예제 #1
0
        public override byte[] GenerateServerKeyExchange()
        {
            DigestInputBuffer buf = new DigestInputBuffer();

            this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves,
                                                                                         mClientECPointFormats, buf);

            /*
             * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
             */
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
                mContext, mServerCredentials);

            IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);

            SecurityParameters securityParameters = mContext.SecurityParameters;

            d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
            d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
            buf.UpdateDigest(d);

            byte[] hash = DigestUtilities.DoFinal(d);

            byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);

            DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);

            signed_params.Encode(buf);

            return(buf.ToArray());
        }
        public byte[] GenerateServerKeyExchange()
        {
            if (this.mDHParameters == null)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            DigestInputBuffer buf = new DigestInputBuffer();

            this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf);

            /*
             * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
             */
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
                mContext, mServerCredentials);

            IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);

            SecurityParameters securityParameters = mContext.SecurityParameters;

            d.BlockUpdate(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            d.BlockUpdate(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
            buf.UpdateDigest(d);

            byte[] hash = DigestUtilities.DoFinal(d);

            byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);

            DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);

            signed_params.Encode(buf);

            return(buf.ToArray());
        }
        /// <exception cref="IOException"></exception>
        protected virtual IDigest CreateHMacDigest(int macAlgorithm)
        {
            switch (macAlgorithm)
            {
            case MacAlgorithm.cls_null:
                return(null);

            case MacAlgorithm.hmac_md5:
                return(TlsUtilities.CreateHash(HashAlgorithm.md5));

            case MacAlgorithm.hmac_sha1:
                return(TlsUtilities.CreateHash(HashAlgorithm.sha1));

            case MacAlgorithm.hmac_sha256:
                return(TlsUtilities.CreateHash(HashAlgorithm.sha256));

            case MacAlgorithm.hmac_sha384:
                return(TlsUtilities.CreateHash(HashAlgorithm.sha384));

            case MacAlgorithm.hmac_sha512:
                return(TlsUtilities.CreateHash(HashAlgorithm.sha512));

            default:
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
        }
    protected virtual IDigest CreateHMacDigest(int macAlgorithm)
    {
        switch (macAlgorithm)
        {
        case 0:
            return(null);

        case 1:
            return(TlsUtilities.CreateHash(1));

        case 2:
            return(TlsUtilities.CreateHash(2));

        case 3:
            return(TlsUtilities.CreateHash(4));

        case 4:
            return(TlsUtilities.CreateHash(5));

        case 5:
            return(TlsUtilities.CreateHash(6));

        default:
            throw new TlsFatalAlert(80);
        }
    }
예제 #5
0
 protected virtual void CheckTrackingHash(byte hashAlgorithm)
 {
     if (!mHashes.Contains(hashAlgorithm))
     {
         IDigest hash = TlsUtilities.CreateHash(hashAlgorithm);
         mHashes[hashAlgorithm] = hash;
     }
 }
예제 #6
0
    public static SimulatedTlsSrpIdentityManager GetRfc5054Default(Srp6GroupParameters group, byte[] seedKey)
    {
        Srp6VerifierGenerator srp6VerifierGenerator = new Srp6VerifierGenerator();

        srp6VerifierGenerator.Init(group, TlsUtilities.CreateHash(2));
        HMac hMac = new HMac(TlsUtilities.CreateHash(2));

        hMac.Init(new KeyParameter(seedKey));
        return(new SimulatedTlsSrpIdentityManager(group, srp6VerifierGenerator, hMac));
    }
예제 #7
0
        /**
         * Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3
         *
         * @param group the {@link SRP6GroupParameters} defining the group that SRP is operating in
         * @param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3
         * @return an instance of {@link SimulatedTlsSRPIdentityManager}
         */
        public static SimulatedTlsSrpIdentityManager GetRfc5054Default(Srp6GroupParameters group, byte[] seedKey)
        {
            Srp6VerifierGenerator verifierGenerator = new Srp6VerifierGenerator();
            verifierGenerator.Init(group, TlsUtilities.CreateHash(HashAlgorithm.sha1));

            HMac mac = new HMac(TlsUtilities.CreateHash(HashAlgorithm.sha1));
            mac.Init(new KeyParameter(seedKey));

            return new SimulatedTlsSrpIdentityManager(group, verifierGenerator, mac);
        }
예제 #8
0
    public virtual IDigest ForkPrfHash()
    {
        CheckStopBuffering();
        byte b = (byte)mPrfHashAlgorithm;

        if (mBuf != null)
        {
            IDigest digest = TlsUtilities.CreateHash(b);
            mBuf.UpdateDigest(digest);
            return(digest);
        }
        return(TlsUtilities.CloneHash(b, (IDigest)mHashes[b]));
    }
    internal AbstractTlsContext(SecureRandom secureRandom, SecurityParameters securityParameters)
    {
        IDigest digest = TlsUtilities.CreateHash(4);

        byte[] array = new byte[digest.GetDigestSize()];
        secureRandom.NextBytes(array);
        mNonceRandom = new DigestRandomGenerator(digest);
        mNonceRandom.AddSeedMaterial(NextCounterValue());
        mNonceRandom.AddSeedMaterial(Times.NanoTime());
        mNonceRandom.AddSeedMaterial(array);
        mSecureRandom       = secureRandom;
        mSecurityParameters = securityParameters;
    }
예제 #10
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = mContext.SecurityParameters;

            SignerInputBuffer buf   = null;
            Stream            teeIn = input;

            if (mTlsSigner != null)
            {
                buf   = new SignerInputBuffer();
                teeIn = new TeeInputStream(input, buf);
            }

            ServerSrpParams srpParams = ServerSrpParams.Parse(teeIn);

            if (buf != null)
            {
                DigitallySigned signed_params = ParseSignature(input);

                ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
                buf.UpdateSigner(signer);
                if (!signer.VerifySignature(signed_params.Signature))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }

            this.mSrpGroup = new Srp6GroupParameters(srpParams.N, srpParams.G);

            if (!mGroupVerifier.Accept(mSrpGroup))
            {
                throw new TlsFatalAlert(AlertDescription.insufficient_security);
            }

            this.mSrpSalt = srpParams.S;

            /*
             * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
             * B % N = 0.
             */
            try
            {
                this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, srpParams.B);
            }
            catch (CryptoException e)
            {
                throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
            }

            this.mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
        }
예제 #11
0
            public virtual TlsSrpLoginParameters GetLoginParameters(byte[] identity)
            {
                if (Arrays.AreEqual(TEST_IDENTITY, identity))
                {
                    Srp6VerifierGenerator verifierGenerator = new Srp6VerifierGenerator();
                    verifierGenerator.Init(TEST_GROUP, TlsUtilities.CreateHash(HashAlgorithm.sha1));

                    BigInteger verifier = verifierGenerator.GenerateVerifier(TEST_SALT, identity, TEST_PASSWORD);

                    return(new TlsSrpLoginParameters(TEST_GROUP, verifier, TEST_SALT));
                }

                return(unknownIdentityManager.GetLoginParameters(identity));
            }
예제 #12
0
        public virtual IDigest ForkPrfHash()
        {
            CheckStopBuffering();

            byte prfHashAlgorithm = (byte)mPrfHashAlgorithm;

            if (mBuf != null)
            {
                IDigest prfHash = TlsUtilities.CreateHash(prfHashAlgorithm);
                mBuf.UpdateDigest(prfHash);
                return(prfHash);
            }

            return(TlsUtilities.CloneHash(prfHashAlgorithm, (IDigest)mHashes[prfHashAlgorithm]));
        }
        internal AbstractTlsContext(SecureRandom secureRandom, SecurityParameters securityParameters)
        {
            IDigest d = TlsUtilities.CreateHash(HashAlgorithm.sha256);

            byte[] seed = new byte[d.GetDigestSize()];
            secureRandom.NextBytes(seed);

            this.mNonceRandom = new DigestRandomGenerator(d);
            mNonceRandom.AddSeedMaterial(NextCounterValue());
            mNonceRandom.AddSeedMaterial(Times.NanoTime());
            mNonceRandom.AddSeedMaterial(seed);

            this.mSecureRandom       = secureRandom;
            this.mSecurityParameters = securityParameters;
        }
        public AsyncDtlsClientContext(SecureRandom secureRandom, AsyncDtlsSecurityParameters securityParameters)
        {
            IDigest d = TlsUtilities.CreateHash(HashAlgorithm.sha256);

            byte[] seed = new byte[d.GetDigestSize()];
            secureRandom.NextBytes(seed);

            this.nonceRandom = new DigestRandomGenerator(d);
            nonceRandom.AddSeedMaterial(NextCounterValue());
            nonceRandom.AddSeedMaterial(Times.NanoTime());
            nonceRandom.AddSeedMaterial(seed);

            this.secureRandom       = secureRandom;
            this.securityParameters = securityParameters;
        }
예제 #15
0
        protected virtual ISigner MakeSigner(SignatureAndHashAlgorithm algorithm, bool raw, bool forSigning,
                                             ICipherParameters cp)
        {
            if ((algorithm != null) != TlsUtilities.IsTlsV12(mContext))
            {
                throw new InvalidOperationException();
            }
            if (algorithm != null && algorithm.Signature != SignatureAlgorithm.rsa)
            {
                throw new InvalidOperationException();
            }

            IDigest d;

            if (raw)
            {
                d = new NullDigest();
            }
            else if (algorithm == null)
            {
                d = new CombinedHash();
            }
            else
            {
                d = TlsUtilities.CreateHash(algorithm.Hash);
            }

            ISigner s;

            if (algorithm != null)
            {
                /*
                 * RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated
                 * using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1].
                 */
                s = new RsaDigestSigner(d, TlsUtilities.GetOidForHashAlgorithm(algorithm.Hash));
            }
            else
            {
                /*
                 * RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme
                 * that did not include a DigestInfo encoding.
                 */
                s = new GenericSigner(CreateRsaImpl(), d);
            }
            s.Init(forSigning, cp);
            return(s);
        }
예제 #16
0
    protected virtual ISigner MakeSigner(SignatureAndHashAlgorithm algorithm, bool raw, bool forSigning, ICipherParameters cp)
    {
        if (algorithm != null != TlsUtilities.IsTlsV12(mContext))
        {
            throw new InvalidOperationException();
        }
        if (algorithm != null && algorithm.Signature != 1)
        {
            throw new InvalidOperationException();
        }
        IDigest digest = raw ? new NullDigest() : ((algorithm != null) ? TlsUtilities.CreateHash(algorithm.Hash) : new CombinedHash());
        ISigner signer = (algorithm == null) ? ((ISigner) new GenericSigner(CreateRsaImpl(), digest)) : ((ISigner) new RsaDigestSigner(digest, TlsUtilities.GetOidForHashAlgorithm(algorithm.Hash)));

        signer.Init(forSigning, cp);
        return(signer);
    }
예제 #17
0
 public DTLSContext(bool client, Version version, HandshakeInfo handshakeInfo)
 {
     IsServer = !client;
     if (version == DTLSRecord.Version1_2)
     {
         ClientVersion = ProtocolVersion.DTLSv12;
         ServerVersion = ProtocolVersion.DTLSv12;
     }
     else
     {
         ClientVersion = ProtocolVersion.DTLSv10;
         ServerVersion = ProtocolVersion.DTLSv10;
     }
     SecurityParameters   = new DTLSSecurityParameters(version, handshakeInfo);
     NonceRandomGenerator = new DigestRandomGenerator(TlsUtilities.CreateHash(HashAlgorithm.sha256));
     NonceRandomGenerator.AddSeedMaterial(Times.NanoTime());
 }
예제 #18
0
    protected virtual ISigner MakeSigner(SignatureAndHashAlgorithm algorithm, bool raw, bool forSigning, ICipherParameters cp)
    {
        if (algorithm != null != TlsUtilities.IsTlsV12(mContext))
        {
            throw new InvalidOperationException();
        }
        if (algorithm != null && algorithm.Signature != SignatureAlgorithm)
        {
            throw new InvalidOperationException();
        }
        byte    hashAlgorithm = algorithm?.Hash ?? 2;
        IDigest digest        = raw ? new NullDigest() : TlsUtilities.CreateHash(hashAlgorithm);
        ISigner signer        = new DsaDigestSigner(CreateDsaImpl(hashAlgorithm), digest);

        signer.Init(forSigning, MakeInitParameters(forSigning, cp));
        return(signer);
    }
    public override byte[] GenerateServerKeyExchange()
    {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();

        mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, digestInputBuffer);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
        IDigest            digest             = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
        SecurityParameters securityParameters = mContext.SecurityParameters;

        digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
        digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
        digestInputBuffer.UpdateDigest(digest);
        byte[]          hash            = DigestUtilities.DoFinal(digest);
        byte[]          signature       = mServerCredentials.GenerateCertificateSignature(hash);
        DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);

        digitallySigned.Encode(digestInputBuffer);
        return(digestInputBuffer.ToArray());
    }
    public override void ProcessServerKeyExchange(Stream input)
    {
        SecurityParameters securityParameters = mContext.SecurityParameters;
        SignerInputBuffer  signerInputBuffer  = null;
        Stream             input2             = input;

        if (mTlsSigner != null)
        {
            signerInputBuffer = new SignerInputBuffer();
            input2            = new TeeInputStream(input, signerInputBuffer);
        }
        ServerSrpParams serverSrpParams = ServerSrpParams.Parse(input2);

        if (signerInputBuffer != null)
        {
            DigitallySigned digitallySigned = ParseSignature(input);
            ISigner         signer          = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
            signerInputBuffer.UpdateSigner(signer);
            if (!signer.VerifySignature(digitallySigned.Signature))
            {
                throw new TlsFatalAlert(51);
            }
        }
        mSrpGroup = new Srp6GroupParameters(serverSrpParams.N, serverSrpParams.G);
        if (!mGroupVerifier.Accept(mSrpGroup))
        {
            throw new TlsFatalAlert(71);
        }
        mSrpSalt = serverSrpParams.S;
        try
        {
            mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, serverSrpParams.B);
        }
        catch (CryptoException alertCause)
        {
            throw new TlsFatalAlert(47, alertCause);
        }
        mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(2), mContext.SecureRandom);
    }
예제 #21
0
        public override byte[] GenerateServerKeyExchange()
        {
            mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
            BigInteger B = mSrpServer.GenerateServerCredentials();

            ServerSrpParams srpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, B);

            DigestInputBuffer buf = new DigestInputBuffer();

            srpParams.Encode(buf);

            if (mServerCredentials != null)
            {
                /*
                 * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
                 */
                SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
                    mContext, mServerCredentials);

                IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);

                SecurityParameters securityParameters = mContext.SecurityParameters;
                d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
                d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
                buf.UpdateDigest(d);

                byte[] hash = new byte[d.GetDigestSize()];
                d.DoFinal(hash, 0);

                byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);

                DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
                signed_params.Encode(buf);
            }

            return(buf.ToArray());
        }
    public override byte[] GenerateServerKeyExchange()
    {
        mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(2), mContext.SecureRandom);
        BigInteger        b = mSrpServer.GenerateServerCredentials();
        ServerSrpParams   serverSrpParams   = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, b);
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();

        serverSrpParams.Encode(digestInputBuffer);
        if (mServerCredentials != null)
        {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
            IDigest            digest             = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
            SecurityParameters securityParameters = mContext.SecurityParameters;
            digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
            digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
            digestInputBuffer.UpdateDigest(digest);
            byte[] array = new byte[digest.GetDigestSize()];
            digest.DoFinal(array, 0);
            byte[]          signature       = mServerCredentials.GenerateCertificateSignature(array);
            DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
            digitallySigned.Encode(digestInputBuffer);
        }
        return(digestInputBuffer.ToArray());
    }
예제 #23
0
 protected override IDsa CreateDsaImpl(byte hashAlgorithm)
 {
     return(new ECDsaSigner(new HMacDsaKCalculator(TlsUtilities.CreateHash(hashAlgorithm))));
 }
예제 #24
0
 internal CombinedHash()
 {
     this.mMd5  = TlsUtilities.CreateHash(HashAlgorithm.md5);
     this.mSha1 = TlsUtilities.CreateHash(HashAlgorithm.sha1);
 }
예제 #25
0
 internal CombinedHash()
 {
     mMd5  = TlsUtilities.CreateHash(1);
     mSha1 = TlsUtilities.CreateHash(2);
 }