private static byte[] WrapApdu(byte[] apdu, TlsClientProtocol tls)
{
byte[] header = { 0x84, 0x00, 0x00, 0x00 };
List <byte> finalApdu = new List <byte>();
tls.OfferOutput(apdu, 0, apdu.Length);
int dataAvailable = tls.GetAvailableOutputBytes();
byte[] wrappedData = new byte[dataAvailable];
tls.ReadOutput(wrappedData, 0, wrappedData.Length);
if (wrappedData.Length <= 255)
{
finalApdu.AddRange(header);
finalApdu.Add((byte)wrappedData.Length);
finalApdu.AddRange(wrappedData);
}
else
{
finalApdu.AddRange(header);
finalApdu.Add((byte)0x00);
finalApdu.Add((byte)(wrappedData.Length >> 8));
finalApdu.Add((byte)wrappedData.Length);
finalApdu.AddRange(wrappedData);
}
return(finalApdu.ToArray());
}
public async static Task <TlsClientProtocol> PerformSSLHadshakeWithToken(ConnectionState connectionState, CancellationToken token)
{
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol pkiClientProtocol = new TlsClientProtocol(secureRandomInstance);
MyPKITlsClient pkiClient = new MyPKITlsClient();
pkiClientProtocol.Connect(pkiClient);
await SendSelectSslModuleApduAsync(connectionState, token);
await SendSslResetApduAsync(connectionState, token);
while (pkiClient.handshakeFinished != true)
{
int dataAvailable = pkiClientProtocol.GetAvailableOutputBytes();
byte[] data = new byte[dataAvailable];
pkiClientProtocol.ReadOutput(data, 0, dataAvailable);
byte[] response = await SendHandshakeApduAsync(data, connectionState, token);
pkiClientProtocol.OfferInput((byte[])response);
}
return(pkiClientProtocol);
}
public void WriteData()
{
if (_queue.Count == 0)
{
return;
}
lock (_writeLock) {
if (_writing > 0)
{
return;
}
_writing = 1;
}
while (Queue.Count > 0)
{
QueueItem q;
int cbRead;
byte[] buffer = new byte[1024];
if (!_queue.TryDequeue(out q))
{
break;
}
if (_tlsClient != null)
{
_tlsClient.OfferOutput(q.Data, 0, q.Data.Length);
do
{
cbRead = _tlsClient.ReadOutput(buffer, 0, buffer.Length);
_stm.Write(buffer, 0, cbRead);
} while (cbRead > 0);
}
else if (_tlsServer != null)
{
_tlsServer.OfferOutput(q.Data, 0, q.Data.Length);
do
{
cbRead = _tlsServer.ReadOutput(buffer, 0, buffer.Length);
_stm.Write(buffer, 0, cbRead);
} while (cbRead > 0);
}
}
lock (_writeLock) {
_writing = 0;
if (_queue.Count > 0)
{
WriteData();
}
}
}
public async static Task EstablishSRPChannelAsync(ConnectionState connectionState, CancellationToken token)
{
string keyAsString;
Settings.GetSrpKey(out keyAsString);
byte[] key = keyAsString.ConvertHexStringToByteArray();
byte[] random = new byte[128];
var rngProvider = new System.Security.Cryptography.RNGCryptoServiceProvider();
rngProvider.GetBytes(random);
var secureRandomInstance = SecureRandom.GetInstance("SHA256PRNG");
secureRandomInstance.SetSeed(random);
TlsClientProtocol srpClientProtocol = new TlsClientProtocol(secureRandomInstance);
var srpClient = new MySrpTlsClient(Encoding.ASCII.GetBytes("user"), key);
srpClientProtocol.Connect(srpClient);
var stream = connectionState.client.GetStream();
byte[] inputBuffer = new byte[4096];
while (srpClient.handshakeFinished != true)
{
int dataAvailable = srpClientProtocol.GetAvailableOutputBytes();
if (dataAvailable != 0)
{
byte[] data = new byte[dataAvailable];
srpClientProtocol.ReadOutput(data, 0, dataAvailable);
await stream.WriteAsync(data, 0, dataAvailable, token);
}
int bytesReceived = await stream.ReadAsync(inputBuffer, 0, inputBuffer.Length, token);
if (bytesReceived != 0)
{
byte[] truncatedInputBuffer = new byte[bytesReceived];
Array.Copy(inputBuffer, 0, truncatedInputBuffer, 0, bytesReceived);
srpClientProtocol.OfferInput(truncatedInputBuffer);
}
}
connectionState.srpClientProtocol = srpClientProtocol;
}
public void Connect()
{
BasicTlsPskIdentity pskIdentity = null;
if (_userKey != null)
{
if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet))
{
CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier];
if (kid != null)
{
pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
else
{
pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
}
}
_tlsSession = new TLSClient(null, pskIdentity);
_authKey = _userKey;
TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom());
_client = new TcpClient(_ipEndPoint.AddressFamily);
_client.Connect(_ipEndPoint);
_stm = _client.GetStream();
clientProtocol.Connect(_tlsSession);
while (_tlsSession.InHandshake)
{
bool sleep = true;
int cbToRead = clientProtocol.GetAvailableOutputBytes();
if (cbToRead != 0)
{
byte[] data = new byte[cbToRead];
int cbRead = clientProtocol.ReadOutput(data, 0, cbToRead);
_stm.Write(data, 0, cbRead);
sleep = false;
}
if (_stm.DataAvailable)
{
byte[] data = new byte[1024];
int cbRead = _stm.Read(data, 0, data.Length);
Array.Resize(ref data, cbRead);
clientProtocol.OfferInput(data);
sleep = false;
}
if (sleep)
{
Thread.Sleep(100);
}
}
_tlsClient = clientProtocol;
// Send over the capability block
SendCSMSignal();
//
if (_toSend != null)
{
_queue.Enqueue(_toSend);
_toSend = null;
}
_stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);
WriteData();
}
