示例#1
0
        private static int GetEncryptionAlgorithm(TCipherSuite cipherSuite)
        {
            int result = 0;

            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
            {
                result = EncryptionAlgorithm.AES_128_CCM_8;
            }
            else if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
            {
                result = EncryptionAlgorithm.AES_128_CBC;
            }
            else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
            {
                result = EncryptionAlgorithm.AES_128_CCM_8;
            }
            else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
            {
                result = EncryptionAlgorithm.AES_128_CBC;
            }
            else if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
            {
                result = EncryptionAlgorithm.AES_128_CBC;
            }
            return(result);
        }
示例#2
0
        private static int GetMACAlgorithm(TCipherSuite cipherSuite)
        {
            int result = 0;

            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
            {
                result = MacAlgorithm.cls_null;
            }
            else if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
            {
                result = MacAlgorithm.hmac_sha256;
            }
            else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
            {
                result = MacAlgorithm.cls_null;
            }
            else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
            {
                result = MacAlgorithm.hmac_sha256;
            }
            else if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
            {
                result = MacAlgorithm.hmac_sha256;
            }
            return(result);
        }
示例#3
0
        public static bool SuiteUsable(TCipherSuite cipherSuite, Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, PSKIdentities pskIdentities, bool haveValidatePSKCallback)
        {
            bool result = false;
            TKeyExchangeAlgorithm keyExchangeAlgorithm = GetKeyExchangeAlgorithm(cipherSuite);

            switch (keyExchangeAlgorithm)
            {
            case TKeyExchangeAlgorithm.NotSet:
                break;

            case TKeyExchangeAlgorithm.PSK:
            case TKeyExchangeAlgorithm.ECDHE_PSK:
                result = haveValidatePSKCallback || ((pskIdentities != null) && (pskIdentities.Count > 0));
                break;

            case TKeyExchangeAlgorithm.ECDH_ECDSA:
            case TKeyExchangeAlgorithm.ECDHE_ECDSA:
                result = (privateKey != null);
                break;

            default:
                break;
            }
            return(result);
        }
示例#4
0
        private static int _GetEncryptionAlgorithm(TCipherSuite cipherSuite)
        {
            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
            {
                return(EncryptionAlgorithm.AES_128_CCM_8);
            }

            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
            {
                return(EncryptionAlgorithm.AES_128_CBC);
            }

            if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
            {
                return(EncryptionAlgorithm.AES_128_CCM_8);
            }

            if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
            {
                return(EncryptionAlgorithm.AES_128_CBC);
            }

            if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
            {
                return(EncryptionAlgorithm.AES_128_CBC);
            }

            if (cipherSuite == TCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
            {
                return(EncryptionAlgorithm.AES_256_CBC);
            }

            return(0);
        }
示例#5
0
        private static int _GetMACAlgorithm(TCipherSuite cipherSuite)
        {
            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
            {
                return(MacAlgorithm.cls_null);
            }

            if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
            {
                return(MacAlgorithm.hmac_sha256);
            }

            if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
            {
                return(MacAlgorithm.cls_null);
            }

            if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
            {
                return(MacAlgorithm.hmac_sha256);
            }

            if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
            {
                return(MacAlgorithm.hmac_sha256);
            }

            if (cipherSuite == TCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
            {
                return(MacAlgorithm.hmac_sha1);
            }

            return(0);
        }
示例#6
0
 public CipherSuite(TCipherSuite cipherSuite, TKeyExchangeAlgorithm keyExchangeAlgorithm, TSignatureAlgorithm signatureAlgorithm, Version minVersion, TPseudorandomFunction prf)
 {
     Suite = cipherSuite;
     KeyExchangeAlgorithm = keyExchangeAlgorithm;
     SignatureAlgorithm   = signatureAlgorithm;
     MinVersion           = minVersion;
     PRF = prf;
 }
示例#7
0
 public CipherSuite(TCipherSuite cipherSuite, TKeyExchangeAlgorithm keyExchangeAlgorithm, TSignatureAlgorithm signatureAlgorithm, Version minVersion,TPseudorandomFunction prf)
 {
     Suite = cipherSuite;
     KeyExchangeAlgorithm = keyExchangeAlgorithm;
     SignatureAlgorithm = signatureAlgorithm;
     MinVersion = minVersion;
     PRF = prf;
 }
示例#8
0
 public CipherSuite(TCipherSuite cipherSuite, TKeyExchangeAlgorithm keyExchangeAlgorithm,
                    TSignatureAlgorithm signatureAlgorithm, Version minVersion, TPseudorandomFunction prf)
 {
     this.Suite = cipherSuite;
     this.KeyExchangeAlgorithm = keyExchangeAlgorithm;
     this.SignatureAlgorithm   = signatureAlgorithm;
     this.MinVersion           = minVersion ?? throw new ArgumentNullException(nameof(minVersion));
     this.PRF = prf;
 }
示例#9
0
		public static TKeyExchangeAlgorithm GetKeyExchangeAlgorithm(TCipherSuite cipherSuite)
		{
			TKeyExchangeAlgorithm result = TKeyExchangeAlgorithm.NotSet;
            CipherSuite suite;
            if (_CipherSuites.TryGetValue(cipherSuite, out suite))
            {
                result = suite.KeyExchangeAlgorithm;
            }
			return result;
		}
示例#10
0
        public static TSignatureAlgorithm GetSignatureAlgorithm(TCipherSuite cipherSuite)
        {
            TSignatureAlgorithm result = TSignatureAlgorithm.Anonymous;
            CipherSuite         suite;

            if (_CipherSuites.TryGetValue(cipherSuite, out suite))
            {
                result = suite.SignatureAlgorithm;
            }
            return(result);
        }
示例#11
0
        public static TKeyExchangeAlgorithm GetKeyExchangeAlgorithm(TCipherSuite cipherSuite)
        {
            TKeyExchangeAlgorithm result = TKeyExchangeAlgorithm.NotSet;
            CipherSuite           suite;

            if (_CipherSuites.TryGetValue(cipherSuite, out suite))
            {
                result = suite.KeyExchangeAlgorithm;
            }
            return(result);
        }
示例#12
0
        public static bool SupportedVersion(TCipherSuite cipherSuite, Version version)
        {
            bool        result = false;
            CipherSuite suite;

            if (_CipherSuites.TryGetValue(cipherSuite, out suite))
            {
                result = suite.MinVersion <= version;
            }
            return(result);
        }
示例#13
0
 public static TPseudorandomFunction GetPseudorandomFunction(Version version, TCipherSuite cipherSuite)
 {
     TPseudorandomFunction result = TPseudorandomFunction.Legacy;
     if (version >= DTLSRecord.Version1_2)
     {
         CipherSuite suite;
         if (_CipherSuites.TryGetValue(cipherSuite, out suite))
         {
             result = suite.PRF;
         }
     }
     return result;
 }
示例#14
0
        public static TPseudorandomFunction GetPseudorandomFunction(Version version, TCipherSuite cipherSuite)
        {
            TPseudorandomFunction result = TPseudorandomFunction.Legacy;

            if (version >= DTLSRecord.Version1_2)
            {
                CipherSuite suite;
                if (_CipherSuites.TryGetValue(cipherSuite, out suite))
                {
                    result = suite.PRF;
                }
            }
            return(result);
        }
示例#15
0
        public void ProcessHandshake(DTLSRecord record)
        {
#if DEBUG
            Console.WriteLine($"> ProcessHandshake got {record}");
#endif
            SocketAddress address = record.RemoteEndPoint.Serialize();
            Session       session = Sessions.GetSession(address);
            byte[]        data;
            if ((session != null) && session.IsEncypted(record))
            {
                int count = 0;
                while ((session.Cipher == null) && (count < (HandshakeTimeout / HANDSHAKE_DWELL_TIME)))
                {
                    System.Threading.Thread.Sleep(HANDSHAKE_DWELL_TIME);
                    count++;
                }

                if (session.Cipher == null)
                {
                    throw new Exception($"HandshakeTimeout: >{HandshakeTimeout}");
                }

                if (session.Cipher != null)
                {
                    long sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                    data = session.Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
                }
                else
                {
                    data = record.Fragment;
                }
            }
            else
            {
                data = record.Fragment;
            }
            using (MemoryStream stream = new MemoryStream(data))
            {
                HandshakeRecord handshakeRecord = HandshakeRecord.Deserialise(stream);
                if (handshakeRecord != null)
                {
#if DEBUG
                    Console.WriteLine(handshakeRecord.MessageType.ToString());
#endif
                    switch (handshakeRecord.MessageType)
                    {
                    case THandshakeType.HelloRequest:
                        //HelloReq
                        break;

                    case THandshakeType.ClientHello:
                        ClientHello clientHello = ClientHello.Deserialise(stream);
                        if (clientHello != null)
                        {
                            byte[] cookie = clientHello.CalculateCookie(record.RemoteEndPoint, _HelloSecret);

                            if (clientHello.Cookie == null)
                            {
                                Version version = clientHello.ClientVersion;
                                if (ServerVersion < version)
                                {
                                    version = ServerVersion;
                                }
                                if (session == null)
                                {
                                    session = new Session
                                    {
                                        SessionID      = Guid.NewGuid(),
                                        RemoteEndPoint = record.RemoteEndPoint,
                                        Version        = version
                                    };
                                    Sessions.AddSession(address, session);
                                }
                                else
                                {
                                    session.Reset();
                                    session.Version = version;
                                }
                                session.ClientEpoch          = record.Epoch;
                                session.ClientSequenceNumber = record.SequenceNumber;
                                //session.Handshake.UpdateHandshakeHash(data);
                                HelloVerifyRequest helloVerifyRequest = new HelloVerifyRequest
                                {
                                    Cookie        = cookie,
                                    ServerVersion = ServerVersion
                                };
                                SendResponse(session, (IHandshakeMessage)helloVerifyRequest, 0);
                            }
                            else
                            {
                                if (session != null && session.Cipher != null && !session.IsEncypted(record))
                                {
                                    session.Reset();
                                }

                                if (TLSUtils.ByteArrayCompare(clientHello.Cookie, cookie))
                                {
                                    Version version = clientHello.ClientVersion;
                                    if (ServerVersion < version)
                                    {
                                        version = ServerVersion;
                                    }
                                    if (clientHello.SessionID == null)
                                    {
                                        if (session == null)
                                        {
                                            session = new Session();
                                            session.NextSequenceNumber();
                                            session.SessionID      = Guid.NewGuid();
                                            session.RemoteEndPoint = record.RemoteEndPoint;
                                            Sessions.AddSession(address, session);
                                        }
                                    }
                                    else
                                    {
                                        Guid sessionID = Guid.Empty;
                                        if (clientHello.SessionID.Length >= 16)
                                        {
                                            byte[] receivedSessionID = new byte[16];
                                            Buffer.BlockCopy(clientHello.SessionID, 0, receivedSessionID, 0, 16);
                                            sessionID = new Guid(receivedSessionID);
                                        }
                                        if (sessionID != Guid.Empty)
                                        {
                                            session = Sessions.GetSession(sessionID);
                                        }
                                        if (session == null)
                                        {
                                            //need to Find Session
                                            session = new Session
                                            {
                                                SessionID = Guid.NewGuid()
                                            };
                                            session.NextSequenceNumber();
                                            session.RemoteEndPoint = record.RemoteEndPoint;
                                            Sessions.AddSession(address, session);
                                            //session.Version = clientHello.ClientVersion;
                                        }
                                    }
                                    session.Version = version;
                                    session.Handshake.InitaliseHandshakeHash(version < DTLSRecord.Version1_2);
                                    session.Handshake.UpdateHandshakeHash(data);
                                    TCipherSuite cipherSuite = TCipherSuite.TLS_NULL_WITH_NULL_NULL;
                                    foreach (TCipherSuite item in clientHello.CipherSuites)
                                    {
                                        if (_SupportedCipherSuites.ContainsKey(item) && CipherSuites.SupportedVersion(item, session.Version) && CipherSuites.SuiteUsable(item, PrivateKey, _PSKIdentities, _ValidatePSK != null))
                                        {
                                            cipherSuite = item;
                                            break;
                                        }
                                    }

                                    TKeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(cipherSuite);

                                    ServerHello serverHello     = new ServerHello();
                                    byte[]      clientSessionID = new byte[32];
                                    byte[]      temp            = session.SessionID.ToByteArray();
                                    Buffer.BlockCopy(temp, 0, clientSessionID, 0, 16);
                                    Buffer.BlockCopy(temp, 0, clientSessionID, 16, 16);

                                    serverHello.SessionID = clientSessionID;    // session.SessionID.ToByteArray();
                                    serverHello.Random    = new RandomData();
                                    serverHello.Random.Generate();
                                    serverHello.CipherSuite   = (ushort)cipherSuite;
                                    serverHello.ServerVersion = session.Version;

                                    THashAlgorithm hash  = THashAlgorithm.SHA256;
                                    TEllipticCurve curve = TEllipticCurve.secp521r1;
                                    if (clientHello.Extensions != null)
                                    {
                                        foreach (Extension extension in clientHello.Extensions)
                                        {
                                            if (extension.SpecifcExtension is ClientCertificateTypeExtension)
                                            {
                                                ClientCertificateTypeExtension clientCertificateType = extension.SpecifcExtension as ClientCertificateTypeExtension;
                                                //TCertificateType certificateType = TCertificateType.Unknown;
                                                //foreach (TCertificateType item in clientCertificateType.CertificateTypes)
                                                //{

                                                //}
                                                //serverHello.AddExtension(new ClientCertificateTypeExtension(certificateType));
                                            }
                                            else if (extension.SpecifcExtension is EllipticCurvesExtension)
                                            {
                                                EllipticCurvesExtension ellipticCurves = extension.SpecifcExtension as EllipticCurvesExtension;
                                                foreach (TEllipticCurve item in ellipticCurves.SupportedCurves)
                                                {
                                                    if (EllipticCurveFactory.SupportedCurve(item))
                                                    {
                                                        curve = item;
                                                        break;
                                                    }
                                                }
                                            }
                                            else if (extension.SpecifcExtension is ServerCertificateTypeExtension)
                                            {
                                                //serverHello.AddExtension();
                                            }
                                            else if (extension.SpecifcExtension is SignatureAlgorithmsExtension)
                                            {
                                                SignatureAlgorithmsExtension signatureAlgorithms = extension.SpecifcExtension as SignatureAlgorithmsExtension;
                                                foreach (SignatureHashAlgorithm item in signatureAlgorithms.SupportedAlgorithms)
                                                {
                                                    if (item.Signature == TSignatureAlgorithm.ECDSA)
                                                    {
                                                        hash = item.Hash;
                                                        break;
                                                    }
                                                }
                                            }
                                        }
                                    }

                                    session.Handshake.CipherSuite  = cipherSuite;
                                    session.Handshake.ClientRandom = clientHello.Random;
                                    session.Handshake.ServerRandom = serverHello.Random;


                                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                    {
                                        EllipticCurvePointFormatsExtension pointFormatsExtension = new EllipticCurvePointFormatsExtension();
                                        pointFormatsExtension.SupportedPointFormats.Add(TEllipticCurvePointFormat.Uncompressed);
                                        serverHello.AddExtension(pointFormatsExtension);
                                    }
                                    session.Handshake.MessageSequence = 1;
                                    SendResponse(session, serverHello, session.Handshake.MessageSequence);
                                    session.Handshake.MessageSequence++;

                                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                    {
                                        if (Certificate != null)
                                        {
                                            SendResponse(session, Certificate, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;
                                        }
                                        ECDHEKeyExchange keyExchange = new ECDHEKeyExchange
                                        {
                                            Curve = curve,
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        keyExchange.GenerateEphemeralKey();
                                        session.Handshake.KeyExchange = keyExchange;
                                        if (session.Version == DTLSRecord.DefaultVersion)
                                        {
                                            hash = THashAlgorithm.SHA1;
                                        }
                                        ECDHEServerKeyExchange serverKeyExchange = new ECDHEServerKeyExchange(keyExchange, hash, TSignatureAlgorithm.ECDSA, PrivateKey);
                                        SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;
                                        if (_RequireClientCertificate)
                                        {
                                            CertificateRequest certificateRequest = new CertificateRequest();
                                            certificateRequest.CertificateTypes.Add(TClientCertificateType.ECDSASign);
                                            certificateRequest.SupportedAlgorithms.Add(new SignatureHashAlgorithm()
                                            {
                                                Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA
                                            });
                                            SendResponse(session, certificateRequest, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;
                                        }
                                    }
                                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                                    {
                                        ECDHEKeyExchange keyExchange = new ECDHEKeyExchange
                                        {
                                            Curve = curve,
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        keyExchange.GenerateEphemeralKey();
                                        session.Handshake.KeyExchange = keyExchange;
                                        ECDHEPSKServerKeyExchange serverKeyExchange = new ECDHEPSKServerKeyExchange(keyExchange);
                                        SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;
                                    }
                                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                                    {
                                        PSKKeyExchange keyExchange = new PSKKeyExchange
                                        {
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        session.Handshake.KeyExchange = keyExchange;
                                        //Need to be able to hint identity?? for PSK if not hinting don't really need key exchange message
                                        //PSKServerKeyExchange serverKeyExchange = new PSKServerKeyExchange();
                                        //SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        //session.Handshake.MessageSequence++;
                                    }
                                    SendResponse(session, new ServerHelloDone(), session.Handshake.MessageSequence);
                                    session.Handshake.MessageSequence++;
                                }
                            }
                        }
                        break;

                    case THandshakeType.ServerHello:
                        break;

                    case THandshakeType.HelloVerifyRequest:
                        break;

                    case THandshakeType.Certificate:
                        Certificate clientCertificate = Certificate.Deserialise(stream, TCertificateType.X509);
                        if (clientCertificate.CertChain.Count > 0)
                        {
                            session.CertificateInfo = Certificates.GetCertificateInfo(clientCertificate.CertChain[0], TCertificateFormat.CER);
                        }
                        session.Handshake.UpdateHandshakeHash(data);
                        break;

                    case THandshakeType.ServerKeyExchange:
                        break;

                    case THandshakeType.CertificateRequest:
                        break;

                    case THandshakeType.ServerHelloDone:
                        break;

                    case THandshakeType.CertificateVerify:
                        CertificateVerify certificateVerify = CertificateVerify.Deserialise(stream, session.Version);
                        session.Handshake.UpdateHandshakeHash(data);
                        break;

                    case THandshakeType.ClientKeyExchange:
                        if ((session == null) || (session.Handshake.KeyExchange == null))
                        {
                        }
                        else
                        {
                            session.Handshake.UpdateHandshakeHash(data);
                            byte[] preMasterSecret = null;
                            if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                            {
                                ECDHEClientKeyExchange clientKeyExchange = ECDHEClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                    preMasterSecret = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                }
                            }
                            else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                            {
                                ECDHEPSKClientKeyExchange clientKeyExchange = ECDHEPSKClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                    byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                    if (psk == null)
                                    {
                                        psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                        if (psk != null)
                                        {
                                            _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                        }
                                    }

                                    if (psk != null)
                                    {
                                        ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                        byte[]           otherSecret   = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                                    }
                                }
                            }
                            else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                            {
                                PSKClientKeyExchange clientKeyExchange = PSKClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                    byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                    if (psk == null)
                                    {
                                        psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                        if (psk != null)
                                        {
                                            _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                        }
                                    }

                                    if (psk != null)
                                    {
                                        ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                        byte[]           otherSecret   = new byte[psk.Length];
                                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                                    }
                                }
                            }

                            if (preMasterSecret != null)
                            {
                                //session.MasterSecret = TLSUtils.CalculateMasterSecret(preMasterSecret, session.KeyExchange);
                                //TLSUtils.AssignCipher(session);

                                session.Cipher = TLSUtils.AssignCipher(preMasterSecret, false, session.Version, session.Handshake);
                            }
                            else
                            {
                                Console.WriteLine($"preMasterSecret is null!");
                            }
                        }
                        break;

                    case THandshakeType.Finished:
                        Finished finished = Finished.Deserialise(stream);
                        if (session != null)
                        {
                            byte[] handshakeHash        = session.Handshake.GetHash();
                            byte[] calculatedVerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, true, handshakeHash);
#if DEBUG
                            Console.Write($"Handshake Hash: {TLSUtils.WriteToString(handshakeHash)}");
                            Console.Write($"Sent Verify: {TLSUtils.WriteToString(finished.VerifyData)}");
                            Console.Write($"Calc Verify: {TLSUtils.WriteToString(calculatedVerifyData)}");
#endif
                            if (TLSUtils.ByteArrayCompare(finished.VerifyData, calculatedVerifyData))
                            {
                                SendChangeCipherSpec(session);
                                session.Handshake.UpdateHandshakeHash(data);
                                handshakeHash = session.Handshake.GetHash();
                                Finished serverFinished = new Finished
                                {
                                    VerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, false, handshakeHash)
                                };
                                SendResponse(session, serverFinished, session.Handshake.MessageSequence);
                                session.Handshake.MessageSequence++;
                            }
                            else
                            {
                                throw new Exception();
                            }
                        }
                        break;

                    default:
                        break;
                    }
                }
            }
        }
示例#16
0
		private static int GetMACAlgorithm(TCipherSuite cipherSuite)
		{
			int result = 0;
			if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
				result = MacAlgorithm.cls_null;
			else if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
				result = MacAlgorithm.hmac_sha256;
			else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
				result = MacAlgorithm.cls_null;
			else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
				result = MacAlgorithm.hmac_sha256;
			else if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
				result = MacAlgorithm.hmac_sha256;
			return result;
		}
示例#17
0
 public static bool SuiteUsable(TCipherSuite cipherSuite, Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, PSKIdentities pskIdentities, bool haveValidatePSKCallback)
 {
     bool result = false;
     TKeyExchangeAlgorithm keyExchangeAlgorithm = GetKeyExchangeAlgorithm(cipherSuite);
     switch (keyExchangeAlgorithm)
     {
         case TKeyExchangeAlgorithm.NotSet:
             break;
         case TKeyExchangeAlgorithm.PSK:
         case TKeyExchangeAlgorithm.ECDHE_PSK:
             result = haveValidatePSKCallback || ((pskIdentities != null) && (pskIdentities.Count > 0));
             break;
         case TKeyExchangeAlgorithm.ECDH_ECDSA:
         case TKeyExchangeAlgorithm.ECDHE_ECDSA:
             result = (privateKey != null);
             break;
         default:
             break;
     }
     return result;
 }
示例#18
0
		public static TSignatureAlgorithm GetSignatureAlgorithm(TCipherSuite cipherSuite)
		{
			TSignatureAlgorithm result = TSignatureAlgorithm.Anonymous;
            CipherSuite suite;
            if (_CipherSuites.TryGetValue(cipherSuite, out suite))
            {
                result = suite.SignatureAlgorithm;
            }
			return result;
		}
示例#19
0
		private static int GetEncryptionAlgorithm(TCipherSuite cipherSuite)
		{
			int result = 0;
			if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
				result = EncryptionAlgorithm.AES_128_CCM_8;
			else if (cipherSuite == TCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
				result = EncryptionAlgorithm.AES_128_CBC;
			else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
				result = EncryptionAlgorithm.AES_128_CCM_8;
			else if (cipherSuite == TCipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256)
				result = EncryptionAlgorithm.AES_128_CBC;
			else if (cipherSuite == TCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256)
				result = EncryptionAlgorithm.AES_128_CBC;
			return result;
		}
示例#20
0
 public static bool SupportedVersion(TCipherSuite cipherSuite, Version version)
 {
     bool result = false;
     CipherSuite suite;
     if (_CipherSuites.TryGetValue(cipherSuite, out suite))
     {
         result = suite.MinVersion <= version;
     }
     return result;
 }