Пример #1
0
        public X509Reader(PublicKeyReaderRegistry keyReaderRegistry, byte[] input)
        {
            SecurityAssert.NotNull(input);

            _keyReaderRegistry = keyReaderRegistry;
            _input             = input;
        }
Пример #2
0
        public RSAPrivateKey(ASN1Object asn1Key)
        {
            // NOTE: currently only supporting PKCS#1 without optional OtherPrimeInfos

            var keySeq = asn1Key as ASN1Sequence;

            SecurityAssert.NotNull(keySeq);
            SecurityAssert.Assert(keySeq !.Count == 9);

            Modulus = GetInteger(keySeq, 1);
            var publicExponent = GetInteger(keySeq, 2);

            Exponent = GetInteger(keySeq, 3);
            var prime1    = GetInteger(keySeq, 4);
            var prime2    = GetInteger(keySeq, 5);
            var exponent1 = GetInteger(keySeq, 6);
            var exponent2 = GetInteger(keySeq, 7);

            // TODO var coefficent = GetInteger(keySeq, 8);

            SecurityAssert.Assert(Modulus == prime1 * prime2);
            SecurityAssert.Assert(exponent1 == Exponent % (prime1 - 1));
            SecurityAssert.Assert(exponent2 == Exponent % (prime2 - 1));
            // TODO assert Coefficent == ((inverse of q) mod p)

            PublicKey = new RSAPublicKey(Modulus, publicExponent);
        }
Пример #3
0
        public void Decrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
        {
            SecurityAssert.AssertBuffer(input, inputOffset, length);
            SecurityAssert.NotNull(PrivateKey);

            var k = PrivateKey !.Modulus.GetByteLength();

            SecurityAssert.Assert(k >= 11);
            SecurityAssert.Assert(length == k);

            var c = OS2IP(input, inputOffset, length);
            var m = DecryptPrimative(c, PrivateKey !);

            var em = I2OSP(m, k);

            SecurityAssert.Assert(em[0] == 0 && em[1] == 2);

            var mIdx = 2;

            while (mIdx < k && em[mIdx] != 0)
            {
                mIdx++;
            }

            SecurityAssert.Assert(mIdx - 2 > 8);
            // advance past zero
            mIdx++;

            SecurityAssert.AssertBuffer(output, outputOffset, k - mIdx);
            Array.Copy(em, mIdx, output, outputOffset, k - mIdx);
        }
Пример #4
0
        public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier algorithm, byte[] input)
        {
            var parameters = CreateParameters(algorithm);

            using (var ms = new MemoryStream(input))
            {
                var asn1 = new DERReader(ms).Read();

                var seq = asn1 as ASN1Sequence;
                SecurityAssert.NotNull(seq);
                SecurityAssert.Assert(seq !.Count >= 2);

                var version = seq !.Elements[0] as ASN1Integer;
                SecurityAssert.NotNull(version);
                SecurityAssert.Assert(version !.Value == 1);

                var dString = seq !.Elements[1] as ASN1OctetString;
                SecurityAssert.NotNull(dString);

                var d = parameters.Field.Value(dString !.Value.ToBigInteger(Endianness.BigEndian));

                var q = Point.Multiply(
                    parameters.Curve,
                    d,
                    parameters.Generator
                    );

                var pub = new ECPublicKey(parameters, q);

                return(new ECPrivateKey(pub, d));
            }
        }
Пример #5
0
        public void Encrypt(byte[] input, int inputOffset, byte[] output, int outputOffset, int length)
        {
            SecurityAssert.AssertBuffer(input, inputOffset, length);
            SecurityAssert.NotNull(PublicKey);

            var k = PublicKey !.Modulus.GetByteLength();

            SecurityAssert.Assert(length <= k - 11);

            var ps = _random.RandomNonZeroBytes(k - length - 3);

            SecurityAssert.Assert(ps.Length >= 8);

            var em = new byte[k];

            em[0] = 0;
            em[1] = 2;
            Array.Copy(ps, 0, em, 2, ps.Length);
            em[ps.Length + 2] = 0;
            Array.Copy(input, inputOffset, em, ps.Length + 3, length);

            var m = OS2IP(em, 0, em.Length);
            var c = EncryptPrimative(m, PublicKey !);

            var result = I2OSP(c, k);

            SecurityAssert.AssertBuffer(output, outputOffset, result.Length);
            Array.Copy(result, 0, output, outputOffset, result.Length);
        }
Пример #6
0
 public CertificateMessage(IReadOnlyCollection <X509Certificate> certificates)
     : base(HandshakeType.Certificate)
 {
     SecurityAssert.NotNull(certificates);
     SecurityAssert.Assert(certificates.Count <= 0xFFFFFF);
     Certificates = certificates;
 }
Пример #7
0
        public PrivateKey ReadKey(byte[] input)
        {
            // PKCS#8 only

            var asn1 = GetASN1(input);

            SecurityAssert.Assert(asn1.HasValue);

            var seq = asn1.Value as ASN1Sequence;

            SecurityAssert.NotNull(seq);
            SecurityAssert.Assert(seq !.Count == 3);

            var version = seq !.Elements[0] as ASN1Integer;

            SecurityAssert.NotNull(version);
            SecurityAssert.Assert(version !.Value == 0);

            var algorithm = X509AlgorithmIdentifier.FromObject(seq.Elements[1]);

            var keyOctetString = seq !.Elements[2] as ASN1OctetString;

            SecurityAssert.NotNull(keyOctetString);

            var reader = _keyReaderRegistry.Resolve(algorithm.Algorithm);

            return(reader.ReadPrivateKey(algorithm, keyOctetString !.Value));
        }
Пример #8
0
        public RC4KeyParameter(byte[] key)
        {
            SecurityAssert.NotNull(key);

            Key = new byte[key.Length];
            Array.Copy(key, Key, key.Length);
        }
Пример #9
0
        public static byte[] GetBytes(string oid)
        {
            SecurityAssert.NotNull(oid);
            SecurityAssert.Assert(oid.Length > 0);

            var parts = oid.Split('.').Select(BigInteger.Parse).ToArray();

            SecurityAssert.Assert(parts.Length >= 2);

            var bytes = new List <byte>();

            SecurityAssert.Assert(parts[0] >= 0 && parts[0] <= 6);
            SecurityAssert.Assert(parts[1] >= 0 && parts[1] < 40);

            var firstByte = parts[0] * 40 + parts[1];

            bytes.Add((byte)firstByte);

            for (var i = 2; i < parts.Length; i++)
            {
                SecurityAssert.Assert(parts[i] >= 0);

                bytes.AddRange(EncodeBase128(parts[i]).Reverse());
            }

            return(bytes.ToArray());
        }
Пример #10
0
        public static string Format(byte[] bytes)
        {
            SecurityAssert.NotNull(bytes);
            SecurityAssert.Assert(bytes.Length > 0);

            var oid        = new StringBuilder();
            var firstOctet = bytes[0];
            var index      = 1;

            oid.AppendFormat("{0}.{1}", firstOctet / 40, firstOctet % 40);

            while (index < bytes.Length)
            {
                var value = new BigInteger();

                while (true)
                {
                    var b = bytes[index++];

                    if ((b & 0x80) == 0)
                    {
                        value = value << 7 | b;
                        break;
                    }

                    SecurityAssert.Assert(index < bytes.Length);

                    value = value << 7 | (b & 0x7F);
                }

                oid.AppendFormat(".{0}", value);
            }

            return(oid.ToString());
        }
Пример #11
0
        public PublicKey ReadPublicKey(X509AlgorithmIdentifier algorithm, BitArray bits)
        {
            SecurityAssert.Assert(IsRSAIdentifier(algorithm.Algorithm));
            SecurityAssert.Assert(algorithm.Parameters.Count == 1 && algorithm.Parameters[0] is ASN1Null);

            var data = bits.ToArray();

            ASN1Object asn1;

            using (var ms = new MemoryStream(data))
            {
                asn1 = new DERReader(ms).Read();
            }

            var keySeq = asn1 as ASN1Sequence;

            SecurityAssert.Assert(keySeq != null && keySeq.Count == 2);

            var modulusInt = keySeq !.Elements[0] as ASN1Integer;

            SecurityAssert.NotNull(modulusInt);
            var exponentInt = keySeq !.Elements[1] as ASN1Integer;

            SecurityAssert.NotNull(exponentInt);

            return(new RSAPublicKey(modulusInt !.Value, exponentInt !.Value));
        }
Пример #12
0
        public HelloExtension(ExtensionType type, byte[] data)
        {
            Type = type;

            SecurityAssert.NotNull(data);
            SecurityAssert.Assert(data.Length >= 0 && data.Length <= 0xFFFF);
            Data = data;
        }
Пример #13
0
        public FinishedMessage(byte[] verifyActual, byte[] verifyExpectedHash) : base(HandshakeType.Finished)
        {
            SecurityAssert.NotNull(verifyActual);
            SecurityAssert.Assert(verifyActual.Length == VerifyDataLength);

            VerifyActual       = verifyActual;
            VerifyExpectedHash = verifyExpectedHash;
        }
Пример #14
0
        public Record(RecordType type, TLSVersion version, byte[] data)
        {
            Type    = type;
            Version = version;

            SecurityAssert.NotNull(data);
            Data = data;
        }
Пример #15
0
        public bool Verify(byte[] input, byte[] signature, IDigest hash)
        {
            if (_publicKey is null || _domain is null || _nField is null)
            {
                throw new InvalidOperationException("ECDSA not initialised");
            }

            FieldValue r, s;

            using (var buffer = new MemoryStream(signature))
            {
                var reader = new DERReader(buffer);

                var seq = reader.Read() as ASN1Sequence;
                SecurityAssert.NotNull(seq);
                SecurityAssert.Assert(seq !.Count == 2);

                var ri = seq.Elements[0] as ASN1Integer;
                SecurityAssert.NotNull(ri);
                r = _nField.Value(ri !.Value);
                SecurityAssert.Assert(r.Value == ri !.Value);

                var si = seq.Elements[1] as ASN1Integer;
                SecurityAssert.NotNull(si);
                s = _nField.Value(si !.Value);
                SecurityAssert.Assert(s.Value == si !.Value);
            }

            // check QA != O
            // check QA is on curve
            SecurityAssert.Assert(_domain.Curve.IsPointOnCurve(_publicKey));
            // check n*QA = O
            // check r and s are in [1, n-1]

            // e = HASH(input)
            hash.Update(input);
            var e = hash.DigestBuffer();

            // z = the Ln leftmost bits of e, where Ln is the bit length of the group order n.
            var z = ToZ(e, _ln);

            // w = 1/s (mod n)
            var w = _nField.Divide(_nField.Value(1), s);

            // u1 = zw (mod n)
            var u1 = _nField.Multiply(w, z);

            // u2 = rw (mod n)
            var u2 = _nField.Multiply(w, r);

            // (x1, y2) = u1 * G + u2 * QA
            var point = Point.Add(_domain.Curve,
                                  a: Point.Multiply(_domain.Curve, u1, _domain.Generator),
                                  b: Point.Multiply(_domain.Curve, u2, _publicKey)) !;

            // return r == x1 (mod n)
            return(r == point.X);
        }
Пример #16
0
        private static T GetElement <T>(ASN1Object asn1, int index)
            where T : ASN1Object
        {
            var obj = GetElement(asn1, index) as T;

            SecurityAssert.NotNull(obj);

            return(obj !);
        }
Пример #17
0
        private static ASN1Set ToSet(ASN1Object asn1, int minLength = 0, int maxLength = int.MaxValue)
        {
            var seq = asn1 as ASN1Set;

            SecurityAssert.NotNull(seq);
            SecurityAssert.Assert(seq !.Count >= minLength && seq !.Count <= maxLength);

            return(seq);
        }
Пример #18
0
        public ICipherParameters Create(ConnectionEnd end, ConnectionDirection direction)
        {
            var key = GetKey(end, direction);

            SecurityAssert.NotNull(key);
            SecurityAssert.Assert(key.Length > 0);

            return(new AESKeyParameter(key));
        }
Пример #19
0
        public TLSStream(Stream inner, IServiceProvider services)
        {
            SecurityAssert.NotNull(inner);
            SecurityAssert.NotNull(services);

            _inner = inner;

            _servicesScope = services.CreateScope();
            Services.GetRequiredService <IStreamAccessor>().Stream = _inner;
        }
Пример #20
0
        public void Put(byte[] data)
        {
            _write.Wait();

            SecurityAssert.NotNull(data);
            SecurityAssert.Assert(data.Length > 0);

            _data.Enqueue(data);
            _read.Release();
        }
Пример #21
0
        private BigInteger GetInteger(ASN1Sequence obj, int index)
        {
            SecurityAssert.Assert(index >= 0 && index < obj.Elements.Count);

            var elem    = obj.Elements[index];
            var intElem = elem as ASN1Integer;

            SecurityAssert.NotNull(intElem);

            return(intElem !.Value);
        }
Пример #22
0
        private IDigest GetMAC(ConnectionDirection direction)
        {
            var digest = _cipherSuitesProvider.ResolveHashAlgorithm(_cipherSuiteConfig.CipherSuite);

            var key = GetMACKey(direction);

            SecurityAssert.NotNull(key);
            SecurityAssert.Assert(key.Length > 0);

            return(new HMAC(digest, key));
        }
Пример #23
0
        private DomainParameters CreateParameters(X509AlgorithmIdentifier algorithm)
        {
            // TODO support other formats

            SecurityAssert.Assert(algorithm.Parameters.Count == 1);
            var curve = algorithm.Parameters[0] as ASN1ObjectIdentifier;

            SecurityAssert.NotNull(curve);

            return(_namedCurvesRegistry.Resolve(curve !));
        }
Пример #24
0
        public ClientHelloMessage(TLSVersion version, byte[] randomBytes, byte[] sessionId, HelloExtension[] extensions, CipherSuite[] cipherSuites, CompressionMethod[] compressionMethods)
            : base(HandshakeType.ClientHello, version, randomBytes, sessionId, extensions)
        {
            SecurityAssert.NotNull(cipherSuites);
            SecurityAssert.Assert(cipherSuites.Length >= 2 && cipherSuites.Length <= 0xFFFE);
            CipherSuites = cipherSuites;

            SecurityAssert.NotNull(compressionMethods);
            SecurityAssert.Assert(compressionMethods.Length >= 1 && cipherSuites.Length <= 0xFF);
            CompressionMethods = compressionMethods;
        }
Пример #25
0
        protected Curve(IField field, FieldValue a, FieldValue b)
        {
            SecurityAssert.NotNull(field);
            SecurityAssert.NotNull(a);
            SecurityAssert.NotNull(b);

            Field = field;

            A = a;
            B = b;
        }
Пример #26
0
        public GHash(byte[] key)
        {
            SecurityAssert.NotNull(key);
            SecurityAssert.Assert(key.Length == 16);

            _key = new byte[16];
            Array.Copy(key, 0, _key, 0, 16);

            _y = new byte[16];

            Reset();
        }
Пример #27
0
        public DHPrivateKey(DHParameterConfig parameters, ASN1Object input)
        {
            var param = input as ASN1Integer;

            SecurityAssert.NotNull(param);

            X = param !.Value;

            var y = BigInteger.ModPow(parameters.G, X, parameters.P);

            DHPublicKey = new DHPublicKey(parameters, y);
        }
Пример #28
0
        public SignedStream(Stream inner, ISignatureCipher signAlgo, IDigest hashAlgo)
        {
            SecurityAssert.NotNull(inner);
            SecurityAssert.Assert(inner.CanWrite);

            InnerStream = inner;

            SecurityAssert.NotNull(signAlgo);
            SecurityAssert.NotNull(hashAlgo);

            SignatureAlgorithm = signAlgo;
            HashAlgorithm      = hashAlgo;
        }
Пример #29
0
        public static X509AlgorithmIdentifier FromObject(ASN1Object asn1)
        {
            var seq = asn1 as ASN1Sequence;

            SecurityAssert.NotNull(seq);
            SecurityAssert.Assert(seq !.Count >= 1);

            var algorithmOid = seq.Elements[0] as ASN1ObjectIdentifier;

            SecurityAssert.NotNull(algorithmOid);
            var parameters = seq.Elements.Skip(1).ToList();

            return(new X509AlgorithmIdentifier(algorithmOid !, parameters));
        }
Пример #30
0
        public HMAC(IDigest digest, byte[] key)
        {
            SecurityAssert.NotNull(digest);
            SecurityAssert.NotNull(key);

            _digest = digest;
            _key    = new byte[digest.BlockSize / 8];

            _state = HMACState.Uninitialised;
            ProcessInputKey(key);
            _state = HMACState.ProcessedKey;

            Reset();
        }