private static byte[] WrapApdu(byte[] apdu, TlsClientProtocol tls) { byte[] header = { 0x84, 0x00, 0x00, 0x00 }; List <byte> finalApdu = new List <byte>(); tls.OfferOutput(apdu, 0, apdu.Length); int dataAvailable = tls.GetAvailableOutputBytes(); byte[] wrappedData = new byte[dataAvailable]; tls.ReadOutput(wrappedData, 0, wrappedData.Length); if (wrappedData.Length <= 255) { finalApdu.AddRange(header); finalApdu.Add((byte)wrappedData.Length); finalApdu.AddRange(wrappedData); } else { finalApdu.AddRange(header); finalApdu.Add((byte)0x00); finalApdu.Add((byte)(wrappedData.Length >> 8)); finalApdu.Add((byte)wrappedData.Length); finalApdu.AddRange(wrappedData); } return(finalApdu.ToArray()); }
public async static Task <TlsClientProtocol> PerformSSLHadshakeWithToken(ConnectionState connectionState, CancellationToken token) { byte[] random = new byte[128]; var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider(); rngProvider.GetBytes(random); var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG"); secureRandomInstance.SetSeed(random); TlsClientProtocol pkiClientProtocol = new TlsClientProtocol(secureRandomInstance); MyPKITlsClient pkiClient = new MyPKITlsClient(); pkiClientProtocol.Connect(pkiClient); await SendSelectSslModuleApduAsync(connectionState, token); await SendSslResetApduAsync(connectionState, token); while (pkiClient.handshakeFinished != true) { int dataAvailable = pkiClientProtocol.GetAvailableOutputBytes(); byte[] data = new byte[dataAvailable]; pkiClientProtocol.ReadOutput(data, 0, dataAvailable); byte[] response = await SendHandshakeApduAsync(data, connectionState, token); pkiClientProtocol.OfferInput((byte[])response); } return(pkiClientProtocol); }
public void WriteData() { if (_queue.Count == 0) { return; } lock (_writeLock) { if (_writing > 0) { return; } _writing = 1; } while (Queue.Count > 0) { QueueItem q; int cbRead; byte[] buffer = new byte[1024]; if (!_queue.TryDequeue(out q)) { break; } if (_tlsClient != null) { _tlsClient.OfferOutput(q.Data, 0, q.Data.Length); do { cbRead = _tlsClient.ReadOutput(buffer, 0, buffer.Length); _stm.Write(buffer, 0, cbRead); } while (cbRead > 0); } else if (_tlsServer != null) { _tlsServer.OfferOutput(q.Data, 0, q.Data.Length); do { cbRead = _tlsServer.ReadOutput(buffer, 0, buffer.Length); _stm.Write(buffer, 0, cbRead); } while (cbRead > 0); } } lock (_writeLock) { _writing = 0; if (_queue.Count > 0) { WriteData(); } } }
public async static Task EstablishSRPChannelAsync(ConnectionState connectionState, CancellationToken token) { string keyAsString; Settings.GetSrpKey(out keyAsString); byte[] key = keyAsString.ConvertHexStringToByteArray(); byte[] random = new byte[128]; var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider(); rngProvider.GetBytes(random); var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG"); secureRandomInstance.SetSeed(random); TlsClientProtocol srpClientProtocol = new TlsClientProtocol(secureRandomInstance); var srpClient = new MySrpTlsClient(Encoding.ASCII.GetBytes("user"), key); srpClientProtocol.Connect(srpClient); var stream = connectionState.client.GetStream(); byte[] inputBuffer = new byte[4096]; while (srpClient.handshakeFinished != true) { int dataAvailable = srpClientProtocol.GetAvailableOutputBytes(); if (dataAvailable != 0) { byte[] data = new byte[dataAvailable]; srpClientProtocol.ReadOutput(data, 0, dataAvailable); await stream.WriteAsync(data, 0, dataAvailable, token); } int bytesReceived = await stream.ReadAsync(inputBuffer, 0, inputBuffer.Length, token); if (bytesReceived != 0) { byte[] truncatedInputBuffer = new byte[bytesReceived]; Array.Copy(inputBuffer, 0, truncatedInputBuffer, 0, bytesReceived); srpClientProtocol.OfferInput(truncatedInputBuffer); } } connectionState.srpClientProtocol = srpClientProtocol; }
public void Connect() { BasicTlsPskIdentity pskIdentity = null; if (_userKey != null) { if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet)) { CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier]; if (kid != null) { pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString()); } else { pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString()); } } } _tlsSession = new TLSClient(null, pskIdentity); _authKey = _userKey; TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom()); _client = new TcpClient(_ipEndPoint.AddressFamily); _client.Connect(_ipEndPoint); _stm = _client.GetStream(); clientProtocol.Connect(_tlsSession); while (_tlsSession.InHandshake) { bool sleep = true; int cbToRead = clientProtocol.GetAvailableOutputBytes(); if (cbToRead != 0) { byte[] data = new byte[cbToRead]; int cbRead = clientProtocol.ReadOutput(data, 0, cbToRead); _stm.Write(data, 0, cbRead); sleep = false; } if (_stm.DataAvailable) { byte[] data = new byte[1024]; int cbRead = _stm.Read(data, 0, data.Length); Array.Resize(ref data, cbRead); clientProtocol.OfferInput(data); sleep = false; } if (sleep) { Thread.Sleep(100); } } _tlsClient = clientProtocol; // Send over the capability block SendCSMSignal(); // if (_toSend != null) { _queue.Enqueue(_toSend); _toSend = null; } _stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this); WriteData(); }