public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected()
{
//Arrange
var messageData = GetEncryptedApplicationData();
var verifyData = GetVerifyData();
var encryptionData = GetEncryptionData();
var parsedVerifyData = new Memory <byte>();
using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key));
//Act
var cursor = new MemoryCursor(Utils.ParseHexString(messageData));
var result = TlsRecord.TryParseEncrypted(cursor, aead, encryptionData.SeqNum, out var record);
using (record.Payload.SetCursor(cursor))
{
result &= Finished.TryParse(cursor, out var parsedVerifyDataBuffer);
parsedVerifyData = parsedVerifyDataBuffer.Read(cursor);
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
//Assert
Assert.True(result);
Assert.Equal(RecordType.Handshake, record.Type);
Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion);
Assert.Equal(verifyData, Utils.ToHexString(parsedVerifyData.ToArray()), true);
}
public void Write_ResultBytesAreExpected()
{
//Arrange
var expectedBytes = GetMessageHexString();
var buffer = new byte[TlsBuffer.MaxRecordSize];
var random = HandshakeRandom.Parse(GetBytesOfRandom());
var sessionId = SessionId.Parse(GetBytesOfSessionId());
//Act
var cursor = new MemoryCursor(buffer);
using (TlsRecord.StartWriting(cursor, RecordType.Handshake, ProtocolVersion.Tls12))
using (ServerHello.StartWriting(cursor, random, Cipher.TLS_AES_128_GCM_SHA256, sessionId))
{
using (cursor.StartKeyShareWriting())
{
using (KeyShareEntry.StartWriting(cursor, NamedGroup.X25519))
{
GetBytesOfPublicKey().CopyTo(cursor);
}
}
using (cursor.StartSupportedVersionWriting())
{
ProtocolVersion.Tls13.WriteBytes(cursor);
}
}
//Assert
Assert.Equal(expectedBytes, Utils.ToHexString(cursor.PeekStart().ToArray()), true);
}
public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected()
{
//Arrange
var messageData = GetEncryptedApplicationData();
var cerificateData = GetCertificateData();
var signatureData = GetSignatureData();
var verifyData = GetVerifyData();
var encryptionData = GetEncryptionData();
var parsedCertificateEntries = new List <CertificateEntry>();
var parsedSignatureData = new Memory <byte>();
var parsedCertificateVerifyScheme = new SignatureScheme();
var parsedVerifyData = new Memory <byte>();
using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key));
//Act
var cursor = new MemoryCursor(Utils.ParseHexString(messageData));
var result = TlsRecord.TryParseEncrypted(cursor, aead, encryptionData.SeqNum, out var record);
using (record.Payload.SetCursor(cursor))
{
result &= EncryptedExtensions.TrySlice(cursor);
result &= Certificate.TryParse(cursor, out var certificate);
foreach (var entry in certificate.Payload.GetCertificateEntryReader(cursor))
{
parsedCertificateEntries.Add(entry);
}
result &= CertificateVerify.TryParse(cursor, out var certificateVerify);
parsedSignatureData = certificateVerify.Signature.Read(cursor);
parsedCertificateVerifyScheme = certificateVerify.Scheme;
result &= Finished.TryParse(cursor, out var parsedVerifyDataBuffer);
parsedVerifyData = parsedVerifyDataBuffer.Read(cursor);
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
//Assert
Assert.True(result);
Assert.Equal(RecordType.Handshake, record.Type);
Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion);
var certificateEntry = Assert.Single(parsedCertificateEntries);
Assert.Equal(cerificateData, Utils.ToHexString(certificateEntry.Data.Read(cursor).ToArray()), true);
Assert.Equal(signatureData, Utils.ToHexString(parsedSignatureData.ToArray()), true);
Assert.Equal(SignatureScheme.RSA_PSS_RSAE_SHA256, parsedCertificateVerifyScheme);
Assert.Equal(verifyData, Utils.ToHexString(parsedVerifyData.ToArray()), true);
}
public void Read_ResultsAreExpected()
{
//Arrange
var messageBytes = Utils.ParseHexString(GetMessageHexString());
var record = new TlsRecord();
var message = new ServerHello();
var keyShareEntry = new KeyShareEntry();
var supportedVersion = new ProtocolVersion();
//Act
var cursor = new MemoryCursor(messageBytes);
var result = TlsRecord.TryParse(cursor, RecordType.Handshake, out record);
using (record.Payload.SetCursor(cursor))
{
result &= ServerHello.TryParse(cursor, out message);
using (message.Payload.SetCursor(cursor))
{
result &= cursor.TryParseKeyShare(out var keyShareBuffer);
using (keyShareBuffer.SetCursor(cursor))
{
keyShareEntry = KeyShareEntry.Parse(cursor);
}
result &= cursor.TryParseSupportedVersion(out var supportedVersionBuffer);
using (supportedVersionBuffer.SetCursor(cursor))
{
supportedVersion = ProtocolVersion.Parse(cursor);
}
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
//Assert
Assert.True(result);
Assert.Equal(RecordType.Handshake, record.Type);
Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion);
Assert.Equal(HandshakeRandom.Parse(GetBytesOfRandom()), message.Random);
Assert.Equal(SessionId.Parse(GetBytesOfSessionId()), message.SessionId);
Assert.Equal(Cipher.TLS_AES_128_GCM_SHA256, message.Cipher);
Assert.Equal(NamedGroup.X25519, keyShareEntry.Group);
Assert.True(GetBytesOfPublicKey().AsSpan().SequenceEqual(keyShareEntry.Key.Read(cursor).Span));
Assert.Equal(ProtocolVersion.Tls13, supportedVersion);
}
public void ReadEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected(string encryptedData, string key, string iv, ulong seq, string decryptedPayload)
{
//Arrange
var buffer = Utils.ParseHexString(encryptedData);
using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(iv), Utils.ParseHexString(key));
//Act
var cursor = new MemoryCursor(buffer);
var result = TlsRecord.TryParseEncrypted(cursor, aead, seq, out var record);
var decryptedResult = record.Payload.Read(cursor);
//Assert
Assert.True(result);
Assert.Equal(RecordType.ApplicationData, record.Type);
Assert.Equal(ProtocolVersion.Tls12, record.ProtocolVersion);
Assert.Equal(decryptedPayload, Utils.ToHexString(decryptedResult.ToArray()), true);
}
public void WriteEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected(string encryptedData, string key, string iv, ulong seq, string decryptedPayload)
{
//Arrange
var buffer = new byte[TlsBuffer.MaxRecordSize];
using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(iv), Utils.ParseHexString(key));
//Act
var cursor = new MemoryCursor(buffer);
using (TlsRecord.StartEncryptedWriting(cursor, RecordType.ApplicationData, aead, seq))
{
Utils.ParseHexString(decryptedPayload).CopyTo(cursor);
}
//Assert
Assert.Equal(encryptedData, Utils.ToHexString(cursor.PeekStart().ToArray()), true);
}
public void WriteEncryptedApplicationData_TLS_AES_128_GCM_SHA256_ResultIsExpected()
{
//Arrange
var expectedData = GetEncryptedApplicationData();
var cerificateData = GetCertificateData();
var signatureData = GetSignatureData();
var verifyData = GetVerifyData();
var encryptionData = GetEncryptionData();
var buffer = new byte[TlsBuffer.MaxRecordSize];
using var aead = Cipher.TLS_AES_128_GCM_SHA256.CreateAead(Utils.ParseHexString(encryptionData.Iv), Utils.ParseHexString(encryptionData.Key));
//Act
var cursor = new MemoryCursor(buffer);
using (TlsRecord.StartEncryptedWriting(cursor, RecordType.Handshake, aead, encryptionData.SeqNum))
{
EncryptedExtensions.WriteEmpty(cursor);
using (Certificate.StartWriting(cursor))
{
CertificateEntry.Write(Utils.ParseHexString(cerificateData), cursor);
}
using (CertificateVerify.StartWriting(cursor, SignatureScheme.RSA_PSS_RSAE_SHA256))
{
Utils.ParseHexString(signatureData).CopyTo(cursor);
}
using (Finished.StartWriting(cursor))
{
Utils.ParseHexString(verifyData).CopyTo(cursor);
}
}
//Assert
Assert.Equal(expectedData, Utils.ToHexString(cursor.PeekStart().ToArray()), true);
}
public void Read_ResultsAreExpected()
{
//Arrange
var messageBytes = Utils.ParseHexString(GetMessageHexString());
var record = new TlsRecord();
var message = new ClientHello();
var serverNames = new List <ServerNameEntry>();
var namedGroups = new List <NamedGroup>();
var signatureSchemes = new List <SignatureScheme>();
var keyShareEntries = new List <KeyShareEntry>();
var pskModes = new List <PskKeyExchangeMode>();
var supportedVersions = new List <ProtocolVersion>();
var ciphers = new List <Cipher>();
//Act
var cursor = new MemoryCursor(messageBytes);
var result = TlsRecord.TryParse(cursor, RecordType.Handshake, out record);
using (record.Payload.SetCursor(cursor))
{
result &= ClientHello.TryParse(cursor, out message);
foreach (var cipher in message.CipherSuite)
{
ciphers.Add(cipher);
}
using (message.Payload.SetCursor(cursor))
{
result &= cursor.TryParseServerNames(out var serverNamesBuffer);
foreach (var entry in serverNamesBuffer.GetServerNameEntryReader(cursor))
{
serverNames.Add(entry);
}
result &= cursor.TryParseSupportedGroups(out var supportedGroupsBuffer);
foreach (var group in supportedGroupsBuffer.GetNamedGroupReader(cursor))
{
namedGroups.Add(group);
}
result &= cursor.TryParseSignatureAlgorithms(out var signatureAlgorithmsBuffer);
foreach (var scheme in signatureAlgorithmsBuffer.GetSignatureSchemeReader(cursor))
{
signatureSchemes.Add(scheme);
}
result &= cursor.TryParseKeyShares(out var keySharesBuffer);
foreach (var entry in keySharesBuffer.GetKeyShareEntryReader(cursor))
{
keyShareEntries.Add(entry);
}
result &= cursor.TryParsePskKeyExchangeModes(out var pskModesBuffer);
foreach (var mode in pskModesBuffer.GetPskKeyExchangeModeReader(cursor))
{
pskModes.Add(mode);
}
result &= cursor.TryParseSupportedVersions(out var supportedVersionsBuffer);
foreach (var version in supportedVersionsBuffer.GetProtocolVersionReader(cursor))
{
supportedVersions.Add(version);
}
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
}
result &= cursor.IsEnd();
//Assert
Assert.True(result);
Assert.Equal(RecordType.Handshake, record.Type);
Assert.Equal(ProtocolVersion.Tls10, record.ProtocolVersion);
Assert.Equal(HandshakeRandom.Parse(GetBytesOfRandom()), message.Random);
Assert.Equal(SessionId.Parse(GetBytesOfSessionId()), message.SessionId);
Assert.Equal(new[]
{
Cipher.TLS_AES_128_GCM_SHA256,
Cipher.TLS_AES_256_GCM_SHA384,
Cipher.TLS_CHACHA20_POLY1305_SHA256
}, ciphers);
var serverNameEntry = Assert.Single(serverNames);
Assert.True(serverNameEntry.IsHostName());
Assert.Equal("example.ulfheim.net", serverNameEntry.ToString());
Assert.Equal(new[]
{
NamedGroup.X25519,
NamedGroup.SECP256R1,
NamedGroup.SECP384R1
}, namedGroups);
Assert.Equal(new[]
{
SignatureScheme.ECDSA_SECP256R1_SHA256,
SignatureScheme.RSA_PSS_RSAE_SHA256,
SignatureScheme.RSA_PKCS1_SHA256,
SignatureScheme.ECDSA_SECP384R1_SHA384,
SignatureScheme.RSA_PSS_RSAE_SHA384,
SignatureScheme.RSA_PKCS1_SHA384,
SignatureScheme.RSA_PSS_RSAE_SHA512,
SignatureScheme.RSA_PKCS1_SHA512,
SignatureScheme.RSA_PKCS1_SHA1
}, signatureSchemes);
var keyShareEntry = Assert.Single(keyShareEntries);
Assert.Equal(NamedGroup.X25519, keyShareEntry.Group);
Assert.True(GetBytesOfPublicKey().AsSpan().SequenceEqual(keyShareEntry.Key.Read(cursor).Span));
var pskMode = Assert.Single(pskModes);
Assert.Equal(PskKeyExchangeMode.PskDheKe, pskMode);
var supportedVersion = Assert.Single(supportedVersions);
Assert.Equal(ProtocolVersion.Tls13, supportedVersion);
}
public void Write_ResultBytesAreExpected()
{
//Arrange
var expectedBytes = GetMessageHexString();
var buffer = new byte[TlsBuffer.MaxRecordSize];
var random = HandshakeRandom.Parse(GetBytesOfRandom());
var ciphers = new[] { Cipher.TLS_AES_128_GCM_SHA256, Cipher.TLS_AES_256_GCM_SHA384, Cipher.TLS_CHACHA20_POLY1305_SHA256 };
var sessionId = SessionId.Parse(GetBytesOfSessionId());
//Act
var cursor = new MemoryCursor(buffer);
using (TlsRecord.StartWriting(cursor, RecordType.Handshake, ProtocolVersion.Tls10))
using (ClientHello.StartWriting(cursor, random, ciphers, sessionId))
{
using (cursor.StartServerNamesWriting())
{
ServerNameEntry.WriteHostName(cursor, "example.ulfheim.net");
}
using (cursor.StartSupportedGroupsWriting())
{
NamedGroup.X25519.WriteBytes(cursor);
NamedGroup.SECP256R1.WriteBytes(cursor);
NamedGroup.SECP384R1.WriteBytes(cursor);
}
using (cursor.StartSignatureAlgorithmsWriting())
{
SignatureScheme.ECDSA_SECP256R1_SHA256.WriteBytes(cursor);
SignatureScheme.RSA_PSS_RSAE_SHA256.WriteBytes(cursor);
SignatureScheme.RSA_PKCS1_SHA256.WriteBytes(cursor);
SignatureScheme.ECDSA_SECP384R1_SHA384.WriteBytes(cursor);
SignatureScheme.RSA_PSS_RSAE_SHA384.WriteBytes(cursor);
SignatureScheme.RSA_PKCS1_SHA384.WriteBytes(cursor);
SignatureScheme.RSA_PSS_RSAE_SHA512.WriteBytes(cursor);
SignatureScheme.RSA_PKCS1_SHA512.WriteBytes(cursor);
SignatureScheme.RSA_PKCS1_SHA1.WriteBytes(cursor);
}
using (cursor.StartKeySharesWriting())
{
using (KeyShareEntry.StartWriting(cursor, NamedGroup.X25519))
{
GetBytesOfPublicKey().CopyTo(cursor);
}
}
using (cursor.StartPskKeyExchangeModesWriting())
{
PskKeyExchangeMode.PskDheKe.WriteBytes(cursor);
}
using (cursor.StartSupportedVersionsWriting())
{
ProtocolVersion.Tls13.WriteBytes(cursor);
}
}
//Assert
Assert.Equal(expectedBytes, Utils.ToHexString(cursor.PeekStart().ToArray()), true);
}
