コード例 #1
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("HandShakeClientHello, Version: {0}", Version);
     RandomStruct.DebugDump();
     System.Diagnostics.Debug.WriteLine("   SessionId: {0}", ByteHelper.HexStringFromByte(SessionID, true, int.MaxValue));
     System.Diagnostics.Debug.WriteLine("   Cipher Suites:");
     foreach (CipherSuite suit in CipherSuites)
     {
         System.Diagnostics.Debug.WriteLine("      {0}", suit);
     }
     System.Diagnostics.Debug.WriteLine("   Compression Methods:");
     foreach (CompressionMethod method in CompressionMethods)
     {
         System.Diagnostics.Debug.WriteLine("      {0}", method);
     }
     System.Diagnostics.Debug.WriteLine("");
 }
コード例 #2
0
        public override void DebugDump(bool bReceived)
        {
            System.Diagnostics.Debug.WriteLine("{0} TLSHandShakeMessage Type: {1}, Length {2}, Total Raw Data: \r\n{3}\r\n Parsed Content:\r\n",
                                               bReceived ? "<--" : "-->",
                                               HandShakeMessageType,
                                               MessageLength,
                                               ByteHelper.HexStringFromByte(this.Bytes, true, 32));

            if (HandShakeMessageType == TLS.HandShakeMessageType.ClientHello)
            {
                HandShakeClientHello.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.ServerHello)
            {
                HandShakeServerHello.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.ServerKeyExchange)
            {
                HandShakeServerKeyExchange.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.CertificateRequest)
            {
                HandShakeCertificateRequest.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.Certificate)
            {
                HandShakeCertificateMessage.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.ServerHelloDone)
            {
                HandShakeServerHelloDone.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.CertificateVerify)
            {
                HandShakeCertificateVerify.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.ClientKeyExchange)
            {
                HandShakeClientKeyExchange.DebugDump();
            }
            else if (HandShakeMessageType == TLS.HandShakeMessageType.Finished)
            {
                HandShakeFinished.DebugDump();
            }
        }
コード例 #3
0
        /// <summary>
        /// Reads this object in from an array, returning how many bytes were read, or 0 if there is an error or not enough data
        /// </summary>
        /// <param name="bData"></param>
        /// <param name="nStartAt"></param>
        /// <returns></returns>
        public override uint ReadFromArray(byte[] bData, int nStartAt)
        {
            if (bData.Length < (nStartAt + 4))
            {
                return(0);
            }

            HandShakeMessageType = (HandShakeMessageType)bData[nStartAt + 0];
            MessageLength        = ByteHelper.ReadUintBigEndian(bData, nStartAt + 1, 3); // 24 bits only

            /// See if we have enough data for our message length
            ///
            if (bData.Length < (nStartAt + 4 + MessageLength))
            {
                return(0);
            }

            m_bRawBytes   = ByteHelper.ReadByteArray(bData, nStartAt + 4, (int)MessageLength);
            HandShakeData = m_bRawBytes;// Parse out our sub-message

            return(4 + MessageLength);
        }
コード例 #4
0
        public static void GenerateStuff2()
        {
            string strPreMasterSecret = "03 01 9A 04 0E DA 89 8C 97 01 53 0D DE 42 EE CF 69 09 8A D1 99 D2 B8 93 1B DA 4C 01 BA 1C A0 B6 01 B5 5F 5B 7A A0 F5 5B 3C B1 7D 72 96 33 BC DC";
            string strClientRandom    = "4f1c89f895eb17b8419927796ce5b6f20401a6e96262031f0b37a7872665f9ab";
            string strServerRandom    = "4f1c89cd4170867e7a5a2d6daa4e8d01237096c70bf891d7ff650554433b7ba5";

            byte[] bPreMasterSecret = ByteHelper.ByteFromHexString(strPreMasterSecret);
            byte[] bClientRandom    = ByteHelper.ByteFromHexString(strClientRandom);
            byte[] bServerRandom    = ByteHelper.ByteFromHexString(strServerRandom);

            xmedianet.socketserver.TLS.ConnectionState trans = new xmedianet.socketserver.TLS.ConnectionState();

            ByteBuffer buf = new ByteBuffer();

            buf.AppendData(bClientRandom);
            buf.AppendData(bServerRandom);
            byte[] bCSRandom = buf.GetAllSamples();

            // Do it in reverse order for different algorithms
            buf.AppendData(bServerRandom);
            buf.AppendData(bClientRandom);
            byte[] bSCRandom = buf.GetAllSamples();


            byte[] MasterSecret = trans.PRF(bPreMasterSecret, "master secret", bCSRandom, 48);
            System.Diagnostics.Debug.WriteLine("Master Secret found is:\r\n{0}", ByteHelper.HexStringFromByte(MasterSecret, true, 16));
            /// check... our master secret calulation matches what we see in wireshark, so all is well up to this point

            trans.SecurityParameters.Cipher = Cipher.FindCipher(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
            trans.ComputeKeys(MasterSecret, bSCRandom);


            string strClientHello = "0100002903014f1c89f895eb17b8419927796ce5b6f20401a6e96262031f0b37a7872665f9ab000002002f0100";
            string strServerHello = "0200004603014f1c89cd4170867e7a5a2d6daa4e8d01237096c70bf891d7ff650554433b7ba520880100006ddf3cb09c0eb6e40d0167000f03ca81ac58eec4c3c760a70143524d002f00";
            string strServerCert  = "0b0004ba0004b70004b4308204b030820298a003020102021062be99f31b21039a47bcad3b019383c0300d06092a864886f70d0101050500301431123010060355040313096c6f63616c686f7374301e170d3132303130383036303030305a170d3232303131353036303030305a301431123010060355040313096c6f63616c686f737430820222300d06092a864886f70d01010105000382020f003082020a0282020100a0c647622204207c3948269a4338eba9b86e9494e5f18f3f024ef6850da59045f09ec8f55ed13d0407adb0f0eef2ea99c5ff6f2078a47b27a64eab77b4a1a709af8255d2b2bfd859149296dc5d93c91728165d484ec55ded72d34828ad43d782bcb81b4e3966b7cdccc88bb41355b42e0fd3ed8b24dbc99903ffb73d27d2f26bce18dd2712a84105eb6a0f4152e7a01ad7e8f1ad6d32c3b21ca3a0a6206398fbb1ac7e85f4586f5535ff35e693b5094bf7360a7a33fc9c2693087ae5777aa761a1fa016f02c320eacb51ea879f6a1dc078daab3e134bf0ae5bba774c6bdb95efe35ea7f8d8b0736ec2e28369b457b3d1c1522b810c2e7340a61b6a8c830af7c8de8047eb5f4b624d782a41e330d983515118182c6709ff41373f74d601aa5c9cb8c6a940549ab6f1f8ca11c945d17d2625acb7fe8a10109afddb9cd495da1f3e88261a063273344efb865e6d86fb0f6384f97685fb992af866616da81499a3223a2a557849c0507f27932063b73d9d2d47a2725c28dbce7b32f7f85d568142cad7c1a9cb9132a977b6e6c164a16fa0b77af027afc6dfb28a5d9e8a4babccac66e569f74a4689158a299100540230c9fdfcddc4649232e0af348d4f833f0a9344eb8f64b48f572cf9653280c2b26e6ea3fecb214ace7643e61f4c74dc79373505352f22408ed883252628b557ad749c80445d8acbe97cf9395c1897deb30dea850203010001300d06092a864886f70d010105050003820201004089ae88bd71245d1863b96505aa1342047088680f2078ca79b733eb542a4c1c267055de24210adc682f48f4d18d27d06100179a85bba5b21749cb8e71b200fb97c37b3e9ad64c197a4d4b7befdfceb67a69a80a7be24ac4cc6307ea3241f55b6800ecedee86b5fe8a21869cf8653cc0b653b71b5132c51ad2e334c16c1247155e82d744d0fdb9546d5c14bdbd9b8952d575e34335d85bd2c6079cf2adba910f98dc48a51217b617cf78ca91f57fe2b7ff88e2e78f5882530d55d63ec466a9d02e72f2a4269779880c66136a3dac96a26f334771e59cc89f3c66ddf5d21492b5d40565dbfdc0a9833d57c68728e969088612dbe655dc98a4d2449b2cf06208a4f26d831fa4d90eb79ea59d1934e61029a81c4795f28ec91df7b82b8f2ab85783f12e334d98e2313a7829f73630edd47a891de3b241ecf6aa3afd1d6c6e43db1d177a31b306bf7b05fb4fd56f462179e0efc439fa10391ce010c12607336e6379aa192bb106e86eb875a66919cc5a08692aefaebddbd92736f21b2410889530b8ceeded969624e1f9ab08957254d0029b20881f820276ede7987e86d705f88715e21e950e45624add2ee6cb682f2e9ecd37839ccda82290c5b6638981c45270f75a6c786fa734877a560e7d48c8abc122070ae0792a213de33ccfe0456f31e91c3be4833e50463e2a97ce828bbaae8324482bc07181ba7ee50fb87c65be66bb56";
            string strServerDone  = "0e000000";
            string strClientKE    = "1000020202000fab10111b3822b4fd32d0a73046b8d4f605eadf98bbf89bbd6924fea2e545e6ecbf2844f98de744edda195b73a4f10f9d473808697d03b3d34b947256f0f9395d914eb6a570091c559d27100c5897b8d66f4572955bc242f01d9328fe052f1e240aad72dece482aadb5440931d8271db0f59d558392013522f83c2cc9b11db4f654997f0293decd9a1a2ec950cfb2f2264158a7112ad3626fb51b368497fa4d5ef93b637b95b93b533ae9decd26e22d85a5f5d8b8ac1d151e7b11be23ff1cf341d78c42e281a536da9be3e4560a78fa428d9e44ee200504ba4d4146cbd64b5fb0179f8e015e64ccb13c5581119eb953b44f9d7081266d88fcfed08d632297fe2a94a98f2f930c5f8e564b89598e805bc3b143ea0acc1faa0e7d1d0799cb925b0f6d04f3c68b5d0cff0838ec881575b7aece5b481b17f193e9ad559c1426fa5f7407ba80e81b50ab6c5e589335fdb0861d6b351715cde0b13746b664928d640f1883760623ef867c4dd0568ffd08f03837f511abbc2821fe2d676bf2f742eeb50f27fadacbd211649a7889f0b38aedaab331747c424add3a13fe4575fffb120cbdd544b5d353b1dfbf5dd5be16545d70b436fac29fe12942b63a9dae438e0a5d3f3b116b39317161943474c477371001b3be844908799ec44aeab0f82607cf0e0ba86561c1d8a49298a17b6f2733c1340d185d337e349c58526d8407d3b38498";

            string strEncryptedHS = "35275a481265bd929ede8056ed23ad42bebd2da9d8bc841b813ce8fae921b044fb37f03604fec9de92e1873155212143";

            ByteBuffer objHandShakeBuffer = new ByteBuffer();

            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strClientHello));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerHello));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerCert));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerDone));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strClientKE));

            /// Example says handshake has read 976 bytes of data and written 256... let's check with wireshark
            /// Sent: 53 + 134            170
            /// Recv: 53 + 670 + 4        48

            SHA1Managed sha1 = new SHA1Managed();

            byte[]     bAllHandShakeData        = objHandShakeBuffer.GetAllSamples();
            byte[]     bmd5OfHandshakeMessages  = MD5Core.GetHash(bAllHandShakeData);
            byte[]     bsha1OfHandshakeMessages = sha1.ComputeHash(bAllHandShakeData);
            ByteBuffer bSum = new ByteBuffer();

            bSum.AppendData(bmd5OfHandshakeMessages);
            bSum.AppendData(bsha1OfHandshakeMessages);

            byte[] bCombinedHashes = bSum.GetAllSamples();

            /// No use in writing out this debug, only a few of the characters get seen, the rest are dropped
            ///System.Diagnostics.Debug.WriteLine("**** Start all handshake data ****\r\n{0}\r\n**** End all handshake data ****", ByteHelper.HexStringFromByte(bAllHandshakeData, true, 32));
            /// verify_data
            ///     PRF(master_secret, finished_label, MD5(handshake_messages) + SHA-1(handshake_messages)) [0..11];

            TLSHandShakeMessage msgFinished = new TLSHandShakeMessage();

            msgFinished.HandShakeMessageType          = HandShakeMessageType.Finished;
            msgFinished.HandShakeFinished.verify_data = trans.PRF(MasterSecret, "client finished", bCombinedHashes, 12);

            TLSRecord recordFinished = new TLSRecord();

            recordFinished.MajorVersion = 3;
            recordFinished.MinorVersion = 1;
            recordFinished.ContentType  = TLSContentType.Handshake;
            recordFinished.Messages.Add(msgFinished);

            trans.WriteSequenceNumber = 0;
            byte[] bEncryptedGenericBlockCipher = trans.CompressEncryptOutgoingData(recordFinished);

            /// Check.  The value here is the same as strEncryptedHS above
            System.Diagnostics.Debug.WriteLine("Encrypted Client Done is:\r\n{0}", ByteHelper.HexStringFromByte(bEncryptedGenericBlockCipher, true, 16));
        }
コード例 #5
0
        void HandleHandshakeMessage(TLSHandShakeMessage msg)
        {
            /// Append all our handshake data because we'll need it later for some stupid reason

            if (msg.HandShakeMessageType == HandShakeMessageType.ServerHello)
            {
                ClientTLSState = TLS.ClientTLSState.ReceivedServerHello;
            }
            else if (msg.HandShakeMessageType == HandShakeMessageType.ServerHelloDone)
            {
                if (m_bSendClientCertificate == true) /// got a certificate request from the server, but we don't have any, so send an empty one
                {
                    TLSHandShakeMessage msgclientcert = new TLSHandShakeMessage();
                    msgclientcert.HandShakeMessageType = HandShakeMessageType.Certificate;
                    TLSRecord recordclientcert = new TLSRecord();
                    recordclientcert.MajorVersion = 3;
                    recordclientcert.MinorVersion = 1;
                    recordclientcert.ContentType  = TLSContentType.Handshake;
                    recordclientcert.Messages.Add(msgclientcert);

                    SendTLSRecord(recordclientcert, true);
                }

                /// Server has sent the algorithm they want us to use, certificates, parameters,
                /// and any request for certificates from us.  Now let's respond
                /// First generate, encrypt, and send the PreMasterSecret

                byte [] bKey             = state.SecurityParameters.PeerCertificate.GetPublicKey();
                byte [] bPreMasterSecret = new byte[48];
                RNGCryptoServiceProvider.GetBytes(bPreMasterSecret); /// Get some random bytes
                bPreMasterSecret[0] = 0x03;                          /// first two bytes get set to the version
                bPreMasterSecret[1] = 0x01;

                /// Openssl is showing our modulus as having an extra 00 on the front when using this command
                /// (ignore this, the modulus lower in the output doesn't show the 0)
                /// rsa -in test_key.pem -text

                if (SocketClient.ShowDebug == true)
                {
                    System.Diagnostics.Debug.WriteLine("Client Random: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(state.SecurityParameters.ClientRandom, true, 16));
                    System.Diagnostics.Debug.WriteLine("Server Random: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(state.SecurityParameters.ServerRandom, true, 16));
                    System.Diagnostics.Debug.WriteLine("PreMasterSecret: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(bPreMasterSecret, true, 16));
                }

                RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
                // Need to use this guys' class to parse the DER encoded ASN.1 described certificate to
                // extract the modulus and e from the certificate - these two are the public key
                RSAParameters rsaparams = Kishore.X509.Parser.X509PublicKeyParser.GetRSAPublicKeyParameters(bKey);
                provider.ImportParameters(rsaparams);

                //System.Diagnostics.Debug.WriteLine("Public key modulus: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(rsaparams.Modulus, true, 16));
                //System.Diagnostics.Debug.WriteLine("Public key exponent: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(rsaparams.Exponent, true, 16));
                //System.Diagnostics.Debug.WriteLine("Key Exchange Algorithm: {0}, KeySize: {1}", provider.KeyExchangeAlgorithm, provider.KeySize);
                byte[] EncryptedPreMasterSecret = provider.Encrypt(bPreMasterSecret, false);
                provider.Dispose();

                /// Send a Client Key Exchange method with our PreMasterSecret
                ///
                TLSHandShakeMessage msgsend = new TLSHandShakeMessage();
                msgsend.HandShakeMessageType = HandShakeMessageType.ClientKeyExchange;
                msgsend.HandShakeClientKeyExchange.EncryptedPreMasterSecret = EncryptedPreMasterSecret;
                msgsend.HandShakeClientKeyExchange.KeyExchangeAlgorithm     = KeyExchangeAlgorithm.rsa;
                msgsend.HandShakeClientKeyExchange.PublicValueEncoding      = PublicValueEncoding.explicit_en;
                TLSRecord record = new TLSRecord();
                record.MajorVersion = 3;
                record.MinorVersion = 1;
                record.ContentType  = TLSContentType.Handshake;
                record.Messages.Add(msgsend);

                SendTLSRecord(record, true);



                /// Now generate all our keys, etc
                /// Section 8.1
                /// master_secret = PRF(pre_master_secret, "master secret",ClientHello.random + ServerHello.random) [0..47];

                // Combine ClientHello.Random and ServerHello.Random
                ByteBuffer buf = new ByteBuffer();
                buf.AppendData(state.SecurityParameters.ClientRandom);
                buf.AppendData(state.SecurityParameters.ServerRandom);
                byte [] bCSRandom = buf.GetAllSamples();

                // Do it in reverse order for different algorithms
                buf.AppendData(state.SecurityParameters.ServerRandom);
                buf.AppendData(state.SecurityParameters.ClientRandom);
                byte [] bSCRandom = buf.GetAllSamples();

                state.SecurityParameters.MasterSecret = state.PRF(bPreMasterSecret, "master secret", bCSRandom, 48);

                if (SocketClient.ShowDebug == true)
                {
                    System.Diagnostics.Debug.WriteLine("MasterSecret: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(state.SecurityParameters.MasterSecret, true, 16));
                }

                /// Verified that we are computing all our keys correctly by using the same input into the Mentalis library
                /// If we coded ours independently and get the same answers, it has to be correct, or we made the same mistakes :)
                state.ComputeKeys(state.SecurityParameters.MasterSecret, bSCRandom);



                /// Now send out a change cipher-spec, followed by a client finished message that is encrypted
                ///
                TLSChangeCipherSpecMessage msgChangeCipherSpec = new TLSChangeCipherSpecMessage();
                msgChangeCipherSpec.CCSProtocolType = CCSProtocolType.Default;
                TLSRecord recordccs = new TLSRecord();
                recordccs.MajorVersion = 3;
                recordccs.MinorVersion = 1;
                recordccs.ContentType  = TLSContentType.ChangeCipherSpec;
                recordccs.Messages.Add(msgChangeCipherSpec);
                SendTLSRecord(recordccs, false);

                state.SendEncryptionActive = true;
                state.WriteSequenceNumber  = 0; /// reset on changecipherspec

                /// Now send a finished method, encrypted with our generated things
                /// RFC2246 section 7.4.9

                if (SocketClient.ShowDebug == true)
                {
                    System.Diagnostics.Debug.WriteLine("FINAL:  AllHandShakeMessages Length is now {0}", AllHandShakeMessages.Size);
                }

                SHA1Managed sha1 = new SHA1Managed();
                byte[]      bAllHandshakeData        = AllHandShakeMessages.PeekAllSamples();
                byte[]      bmd5OfHandshakeMessages  = MD5Core.GetHash(bAllHandshakeData);
                byte[]      bsha1OfHandshakeMessages = sha1.ComputeHash(bAllHandshakeData);
                ByteBuffer  bSum = new ByteBuffer();
                bSum.AppendData(bmd5OfHandshakeMessages);
                bSum.AppendData(bsha1OfHandshakeMessages);

                byte [] bCombinedHashes = bSum.GetAllSamples();

                /// No use in writing out this debug, only a few of the characters get seen, the rest are dropped
                ///System.Diagnostics.Debug.WriteLine("**** Start all handshake data ****\r\n{0}\r\n**** End all handshake data ****", ByteHelper.HexStringFromByte(bAllHandshakeData, true, 32));
                /// verify_data
                ///     PRF(master_secret, finished_label, MD5(handshake_messages) + SHA-1(handshake_messages)) [0..11];

                TLSHandShakeMessage msgFinished = new TLSHandShakeMessage();
                msgFinished.HandShakeMessageType          = HandShakeMessageType.Finished;
                msgFinished.HandShakeFinished.verify_data = state.PRF(state.SecurityParameters.MasterSecret, "client finished", bCombinedHashes, 12);

                TLSRecord recordFinished = new TLSRecord();
                recordFinished.MajorVersion = 3;
                recordFinished.MinorVersion = 1;
                recordFinished.ContentType  = TLSContentType.Handshake;
                recordFinished.Messages.Add(msgFinished);

                state.WriteSequenceNumber = 0;
                /// This record must now be encrypted before it can be sent
                SendTLSRecord(recordFinished, true);


                ClientTLSState = ClientTLSState.SentClientFinished;
            }
            else if (msg.HandShakeMessageType == HandShakeMessageType.Finished)
            {
                /// Got the server finished method, let's verify the data
                ///
                SHA1Managed sha1 = new SHA1Managed();
                byte[]      bAllHandshakeData        = AllHandShakeMessages.GetAllSamples(); // no need to peek here, just get it all and clear it
                byte[]      bmd5OfHandshakeMessages  = MD5Core.GetHash(bAllHandshakeData);
                byte[]      bsha1OfHandshakeMessages = sha1.ComputeHash(bAllHandshakeData);
                ByteBuffer  bSum = new ByteBuffer();
                bSum.AppendData(bmd5OfHandshakeMessages);
                bSum.AppendData(bsha1OfHandshakeMessages);

                byte[] bCombinedHashes = bSum.GetAllSamples();

                /// No use in writing out this debug, only a few of the characters get seen, the rest are dropped
                ///System.Diagnostics.Debug.WriteLine("**** Start all handshake data ****\r\n{0}\r\n**** End all handshake data ****", ByteHelper.HexStringFromByte(bAllHandshakeData, true, 32));
                /// verify_data
                ///     PRF(master_secret, finished_label, MD5(handshake_messages) + SHA-1(handshake_messages)) [0..11];

                byte [] bComputedVerify = state.PRF(state.SecurityParameters.MasterSecret, "server finished", bCombinedHashes, 12);
                bool    bMatch          = ByteHelper.CompareArrays(msg.HandShakeFinished.verify_data, bComputedVerify);
                if (bMatch == false)
                {
                    SendAlert(AlertLevel.fatal, AlertDescription.HandshakeFailure);
                    Client.Disconnect();
                }
                else
                {
                    NegotiationFinished();
                }
            }
            else if (msg.HandShakeMessageType == HandShakeMessageType.CertificateRequest)
            {
                m_bSendClientCertificate = true;
            }



            if (ClientTLSState == TLS.ClientTLSState.ReceivedServerHello)
            {
                /// Gathering information
                ///
                if (msg.HandShakeMessageType == HandShakeMessageType.ServerHello)
                {
                    state.SecurityParameters.Cipher            = Cipher.FindCipher(msg.HandShakeServerHello.CipherSuite);
                    state.SecurityParameters.CompressionMethod = CompressionMethod.null0;
                    state.SecurityParameters.ConnectionEnd     = ConnectionEnd.client;
                    state.SecurityParameters.ServerRandom      = msg.HandShakeServerHello.RandomStruct.Bytes;
                }
                else if (msg.HandShakeMessageType == HandShakeMessageType.Certificate)
                {
                    if (msg.HandShakeCertificateMessage.Certificates.Count > 0)
                    {
                        state.SecurityParameters.PeerCertificate = msg.HandShakeCertificateMessage.Certificates[0];
                    }
                }
            }
        }
コード例 #6
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("HandShakeServerKeyExchange:");
     System.Diagnostics.Debug.WriteLine("   RawData (may be interpreted as rsa params or dh params: {0}", ByteHelper.HexStringFromByte(RawData, true, 16));
     System.Diagnostics.Debug.WriteLine("");
 }
コード例 #7
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("   RandomStruct -> gmt_unix_time: {0}, random_bytes: {1}\r\n", gmt_unix_time, ByteHelper.HexStringFromByte(random_bytes, true, int.MaxValue));
 }
コード例 #8
0
        /// <summary>
        /// Reads this object in from an array, returning how many bytes were read, or 0 if there is an error or not enough data
        /// </summary>
        /// <param name="bData"></param>
        /// <param name="nStartAt"></param>
        /// <returns></returns>
        public uint ReadFromArray(byte[] bData, int nStartAt)
        {
            CipherSuites.Clear();
            CompressionMethods.Clear();

            uint nReadSoFar = 0;

            if (bData.Length < (nStartAt + 35))
            {
                return(0);
            }

            Version = ByteHelper.ReadUshortBigEndian(bData, (int)(nStartAt + nReadSoFar)); nReadSoFar += 2;

            nReadSoFar += RandomStruct.ReadFromArray(bData, (int)(nStartAt + nReadSoFar));

            SessionIDLength = bData[nStartAt + nReadSoFar]; nReadSoFar += 1;
            if (SessionIDLength > 0)
            {
                if (bData.Length < (nStartAt + nReadSoFar + SessionIDLength))
                {
                    return(0);
                }
                this.SessionID = ByteHelper.ReadByteArray(bData, (int)(nStartAt + nReadSoFar), (int)SessionIDLength); nReadSoFar += SessionIDLength;
            }

            if (bData.Length < (nStartAt + nReadSoFar + 2))
            {
                return(0);
            }
            CipherSuitesLength = ByteHelper.ReadUshortBigEndian(bData, (int)(nStartAt + nReadSoFar)); nReadSoFar += 2;

            if (CipherSuitesLength > 0)
            {
                if (bData.Length < (nStartAt + nReadSoFar + CipherSuitesLength))
                {
                    return(0);
                }
                for (int i = 0; i < CipherSuitesLength / 2; i++)
                {
                    CipherSuite nNextCipherSuite = (CipherSuite)ByteHelper.ReadUshortBigEndian(bData, (int)(nStartAt + nReadSoFar)); nReadSoFar += 2;
                    CipherSuites.Add(nNextCipherSuite);
                }
            }

            if (bData.Length < (nStartAt + nReadSoFar + 2))
            {
                return(0);
            }
            CompressionMethodsLength = ByteHelper.ReadByte(bData, (int)(nStartAt + nReadSoFar)); nReadSoFar += 1;
            if (CompressionMethodsLength > 0)
            {
                if (bData.Length < (nStartAt + nReadSoFar + CompressionMethodsLength))
                {
                    return(0);
                }
                for (int i = 0; i < CipherSuitesLength / 2; i++)
                {
                    CompressionMethod bNextCompressionMethod = (CompressionMethod)ByteHelper.ReadByte(bData, (int)(nStartAt + nReadSoFar)); nReadSoFar += 1;
                    CompressionMethods.Add(bNextCompressionMethod);
                }
            }


            return(nReadSoFar);
        }
コード例 #9
0
ファイル: TLSStructures.cs プロジェクト: zixing131/Friday-UWP
        public void ComputeKeys(byte[] MasterSecret, byte[] ServerPlusClientRandomKeys)
        {
            // Create keyblock
            ByteBuffer keyBlock = new ByteBuffer();

            byte[] bKEPRF = this.PRF(MasterSecret, "key expansion", ServerPlusClientRandomKeys, this.SecurityParameters.Cipher.KeyBlockSize);
            keyBlock.AppendData(bKEPRF);

            this.ClientWriteMACSecret = keyBlock.GetNSamples(this.SecurityParameters.Cipher.HashSize);
            this.ServerWriteMACSecret = keyBlock.GetNSamples(this.SecurityParameters.Cipher.HashSize);
            this.ClientWriteKey       = keyBlock.GetNSamples(this.SecurityParameters.Cipher.KeyMaterialLength);
            this.ServerWriteKey       = keyBlock.GetNSamples(this.SecurityParameters.Cipher.KeyMaterialLength);

            if (SocketClient.ShowDebug == true)
            {
                System.Diagnostics.Debug.WriteLine("ClientWriteMACSecret: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ClientWriteMACSecret, true, 16));
                System.Diagnostics.Debug.WriteLine("ServerWriteMACSecret: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ServerWriteMACSecret, true, 16));
                System.Diagnostics.Debug.WriteLine("ClientWriteKey: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ClientWriteKey, true, 16));
                System.Diagnostics.Debug.WriteLine("ServerWriteKey: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ServerWriteKey, true, 16));
            }

            //if (!this.IsExportable)
            //{
            if (this.SecurityParameters.Cipher.IVSize != 0)
            {
                this.ClientWriteIV = keyBlock.GetNSamples(this.SecurityParameters.Cipher.IVSize);
                this.ServerWriteIV = keyBlock.GetNSamples(this.SecurityParameters.Cipher.IVSize);
            }
            else
            {
                this.ClientWriteIV = new byte[] { };
                this.ServerWriteIV = new byte[] { };
            }
            //}
            if (SocketClient.ShowDebug == true)
            {
                System.Diagnostics.Debug.WriteLine("ClientWriteIV: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ClientWriteIV, true, 16));
                System.Diagnostics.Debug.WriteLine("ServerWriteIV: +++++++++++\r\n{0}\r\n++++++++++++", ByteHelper.HexStringFromByte(this.ServerWriteIV, true, 16));
            }

            //else
            //{
            //    // Generate final write keys
            //    byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
            //    byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);

            //    this.Context.ClientWriteKey = finalClientWriteKey;
            //    this.Context.ServerWriteKey = finalServerWriteKey;

            //    if (this.IvSize > 0)
            //    {
            //        // Generate IV block
            //        byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize * 2);

            //        // Generate IV keys
            //        this.Context.ClientWriteIV = new byte[this.IvSize];
            //        Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);

            //        this.Context.ServerWriteIV = new byte[this.IvSize];
            //        Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
            //    }
            //    else
            //    {
            //        this.Context.ClientWriteIV = CipherSuite.EmptyArray;
            //        this.Context.ServerWriteIV = CipherSuite.EmptyArray;
            //    }
            //}


            Initialize(); /// Initialize our cryptographic grind thingies on that thingy
        }
コード例 #10
0
 /// <summary>
 /// Reads this object in from an array, returning how many bytes were read, or 0 if there is an error or not enough data
 /// </summary>
 /// <param name="bData"></param>
 /// <param name="nStartAt"></param>
 /// <returns></returns>
 public uint ReadFromArray(byte[] bData, int nStartAt)
 {
     verify_data = ByteHelper.ReadByteArray(bData, nStartAt, 12);
     return(12);
 }
コード例 #11
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("HandShakeFinished:");
     System.Diagnostics.Debug.WriteLine(ByteHelper.HexStringFromByte(verify_data, true, int.MaxValue));
 }
コード例 #12
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("HandShakeClientKeyExchange:");
     System.Diagnostics.Debug.WriteLine("   EncryptedPreMasterSecret or DiffeHellmanPublicValueYc: {0}", ByteHelper.HexStringFromByte(EncryptedPreMasterSecret, true, int.MaxValue));
     System.Diagnostics.Debug.WriteLine("");
 }
コード例 #13
0
 public void DebugDump()
 {
     System.Diagnostics.Debug.WriteLine("HandShakeCertificateVerify:");
     System.Diagnostics.Debug.WriteLine("   Signature: {0}", ByteHelper.HexStringFromByte(Signature, true, int.MaxValue));
     System.Diagnostics.Debug.WriteLine("");
 }
コード例 #14
0
 public override void DebugDump(bool bReceived)
 {
     System.Diagnostics.Debug.WriteLine("{0} TLSApplicationMessage ApplicationData Encrypted: \r\n{1}", bReceived ? "<--" : "-->", ByteHelper.HexStringFromByte(ApplicationData, true, 16));
 }
コード例 #15
0
        public static void TestRSACertificate()
        {
            byte [] bPublicKeyModulus = new byte []
            {
                0xB3, 0x93, 0x18, 0x8B, 0x70, 0xC8, 0x57, 0xFC, 0x0F, 0x75, 0x11, 0xF7, 0x32, 0x2E, 0x6F, 0x91,
                0xD2, 0x76, 0x1F, 0x33, 0x5D, 0xE2, 0x9C, 0x48, 0x84, 0x16, 0xD8, 0x2A, 0x09, 0x1B, 0x42, 0x8D,
                0x31, 0x53, 0x21, 0xCB, 0x44, 0xC7, 0x97, 0x0A, 0x76, 0x18, 0xF5, 0xD6, 0xE8, 0x4B, 0x0C, 0xDD,
                0x5D, 0xBD, 0xA8, 0x47, 0xCD, 0x81, 0x9E, 0xD9, 0x8D, 0xAE, 0x5C, 0x5D, 0xEC, 0x79, 0x99, 0x4B,
                0x1A, 0xD7, 0x69, 0x89, 0x15, 0x0C, 0xA5, 0x51, 0xDC, 0xBF, 0x6A, 0x98, 0x76, 0xE4, 0x17, 0x55,
                0x8E, 0xCE, 0xB7, 0x8A, 0xA0, 0x94, 0xF8, 0xC6, 0x45, 0xA6, 0x89, 0x82, 0x70, 0xA6, 0x40, 0x2A,
                0x03, 0x8A, 0xD5, 0xE7, 0xE9, 0x03, 0x03, 0x63, 0x24, 0x55, 0xB7, 0xA1, 0xAD, 0xF0, 0x7D, 0x02,
                0x63, 0x3C, 0xB5, 0x6B, 0xAD, 0xA5, 0xA1, 0xA2, 0x2A, 0x0A, 0x8F, 0x3D, 0x84, 0x2F, 0x40, 0xF3
            };

            // Taken from openssl on our test certificate
            byte[] bPrivateExponent = new byte[]
            {
                0x42, 0x7e, 0x26, 0x29, 0x83, 0xd2, 0x7b, 0x59, 0xd7, 0x33, 0x67, 0x3a, 0x9c, 0x37, 0x3b,
                0x92, 0xc8, 0x56, 0x7a, 0xc9, 0x1f, 0x6b, 0x88, 0xa9, 0x05, 0x58, 0x1c, 0x24, 0xbc, 0x88,
                0x7e, 0x85, 0x1f, 0x8d, 0x83, 0xc6, 0xeb, 0xa9, 0xe8, 0x10, 0xb4, 0x98, 0x1b, 0x77, 0xbf,
                0x3e, 0x02, 0xfe, 0x78, 0xf6, 0x80, 0x38, 0x4e, 0x2d, 0x3f, 0xef, 0x98, 0x99, 0xc6, 0x93,
                0xf4, 0xbb, 0x35, 0xfa, 0x4d, 0x25, 0x93, 0x3b, 0xfa, 0xf0, 0x35, 0x21, 0x18, 0xe7, 0x16,
                0x5a, 0x21, 0x2a, 0xd1, 0x8e, 0xe4, 0x27, 0xcc, 0xca, 0x84, 0xe5, 0xc6, 0x31, 0x1d, 0x6f,
                0x2f, 0x3c, 0xc6, 0x17, 0x6d, 0x55, 0x2c, 0x1a, 0x95, 0xbe, 0x90, 0x18, 0xf8, 0x44, 0xc0,
                0x8a, 0xdd, 0x1e, 0x11, 0x68, 0x67, 0x42, 0xad, 0x6e, 0xb0, 0x41, 0x68, 0x9d, 0xa8, 0xe6,
                0xf0, 0x81, 0x36, 0xd3, 0x7f, 0x34, 0x16, 0x41
            };

            byte[] bPublicKeyExponent = new byte[] { 0x01, 0x00, 0x01 };

            string strTextToBeEncrypted       = "12345";
            string strEncryptedWithPublicKey  = "5A D9 BF B9 44 4C C5 F2 0E 9C F5 61 D7 D2 BA B0 54 7A 46 74 BF 3A A3 5E 1D 45 23 9A A0 C8 A0 AF F5 11 16 25 03 3D 77 04 C4 85 80 05 52 FB 83 22 06 63 6C 65 82 A9 75 12 72 E2 82 07 B8 72 EA 30 66 0E 75 6E D2 D4 B6 2F DD B2 61 15 4C D3 53 465B 68 36 F6 C1 3E 90 74 52 07 4E 32 EC 8D 7F A2 F1 71 64 33 F3 2D 99 9A 12 D1 ED ED AB 9D B0 D3 18 A9 B2 E2 99 C0 C7 C3 BA AF EF 51 5C 05 0F 4D";
            string strEncryptedWithPrivateKey = "62 D9 64 6E C2 57 BA 58 92 E0 13 2D EA 36 71 49 83 B6 7D 32 32 EE A6 89 FF 71 8F 60 94 43 6E 85 5D AB FF 52 61 92 A5 EE 8A 9E AE 27 51 3B A3 65 22 C3 EC AB 29 E2 2D EB 29 04 51 D9 6B D4 5F 6C 36 8C 62 80 F7 D3 69 8B A2 51 43 CF B3 9D 03 50A4 FB 93 BB CC 42 5F 20 FF 9B 51 9B 4D 56 30 10 35 14 CE EF E6 52 5F 07 52 AC 98 BB 54 2A 79 0F 08 E8 20 45 6A 77 78 85 0D BF 7B E2 6F F9 43 F8";


            byte[] bTextToBeEncrypted       = System.Text.UTF8Encoding.UTF8.GetBytes(strTextToBeEncrypted);
            byte[] bEncryptedWithPublicKey  = ByteHelper.ByteFromHexString(strEncryptedWithPublicKey);
            byte[] bEncryptedWithPrivateKey = ByteHelper.ByteFromHexString(strEncryptedWithPrivateKey);


            /// This RSA certificate was generated with OpenSSL.  A file is encrypted with OpenSSL using the private key to make sure we
            /// can decrypt it with the public key
            ///


            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();

            RSAParameters rsaparams = new RSAParameters();

            rsaparams.Modulus  = bPublicKeyModulus;
            rsaparams.Exponent = bPublicKeyExponent;
            provider.ImportParameters(rsaparams);

            /// Verified that both of these methods work, they encrypt the string to a form that can be unencrypted (to reproduce "12345")
            /// by using the private key with openssl
            /// Steps taken
            /// Save the debug output hex string produced below as a ascii hex file (384 bytes long)
            /// convert the ascii hex file to a binary file (128 bytes long)
            ///     (I wrote a program called ba.exe to do this)
            /// run openssl against the binary file:
            /// C:\openssl\bin>openssl rsautl -decrypt -in hex2.bin -inkey test_key.pem -out hex2.decrypt
            /// verify that file hex2.decrypt has the ascii contents "12345"  (it did with both outputs below)
            ///
            /// (Note the output is different every time because of PKCS padding applied to make it different every time, this is stripped once it's decrypted)
            ///

            byte[] bEncryptedText1 = provider.Encrypt(bTextToBeEncrypted, false);
            System.Diagnostics.Debug.WriteLine(ByteHelper.HexStringFromByte(bEncryptedText1, true, 16));
            System.Diagnostics.Debug.WriteLine("");


            RSAPKCS1KeyExchangeFormatter formm = new RSAPKCS1KeyExchangeFormatter(provider);

            byte[] bEncryptedText = formm.CreateKeyExchange(bTextToBeEncrypted);
            System.Diagnostics.Debug.WriteLine(ByteHelper.HexStringFromByte(bEncryptedText, true, 16));
            System.Diagnostics.Debug.WriteLine("");
            System.Diagnostics.Debug.WriteLine("");


            provider.Dispose();
        }
コード例 #16
0
        public static void GenerateStuff()
        {
            string strPreMasterSecret = "03 01 7B 4C D6 CC FA A3 B6 52 1B 8B 46 92 25 3D F3 C1 1A F7 9E 99 95 B3 3E 96 B3 F7 90 B4 8D 6E B4 7A 46 C2 F8 7D 71 FE 32 19 E6 96 58 19 3E 78";
            string strClientRandom    = "4f 1b a0 34 2b f8 ad ba f4 97 4c 39 0f e1 e1 dd 4a a9 b1 af 39 f2 e4 25 ad 27 b0 ce a1 43 c4 49";
            string strServerRandom    = "4f 1b a0 6b 88 c1 1a 57 96 dd 83 79 aa ab 4f 99 0c c8 e2 31 74 9a af 16 a1 46 c7 da 88 d6 27 b5";

            byte[] bPreMasterSecret = ByteHelper.ByteFromHexString(strPreMasterSecret);
            byte[] bClientRandom    = ByteHelper.ByteFromHexString(strClientRandom);
            byte[] bServerRandom    = ByteHelper.ByteFromHexString(strServerRandom);

            xmedianet.socketserver.TLS.ConnectionState trans = new xmedianet.socketserver.TLS.ConnectionState();

            ByteBuffer buf = new ByteBuffer();

            buf.AppendData(bClientRandom);
            buf.AppendData(bServerRandom);
            byte[] bCSRandom = buf.GetAllSamples();

            // Do it in reverse order for different algorithms
            buf.AppendData(bServerRandom);
            buf.AppendData(bClientRandom);
            byte[] bSCRandom = buf.GetAllSamples();


            byte[] MasterSecret = trans.PRF(bPreMasterSecret, "master secret", bCSRandom, 48);
            System.Diagnostics.Debug.WriteLine("Master Secret found is:\r\n{0}", ByteHelper.HexStringFromByte(MasterSecret, true, 16));
/// check... our master secret calulation matches what we see in wireshark, so all is well up to this point

            trans.SecurityParameters.Cipher = Cipher.FindCipher(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
            trans.ComputeKeys(MasterSecret, bSCRandom);


            string strClientHello = "0100003103014f1ba0342bf8adbaf4974c390fe1e1dd4aa9b1af39f2e425ad27b0cea143c449000004002f00ff0100000400230000";
            string strServerHello = "0200003103014f1ba06b88c11a5796dd8379aaab4f990cc8e231749aaf16a146c7da88d627b500002f000009ff0100010000230000";
            string strServerCert  = "0b00029a00029700029430820290308201f9a00302010202090086c664416cd7cd31300d06092a864886f70d01010505003061310b3009060355040613025553310b300906035504080c025458310f300d06035504070c0644616c6c61733121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643111300f06035504030c086d656c6c6c766172301e170d3132303132313138343235385a170d3132303232303138343235385a3061310b3009060355040613025553310b300906035504080c025458310f300d06035504070c0644616c6c61733121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643111300f06035504030c086d656c6c6c76617230819f300d06092a864886f70d010101050003818d0030818902818100b393188b70c857fc0f7511f7322e6f91d2761f335de29c488416d82a091b428d315321cb44c7970a7618f5d6e84b0cdd5dbda847cd819ed98dae5c5dec79994b1ad76989150ca551dcbf6a9876e417558eceb78aa094f8c645a6898270a6402a038ad5e7e90303632455b7a1adf07d02633cb56bada5a1a22a0a8f3d842f40f30203010001a350304e301d0603551d0e0416041456326c3cb4f1d784c483fe7e167b80a67e421b63301f0603551d2304183016801456326c3cb4f1d784c483fe7e167b80a67e421b63300c0603551d13040530030101ff300d06092a864886f70d0101050500038181000e38924f5b9f57562bf95b163d0611b512d458866d4de9db94ce56efab9f198ef81247277612b4758728f4aececb54a122641fa0396792fe3f945d99dbc75de378f381071ae3bb11b53d18235f36cedab94670816b1c0b53f0a62daa0850cc368adadb3335d4bebff111e9fbba76ac5be7175279680ebb62e640927e3f6074fe";
            string strServerDone  = "0e000000";
            string strClientKE    = "1000008200809f6af68a96205955bfa0a8b793cb78720f063ef7c3ef82aa10a4f306bfdd8ace898eb5546b873e7b80a7ec95a817b3acf7cf64b45058deaf498bc270ad2901fd921a566c0ddc68c59225350b89f4289aa6f30cb5944cdebc62ed75a9907aee36687b5882fc4bbe9a571137ea2142a465f5278168319cca1646e33706be614091";

            string strEncryptedHS = "59 09 86 f1 79 de 71 f4 b4 14 b1 ad 1a 70 c0 81 d5 24 32 8b 18 1a c4 a6 63 3a 27 d8 31 ad 54 5f 0d 85 37 a2 0f 6c 7b 9c 4b fc 83 18 e6 88 a6 67";

            ByteBuffer objHandShakeBuffer = new ByteBuffer();

            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strClientHello));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerHello));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerCert));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strServerDone));
            objHandShakeBuffer.AppendData(ByteHelper.ByteFromHexString(strClientKE));

            /// Example says handshake has read 976 bytes of data and written 256... let's check with wireshark
            /// Sent: 53 + 134            170
            /// Recv: 53 + 670 + 4        48

            SHA1Managed sha1 = new SHA1Managed();

            byte[]     bAllHandShakeData        = objHandShakeBuffer.GetAllSamples();
            byte[]     bmd5OfHandshakeMessages  = MD5Core.GetHash(bAllHandShakeData);
            byte[]     bsha1OfHandshakeMessages = sha1.ComputeHash(bAllHandShakeData);
            ByteBuffer bSum = new ByteBuffer();

            bSum.AppendData(bmd5OfHandshakeMessages);
            bSum.AppendData(bsha1OfHandshakeMessages);

            byte[] bCombinedHashes = bSum.GetAllSamples();

            /// No use in writing out this debug, only a few of the characters get seen, the rest are dropped
            ///System.Diagnostics.Debug.WriteLine("**** Start all handshake data ****\r\n{0}\r\n**** End all handshake data ****", ByteHelper.HexStringFromByte(bAllHandshakeData, true, 32));
            /// verify_data
            ///     PRF(master_secret, finished_label, MD5(handshake_messages) + SHA-1(handshake_messages)) [0..11];

            TLSHandShakeMessage msgFinished = new TLSHandShakeMessage();

            msgFinished.HandShakeMessageType          = HandShakeMessageType.Finished;
            msgFinished.HandShakeFinished.verify_data = trans.PRF(MasterSecret, "client finished", bCombinedHashes, 12);

            TLSRecord recordFinished = new TLSRecord();

            recordFinished.MajorVersion = 3;
            recordFinished.MinorVersion = 1;
            recordFinished.ContentType  = TLSContentType.Handshake;
            recordFinished.Messages.Add(msgFinished);

            trans.WriteSequenceNumber = 0;
            byte[] bEncryptedGenericBlockCipher = trans.CompressEncryptOutgoingData(recordFinished);

            /// Check.  The value here is the same as strEncryptedHS above
            System.Diagnostics.Debug.WriteLine("Encrypted Client Done is:\r\n{0}", ByteHelper.HexStringFromByte(bEncryptedGenericBlockCipher, true, 16));
        }
コード例 #17
0
ファイル: TLSStructures.cs プロジェクト: zixing131/Friday-UWP
        public TLSRecord DecompressRecord(TLSRecord record)
        {
            if (ReceiveEncryptionActive == false)
            {
                ReadSequenceNumber++;
                return(record);
            }

            /// Decompress, then verify hmac and seqnumber
            ///
            byte [] bFragment = null;
            byte [] bMAC      = null;

            byte [] bCipherTextBlock = record.RawSetContent;
            /// Store the cipher text block so we can use it as the next IV  (last block from the previous record)
            ///
            if (record.RawSetContent.Length > SecurityParameters.Cipher.BlockSizeBytes)
            {
                bCipherTextBlock = new byte[SecurityParameters.Cipher.BlockSizeBytes];
                Array.Copy(record.RawSetContent, record.RawSetContent.Length - SecurityParameters.Cipher.BlockSizeBytes, bCipherTextBlock, 0, SecurityParameters.Cipher.BlockSizeBytes);
            }

            DecryptRecord(record.RawSetContent, out bFragment, out bMAC);

            record.RawSetContent = bFragment;

            /// Compute the MAC ourselves so we can see if the man is correct
            ///Encrypt the compressed data.  The new data is now the encrypted data + a MAC.
            /// Compute the MAC before encrypting
            ///

            ///   The MAC is generated as:
            ///    HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type +
            ///                  TLSCompressed.version + TLSCompressed.length +
            ///                  TLSCompressed.fragment));
            /// where "+" denotes concatenation.
            ///
            byte[] bTLSRecord      = record.BytesFromRawContent;
            byte[] bDataToBeHashed = new byte[8 + bTLSRecord.Length];
            byte[] bSequence       = new byte[8];
            bSequence[0] = (byte)((ReadSequenceNumber & 0xFF00000000000000) >> 56);
            bSequence[1] = (byte)((ReadSequenceNumber & 0x00FF000000000000) >> 48);
            bSequence[2] = (byte)((ReadSequenceNumber & 0x0000FF0000000000) >> 40);
            bSequence[3] = (byte)((ReadSequenceNumber & 0x000000FF00000000) >> 32);
            bSequence[4] = (byte)((ReadSequenceNumber & 0x00000000FF000000) >> 24);
            bSequence[5] = (byte)((ReadSequenceNumber & 0x0000000000FF0000) >> 16);
            bSequence[6] = (byte)((ReadSequenceNumber & 0x000000000000FF00) >> 08);
            bSequence[7] = (byte)((ReadSequenceNumber & 0x00000000000000FF) >> 00);
            Array.Copy(bSequence, 0, bDataToBeHashed, 0, 8);
            Array.Copy(bTLSRecord, 0, bDataToBeHashed, 8, bTLSRecord.Length);

            byte[] bMACComputed = ServerHMAC.ComputeHash(bDataToBeHashed);
            ReadSequenceNumber++;
            LastCipherTextBlock = bCipherTextBlock;

            if (ByteHelper.CompareArrays(bMAC, bMACComputed) == false)
            {
                System.Threading.Thread.Sleep(0);
                //throw new Exception("Computed MAC did not match incoming record's MAC");
            }


            return(record);
        }