internal TlsDHKeyExchange(TlsProtocolHandler handler, ICertificateVerifyer verifyer, TlsKeyExchangeAlgorithm keyExchange) { switch (keyExchange) { case TlsKeyExchangeAlgorithm.KE_DH_RSA: case TlsKeyExchangeAlgorithm.KE_DH_DSS: this.tlsSigner = null; break; case TlsKeyExchangeAlgorithm.KE_DHE_RSA: this.tlsSigner = new TlsRsaSigner(); break; case TlsKeyExchangeAlgorithm.KE_DHE_DSS: this.tlsSigner = new TlsDssSigner(); break; default: throw new ArgumentException("unsupported key exchange algorithm", "keyExchange"); } this.handler = handler; this.verifyer = verifyer; this.keyExchange = keyExchange; }
internal static void CheckVersion(byte[] readVersion, TlsProtocolHandler handler) { if ((readVersion[0] != 3) || (readVersion[1] != 1)) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_protocol_version); } }
internal static void CheckVersion(byte[] readVersion, TlsProtocolHandler handler) { if ((readVersion[0] != 3) || (readVersion[1] != 1)) { throw new TlsFatalAlert(AlertDescription.protocol_version); } }
internal static TlsCipherSuite GetCipherSuite( int number, TlsProtocolHandler handler) { switch (number) { case TLS_RSA_WITH_3DES_EDE_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_RSA)); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_RSA)); case TLS_RSA_WITH_AES_128_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_RSA)); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_RSA)); case TLS_RSA_WITH_AES_256_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_RSA)); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return(new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_RSA)); default: handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure); /* * Unreachable Code, failWithError will always throw an exception! */ return(null); } }
internal static TlsCipherSuite GetCipherSuite( int number, TlsProtocolHandler handler) { switch (number) { case TLS_RSA_WITH_3DES_EDE_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_RSA); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_RSA); case TLS_RSA_WITH_AES_128_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_RSA); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_RSA); case TLS_RSA_WITH_AES_256_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_RSA); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_RSA); default: handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure); /* * Unreachable Code, failWithError will always throw an exception! */ return null; } }
void StartAuthentication(object state) { var result = state as AuthenticateResult; m_TlsHandler = new TlsProtocolHandler(m_InnerStream); try { m_TlsHandler.Connect(new LegacyTlsClient(new AlwaysValidVerifyer())); m_SecureStream = m_TlsHandler.Stream; } catch (Exception e) { result.Exception = e; } finally { result.IsCompleted = true; var callback = result.Callback; if (callback != null) callback(result); } }
internal override void Init( TlsProtocolHandler handler, byte[] ms, byte[] cr, byte[] sr) { throw new TlsException("Sorry, init of TLS_NULL_WITH_NULL_NULL is forbidden"); }
internal static void CheckVersion(Stream inStr, TlsProtocolHandler handler) { int i1 = inStr.ReadByte(); int i2 = inStr.ReadByte(); if ((i1 != 3) || (i2 != 1)) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_protocol_version); } }
protected override void HandleConnectionReady() { var stream = this.GetStream(); var handler = new TlsProtocolHandler(stream); handler.Connect(tlsClient); this.secureStream = handler.Stream; }
internal static void CheckVersion(Stream inStr, TlsProtocolHandler handler) { int i1 = inStr.ReadByte(); int i2 = inStr.ReadByte(); if ((i1 != 3) || (i2 != 1)) { throw new TlsFatalAlert(AlertDescription.protocol_version); } }
/// <summary> /// Connect to the server and wrap the socket in a TLS handler. /// </summary> public void Connect(string ipAddress, int port, int sendTimeout, int receiveTimeout) { _tcpClient = new TcpClient { SendTimeout = sendTimeout, ReceiveTimeout = receiveTimeout }; _tcpClient.Connect(ipAddress, port); _tlsProtocolHandler = new TlsProtocolHandler(_tcpClient.GetStream()); _tlsProtocolHandler.Connect(this); _hasConnected = true; }
internal override byte[] DecodeCiphertext( short type, byte[] plaintext, int offset, int len, TlsProtocolHandler handler) { byte[] result = new byte[len]; Array.Copy(plaintext, offset, result, 0, len); return result; }
internal override byte[] DecodeCiphertext( short type, byte[] plaintext, int offset, int len, TlsProtocolHandler handler) { byte[] result = new byte[len]; Array.Copy(plaintext, offset, result, 0, len); return(result); }
internal RecordStream( TlsProtocolHandler handler, Stream inStr, Stream outStr) { this.handler = handler; this.inStr = inStr; this.outStr = outStr; this.hash = new CombinedHash(); this.readCipher = new TlsNullCipher(); this.writeCipher = this.readCipher; }
internal RecordStream( TlsProtocolHandler handler, Stream inStr, Stream outStr) { this.handler = handler; this.inStr = inStr; this.outStr = outStr; hash1 = new CombinedHash(); hash2 = new CombinedHash(); this.readSuite = new TlsNullCipherSuite(); this.writeSuite = this.readSuite; }
internal static TlsCipherSuite GetCipherSuite( int number, TlsProtocolHandler handler) { switch (number) { case TLS_RSA_WITH_3DES_EDE_CBC_SHA: return(createDesEdeCipherSuite(24, TlsCipherSuite.KE_RSA)); case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: return(createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_DSS)); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return(createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_RSA)); case TLS_RSA_WITH_AES_128_CBC_SHA: return(createAesCipherSuite(16, TlsCipherSuite.KE_RSA)); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: return(createAesCipherSuite(16, TlsCipherSuite.KE_DHE_DSS)); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(createAesCipherSuite(16, TlsCipherSuite.KE_DHE_RSA)); case TLS_RSA_WITH_AES_256_CBC_SHA: return(createAesCipherSuite(32, TlsCipherSuite.KE_RSA)); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: return(createAesCipherSuite(32, TlsCipherSuite.KE_DHE_DSS)); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return(createAesCipherSuite(32, TlsCipherSuite.KE_DHE_RSA)); default: handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure); /* * Unreachable Code, failWithError will always throw an exception! */ return(null); } }
internal static TlsCipherSuite GetCipherSuite( int number, TlsProtocolHandler handler) { switch (number) { case TLS_RSA_WITH_3DES_EDE_CBC_SHA: return createDesEdeCipherSuite(24, TlsCipherSuite.KE_RSA); case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_DSS); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_RSA); case TLS_RSA_WITH_AES_128_CBC_SHA: return createAesCipherSuite(16, TlsCipherSuite.KE_RSA); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_DSS); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_RSA); case TLS_RSA_WITH_AES_256_CBC_SHA: return createAesCipherSuite(32, TlsCipherSuite.KE_RSA); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_DSS); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_RSA); default: handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure); /* * Unreachable Code, failWithError will always throw an exception! */ return null; } }
internal TlsBlockCipher(TlsProtocolHandler handler, IBlockCipher encryptCipher, IBlockCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize, SecurityParameters securityParameters) { this.handler = handler; this.encryptCipher = encryptCipher; this.decryptCipher = decryptCipher; int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize() + readDigest.GetDigestSize() + encryptCipher.GetBlockSize() + decryptCipher.GetBlockSize(); byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion", TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom), prfSize); int offset = 0; // Init MACs writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset); readMac = CreateTlsMac(readDigest, keyBlock, ref offset); // Build keys KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); // Add IVs ParametersWithIV encryptParams = CreateParametersWithIV(encryptKey, keyBlock, ref offset, encryptCipher.GetBlockSize()); ParametersWithIV decryptParams = CreateParametersWithIV(decryptKey, keyBlock, ref offset, decryptCipher.GetBlockSize()); if (offset != prfSize) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); } // Init Ciphers encryptCipher.Init(true, encryptParams); decryptCipher.Init(false, decryptParams); }
internal TlsBlockCipher(TlsProtocolHandler handler, IBlockCipher encryptCipher, IBlockCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize, SecurityParameters securityParameters) { this.handler = handler; this.encryptCipher = encryptCipher; this.decryptCipher = decryptCipher; int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize() + readDigest.GetDigestSize() + encryptCipher.GetBlockSize() + decryptCipher.GetBlockSize(); byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion", TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom), prfSize); int offset = 0; // Init MACs writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset); readMac = CreateTlsMac(readDigest, keyBlock, ref offset); // Build keys KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); // Add IVs ParametersWithIV encryptParams = CreateParametersWithIV(encryptKey, keyBlock, ref offset, encryptCipher.GetBlockSize()); ParametersWithIV decryptParams = CreateParametersWithIV(decryptKey, keyBlock, ref offset, decryptCipher.GetBlockSize()); if (offset != prfSize) handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); // Init Ciphers encryptCipher.Init(true, encryptParams); decryptCipher.Init(false, decryptParams); }
internal TlsSrpKeyExchange(TlsProtocolHandler handler, ICertificateVerifyer verifyer, TlsKeyExchangeAlgorithm keyExchange) { switch (keyExchange) { case TlsKeyExchangeAlgorithm.KE_SRP: this.tlsSigner = null; break; case TlsKeyExchangeAlgorithm.KE_SRP_RSA: this.tlsSigner = new TlsRsaSigner(); break; case TlsKeyExchangeAlgorithm.KE_SRP_DSS: this.tlsSigner = new TlsDssSigner(); break; default: throw new ArgumentException("unsupported key exchange algorithm", "keyExchange"); } this.handler = handler; this.verifyer = verifyer; this.keyExchange = keyExchange; }
internal override void Init(TlsProtocolHandler handler, byte[] ms, byte[] cr, byte[] sr) { this.handler = handler; int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize() + readDigest.GetDigestSize() + encryptCipher.GetBlockSize() + decryptCipher.GetBlockSize(); byte[] keyBlock = new byte[prfSize]; byte[] random = new byte[cr.Length + sr.Length]; Array.Copy(cr, 0, random, sr.Length, cr.Length); Array.Copy(sr, 0, random, 0, sr.Length); TlsUtilities.PRF(ms, "key expansion", random, keyBlock); int offset = 0; // Init MACs writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset); readMac = CreateTlsMac(readDigest, keyBlock, ref offset); // Build keys KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize); // Add IVs ParametersWithIV encryptParams = CreateParametersWithIV(encryptKey, keyBlock, ref offset, encryptCipher.GetBlockSize()); ParametersWithIV decryptParams = CreateParametersWithIV(decryptKey, keyBlock, ref offset, decryptCipher.GetBlockSize()); if (offset != prfSize) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); } // Init Ciphers encryptCipher.Init(true, encryptParams); decryptCipher.Init(false, decryptParams); }
internal abstract byte[] DecodeCiphertext(short type, byte[] plaintext, int offset, int len, TlsProtocolHandler handler);
public void Init(TlsProtocolHandler handler) { this.handler = handler; }
internal TlsRsaKeyExchange(TlsProtocolHandler handler, ICertificateVerifyer verifyer) { this.handler = handler; this.verifyer = verifyer; }
internal override byte[] DecodeCiphertext( short type, byte[] ciphertext, int offset, int len, TlsProtocolHandler handler) { int blocksize = decryptCipher.GetBlockSize(); bool decrypterror = false; /* * Decrypt all the ciphertext using the blockcipher */ for (int i = 0; i < len; i += blocksize) { decryptCipher.ProcessBlock(ciphertext, i + offset, ciphertext, i + offset); } /* * Check if padding is correct */ int paddingsize = ciphertext[offset + len - 1]; if (offset + len - 1 - paddingsize < 0) { /* * This would lead to an negativ array index, so this padding * must be incorrect! */ decrypterror = true; paddingsize = 0; } else { /* * Now, check all the padding-bytes. */ for (int i = 0; i <= paddingsize; i++) { if (ciphertext[offset + len - 1 - i] != paddingsize) { /* Wrong padding */ decrypterror = true; } } } /* * We now don't care if padding verification has failed or not, * we will calculate the mac to give an attacker no kind of timing * profile he can use to find out if mac verification failed or * padding verification failed. */ int plaintextlength = len - readMac.Size - paddingsize - 1; byte[] calculatedMac = readMac.CalculateMac(type, ciphertext, offset, plaintextlength); /* * Check all bytes in the mac. */ for (int i = 0; i < calculatedMac.Length; i++) { if (ciphertext[offset + plaintextlength + i] != calculatedMac[i]) { decrypterror = true; } } /* * Now, it is save to fail. */ if (decrypterror) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_record_mac); } byte[] plaintext = new byte[plaintextlength]; Array.Copy(ciphertext, offset, plaintext, 0, plaintextlength); return(plaintext); }
internal TlsStream( TlsProtocolHandler handler) { this.handler = handler; }
public SslStream(Stream stream) { handler = new TlsProtocolHandler(stream); }
public static Stream Connect(NetworkStream ns, bool verifyCertificates) { var handler = new TlsProtocolHandler(ns); handler.Connect(new TlsClient(verifyCertificates)); return handler.Stream; }
internal abstract void Init(TlsProtocolHandler handler, byte[] ms, byte[] cr, byte[] sr);
internal TlsInputStream( TlsProtocolHandler handler) { this.handler = handler; }
internal override byte[] DecodeCiphertext( short type, byte[] ciphertext, int offset, int len, TlsProtocolHandler handler) { int blocksize = decryptCipher.GetBlockSize(); bool decrypterror = false; /* * Decrypt all the ciphertext using the blockcipher */ for (int i = 0; i < len; i += blocksize) { decryptCipher.ProcessBlock(ciphertext, i + offset, ciphertext, i + offset); } /* * Check if padding is correct */ int paddingsize = ciphertext[offset + len - 1]; if (offset + len - 1 - paddingsize < 0) { /* * This would lead to a negative array index, so this padding * must be incorrect! */ decrypterror = true; paddingsize = 0; } else { /* * Now, check all the padding-bytes. */ for (int i = 0; i <= paddingsize; i++) { if (ciphertext[offset + len - 1 - i] != paddingsize) { /* Wrong padding */ decrypterror = true; } } } /* * We now don't care if padding verification has failed or not, * we will calculate the mac to give an attacker no kind of timing * profile he can use to find out if mac verification failed or * padding verification failed. */ int plaintextlength = len - readMac.Size - paddingsize - 1; byte[] calculatedMac = readMac.CalculateMac(type, ciphertext, offset, plaintextlength); /* * Check all bytes in the mac. */ for (int i = 0; i < calculatedMac.Length; i++) { if (ciphertext[offset + plaintextlength + i] != calculatedMac[i]) { decrypterror = true; } } /* * Now, it is safe to fail. */ if (decrypterror) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_record_mac); } byte[] plaintext = new byte[plaintextlength]; Array.Copy(ciphertext, offset, plaintext, 0, plaintextlength); return plaintext; }