public DTLSSecurityParameters(Version version, HandshakeInfo handshakeInfo)
{
_HandshakeInfo = handshakeInfo;
if (handshakeInfo != null)
{
_ClientRandom = handshakeInfo.ClientRandom.Serialise();
_ServerRandom = handshakeInfo.ServerRandom.Serialise();
}
TPseudorandomFunction prf = CipherSuites.GetPseudorandomFunction(version, handshakeInfo.CipherSuite);
switch (prf)
{
case TPseudorandomFunction.NotSet:
break;
case TPseudorandomFunction.Legacy:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_legacy;
break;
case TPseudorandomFunction.SHA256:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_sha256;
break;
case TPseudorandomFunction.SHA384:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_sha384;
break;
default:
break;
}
}
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished,
byte[] handshakeHash)
{
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
if (handshakeHash == null)
{
throw new ArgumentNullException(nameof(handshakeHash));
}
TlsContext context = new DTLSContext(client, version, handshakeInfo);
var asciiLabel = isClientFinished ? ExporterLabel.client_finished : ExporterLabel.server_finished;
return(TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12)
: TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12));
}
public DTLSSecurityParameters(Version version, HandshakeInfo handshakeInfo)
{
_HandshakeInfo = handshakeInfo;
if (handshakeInfo != null)
{
_ClientRandom = handshakeInfo.ClientRandom.Serialise();
_ServerRandom = handshakeInfo.ServerRandom.Serialise();
}
TPseudorandomFunction prf = CipherSuites.GetPseudorandomFunction(version, handshakeInfo.CipherSuite);
switch (prf)
{
case TPseudorandomFunction.NotSet:
break;
case TPseudorandomFunction.Legacy:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_legacy;
break;
case TPseudorandomFunction.SHA256:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_sha256;
break;
case TPseudorandomFunction.SHA384:
_PrfAlgorithm = Org.BouncyCastle.Crypto.Tls.PrfAlgorithm.tls_prf_sha384;
break;
default:
break;
}
}
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished, byte[] handshakeHash)
{
string asciiLabel;
TlsContext context = new DTLSContext(client, version, handshakeInfo);
if (isClientFinished)
{
asciiLabel = ExporterLabel.client_finished;
}
else
{
asciiLabel = ExporterLabel.server_finished;
}
//return TlsUtilities.PRF_legacy(masterSecret, asciiLabel, handshakeHash, 12);
return(TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12));
}
public DTLSContext(bool client, Version version, HandshakeInfo handshakeInfo)
{
IsServer = !client;
if (version == DTLSRecord.Version1_2)
{
ClientVersion = ProtocolVersion.DTLSv12;
ServerVersion = ProtocolVersion.DTLSv12;
}
else
{
ClientVersion = ProtocolVersion.DTLSv10;
ServerVersion = ProtocolVersion.DTLSv10;
}
SecurityParameters = new DTLSSecurityParameters(version, handshakeInfo);
NonceRandomGenerator = new DigestRandomGenerator(TlsUtilities.CreateHash(HashAlgorithm.sha256));
NonceRandomGenerator.AddSeedMaterial(Times.NanoTime());
}
public DTLSSecurityParameters(Version version, HandshakeInfo handshakeInfo)
{
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
this._HandshakeInfo = handshakeInfo;
if (handshakeInfo != null)
{
this._ClientRandom = handshakeInfo.ClientRandom.Serialise();
this._ServerRandom = handshakeInfo.ServerRandom.Serialise();
}
switch (CipherSuites.GetPseudorandomFunction(version, handshakeInfo.CipherSuite))
{
case TPseudorandomFunction.NotSet:
{
break;
}
case TPseudorandomFunction.Legacy:
{
this._PrfAlgorithm = BcTls.PrfAlgorithm.tls_prf_legacy;
break;
}
case TPseudorandomFunction.SHA256:
{
this._PrfAlgorithm = BcTls.PrfAlgorithm.tls_prf_sha256;
break;
}
case TPseudorandomFunction.SHA384:
{
this._PrfAlgorithm = BcTls.PrfAlgorithm.tls_prf_sha384;
break;
}
default:
{
break;
}
}
}
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished, byte[] handshakeHash)
{
string asciiLabel;
TlsContext context = new DTLSContext(client, version, handshakeInfo);
if (isClientFinished)
asciiLabel = ExporterLabel.client_finished;
else
asciiLabel = ExporterLabel.server_finished;
//return TlsUtilities.PRF_legacy(masterSecret, asciiLabel, handshakeHash, 12);
return TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12);
}
public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
{
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
DTLSContext context = new DTLSContext(client, version, handshakeInfo);
Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator randomGenerator = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
context.SecureRandom = new Org.BouncyCastle.Security.SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash);
}
else
{
return signer.GenerateRawSignature(privateKey, hash);
}
}
public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
{
int encryptionAlgorithm = GetEncryptionAlgorithm(handshakeInfo.CipherSuite);
int macAlgorithm = GetMACAlgorithm(handshakeInfo.CipherSuite);
TlsContext context = new DTLSContext(client, version, handshakeInfo);
SecurityParameters securityParameters = context.SecurityParameters;
byte[] seed = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom);
string asciiLabel = ExporterLabel.master_secret;
handshakeInfo.MasterSecret = TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
//session.Handshake.MasterSecret = TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48);
#if DEBUG
Console.Write("MasterSecret :");
WriteToConsole(handshakeInfo.MasterSecret);
#endif
seed = Concat(securityParameters.ServerRandom, securityParameters.ClientRandom);
byte[] key_block = TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
//byte[] key_block = TlsUtilities.PRF_legacy(session.Handshake.MasterSecret, ExporterLabel.key_expansion, seed, 96);
#if DEBUG
Console.Write("Key block :");
WriteToConsole(key_block);
#endif
return CipherFactory.CreateCipher(context, encryptionAlgorithm, macAlgorithm);
}
public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
{
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
DTLSContext context = new DTLSContext(client, version, handshakeInfo);
Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator randomGenerator = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
context.SecureRandom = new Org.BouncyCastle.Security.SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
}
else
{
return(signer.GenerateRawSignature(privateKey, hash));
}
}
public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
{
int encryptionAlgorithm = GetEncryptionAlgorithm(handshakeInfo.CipherSuite);
int macAlgorithm = GetMACAlgorithm(handshakeInfo.CipherSuite);
TlsContext context = new DTLSContext(client, version, handshakeInfo);
SecurityParameters securityParameters = context.SecurityParameters;
byte[] seed = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom);
string asciiLabel = ExporterLabel.master_secret;
handshakeInfo.MasterSecret = TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
//session.Handshake.MasterSecret = TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48);
#if DEBUG
Console.Write("MasterSecret :");
WriteToConsole(handshakeInfo.MasterSecret);
#endif
seed = Concat(securityParameters.ServerRandom, securityParameters.ClientRandom);
byte[] key_block = TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
//byte[] key_block = TlsUtilities.PRF_legacy(session.Handshake.MasterSecret, ExporterLabel.key_expansion, seed, 96);
#if DEBUG
Console.Write("Key block :");
WriteToConsole(key_block);
#endif
return(CipherFactory.CreateCipher(context, encryptionAlgorithm, macAlgorithm));
}
public DTLSContext(bool client, Version version, HandshakeInfo handshakeInfo)
{
IsServer = !client;
if (version == DTLSRecord.Version1_2)
{
ClientVersion = ProtocolVersion.DTLSv12;
ServerVersion = ProtocolVersion.DTLSv12;
}
else
{
ClientVersion = ProtocolVersion.DTLSv10;
ServerVersion = ProtocolVersion.DTLSv10;
}
SecurityParameters = new DTLSSecurityParameters(version, handshakeInfo);
NonceRandomGenerator = new DigestRandomGenerator(TlsUtilities.CreateHash(HashAlgorithm.sha256));
NonceRandomGenerator.AddSeedMaterial(Times.NanoTime());
}
public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
#endif
{
if (privateKey == null && rsaKey == null)
{
throw new ArgumentException("No key or Rsa CSP provided");
}
if (privateKey == null)
{
if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
{
return(SignRsa(rsaKey, hash));
}
throw new ArgumentException("Need private key for non-RSA Algorithms");
}
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
if (signatureHashAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureHashAlgorithm));
}
if (hash == null)
{
throw new ArgumentNullException(nameof(hash));
}
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
var context = new DTLSContext(client, version, handshakeInfo);
var randomGenerator = new CryptoApiRandomGenerator();
context.SecureRandom = new SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
var signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
}
else
{
return(signer.GenerateRawSignature(privateKey, hash));
}
}
public static byte[] Sign(AsymmetricKeyParameter privateKey, CngKey rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
{
if (preMasterSecret == null)
{
throw new ArgumentNullException(nameof(preMasterSecret));
}
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
TlsContext context = new DTLSContext(client, version, handshakeInfo);
var securityParameters = context.SecurityParameters;
var seed = securityParameters.ClientRandom.Concat(securityParameters.ServerRandom).ToArray();
var asciiLabel = ExporterLabel.master_secret;
handshakeInfo.MasterSecret = TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48)
: TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
seed = securityParameters.ServerRandom.Concat(securityParameters.ClientRandom).ToArray();
var key_block = TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96)
: TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
return(_CipherFactory
.CreateCipher(context, _GetEncryptionAlgorithm(handshakeInfo.CipherSuite), _GetMACAlgorithm(handshakeInfo.CipherSuite)));
}