public DiffieHellmanKeyExchange (TlsContext ctx) { this.protocol = ctx.NegotiatedProtocol; switch (protocol) { case TlsProtocolCode.Tls12: Signature = new SignatureTls12 (ctx.Session.ServerSignatureAlgorithm); break; case TlsProtocolCode.Tls10: Signature = new SignatureTls10 (); break; case TlsProtocolCode.Tls11: Signature = new SignatureTls11 (); break; default: throw new NotSupportedException (); } dh = new DiffieHellmanManaged (); Y = dh.CreateKeyExchange (); var dhparams = dh.ExportParameters (true); P = dhparams.P; G = dhparams.G; using (var buffer = CreateParameterBuffer (ctx.HandshakeParameters)) Signature.Create (buffer, ctx.Configuration.PrivateKey); }
public override void GenerateClient (TlsContext ctx) { using (var dh = new DiffieHellmanManaged (P, G, 0)) { using (var X = new SecureBuffer (dh.DecryptKeyExchange (Y))) { Y = dh.CreateKeyExchange (); ComputeMasterSecret (ctx, X); } } }
public void KeyExchange () { // create a new DH instance DiffieHellman dh1 = new DiffieHellmanManaged (); // export the public parameters of the first DH instance DHParameters dhp = dh1.ExportParameters (false); // create a second DH instance and initialize it with the public parameters of the first instance DiffieHellman dh2 = new DiffieHellmanManaged (dhp.P, dhp.G, 160); // generate the public key of the first DH instance byte[] ke1 = dh1.CreateKeyExchange (); // generate the public key of the second DH instance byte[] ke2 = dh2.CreateKeyExchange (); // let the first DH instance compute the shared secret using the second DH public key byte[] dh1k = dh1.DecryptKeyExchange (ke2); // let the second DH instance compute the shared secret using the first DH public key byte[] dh2k = dh2.DecryptKeyExchange (ke1); // both shared secrets are the same AssertEquals ("Shared Secret", dh1k, dh2k); }
public void TestPublic() { StreamReader sr = new StreamReader(@"Tests/Janrain.OpenId/dhpriv"); try { String line; while ( (line = sr.ReadLine()) != null ) { string[] parts = line.Trim().Split(new char[]{' '}); byte[] x = Convert.FromBase64String(parts[0]); DiffieHellman dh = new DiffieHellmanManaged(CryptUtil.DEFAULT_MOD, CryptUtil.DEFAULT_GEN, x); string pub = CryptUtil.UnsignedToBase64(dh.CreateKeyExchange()); TestTools.Assert(pub == parts[1]); } } finally { sr.Close(); } }
public override void Init (Key key) { DHPrivateKey pk = (DHPrivateKey) key; dh = new DiffieHellmanManaged (); dh.ImportParameters (pk.Parameters); }
private bool ShareKey() { // Look for pre-existing valid association HttpContext.Current.Trace.Write("Looking up OpenID Server in Associations table"); DataRow assoc = FindAssocByServer(OpenIDServer); if (assoc != null) { if ((DateTime)assoc["expiration"] > DateTime.Now) { HttpContext.Current.Trace.Write("Valid association found."); return true; } } // No valid pre-existing association. Create a new association. HttpContext.Current.Trace.Write("No valid association found."); Dictionary<string, string> sd = new Dictionary<string, string>(); DiffieHellmanManaged dhm = new DiffieHellmanManaged(); sd["openid.mode"] = "associate"; switch (AuthVersion) { case ProtocolVersion.V2_0: sd["openid.ns"] = "http://specs.openid.net/auth/2.0"; break; case ProtocolVersion.V1_1: if (Encryption == KeyEncryption.DHSHA256) { Encryption = KeyEncryption.DHSHA1; } break; } byte[] pubkey = null; DHParameters dp; switch (Encryption) { case KeyEncryption.None: sd["openid.assoc_type"] = "HMAC-SHA1"; switch (AuthVersion) { case ProtocolVersion.V2_0: sd["openid.session_type"] = "no-encryption"; break; case ProtocolVersion.V1_1: sd["openid.session_type"] = ""; break; } break; case KeyEncryption.DHSHA1: pubkey = dhm.CreateKeyExchange(); dp = dhm.ExportParameters(true); sd["openid.assoc_type"] = "HMAC-SHA1"; sd["openid.session_type"] = "DH-SHA1"; sd["openid.dh_modulus"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(dp.P)); sd["openid.dh_gen"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(dp.G)); sd["openid.dh_consumer_public"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(pubkey)); break; case KeyEncryption.DHSHA256: pubkey = dhm.CreateKeyExchange(); dp = dhm.ExportParameters(true); sd["openid.assoc_type"] = "HMAC-SHA256"; sd["openid.session_type"] = "DH-SHA256"; sd["openid.dh_modulus"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(dp.P)); sd["openid.dh_gen"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(dp.G)); sd["openid.dh_consumer_public"] = HttpUtility.UrlEncode(Utility.UnsignedToBase64(pubkey)); break; } HttpContext.Current.Trace.Write("Opening connection to OpenID Server"); string response = ""; response = Utility.MakeRequest(OpenIDServer, "GET", sd); Dictionary<string, string> association = new Dictionary<string, string>(); if (response != null) { HttpContext.Current.Trace.Write("Association response received."); association = Utility.SplitResponse(response); } else { HttpContext.Current.Trace.Write("No association response received."); return false; } if (association.ContainsKey("error")) { // FIXME - Add error handling code HttpContext.Current.Trace.Write("Association response contains error."); return false; } if (Encryption == KeyEncryption.DHSHA1 || Encryption == KeyEncryption.DHSHA256) { HttpContext.Current.Trace.Write("Expecting DHSHA1 or DHSHA256."); if (association["enc_mac_key"] != null) { HttpContext.Current.Trace.Write("Encrypted association key is present."); byte[] serverpublickey = Convert.FromBase64String(association["dh_server_public"]); byte[] mackey = Convert.FromBase64String(association["enc_mac_key"]); byte[] dhShared = dhm.DecryptKeyExchange(serverpublickey); byte[] shaShared = new byte[0]; if (Encryption == KeyEncryption.DHSHA1) { HttpContext.Current.Trace.Write("Decoding DHSHA1 Association."); SHA1 sha1 = new SHA1CryptoServiceProvider(); shaShared = sha1.ComputeHash(Utility.EnsurePositive(dhShared)); } else if (Encryption == KeyEncryption.DHSHA256) { HttpContext.Current.Trace.Write("Decoding DHSHA256 Association."); SHA256 sha256 = new SHA256Managed(); shaShared = sha256.ComputeHash(Utility.EnsurePositive(dhShared)); } byte[] secret = new byte[mackey.Length]; for (int i = 0; i < mackey.Length; i++) { secret[i] = (byte)(mackey[i] ^ shaShared[i]); } association["mac_key"] = Utility.ToBase64String(secret); } else { ErrorStore.Store(Errors.ReceivedPlaintext); HttpContext.Current.Trace.Write("Error: Received plaintext association when expecting encrypted."); return false; } } AddAssoc(association); HttpContext.Current.Trace.Write("Successfully added association to table."); return true; }
protected override void Clear () { if (P != null) { Array.Clear (P, 0, P.Length); P = null; } if (G != null) { Array.Clear (G, 0, G.Length); G = null; } if (Y != null) { Array.Clear (Y, 0, Y.Length); Y = null; } if (dh != null) { #if !BOOTSTRAP_BASIC dh.Dispose (); #endif dh = null; } }
private byte[] Associate(byte[] data) { NameValueCollection q = FormParser.Parse(data); TestTools.Assert(q.Count == 6); TestTools.Assert(q["openid.mode"] == "associate"); TestTools.Assert(q["openid.assoc_type"] == "HMAC-SHA1"); TestTools.Assert(q["openid.session_type"] == "DH-SHA1"); DiffieHellman d = new DiffieHellmanManaged( Convert.FromBase64String(q["openid.dh_modulus"]), Convert.FromBase64String(q["openid.dh_gen"]), 1024); byte[] enc_mac_key = CryptUtil.SHA1XorSecret(d, Convert.FromBase64String(q["openid.dh_consumer_public"]), this.assoc.secret); byte[] dhPublic = d.CreateKeyExchange(); string spub = CryptUtil.UnsignedToBase64(dhPublic); NameValueCollection reply = new NameValueCollection(); reply.Add("assoc_type", "HMAC-SHA1"); reply.Add("assoc_handle", this.assoc.handle); reply.Add("expires_in", "600"); reply.Add("session_type", "DH-SHA1"); reply.Add("dh_server_public", spub); reply.Add("enc_mac_key", CryptUtil.ToBase64String(enc_mac_key)); return KVUtil.DictToKV(reply); }
public Association TestParseAssociation() { NameValueCollection results = new NameValueCollection(); results.Add("assoc_type", "HMAC-SHA1"); results.Add("assoc_handle", "myhandle"); results.Add("session_type", "DH-SHA1"); results.Add("dh_server_public", CONSUMER_SPUB); results.Add("enc_mac_key", CONSUMER_ENC_MAC_KEY); results.Add("expires_in", "600"); DiffieHellman dh = new DiffieHellmanManaged(CryptUtil.DEFAULT_MOD, CryptUtil.DEFAULT_GEN, Convert.FromBase64String(CONSUMER_X)); return ParseAssociation(results, dh, new Uri("http://www.google.com/")); }
public override KeyPair GenerateKeyPair () { DiffieHellmanManaged dh = new DiffieHellmanManaged (pspec.P.GetBytes (), pspec.G.GetBytes (), 0); DHParameters dhpars = dh.ExportParameters (true); BigInteger y = new BigInteger (dh.CreateKeyExchange ()); return new KeyPair (new DHPrivateKey (dhpars), new DHPublicKey (y)); }
/// <summary> /// Perform an association request with an OpenID Provider. /// </summary> /// <param name="server">URL to the OpenID Provider.</param> /// <param name="associationManager">The IAssociationPersistence object to use for persistence.</param> /// <param name="version">The ProtocolVersion to use.</param> /// <param name="encryption">The key encryption type to use.</param> /// <returns>Populated Association object, or null.</returns> internal static Association CreateAssociation(Uri server, IAssociationPersistence associationManager, ProtocolVersion version, KeyEncryption encryption) { if (server == null) { throw new ArgumentNullException("server"); } if (associationManager == null) { throw new ArgumentNullException("associationManager"); } NameValueCollection sd = new NameValueCollection(); DiffieHellmanManaged dhm = new DiffieHellmanManaged(); sd["openid.mode"] = "associate"; switch (version) { case ProtocolVersion.V2Dot0: sd["openid.ns"] = ProtocolUri.OpenId2Dot0.AbsoluteUri; break; case ProtocolVersion.V1Dot1: if (encryption == KeyEncryption.DHSHA256) { encryption = KeyEncryption.DHSHA1; } break; } byte[] pubkey = null; DHParameters dp; switch (encryption) { case KeyEncryption.None: sd["openid.assoc_type"] = "HMAC-SHA1"; switch (version) { case ProtocolVersion.V2Dot0: sd["openid.session_type"] = "no-encryption"; break; case ProtocolVersion.V1Dot1: sd["openid.session_type"] = ""; break; } break; case KeyEncryption.DHSHA1: pubkey = dhm.CreateKeyExchange(); dp = dhm.ExportParameters(true); sd["openid.assoc_type"] = "HMAC-SHA1"; sd["openid.session_type"] = "DH-SHA1"; sd["openid.dh_modulus"] = Utility.UnsignedToBase64(dp.P); sd["openid.dh_gen"] = Utility.UnsignedToBase64(dp.G); sd["openid.dh_consumer_public"] = Utility.UnsignedToBase64(pubkey); break; case KeyEncryption.DHSHA256: pubkey = dhm.CreateKeyExchange(); dp = dhm.ExportParameters(true); sd["openid.assoc_type"] = "HMAC-SHA256"; sd["openid.session_type"] = "DH-SHA256"; sd["openid.dh_modulus"] = Utility.UnsignedToBase64(dp.P); sd["openid.dh_gen"] = Utility.UnsignedToBase64(dp.G); sd["openid.dh_consumer_public"] = Utility.UnsignedToBase64(pubkey); break; } Tracer.Write("Opening connection to OpenID Provider."); string response = ""; string actualLocation = null; response = Utility.MakeRequest(server, "POST", sd, out actualLocation); NameValueCollection association = null; Association retassoc = null; if (response != null) { Tracer.Write("Association response received."); association = Utility.SplitResponse(response); } else { Tracer.Write("No association response received."); switch (encryption) { case KeyEncryption.DHSHA256: Tracer.Write("Falling back to DHSHA1"); encryption = KeyEncryption.DHSHA1; retassoc = CreateAssociation(server, associationManager, version, encryption); if (retassoc != null) { return retassoc; } break; case KeyEncryption.DHSHA1: Tracer.Write("Falling back to No-encryption"); encryption = KeyEncryption.None; retassoc = CreateAssociation(server, associationManager, version, encryption); if (retassoc != null) { return retassoc; } break; } return null; } if (association["error"] != null) { Tracer.Write("Association response contains error. - " + association["error"]); return null; } if (encryption == KeyEncryption.DHSHA1 || encryption == KeyEncryption.DHSHA256) { Tracer.Write("Expecting DHSHA1 or DHSHA256."); StringBuilder vals = new StringBuilder(); foreach (string key in association.Keys) { vals.AppendLine(key + ": " + association[key]); } if (association["enc_mac_key"] == null) { Tracer.Write("No encoded MAC key returned! Received " + vals.ToString()); } if (association["enc_mac_key"] != null) { Tracer.Write("Encrypted association key is present."); byte[] serverpublickey = Convert.FromBase64String(association["dh_server_public"]); byte[] mackey = Convert.FromBase64String(association["enc_mac_key"]); byte[] dhShared = dhm.DecryptKeyExchange(serverpublickey); byte[] shaShared = new byte[0]; if (encryption == KeyEncryption.DHSHA1) { Tracer.Write("Decoding DHSHA1 Association."); SHA1 sha1 = new SHA1CryptoServiceProvider(); shaShared = sha1.ComputeHash(Utility.EnsurePositive(dhShared)); } else if (encryption == KeyEncryption.DHSHA256) { Tracer.Write("Decoding DHSHA256 Association."); SHA256 sha256 = new SHA256Managed(); shaShared = sha256.ComputeHash(Utility.EnsurePositive(dhShared)); } byte[] secret = new byte[mackey.Length]; for (int i = 0; i < mackey.Length; i++) { secret[i] = (byte)(mackey[i] ^ shaShared[i]); } association["mac_key"] = Convert.ToBase64String(secret); } else { Tracer.Write("Error: Received plaintext association when expecting encrypted."); return null; } } Tracer.Write("Building association"); retassoc = new Association(); retassoc.AssociationType = association["assoc_type"]; retassoc.Expiration = DateTime.UtcNow.AddSeconds(Convert.ToDouble(association["expires_in"], CultureInfo.InvariantCulture)); retassoc.Handle = association["assoc_handle"]; retassoc.ProtocolVersion = version; retassoc.Server = server.AbsoluteUri; retassoc.SessionType = association["session_type"]; retassoc.Secret = Convert.FromBase64String(association["mac_key"]); return retassoc; }
void InitDiffieHellman (NativeOpenSslProtocol protocol) { var dh = new DiffieHellmanManaged (); var dhparams = dh.ExportParameters (true); openssl.SetDhParams (dhparams.P, dhparams.G); // Optional: this is OpenSsl's default value. if (protocol == NativeOpenSslProtocol.TLS12) openssl.SetNamedCurve ("prime256v1"); }