protected override void Read (TlsBuffer incoming) { ClientRandom = new SecureBuffer (incoming.ReadBytes (32)); var length = (short)incoming.ReadByte (); SessionID = new SecureBuffer (incoming.ReadBytes (length)); length = incoming.ReadInt16 (); if ((length % 2) != 0) throw new TlsException (AlertDescription.DecodeError); bool seenSCSV = false; ClientCiphers = new CipherSuiteCode [length >> 1]; for (int i = 0; i < ClientCiphers.Length; i++) { ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 (); if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) seenSCSV = true; } // Compression methods length = incoming.ReadByte (); incoming.Position += length; Extensions = new TlsExtensionCollection (incoming); if (seenSCSV) Extensions.AddRenegotiationExtension (); }
/// <summary> /// Reads password from console displaying substitute characters instead of real ones /// into a sealed SecureBuffer /// </summary> public static SecureBuffer ReadPasswordToSecureBuffer(char substitute) { var result = new SecureBuffer(); while (true) { char c = Console.ReadKey(true).KeyChar; if (Char.IsControl(c)) { result.Seal(); return(result); } var buf = Encoding.UTF8.GetBytes(new char[] { c }); for (var i = 0; i < buf.Length; i++) { result.Push(buf[i]); } Array.Clear(buf, 0, buf.Length); if (substitute != (char)0) { Console.Write(substitute); } } }
private void tbPassword_TextChanged(object sender, EventArgs e) { var pm = App.SecurityManager.PasswordManager; var bytes = Encoding.UTF8.GetBytes(tbPassword.Text); using (var password = new SecureBuffer(bytes.Length)) { foreach (var b in bytes) { password.Push(b); } Array.Clear(bytes, 0, bytes.Length); password.Seal(); var hash = pm.ComputeHash(PasswordFamily.Text, password); Text = "Score: {0} Easy%: {1} Normal%: {2} Hard%: {3}".Args( pm.CalculateStrenghtScore(PasswordFamily.Text, password), pm.CalculateStrenghtPercent(PasswordFamily.Text, password, DefaultPasswordManager.TOP_SCORE_MINIMUM), pm.CalculateStrenghtPercent(PasswordFamily.Text, password, DefaultPasswordManager.TOP_SCORE_NORMAL), pm.CalculateStrenghtPercent(PasswordFamily.Text, password, DefaultPasswordManager.TOP_SCORE_MAXIMUM)); tbJSON.Text = hash.ToString(); } }
void Init(SecureBuffer key) { algorithm.Initialize(); int keyLength = key.Size; if (key.Size > blockSize) { algorithm.TransformFinalBlock(key.Buffer, 0, keyLength); Buffer.BlockCopy(algorithm.Hash, 0, inputPad.Buffer, 0, digestSize); keyLength = digestSize; } else { Array.Copy(key.Buffer, 0, inputPad.Buffer, 0, keyLength); } Array.Clear(inputPad.Buffer, keyLength, blockSize - keyLength); Array.Copy(inputPad.Buffer, 0, outputPad.Buffer, 0, blockSize); xor(inputPad.Buffer, IPAD); xor(outputPad.Buffer, OPAD); // Initialise the digest algorithm.TransformBlock(inputPad.Buffer, 0, inputPad.Size, null, 0); final = false; }
/// <summary> /// Signs the message using the context's session key. /// </summary> /// <remarks> /// The structure of the returned buffer is as follows: /// - 4 bytes, unsigned big-endian integer indicating the length of the plaintext message /// - 2 bytes, unsigned big-endian integer indicating the length of the signture /// - The plaintext message /// - The message's signature. /// </remarks> /// <param name="message"></param> /// <returns></returns> public byte[] MakeSignature(byte[] message) { SecurityStatus status = SecurityStatus.InternalError; SecPkgContext_Sizes sizes; SecureBuffer dataBuffer; SecureBuffer signatureBuffer; SecureBufferAdapter adapter; CheckLifecycle(); sizes = QueryBufferSizes(); dataBuffer = new SecureBuffer(new byte[message.Length], BufferType.Data); signatureBuffer = new SecureBuffer(new byte[sizes.MaxSignature], BufferType.Token); Array.Copy(message, dataBuffer.Buffer, message.Length); using (adapter = new SecureBufferAdapter(new[] { dataBuffer, signatureBuffer })) { status = ContextNativeMethods.SafeMakeSignature( this.ContextHandle, 0, adapter, 0 ); } if (status != SecurityStatus.OK) { SSPIException exc = new SSPIException("Failed to create message signature.", status); throw new SecurityException(ErrorHandling.ErrorCodes.Security.SSPI_ERROR, new string[] { exc.Message }); } byte[] outMessage; int position = 0; // Enough room for // - original message length (4 bytes) // - signature length (2 bytes) // - original message // - signature outMessage = new byte[4 + 2 + dataBuffer.Length + signatureBuffer.Length]; ByteWriter.WriteInt32_BE(dataBuffer.Length, outMessage, position); position += 4; ByteWriter.WriteInt16_BE((Int16)signatureBuffer.Length, outMessage, position); position += 2; Array.Copy(dataBuffer.Buffer, 0, outMessage, position, dataBuffer.Length); position += dataBuffer.Length; Array.Copy(signatureBuffer.Buffer, 0, outMessage, position, signatureBuffer.Length); position += signatureBuffer.Length; return(outMessage); }
public SecureBuffer ComputeInitialIV(SecureBuffer cs, int size) { if (this is PseudoRandomFunctionTls12) { throw new InvalidOperationException(); } return(PRF(new SecureBuffer(CipherSuite.EmptyArray), "IV block", cs, size)); }
public byte[] TestPRF(HandshakeHashType algorithm, byte[] secret, string seed, byte[] data, int length) { var prf = new PseudoRandomFunctionTls12(algorithm); var result = prf.PRF(SecureBuffer.CreateCopy(secret), seed, SecureBuffer.CreateCopy(data), length); return(result.StealBuffer()); }
protected override void Read(TlsBuffer incoming) { Hash = new SecureBuffer(incoming.ReadBytes(12)); if (incoming.Remaining != 0) { throw new TlsException(AlertDescription.DecodeError); } }
public static bool VerifySignature(SignatureAndHashAlgorithm type, SecureBuffer data, AsymmetricAlgorithm key, SecureBuffer signature) { using (var d = new DisposeContext()) { var algorithm = d.Add((HashAlgorithm)GetAlgorithm(type.Hash)); algorithm.TransformFinalBlock(data.Buffer, 0, data.Size); return(VerifySignature(type, algorithm, d.Add(algorithm.Hash), key, signature)); } }
public override void HandleClient(TlsContext ctx, KeyExchange clientExchange) { var serverDh = (DiffieHellmanKeyExchange)clientExchange; using (var X = new SecureBuffer(dh.DecryptKeyExchange(serverDh.Y))) { ComputeMasterSecret(ctx, X); } }
public override void GenerateClient(TlsContext ctx) { using (var dh = new DiffieHellmanManaged(P, G, 0)) { using (var X = new SecureBuffer(dh.DecryptKeyExchange(Y))) { Y = dh.CreateKeyExchange(); ComputeMasterSecret(ctx, X); } } }
public TlsServerHello(TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions) : base(HandshakeType.ServerHello) { ServerProtocol = protocol; ServerRandom = random; SessionID = session; SelectedCipher = cipher; Extensions = extensions; }
public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions) : base (HandshakeType.ServerHello) { ServerProtocol = protocol; ServerRandom = random; SessionID = session; SelectedCipher = cipher; Extensions = extensions; }
public override void GenerateClient (TlsContext context) { GenerateKeyPair (context, domainParameters, out clientQ, out clientD); clientKey = ExternalizeKey (clientQ); var agreement = CalculateAgreement (serverQ, clientD); using (var preMaster = new SecureBuffer (agreement.ToByteArrayUnsigned ())) ComputeMasterSecret (context, preMaster); }
public override void ReadServer(TlsBuffer incoming) { P = incoming.ReadBytes(incoming.ReadInt16()); G = incoming.ReadBytes(incoming.ReadInt16()); Y = incoming.ReadBytes(incoming.ReadInt16()); SignatureAlgorithm = new SignatureAndHashAlgorithm(incoming); Signature = incoming.ReadSecureBuffer(incoming.ReadInt16()); }
public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions) : base (HandshakeType.ClientHello) { ClientProtocol = protocol; ClientRandom = random; SessionID = session; ClientCiphers = ciphers; Extensions = extensions; }
public TlsClientHello(TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions) : base(HandshakeType.ClientHello) { ClientProtocol = protocol; ClientRandom = random; SessionID = session; ClientCiphers = ciphers; Extensions = extensions; }
public override void GenerateClient (TlsContext ctx) { using (var dh = new DiffieHellmanManaged (P, G, 0)) { using (var X = new SecureBuffer (dh.DecryptKeyExchange (Y))) { Y = dh.CreateKeyExchange (); ComputeMasterSecret (ctx, X); } } }
public override void GenerateClient(TlsContext context) { GenerateKeyPair(context, domainParameters, out clientQ, out clientD); clientKey = ExternalizeKey(clientQ); var agreement = CalculateAgreement(serverQ, clientD); using (var preMaster = new SecureBuffer(agreement.ToByteArrayUnsigned())) ComputeMasterSecret(context, preMaster); }
static byte[] CreateHash (HashAlgorithmType type, SecureBuffer data) { if (!HashAlgorithmProvider.IsAlgorithmSupported (type)) throw new TlsException (AlertDescription.IlegalParameter); using (var d = new DisposeContext ()) { var algorithm = d.Add (HashAlgorithmProvider.CreateAlgorithm (type)); algorithm.TransformBlock (data.Buffer, 0, data.Size); return algorithm.GetRunningHash (); } }
public override void HandleClient(TlsContext context, KeyExchange clientExchange) { var clientKey = ((EllipticCurveKeyExchange)clientExchange).clientKey; clientQ = domainParameters.Curve.DecodePoint(clientKey); var agreement = CalculateAgreement(clientQ, serverD); using (var preMaster = new SecureBuffer(agreement.ToByteArrayUnsigned())) ComputeMasterSecret(context, preMaster); }
void ComputeMasterSecret (DisposeContext d, TlsContext ctx, SecureBuffer preMasterSecret) { // Compute ClientRandom + ServerRandom int clen = ctx.HandshakeParameters.ClientRandom.Size; int slen = ctx.HandshakeParameters.ServerRandom.Size; int rlen = clen + slen; var cs = d.CreateBuffer (rlen); Buffer.BlockCopy (ctx.HandshakeParameters.ClientRandom.Buffer, 0, cs.Buffer, 0, clen); Buffer.BlockCopy (ctx.HandshakeParameters.ServerRandom.Buffer, 0, cs.Buffer, clen, slen); // Server Random + Client Random var sc = d.CreateBuffer (rlen); Buffer.BlockCopy (ctx.HandshakeParameters.ServerRandom.Buffer, 0, sc.Buffer, 0, slen); Buffer.BlockCopy (ctx.HandshakeParameters.ClientRandom.Buffer, 0, sc.Buffer, slen, clen); // Create master secret var crypto = ctx.Session.PendingCrypto; crypto.MasterSecret = crypto.Cipher.PRF.ComputeMasterSecret (preMasterSecret, cs); #if DEBUG_FULL if (ctx.EnableDebugging) { DebugHelper.WriteLine ("CS", cs); DebugHelper.WriteLine ("SC", sc); DebugHelper.WriteLine ("PRE-MASTER", preMasterSecret); DebugHelper.WriteLine ("MASTER SECRET", crypto.MasterSecret.Buffer); } #endif var keyBlock = crypto.Cipher.PRF.ComputeKeyExpansion (d, crypto.MasterSecret, sc, crypto.Cipher.KeyBlockSize); #if DEBUG_FULL if (ctx.EnableDebugging) { DebugHelper.WriteLine ("KEY BLOCK SIZE: {0}", crypto.Cipher.KeyBlockSize); DebugHelper.WriteLine ("KEY BLOCK", keyBlock.Buffer); } #endif crypto.ClientWriteMac = keyBlock.ReadSecureBuffer (crypto.Cipher.HashSize); crypto.ServerWriteMac = keyBlock.ReadSecureBuffer (crypto.Cipher.HashSize); crypto.ClientWriteKey = keyBlock.ReadSecureBuffer (crypto.Cipher.KeyMaterialSize); crypto.ServerWriteKey = keyBlock.ReadSecureBuffer (crypto.Cipher.KeyMaterialSize); if (crypto.Cipher.HasFixedIV) { crypto.ClientWriteIV = keyBlock.ReadSecureBuffer (crypto.Cipher.FixedIvSize); crypto.ServerWriteIV = keyBlock.ReadSecureBuffer (crypto.Cipher.FixedIvSize); #if DEBUG_FULL if (ctx.EnableDebugging) { DebugHelper.WriteLine ("CLIENT IV", crypto.ClientWriteIV.Buffer); DebugHelper.WriteLine ("SERVER IV", crypto.ServerWriteIV.Buffer); } #endif } }
HMac(HashAlgorithm algorithm, int blockSize, SecureBuffer key) { this.algorithm = Add(algorithm); this.digestSize = algorithm.HashSize / 8; this.blockSize = blockSize; this.inputPad = CreateBuffer(blockSize); this.outputPad = CreateBuffer(blockSize); Init(key); }
/// <summary> /// Encrypts the byte array using the context's session key. /// </summary> /// <remarks> /// The structure of the returned data is as follows: /// - 2 bytes, an unsigned big-endian integer indicating the length of the trailer buffer size /// - 4 bytes, an unsigned big-endian integer indicating the length of the message buffer size. /// - 2 bytes, an unsigned big-endian integer indicating the length of the encryption padding buffer size. /// - The trailer buffer /// - The message buffer /// - The padding buffer. /// </remarks> /// <param name="input">The raw message to encrypt.</param> /// <returns>The packed and encrypted message.</returns> public byte[] Encrypt(byte[] input) { // The message is encrypted in place in the buffer we provide to Win32 EncryptMessage SecPkgContext_Sizes sizes; SecureBuffer trailerBuffer; SecureBuffer dataBuffer; SecureBuffer paddingBuffer; SecureBufferAdapter adapter; SecurityStatus status = SecurityStatus.InvalidHandle; byte[] result; CheckLifecycle(); sizes = QueryBufferSizes(); trailerBuffer = new SecureBuffer(new byte[sizes.SecurityTrailer], BufferType.Token); dataBuffer = new SecureBuffer(new byte[input.Length], BufferType.Data); paddingBuffer = new SecureBuffer(new byte[sizes.BlockSize], BufferType.Padding); Array.Copy(input, dataBuffer.Buffer, input.Length); using (adapter = new SecureBufferAdapter(new[] { trailerBuffer, dataBuffer, paddingBuffer })) { status = ContextNativeMethods.SafeEncryptMessage( this.ContextHandle, WrapNoEncrypt, adapter, 0 ); } if (status != SecurityStatus.OK) { throw new SspiException("Failed to encrypt message", status); } int position = 0; // Return 1 buffer with the 3 buffers joined result = new byte[trailerBuffer.Length + dataBuffer.Length + paddingBuffer.Length]; Array.Copy(trailerBuffer.Buffer, 0, result, position, trailerBuffer.Length); position += trailerBuffer.Length; Array.Copy(dataBuffer.Buffer, 0, result, position, dataBuffer.Length); position += dataBuffer.Length; Array.Copy(paddingBuffer.Buffer, 0, result, position, paddingBuffer.Length); return(result); }
void CreateServer(TlsContext ctx) { dh = new DiffieHellmanManaged(); Y = dh.CreateKeyExchange(); var dhparams = dh.ExportParameters(true); P = dhparams.P; G = dhparams.G; using (var buffer = CreateParameterBuffer(ctx.HandshakeParameters)) Signature = SignatureHelper.CreateSignature(SignatureAlgorithm, buffer, ctx.Configuration.PrivateKey); }
static byte[] CreateHash(HashAlgorithmType type, SecureBuffer data) { if (!HashAlgorithmProvider.IsAlgorithmSupported(type)) { throw new TlsException(AlertDescription.IlegalParameter); } using (var d = new DisposeContext()) { var algorithm = d.Add(HashAlgorithmProvider.CreateAlgorithm(type)); algorithm.TransformBlock(data.Buffer, 0, data.Size); return(algorithm.GetRunningHash()); } }
public byte[] TestHMac(HandshakeHashType algorithm, byte[] key, byte[] data) { var hmac = HMac.Create(algorithm, SecureBuffer.CreateCopy(key)); hmac.Reset(); hmac.TransformBlock(data, 0, data.Length); var output = new byte [hmac.MacSize]; hmac.TransformFinalBlock(output, 0, output.Length); return(output); }
public void GenerateHardenedRandomBytes_ShouldYieldHighEntropy() { // Arrange. var valueRange = 256; var confidence = 0.223d; var curveTolerance = 5m; var length = (valueRange * valueRange); var target = (RandomByteArrayProfile)null; var meanTarget = valueRange; var meanLowerBoundary = Convert.ToDecimal(meanTarget - (meanTarget * confidence)); var meanUpperBoundary = Convert.ToDecimal(meanTarget + (meanTarget * confidence)); var medianTarget = valueRange; var medianLowerBoundary = Convert.ToDecimal(medianTarget - (medianTarget * confidence)); var medianUpperBoundary = Convert.ToDecimal(medianTarget + (medianTarget * confidence)); var standardDeviationTarget = Math.Sqrt(valueRange); var standardDevisionLowerBoundary = Convert.ToDecimal(standardDeviationTarget - (standardDeviationTarget * confidence)); var standardDeviationUpperBoundary = Convert.ToDecimal(standardDeviationTarget + (standardDeviationTarget * confidence)); var valueCountLowerBoundary = Convert.ToInt64(meanTarget - (Convert.ToDecimal(standardDeviationTarget) * curveTolerance)); var valueCountUpperBoundary = Convert.ToInt64(meanTarget + (Convert.ToDecimal(standardDeviationTarget) * curveTolerance)); // Act. using (var array = SecureBuffer.GenerateHardenedRandomBytes(Convert.ToInt32(length))) { array.Access(buffer => { target = new RandomByteArrayProfile(buffer); }); } // Assert. target.ArrayLength.Should().Be(Convert.ToInt64(length)); target.AverageLengthBetweenStatistics.Mean.Should().BeLessOrEqualTo(meanUpperBoundary); target.AverageLengthBetweenStatistics.Mean.Should().BeGreaterOrEqualTo(meanLowerBoundary); target.CountStatistics.Mean.Should().BeLessOrEqualTo(meanUpperBoundary); target.CountStatistics.Mean.Should().BeGreaterOrEqualTo(meanLowerBoundary); target.AverageLengthBetweenStatistics.Median.Should().BeLessOrEqualTo(medianUpperBoundary); target.AverageLengthBetweenStatistics.Median.Should().BeGreaterOrEqualTo(medianLowerBoundary); target.CountStatistics.Median.Should().BeLessOrEqualTo(medianUpperBoundary); target.CountStatistics.Median.Should().BeGreaterOrEqualTo(medianLowerBoundary); target.AverageLengthBetweenStatistics.StandardDeviation.Should().BeLessOrEqualTo(standardDeviationUpperBoundary); target.AverageLengthBetweenStatistics.StandardDeviation.Should().BeGreaterOrEqualTo(standardDevisionLowerBoundary); target.CountStatistics.StandardDeviation.Should().BeLessOrEqualTo(standardDeviationUpperBoundary); target.CountStatistics.StandardDeviation.Should().BeGreaterOrEqualTo(standardDevisionLowerBoundary); foreach (var record in target.Records) { // Assert. record.Count.Should().BeLessOrEqualTo(valueCountUpperBoundary); record.Count.Should().BeGreaterOrEqualTo(valueCountLowerBoundary); } }
public static HMac Create(HandshakeHashType type, SecureBuffer key) { switch (type) { case HandshakeHashType.SHA256: return(new HMac(SHA256.Create(), 64, key)); case HandshakeHashType.SHA384: return(new HMac(SHA384.Create(), 128, key)); default: throw new NotSupportedException(); } }
public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.ClientWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.InitializeCipher(); }
public static HMac Create (HashAlgorithmType type, SecureBuffer key) { switch (type) { case HashAlgorithmType.Md5: return new HMac (MD5.Create (), 64, key); case HashAlgorithmType.Sha1: return new HMac (SHA1.Create (), 64, key); case HashAlgorithmType.Sha256: return new HMac (SHA256.Create (), 64, key); case HashAlgorithmType.Sha384: return new HMac (SHA384.Create (), 128, key); default: throw new NotSupportedException (); } }
public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyCbcBlockCipher(this, iv)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac); Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac); Crypto.InitializeCipher(); }
public override void HandleClient (TlsContext ctx, KeyExchange clientExchange) { // Read client premaster secret var encryptedPreMaster = ((RSAKeyExchange)clientExchange).encryptedPreMasterSecret; if (!ctx.Configuration.HasCredentials) throw new TlsException (AlertDescription.BadCertificate, "Server certificate Private Key unavailable."); // Decrypt premaster secret var deformatter = new RSAPKCS1KeyExchangeDeformatter (ctx.Configuration.PrivateKey); using (var preMasterSecret = new SecureBuffer (deformatter.DecryptKeyExchange (encryptedPreMaster))) { // Create master secret ComputeMasterSecret (ctx, preMasterSecret); } }
protected override SecureBuffer PRF(DisposeContext d, SecureBuffer secret, string label, SecureBuffer data, int length) { /* Secret Length calc exmplain from the RFC2246. Section 5 * * S1 and S2 are the two halves of the secret and each is the same * length. S1 is taken from the first half of the secret, S2 from the * second half. Their length is created by rounding up the length of the * overall secret divided by two; thus, if the original secret is an odd * number of bytes long, the last byte of S1 will be the same as the * first byte of S2. */ // split secret in 2 int secretLen = secret.Size >> 1; // rounding up if ((secret.Size & 0x1) == 0x1) { secretLen++; } // Secret 1 var secret1 = d.CreateBuffer(secretLen); Buffer.BlockCopy(secret.Buffer, 0, secret1.Buffer, 0, secretLen); // Secret2 var secret2 = d.CreateBuffer(secretLen); Buffer.BlockCopy(secret.Buffer, (secret.Size - secretLen), secret2.Buffer, 0, secretLen); // Secret 1 processing var p_md5 = d.Add(Expand(d, HMac.Create(HashAlgorithmType.Md5, secret1), label, data, length)); // Secret 2 processing var p_sha = d.Add(Expand(d, HMac.Create(HashAlgorithmType.Sha1, secret2), label, data, length)); // Perfor XOR of both results var masterSecret = new SecureBuffer(length); for (int i = 0; i < length; i++) { masterSecret.Buffer[i] = (byte)(p_md5.Buffer[i] ^ p_sha.Buffer[i]); } return(masterSecret); }
/// <summary> /// Converts the value of the current <see cref="CascadingSymmetricKey" /> to its equivalent binary representation. /// </summary> /// <returns> /// A binary representation of the current <see cref="CascadingSymmetricKey" />. /// </returns> public SecureBuffer ToBuffer() { var result = new SecureBuffer(SerializedLength); try { using (var controlToken = StateControl.Enter()) { result.Access(pinnedResultBuffer => { var keyLength = SecureSymmetricKey.SerializedLength; for (var i = 0; i < MaximumDepth; i++) { if (i < Depth) { using (var keyBuffer = Keys[i].ToBuffer()) { keyBuffer.Access(pinnedKeyBuffer => { // Copy the key buffers out to the result buffer. Array.Copy(pinnedKeyBuffer, 0, pinnedResultBuffer, (keyLength * i), keyLength); }); } continue; } // Fill the unused segments with random bytes. var randomBytes = new Byte[keyLength]; HardenedRandomNumberGenerator.Instance.GetBytes(randomBytes); Array.Copy(randomBytes, 0, pinnedResultBuffer, (keyLength * i), keyLength); } // Append the depth as a 16-bit integer. Buffer.BlockCopy(BitConverter.GetBytes(Convert.ToUInt16(Depth)), 0, pinnedResultBuffer, (SerializedLength - sizeof(UInt16)), sizeof(UInt16)); }); return(result); } } catch { result.Dispose(); throw new SecurityException("Key serialization failed."); } }
public void Constructor_ShouldRaiseArgumentOutOfRangeException_ForZeroPlaintextLengthArgument() { // Arrange. var length = 0; // Act. var action = new Action(() => { using (var target = new SecureBuffer(length)) { return; } }); // Assert. action.Should().Throw <ArgumentOutOfRangeException>(); }
public override void HandleClient(TlsContext ctx, KeyExchange serverExchange) { // Read client premaster secret var encryptedPreMaster = ((RSAKeyExchange)serverExchange).encryptedPreMasterSecret; if (!ctx.Configuration.HasCredentials) { throw new TlsException(AlertDescription.BadCertificate, "Server certificate Private Key unavailable."); } // Decrypt premaster secret var deformatter = new RSAPKCS1KeyExchangeDeformatter(ctx.Configuration.PrivateKey); using (var preMasterSecret = new SecureBuffer(deformatter.DecryptKeyExchange(encryptedPreMaster))) { // Create master secret ComputeMasterSecret(ctx, preMasterSecret); } }
/// <summary> /// Decrypts the specified ciphertext. /// </summary> /// <param name="ciphertext"> /// The ciphertext to decrypt. /// </param> /// <param name="key"> /// The key derivation bits used to transform the ciphertext. /// </param> /// <param name="algorithm"> /// The algorithm specification used to transform the ciphertext. /// </param> /// <returns> /// The resulting plaintext object. /// </returns> /// <exception cref="SecurityException"> /// An exception was raised during decryption or deserialization. /// </exception> public T Decrypt(Byte[] ciphertext, SecureBuffer key, SymmetricAlgorithmSpecification algorithm) { try { var plaintext = default(T); key.Access(keyBuffer => { plaintext = Decrypt(ciphertext, keyBuffer, algorithm); }); return(plaintext); } catch { throw new SecurityException("The decryption operation failed."); } }
/// <summary> /// Encrypts the specified plaintext object. /// </summary> /// <param name="plaintextObject"> /// The plaintext object to encrypt. /// </param> /// <param name="key"> /// The key derivation bits used to transform the object. /// </param> /// <param name="algorithm"> /// The algorithm specification used to transform the object. /// </param> /// <param name="initializationVector"> /// An initialization vector with length greater than or equal to the block size for the specified cipher (extra bytes are /// ignored), or <see langword="null" /> to generate a random initialization vector. /// </param> /// <returns> /// The resulting ciphertext. /// </returns> /// <exception cref="SecurityException"> /// An exception was raised during encryption or serialization. /// </exception> public Byte[] Encrypt(T plaintextObject, SecureBuffer key, SymmetricAlgorithmSpecification algorithm, Byte[] initializationVector) { try { var ciphertext = (Byte[])null; key.Access(keyBuffer => { ciphertext = Encrypt(plaintextObject, keyBuffer, algorithm, initializationVector); }); return(ciphertext); } catch { throw new SecurityException("The encryption operation failed."); } }
protected override void Read (TlsBuffer incoming) { // Server random ServerRandom = new SecureBuffer (incoming.ReadBytes (32)); // Session ID var sessionIdLength = (int)incoming.ReadByte (); if (sessionIdLength > 0) { SessionID = new SecureBuffer (incoming.ReadBytes (sessionIdLength)); } // Cipher suite SelectedCipher = (CipherSuiteCode)incoming.ReadInt16 (); var compressionMethod = incoming.ReadByte (); if (compressionMethod != 0) throw new TlsException (AlertDescription.IlegalParameter, "Invalid compression method received from server"); Extensions = new TlsExtensionCollection (incoming); }
protected override SecureBuffer PRF (DisposeContext d, SecureBuffer secret, string label, SecureBuffer data, int length) { /* Secret Length calc exmplain from the RFC2246. Section 5 * * S1 and S2 are the two halves of the secret and each is the same * length. S1 is taken from the first half of the secret, S2 from the * second half. Their length is created by rounding up the length of the * overall secret divided by two; thus, if the original secret is an odd * number of bytes long, the last byte of S1 will be the same as the * first byte of S2. */ // split secret in 2 int secretLen = secret.Size >> 1; // rounding up if ((secret.Size & 0x1) == 0x1) secretLen++; // Secret 1 var secret1 = d.CreateBuffer (secretLen); Buffer.BlockCopy (secret.Buffer, 0, secret1.Buffer, 0, secretLen); // Secret2 var secret2 = d.CreateBuffer (secretLen); Buffer.BlockCopy (secret.Buffer, (secret.Size - secretLen), secret2.Buffer, 0, secretLen); // Secret 1 processing var p_md5 = d.Add (Expand (d, HMac.Create (HashAlgorithmType.Md5, secret1), label, data, length)); // Secret 2 processing var p_sha = d.Add (Expand (d, HMac.Create (HashAlgorithmType.Sha1, secret2), label, data, length)); // Perfor XOR of both results var masterSecret = new SecureBuffer (length); for (int i = 0; i < length; i++) masterSecret.Buffer[i] = (byte)(p_md5.Buffer[i] ^ p_sha.Buffer[i]); return masterSecret; }
public override TlsExtension ProcessServer (TlsContext context) { if (!context.IsServer) throw new InvalidOperationException (); if (context.Session.SecureRenegotiation) { if (!TlsBuffer.Compare (context.Session.ClientVerifyData, Data)) throw new TlsException (AlertDescription.HandshakeFailure); } else { if (Data != null && Data.Size != 0) throw new TlsException (AlertDescription.HandshakeFailure); context.HandshakeParameters.RequestedSecureNegotiation = true; context.HandshakeParameters.SecureNegotiationSupported = true; context.Session.SecureRenegotiation = true; return new RenegotiationExtension (new SecureBuffer (0)); } var clientData = context.Session.ClientVerifyData; var serverData = context.Session.ServerVerifyData; #if DEBUG_FULL if (context.EnableDebugging) { DebugHelper.WriteLine ("WRITING CLIENT DATA", clientData); DebugHelper.WriteLine ("WRITING SERVER DATA", serverData); } #endif var data = new SecureBuffer (clientData.Size + serverData.Size); Buffer.BlockCopy (clientData.Buffer, 0, data.Buffer, 0, clientData.Size); Buffer.BlockCopy (serverData.Buffer, 0, data.Buffer, clientData.Size, serverData.Size); return new RenegotiationExtension (data); }
public TlsFinished (SecureBuffer hash) : base (HandshakeType.Finished) { Hash = hash; }
public static bool VerifySignature (SignatureAndHashAlgorithm type, byte[] hash, AsymmetricAlgorithm key, SecureBuffer signature) { if (type.Signature != SignatureAlgorithmType.Rsa) throw new TlsException (AlertDescription.IlegalParameter); return VerifySignature (type.Hash, hash, key, signature); }
void Init (SecureBuffer key) { algorithm.Initialize (); int keyLength = key.Size; if (key.Size > blockSize) { algorithm.TransformFinalBlock (key.Buffer, 0, keyLength); Buffer.BlockCopy (algorithm.Hash, 0, inputPad.Buffer, 0, digestSize); keyLength = digestSize; } else { Array.Copy (key.Buffer, 0, inputPad.Buffer, 0, keyLength); } Array.Clear (inputPad.Buffer, keyLength, blockSize - keyLength); Array.Copy (inputPad.Buffer, 0, outputPad.Buffer, 0, blockSize); xor (inputPad.Buffer, IPAD); xor (outputPad.Buffer, OPAD); // Initialise the digest algorithm.TransformBlock (inputPad.Buffer, 0, inputPad.Size, null, 0); final = false; }
protected override SecureBuffer PRF (DisposeContext d, SecureBuffer secret, string label, SecureBuffer data, int length) { return Expand (d, HMac.Create (HandshakeHashType, secret), label, data, length); }
public override void HandleClient (TlsContext ctx, KeyExchange clientExchange) { var serverDh = (DiffieHellmanKeyExchange)clientExchange; using (var X = new SecureBuffer (dh.DecryptKeyExchange (serverDh.Y))) { ComputeMasterSecret (ctx, X); } }
public void Create (SecureBuffer data, AsymmetricAlgorithm key) { var hash = CreateHash (HashAlgorithm, data); Create (hash, key); }
public bool Verify (SecureBuffer data, AsymmetricAlgorithm key) { var hash = CreateHash (HashAlgorithm, data); return Verify (hash, key); }
internal RenegotiationExtension (TlsBuffer incoming) { Data = new SecureBuffer (incoming.ReadBytes (incoming.ReadByte ())); }
protected virtual void CreateExplicitNonce (SecureBuffer explicitNonce) { random.GetBytes (explicitNonce.Buffer); }
public override void HandleClient (TlsContext context, KeyExchange clientExchange) { var clientKey = ((EllipticCurveKeyExchange)clientExchange).clientKey; clientQ = domainParameters.Curve.DecodePoint (clientKey); var agreement = CalculateAgreement (clientQ, serverD); using (var preMaster = new SecureBuffer (agreement.ToByteArrayUnsigned ())) ComputeMasterSecret (context, preMaster); }
RenegotiationExtension (SecureBuffer data) { Data = data; }
public SignatureTls12 (TlsBuffer incoming) { SignatureAlgorithm = new SignatureAndHashAlgorithm (incoming); Signature = Add (incoming.ReadSecureBuffer (incoming.ReadInt16 ())); }
public override void Create (byte[] hash, AsymmetricAlgorithm key) { Signature = SignatureHelper.CreateSignature (HashAlgorithmType.Md5Sha1, hash, key); }
public override void Create (byte[] hash, AsymmetricAlgorithm key) { Signature = SignatureHelper.CreateSignature (SignatureAlgorithm, hash, key); }
public static HMac Create (HandshakeHashType type, SecureBuffer key) { switch (type) { case HandshakeHashType.SHA256: return new HMac (SHA256.Create (), 64, key); case HandshakeHashType.SHA384: return new HMac (SHA384.Create (), 128, key); default: throw new NotSupportedException (); } }
public static bool VerifySignature (HashAlgorithmType type, byte[] hash, AsymmetricAlgorithm key, SecureBuffer signature) { return MSC.PKCS1.Verify_v15 ((RSA)key, type, hash, signature.Buffer); }
protected override void Read (TlsBuffer incoming) { Hash = new SecureBuffer (incoming.ReadBytes (12)); if (incoming.Remaining != 0) throw new TlsException (AlertDescription.DecodeError); }
HMac (HashAlgorithm algorithm, int blockSize, SecureBuffer key) { this.algorithm = Add (algorithm); this.digestSize = algorithm.HashSize / 8; this.blockSize = blockSize; this.inputPad = CreateBuffer (blockSize); this.outputPad = CreateBuffer (blockSize); Init (key); }