private void DHTest(BigInteger clientPrivateKey, BigInteger clientPublicKey, BigInteger serverPrivateKey, BigInteger serverPublicKey)
{
StackFrame[] frames = new StackTrace().GetFrames();
BigInteger serverSecretKey = DiffieHellman.GenerateSecretKey(clientPublicKey, serverPrivateKey);
BigInteger clientSecretKey = serverPublicKey.ModPow(clientPrivateKey, OakleyGroup1.PrimeNumber);
byte[] serverSecretkeyMD5 = Hash.MD5.Hash(serverSecretKey);
byte[] clientSecretkeyMD5 = Hash.MD5.Hash(clientSecretKey);
Assert.AreEqual(clientSecretKey, serverSecretKey);
CollectionAssert.AreEqual(Hash.SHA256.Hash(clientSecretKey), Hash.SHA256.Hash(serverSecretKey));
CollectionAssert.AreEqual(Hash.MD5.Hash(clientSecretKey), Hash.MD5.Hash(serverSecretKey));
Console.WriteLine("============================================");
Console.WriteLine(string.Format("[{0}]", frames[1].GetMethod().Name));
Console.WriteLine("ClientPrivateKey : " + TestUtil.ToString(clientPrivateKey));
Console.WriteLine("ClientPublicKey : " + TestUtil.ToString(clientPublicKey));
Console.WriteLine("ServerPrivateKey : " + TestUtil.ToString(serverPrivateKey));
Console.WriteLine("ServerPublicKey : " + TestUtil.ToString(serverPublicKey));
Console.WriteLine("ServerSecretKey : " + TestUtil.ToString(serverSecretKey));
Console.WriteLine("ClientSecretKey : " + TestUtil.ToString(clientSecretKey));
Console.WriteLine("============================================");
Console.WriteLine("ServerSecretKey(MD5) : " + TestUtil.ToString(serverSecretkeyMD5));
Console.WriteLine("ClientSecretKey(MD5) : " + TestUtil.ToString(clientSecretkeyMD5));
Console.WriteLine("============================================");
}
private ECPoint GetSharedKey(byte[] privateKey, ECPoint publicKey)
{
var dh = new DiffieHellman(this.ellipticCurve);
var sharedKey = dh.GetSharedKey(privateKey, publicKey);
return(sharedKey);
}
private (byte[] privateKey, ECPoint publicKey) GenerateKeys()
{
var dh = new DiffieHellman(this.ellipticCurve);
var keys = dh.GenerateByteKeyPair();
return(keys);
}
private DiffieHellman GenerateDiffieHellman()
{
DiffieHellman diffie = new DiffieHellman(256);
diffie.GenerateRequest();
return(diffie);
}
private void GenerateThread()
{
try
{
while (PrivateKeys.Count < Max_Private_Keys || DiffieHellmans.Count < Max_Private_Keys)
{
if (PrivateKeys.Count < Max_Private_Keys)
{
RSAEncryption RSA = GenerateRsaKey();
lock (PrivateKeys)
{
PrivateKeys.Add(RSA);
}
}
if (DiffieHellmans.Count < Max_Private_Keys)
{
DiffieHellman diffie = GenerateDiffieHellman();
lock (DiffieHellmans)
{
DiffieHellmans.Add(diffie);
}
}
}
}
catch
{
}
GenThread = null;
}
private static void CreateEncryptFileFor(string aliasName, string fileName, string pubFileName, bool isBinary)
{
DHKeyPair _aliaskeys = RestoreKeys(aliasName);
PublicKey _publickeyto = RestorePublicKey(pubFileName);
IDiffieHellman _dh = new DiffieHellman();
DHDerivedKey _derived = _dh.GenerateDerivedKey(_aliaskeys, _publickeyto);
Console.WriteLine($"Derived Key:\n {BitConverter.ToString(_derived.Value)}");
byte[] IV = System.Text.Encoding.UTF8.GetBytes(fileName);
ICypher cypher = new AesCypher(_derived.Value, IV);
byte[] encrypted;
if (isBinary)
{
var content = ReadBinFile(fileName);
encrypted = cypher.Encrypt(Convert.ToBase64String(content));
}
else
{
encrypted = cypher.Encrypt(ReadTextFile(fileName));
}
WriteBinFile($"{fileName}{extfile}", encrypted);
Console.WriteLine($"{fileName}{extfile} encrypt file created.");
}
public DiffieHellman GetDiffieHellman()
{
if (!GenerateInBackground)
{
return(GenerateDiffieHellman());
}
if (DiffieHellmans.Count == 0)
{
if (GenThread == null)
{
GenThread = new Thread(new ThreadStart(GenerateThread));
GenThread.Start();
}
return(GenerateDiffieHellman());
}
else
{
lock (DiffieHellmans)
{
//get a random key
int index = rnd.Next(0, DiffieHellmans.Count - 1);
DiffieHellman diffie = DiffieHellmans[index];
DiffieHellmans.RemoveAt(index);
if (DiffieHellmans.Count < Min_Private_Keys && GenThread == null)
{
GenThread = new Thread(new ThreadStart(GenerateThread));
GenThread.Start();
}
return(diffie);
}
}
}
public void Test_against_well_known_results()
{
var primeP = BigInteger.Parse(
"32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559");
var primeG = 2;
// Well known inputs
var publicKeyA = BigInteger.Parse(
"16428453901689311174406835429457614352149131480820814606112641749162650046154160335721379864411385528632019438902509157814200706062493374586063287172414190665332638992378261617325351180882041320307470593551646072474377878641984257780799839924855832129077529540835293783943730689922011709290843103151179985344516127747230985665149485674718135070425535512704941196438784396460314598697418809403784160603971605277453951697026605904451672993162168584425019633974228954913888533522579571876177351844336213083376100007173872157215792163324914952633720486776246713336194027578118386085155631307325675034868183575746215669017");
var privateKeyB = BigInteger.Parse(
"6613069657665132725246464674416626967814847789270511732153920138404502558419161452231064033783065518081120087482262648699449248725844190853405394370415215555753121974020933054263318571431735489635061130413831465735285677393247377148888841381226497879709898084741908757014541741029147966946395707074610452892001890884190368089685289931823630320756921252041961571241320436492694638582502471480887058785121023850135911685185196576270777539716337738304019266982029836194150504415828024197423759537800908924209753175640206646764556125280475452980539359806836287847410461780237281850073248139315083092664821627343007413317");
// Calculate Public Key
var publicKeyB = DiffieHellman.PublicKey(primeP, primeG, privateKeyB);
// Should result in the following well known number
Assert.Equal(publicKeyB,
BigInteger.Parse(
"13937492206031047726377677746757921023785865161711475317174852743458085972205230299198350504612922098487548140816754440307076166055257752333977500237623761651798309657163956423196446289209492990021148645911047877880418288215506315988031313308757685574136931332211416208698474521512055282419261914878127800815451795657625776361486208624055307330917667568520525506193865130553366132859605894136270581379193553757875072525875034653743007926569724507481311440697029586510437642238099656004667926545975053817946452156676950868454136633495486741131821585053777971482962860700849249057853674609970118970647438173499487768514"));
// Calculate Secret
var secretB = DiffieHellman.Secret(primeP, publicKeyA, privateKeyB);
// Should Result in the following well known secret.
Assert.Equal(secretB,
BigInteger.Parse(
"17574532284595554228770542578145458081719781058045063175688772743423924399411406200223997425795977226735712284391179978852253613346926080761628802664085045531796220784085311215093471160914442692274980632286568900367895454304533334450617380428362254473222831478193415222881689923861172428575632214297967550826460508634891791127942687630353829719246724903147169063379750256523005309264102997944008112551383251560153285483075803832550164760264165682355751637761390244202226339540318827287797180863284173748514677579269180126947721499144727772986832223499738071139796968492815538042908414723947769999062186130240163854083"));
}
private static void RestoreEncryptFileFrom(string aliasName, string fileName, string pubFileName, bool isBinary)
{
DHKeyPair _aliaskeys = RestoreKeys(aliasName);
PublicKey _publickeyto = RestorePublicKey(pubFileName);
IDiffieHellman _dh = new DiffieHellman();
DHDerivedKey _derived = _dh.GenerateDerivedKey(_aliaskeys, _publickeyto);
Console.WriteLine($"Derived Key:\n {BitConverter.ToString(_derived.Value)}");
string fileout = fileName.Replace(extfile, string.Empty);
byte[] IV = System.Text.Encoding.UTF8.GetBytes(fileout);
ICypher cypher = new AesCypher(_derived.Value, IV);
byte[] read = ReadBinFile(fileName);
string content = cypher.Decrypt(read);
if (isBinary)
{
var bcontent = Convert.FromBase64String(content);
WriteBinFile(fileout, bcontent);
}
else
{
WriteTextFile(fileout, content);
}
Console.WriteLine($"{fileout} decrypt file created.");
}
public static void Cifrado(string path, string root, int tamaño, int p, int q)
{
string rootPrivate;
string keyPrivate;
rootPrivate = root + @"\\Upload\\Asymmetric\\KeyPrivates.txt";
string directorio;
directorio = root + @"\\Upload\\";
if (!Directory.Exists(directorio + "\\Asymmetric\\"))
{
DirectoryInfo di = Directory.CreateDirectory(directorio + "\\Asymmetric\\");
}
DiffieHellman dh = new DiffieHellman(p, tamaño);
RSA rsa = new RSA(p, q);
string texto = System.IO.File.ReadAllText(@path);
rsa.ObtenerFI();
rsa.ObtenerE();
string txtcifrado = "Cipher: RSA" + Environment.NewLine + "Clave pública: " + "( " + rsa.ObtenerN().ToString() + " , " + rsa.ObtenerD().ToString() + " )"
+ Environment.NewLine + " " + Environment.NewLine + "Cipher: Diffie-Hellman" + Environment.NewLine + "Clave pública: " +
" ( " + dh.SetAlice() + " )";
keyPrivate = "Clave privada: " + "( " + rsa.ObtenerN().ToString() + " , " + rsa.ObtenerE().ToString() + " )";
File.WriteAllText(@rootPrivate, keyPrivate);
root = root + @"\\Upload\\Asymmetric\\KeyPublics.txt";
using (StreamWriter outputFile = new StreamWriter(root))
{
foreach (char caracter in txtcifrado)
{
outputFile.Write(caracter.ToString());
}
}
}
public void Private_key_randomly_generated()
{
var primeP = new BigInteger(7919);
var privateKeys = Enumerable.Range(0, 5).Select(_ => DiffieHellman.PrivateKey(primeP)).ToList();
Assert.Equal(privateKeys.Distinct().Count(), privateKeys.Count);
}
public void Private_key_in_range()
{
var primeP = new BigInteger(23);
var privateKeys = Enumerable.Range(0, 10).Select(_ => DiffieHellman.PrivateKey(primeP)).ToList();
Assert.That(privateKeys, Is.All.InRange(new BigInteger(1), primeP - new BigInteger(1)));
}
public void CreateNewSessionKey()
{
if (FinishedKeyExchange == false)
{
// The logic elsewhere is to call this method unless RemoteHasKey == true.
// That needs to be cleaned up, because this is pointless.
if (SentKeyExchange)
{
//LogManager.Current.WriteToLog("CreateNewSessionKey() AGAIN for " + this.ToString() + "\n" + Environment.StackTrace);
return;
}
try {
LoggingService.LogInfo("Creating secure communication channel to {0}...", ToString());
SentKeyExchange = true;
var keyExchange = DiffieHellman.CreateKeyExchange();
var m = Network.MessageBuilder.CreateNewSessionKeyMessage(this, keyExchange);
var c = new AckMethod();
c.args = new object[] { this };
c.Method += Network.NewSessionKeyReady;
Network.AckMethods.Add(m.MessageID, c);
Network.SendRoutedMessage(m);
} catch (Exception ex) {
LoggingService.LogError("Failed to create key exchange! Hopefully we will retry...");
SentKeyExchange = false;
throw ex;
}
}
else
{
LoggingService.LogWarning("Why are we trying to CreateNewSessionKey for {0} when FinishedKeyExchange=True?", ToString());
}
}
private void OnDataReceived(object sender, DataReceivedEventArgs e)
{
Deserializer deserializer = new Deserializer(e.Buffer);
while (!deserializer.EndOfStream)
{
byte header = deserializer.ReadByte();
byte length = deserializer.ReadByte();
switch (length)
{
case 0x42:
byte[] publicKey = deserializer.ReadBytes(64);
byte[] sharedKey = DiffieHellman.GenerateSharedKey(publicKey, Keys.PrivateKey, Keys.Prime);
byte[] randomBytes = CryptoUtils.GetRandomBytes();
byte[] hashedRandomBytes = CryptoUtils.Hash(randomBytes);
byte[] xoredRandomBytes = CryptoUtils.XOR(randomBytes, sharedKey);
this.EncryptionKey = hashedRandomBytes;
this.SendKey(xoredRandomBytes);
this.client.DataReceived -= OnDataReceived;
this.OnHandshakeDone();
break;
default:
if (!this.HandlePacket(header, length, deserializer))
{
logger.Error("Unknown unencrypted packet, header: 0x{0:X2}, length: 0x{1:X2}", header, length);
this.client.Disconnect();
return;
}
break;
}
}
}
public void Private_key_is_random()
{
var p = new BigInteger(7919);
var privateKeys = Enumerable.Range(0, 10).Select(_ => DiffieHellman.PrivateKey(p)).ToArray();
Assert.Equal(privateKeys.Distinct().Count(), privateKeys.Length);
}
public AssociateResponse(OpenIdRelyingParty relyingParty, ServiceEndpoint provider, IDictionary <string, string> args, DiffieHellman dh)
: base(relyingParty, provider, args)
{
DH = dh;
if (Args.ContainsKey(Protocol.openidnp.assoc_handle))
{
initializeAssociation();
}
else
{
// Attempt to recover from an unsupported assoc_type
if (Protocol.Version.Major >= 2)
{
if (Util.GetRequiredArg(Args, Protocol.openidnp.error_code) == Protocol.Args.ErrorCode.UnsupportedType)
{
string assoc_type = Util.GetRequiredArg(Args, Protocol.openidnp.assoc_type);
string session_type = Util.GetRequiredArg(Args, Protocol.openidnp.session_type);
// If the suggested options are among those we support...
if (Array.IndexOf(Protocol.Args.SignatureAlgorithm.All, assoc_type) >= 0 &&
Array.IndexOf(Protocol.Args.SessionType.All, session_type) >= 0 &&
RelyingParty.Settings.IsAssociationInPermittedRange(Protocol, assoc_type))
{
SecondAttempt = AssociateRequest.Create(RelyingParty, Provider, assoc_type, session_type, false);
}
}
}
}
}
public string RecuperarMensajesSala(string guidResponse, string username)
{
try
{
DbConnection connection = new DbConnection();
List <Sala> salasDeUsuarios = connection.BuscarVarios <Sala>("salas", Builders <Sala> .Filter.Eq("guid", guidResponse));
var filtro = Builders <Usuario> .Filter.Eq("user", username);
var usuarioActual = connection.BuscarUno <Usuario>("users", filtro);
Sala salaActual = new Sala();
foreach (var item in salasDeUsuarios)
{
if (item.UsuarioA == usuarioActual.User)
{
salaActual = item;
break;
}
}
//Generar key DH para generar 10bitsSDES
DiffieHellman PersonaA = new DiffieHellman(usuarioActual.NumeroPrivado)
{
PublicoExterno = salaActual.ValorPublicoB
};
string cadenaLlaveSdes = Convert.ToString(PersonaA.GenerarKey(), 2).PadLeft(10, '0');
Sdes cipher = new Sdes(cadenaLlaveSdes);
List <Mensaje> mensajesEncriptados = connection.BuscarVarios <Mensaje>("mensajes",
Builders <Mensaje> .Filter.Eq("salaGuid", guidResponse));
List <Mensaje> mensajesDesEncriptados = new List <Mensaje>();
//Des encriptar los mensajes
foreach (var item in mensajesEncriptados)
{
string desEnc = "";
foreach (var caracter in item.Contenido)
{
byte letra = Convert.ToByte(caracter);
desEnc += Convert.ToChar(cipher.SDES_DeCipher(letra));
}
Mensaje mensajeDes = new Mensaje(guidResponse)
{
Contenido = desEnc,
Guid = item.Guid,
UsuarioEmisor = item.UsuarioEmisor,
UsuarioReceptor = item.UsuarioReceptor
};
mensajesDesEncriptados.Add(mensajeDes);
}
var json = JsonConvert.SerializeObject(mensajesDesEncriptados);
return(json);
}
catch
{
return("");
}
}
public void Private_key_in_range()
{
var primeP = new BigInteger(23);
var privateKeys = Enumerable.Range(0, 100).Select(_ => DiffieHellman.RandomPrivateKey(primeP)).ToList();
Assert.All(privateKeys,
privateKey => { Assert.InRange(privateKey, new BigInteger(2), primeP - new BigInteger(1)); });
}
public void Can_calculate_public_key_using_private_key()
{
var p = new BigInteger(23);
var g = new BigInteger(5);
var privateKey = new BigInteger(6);
Assert.Equal(new BigInteger(8), DiffieHellman.PublicKey(p, g, privateKey));
}
public void DeffieHelmanNewTest()
{
DiffieHellman algorithm = new DiffieHellman();
List <int> key = algorithm.GetKeys(541, 10, 50, 100);
Assert.AreEqual(key[0], 449);
Assert.AreEqual(key[1], 449);
}
public ChatClient()
{
diffieHellman = new DiffieHellman();
commonSecret = new Dictionary <Guid, byte[]>();
sendQueue = new BlockingCollection <string>();
onlineUsersIDs = new List <Guid>();
onlineUsernames = new Dictionary <Guid, string>();
}
public void DeffieHelmanTest1()
{
DiffieHellman algorithm = new DiffieHellman();
List <int> key = algorithm.GetKeys(19, 2, 6, 13);
Assert.AreEqual(key[0], 7);
Assert.AreEqual(key[1], 7);
}
public void DeffieHelmanTest3()
{
DiffieHellman algorithm = new DiffieHellman();
List <int> key = algorithm.GetKeys(353, 3, 97, 233);
Assert.AreEqual(key[0], 160);
Assert.AreEqual(key[1], 160);
}
private string PrepareDHResponseString(string request)
{
DHClient = new DiffieHellman(256).GenerateResponse(request);
var response = DHClient.ToString();
DHKey = DHClient.Key;
return(response);
}
public void Can_calculate_secret_using_other_partys_public_key()
{
var p = new BigInteger(23);
var theirPublicKey = new BigInteger(19);
var myPrivateKey = new BigInteger(6);
Assert.Equal(new BigInteger(2), DiffieHellman.Secret(p, theirPublicKey, myPrivateKey));
}
public ActionResult SignUp()
{
//Post
var userName = Request.Form["userName"].ToString();
var password = Request.Form["password"].ToString();
var levels = Convert.ToInt32(Request.Form["levels"].ToString());
//Get para verificar que no existe un Usuario con otro Nombre
var found = false;
var User = new Users();
var login = User.GetLogIn();
foreach (LogInElements elements in login)
{
if ((elements.UserName == userName))
{
found = true;
break;
}
}
if (found)
{
registroValido = 2;
return(RedirectToAction("Index"));
}
else
{
//método para cifrar la clave ZigZag
LogInElements elemento = new LogInElements();
DiffieHellman diffieHellman = new DiffieHellman();
DateTime now = DateTime.Now;
var ticks = now.Ticks;
var ab = (int)(ticks % 17);
var p = 1021;
var g = 11;
var a = Convert.ToString(ab, 2);
a = a.PadLeft(8, '0');
//cifrar a en binario
a = User.ZigZagEncryptionCipher(a, levels);
//cifrar la contraseña del ususario
var CipherPassword = User.ZigZagEncryptionCipher(password, levels);
//generar A con diffie Hellman
var A = diffieHellman.GenerarClaves(ab, p, g);
//elemento a cifrar
elemento.Password = CipherPassword;
elemento.UserName = userName;
elemento.A = Convert.ToString(A);
elemento.PrivateKey = a;
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("http://localhost:58992/");
var postjob = client.PostAsync("api/LogIn", new StringContent(new JavaScriptSerializer().Serialize(elemento), Encoding.UTF8, "application/json"));
postjob.Wait();
registroValido = 1;
}
return(RedirectToAction("Index"));
}
}
public byte[] getE()
{
if (e_array == null)
{
dh = new DiffieHellmanManaged(p, g, 0);
e_array = dh.CreateKeyExchange();
}
return(e_array);
}
public ChatServer()
{
ConnectedClients = new List <TcpClient>();
diffieHellman = new DiffieHellman();
commonSecrets = new Dictionary <TcpClient, byte[]>();
ClientIDs = new Dictionary <TcpClient, Guid>();
IDClients = new Dictionary <Guid, TcpClient>();
Usernames = new Dictionary <Guid, string>();
}
public byte[] Decrypt(byte[] chunk, PhantasmaKeys keys)
{
if (keys.Address != this.Source && keys.Address != this.Destination)
{
throw new ChainException("decryption public address does not match");
}
return(DiffieHellman.Decrypt(chunk, keys.PrivateKey));
}
public BigInteger POST(requestSharedKeyBindingModel model)
{
DiffieHellman DH = new DiffieHellman();
var key = DH.getFinalKey(BigInteger.Parse(model.Key));
UserManager.FindById(User.Identity.GetUserId()).SharedBarcodeSecret = key;
db.SaveChanges();
return(DH.GetMyPublic());
}
public HabboCrypto(BigInteger n, BigInteger e, BigInteger d)
{
this.DH = new DiffieHellman(200);
this.RSA = new RSA(n, e, d, 0, 0, 0, 0, 0);
this.RC4 = new RC4();
this.Initialized = false;
}
public HabboEncryptionHandlerV1(RsaKeyHolder keys)
{
this.DiffieHellman = new DiffieHellman();
this.Rsa = RsaKey.ParsePrivateKey(keys.N, keys.E, keys.D);
this.Rc4 = new ARC4();
this.Initialized = false;
}
private void ProtocolV4(Stream stream, CertificateStore clientCredentials, Certificate[] trustedRootCertificates, ISecureChannelSecurityManager manager, string preSharedKey, SecureChannelCryptoOptionFlags supportedOptions)
{
#region 1. hello handshake
//send client hello
SecureChannelPacket.Hello clientHello = new SecureChannelPacket.Hello(BinaryID.GenerateRandomID256(), supportedOptions);
SecureChannelPacket.WritePacket(stream, clientHello);
//read server hello
SecureChannelPacket.Hello serverHello = (new SecureChannelPacket(stream)).GetHello();
//read selected crypto option
_selectedCryptoOption = supportedOptions & serverHello.CryptoOptions;
if (_selectedCryptoOption == SecureChannelCryptoOptionFlags.None)
throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
#endregion
#region 2. key exchange
//read server key exchange data
SecureChannelPacket.KeyExchange serverKeyExchange = (new SecureChannelPacket(stream)).GetKeyExchange();
SymmetricEncryptionAlgorithm encAlgo;
string hashAlgo;
KeyAgreement keyAgreement;
switch (_selectedCryptoOption)
{
case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
encAlgo = SymmetricEncryptionAlgorithm.Rijndael;
hashAlgo = "SHA256";
keyAgreement = new DiffieHellman(DiffieHellmanGroupType.RFC3526, 2048, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
break;
case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
encAlgo = SymmetricEncryptionAlgorithm.Rijndael;
hashAlgo = "SHA256";
keyAgreement = new TechnitiumLibrary.Security.Cryptography.ECDiffieHellman(256, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
break;
default:
throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
}
//send client key exchange data
SecureChannelPacket.KeyExchange clientKeyExchange = new SecureChannelPacket.KeyExchange(keyAgreement.GetPublicKeyXML(), clientCredentials.PrivateKey, hashAlgo);
SecureChannelPacket.WritePacket(stream, clientKeyExchange);
//generate master key
byte[] masterKey = GenerateMasterKey(clientHello, serverHello, _preSharedKey, keyAgreement, serverKeyExchange.PublicKeyXML);
//verify master key using HMAC authentication
{
SecureChannelPacket.Authentication clientAuthentication = new SecureChannelPacket.Authentication(serverHello, masterKey);
SecureChannelPacket.WritePacket(stream, clientAuthentication);
SecureChannelPacket.Authentication serverAuthentication = (new SecureChannelPacket(stream)).GetAuthentication();
if (!serverAuthentication.IsValid(clientHello, masterKey))
throw new SecureChannelException(SecureChannelCode.ProtocolAuthenticationFailed, _remotePeerEP, _remotePeerCert);
}
//enable channel encryption
switch (encAlgo)
{
case SymmetricEncryptionAlgorithm.Rijndael:
//using MD5 for generating AES IV of 128bit block size
HashAlgorithm md5Hash = HashAlgorithm.Create("MD5");
byte[] eIV = md5Hash.ComputeHash(clientHello.Nonce.ID);
byte[] dIV = md5Hash.ComputeHash(serverHello.Nonce.ID);
//create encryption and decryption objects
SymmetricCryptoKey encryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, eIV, PaddingMode.None);
SymmetricCryptoKey decryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, dIV, PaddingMode.None);
//enable encryption
EnableEncryption(stream, encryptionKey, decryptionKey, new HMACSHA256(masterKey), new HMACSHA256(masterKey));
break;
default:
throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
}
//channel encryption is ON!
#endregion
#region 3. exchange & verify certificates & signatures
if (!_reNegotiating)
{
//send client certificate
SecureChannelPacket.WritePacket(this, clientCredentials.Certificate);
//read server certificate
_remotePeerCert = (new SecureChannelPacket(this)).GetCertificate();
//verify server certificate
try
{
_remotePeerCert.Verify(trustedRootCertificates);
}
catch (Exception ex)
{
throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificate, _remotePeerEP, _remotePeerCert, "Invalid remote certificate.", ex);
}
}
//verify key exchange signature
switch (_selectedCryptoOption)
{
case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
if (_remotePeerCert.PublicKeyEncryptionAlgorithm != AsymmetricEncryptionAlgorithm.RSA)
throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificateAlgorithm, _remotePeerEP, _remotePeerCert);
if (!serverKeyExchange.IsSignatureValid(_remotePeerCert, "SHA256"))
throw new SecureChannelException(SecureChannelCode.InvalidRemoteKeyExchangeSignature, _remotePeerEP, _remotePeerCert);
break;
default:
throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
}
if ((manager != null) && !manager.ProceedConnection(_remotePeerCert))
throw new SecureChannelException(SecureChannelCode.SecurityManagerDeclinedAccess, _remotePeerEP, _remotePeerCert, "Security manager declined access.");
#endregion
}
public static void Initialize(RsaKeyHolder keys)
{
Rsa = RsaKey.ParsePrivateKey(keys.N, keys.E, keys.D);
DiffieHellman = new DiffieHellman();
}
