Пример #1
0
        public TlsStreamCipher(TlsClientContext context, IStreamCipher encryptCipher,
            IStreamCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize)
        {
            this.context = context;
            this.encryptCipher = encryptCipher;
            this.decryptCipher = decryptCipher;

            int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize()
                + readDigest.GetDigestSize();

            SecurityParameters securityParameters = context.SecurityParameters;

            byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion",
                TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                prfSize);

            int offset = 0;

            // Init MACs
            writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset);
            readMac = CreateTlsMac(readDigest, keyBlock, ref offset);

            // Build keys
            KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);
            KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);

            if (offset != prfSize)
                throw new TlsFatalAlert(AlertDescription.internal_error);

            // Init Ciphers
            encryptCipher.Init(true, encryptKey);
            decryptCipher.Init(false, decryptKey);
        }
Пример #2
0
        public TlsStreamCipher(TlsClientContext context, IStreamCipher encryptCipher,
                               IStreamCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize)
        {
            this.context       = context;
            this.encryptCipher = encryptCipher;
            this.decryptCipher = decryptCipher;

            int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize()
                          + readDigest.GetDigestSize();

            SecurityParameters securityParameters = context.SecurityParameters;

            byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion",
                                               TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                                               prfSize);

            int offset = 0;

            // Init MACs
            writeMac = CreateTlsMac(writeDigest, keyBlock, ref offset);
            readMac  = CreateTlsMac(readDigest, keyBlock, ref offset);

            // Build keys
            KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);
            KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);

            if (offset != prfSize)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            // Init Ciphers
            encryptCipher.Init(true, encryptKey);
            decryptCipher.Init(false, decryptKey);
        }
Пример #3
0
        internal TlsSrpKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
                                   byte[] identity, byte[] password)
        {
            switch (keyExchange)
            {
            case KeyExchangeAlgorithm.SRP:
                this.tlsSigner = null;
                break;

            case KeyExchangeAlgorithm.SRP_RSA:
                this.tlsSigner = new TlsRsaSigner();
                break;

            case KeyExchangeAlgorithm.SRP_DSS:
                this.tlsSigner = new TlsDssSigner();
                break;

            default:
                throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
            }

            this.context     = context;
            this.keyExchange = keyExchange;
            this.identity    = identity;
            this.password    = password;
        }
Пример #4
0
		public virtual TlsCipher CreateCipher(TlsClientContext context,
			EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm)
		{
			switch (encryptionAlgorithm)
			{
				case EncryptionAlgorithm.cls_3DES_EDE_CBC:
					return CreateDesEdeCipher(context, 24, digestAlgorithm);
				case EncryptionAlgorithm.AES_128_CBC:
					return CreateAesCipher(context, 16, digestAlgorithm);
				case EncryptionAlgorithm.AES_256_CBC:
					return CreateAesCipher(context, 32, digestAlgorithm);
				default:
					throw new TlsFatalAlert(AlertDescription.internal_error);
			}
		}
Пример #5
0
		internal TlsPskKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
			TlsPskIdentity pskIdentity)
		{
			switch (keyExchange)
			{
				case KeyExchangeAlgorithm.PSK:
				case KeyExchangeAlgorithm.RSA_PSK:
				case KeyExchangeAlgorithm.DHE_PSK:
					break;
				default:
					throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
			}

			this.context = context;
			this.keyExchange = keyExchange;
			this.pskIdentity = pskIdentity;
		}
Пример #6
0
        public TlsBlockCipher(TlsClientContext context, IBlockCipher encryptCipher,
                              IBlockCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize)
        {
            this.context = context;

            this.randomData = new byte[256];
            context.SecureRandom.NextBytes(randomData);

            this.encryptCipher = encryptCipher;
            this.decryptCipher = decryptCipher;

            int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize()
                          + readDigest.GetDigestSize() + encryptCipher.GetBlockSize()
                          + decryptCipher.GetBlockSize();

            SecurityParameters securityParameters = context.SecurityParameters;

            byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion",
                                               TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                                               prfSize);

            int offset = 0;

            // Init MACs
            wMac = CreateTlsMac(writeDigest, keyBlock, ref offset);
            rMac = CreateTlsMac(readDigest, keyBlock, ref offset);

            // Build keys
            KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);
            KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);

            // Add IVs
            ParametersWithIV encryptParams = CreateParametersWithIV(encryptKey,
                                                                    keyBlock, ref offset, encryptCipher.GetBlockSize());
            ParametersWithIV decryptParams = CreateParametersWithIV(decryptKey,
                                                                    keyBlock, ref offset, decryptCipher.GetBlockSize());

            if (offset != prfSize)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            // Init Ciphers
            encryptCipher.Init(true, encryptParams);
            decryptCipher.Init(false, decryptParams);
        }
Пример #7
0
        internal TlsPskKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
                                   TlsPskIdentity pskIdentity)
        {
            switch (keyExchange)
            {
            case KeyExchangeAlgorithm.PSK:
            case KeyExchangeAlgorithm.RSA_PSK:
            case KeyExchangeAlgorithm.DHE_PSK:
                break;

            default:
                throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
            }

            this.context     = context;
            this.keyExchange = keyExchange;
            this.pskIdentity = pskIdentity;
        }
Пример #8
0
        public virtual TlsCipher CreateCipher(TlsClientContext context,
                                              EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm)
        {
            switch (encryptionAlgorithm)
            {
            case EncryptionAlgorithm.cls_3DES_EDE_CBC:
                return(CreateDesEdeCipher(context, 24, digestAlgorithm));

            case EncryptionAlgorithm.AES_128_CBC:
                return(CreateAesCipher(context, 16, digestAlgorithm));

            case EncryptionAlgorithm.AES_256_CBC:
                return(CreateAesCipher(context, 32, digestAlgorithm));

            default:
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
        }
Пример #9
0
		public TlsBlockCipher(TlsClientContext context, IBlockCipher encryptCipher,
			IBlockCipher decryptCipher, IDigest writeDigest, IDigest readDigest, int cipherKeySize)
		{
			this.context = context;

            this.randomData = new byte[256];
            context.SecureRandom.NextBytes(randomData);

            this.encryptCipher = encryptCipher;
			this.decryptCipher = decryptCipher;

			int prfSize = (2 * cipherKeySize) + writeDigest.GetDigestSize()
				+ readDigest.GetDigestSize() + encryptCipher.GetBlockSize()
				+ decryptCipher.GetBlockSize();

			SecurityParameters securityParameters = context.SecurityParameters;

			byte[] keyBlock = TlsUtilities.PRF(securityParameters.masterSecret, "key expansion",
				TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
				prfSize);

			int offset = 0;

			// Init MACs
			wMac = CreateTlsMac(writeDigest, keyBlock, ref offset);
            rMac = CreateTlsMac(readDigest, keyBlock, ref offset);

			// Build keys
			KeyParameter encryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);
			KeyParameter decryptKey = CreateKeyParameter(keyBlock, ref offset, cipherKeySize);

			// Add IVs
			ParametersWithIV encryptParams = CreateParametersWithIV(encryptKey,
				keyBlock, ref offset, encryptCipher.GetBlockSize());
			ParametersWithIV decryptParams = CreateParametersWithIV(decryptKey,
				keyBlock, ref offset, decryptCipher.GetBlockSize());

			if (offset != prfSize)
				throw new TlsFatalAlert(AlertDescription.internal_error);

			// Init Ciphers
			encryptCipher.Init(true, encryptParams);
			decryptCipher.Init(false, decryptParams);
		}
Пример #10
0
        public DefaultTlsSignerCredentials(TlsClientContext context,
                                           Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
        {
            if (clientCertificate == null)
            {
                throw new ArgumentNullException("clientCertificate");
            }
            if (clientCertificate.Length == 0)
            {
                throw new ArgumentException("cannot be empty", "clientCertificate");
            }
            if (clientPrivateKey == null)
            {
                throw new ArgumentNullException("clientPrivateKey");
            }
            if (!clientPrivateKey.IsPrivate)
            {
                throw new ArgumentException("must be private", "clientPrivateKey");
            }

            if (clientPrivateKey is RsaKeyParameters)
            {
                clientSigner = new TlsRsaSigner();
            }
            else if (clientPrivateKey is DsaPrivateKeyParameters)
            {
                clientSigner = new TlsDssSigner();
            }
            else if (clientPrivateKey is ECPrivateKeyParameters)
            {
                clientSigner = new TlsECDsaSigner();
            }
            else
            {
                throw new ArgumentException("type not supported: "
                                            + clientPrivateKey.GetType().FullName, "clientPrivateKey");
            }

            this.context          = context;
            this.clientCert       = clientCertificate;
            this.clientPrivateKey = clientPrivateKey;
        }
Пример #11
0
        public DefaultTlsSignerCredentials(TlsClientContext context,
            Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
        {
            if (clientCertificate == null)
            {
                throw new ArgumentNullException("clientCertificate");
            }
            if (clientCertificate.Length == 0)
            {
                throw new ArgumentException("cannot be empty", "clientCertificate");
            }
            if (clientPrivateKey == null)
            {
                throw new ArgumentNullException("clientPrivateKey");
            }
            if (!clientPrivateKey.IsPrivate)
            {
                throw new ArgumentException("must be private", "clientPrivateKey");
            }

            if (clientPrivateKey is RsaKeyParameters)
            {
                clientSigner = new TlsRsaSigner();
            }
            else if (clientPrivateKey is DsaPrivateKeyParameters)
            {
                clientSigner = new TlsDssSigner();
            }
            else if (clientPrivateKey is ECPrivateKeyParameters)
            {
                clientSigner = new TlsECDsaSigner();
            }
            else
            {
                throw new ArgumentException("type not supported: "
                    + clientPrivateKey.GetType().FullName, "clientPrivateKey");
            }

            this.context = context;
            this.clientCert = clientCertificate;
            this.clientPrivateKey = clientPrivateKey;
        }
Пример #12
0
		internal TlsDHKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
		{
			switch (keyExchange)
			{
				case KeyExchangeAlgorithm.DH_RSA:
				case KeyExchangeAlgorithm.DH_DSS:
					this.tlsSigner = null;
					break;
				case KeyExchangeAlgorithm.DHE_RSA:
					this.tlsSigner = new TlsRsaSigner();
					break;
				case KeyExchangeAlgorithm.DHE_DSS:
					this.tlsSigner = new TlsDssSigner();
					break;
				default:
					throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
			}

			this.context = context;
			this.keyExchange = keyExchange;
		}
Пример #13
0
        internal TlsSrpKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
            byte[] identity, byte[] password)
        {
            switch (keyExchange)
            {
                case KeyExchangeAlgorithm.SRP:
                    this.tlsSigner = null;
                    break;
                case KeyExchangeAlgorithm.SRP_RSA:
                    this.tlsSigner = new TlsRsaSigner();
                    break;
                case KeyExchangeAlgorithm.SRP_DSS:
                    this.tlsSigner = new TlsDssSigner();
                    break;
                default:
                    throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
            }

            this.context = context;
            this.keyExchange = keyExchange;
            this.identity = identity;
            this.password = password;
        }
Пример #14
0
        internal TlsECDHKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
        {
            switch (keyExchange)
            {
            case KeyExchangeAlgorithm.ECDHE_RSA:
                this.tlsSigner = new TlsRsaSigner();
                break;

            case KeyExchangeAlgorithm.ECDHE_ECDSA:
                this.tlsSigner = new TlsECDsaSigner();
                break;

            case KeyExchangeAlgorithm.ECDH_RSA:
            case KeyExchangeAlgorithm.ECDH_ECDSA:
                this.tlsSigner = null;
                break;

            default:
                throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
            }

            this.context     = context;
            this.keyExchange = keyExchange;
        }
Пример #15
0
 /// <exception cref="IOException"></exception>
 protected virtual TlsCipher CreateRC4Cipher(TlsClientContext context, int cipherKeySize, DigestAlgorithm digestAlgorithm)
 {
     return(new TlsStreamCipher(context, CreateRC4StreamCipher(), CreateRC4StreamCipher(), CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize));
 }
Пример #16
0
 internal TlsECDheKeyExchange(TlsClientContext context, int keyExchange)
     : base(context, keyExchange)
 {
 }
Пример #17
0
 public void InitClient(TlsClientContext context)
 {
     base.Init(context);
     this.certificateData = new CertificateData(keystore, keystorePassword, context, true, null);
 }
Пример #18
0
 /// <exception cref="IOException"></exception>
 protected virtual TlsCipher CreateDesEdeCipher(TlsClientContext context, int cipherKeySize,
                                                DigestAlgorithm digestAlgorithm)
 {
     return(new TlsBlockCipher(context, CreateDesEdeBlockCipher(), CreateDesEdeBlockCipher(),
                               CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize));
 }
Пример #19
0
 internal TlsRsaKeyExchange(TlsClientContext context)
 {
     this.context = context;
 }
Пример #20
0
		internal TlsDheKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
			: base(context, keyExchange)
		{
		}
Пример #21
0
 public virtual void Init(TlsClientContext context)
 {
     this.context = context;
 }
Пример #22
0
 internal TlsDheKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
     : base(context, keyExchange)
 {
 }
Пример #23
0
 internal TlsRsaKeyExchange(TlsClientContext context)
 {
     this.context = context;
 }
Пример #24
0
 /// <exception cref="IOException"></exception>
 protected virtual TlsCipher CreateRC4Cipher(TlsClientContext context, int cipherKeySize, DigestAlgorithm digestAlgorithm)
 {
     return new TlsStreamCipher(context, CreateRC4StreamCipher(), CreateRC4StreamCipher(), CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize);
 }
Пример #25
0
		/// <exception cref="IOException"></exception>
		protected virtual TlsCipher CreateDesEdeCipher(TlsClientContext context, int cipherKeySize,
			DigestAlgorithm digestAlgorithm)
		{
			return new TlsBlockCipher(context, CreateDesEdeBlockCipher(), CreateDesEdeBlockCipher(),
				CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize);
		}
Пример #26
0
 public virtual void Init(TlsClientContext context)
 {
     this.mContext = context;
 }
Пример #27
0
 internal TlsECDheKeyExchange(TlsClientContext context, int keyExchange)
     : base(context, keyExchange)
 {
 }