/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, 64);
KeyParameter client_write_key = new KeyParameter(key_block, 0, 32);
KeyParameter server_write_key = new KeyParameter(key_block, 32, 32);
this.encryptCipher = new ChaChaEngine(20);
this.decryptCipher = new ChaChaEngine(20);
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[8];
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, dummyNonce));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, dummyNonce));
}
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if (clientWriteDigest == null != (serverWriteDigest == null))
{
throw new TlsFatalAlert(80);
}
this.context = context;
TlsMac tlsMac = null;
TlsMac tlsMac2 = null;
if (clientWriteDigest != null)
{
int num = clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
tlsMac = new TlsMac(context, clientWriteDigest, key, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
tlsMac2 = new TlsMac(context, serverWriteDigest, key, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
}
if (context.IsServer)
{
writeMac = tlsMac2;
readMac = tlsMac;
}
else
{
writeMac = tlsMac;
readMac = tlsMac2;
}
}
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.context = context;
byte[] key = TlsUtilities.CalculateKeyBlock(context, 64);
KeyParameter keyParameter = new KeyParameter(key, 0, 32);
KeyParameter keyParameter2 = new KeyParameter(key, 32, 32);
encryptCipher = new ChaChaEngine(20);
decryptCipher = new ChaChaEngine(20);
KeyParameter parameters;
KeyParameter parameters2;
if (context.IsServer)
{
parameters = keyParameter2;
parameters2 = keyParameter;
}
else
{
parameters = keyParameter;
parameters2 = keyParameter2;
}
byte[] iv = new byte[8];
encryptCipher.Init(forEncryption: true, new ParametersWithIV(parameters, iv));
decryptCipher.Init(forEncryption: false, new ParametersWithIV(parameters2, iv));
}
/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
int cipherKeySize = 32;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 12;
// TODO SecurityParameters.record_iv_length = 0
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.encryptCipher = new ChaCha7539Engine();
this.decryptCipher = new ChaCha7539Engine();
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
this.encryptIV = server_write_IV;
this.decryptIV = client_write_IV;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
this.encryptIV = client_write_IV;
this.decryptIV = server_write_IV;
}
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, encryptIV));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, decryptIV));
}
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher, IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize, bool usesNonce)
{
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
TlsMac tlsMac = new TlsMac(context, clientWriteDigest, key, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, key, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
KeyParameter keyParameter = new KeyParameter(key, num2, cipherKeySize);
num2 += cipherKeySize;
KeyParameter keyParameter2 = new KeyParameter(key, num2, cipherKeySize);
num2 += cipherKeySize;
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
ICipherParameters parameters;
ICipherParameters parameters2;
if (isServer)
{
writeMac = tlsMac2;
readMac = tlsMac;
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
parameters = keyParameter2;
parameters2 = keyParameter;
}
else
{
writeMac = tlsMac;
readMac = tlsMac2;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
parameters = keyParameter;
parameters2 = keyParameter2;
}
if (usesNonce)
{
byte[] iv = new byte[8];
parameters = new ParametersWithIV(parameters, iv);
parameters2 = new ParametersWithIV(parameters2, iv);
}
encryptCipher.Init(forEncryption: true, parameters);
decryptCipher.Init(forEncryption: false, parameters2);
}
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher, int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.context = context;
this.macSize = macSize;
nonce_explicit_length = 8;
int num = 4;
int num2 = 2 * cipherKeySize + 2 * num;
byte[] array = TlsUtilities.CalculateKeyBlock(context, num2);
int num3 = 0;
KeyParameter keyParameter = new KeyParameter(array, num3, cipherKeySize);
num3 += cipherKeySize;
KeyParameter keyParameter2 = new KeyParameter(array, num3, cipherKeySize);
num3 += cipherKeySize;
byte[] array2 = Arrays.CopyOfRange(array, num3, num3 + num);
num3 += num;
byte[] array3 = Arrays.CopyOfRange(array, num3, num3 + num);
num3 += num;
if (num3 != num2)
{
throw new TlsFatalAlert(80);
}
KeyParameter key;
KeyParameter key2;
if (context.IsServer)
{
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
encryptImplicitNonce = array3;
decryptImplicitNonce = array2;
key = keyParameter2;
key2 = keyParameter;
}
else
{
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
encryptImplicitNonce = array2;
decryptImplicitNonce = array3;
key = keyParameter;
key2 = keyParameter2;
}
byte[] nonce = new byte[num + nonce_explicit_length];
encryptCipher.Init(forEncryption: true, new AeadParameters(key, 8 * macSize, nonce));
decryptCipher.Init(forEncryption: false, new AeadParameters(key2, 8 * macSize, nonce));
}
/// <exception cref="IOException"></exception>
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if ((clientWriteDigest == null) != (serverWriteDigest == null))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
TlsMac clientWriteMac = null, serverWriteMac = null;
if (clientWriteDigest != null)
{
int key_block_size = clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
if (context.IsServer)
{
writeMac = serverWriteMac;
readMac = clientWriteMac;
}
else
{
writeMac = clientWriteMac;
readMac = serverWriteMac;
}
}
/// <exception cref="IOException"></exception>
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher,
IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
this.context = context;
this.randomData = new byte[256];
context.NonceRandomGenerator.NextBytes(randomData);
this.useExplicitIV = TlsUtilities.IsTlsV11(context);
this.encryptThenMac = context.SecurityParameters.encryptThenMac;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
// From TLS 1.1 onwards, block ciphers don't need client_write_IV
if (!useExplicitIV)
{
key_block_size += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV, server_write_IV;
if (useExplicitIV)
{
client_write_IV = new byte[clientWriteCipher.GetBlockSize()];
server_write_IV = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + clientWriteCipher.GetBlockSize());
offset += clientWriteCipher.GetBlockSize();
server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + serverWriteCipher.GetBlockSize());
offset += serverWriteCipher.GetBlockSize();
}
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ICipherParameters encryptParams, decryptParams;
if (context.IsServer)
{
this.mWriteMac = serverWriteMac;
this.mReadMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
encryptParams = new ParametersWithIV(server_write_key, server_write_IV);
decryptParams = new ParametersWithIV(client_write_key, client_write_IV);
}
else
{
this.mWriteMac = clientWriteMac;
this.mReadMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
encryptParams = new ParametersWithIV(client_write_key, client_write_IV);
decryptParams = new ParametersWithIV(server_write_key, server_write_IV);
}
this.encryptCipher.Init(true, encryptParams);
this.decryptCipher.Init(false, decryptParams);
}
/// <exception cref="IOException"></exception>
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher,
IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest,
int cipherKeySize, bool usesNonce)
{
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
// Init MACs
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
// Build keys
KeyParameter clientWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter serverWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ICipherParameters encryptParams, decryptParams;
if (isServer)
{
this.writeMac = serverWriteMac;
this.readMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
encryptParams = serverWriteKey;
decryptParams = clientWriteKey;
}
else
{
this.writeMac = clientWriteMac;
this.readMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
encryptParams = clientWriteKey;
decryptParams = serverWriteKey;
}
if (usesNonce)
{
byte[] dummyNonce = new byte[8];
encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
decryptParams = new ParametersWithIV(decryptParams, dummyNonce);
}
this.encryptCipher.Init(true, encryptParams);
this.decryptCipher.Init(false, decryptParams);
}
/// <exception cref="IOException"></exception>
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
this.macSize = macSize;
// NOTE: Valid for RFC 5288/6655 ciphers but may need review for other AEAD ciphers
this.nonce_explicit_length = 8;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 4;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + nonce_explicit_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
/// <exception cref="IOException"></exception>
internal TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize, int nonceMode)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.nonceMode = nonceMode;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length;
switch (nonceMode)
{
case NONCE_RFC5288:
fixed_iv_length = 4;
this.record_iv_length = 8;
break;
case NONCE_DRAFT_CHACHA20_POLY1305:
fixed_iv_length = 12;
this.record_iv_length = 0;
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
this.macSize = macSize;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + record_iv_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
this.context = context;
randomData = new byte[256];
context.NonceRandomGenerator.NextBytes(randomData);
useExplicitIV = TlsUtilities.IsTlsV11(context);
encryptThenMac = context.SecurityParameters.encryptThenMac;
int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
if (!useExplicitIV)
{
num += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] array = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
TlsMac tlsMac = new TlsMac(context, clientWriteDigest, array, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, array, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
KeyParameter parameters = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
KeyParameter parameters2 = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
byte[] iv;
byte[] iv2;
if (useExplicitIV)
{
iv = new byte[clientWriteCipher.GetBlockSize()];
iv2 = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
iv = Arrays.CopyOfRange(array, num2, num2 + clientWriteCipher.GetBlockSize());
num2 += clientWriteCipher.GetBlockSize();
iv2 = Arrays.CopyOfRange(array, num2, num2 + serverWriteCipher.GetBlockSize());
num2 += serverWriteCipher.GetBlockSize();
}
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
ICipherParameters parameters3;
ICipherParameters parameters4;
if (context.IsServer)
{
mWriteMac = tlsMac2;
mReadMac = tlsMac;
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
parameters3 = new ParametersWithIV(parameters2, iv2);
parameters4 = new ParametersWithIV(parameters, iv);
}
else
{
mWriteMac = tlsMac;
mReadMac = tlsMac2;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
parameters3 = new ParametersWithIV(parameters, iv);
parameters4 = new ParametersWithIV(parameters2, iv2);
}
encryptCipher.Init(forEncryption: true, parameters3);
decryptCipher.Init(forEncryption: false, parameters4);
}