public void TestDecrypt()
{
var input = GetBuffer(HelloWorldResult);
var output = new TlsBuffer(input.Size + MagicDataSize + MagicData2Size);
output.Write(GetBuffer(MagicDataName));
output.Write(GetBuffer(MagicData2Name));
var hello = GetField(HelloWorldName);
var length = Context.Decrypt(input, output.GetRemaining());
Assert.That(length, Is.EqualTo(hello.Length), "#1");
output.Position = 0;
var magic = output.ReadBytes(MagicDataSize);
Assert.That(magic, Is.EqualTo(GetField(MagicDataName)), "#2");
var magic2 = output.ReadBytes(MagicData2Size);
Assert.That(magic2, Is.EqualTo(GetField(MagicData2Name)), "#3");
var decrypted = output.ReadBytes(length);
Assert.That(decrypted, Is.EqualTo(hello), "#4");
}
public override void Encode (TlsBuffer buffer)
{
var size = Data != null ? Data.Size : 0;
buffer.Write ((short)ExtensionType);
buffer.Write ((short)(size + 1));
buffer.Write ((byte)size);
if (Data != null)
buffer.Write (Data.Buffer);
}
protected override int Decrypt(DisposeContext d, ContentType contentType, IBufferOffsetSize input, IBufferOffsetSize output)
{
var implicitNonce = IsClient ? ServerWriteIV : ClientWriteIV;
var writeKey = IsClient ? ServerWriteKey : ClientWriteKey;
#if DEBUG_FULL
if (Cipher.EnableDebugging)
{
DebugHelper.WriteLine("FIXED IV", implicitNonce);
DebugHelper.WriteLine("WRITE KEY", writeKey);
DebugHelper.WriteLine("SEQUENCE: {0}", ReadSequenceNumber);
}
#endif
var length = input.Size - ExplicitNonceSize;
var aad = new TlsBuffer(13);
aad.Write(ReadSequenceNumber);
aad.Write((byte)contentType);
aad.Write((short)Protocol);
aad.Write((short)(length - MacSize));
#if DEBUG_FULL
if (Cipher.EnableDebugging)
{
DebugHelper.WriteFull("TAG", aad);
}
#endif
var gcm = new GcmBlockCipher(new AesEngine());
var key = new KeyParameter(writeKey.Buffer);
var nonce = d.CreateBuffer(ImplicitNonceSize + ExplicitNonceSize);
Buffer.BlockCopy(implicitNonce.Buffer, 0, nonce.Buffer, 0, ImplicitNonceSize);
Buffer.BlockCopy(input.Buffer, input.Offset, nonce.Buffer, ImplicitNonceSize, ExplicitNonceSize);
#if DEBUG_FULL
if (Cipher.EnableDebugging)
{
DebugHelper.WriteLine("NONCE", nonce);
}
#endif
var parameters = new AeadParameters(key, 128, nonce.Buffer, aad.Buffer);
gcm.Init(false, parameters);
int ret;
try {
ret = gcm.ProcessBytes(input.Buffer, input.Offset + ExplicitNonceSize, length, output.Buffer, output.Offset);
ret += gcm.DoFinal(output.Buffer, output.Offset + ret);
} catch (CryptoException ex) {
throw new TlsException(AlertDescription.BadRecordMAC, ex.Message);
}
return(ret);
}
public override void Encode (TlsBuffer buffer)
{
var algorithms = SignatureParameters.SignatureAndHashAlgorithms;
buffer.Write ((short)ExtensionType);
buffer.Write ((short)(algorithms.Count * 2 + 2));
buffer.Write ((short)(algorithms.Count * 2));
foreach (var algorithm in algorithms)
algorithm.Encode (buffer);
}
public override void Encode(TlsBuffer buffer)
{
buffer.Write((short)ExtensionType);
buffer.Write((short)(Algorithms.Count * 2 + 2));
buffer.Write((short)(Algorithms.Count * 2));
foreach (var algorithm in Algorithms)
{
algorithm.Encode(buffer);
}
}
public override void Encode(TlsBuffer buffer)
{
var size = Data != null ? Data.Size : 0;
buffer.Write((short)ExtensionType);
buffer.Write((short)(size + 1));
buffer.Write((byte)size);
if (Data != null)
{
buffer.Write(Data.Buffer);
}
}
public override void Encode(TlsBuffer buffer)
{
var algorithms = SignatureParameters.SignatureAndHashAlgorithms;
buffer.Write((short)ExtensionType);
buffer.Write((short)(algorithms.Count * 2 + 2));
buffer.Write((short)(algorithms.Count * 2));
foreach (var algorithm in algorithms)
{
SignatureHelper.EncodeSignatureAndHashAlgorithm(algorithm, buffer);
}
}
static byte[] ComputeRecordMAC(TlsProtocolCode protocol, HMac hmac, ulong seqnum, ContentType contentType, IBufferOffsetSize fragment)
{
var header = new TlsBuffer(13);
header.Write(seqnum);
header.Write((byte)contentType);
header.Write((short)protocol);
header.Write((short)fragment.Size);
hmac.Reset();
hmac.TransformBlock(header.Buffer, 0, header.Size);
hmac.TransformBlock(fragment.Buffer, fragment.Offset, fragment.Size);
return(hmac.TransformFinalBlock());
}
public void TestOutputOffset(TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var input = GetBuffer(HelloWorldName);
var output = new TlsBuffer(input.Size + host.MaxExtraEncryptedBytes + MagicDataSize);
output.Write(GetBuffer(MagicDataName));
var startOffset = output.Offset;
var startPos = output.Position;
var startSize = output.Size;
var length = host.Encrypt(input, output.GetRemaining());
ctx.Assert(length, Is.GreaterThanOrEqualTo(0), "#1");
ctx.Assert(length, Is.GreaterThanOrEqualTo(input.Size + host.MinExtraEncryptedBytes), "#2a");
ctx.Assert(length, Is.LessThanOrEqualTo(input.Size + host.MaxExtraEncryptedBytes), "#2a");
ctx.Assert(output.Offset, Is.EqualTo(startOffset), "#2b");
ctx.Assert(output.Size, Is.EqualTo(startSize), "#2c");
output.Position = 0;
var magic = output.ReadBytes(MagicDataSize);
ctx.Assert(magic, Is.EqualTo(GetField(MagicDataName)), "#3");
var encrypted = output.ReadBytes(length);
CheckOutput(ctx, HelloWorldResult, new BufferOffsetSize(encrypted));
}
public void TestInputOffset()
{
var hello = GetBuffer(HelloWorldName);
var input = new TlsBuffer(hello.Size + MagicDataSize + MagicData2Size);
input.Write(GetBuffer(MagicDataName));
var startPos = input.Position;
input.Write(hello);
input.Write(GetBuffer(MagicData2Name));
var output = Context.Encrypt(new BufferOffsetSize(input.Buffer, startPos, hello.Size));
Assert.That(output, Is.Not.Null, "#1");
Assert.That(output.Size, Is.EqualTo(hello.Size + Context.MinExtraEncryptedBytes), "#2");
CheckOutput(HelloWorldResult, output);
}
public void TestInputOffset(TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var hello = GetBuffer(HelloWorldName);
var input = new TlsBuffer(hello.Size + MagicDataSize + MagicData2Size);
input.Write(GetField(MagicDataName));
var startPos = input.Position;
input.Write(hello);
input.Write(GetBuffer(MagicData2Name));
var output = host.Encrypt(new BufferOffsetSize(input.Buffer, startPos, hello.Size));
ctx.Assert(output, Is.Not.Null, "#1");
ctx.Assert(output.Size, Is.GreaterThanOrEqualTo(hello.Size + host.MinExtraEncryptedBytes), "#2");
ctx.Assert(output.Size, Is.LessThanOrEqualTo(hello.Size + host.MaxExtraEncryptedBytes), "#2");
CheckOutput(ctx, HelloWorldResult, output);
}
protected override int Encrypt(DisposeContext d, ContentType contentType, IBufferOffsetSize input, IBufferOffsetSize output)
{
// Calculate message MAC
byte[] mac = null;
if (IsServer)
{
mac = ComputeServerRecordMAC(contentType, input);
}
else
{
mac = ComputeClientRecordMAC(contentType, input);
}
#if DEBUG_FULL
if (Cipher.EnableDebugging)
{
DebugHelper.WriteLine("RECORD MAC", mac);
}
#endif
int plen;
byte padLen;
int totalLength = GetEncryptedSize(input.Size, out plen, out padLen);
var totalOutput = new BufferOffsetSize(output.Buffer, output.Offset, totalLength);
var outputWriter = new TlsBuffer(totalOutput);
outputWriter.Position += HeaderSize;
outputWriter.Write(input.Buffer, input.Offset, input.Size);
outputWriter.Write(mac);
for (int i = 0; i <= padLen; i++)
{
outputWriter.Write(padLen);
}
// Encrypt the message
EncryptRecord(d, totalOutput);
return(totalLength);
}
public void SetCipherList(ICollection <CipherSuiteCode> ciphers)
{
var codes = new TlsBuffer(ciphers.Count * 2);
foreach (var cipher in ciphers)
{
codes.Write((short)cipher);
}
var ret = native_openssl_set_cipher_list(handle, codes.Buffer, ciphers.Count);
CheckError(ret);
}
SecureBuffer CreateParameterBuffer(HandshakeParameters hsp)
{
var length = P.Length + G.Length + Y.Length + 6;
var buffer = new TlsBuffer(64 + length);
buffer.Write(hsp.ClientRandom.Buffer);
buffer.Write(hsp.ServerRandom.Buffer);
buffer.Write((short)P.Length);
buffer.Write(P);
buffer.Write((short)G.Length);
buffer.Write(G);
buffer.Write((short)Y.Length);
buffer.Write(Y);
return(new SecureBuffer(buffer.Buffer));
}
public override void Encode (TlsBuffer buffer)
{
var asciiName = Encoding.ASCII.GetBytes (ServerName);
buffer.Write ((short)ExtensionType);
buffer.Write ((short)(asciiName.Length + 5)); // ServerNameList
buffer.Write ((short)(asciiName.Length + 3)); // ServerList
buffer.Write ((byte)0x00); // HostName
buffer.Write ((short)asciiName.Length);
buffer.Write (asciiName);
}
public override void Encode(TlsBuffer buffer)
{
var asciiName = Encoding.ASCII.GetBytes(ServerName);
buffer.Write((short)ExtensionType);
buffer.Write((short)(asciiName.Length + 5)); // ServerNameList
buffer.Write((short)(asciiName.Length + 3)); // ServerList
buffer.Write((byte)0x00); // HostName
buffer.Write((short)asciiName.Length);
buffer.Write(asciiName);
}
SecureBuffer CreateParameterBuffer(HandshakeParameters hsp)
{
var length = 4 + publicBytes.Length;
var buffer = new TlsBuffer(64 + length);
buffer.Write(hsp.ClientRandom.Buffer);
buffer.Write(hsp.ServerRandom.Buffer);
buffer.Write((byte)curveType);
buffer.Write((short)namedCurve);
buffer.Write((byte)publicBytes.Length);
buffer.Write(publicBytes);
return(new SecureBuffer(buffer.Buffer));
}
public void TestDecryptWithInvalidPadding2(TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var input = GetBuffer(Data11Result);
var modified = new TlsBuffer(input.Size);
modified.Write(input.Buffer);
// Flip a bit in the last byte, this will affect the padding size.
modified.Buffer [modified.Size - 1] ^= 0x01;
input = new BufferOffsetSize(modified.Buffer, 0, modified.Size);
try {
host.Decrypt(input);
ctx.AssertFail("#1");
} catch (Exception ex) {
ctx.Assert(ex, Is.InstanceOf <TlsException> (), "#2");
var tlsEx = (TlsException)ex;
ctx.Assert(tlsEx.Alert.Level, Is.EqualTo(AlertLevel.Fatal), "#3");
ctx.Assert(tlsEx.Alert.Description, Is.EqualTo(AlertDescription.BadRecordMAC), "#4");
}
}
public void TestDecryptWithInvalidPadding(TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var input = GetBuffer(ExtraPaddingResult);
var modified = new TlsBuffer(input.Size);
modified.Write(input.Buffer);
var theOffset = modified.Size - (2 * host.BlockSize) - 5;
modified.Buffer [theOffset] ^= 0x01;
input = new BufferOffsetSize(modified.Buffer, 0, modified.Size);
try {
host.Decrypt(input);
ctx.AssertFail("#1");
} catch (Exception ex) {
ctx.Assert(ex, Is.InstanceOf <TlsException> (), "#2");
var tlsEx = (TlsException)ex;
ctx.Assert(tlsEx.Alert.Level, Is.EqualTo(AlertLevel.Fatal), "#3");
ctx.Assert(tlsEx.Alert.Description, Is.EqualTo(AlertDescription.BadRecordMAC), "#4");
}
}
public void TestInputOffset (TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var hello = GetBuffer (HelloWorldName);
var input = new TlsBuffer (hello.Size + MagicDataSize + MagicData2Size);
input.Write (GetBuffer (MagicDataName));
var startPos = input.Position;
input.Write (hello);
input.Write (GetBuffer (MagicData2Name));
var output = host.Encrypt (new BufferOffsetSize (input.Buffer, startPos, hello.Size));
ctx.Assert (output, Is.Not.Null, "#1");
ctx.Assert (output.Size, Is.EqualTo (hello.Size + host.MinExtraEncryptedBytes), "#2");
WriteAndCheckOutput (ctx, HelloWorldResult, output);
}
SecureBuffer CreateParameterBuffer (HandshakeParameters hsp)
{
var length = P.Length + G.Length + Y.Length + 6;
var buffer = new TlsBuffer (64 + length);
buffer.Write (hsp.ClientRandom.Buffer);
buffer.Write (hsp.ServerRandom.Buffer);
buffer.Write ((short)P.Length);
buffer.Write (P);
buffer.Write ((short)G.Length);
buffer.Write (G);
buffer.Write ((short)Y.Length);
buffer.Write (Y);
return new SecureBuffer (buffer.Buffer);
}
public void TestOutputOffset (TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var input = GetBuffer (HelloWorldName);
var output = new TlsBuffer (input.Size + host.MaxExtraEncryptedBytes + MagicDataSize);
output.Write (GetBuffer (MagicDataName));
var startOffset = output.Offset;
var startPos = output.Position;
var startSize = output.Size;
var length = host.Encrypt (input, output.GetRemaining ());
ctx.Assert (length, Is.GreaterThanOrEqualTo (0), "#1");
ctx.Assert (length, Is.EqualTo (input.Size + host.MinExtraEncryptedBytes), "#2a");
ctx.Assert (output.Offset, Is.EqualTo (startOffset), "#2b");
ctx.Assert (output.Size, Is.EqualTo (startSize), "#2c");
output.Position = 0;
var magic = output.ReadBytes (MagicDataSize);
ctx.Assert (magic, Is.EqualTo (GetField (MagicDataName)), "#3");
var encrypted = output.ReadBytes (length);
CheckOutput (ctx, HelloWorldResult, new BufferOffsetSize (encrypted));
}
internal void Encode (TlsBuffer buffer)
{
buffer.Write ((byte)Hash);
buffer.Write ((byte)Signature);
}
internal void Encode(TlsBuffer buffer)
{
buffer.Write((byte)Hash);
buffer.Write((byte)Signature);
}
static byte[] ComputeRecordMAC (TlsProtocolCode protocol, HMac hmac, ulong seqnum, ContentType contentType, IBufferOffsetSize fragment)
{
var header = new TlsBuffer (13);
header.Write (seqnum);
header.Write ((byte)contentType);
header.Write ((short)protocol);
header.Write ((short)fragment.Size);
hmac.Reset ();
hmac.TransformBlock (header.Buffer, 0, header.Size);
hmac.TransformBlock (fragment.Buffer, fragment.Offset, fragment.Size);
return hmac.TransformFinalBlock ();
}
protected override int Encrypt (DisposeContext d, ContentType contentType, IBufferOffsetSize input, IBufferOffsetSize output)
{
// Calculate message MAC
byte[] mac = null;
if (IsServer)
mac = ComputeServerRecordMAC (contentType, input);
else
mac = ComputeClientRecordMAC (contentType, input);
#if DEBUG_FULL
if (Cipher.EnableDebugging)
DebugHelper.WriteLine ("RECORD MAC", mac);
#endif
int plen;
byte padLen;
int totalLength = GetEncryptedSize (input.Size, out plen, out padLen);
var totalOutput = new BufferOffsetSize (output.Buffer, output.Offset, totalLength);
var outputWriter = new TlsBuffer (totalOutput);
outputWriter.Position += HeaderSize;
outputWriter.Write (input.Buffer, input.Offset, input.Size);
outputWriter.Write (mac);
for (int i = 0; i <= padLen; i++)
outputWriter.Write (padLen);
// Encrypt the message
EncryptRecord (d, totalOutput);
return totalLength;
}
public static void EncodeSignatureAndHashAlgorithm(SignatureAndHashAlgorithm algorithm, TlsBuffer buffer)
{
buffer.Write((byte)algorithm.Hash);
buffer.Write((byte)algorithm.Signature);
}
SecureBuffer CreateParameterBuffer (HandshakeParameters hsp)
{
var length = 4 + publicBytes.Length;
var buffer = new TlsBuffer (64 + length);
buffer.Write (hsp.ClientRandom.Buffer);
buffer.Write (hsp.ServerRandom.Buffer);
buffer.Write ((byte)curveType);
buffer.Write ((short)namedCurve);
buffer.Write ((byte)publicBytes.Length);
buffer.Write (publicBytes);
return new SecureBuffer (buffer.Buffer);
}
public void TestDecrypt (TestContext ctx, [TestHost] IEncryptionTestHost host)
{
var input = GetBuffer (HelloWorldResult);
var output = new TlsBuffer (input.Size + MagicDataSize + MagicData2Size);
output.Write (GetBuffer (MagicDataName));
output.Write (GetBuffer (MagicData2Name));
var hello = GetField (HelloWorldName);
var length = host.Decrypt (input, output.GetRemaining ());
ctx.Assert (length, Is.EqualTo (hello.Length), "#1");
output.Position = 0;
var magic = output.ReadBytes (MagicDataSize);
ctx.Assert (magic, Is.EqualTo (GetField (MagicDataName)), "#2");
var magic2 = output.ReadBytes (MagicData2Size);
ctx.Assert (magic2, Is.EqualTo (GetField (MagicData2Name)), "#3");
var decrypted = output.ReadBytes (length);
ctx.Assert (decrypted, Is.EqualTo (hello), "#4");
}
protected override int Decrypt (DisposeContext d, ContentType contentType, IBufferOffsetSize input, IBufferOffsetSize output)
{
var implicitNonce = IsClient ? ServerWriteIV : ClientWriteIV;
var writeKey = IsClient ? ServerWriteKey : ClientWriteKey;
#if DEBUG_FULL
if (Cipher.EnableDebugging) {
DebugHelper.WriteLine ("FIXED IV", implicitNonce);
DebugHelper.WriteLine ("WRITE KEY", writeKey);
DebugHelper.WriteLine ("SEQUENCE: {0}", ReadSequenceNumber);
}
#endif
var length = input.Size - ExplicitNonceSize;
var aad = new TlsBuffer (13);
aad.Write (ReadSequenceNumber);
aad.Write ((byte)contentType);
aad.Write ((short)Protocol);
aad.Write ((short)(length - MacSize));
#if DEBUG_FULL
if (Cipher.EnableDebugging)
DebugHelper.WriteFull ("TAG", aad);
#endif
var gcm = new GcmBlockCipher (new AesEngine ());
var key = new KeyParameter (writeKey.Buffer);
var nonce = d.CreateBuffer (ImplicitNonceSize + ExplicitNonceSize);
Buffer.BlockCopy (implicitNonce.Buffer, 0, nonce.Buffer, 0, ImplicitNonceSize);
Buffer.BlockCopy (input.Buffer, input.Offset, nonce.Buffer, ImplicitNonceSize, ExplicitNonceSize);
#if DEBUG_FULL
if (Cipher.EnableDebugging)
DebugHelper.WriteLine ("NONCE", nonce);
#endif
var parameters = new AeadParameters (key, 128, nonce.Buffer, aad.Buffer);
gcm.Init (false, parameters);
int ret;
try {
ret = gcm.ProcessBytes (input.Buffer, input.Offset + ExplicitNonceSize, length, output.Buffer, output.Offset);
ret += gcm.DoFinal (output.Buffer, output.Offset + ret);
} catch (CryptoException ex) {
throw new TlsException (AlertDescription.BadRecordMAC, ex.Message);
}
return ret;
}