Пример #1
0
        public override byte[] GetSecretBytes(byte[] secret, string labelString, byte[] random, int requiredLength)
        {
            var label = Encoding.ASCII.GetBytes(labelString);
            var key1  = new Span <byte>(secret).Slice(0, secret.Length / 2).ToArray();
            var key2  = new Span <byte>(secret).Slice(secret.Length / 2, secret.Length / 2).ToArray();

            var hmacMd5 = new HMACMD5(key1);
            var hmacSha = new HMACSHA1(key2);

            var md5iterations = (requiredLength / (hmacMd5.HashSize / 8)) + 1;
            var shaiterations = (requiredLength / (hmacSha.HashSize / 8)) + 1;

            var seed = ByteString.Combine(label, random);

            var md5byteArrays = GetAValues(hmacMd5, seed)
                                .Take(md5iterations)
                                .Select(a => hmacMd5.ComputeHash(ByteString.Combine(a, seed)));

            var md5bytes = ByteString.Combine(md5byteArrays.ToArray());

            var shaByteArrays = GetAValues(hmacSha, seed)
                                .Take(shaiterations)
                                .Select(a => hmacSha.ComputeHash(ByteString.Combine(a, seed)));

            var shabytes = ByteString.Combine(shaByteArrays.ToArray());

            byte[] prfbytes = XorBytes(requiredLength, md5bytes, shabytes);

            //
            return(prfbytes);
        }
Пример #2
0
 public void SetServerHello(TlsPacket.TlsServerHello serverHello, TlsPacketContext packetContext)
 {
     m_tlsDecoder.ProtocolVersion = TlsSecurityParameters.GetSslProtocolVersion(serverHello.Version.Major, serverHello.Version.Minor);
     m_tlsDecoder.ServerRandom    = ByteString.Combine(serverHello.Random.RandomTime, serverHello.Random.RandomBytes);
     m_tlsDecoder.CipherSuite     = (TlsCipherSuite)serverHello.CipherSuite.CipherId;
     m_tlsDecoder.Compression     = serverHello.CompressionMethod;
 }
Пример #3
0
        static void TestDecryptTls()
        {
            ShaPrfAlgorithm.Test100();

            var secret       = "64e2d01fa9bd9e7da52377465b6ce5d6e2fe37517d54199ed4d2714b4741494c7a702f972fd8d23a94ef89d9f0c3a880";
            var clientRandom = "029b68c172bc58b0463396de16b69a64f49109a1af6e8ce177aabd7323645693";
            var serverRandom = "79b72bc1cb4465b284b8796b65b08a4b6d8d741b36b5d75634ce612345e6f744";
            var cipherBytes  = new Span <byte>(File.ReadAllBytes("encrypted.raw"));

            var prf           = new ShaPrfAlgorithm();
            var keyBlockBytes = prf.GetSecretBytes(ByteString.StringToByteArray(secret),
                                                   "key expansion",
                                                   ByteString.Combine(ByteString.StringToByteArray(serverRandom), ByteString.StringToByteArray(clientRandom)), 40);
            var keyBlock = new TlsKeyBlock(keyBlockBytes, 0, 16, 4);

            var sequenceNumber = 1ul;

            var fixedNonce  = keyBlock.ClientIV.Slice(0, 4);
            var recordNonce = cipherBytes.Slice(0, 8);

            // nonce = client_iv + sequence_id
            var nonce = ByteString.Combine(fixedNonce.ToArray(), recordNonce.ToArray());

            // additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length;
            // TLSCompressed.length = Length - recordIv.size - Mac.size
            var additionalData = ByteString.Combine(
                BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
                new byte[] { 0x17, 0x03, 0x03, 0x01, 0xc7 - (8 + 16) });

            var gsm        = new GcmBlockCipher(new AesEngine());
            var plainBytes = TlsDecoder.DecryptAead(gsm, keyBlock.ClientWriteKey, nonce, cipherBytes.Slice(8), additionalData);

            Console.WriteLine(Encoding.ASCII.GetString(plainBytes));
        }
Пример #4
0
        private Span <byte> ComputeNonce(TlsKeys tlsKeys, Span <byte> content)
        {
            var fixedNonce        = new Span <byte>(tlsKeys.IV).Slice(0, SecurityParameters.FixedIVLength / 8);
            var recordNonceLength = SecurityParameters.RecordIVLength / 8;
            var recordNonce       = content.Slice(0, recordNonceLength);
            var nonce             = ByteString.Combine(fixedNonce.ToArray(), recordNonce.ToArray());

            return(nonce);
        }
Пример #5
0
        public void InitializeKeyBlock(TlsSecurityParameters securityParameters)
        {
            SecurityParameters = securityParameters;
            // key_block = PRF(SecurityParameters.master_secret, "key expansion",
            // SecurityParameters.server_random + SecurityParameters.client_random);
            var bytes = securityParameters.Prf.GetSecretBytes(MasterSecret, "key expansion",
                                                              ByteString.Combine(ServerRandom, ClientRandom),
                                                              securityParameters.KeyMaterialSize / 8);

            KeyBlock = new TlsKeyBlock(bytes, securityParameters.MacKeyLength, securityParameters.EncodingKeyLength, securityParameters.FixedIVLength);
        }
Пример #6
0
        public override byte[] GetSecretBytes(byte[] secret, string labelString, byte[] random, int requiredLength)
        {
            var keyedHashAlgorithm = this.hashAlgorithm;

            keyedHashAlgorithm.Key = secret;
            keyedHashAlgorithm.Initialize();
            var shaiterations = (requiredLength / (keyedHashAlgorithm.HashSize / 8)) + 1;
            var label         = Encoding.ASCII.GetBytes(labelString);
            var seed          = ByteString.Combine(label, random);
            var shaByteArrays = GetAValues(keyedHashAlgorithm, seed)
                                .Take(shaiterations)
                                .Select(a => keyedHashAlgorithm.ComputeHash(ByteString.Combine(a, seed)));
            var prfbytes = new Span <byte>(ByteString.Combine(shaByteArrays.ToArray())).Slice(0, requiredLength).ToArray();

            return(prfbytes);
        }
Пример #7
0
        public byte[] DecryptApplicationData(TlsKeys tlsKeys, TlsPacket.TlsApplicationData applicationData, ulong sequenceNumber)
        {
            if (KeyBlock == null)
            {
                throw new InvalidOperationException($"KeyBlock not initialized. Please, call {nameof(InitializeKeyBlock)} first.");
            }

            var content = new Span <byte>(applicationData.Body);

            if (this.SecurityParameters.CipherType == TlsCipherType.Aead)
            {
                var macLength         = SecurityParameters.MacLength / 8;
                var recordNonceLength = SecurityParameters.RecordIVLength / 8;
                var nonce             = ComputeNonce(tlsKeys, content);
                var additionalData    = ByteString.Combine(
                    BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
                    new byte[] { (byte)applicationData.M_Parent.ContentType,
                                 applicationData.M_Parent.Version.Major,
                                 applicationData.M_Parent.Version.Minor },
                    BitConverter.GetBytes((ushort)(applicationData.Body.Length - (recordNonceLength + macLength))).Reverse().ToArray()
                    );

                var aead = CreateAeadCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
                return(DecryptAead(aead, tlsKeys.EncodingKey, nonce, content.Slice(recordNonceLength), additionalData));
            }
            if (this.SecurityParameters.CipherType == TlsCipherType.Block)
            {
                var cbc = CreateBlockCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
                var mac = CreateHMacAlgorithm(SecurityParameters.MacAlgorithm);
                return(DecryptBlock(cbc, mac, tlsKeys.EncodingKey, tlsKeys.IV, tlsKeys.MacKey, content));
            }
            if (this.SecurityParameters.CipherType == TlsCipherType.Stream)
            {
                throw new NotImplementedException();
            }
            throw new NotSupportedException($"Decrypting {CipherSuite.ToString()} is not supported.");
        }
Пример #8
0
 public void SetClientHello(TlsPacket.TlsClientHello clientHello, TlsPacketContext packetContext)
 {
     m_tlsDecoder.ClientRandom = ByteString.Combine(clientHello.Random.RandomTime, clientHello.Random.RandomBytes);
 }