Наследование: System.Security.Cryptography.DeriveBytes, IDisposable
Пример #1
0
 public static CipherSuite InitializeCipherSuite(byte[] master, byte[] clientrnd, byte[] serverrnd, CipherDefinition definition, ConnectionEnd entity)
 {
     CipherSuite ret = new CipherSuite();
     SymmetricAlgorithm bulk = (SymmetricAlgorithm)Activator.CreateInstance(definition.BulkCipherAlgorithm);
     if (definition.BulkIVSize > 0)
         bulk.Mode = CipherMode.CBC;
     bulk.Padding = PaddingMode.None;
     bulk.BlockSize = definition.BulkIVSize * 8;
     // get the keys and IVs
     byte[] client_mac, server_mac, client_key, server_key, client_iv, server_iv;
     byte[] random = new byte[64];
     Array.Copy(serverrnd, 0, random, 0, 32);
     Array.Copy(clientrnd, 0, random, 32, 32);
     PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(master, "key expansion", random);
     client_mac = prf.GetBytes(definition.HashSize);
     server_mac = prf.GetBytes(definition.HashSize);
     client_key = prf.GetBytes(definition.BulkKeySize);
     server_key = prf.GetBytes(definition.BulkKeySize);
     client_iv = prf.GetBytes(definition.BulkIVSize);
     server_iv = prf.GetBytes(definition.BulkIVSize);
     prf.Dispose();
     if (definition.Exportable) { // make some extra modifications if the keys are exportable
         Array.Copy(clientrnd, 0, random, 0, 32);
         Array.Copy(serverrnd, 0, random, 32, 32);
         prf = new PseudoRandomDeriveBytes(client_key, "client write key", random);
         client_key = prf.GetBytes(definition.BulkExpandedSize);
         prf.Dispose();
         prf = new PseudoRandomDeriveBytes(server_key, "server write key", random);
         server_key = prf.GetBytes(definition.BulkExpandedSize);
         prf.Dispose();
         prf = new PseudoRandomDeriveBytes(new byte[0], "IV block", random);
         client_iv = prf.GetBytes(definition.BulkIVSize);
         server_iv = prf.GetBytes(definition.BulkIVSize);
         prf.Dispose();
     }
     // generate the cipher objects
     if (entity == ConnectionEnd.Client) {
         ret.Encryptor = bulk.CreateEncryptor(client_key, client_iv);
         ret.Decryptor = bulk.CreateDecryptor(server_key, server_iv);
         ret.LocalHasher = new HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), client_mac);
         ret.RemoteHasher = new HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), server_mac);
     } else {
         ret.Encryptor = bulk.CreateEncryptor(server_key, server_iv);
         ret.Decryptor = bulk.CreateDecryptor(client_key, client_iv);
         ret.LocalHasher = new HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), server_mac);
         ret.RemoteHasher = new HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), client_mac);
     }
     // clear sensitive data
     Array.Clear(client_mac, 0, client_mac.Length);
     Array.Clear(server_mac, 0, server_mac.Length);
     Array.Clear(client_key, 0, client_key.Length);
     Array.Clear(server_key, 0, server_key.Length);
     Array.Clear(client_iv, 0, client_iv.Length);
     Array.Clear(server_iv, 0, server_iv.Length);
     Array.Clear(random, 0, random.Length);
     return ret;
 }
Пример #2
0
 public static byte[] GenerateMasterSecret(byte[] premaster, byte[] clientRandom, byte[] serverRandom)
 {
     byte[] random = new byte[64];
     Array.Copy(clientRandom, 0, random, 0, 32);
     Array.Copy(serverRandom, 0, random, 32, 32);
     PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(premaster, "master secret", random);
     random = prf.GetBytes(48);
     prf.Dispose();
     return random;
 }
Пример #3
0
        public static byte[] GenerateMasterSecret(byte[] premaster, byte[] clientRandom, byte[] serverRandom)
        {
            byte[] random = new byte[64];
            Array.Copy(clientRandom, 0, random, 0, 32);
            Array.Copy(serverRandom, 0, random, 32, 32);
            PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(premaster, "master secret", random);

            random = prf.GetBytes(48);
            prf.Dispose();
            return(random);
        }
		protected override byte[] GetFinishedMessage() {
			byte[] temp, hash = new byte[36];
			m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
			m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
			Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16);
			Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20);
			PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "server finished", hash);
			HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, prf.GetBytes(12));
			temp = hm.ToBytes();
			prf.Dispose();
			return temp;
		}
		protected override byte[] GetFinishedMessage() {
			HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, null);
			byte[] hash = new byte[36];
			m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
			m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
			Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16);
			Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20);
			PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "client finished", hash);
			hm.fragment = prf.GetBytes(12);
			prf.Dispose();
			return hm.ToBytes();
		}
Пример #6
0
        protected override byte[] GetFinishedMessage()
        {
            byte[] temp, hash = new byte[36];
            m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
            m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
            Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16);
            Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20);
            PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "server finished", hash);
            HandshakeMessage        hm  = new HandshakeMessage(HandshakeType.Finished, prf.GetBytes(12));

            temp = hm.ToBytes();
            prf.Dispose();
            return(temp);
        }
Пример #7
0
        protected override byte[] GetFinishedMessage()
        {
            HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, null);

            byte[] hash = new byte[36];
            m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
            m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
            Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16);
            Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20);
            PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "client finished", hash);

            hm.fragment = prf.GetBytes(12);
            prf.Dispose();
            return(hm.ToBytes());
        }
Пример #8
0
        protected override void VerifyFinishedMessage(byte[] peerFinished)
        {
            if (peerFinished.Length != 12)
            {
                throw new SslException(AlertDescription.IllegalParameter, "The ServerHelloDone message is invalid.");
            }
            byte[] hash = new byte[36];
            m_RemoteMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
            m_RemoteSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
            Array.Copy(m_RemoteMD5Hash.Hash, 0, hash, 0, 16);
            Array.Copy(m_RemoteSHA1Hash.Hash, 0, hash, 16, 20);
            PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "server finished", hash);

            byte[] prfBytes = prf.GetBytes(12);
            prf.Dispose();
            for (int i = 0; i < prfBytes.Length; i++)
            {
                if (prfBytes[i] != peerFinished[i])
                {
                    throw new SslException(AlertDescription.HandshakeFailure, "The computed hash verification does not correspond with the one of the client.");
                }
            }
        }
 protected override void VerifyFinishedMessage(byte[] peerFinished)
 {
     if (peerFinished.Length != 12)
         throw new SslException(AlertDescription.IllegalParameter, "The ServerHelloDone message is invalid.");
     byte[] hash = new byte[36];
     m_RemoteMD5Hash.TransformFinalBlock(new byte[0], 0, 0);
     m_RemoteSHA1Hash.TransformFinalBlock(new byte[0], 0, 0);
     Buffer.BlockCopy(m_RemoteMD5Hash.Hash, 0, hash, 0, 16);
     Buffer.BlockCopy(m_RemoteSHA1Hash.Hash, 0, hash, 16, 20);
     PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "server finished", hash);
     byte[] prfBytes = prf.GetBytes(12);
     prf.Dispose();
     for(int i = 0; i < prfBytes.Length; i++) {
         if (prfBytes[i] != peerFinished[i])
             throw new SslException(AlertDescription.HandshakeFailure, "The computed hash verification does not correspond with the one of the client.");
     }
 }
Пример #10
0
        public static CipherSuite InitializeCipherSuite(byte[] master, byte[] clientrnd, byte[] serverrnd, CipherDefinition definition, ConnectionEnd entity)
        {
            CipherSuite        ret  = new CipherSuite();
            SymmetricAlgorithm bulk = (SymmetricAlgorithm)Activator.CreateInstance(definition.BulkCipherAlgorithm);

            if (definition.BulkIVSize > 0)
            {
                bulk.Mode = CipherMode.CBC;
            }
            bulk.Padding   = PaddingMode.None;
            bulk.BlockSize = definition.BulkIVSize * 8;
            // get the keys and IVs
            byte[] client_mac, server_mac, client_key, server_key, client_iv, server_iv;
            byte[] random = new byte[64];
            Array.Copy(serverrnd, 0, random, 0, 32);
            Array.Copy(clientrnd, 0, random, 32, 32);
            PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(master, "key expansion", random);

            client_mac = prf.GetBytes(definition.HashSize);
            server_mac = prf.GetBytes(definition.HashSize);
            client_key = prf.GetBytes(definition.BulkKeySize);
            server_key = prf.GetBytes(definition.BulkKeySize);
            client_iv  = prf.GetBytes(definition.BulkIVSize);
            server_iv  = prf.GetBytes(definition.BulkIVSize);
            prf.Dispose();
            if (definition.Exportable)               // make some extra modifications if the keys are exportable
            {
                Array.Copy(clientrnd, 0, random, 0, 32);
                Array.Copy(serverrnd, 0, random, 32, 32);
                prf        = new PseudoRandomDeriveBytes(client_key, "client write key", random);
                client_key = prf.GetBytes(definition.BulkExpandedSize);
                prf.Dispose();
                prf        = new PseudoRandomDeriveBytes(server_key, "server write key", random);
                server_key = prf.GetBytes(definition.BulkExpandedSize);
                prf.Dispose();
                prf       = new PseudoRandomDeriveBytes(new byte[0], "IV block", random);
                client_iv = prf.GetBytes(definition.BulkIVSize);
                server_iv = prf.GetBytes(definition.BulkIVSize);
                prf.Dispose();
            }
            // generate the cipher objects
            if (entity == ConnectionEnd.Client)
            {
                ret.Encryptor    = bulk.CreateEncryptor(client_key, client_iv);
                ret.Decryptor    = bulk.CreateDecryptor(server_key, server_iv);
                ret.LocalHasher  = new Org.Mentalis.Security.Cryptography.HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), client_mac);
                ret.RemoteHasher = new Org.Mentalis.Security.Cryptography.HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), server_mac);
            }
            else
            {
                ret.Encryptor    = bulk.CreateEncryptor(server_key, server_iv);
                ret.Decryptor    = bulk.CreateDecryptor(client_key, client_iv);
                ret.LocalHasher  = new Org.Mentalis.Security.Cryptography.HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), server_mac);
                ret.RemoteHasher = new Org.Mentalis.Security.Cryptography.HMAC((HashAlgorithm)Activator.CreateInstance(definition.HashAlgorithm), client_mac);
            }
            // clear sensitive data
            Array.Clear(client_mac, 0, client_mac.Length);
            Array.Clear(server_mac, 0, server_mac.Length);
            Array.Clear(client_key, 0, client_key.Length);
            Array.Clear(server_key, 0, server_key.Length);
            Array.Clear(client_iv, 0, client_iv.Length);
            Array.Clear(server_iv, 0, server_iv.Length);
            Array.Clear(random, 0, random.Length);
            return(ret);
        }