/// <summary> /// Create a PSK version of a TLS Key Pair /// </summary> /// <param name="sharedSecret">PSK value</param> public TlsKeyPair(OneKey sharedSecret) { this.PrivateKey = sharedSecret ?? throw new ArgumentNullException(nameof(sharedSecret)); if (!sharedSecret.HasKeyType((int)GeneralValuesInt.KeyType_Octet)) { throw new ArgumentException("Not a shared secret key"); } CertType = 0; }
protected TlsSignerCredentials GetECDsaSignerCredentials() { #if SUPPORT_RPK if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey) { OneKey k = _tlsKeyPair.PublicKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif #if SUPPORT_TLS_CWT if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey) { OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) { if (certificateRequest.CertificateTypes == null || !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign)) { return(null); } #if SUPPORT_RPK if (_rawPublicKey != null) { OneKey k = _rawPublicKey; if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } /* * byte[] certificateTypes = certificateRequest.CertificateTypes; * if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign)) * return null; * * return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms, * SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem"); */ #endif // If we did not fine appropriate signer credientials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) { if (certificateRequest.CertificateTypes == null || !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign)) { return(null); } if (TlsKey != null) { if (TlsKey.CertType == CertificateType.X509) { return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } #if SUPPORT_RPK else if (TlsKey.CertType == CertificateType.RawPublicKey) { OneKey k = TlsKey.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { X9ECParameters p = k.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters); ECPoint point = k.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif #if SUPPORT_TLS_CWT else if (TlsKey.CertType == CertificateType.CwtPublicKey) { OneKey k = TlsKey.PublicCwt.Cnf.Key; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey(); return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } #endif } // If we did not fine appropriate signer credentials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
protected override TlsSignerCredentials GetECDsaSignerCredentials() { byte[] certTypes; if (mClientExtensions.Contains(ExtensionType.server_certificate_type)) { certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type]; } else { certTypes = new byte[] { CertificateType.X509 }; } foreach (byte b in certTypes) { if (b == CertificateType.X509) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { return(new DefaultTlsSignerCredentials( mContext, new Certificate(kp.X509Certificate), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #if SUPPORT_RPK if (b == CertificateType.RawPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PublicKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { AsymmetricKeyParameter param = k.AsPublicKey(); SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param); return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm( HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif #if SUPPORT_TLS_CWT if (b == CertificateType.CwtPublicKey) { foreach (TlsKeyPair kp in _serverKeys) { if (b != kp.CertType) { continue; } OneKey k = kp.PrivateKey; if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) && k.HasAlgorithm(AlgorithmValues.ECDSA_256)) { CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes()); AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey(); cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey)); return(new DefaultTlsSignerCredentials( mContext, cwtKey, kp.PrivateKey.AsPrivateKey(), new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa))); } } } #endif } // If we did not fine appropriate signer credentials - ask for help TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials) { CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA }; EventHandler <TlsEvent> handler = TlsEventHandler; if (handler != null) { handler(this, e); } if (e.SignerCredentials != null) { return(e.SignerCredentials); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public void Connect() { BasicTlsPskIdentity pskIdentity = null; if (_userKey != null) { if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet)) { CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier]; if (kid != null) { pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString()); } else { pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString()); } } } _tlsSession = new TLSClient(null, pskIdentity); _authKey = _userKey; TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom()); _client = new TcpClient(_ipEndPoint.AddressFamily); _client.Connect(_ipEndPoint); _stm = _client.GetStream(); clientProtocol.Connect(_tlsSession); while (_tlsSession.InHandshake) { bool sleep = true; int cbToRead = clientProtocol.GetAvailableOutputBytes(); if (cbToRead != 0) { byte[] data = new byte[cbToRead]; int cbRead = clientProtocol.ReadOutput(data, 0, cbToRead); _stm.Write(data, 0, cbRead); sleep = false; } if (_stm.DataAvailable) { byte[] data = new byte[1024]; int cbRead = _stm.Read(data, 0, data.Length); Array.Resize(ref data, cbRead); clientProtocol.OfferInput(data); sleep = false; } if (sleep) { Thread.Sleep(100); } } _tlsClient = clientProtocol; // Send over the capability block SendCSMSignal(); // if (_toSend != null) { _queue.Enqueue(_toSend); _toSend = null; } _stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this); WriteData(); }