public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected() { //Arrange var messageData = GetEncryptedApplicationData(); var verifyData = GetVerifyData(); var encryptionData = GetEncryptionData(); var parsedVerifyData = new Memory <byte>(); using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key)); //Act var cursor = new MemoryCursor(Utils.ParseHexString(messageData)); var result = TlsRecord.TryParseEncrypted(cursor, aead, encryptionData.SeqNum, out var record); using (record.Payload.SetCursor(cursor)) { result &= Finished.TryParse(cursor, out var parsedVerifyDataBuffer); parsedVerifyData = parsedVerifyDataBuffer.Read(cursor); result &= cursor.IsEnd(); } result &= cursor.IsEnd(); //Assert Assert.True(result); Assert.Equal(RecordType.Handshake, record.Type); Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion); Assert.Equal(verifyData, Utils.ToHexString(parsedVerifyData.ToArray()), true); }
public void Write_ResultBytesAreExpected() { //Arrange var expectedBytes = GetMessageHexString(); var buffer = new byte[TlsBuffer.MaxRecordSize]; var random = HandshakeRandom.Parse(GetBytesOfRandom()); var sessionId = SessionId.Parse(GetBytesOfSessionId()); //Act var cursor = new MemoryCursor(buffer); using (TlsRecord.StartWriting(cursor, RecordType.Handshake, ProtocolVersion.Tls12)) using (ServerHello.StartWriting(cursor, random, Cipher.TLS_AES_128_GCM_SHA256, sessionId)) { using (cursor.StartKeyShareWriting()) { using (KeyShareEntry.StartWriting(cursor, NamedGroup.X25519)) { GetBytesOfPublicKey().CopyTo(cursor); } } using (cursor.StartSupportedVersionWriting()) { ProtocolVersion.Tls13.WriteBytes(cursor); } } //Assert Assert.Equal(expectedBytes, Utils.ToHexString(cursor.PeekStart().ToArray()), true); }
public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected() { //Arrange var messageData = GetEncryptedApplicationData(); var cerificateData = GetCertificateData(); var signatureData = GetSignatureData(); var verifyData = GetVerifyData(); var encryptionData = GetEncryptionData(); var parsedCertificateEntries = new List <CertificateEntry>(); var parsedSignatureData = new Memory <byte>(); var parsedCertificateVerifyScheme = new SignatureScheme(); var parsedVerifyData = new Memory <byte>(); using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key)); //Act var cursor = new MemoryCursor(Utils.ParseHexString(messageData)); var result = TlsRecord.TryParseEncrypted(cursor, aead, encryptionData.SeqNum, out var record); using (record.Payload.SetCursor(cursor)) { result &= EncryptedExtensions.TrySlice(cursor); result &= Certificate.TryParse(cursor, out var certificate); foreach (var entry in certificate.Payload.GetCertificateEntryReader(cursor)) { parsedCertificateEntries.Add(entry); } result &= CertificateVerify.TryParse(cursor, out var certificateVerify); parsedSignatureData = certificateVerify.Signature.Read(cursor); parsedCertificateVerifyScheme = certificateVerify.Scheme; result &= Finished.TryParse(cursor, out var parsedVerifyDataBuffer); parsedVerifyData = parsedVerifyDataBuffer.Read(cursor); result &= cursor.IsEnd(); } result &= cursor.IsEnd(); //Assert Assert.True(result); Assert.Equal(RecordType.Handshake, record.Type); Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion); var certificateEntry = Assert.Single(parsedCertificateEntries); Assert.Equal(cerificateData, Utils.ToHexString(certificateEntry.Data.Read(cursor).ToArray()), true); Assert.Equal(signatureData, Utils.ToHexString(parsedSignatureData.ToArray()), true); Assert.Equal(SignatureScheme.RSA_PSS_RSAE_SHA256, parsedCertificateVerifyScheme); Assert.Equal(verifyData, Utils.ToHexString(parsedVerifyData.ToArray()), true); }
public void Read_ResultsAreExpected() { //Arrange var messageBytes = Utils.ParseHexString(GetMessageHexString()); var record = new TlsRecord(); var message = new ServerHello(); var keyShareEntry = new KeyShareEntry(); var supportedVersion = new ProtocolVersion(); //Act var cursor = new MemoryCursor(messageBytes); var result = TlsRecord.TryParse(cursor, RecordType.Handshake, out record); using (record.Payload.SetCursor(cursor)) { result &= ServerHello.TryParse(cursor, out message); using (message.Payload.SetCursor(cursor)) { result &= cursor.TryParseKeyShare(out var keyShareBuffer); using (keyShareBuffer.SetCursor(cursor)) { keyShareEntry = KeyShareEntry.Parse(cursor); } result &= cursor.TryParseSupportedVersion(out var supportedVersionBuffer); using (supportedVersionBuffer.SetCursor(cursor)) { supportedVersion = ProtocolVersion.Parse(cursor); } result &= cursor.IsEnd(); } result &= cursor.IsEnd(); } result &= cursor.IsEnd(); //Assert Assert.True(result); Assert.Equal(RecordType.Handshake, record.Type); Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion); Assert.Equal(HandshakeRandom.Parse(GetBytesOfRandom()), message.Random); Assert.Equal(SessionId.Parse(GetBytesOfSessionId()), message.SessionId); Assert.Equal(Cipher.TLS_AES_128_GCM_SHA256, message.Cipher); Assert.Equal(NamedGroup.X25519, keyShareEntry.Group); Assert.True(GetBytesOfPublicKey().AsSpan().SequenceEqual(keyShareEntry.Key.Read(cursor).Span)); Assert.Equal(ProtocolVersion.Tls13, supportedVersion); }
public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected(string encryptedData, string key, string iv, ulong seq, string decryptedPayload) { //Arrange var buffer = Utils.ParseHexString(encryptedData); using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(iv), Utils.ParseHexString(key)); //Act var cursor = new MemoryCursor(buffer); var result = TlsRecord.TryParseEncrypted(cursor, aead, seq, out var record); var decryptedResult = record.Payload.Read(cursor); //Assert Assert.True(result); Assert.Equal(RecordType.ApplicationData, record.Type); Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion); Assert.Equal(decryptedPayload, Utils.ToHexString(decryptedResult.ToArray()), true); }
public void WriteEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected(string encryptedData, string key, string iv, ulong seq, string decryptedPayload) { //Arrange var buffer = new byte[TlsBuffer.MaxRecordSize]; using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(iv), Utils.ParseHexString(key)); //Act var cursor = new MemoryCursor(buffer); using (TlsRecord.StartEncryptedWriting(cursor, RecordType.ApplicationData, aead, seq)) { Utils.ParseHexString(decryptedPayload).CopyTo(cursor); } //Assert Assert.Equal(encryptedData, Utils.ToHexString(cursor.PeekStart().ToArray()), true); }
public void WriteEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected() { //Arrange var expectedData = GetEncryptedApplicationData(); var cerificateData = GetCertificateData(); var signatureData = GetSignatureData(); var verifyData = GetVerifyData(); var encryptionData = GetEncryptionData(); var buffer = new byte[TlsBuffer.MaxRecordSize]; using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key)); //Act var cursor = new MemoryCursor(buffer); using (TlsRecord.StartEncryptedWriting(cursor, RecordType.Handshake, aead, encryptionData.SeqNum)) { EncryptedExtensions.WriteEmpty(cursor); using (Certificate.StartWriting(cursor)) { CertificateEntry.Write(Utils.ParseHexString(cerificateData), cursor); } using (CertificateVerify.StartWriting(cursor, SignatureScheme.RSA_PSS_RSAE_SHA256)) { Utils.ParseHexString(signatureData).CopyTo(cursor); } using (Finished.StartWriting(cursor)) { Utils.ParseHexString(verifyData).CopyTo(cursor); } } //Assert Assert.Equal(expectedData, Utils.ToHexString(cursor.PeekStart().ToArray()), true); }
public void Read_ResultsAreExpected() { //Arrange var messageBytes = Utils.ParseHexString(GetMessageHexString()); var record = new TlsRecord(); var message = new ClientHello(); var serverNames = new List <ServerNameEntry>(); var namedGroups = new List <NamedGroup>(); var signatureSchemes = new List <SignatureScheme>(); var keyShareEntries = new List <KeyShareEntry>(); var pskModes = new List <PskKeyExchangeMode>(); var supportedVersions = new List <ProtocolVersion>(); var ciphers = new List <Cipher>(); //Act var cursor = new MemoryCursor(messageBytes); var result = TlsRecord.TryParse(cursor, RecordType.Handshake, out record); using (record.Payload.SetCursor(cursor)) { result &= ClientHello.TryParse(cursor, out message); foreach (var cipher in message.CipherSuite) { ciphers.Add(cipher); } using (message.Payload.SetCursor(cursor)) { result &= cursor.TryParseServerNames(out var serverNamesBuffer); foreach (var entry in serverNamesBuffer.GetServerNameEntryReader(cursor)) { serverNames.Add(entry); } result &= cursor.TryParseSupportedGroups(out var supportedGroupsBuffer); foreach (var group in supportedGroupsBuffer.GetNamedGroupReader(cursor)) { namedGroups.Add(group); } result &= cursor.TryParseSignatureAlgorithms(out var signatureAlgorithmsBuffer); foreach (var scheme in signatureAlgorithmsBuffer.GetSignatureSchemeReader(cursor)) { signatureSchemes.Add(scheme); } result &= cursor.TryParseKeyShares(out var keySharesBuffer); foreach (var entry in keySharesBuffer.GetKeyShareEntryReader(cursor)) { keyShareEntries.Add(entry); } result &= cursor.TryParsePskKeyExchangeModes(out var pskModesBuffer); foreach (var mode in pskModesBuffer.GetPskKeyExchangeModeReader(cursor)) { pskModes.Add(mode); } result &= cursor.TryParseSupportedVersions(out var supportedVersionsBuffer); foreach (var version in supportedVersionsBuffer.GetProtocolVersionReader(cursor)) { supportedVersions.Add(version); } result &= cursor.IsEnd(); } result &= cursor.IsEnd(); } result &= cursor.IsEnd(); //Assert Assert.True(result); Assert.Equal(RecordType.Handshake, record.Type); Assert.Equal(ProtocolVersion.Tls10, record.ProtocolVersion); Assert.Equal(HandshakeRandom.Parse(GetBytesOfRandom()), message.Random); Assert.Equal(SessionId.Parse(GetBytesOfSessionId()), message.SessionId); Assert.Equal(new[] { Cipher.TLS_AES_128_GCM_SHA256, Cipher.TLS_AES_256_GCM_SHA384, Cipher.TLS_CHACHA20_POLY1305_SHA256 }, ciphers); var serverNameEntry = Assert.Single(serverNames); Assert.True(serverNameEntry.IsHostName()); Assert.Equal("example.ulfheim.net", serverNameEntry.ToString()); Assert.Equal(new[] { NamedGroup.X25519, NamedGroup.SECP256R1, NamedGroup.SECP384R1 }, namedGroups); Assert.Equal(new[] { SignatureScheme.ECDSA_SECP256R1_SHA256, SignatureScheme.RSA_PSS_RSAE_SHA256, SignatureScheme.RSA_PKCS1_SHA256, SignatureScheme.ECDSA_SECP384R1_SHA384, SignatureScheme.RSA_PSS_RSAE_SHA384, SignatureScheme.RSA_PKCS1_SHA384, SignatureScheme.RSA_PSS_RSAE_SHA512, SignatureScheme.RSA_PKCS1_SHA512, SignatureScheme.RSA_PKCS1_SHA1 }, signatureSchemes); var keyShareEntry = Assert.Single(keyShareEntries); Assert.Equal(NamedGroup.X25519, keyShareEntry.Group); Assert.True(GetBytesOfPublicKey().AsSpan().SequenceEqual(keyShareEntry.Key.Read(cursor).Span)); var pskMode = Assert.Single(pskModes); Assert.Equal(PskKeyExchangeMode.PskDheKe, pskMode); var supportedVersion = Assert.Single(supportedVersions); Assert.Equal(ProtocolVersion.Tls13, supportedVersion); }
public void Write_ResultBytesAreExpected() { //Arrange var expectedBytes = GetMessageHexString(); var buffer = new byte[TlsBuffer.MaxRecordSize]; var random = HandshakeRandom.Parse(GetBytesOfRandom()); var ciphers = new[] { Cipher.TLS_AES_128_GCM_SHA256, Cipher.TLS_AES_256_GCM_SHA384, Cipher.TLS_CHACHA20_POLY1305_SHA256 }; var sessionId = SessionId.Parse(GetBytesOfSessionId()); //Act var cursor = new MemoryCursor(buffer); using (TlsRecord.StartWriting(cursor, RecordType.Handshake, ProtocolVersion.Tls10)) using (ClientHello.StartWriting(cursor, random, ciphers, sessionId)) { using (cursor.StartServerNamesWriting()) { ServerNameEntry.WriteHostName(cursor, "example.ulfheim.net"); } using (cursor.StartSupportedGroupsWriting()) { NamedGroup.X25519.WriteBytes(cursor); NamedGroup.SECP256R1.WriteBytes(cursor); NamedGroup.SECP384R1.WriteBytes(cursor); } using (cursor.StartSignatureAlgorithmsWriting()) { SignatureScheme.ECDSA_SECP256R1_SHA256.WriteBytes(cursor); SignatureScheme.RSA_PSS_RSAE_SHA256.WriteBytes(cursor); SignatureScheme.RSA_PKCS1_SHA256.WriteBytes(cursor); SignatureScheme.ECDSA_SECP384R1_SHA384.WriteBytes(cursor); SignatureScheme.RSA_PSS_RSAE_SHA384.WriteBytes(cursor); SignatureScheme.RSA_PKCS1_SHA384.WriteBytes(cursor); SignatureScheme.RSA_PSS_RSAE_SHA512.WriteBytes(cursor); SignatureScheme.RSA_PKCS1_SHA512.WriteBytes(cursor); SignatureScheme.RSA_PKCS1_SHA1.WriteBytes(cursor); } using (cursor.StartKeySharesWriting()) { using (KeyShareEntry.StartWriting(cursor, NamedGroup.X25519)) { GetBytesOfPublicKey().CopyTo(cursor); } } using (cursor.StartPskKeyExchangeModesWriting()) { PskKeyExchangeMode.PskDheKe.WriteBytes(cursor); } using (cursor.StartSupportedVersionsWriting()) { ProtocolVersion.Tls13.WriteBytes(cursor); } } //Assert Assert.Equal(expectedBytes, Utils.ToHexString(cursor.PeekStart().ToArray()), true); }