
                                        * Calculate the ms
                                        */
                                        this.ms = new byte[48];
                                        byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length];
                                        Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length);
                                        Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length);
                                        TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms);

                                        /*
                                        * Initialize our cipher suite
                                        */
                                        rs.writeSuite = this.choosenCipherSuite;
                                        rs.writeSuite.Init(this.ms, clientRandom, serverRandom);

                                        /*
                                        * Send our finished message.
                                        */
                                        byte[] checksum = new byte[12];
                                        byte[] md5andsha1 = new byte[16 + 20];
                                        rs.hash1.DoFinal(md5andsha1, 0);
                                        TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum);

                                        MemoryStream bos2 = new MemoryStream();
                                        TlsUtilities.WriteUint8(HP_FINISHED, bos2);
                                        TlsUtilities.WriteUint24(12, bos2);
                                        bos2.Write(checksum, 0, checksum.Length);
                                        byte[] message2 = bos2.ToArray();

                                        rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length);

                                        this.connection_state = CS_CLIENT_FINISHED_SEND;
                                        read = true;
                                        break;
                                    default:
                                        this.FailWithError(AL_fatal, AP_handshake_failure);
                                        break;
                                }
                                break;
                            case HP_SERVER_KEY_EXCHANGE:
                                switch (connection_state)
                                {
                                    case CS_SERVER_CERTIFICATE_RECEIVED:
                                        /*
                                        * Check that we are doing DHE key exchange
                                        */
                                        if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_DHE_RSA)
                                        {
                                            this.FailWithError(AL_fatal, AP_unexpected_message);
                                        }

                                        /*
                                        * Parse the Structure
                                        */
                                        int pLength = TlsUtilities.ReadUint16(inStr);
                                        byte[] pByte = new byte[pLength];
                                        TlsUtilities.ReadFully(pByte, inStr);

                                        int gLength = TlsUtilities.ReadUint16(inStr);
                                        byte[] gByte = new byte[gLength];
                                        TlsUtilities.ReadFully(gByte, inStr);

                                        int YsLength = TlsUtilities.ReadUint16(inStr);
                                        byte[] YsByte = new byte[YsLength];
                                        TlsUtilities.ReadFully(YsByte, inStr);

                                        int sigLength = TlsUtilities.ReadUint16(inStr);
                                        byte[] sigByte = new byte[sigLength];
                                        TlsUtilities.ReadFully(sigByte, inStr);

                                        this.AssertEmpty(inStr);

                                        /*
                                        * Verify the Signature.
                                        *
                                        * First, calculate the hash.
                                        */
                                        CombinedHash sigDigest = new CombinedHash();
                                        MemoryStream signedData = new MemoryStream();
                                        TlsUtilities.WriteUint16(pLength, signedData);
                                        signedData.Write(pByte, 0, pByte.Length);
                                        TlsUtilities.WriteUint16(gLength, signedData);
                                        signedData.Write(gByte, 0, gByte.Length);
                                        TlsUtilities.WriteUint16(YsLength, signedData);
                                        signedData.Write(YsByte, 0, YsByte.Length);
                                        byte[] signed = signedData.ToArray();

                                        sigDigest.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
                                        sigDigest.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);
                                        sigDigest.BlockUpdate(signed, 0, signed.Length);
                                        byte[] hash = new byte[sigDigest.GetDigestSize()];
                                        sigDigest.DoFinal(hash, 0);

                                        /*
                                        * Now, do the RSA operation
                                        */
                                        RsaBlindedEngine rsa = new RsaBlindedEngine();
                                        Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
                                        encoding.Init(false, this.serverRsaKey);

                                        /*
                                        * The data which was signed
                                        */
                                        byte[] sigHash = null;

                                        try
                                        {
                                            sigHash = encoding.ProcessBlock(sigByte, 0, sigByte.Length);
                                        }
                                        catch (InvalidCipherTextException)
                                        {
                                            this.FailWithError(AL_fatal, AP_bad_certificate);
                                        }

                                        /*
                                        * Check if the data which was signed is equal to
                                        * the hash we calculated.
                                        */
                                        if (sigHash.Length != hash.Length)
                                        {
                                            this.FailWithError(AL_fatal, AP_bad_certificate);
                                        }

                                        for (int i = 0; i < sigHash.Length; i++)
                                        {
                                            if (sigHash[i] != hash[i])
                                            {
                                                this.FailWithError(AL_fatal, AP_bad_certificate);
                                            }
                                        }

                                        /*
                                        * OK, Signature was correct.
                                        *
                                        * Do the DH calculation.
                                        */
                                        BigInteger p = new BigInteger(1, pByte);
                                        BigInteger g = new BigInteger(1, gByte);
                                        BigInteger Ys = new BigInteger(1, YsByte);
                                        BigInteger x = new BigInteger(p.BitLength - 1, this.random);
                                        Yc = g.ModPow(x, p);
                                        this.pms = (Ys.ModPow(x, p)).ToByteArray();

                                        /*
                                        * Remove leading zero byte, if present.
                                        */
                                        if (this.pms[0] == 0)
                                        {
                                            byte[] tmp = new byte[this.pms.Length - 1];
                                            Array.Copy(this.pms, 1, tmp, 0, tmp.Length);
                                            this.pms = tmp;
                                        }

                                        this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
                                        read = true;
                                        break;
                                    default:
                                        this.FailWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                }
                                break;
                            case HP_HELLO_REQUEST:
                            case HP_CLIENT_KEY_EXCHANGE:
                            case HP_CERTIFICATE_REQUEST:
                            case HP_CERTIFICATE_VERIFY:
                            case HP_CLIENT_HELLO:
                            default:
                                // We do not support this!
                                this.FailWithError(AL_fatal, AP_unexpected_message);
                                break;

                        }

                    }
                }
            }
            while (read);
        }
Exemple #23
0
		private void processHandshake()
		{
			bool read;
			do
			{
				read = false;

				/*
				* We need the first 4 bytes, they contain type and length of
				* the message.
				*/
				if (handshakeQueue.Available >= 4)
				{
					byte[] beginning = new byte[4];
					handshakeQueue.Read(beginning, 0, 4, 0);
					MemoryStream bis = new MemoryStream(beginning, false);
					short type = TlsUtilities.ReadUint8(bis);
					int len = TlsUtilities.ReadUint24(bis);

					/*
					* Check if we have enough bytes in the buffer to read
					* the full message.
					*/
					if (handshakeQueue.Available >= (len + 4))
					{
						/*
						* Read the message.
						*/
						byte[] buf = new byte[len];
						handshakeQueue.Read(buf, 0, len, 4);
						handshakeQueue.RemoveData(len + 4);

						/*
						* If it is not a finished message, update our hashes
						* we prepare for the finish message.
						*/
						if (type != HP_FINISHED)
						{
							rs.hash1.BlockUpdate(beginning, 0, 4);
							rs.hash2.BlockUpdate(beginning, 0, 4);
							rs.hash1.BlockUpdate(buf, 0, len);
							rs.hash2.BlockUpdate(buf, 0, len);
						}

						/*
						* Now, parse the message.
						*/
						MemoryStream inStr = new MemoryStream(buf, false);

						/*
						* Check the type.
						*/
						switch (type)
						{
							case HP_CERTIFICATE:
							{
								switch (connection_state)
								{
									case CS_SERVER_HELLO_RECEIVED:
									{
										/*
										* Parse the certificates.
										*/
										Certificate cert = Certificate.Parse(inStr);
										AssertEmpty(inStr);

										X509CertificateStructure x509Cert = cert.certs[0];
										SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;

										try
										{
											this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
										}
										catch (Exception)
										{
											this.FailWithError(AL_fatal, AP_unsupported_certificate);
										}

										// Sanity check the PublicKeyFactory
										if (this.serverPublicKey.IsPrivate)
										{
											this.FailWithError(AL_fatal, AP_internal_error);
										}

										/*
										* Perform various checks per RFC2246 7.4.2
										* TODO "Unless otherwise specified, the signing algorithm for the certificate
										* must be the same as the algorithm for the certificate key."
										*/
										switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
										{
											case TlsCipherSuite.KE_RSA:
												if (!(this.serverPublicKey is RsaKeyParameters))
												{
													this.FailWithError(AL_fatal, AP_certificate_unknown);
												}
												validateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
												break;
											case TlsCipherSuite.KE_DHE_RSA:
											case TlsCipherSuite.KE_SRP_RSA:
												if (!(this.serverPublicKey is RsaKeyParameters))
												{
													this.FailWithError(AL_fatal, AP_certificate_unknown);
												}
												validateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
												break;
											case TlsCipherSuite.KE_DHE_DSS:
											case TlsCipherSuite.KE_SRP_DSS:
												if (!(this.serverPublicKey is DsaPublicKeyParameters))
												{
													this.FailWithError(AL_fatal, AP_certificate_unknown);
												}
												break;
											default:
												this.FailWithError(AL_fatal, AP_unsupported_certificate);
												break;
										}

										/*
										* Verify them.
										*/
										if (!this.verifyer.IsValid(cert.GetCerts()))
										{
											this.FailWithError(AL_fatal, AP_user_canceled);
										}

										break;
									}
									default:
										this.FailWithError(AL_fatal, AP_unexpected_message);
										break;
								}

								connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
								read = true;
								break;
							}
							case HP_FINISHED:
								switch (connection_state)
								{
									case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
										/*
										* Read the checksum from the finished message,
										* it has always 12 bytes.
										*/
										byte[] receivedChecksum = new byte[12];
										TlsUtilities.ReadFully(receivedChecksum, inStr);
										AssertEmpty(inStr);

										/*
										* Calculate our own checksum.
										*/
										byte[] checksum = new byte[12];
										byte[] md5andsha1 = new byte[16 + 20];
										rs.hash2.DoFinal(md5andsha1, 0);
										TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum);

										/*
										* Compare both checksums.
										*/
										for (int i = 0; i < receivedChecksum.Length; i++)
										{
											if (receivedChecksum[i] != checksum[i])
											{
												/*
												* Wrong checksum in the finished message.
												*/
												this.FailWithError(AL_fatal, AP_handshake_failure);
											}
										}

										connection_state = CS_DONE;

										/*
										* We are now ready to receive application data.
										*/
										this.appDataReady = true;
										read = true;
										break;
									default:
										this.FailWithError(AL_fatal, AP_unexpected_message);
										break;
								}
								break;
							case HP_SERVER_HELLO:
								switch (connection_state)
								{
									case CS_CLIENT_HELLO_SEND:
										/*
										* Read the server hello message
										*/
										TlsUtilities.CheckVersion(inStr, this);

										/*
										* Read the server random
										*/
										this.serverRandom = new byte[32];
										TlsUtilities.ReadFully(this.serverRandom, inStr);

										/*
										* Currently, we don't support session ids
										*/
										byte[] sessionId = TlsUtilities.ReadOpaque8(inStr);

										/*
										* Find out which ciphersuite the server has
										* chosen. If we don't support this ciphersuite,
										* the TlsCipherSuiteManager will throw an
										* exception.
										*/
										this.chosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite(
											TlsUtilities.ReadUint16(inStr), this);

										/*
										* We support only the null compression which
										* means no compression.
										*/
										short compressionMethod = TlsUtilities.ReadUint8(inStr);
										if (compressionMethod != 0)
										{
											this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
										}

	                                    /*
	                                     * RFC4366 2.2
	                                     * The extended server hello message format MAY be sent
	                                     * in place of the server hello message when the client
	                                     * has requested extended functionality via the extended
	                                     * client hello message specified in Section 2.1.
	                                     */
	                                    if (extendedClientHello && inStr.Position < inStr.Length)
	                                    {
	                                        // Process extensions from extended server hello
	                                        byte[] extBytes = TlsUtilities.ReadOpaque16(inStr);
	
	                                        // Int32 -> byte[]
	                                        Hashtable serverExtensions = new Hashtable();

	                                        MemoryStream ext = new MemoryStream(extBytes, false);
	                                        while (ext.Position < ext.Length)
	                                        {
	                                            int extType = TlsUtilities.ReadUint16(ext);
	                                            byte[] extValue = TlsUtilities.ReadOpaque16(ext);

	                                            serverExtensions[extType] = extValue;
	                                        }

	                                        // TODO Validate/process serverExtensions (via client?)
	                                        // TODO[SRP]
	                                    }

										/*
										* Process any extensions
										*/
										// TODO[SRP]
//										if (inStr.Position < inStr.Length)
//										{
//											int extensionsLength = TlsUtilities.ReadUint16(inStr);
//											byte[] extensions = new byte[extensionsLength];
//											TlsUtilities.ReadFully(extensions, inStr);
//
//											// TODO Validate/process
//										}

										AssertEmpty(inStr);

										connection_state = CS_SERVER_HELLO_RECEIVED;
										read = true;
										break;
									default:
										this.FailWithError(AL_fatal, AP_unexpected_message);
										break;
								}
								break;
							case HP_SERVER_HELLO_DONE:
								switch (connection_state)
								{
									case CS_SERVER_CERTIFICATE_RECEIVED:
									case CS_SERVER_KEY_EXCHANGE_RECEIVED:
									case CS_CERTIFICATE_REQUEST_RECEIVED:

										// NB: Original code used case label fall-through
										if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
										{
											/*
											* There was no server key exchange message, check
											* that we are doing RSA key exchange.
											*/
											if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
											{
												this.FailWithError(AL_fatal, AP_unexpected_message);
											}
										}

										AssertEmpty(inStr);
										bool isCertReq = (connection_state == CS_CERTIFICATE_REQUEST_RECEIVED);
										connection_state = CS_SERVER_HELLO_DONE_RECEIVED;

										if (isCertReq)
										{
											sendClientCertificate();
										}

										/*
										* Send the client key exchange message, depending
										* on the key exchange we are using in our
										* ciphersuite.
										*/
										switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
										{
											case TlsCipherSuite.KE_RSA:
											{
												/*
												* We are doing RSA key exchange. We will
												* choose a pre master secret and send it
												* rsa encrypted to the server.
												*
												* Prepare pre master secret.
												*/
												pms = new byte[48];
												pms[0] = 3;
												pms[1] = 1;
												random.NextBytes(pms, 2, 46);

												/*
												* Encode the pms and send it to the server.
												*
												* Prepare an Pkcs1Encoding with good random
												* padding.
												*/
												RsaBlindedEngine rsa = new RsaBlindedEngine();
												Pkcs1Encoding encoding = new Pkcs1Encoding(rsa);
												encoding.Init(true, new ParametersWithRandom(this.serverPublicKey, this.random));
												byte[] encrypted = null;
												try
												{
													encrypted = encoding.ProcessBlock(pms, 0, pms.Length);
												}
												catch (InvalidCipherTextException)
												{
													/*
													* This should never happen, only during decryption.
													*/
													this.FailWithError(AL_fatal, AP_internal_error);
												}

												/*
												* Send the encrypted pms.
												*/
												sendClientKeyExchange(encrypted);
												break;
											}
											case TlsCipherSuite.KE_DHE_DSS:
											case TlsCipherSuite.KE_DHE_RSA:
											{
												/*
												* Send the Client Key Exchange message for
												* DHE key exchange.
												*/
												byte[] YcByte = BigIntegers.AsUnsignedByteArray(this.Yc);

												sendClientKeyExchange(YcByte);

												break;
											}
											case TlsCipherSuite.KE_SRP:
											case TlsCipherSuite.KE_SRP_RSA:
											case TlsCipherSuite.KE_SRP_DSS:
											{
												/*
												* Send the Client Key Exchange message for
												* SRP key exchange.
												*/
												byte[] bytes = BigIntegers.AsUnsignedByteArray(this.SRP_A);

												sendClientKeyExchange(bytes);

												break;
											}
											default:
												/*
												* Problem during handshake, we don't know
												* how to handle this key exchange method.
												*/
												this.FailWithError(AL_fatal, AP_unexpected_message);
												break;

										}

										connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;

										/*
										* Now, we send change cipher state
										*/
										byte[] cmessage = new byte[1];
										cmessage[0] = 1;
										rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length);

										connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;

										/*
										* Calculate the ms
										*/
										this.ms = new byte[48];
										byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length];
										Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length);
										Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length);
										TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms);

										/*
										* Initialize our cipher suite
										*/
										rs.writeSuite = this.chosenCipherSuite;
										rs.writeSuite.Init(this.ms, clientRandom, serverRandom);

										/*
										* Send our finished message.
										*/
										byte[] checksum = new byte[12];
										byte[] md5andsha1 = new byte[16 + 20];
										rs.hash1.DoFinal(md5andsha1, 0);
										TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum);

										MemoryStream bos2 = new MemoryStream();
										TlsUtilities.WriteUint8(HP_FINISHED, bos2);
										TlsUtilities.WriteUint24(12, bos2);
										bos2.Write(checksum, 0, checksum.Length);
										byte[] message2 = bos2.ToArray();

										rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length);

										this.connection_state = CS_CLIENT_FINISHED_SEND;
										read = true;
										break;
									default:
										this.FailWithError(AL_fatal, AP_handshake_failure);
										break;
								}
								break;
							case HP_SERVER_KEY_EXCHANGE:
							{
								switch (connection_state)
								{
									case CS_SERVER_HELLO_RECEIVED:
									case CS_SERVER_CERTIFICATE_RECEIVED:
									{
										// NB: Original code used case label fall-through
										if (connection_state == CS_SERVER_HELLO_RECEIVED)
										{
											/*
											* There was no server certificate message, check
											* that we are doing SRP key exchange.
											*/
											if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_SRP)
											{
												this.FailWithError(AL_fatal, AP_unexpected_message);
											}
										}

										/*
										* Check that we are doing DHE key exchange
										*/
										switch (this.chosenCipherSuite.KeyExchangeAlgorithm)
										{
											case TlsCipherSuite.KE_DHE_RSA:
											{
												processDHEKeyExchange(inStr, new TlsRsaSigner());
												break;
											}
											case TlsCipherSuite.KE_DHE_DSS:
											{
												processDHEKeyExchange(inStr, new TlsDssSigner());
												break;
											}
											case TlsCipherSuite.KE_SRP:
											{
												processSRPKeyExchange(inStr, null);
												break;
											}
											case TlsCipherSuite.KE_SRP_RSA:
											{
												processSRPKeyExchange(inStr, new TlsRsaSigner());
												break;
											}
											case TlsCipherSuite.KE_SRP_DSS:
											{
												processSRPKeyExchange(inStr, new TlsDssSigner());
												break;
											}
											default:
												this.FailWithError(AL_fatal, AP_unexpected_message);
												break;
										}
										break;
									}
									default:
										this.FailWithError(AL_fatal, AP_unexpected_message);
										break;
								}

								this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
								read = true;
								break;
							}
							case HP_CERTIFICATE_REQUEST:
								switch (connection_state)
								{
									case CS_SERVER_CERTIFICATE_RECEIVED:
									case CS_SERVER_KEY_EXCHANGE_RECEIVED:
									{
										// NB: Original code used case label fall-through
										if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED)
										{
											/*
											* There was no server key exchange message, check
											* that we are doing RSA key exchange.
											*/
											if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA)
											{
												this.FailWithError(AL_fatal, AP_unexpected_message);
											}
										}

										byte[] types = TlsUtilities.ReadOpaque8(inStr);
										byte[] auths = TlsUtilities.ReadOpaque8(inStr);

										// TODO Validate/process

										AssertEmpty(inStr);
										break;
									}
									default:
										this.FailWithError(AL_fatal, AP_unexpected_message);
										break;
								}

								this.connection_state = CS_CERTIFICATE_REQUEST_RECEIVED;
								read = true;
								break;
							case HP_HELLO_REQUEST:
							case HP_CLIENT_KEY_EXCHANGE:
							case HP_CERTIFICATE_VERIFY:
							case HP_CLIENT_HELLO:
							default:
								// We do not support this!
								this.FailWithError(AL_fatal, AP_unexpected_message);
								break;
						}
					}
				}
			}
			while (read);
		}
Exemple #24
0
        /// <summary>
        /// Answers the message.
        /// </summary>
        /// <param name='messageStream'>Message stream.</param>
        /// <param name="process">The calling process or <c>null</c> if the process
        /// could not be obtained.</param>
        /// <remarks>code based on winpgnt.c from PuTTY source code</remarks>
        public void AnswerMessage(Stream messageStream, Process process = null)
        {
            if (messageStream.CanTimeout) {
            messageStream.ReadTimeout = 5000;
              }
              var messageParser = new BlobParser(messageStream);
              var responseBuilder = new BlobBuilder();
              BlobHeader header;
              try {
            header = messageParser.ReadHeader();

            if (MessageReceived != null) {
              var eventArgs = new MessageReceivedEventArgs(header);
              MessageReceived(this, eventArgs);
              if (eventArgs.Fail) {
            throw new Exception ();
              }
            }
              } catch (Exception) {
            header = new BlobHeader();
            header.Message = Message.UNKNOWN;
            // this will cause the switch statement below to use the default case
            // which returns an error to the stream.
              }

              switch (header.Message) {
            case Message.SSH1_AGENTC_REQUEST_RSA_IDENTITIES:
              /*
               * Reply with SSH1_AGENT_RSA_IDENTITIES_ANSWER.
               */
              try {
            if (header.BlobLength > 1) {
              // ruby net-ssh tries to send a SSH2_AGENT_REQUEST_VERSION message
              // which has the same id number as SSH1_AGENTC_REQUEST_RSA_IDENTITIES
              // with a string tacked on. We need to read the string from the
              // stream, but it is not used for anything.
              messageParser.ReadString ();
            }
            var keyList = ListKeys(SshVersion.SSH1);
            if (FilterKeyListCallback != null) {
              keyList = FilterKeyListCallback(keyList);
            }
            foreach (SshKey key in keyList) {
              responseBuilder.AddBytes(key.GetPublicKeyBlob());
              responseBuilder.AddStringBlob(key.Comment);
            }
            responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_IDENTITIES_ANSWER,
              keyList.Count);
            // TODO may want to check that there is enough room in the message stream
            break; // succeeded
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failed

            case Message.SSH2_AGENTC_REQUEST_IDENTITIES:
              /*
               * Reply with SSH2_AGENT_IDENTITIES_ANSWER.
               */
              try {
            var keyList = ListKeys(SshVersion.SSH2);
            if (FilterKeyListCallback != null) {
              keyList = FilterKeyListCallback(keyList);
            }
            foreach (SshKey key in keyList) {
              responseBuilder.AddBlob(key.GetPublicKeyBlob());
              responseBuilder.AddStringBlob(key.Comment);
            }
            responseBuilder.InsertHeader(Message.SSH2_AGENT_IDENTITIES_ANSWER,
              keyList.Count);
            // TODO may want to check that there is enough room in the message stream
            break; // succeeded
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failed

            case Message.SSH1_AGENTC_RSA_CHALLENGE:
              /*
               * Reply with either SSH1_AGENT_RSA_RESPONSE or
               * SSH_AGENT_FAILURE, depending on whether we have that key
               * or not.
               */

              try {
            //Reading publicKey information
            var publicKeyParams = messageParser.ReadSsh1PublicKeyData(true);

            //Searching for Key here
            var matchingKey = mKeyList.Where(key => key.Version == SshVersion.SSH1
                && (key.GetPublicKeyParameters().Equals(publicKeyParams))).Single();

            //Reading challenge
            var encryptedChallenge = messageParser.ReadSsh1BigIntBlob();
            var sessionId = messageParser.ReadBytes(16);

            //Checking responseType field
            if (messageParser.ReadInt() != 1) {
              goto default; //responseType !=1  is not longer supported
            }

            //Answering to the challenge
            var engine = new Pkcs1Encoding(new RsaEngine());
            engine.Init(false /* decrypt */, matchingKey.GetPrivateKeyParameters());

            var decryptedChallenge = engine.ProcessBlock(encryptedChallenge,
                0, encryptedChallenge.Length);

            using (MD5 md5 = MD5.Create()) {
              var md5Buffer = new byte[48];
              decryptedChallenge.CopyTo(md5Buffer, 0);
              sessionId.CopyTo(md5Buffer, 32);

              responseBuilder.AddBytes(md5.ComputeHash(md5Buffer));
              responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_RESPONSE);
              break;
            }
              } catch (InvalidOperationException) {
            // this is expected if there is not a matching key
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }

              goto default; // failed

            case Message.SSH2_AGENTC_SIGN_REQUEST:
              /*
               * Reply with either SSH2_AGENT_SIGN_RESPONSE or SSH_AGENT_FAILURE,
               * depending on whether we have that key or not.
               */
              try {
            var keyBlob = messageParser.ReadBlob();
            var reqData = messageParser.ReadBlob();
            var flags = new SignRequestFlags();
            try {
              // usually, there are no flags, so parser will throw
              flags = (SignRequestFlags)messageParser.ReadInt();
            } catch { }

            var matchingKey =
              mKeyList.Where(key => key.Version == SshVersion.SSH2 &&
              key.GetPublicKeyBlob().SequenceEqual(keyBlob)).First();
            var confirmConstraints = matchingKey.Constraints
              .Where(constraint => constraint.Type ==
                KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
            if (confirmConstraints.Count() > 0) {
              if (!ConfirmUserPermissionCallback.Invoke(matchingKey, process)) {
                goto default;
              }
            }

            /* create signature */
            var signKey = matchingKey;
            var signer = signKey.GetSigner();
            var algName = signKey.Algorithm.GetIdentifierString();
            signer.Init(true, signKey.GetPrivateKeyParameters());
            signer.BlockUpdate(reqData, 0, reqData.Length);
            byte[] signature = signer.GenerateSignature();
            signature = signKey.FormatSignature(signature);
            BlobBuilder signatureBuilder = new BlobBuilder();
            if (!flags.HasFlag(SignRequestFlags.SSH_AGENT_OLD_SIGNATURE)) {
              signatureBuilder.AddStringBlob(algName);
            }
            signatureBuilder.AddBlob(signature);
            responseBuilder.AddBlob(signatureBuilder.GetBlob());
            responseBuilder.InsertHeader(Message.SSH2_AGENT_SIGN_RESPONSE);
            try {
              KeyUsed(this, new KeyUsedEventArgs(signKey, process));
            } catch { }
            break; // succeeded
              } catch (InvalidOperationException) {
            // this is expected if there is not a matching key
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failure

            case Message.SSH1_AGENTC_ADD_RSA_IDENTITY:
            case Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED:
              /*
               * Add to the list and return SSH_AGENT_SUCCESS, or
               * SSH_AGENT_FAILURE if the key was malformed.
               */

              if (IsLocked) {
            goto default;
              }

              bool ssh1constrained = (header.Message == Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);

              try {
            var publicKeyParams = messageParser.ReadSsh1PublicKeyData(false);
            var keyPair = messageParser.ReadSsh1KeyData(publicKeyParams);

            SshKey key = new SshKey(SshVersion.SSH1, keyPair);
            key.Comment = messageParser.ReadString();
            key.Source = "External client";

            if (ssh1constrained) {
              while (messageStream.Position < header.BlobLength + 4) {
                KeyConstraint constraint = new KeyConstraint();
                constraint.Type = (KeyConstraintType)messageParser.ReadByte();
                if (constraint.Type ==
                  KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME) {
                  constraint.Data = messageParser.ReadInt();
                }
                key.AddConstraint(constraint);
              }
            }
            AddKey(key);
            responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
            break;

              } catch (CallbackNullException) {
            // this is expected
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }

              goto default; // failed

            case Message.SSH2_AGENTC_ADD_IDENTITY:
            case Message.SSH2_AGENTC_ADD_ID_CONSTRAINED:
              /*
               * Add to the list and return SSH_AGENT_SUCCESS, or
               * SSH_AGENT_FAILURE if the key was malformed.
               */

              if (IsLocked) {
            goto default;
              }

              bool constrained = (header.Message ==
              Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);

              try {
            var publicKeyParams = messageParser.ReadSsh2PublicKeyData();
            var keyPair = messageParser.ReadSsh2KeyData(publicKeyParams);
            SshKey key = new SshKey(SshVersion.SSH2, keyPair);
            key.Comment = messageParser.ReadString();
            key.Source = "External client";

            if (constrained) {
              while (messageStream.Position < header.BlobLength + 4) {
                KeyConstraint constraint = new KeyConstraint();
                constraint.Type =
                  (KeyConstraintType)messageParser.ReadByte();
                if (constraint.Type ==
                  KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME) {
                  constraint.Data = messageParser.ReadInt();
                }
                key.AddConstraint(constraint);
              }
            }
            AddKey(key);
            responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
            break; // success!
              } catch (CallbackNullException) {
            // this is expected
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failed

            case Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY:
            case Message.SSH2_AGENTC_REMOVE_IDENTITY:
              /*
               * Remove from the list and return SSH_AGENT_SUCCESS, or
               * perhaps SSH_AGENT_FAILURE if it wasn't in the list to
               * start with.
               */

              if (IsLocked) {
            goto default;
              }

              SshVersion removeVersion;
              byte[] rKeyBlob;
              if (header.Message == Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY) {
            removeVersion = SshVersion.SSH1;
            rKeyBlob = messageParser.ReadBytes(header.BlobLength - 1);
              } else if (header.Message == Message.SSH2_AGENTC_REMOVE_IDENTITY) {
            removeVersion = SshVersion.SSH2;
            rKeyBlob = messageParser.ReadBlob();
              } else {
            Debug.Fail("Should not get here.");
            goto default;
              }

              try {
            var matchingKey = mKeyList.Get(removeVersion, rKeyBlob);
            var startKeyListLength = mKeyList.Count;
            RemoveKey(matchingKey);
            // only succeed if key was removed
            if (mKeyList.Count == startKeyListLength - 1) {
              responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
              break; //success!
            }
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failed

            case Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
            case Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
              /*
               * Remove all SSH-1 or SSH-2 keys.
               */

              if (IsLocked) {
            goto default;
              }

              SshVersion removeAllVersion;
              if (header.Message == Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES) {
            removeAllVersion = SshVersion.SSH1;
              } else if (header.Message == Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES) {
            removeAllVersion = SshVersion.SSH2;
              } else {
            Debug.Fail("Should not get here.");
            goto default;
              }

              try {
            RemoveAllKeys(removeAllVersion);
            responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
            break; //success!
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default; // failed

            case Message.SSH_AGENTC_LOCK:
              try {
            var passphrase = new PinnedArray<byte>(messageParser.ReadBlob());
            try {
              Lock(passphrase.Data);
            } finally {
              passphrase.Clear();
            }
            if (IsLocked) {
              responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
              break;
            }
              } catch (AgentLockedException) {
            // This is expected
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default;

            case Message.SSH_AGENTC_UNLOCK:
              try {
            var passphrase = new PinnedArray<byte>(messageParser.ReadBlob());
            try {
              Unlock(passphrase.Data);
            } finally {
              passphrase.Clear();
            }
            if (!IsLocked) {
              responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
              break;
            }
              } catch (AgentLockedException) {
            // This is expected
              } catch (PassphraseException) {
            // This is expected
              } catch (Exception ex) {
            Debug.Fail(ex.ToString());
              }
              goto default;

            default:
              responseBuilder.Clear();
              responseBuilder.InsertHeader(Message.SSH_AGENT_FAILURE);
              break;
              }
              /* write response to stream */
              if (messageStream.CanSeek)
            messageStream.Position = 0;
              messageStream.Write(responseBuilder.GetBlob(), 0, responseBuilder.Length);
              messageStream.Flush();
        }
Exemple #25
0
        /// <summary>
        /// Server side encryption
        /// </summary>
        public CryptoMC(Stream baseStream, EncryptionResponse resp)
        {
            this.BaseStream = baseStream;

            Pkcs1Encoding padding = new Pkcs1Encoding(new RsaEngine());
            padding.Init(false, keyParameters);
            SharedKey = padding.ProcessBlock(resp.SharedKey, 0, resp.SharedKey.Length);

            InitCiphers();
        }
        //PrivateKey priv, PublicKey pub)
        // TODO Move this when other JCE tests are ported from Java
        /**
         * signature with a "forged signature" (sig block not at end of plain text)
         */
        private void doTestBadSig()
        {
            //			Signature           sig = Signature.getInstance("SHA1WithRSAEncryption", "BC");
            ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
            //			KeyPairGenerator    fact;
            //			KeyPair             keyPair;
            //			byte[]              data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };

            //			fact = KeyPairGenerator.getInstance("RSA", "BC");
            RsaKeyPairGenerator fact = new RsaKeyPairGenerator();

            //			fact.initialize(768, new SecureRandom());
            RsaKeyGenerationParameters factParams = new RsaKeyGenerationParameters(
            //				BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);
                BigInteger.ValueOf(3), new SecureRandom(), 768, 25);
            fact.Init(factParams);

            //			keyPair = fact.generateKeyPair();
            //
            //			PrivateKey  signingKey = keyPair.getPrivate();
            //			PublicKey   verifyKey = keyPair.getPublic();
            IAsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair();

            IAsymmetricKeyParameter priv = keyPair.Private;
            IAsymmetricKeyParameter pub = keyPair.Public;

            //			testBadSig(signingKey, verifyKey);

            //			MessageDigest sha1 = MessageDigest.getInstance("SHA1", "BC");
            IDigest sha1 = DigestUtilities.GetDigest("SHA1");

            //			Cipher signer = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            //			IBufferedCipher signer = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding");
            IAsymmetricBlockCipher signer = new Pkcs1Encoding(new RsaEngine());

            //			signer.init(Cipher.ENCRYPT_MODE, priv);
            signer.Init(true, priv);

            //			byte[] block = new byte[signer.getBlockSize()];
            //			byte[] block = new byte[signer.GetBlockSize()];
            byte[] block = new byte[signer.GetInputBlockSize()];

            //			sha1.update((byte)0);
            sha1.Update(0);

            //			byte[] sigHeader = Hex.decode("3021300906052b0e03021a05000414");
            byte[] sigHeader = Hex.Decode("3021300906052b0e03021a05000414");
            //			System.arraycopy(sigHeader, 0, block, 0, sigHeader.length);
            Array.Copy(sigHeader, 0, block, 0, sigHeader.Length);

            //			sha1.digest(block, sigHeader.length, sha1.getDigestLength());
            sha1.DoFinal(block, sigHeader.Length);

            //			System.arraycopy(sigHeader, 0, block,
            //				sigHeader.length + sha1.getDigestLength(), sigHeader.length);
            Array.Copy(sigHeader, 0, block,
                sigHeader.Length + sha1.GetDigestSize(), sigHeader.Length);

            //			byte[] sigBytes = signer.doFinal(block);
            byte[] sigBytes = signer.ProcessBlock(block, 0, block.Length);

            //			Signature verifier = Signature.getInstance("SHA1WithRSA", "BC");
            ISigner verifier = SignerUtilities.GetSigner("SHA1WithRSA");

            //			verifier.initVerify(pub);
            verifier.Init(false, pub);

            //			verifier.update((byte)0);
            verifier.Update(0);

            //			if (verifier.verify(sig))
            if (verifier.VerifySignature(sigBytes))
            {
            //				fail("bad signature passed");
                Fail("bad signature passed");
            }
        }
		public override void PerformTest()
		{
			RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
			RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
			byte[] data = Hex.Decode(edgeInput);

			//
			// RAW
			//
			IAsymmetricBlockCipher eng = new RsaBlindedEngine();

			eng.Init(true, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("RSA: failed - exception " + e.ToString(), e);
			}

			eng.Init(false, privParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!edgeInput.Equals(Hex.ToHexString(data)))
			{
				Fail("failed RAW edge Test");
			}

			data = Hex.Decode(input);

			eng.Init(true, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			eng.Init(false, privParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!input.Equals(Hex.ToHexString(data)))
			{
				Fail("failed RAW Test");
			}

			//
			// PKCS1 - public encrypt, private decrypt
			//
			eng = new Pkcs1Encoding(eng);

			eng.Init(true, pubParameters);

			if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize())
			{
				Fail("PKCS1 output block size incorrect");
			}

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			eng.Init(false, privParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!input.Equals(Hex.ToHexString(data)))
			{
				Fail("failed PKCS1 public/private Test");
			}

			//
			// PKCS1 - private encrypt, public decrypt
			//
			eng = new Pkcs1Encoding(((Pkcs1Encoding)eng).GetUnderlyingCipher());

			eng.Init(true, privParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			eng.Init(false, pubParameters);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!input.Equals(Hex.ToHexString(data)))
			{
				Fail("failed PKCS1 private/public Test");
			}

			//
			// key generation test
			//
			RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
			RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters(
				BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25);

			pGen.Init(genParam);

			AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();

			eng = new RsaBlindedEngine();

			if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 768)
			{
				Fail("failed key generation (768) length test");
			}

			eng.Init(true, pair.Public);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			eng.Init(false, pair.Private);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!input.Equals(Hex.ToHexString(data)))
			{
				Fail("failed key generation (768) Test");
			}

			genParam = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x11), new SecureRandom(), 1024, 25);

			pGen.Init(genParam);
			pair = pGen.GenerateKeyPair();

			eng.Init(true, pair.Public);

			if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 1024)
			{
				Fail("failed key generation (1024) length test");
			}

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			eng.Init(false, pair.Private);

			try
			{
				data = eng.ProcessBlock(data, 0, data.Length);
			}
			catch (Exception e)
			{
				Fail("failed - exception " + e.ToString(), e);
			}

			if (!input.Equals(Hex.ToHexString(data)))
			{
				Fail("failed key generation (1024) test");
			}

			doTestOaep(pubParameters, privParameters);
			doTestStrictPkcs1Length(pubParameters, privParameters);
			doTestDudPkcs1Block(pubParameters, privParameters);
			doTestMissingDataPkcs1Block(pubParameters, privParameters);
			doTestTruncatedPkcs1Block(pubParameters, privParameters);
			doTestWrongPaddingPkcs1Block(pubParameters, privParameters);

			try
			{
				new RsaBlindedEngine().ProcessBlock(new byte[]{ 1 }, 0, 1);
				Fail("failed initialisation check");
			}
			catch (InvalidOperationException)
			{
				// expected
			}
		}
        private static void ReadFromRawKey(string rawKey)
        {
            Reset();

            var encryptedKey = Convert.FromBase64String(Regex.Replace(rawKey, "-+.*?-+", "").Replace("\r", "").Replace("\n", ""));
            var cipher = new Pkcs1Encoding(new RsaEngine());

            cipher.Init(false, CreateCipherParameters());

            var decryptedKey = cipher.ProcessBlock(encryptedKey, 0, encryptedKey.Length);
            var licenseInfo = Encoding.UTF8.GetString(decryptedKey).Split('\n');

            Product = licenseInfo[0];
            Version = licenseInfo[1];
            Date = string.Format("20{0}-{1}-{2}", licenseInfo[2].Substring(0, 2), licenseInfo[2].Substring(2, 2), licenseInfo[2].Substring(4, 2));
            Id = licenseInfo[3];
            Licensee = licenseInfo[4];

            Validate();

            Properties.Settings.Default.LicenseKey = IsValid() ? rawKey : "";
        }
Exemple #29
0
        /// <summary>
        /// Client side encryption
        /// </summary>
        public CryptoMC(Stream baseStream, EncryptionRequest req)
        {
            this.BaseStream = baseStream;
            RijndaelManaged rm = new RijndaelManaged();
            rm.KeySize = 128;
            rm.GenerateKey();
            SharedKey = rm.Key;
            InitCiphers();

            //Encrypt shared key using public key in req
            AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(req.PublicKey);
            RsaKeyParameters key = (RsaKeyParameters)asymmetricKeyParameter;
            //SubjectPublicKeyInfo s = new SubjectPublicKeyInfo(AlgorithmIdentifier.Der, req.PublicKey);
            //RsaKeyParameters key = (RsaKeyParameters)PublicKeyFactory.CreateKey(s);

            Pkcs1Encoding padding = new Pkcs1Encoding(new RsaEngine());
            padding.Init(true, key);
            SharedKeyEncrypted = padding.ProcessBlock(SharedKey, 0, SharedKey.Length);

            Pkcs1Encoding padding2 = new Pkcs1Encoding(new RsaEngine());
            padding2.Init(true, keyParameters);
            TestEncrypted = padding.ProcessBlock(req.VerifyToken, 0, req.VerifyToken.Length);

        }
Exemple #30
-1
        private string EncryptDESKey()
        {
            var pemReader = new PemReader(_clientKeys.AbenityPublicKeyFileStream);
            var key = (AsymmetricKeyParameter)pemReader.ReadObject();

            var engine = new Pkcs1Encoding(new RsaEngine());
            engine.Init(true, key);

            var data = engine.ProcessBlock(_desKey, 0, _desKey.Length);

            return Utility.UrlEncode(Utility.Base64String(data)) + "decode";
        }