public void AssertHash_WhenValuesAreDifferent_ShouldThrowSecurityException()
{
var a = new byte[] { 0, 1, 2, 3 };
var b = new byte[] { 0, 1, 2, 4 };
Assert.Throws <SecurityException>(() => SecurityAssert.AssertHash(a, b));
}
public void AssertHash_WhenEqual_ShouldDoNothing()
{
var a = new byte[] { 0, 1, 2, 3 };
var b = new byte[] { 0, 1, 2, 3 };
SecurityAssert.AssertHash(a, b);
}
public Record Read(RecordType type, TLSVersion version, ushort length)
{
var cipher = GetCipher();
cipher.Init(GetParameters(ConnectionDirection.Read));
var payload = _connection.Reader.ReadBytes(length);
var plaintext = new byte[payload.Length];
cipher.Decrypt(payload, 0, plaintext, 0, payload.Length);
var macAlgo = GetMAC(ConnectionDirection.Read);
var macLength = macAlgo.HashSize / 8;
var contentLength = plaintext.Length - macLength;
SecurityAssert.Assert(contentLength >= 0);
var mac = new byte[macLength];
Array.Copy(plaintext, contentLength, mac, 0, macLength);
var content = new byte[contentLength];
Array.Copy(plaintext, 0, content, 0, content.Length);
var seqNum = _sequenceConfig.GetThenIncrement(ConnectionDirection.Read);
var computedMac = ComputeMAC(macAlgo, seqNum, type, version, content);
SecurityAssert.AssertHash(mac, computedMac);
return(new Record(type, version, content));
}
public Record Read(RecordType type, TLSVersion version, ushort length)
{
var cipher = GetCipher();
var blockLength = cipher.BlockLength;
var iv = _connection.Reader.ReadBytes(blockLength);
cipher.Init(new IVParameter(GetParameters(ConnectionDirection.Read), iv));
var payload = _connection.Reader.ReadBytes(length - blockLength);
var plaintext = new byte[payload.Length];
cipher.Decrypt(payload, 0, plaintext, 0, payload.Length);
var macAlgo = GetMAC(ConnectionDirection.Read);
var macLength = macAlgo.HashSize / 8;
var paddingLength = plaintext[plaintext.Length - 1];
var contentLength = plaintext.Length - paddingLength - macLength - 1;
SecurityAssert.Assert(contentLength >= 0);
//TODO constant time
for (var i = plaintext.Length - 1; i > plaintext.Length - paddingLength; i--)
{
SecurityAssert.Assert(plaintext[i] == paddingLength);
}
var mac = new byte[macLength];
Array.Copy(plaintext, contentLength, mac, 0, macLength);
var content = new byte[contentLength];
Array.Copy(plaintext, 0, content, 0, content.Length);
var seqNum = _sequenceConfig.GetThenIncrement(ConnectionDirection.Read);
var computedMac = ComputeMAC(macAlgo, seqNum, type, version, content);
SecurityAssert.AssertHash(mac, computedMac);
return(new Record(type, version, content));
}
public AEADResult DecryptFinal(AEADResult previousResult)
{
// TODO SecurityAssert.AssertBuffer(input, inputOffset, _bufferOffset + TagLength);
// TODO SecurityAssert.AssertBuffer(output, outputOffset, _bufferOffset);
// Consume everything but the Tag
previousResult = Decrypt(previousResult.RemainingInput, previousResult.RemainingOutput);
var input = previousResult.RemainingInput;
var output = previousResult.RemainingOutput;
if (_bufferOffset != 0)
{
output = DecryptBlock(output);
}
var tagCiphertextPaddingLength = (16 - (int)(_cSize / 8) % 16) % 16;
_tagHash.Update(new byte[tagCiphertextPaddingLength]);
_tagHash.Update(EndianBitConverter.Big.GetBytes(_aSize));
_tagHash.Update(EndianBitConverter.Big.GetBytes(_cSize));
var tagCtr = new CTRBlockCipher(_cipher);
tagCtr.Init(new IVParameter(new NullCipherParameter(), _j0));
var digest = _tagHash.DigestBuffer();
var calculatedTag = new byte[16];
tagCtr.EncryptBlock(digest, calculatedTag);
var tag = input.Slice(0, _tagSize).ToArray();
SecurityAssert.AssertHash(calculatedTag, tag);
return(new AEADResult(input.Slice(_tagSize), output));
}
public void AssertHash_WhenBIsNull_ShouldThrowSecurityException()
{
var a = new byte[] { 0, 1, 2, 3 };
Assert.Throws <SecurityException>(() => SecurityAssert.AssertHash(a, null));
}