| static private CalculateKeyBlock ( TlsContext context, int size ) : byte[] | ||
| context | TlsContext | |
| size | int | |
| Результат | byte[] | |
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if (clientWriteDigest == null != (serverWriteDigest == null))
{
throw new TlsFatalAlert(80);
}
this.context = context;
TlsMac tlsMac = null;
TlsMac tlsMac2 = null;
if (clientWriteDigest != null)
{
int num = clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
tlsMac = new TlsMac(context, clientWriteDigest, key, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
tlsMac2 = new TlsMac(context, serverWriteDigest, key, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
}
if (context.IsServer)
{
writeMac = tlsMac2;
readMac = tlsMac;
}
else
{
writeMac = tlsMac;
readMac = tlsMac2;
}
}
/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, 64);
KeyParameter client_write_key = new KeyParameter(key_block, 0, 32);
KeyParameter server_write_key = new KeyParameter(key_block, 32, 32);
this.encryptCipher = new ChaChaEngine(20);
this.decryptCipher = new ChaChaEngine(20);
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[8];
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, dummyNonce));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, dummyNonce));
}
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.context = context;
byte[] key = TlsUtilities.CalculateKeyBlock(context, 64);
KeyParameter keyParameter = new KeyParameter(key, 0, 32);
KeyParameter keyParameter2 = new KeyParameter(key, 32, 32);
this.encryptCipher = new ChaChaEngine(20);
this.decryptCipher = new ChaChaEngine(20);
KeyParameter parameters;
KeyParameter parameters2;
if (context.IsServer)
{
parameters = keyParameter2;
parameters2 = keyParameter;
}
else
{
parameters = keyParameter;
parameters2 = keyParameter2;
}
byte[] iv = new byte[8];
this.encryptCipher.Init(true, new ParametersWithIV(parameters, iv));
this.decryptCipher.Init(false, new ParametersWithIV(parameters2, iv));
}
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if ((clientWriteDigest == null) != (serverWriteDigest == null))
{
throw new TlsFatalAlert(80);
}
this.context = context;
TlsMac mac = null;
TlsMac mac2 = null;
if (clientWriteDigest != null)
{
int size = clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, size);
int keyOff = 0;
mac = new TlsMac(context, clientWriteDigest, key, keyOff, clientWriteDigest.GetDigestSize());
keyOff += clientWriteDigest.GetDigestSize();
mac2 = new TlsMac(context, serverWriteDigest, key, keyOff, serverWriteDigest.GetDigestSize());
keyOff += serverWriteDigest.GetDigestSize();
if (keyOff != size)
{
throw new TlsFatalAlert(80);
}
}
if (context.IsServer)
{
this.writeMac = mac2;
this.readMac = mac;
}
else
{
this.writeMac = mac;
this.readMac = mac2;
}
}
/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
int cipherKeySize = 32;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 12;
// TODO SecurityParameters.record_iv_length = 0
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.encryptCipher = new ChaCha7539Engine();
this.decryptCipher = new ChaCha7539Engine();
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
this.encryptIV = server_write_IV;
this.decryptIV = client_write_IV;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
this.encryptIV = client_write_IV;
this.decryptIV = server_write_IV;
}
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, encryptIV));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, decryptIV));
}
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher, IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize, bool usesNonce)
{
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
TlsMac tlsMac = new TlsMac(context, clientWriteDigest, key, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, key, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
KeyParameter keyParameter = new KeyParameter(key, num2, cipherKeySize);
num2 += cipherKeySize;
KeyParameter keyParameter2 = new KeyParameter(key, num2, cipherKeySize);
num2 += cipherKeySize;
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
ICipherParameters parameters;
ICipherParameters parameters2;
if (isServer)
{
writeMac = tlsMac2;
readMac = tlsMac;
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
parameters = keyParameter2;
parameters2 = keyParameter;
}
else
{
writeMac = tlsMac;
readMac = tlsMac2;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
parameters = keyParameter;
parameters2 = keyParameter2;
}
if (usesNonce)
{
byte[] iv = new byte[8];
parameters = new ParametersWithIV(parameters, iv);
parameters2 = new ParametersWithIV(parameters2, iv);
}
encryptCipher.Init(forEncryption: true, parameters);
decryptCipher.Init(forEncryption: false, parameters2);
}
/// <exception cref="IOException"></exception>
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.context = context;
this.macSize = macSize;
// NOTE: Valid for RFC 5288/6655 ciphers but may need review for other AEAD ciphers
this.nonce_explicit_length = 8;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 4;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
throw new TlsFatalAlert(AlertDescription.internal_error);
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + nonce_explicit_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher, IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize, bool usesNonce)
{
ICipherParameters parameters;
ICipherParameters parameters2;
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
int size = ((2 * cipherKeySize) + clientWriteDigest.GetDigestSize()) + serverWriteDigest.GetDigestSize();
byte[] key = TlsUtilities.CalculateKeyBlock(context, size);
int keyOff = 0;
TlsMac mac = new TlsMac(context, clientWriteDigest, key, keyOff, clientWriteDigest.GetDigestSize());
keyOff += clientWriteDigest.GetDigestSize();
TlsMac mac2 = new TlsMac(context, serverWriteDigest, key, keyOff, serverWriteDigest.GetDigestSize());
keyOff += serverWriteDigest.GetDigestSize();
KeyParameter parameter = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
KeyParameter parameter2 = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
if (keyOff != size)
{
throw new TlsFatalAlert(80);
}
if (isServer)
{
this.writeMac = mac2;
this.readMac = mac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
parameters = parameter2;
parameters2 = parameter;
}
else
{
this.writeMac = mac;
this.readMac = mac2;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
parameters = parameter;
parameters2 = parameter2;
}
if (usesNonce)
{
byte[] iv = new byte[8];
parameters = new ParametersWithIV(parameters, iv);
parameters2 = new ParametersWithIV(parameters2, iv);
}
this.encryptCipher.Init(true, parameters);
this.decryptCipher.Init(false, parameters2);
}
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher, int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.context = context;
this.macSize = macSize;
nonce_explicit_length = 8;
int num = 4;
int num2 = 2 * cipherKeySize + 2 * num;
byte[] array = TlsUtilities.CalculateKeyBlock(context, num2);
int num3 = 0;
KeyParameter keyParameter = new KeyParameter(array, num3, cipherKeySize);
num3 += cipherKeySize;
KeyParameter keyParameter2 = new KeyParameter(array, num3, cipherKeySize);
num3 += cipherKeySize;
byte[] array2 = Arrays.CopyOfRange(array, num3, num3 + num);
num3 += num;
byte[] array3 = Arrays.CopyOfRange(array, num3, num3 + num);
num3 += num;
if (num3 != num2)
{
throw new TlsFatalAlert(80);
}
KeyParameter key;
KeyParameter key2;
if (context.IsServer)
{
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
encryptImplicitNonce = array3;
decryptImplicitNonce = array2;
key = keyParameter2;
key2 = keyParameter;
}
else
{
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
encryptImplicitNonce = array2;
decryptImplicitNonce = array3;
key = keyParameter;
key2 = keyParameter2;
}
byte[] nonce = new byte[num + nonce_explicit_length];
encryptCipher.Init(forEncryption: true, new AeadParameters(key, 8 * macSize, nonce));
decryptCipher.Init(forEncryption: false, new AeadParameters(key2, 8 * macSize, nonce));
}
public Chacha20Poly1305(TlsContext context)
{
KeyParameter parameter3;
KeyParameter parameter4;
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.context = context;
int keyLen = 0x20;
int num2 = 12;
int size = (2 * keyLen) + (2 * num2);
byte[] key = TlsUtilities.CalculateKeyBlock(context, size);
int keyOff = 0;
KeyParameter parameter = new KeyParameter(key, keyOff, keyLen);
keyOff += keyLen;
KeyParameter parameter2 = new KeyParameter(key, keyOff, keyLen);
keyOff += keyLen;
byte[] buffer2 = Arrays.CopyOfRange(key, keyOff, keyOff + num2);
keyOff += num2;
byte[] buffer3 = Arrays.CopyOfRange(key, keyOff, keyOff + num2);
keyOff += num2;
if (keyOff != size)
{
throw new TlsFatalAlert(80);
}
this.encryptCipher = new ChaCha7539Engine();
this.decryptCipher = new ChaCha7539Engine();
if (context.IsServer)
{
parameter3 = parameter2;
parameter4 = parameter;
this.encryptIV = buffer3;
this.decryptIV = buffer2;
}
else
{
parameter3 = parameter;
parameter4 = parameter2;
this.encryptIV = buffer2;
this.decryptIV = buffer3;
}
this.encryptCipher.Init(true, new ParametersWithIV(parameter3, this.encryptIV));
this.decryptCipher.Init(false, new ParametersWithIV(parameter4, this.decryptIV));
}
/// <exception cref="IOException"></exception>
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if ((clientWriteDigest == null) != (serverWriteDigest == null))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
TlsMac clientWriteMac = null, serverWriteMac = null;
if (clientWriteDigest != null)
{
int key_block_size = clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
if (context.IsServer)
{
writeMac = serverWriteMac;
readMac = clientWriteMac;
}
else
{
writeMac = clientWriteMac;
readMac = serverWriteMac;
}
}
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
this.context = context;
this.randomData = new byte[256];
context.NonceRandomGenerator.NextBytes(this.randomData);
this.useExplicitIV = TlsUtilities.IsTlsV11(context);
this.encryptThenMac = context.SecurityParameters.encryptThenMac;
int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
if (!this.useExplicitIV)
{
num += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] array = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
TlsMac tlsMac = new TlsMac(context, clientWriteDigest, array, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, array, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
KeyParameter parameters = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
KeyParameter parameters2 = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
byte[] iv;
byte[] iv2;
if (this.useExplicitIV)
{
iv = new byte[clientWriteCipher.GetBlockSize()];
iv2 = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
iv = Arrays.CopyOfRange(array, num2, num2 + clientWriteCipher.GetBlockSize());
num2 += clientWriteCipher.GetBlockSize();
iv2 = Arrays.CopyOfRange(array, num2, num2 + serverWriteCipher.GetBlockSize());
num2 += serverWriteCipher.GetBlockSize();
}
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
ICipherParameters parameters3;
ICipherParameters parameters4;
if (context.IsServer)
{
this.mWriteMac = tlsMac2;
this.mReadMac = tlsMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
parameters3 = new ParametersWithIV(parameters2, iv2);
parameters4 = new ParametersWithIV(parameters, iv);
}
else
{
this.mWriteMac = tlsMac;
this.mReadMac = tlsMac2;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
parameters3 = new ParametersWithIV(parameters, iv);
parameters4 = new ParametersWithIV(parameters2, iv2);
}
this.encryptCipher.Init(true, parameters3);
this.decryptCipher.Init(false, parameters4);
}
/// <exception cref="IOException"></exception>
internal TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize, int nonceMode)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.nonceMode = nonceMode;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length;
switch (nonceMode)
{
case NONCE_RFC5288:
fixed_iv_length = 4;
this.record_iv_length = 8;
break;
case NONCE_DRAFT_CHACHA20_POLY1305:
fixed_iv_length = 12;
this.record_iv_length = 0;
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
this.macSize = macSize;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + record_iv_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
internal TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher, int cipherKeySize, int macSize, int nonceMode)
{
int num;
KeyParameter parameter3;
KeyParameter parameter4;
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(80);
}
this.nonceMode = nonceMode;
if (nonceMode != 1)
{
if (nonceMode != 2)
{
throw new TlsFatalAlert(80);
}
}
else
{
num = 4;
this.record_iv_length = 8;
goto Label_005B;
}
num = 12;
this.record_iv_length = 0;
Label_005B:
this.context = context;
this.macSize = macSize;
int size = (2 * cipherKeySize) + (2 * num);
byte[] key = TlsUtilities.CalculateKeyBlock(context, size);
int keyOff = 0;
KeyParameter parameter = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
KeyParameter parameter2 = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
byte[] buffer2 = Arrays.CopyOfRange(key, keyOff, keyOff + num);
keyOff += num;
byte[] buffer3 = Arrays.CopyOfRange(key, keyOff, keyOff + num);
keyOff += num;
if (keyOff != size)
{
throw new TlsFatalAlert(80);
}
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = buffer3;
this.decryptImplicitNonce = buffer2;
parameter3 = parameter2;
parameter4 = parameter;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = buffer2;
this.decryptImplicitNonce = buffer3;
parameter3 = parameter;
parameter4 = parameter2;
}
byte[] nonce = new byte[num + this.record_iv_length];
this.encryptCipher.Init(true, new AeadParameters(parameter3, 8 * macSize, nonce));
this.decryptCipher.Init(false, new AeadParameters(parameter4, 8 * macSize, nonce));
}
/// <exception cref="IOException"></exception>
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher,
IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
this.context = context;
this.randomData = new byte[256];
context.NonceRandomGenerator.NextBytes(randomData);
this.useExplicitIV = TlsUtilities.IsTlsV11(context);
this.encryptThenMac = context.SecurityParameters.encryptThenMac;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
// From TLS 1.1 onwards, block ciphers don't need client_write_IV
if (!useExplicitIV)
{
key_block_size += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV, server_write_IV;
if (useExplicitIV)
{
client_write_IV = new byte[clientWriteCipher.GetBlockSize()];
server_write_IV = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + clientWriteCipher.GetBlockSize());
offset += clientWriteCipher.GetBlockSize();
server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + serverWriteCipher.GetBlockSize());
offset += serverWriteCipher.GetBlockSize();
}
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ICipherParameters encryptParams, decryptParams;
if (context.IsServer)
{
this.mWriteMac = serverWriteMac;
this.mReadMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
encryptParams = new ParametersWithIV(server_write_key, server_write_IV);
decryptParams = new ParametersWithIV(client_write_key, client_write_IV);
}
else
{
this.mWriteMac = clientWriteMac;
this.mReadMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
encryptParams = new ParametersWithIV(client_write_key, client_write_IV);
decryptParams = new ParametersWithIV(server_write_key, server_write_IV);
}
this.encryptCipher.Init(true, encryptParams);
this.decryptCipher.Init(false, decryptParams);
}
/// <exception cref="IOException"></exception>
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher,
IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest,
int cipherKeySize, bool usesNonce)
{
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
// Init MACs
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
// Build keys
KeyParameter clientWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter serverWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ICipherParameters encryptParams, decryptParams;
if (isServer)
{
this.writeMac = serverWriteMac;
this.readMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
encryptParams = serverWriteKey;
decryptParams = clientWriteKey;
}
else
{
this.writeMac = clientWriteMac;
this.readMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
encryptParams = clientWriteKey;
decryptParams = serverWriteKey;
}
if (usesNonce)
{
byte[] dummyNonce = new byte[8];
encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
decryptParams = new ParametersWithIV(decryptParams, dummyNonce);
}
this.encryptCipher.Init(true, encryptParams);
this.decryptCipher.Init(false, decryptParams);
}
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
byte[] buffer2;
byte[] buffer3;
ICipherParameters parameters;
ICipherParameters parameters2;
this.context = context;
this.randomData = new byte[0x100];
context.NonceRandomGenerator.NextBytes(this.randomData);
this.useExplicitIV = TlsUtilities.IsTlsV11(context);
this.encryptThenMac = context.SecurityParameters.encryptThenMac;
int size = ((2 * cipherKeySize) + clientWriteDigest.GetDigestSize()) + serverWriteDigest.GetDigestSize();
if (!this.useExplicitIV)
{
size += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] key = TlsUtilities.CalculateKeyBlock(context, size);
int keyOff = 0;
TlsMac mac = new TlsMac(context, clientWriteDigest, key, keyOff, clientWriteDigest.GetDigestSize());
keyOff += clientWriteDigest.GetDigestSize();
TlsMac mac2 = new TlsMac(context, serverWriteDigest, key, keyOff, serverWriteDigest.GetDigestSize());
keyOff += serverWriteDigest.GetDigestSize();
KeyParameter parameter = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
KeyParameter parameter2 = new KeyParameter(key, keyOff, cipherKeySize);
keyOff += cipherKeySize;
if (this.useExplicitIV)
{
buffer2 = new byte[clientWriteCipher.GetBlockSize()];
buffer3 = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
buffer2 = Arrays.CopyOfRange(key, keyOff, keyOff + clientWriteCipher.GetBlockSize());
keyOff += clientWriteCipher.GetBlockSize();
buffer3 = Arrays.CopyOfRange(key, keyOff, keyOff + serverWriteCipher.GetBlockSize());
keyOff += serverWriteCipher.GetBlockSize();
}
if (keyOff != size)
{
throw new TlsFatalAlert(80);
}
if (context.IsServer)
{
this.mWriteMac = mac2;
this.mReadMac = mac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
parameters = new ParametersWithIV(parameter2, buffer3);
parameters2 = new ParametersWithIV(parameter, buffer2);
}
else
{
this.mWriteMac = mac;
this.mReadMac = mac2;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
parameters = new ParametersWithIV(parameter, buffer2);
parameters2 = new ParametersWithIV(parameter2, buffer3);
}
this.encryptCipher.Init(true, parameters);
this.decryptCipher.Init(false, parameters2);
}
