/** * Sets support for a particular feature. */ private void SetSupportsFeature(byte feature, bool support) { if (feature == 0) { throw new ArgumentException("cannot be 0", "feature"); } int i = Array.IndexOf(data, feature); if ((i >= 0) == support) { return; } if (support) { data = Arrays.Append(data, feature); } else { byte[] temp = new byte[data.Length - 1]; Array.Copy(data, 0, temp, 0, i); Array.Copy(data, i + 1, temp, i, temp.Length - i); data = temp; } }
private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context) { Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator(); kpg.Init(new Ed448KeyGenerationParameters(Random)); AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private; Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters)kp.Public; byte[] msg = new byte[Random.NextInt() & 255]; Random.NextBytes(msg); ISigner signer = CreateSigner(algorithm, context); signer.Init(true, privateKey); signer.BlockUpdate(msg, 0, msg.Length); byte[] signature = signer.GenerateSignature(); ISigner verifier = CreateSigner(algorithm, context); { verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldVerify = verifier.VerifySignature(signature); if (!shouldVerify) { Fail("Ed448(" + algorithm + ") signature failed to verify"); } } { byte[] wrongLengthSignature = Arrays.Append(signature, 0x00); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified"); } } { byte[] badSignature = Arrays.Clone(signature); badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(badSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); } } }
public static byte[] CreateSupportedPointFormatsExtension(byte[] ecPointFormats) { if (ecPointFormats == null || !Arrays.Contains(ecPointFormats, 0)) { ecPointFormats = Arrays.Append(ecPointFormats, 0); } return(TlsUtilities.EncodeUint8ArrayWithUint8Length(ecPointFormats)); }
private static byte[] CheckNameType(byte[] nameTypesSeen, byte nameType) { if (NameType.IsValid(nameType) && !Arrays.Contains(nameTypesSeen, nameType)) { return(Arrays.Append(nameTypesSeen, nameType)); } return(null); }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { //IL_0000: Unknown result type (might be due to invalid IL or missing references) //IL_0006: Expected O, but got Unknown MemoryStream val = new MemoryStream(); ProtocolVersion clientVersion = client.ClientVersion; if (!clientVersion.IsDtls) { throw new TlsFatalAlert(80); } TlsClientContextImpl clientContext = state.clientContext; clientContext.SetClientVersion(clientVersion); TlsUtilities.WriteVersion(clientVersion, (Stream)(object)val); SecurityParameters securityParameters = clientContext.SecurityParameters; ((Stream)val).Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); byte[] array = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { array = state.tlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(array, (Stream)(object)val); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val); bool isFallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); state.clientExtensions = client.GetClientExtensions(); byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255); if (flag && flag2) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255); } if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, (Stream)(object)val); byte[] array2 = (state.offeredCompressionMethods = new byte[1]); TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, (Stream)(object)val); if (state.clientExtensions != null) { TlsProtocol.WriteExtensions((Stream)(object)val, state.clientExtensions); } return(val.ToArray()); }
protected virtual byte[] GenerateClientHello(DtlsClientProtocol.ClientHandshakeState state, TlsClient client) { MemoryStream memoryStream = new MemoryStream(); ProtocolVersion clientVersion = client.ClientVersion; if (!clientVersion.IsDtls) { throw new TlsFatalAlert(80); } TlsClientContextImpl clientContext = state.clientContext; clientContext.SetClientVersion(clientVersion); TlsUtilities.WriteVersion(clientVersion, memoryStream); SecurityParameters securityParameters = clientContext.SecurityParameters; memoryStream.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); byte[] array = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { array = state.tlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(array, memoryStream); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream); bool isFallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); state.clientExtensions = client.GetClientExtensions(); byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255); if (flag && flag2) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255); } if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, memoryStream); byte[] offeredCompressionMethods = new byte[1]; state.offeredCompressionMethods = offeredCompressionMethods; TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, memoryStream); if (state.clientExtensions != null) { TlsProtocol.WriteExtensions(memoryStream, state.clientExtensions); } return(memoryStream.ToArray()); }
protected virtual void SendClientHelloMessage() { mRecordStream.SetWriteVersion(mTlsClient.ClientHelloRecordLayerVersion); ProtocolVersion clientVersion = mTlsClient.ClientVersion; if (clientVersion.IsDtls) { throw new TlsFatalAlert(80); } ContextAdmin.SetClientVersion(clientVersion); byte[] array = TlsUtilities.EmptyBytes; if (mTlsSession != null) { array = mTlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } bool isFallback = mTlsClient.IsFallback; mOfferedCipherSuites = mTlsClient.GetCipherSuites(); mOfferedCompressionMethods = mTlsClient.GetCompressionMethods(); if (array.Length > 0 && mSessionParameters != null && (!Arrays.Contains(mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm))) { array = TlsUtilities.EmptyBytes; } mClientExtensions = mTlsClient.GetClientExtensions(); HandshakeMessage handshakeMessage = new HandshakeMessage(1); TlsUtilities.WriteVersion(clientVersion, (Stream)(object)handshakeMessage); handshakeMessage.Write(mSecurityParameters.ClientRandom); TlsUtilities.WriteOpaque8(array, (Stream)(object)handshakeMessage); byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(mOfferedCipherSuites, 255); if (flag && flag2) { mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 255); } if (isFallback && !Arrays.Contains(mOfferedCipherSuites, 22016)) { mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, (Stream)(object)handshakeMessage); TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, (Stream)(object)handshakeMessage); if (mClientExtensions != null) { TlsProtocol.WriteExtensions((Stream)(object)handshakeMessage, mClientExtensions); } handshakeMessage.WriteToRecordStream(this); }
protected virtual void SendClientHelloMessage() { base.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion); ProtocolVersion clientVersion = this.mTlsClient.ClientVersion; if (clientVersion.IsDtls) { throw new TlsFatalAlert(80); } this.ContextAdmin.SetClientVersion(clientVersion); byte[] emptyBytes = TlsUtilities.EmptyBytes; if (base.mTlsSession != null) { emptyBytes = base.mTlsSession.SessionID; if ((emptyBytes == null) || (emptyBytes.Length > 0x20)) { emptyBytes = TlsUtilities.EmptyBytes; } } bool isFallback = this.mTlsClient.IsFallback; base.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites(); base.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods(); if (((emptyBytes.Length > 0) && (base.mSessionParameters != null)) && (!Arrays.Contains(base.mOfferedCipherSuites, base.mSessionParameters.CipherSuite) || !Arrays.Contains(base.mOfferedCompressionMethods, base.mSessionParameters.CompressionAlgorithm))) { emptyBytes = TlsUtilities.EmptyBytes; } base.mClientExtensions = this.mTlsClient.GetClientExtensions(); TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(1); TlsUtilities.WriteVersion(clientVersion, output); output.Write(base.mSecurityParameters.ClientRandom); TlsUtilities.WriteOpaque8(emptyBytes, output); byte[] extensionData = TlsUtilities.GetExtensionData(base.mClientExtensions, 0xff01); bool flag2 = null == extensionData; bool flag3 = !Arrays.Contains(base.mOfferedCipherSuites, 0xff); if (flag2 && flag3) { base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0xff); } if (isFallback && !Arrays.Contains(base.mOfferedCipherSuites, 0x5600)) { base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0x5600); } TlsUtilities.WriteUint16ArrayWithUint16Length(base.mOfferedCipherSuites, output); TlsUtilities.WriteUint8ArrayWithUint8Length(base.mOfferedCompressionMethods, output); if (base.mClientExtensions != null) { TlsProtocol.WriteExtensions(output, base.mClientExtensions); } output.WriteToRecordStream(this); }
private static byte[] CheckNameType(byte[] nameTypesSeen, byte nameType) { /* * RFC 6066 3. The ServerNameList MUST NOT contain more than one name of the same * name_type. */ if (!NameType.IsValid(nameType) || Arrays.Contains(nameTypesSeen, nameType)) { return(null); } return(Arrays.Append(nameTypesSeen, nameType)); }
public static byte[] CreateSupportedPointFormatsExtension(byte[] ecPointFormats) { if (ecPointFormats == null || !Arrays.Contains(ecPointFormats, ECPointFormat.uncompressed)) { /* * RFC 4492 5.1. If the Supported Point Formats Extension is indeed sent, it MUST * contain the value 0 (uncompressed) as one of the items in the list of point formats. */ // NOTE: We add it at the end (lowest preference) ecPointFormats = Arrays.Append(ecPointFormats, ECPointFormat.uncompressed); } return(TlsUtilities.EncodeUint8ArrayWithUint8Length(ecPointFormats)); }
private void SetSupportsFeature(byte feature, bool support) { if (feature == 0) { throw new ArgumentException("cannot be 0", "feature"); } int num = Array.IndexOf((Array)data, (object)feature); if (num >= 0 != support) { if (support) { data = Arrays.Append(data, feature); return; } byte[] array = new byte[data.Length - 1]; Array.Copy(data, 0, array, 0, num); Array.Copy(data, num + 1, array, num, array.Length - num); data = array; } }
private void SetSupportsFeature(byte feature, bool support) { //IL_000d: Unknown result type (might be due to invalid IL or missing references) if (feature == 0) { throw new ArgumentException("cannot be 0", "feature"); } int num = global::System.Array.IndexOf((global::System.Array)data, (object)feature); if (num >= 0 != support) { if (support) { data = Arrays.Append(data, feature); return; } byte[] array = new byte[data.Length - 1]; global::System.Array.Copy((global::System.Array)data, 0, (global::System.Array)array, 0, num); global::System.Array.Copy((global::System.Array)data, num + 1, (global::System.Array)array, num, array.Length - num); data = array; } }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { MemoryStream buf = new MemoryStream(); ProtocolVersion client_version = client.ClientVersion; if (!client_version.IsDtls) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsClientContextImpl context = state.clientContext; context.SetClientVersion(client_version); TlsUtilities.WriteVersion(client_version, buf); SecurityParameters securityParameters = context.SecurityParameters; buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); // Session ID byte[] session_id = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { session_id = state.tlsSession.SessionID; if (session_id == null || session_id.Length > 32) { session_id = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(session_id, buf); // Cookie TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf); bool fallback = client.IsFallback; /* * Cipher suites */ state.offeredCipherSuites = client.GetCipherSuites(); // Integer -> byte[] state.clientExtensions = client.GetClientExtensions(); securityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(state.clientExtensions); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noRenegSCSV) { // TODO Consider whether to default to a client extension instead state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } /* * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version * containing a lower value than the latest (highest-valued) version supported by the * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in * ClientHello.cipher_suites. */ if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf); } // TODO Add support for compression // Compression methods // state.offeredCompressionMethods = client.getCompressionMethods(); state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null }; TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf); // Extensions if (state.clientExtensions != null) { TlsProtocol.WriteExtensions(buf, state.clientExtensions); } return(buf.ToArray()); }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { ProtocolVersion client_version = client.ClientVersion; if (!client_version.IsDtls) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsClientContextImpl context = state.clientContext; context.SetClientVersion(client_version); SecurityParameters securityParameters = context.SecurityParameters; // Session ID byte[] session_id = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { session_id = state.tlsSession.SessionID; if (session_id == null || session_id.Length > 32) { session_id = TlsUtilities.EmptyBytes; } } bool fallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); if (session_id.Length > 0 && state.sessionParameters != null) { if (!state.sessionParameters.IsExtendedMasterSecret || !Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) || CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm) { session_id = TlsUtilities.EmptyBytes; } } state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions()); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions); MemoryStream buf = new MemoryStream(); TlsUtilities.WriteVersion(client_version, buf); buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); TlsUtilities.WriteOpaque8(session_id, buf); // Cookie TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noRenegSCSV) { // TODO Consider whether to default to a client extension instead state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } /* * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value * than the latest (highest-valued) version supported by the client, it SHOULD include * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends * to negotiate.) */ if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf); } TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf); TlsProtocol.WriteExtensions(buf, state.clientExtensions); return(buf.ToArray()); }
protected virtual void SendClientHelloMessage() { this.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion); ProtocolVersion client_version = this.mTlsClient.ClientVersion; if (client_version.IsDtls) { throw new TlsFatalAlert(AlertDescription.internal_error); } ContextAdmin.SetClientVersion(client_version); /* * TODO RFC 5077 3.4. When presenting a ticket, the client MAY generate and include a * Session ID in the TLS ClientHello. */ byte[] session_id = TlsUtilities.EmptyBytes; if (this.mTlsSession != null) { session_id = this.mTlsSession.SessionID; if (session_id == null || session_id.Length > 32) { session_id = TlsUtilities.EmptyBytes; } } bool fallback = this.mTlsClient.IsFallback; this.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites(); this.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods(); if (session_id.Length > 0 && this.mSessionParameters != null) { if (!Arrays.Contains(this.mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(this.mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm)) { session_id = TlsUtilities.EmptyBytes; } } this.mClientExtensions = this.mTlsClient.GetClientExtensions(); HandshakeMessage message = new HandshakeMessage(HandshakeType.client_hello); TlsUtilities.WriteVersion(client_version, message); message.Write(this.mSecurityParameters.ClientRandom); TlsUtilities.WriteOpaque8(session_id, message); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ byte[] renegExtData = TlsUtilities.GetExtensionData(mClientExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); bool noRenegScsv = !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noRenegScsv) { // TODO Consider whether to default to a client extension instead // this.mClientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mClientExtensions); // this.mClientExtensions[ExtensionType.renegotiation_info] = CreateRenegotiationInfo(TlsUtilities.EmptyBytes); this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } /* * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version * containing a lower value than the latest (highest-valued) version supported by the * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in * ClientHello.cipher_suites. */ if (fallback && !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV); } TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, message); } TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, message); if (mClientExtensions != null) { WriteExtensions(message, mClientExtensions); } message.WriteToRecordStream(this); }
/** * Converts a character password to bytes incorporating the required trailing zero byte. * * @param password the password to be encoded. * @return a byte representation of the password in UTF8 + trailing zero. */ public static byte[] PasswordToByteArray(char[] password) { return(Arrays.Append(Strings.ToUtf8ByteArray(password), 0)); }