public unsafe void DeriveMasterSecretTls12(IHashProvider hashProvider, HashType hashType, void *seed, int seedLength, void *output, int outputLength)
{
var ctx = EVP_PKEY_CTX_new(_eKey, IntPtr.Zero);
try
{
ThrowOnError(EVP_PKEY_derive_init(ctx));
ThrowOnError(EVP_PKEY_derive_set_peer(ctx, _clientKey));
IntPtr len = IntPtr.Zero;
ThrowOnError(EVP_PKEY_derive(ctx, null, ref len));
var data = stackalloc byte[len.ToInt32()];
ThrowOnError(EVP_PKEY_derive(ctx, data, ref len));
var newSeed = stackalloc byte[seedLength + Tls1_2Consts.MasterSecretLabelSize];
var sSpan = new Span <byte>(newSeed, seedLength + Tls1_2Consts.MasterSecretLabelSize);
var masterSpan = Tls1_2Consts.GetMasterSecretSpan();
masterSpan.CopyTo(sSpan);
var seedSpan = new Span <byte>(seed, seedLength);
seedSpan.CopyTo(sSpan.Slice(masterSpan.Length));
PrfFunctions.P_Hash12(hashProvider, hashType, new Span <byte>(output, outputLength), data, len.ToInt32(), sSpan);
Dispose();
}
finally
{
ctx.Free();
}
}
public unsafe void CalculateClientFinished()
{
var hashResult = stackalloc byte[_state.HandshakeHash.HashSize + Tls1_2Consts.ClientFinishedLabelSize];
var seed = new Span <byte>(hashResult, _state.HandshakeHash.HashSize + Tls1_2Consts.ClientFinishedLabelSize);
_state.HandshakeHash.InterimHash(hashResult + Tls1_2Consts.ClientFinishedLabelSize, _state.HandshakeHash.HashSize);
var finishedLabel = Tls1_2Consts.GetClientFinishedSpan();
finishedLabel.CopyTo(seed);
PrfFunctions.P_Hash12(_state.CryptoProvider.HashProvider, _state.CipherSuite.HashType, _clientSpan, _masterSecret, Tls1_2Consts.MASTER_SECRET_LENGTH, seed);
}
public void GenerateKeyMaterial()
{
_materialLength = (_state.CryptoProvider.CipherProvider.GetKeySize(_state.CipherSuite.BulkCipherType) * 2) + 4 * 2;
var seedLength = Tls1_2Consts.KeyExpansionLabelSize + Hello.RandomLength * 2;
var seed = stackalloc byte[seedLength];
var seedSpan = new Span <byte>(seed, seedLength);
Tls1_2Consts.GetKeyExpansionSpan().CopyTo(seedSpan);
ServerRandom.CopyTo(seedSpan.Slice(Tls1_2Consts.KeyExpansionLabelSize));
ClientRandom.CopyTo(seedSpan.Slice(Tls1_2Consts.KeyExpansionLabelSize + Hello.RandomLength));
var materialSpan = new Span <byte>(_keyData, _materialLength);
PrfFunctions.P_Hash12(_state.CryptoProvider.HashProvider, _state.CipherSuite.HashType,
materialSpan, _masterSecret, Tls1_2Consts.MASTER_SECRET_LENGTH, seedSpan);
}
public void CompareClientFinishedGenerateServerFinished(ReadableBuffer buffer)
{
_state.HandshakeHash.HashData(buffer);
buffer = buffer.Slice(4);
var result = CompareFunctions.ConstantTimeEquals(_clientSpan, buffer);
var hashResult = stackalloc byte[_state.HandshakeHash.HashSize + Tls1_2Consts.ServerFinishedLabelSize];
var seed = new Span <byte>(hashResult, _state.HandshakeHash.HashSize + Tls1_2Consts.ServerFinishedLabelSize);
_state.HandshakeHash.InterimHash(hashResult + Tls1_2Consts.ServerFinishedLabelSize, _state.HandshakeHash.HashSize);
var finishedLabel = Tls1_2Consts.GetServerFinishedSpan();
finishedLabel.CopyTo(seed);
PrfFunctions.P_Hash12(_state.CryptoProvider.HashProvider, _state.CipherSuite.HashType, _serverSpan, _masterSecret, Tls1_2Consts.MASTER_SECRET_LENGTH, seed);
}
