/// <summary>
/// Create a PSK version of a TLS Key Pair
/// </summary>
/// <param name="sharedSecret">PSK value</param>
public TlsKeyPair(OneKey sharedSecret)
{
this.PrivateKey = sharedSecret ?? throw new ArgumentNullException(nameof(sharedSecret));
if (!sharedSecret.HasKeyType((int)GeneralValuesInt.KeyType_Octet))
{
throw new ArgumentException("Not a shared secret key");
}
CertType = 0;
}
protected TlsSignerCredentials GetECDsaSignerCredentials()
{
#if SUPPORT_RPK
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
{
OneKey k = _tlsKeyPair.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
{
OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
#if SUPPORT_RPK
if (_rawPublicKey != null)
{
OneKey k = _rawPublicKey;
if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
/*
* byte[] certificateTypes = certificateRequest.CertificateTypes;
* if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
* return null;
*
* return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms,
* SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
*/
#endif
// If we did not fine appropriate signer credientials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
if (TlsKey != null)
{
if (TlsKey.CertType == CertificateType.X509)
{
return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
#if SUPPORT_RPK
else if (TlsKey.CertType == CertificateType.RawPublicKey)
{
OneKey k = TlsKey.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
else if (TlsKey.CertType == CertificateType.CwtPublicKey)
{
OneKey k = TlsKey.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey();
return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey,
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
protected override TlsSignerCredentials GetECDsaSignerCredentials()
{
byte[] certTypes;
if (mClientExtensions.Contains(ExtensionType.server_certificate_type))
{
certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type];
}
else
{
certTypes = new byte[] { CertificateType.X509 };
}
foreach (byte b in certTypes)
{
if (b == CertificateType.X509)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
return(new DefaultTlsSignerCredentials(
mContext,
new Certificate(kp.X509Certificate),
kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#if SUPPORT_RPK
if (b == CertificateType.RawPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter param = k.AsPublicKey();
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(
HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
#if SUPPORT_TLS_CWT
if (b == CertificateType.CwtPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes());
AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey();
cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey));
return(new DefaultTlsSignerCredentials(
mContext, cwtKey, kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public void Connect()
{
BasicTlsPskIdentity pskIdentity = null;
if (_userKey != null)
{
if (_userKey.HasKeyType((int)COSE.GeneralValuesInt.KeyType_Octet))
{
CBORObject kid = _userKey[COSE.CoseKeyKeys.KeyIdentifier];
if (kid != null)
{
pskIdentity = new BasicTlsPskIdentity(kid.GetByteString(), _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
else
{
pskIdentity = new BasicTlsPskIdentity(new byte[0], _userKey[CoseKeyParameterKeys.Octet_k].GetByteString());
}
}
}
_tlsSession = new TLSClient(null, pskIdentity);
_authKey = _userKey;
TlsClientProtocol clientProtocol = new TlsClientProtocol(new SecureRandom());
_client = new TcpClient(_ipEndPoint.AddressFamily);
_client.Connect(_ipEndPoint);
_stm = _client.GetStream();
clientProtocol.Connect(_tlsSession);
while (_tlsSession.InHandshake)
{
bool sleep = true;
int cbToRead = clientProtocol.GetAvailableOutputBytes();
if (cbToRead != 0)
{
byte[] data = new byte[cbToRead];
int cbRead = clientProtocol.ReadOutput(data, 0, cbToRead);
_stm.Write(data, 0, cbRead);
sleep = false;
}
if (_stm.DataAvailable)
{
byte[] data = new byte[1024];
int cbRead = _stm.Read(data, 0, data.Length);
Array.Resize(ref data, cbRead);
clientProtocol.OfferInput(data);
sleep = false;
}
if (sleep)
{
Thread.Sleep(100);
}
}
_tlsClient = clientProtocol;
// Send over the capability block
SendCSMSignal();
//
if (_toSend != null)
{
_queue.Enqueue(_toSend);
_toSend = null;
}
_stm.BeginRead(_buffer, 0, _buffer.Length, ReadCallback, this);
WriteData();
}