public void InitializeKeyBlock(TlsSecurityParameters securityParameters)
{
SecurityParameters = securityParameters;
// key_block = PRF(SecurityParameters.master_secret, "key expansion",
// SecurityParameters.server_random + SecurityParameters.client_random);
var bytes = securityParameters.Prf.GetSecretBytes(MasterSecret, "key expansion",
ByteString.Combine(ServerRandom, ClientRandom),
securityParameters.KeyMaterialSize / 8);
KeyBlock = new TlsKeyBlock(bytes, securityParameters.MacKeyLength, securityParameters.EncodingKeyLength, securityParameters.FixedIVLength);
}
private static void SetBlockCipher(TlsCipherSuiteName cipherSuiteName, TlsSecurityParameters sp)
{
switch (sp.CipherMode)
{
case TlsCipherMode.CCM:
case TlsCipherMode.GCM:
{
sp.MacAlgorithm = String.Empty;
sp.PrfHashAlgorithm = cipherSuiteName.MacAlgorithm;
sp.MacKeyLength = 0;
sp.MacLength = 16 * 8;
sp.FixedIVLength = 4 * 8;
sp.RecordIVLength = 8 * 8;
break;
}
case TlsCipherMode.CCM_8:
{
sp.MacAlgorithm = String.Empty;
sp.PrfHashAlgorithm = cipherSuiteName.MacAlgorithm;
sp.MacKeyLength = 0;
sp.MacLength = 8 * 8;
sp.FixedIVLength = 4 * 8;
sp.RecordIVLength = 8 * 8;
break;
}
case TlsCipherMode.EDE_CBC:
case TlsCipherMode.CBC:
{
sp.MacAlgorithm = cipherSuiteName.MacAlgorithm;
sp.MacKeyLength = GetMacLength(cipherSuiteName.MacAlgorithm); // actually the same value as mac length
sp.MacLength = GetMacLength(cipherSuiteName.MacAlgorithm);
sp.FixedIVLength = GetBlockLength(cipherSuiteName.BlockCipherName);
sp.RecordIVLength = 0;
sp.PrfHashAlgorithm = cipherSuiteName.MacAlgorithm;
break;
}
}
}
/// <summary>
/// Creates the instance of <see cref="TlsSecurityParameters"/> class. This is the easiest way of creating the object.
/// </summary>
/// <param name="protocolVersion">SSL/TLS version value.</param>
/// <param name="cipherSuite">String representation of the cipher suite. This will be parsed to extract necessary information for creating the new object.</param>
/// <param name="compressionMethod">The type of compression method used.</param>
/// <returns>A new <see cref="TlsSecurityParameters"/> object.</returns>
public static TlsSecurityParameters Create(SslProtocols protocolVersion, string cipherSuite, TlsPacket.CompressionMethods compressionMethod = TlsPacket.CompressionMethods.NullCompression)
{
var sp = new TlsSecurityParameters();
var cipherSuiteName = new TlsCipherSuiteName(cipherSuite);
sp.ProtocolVersion = protocolVersion;
sp.CipherAlgorithm = cipherSuiteName.BlockCipherName;
sp.CommpressionMethod = compressionMethod;
sp.EncodingKeyLength = GetEncodingKeyLength(cipherSuiteName.BlockCipherName, cipherSuiteName.BlockCipherSize);
if (IsStreamAlgorithm(cipherSuiteName.BlockCipherName))
{
sp.CipherMode = TlsCipherMode.Unknown;
SetStreamCipher(cipherSuiteName, sp);
}
else
{
var cipherMode = TlsCipherMode.Unknown;
Enum.TryParse(cipherSuiteName.BlockCipherMode, true, out cipherMode);
sp.CipherMode = cipherMode;
SetBlockCipher(cipherSuiteName, sp);
}
return(sp);
}
private static void SetStreamCipher(TlsCipherSuiteName cipherSuiteName, TlsSecurityParameters sp)
{
throw new NotImplementedException();
}