public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
{
int encryptionAlgorithm = GetEncryptionAlgorithm(handshakeInfo.CipherSuite);
int macAlgorithm = GetMACAlgorithm(handshakeInfo.CipherSuite);
TlsContext context = new DTLSContext(client, version, handshakeInfo);
SecurityParameters securityParameters = context.SecurityParameters;
byte[] seed = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom);
string asciiLabel = ExporterLabel.master_secret;
handshakeInfo.MasterSecret = TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
//session.Handshake.MasterSecret = TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48);
#if DEBUG
Console.Write("MasterSecret :");
WriteToConsole(handshakeInfo.MasterSecret);
#endif
seed = Concat(securityParameters.ServerRandom, securityParameters.ClientRandom);
byte[] key_block = TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
//byte[] key_block = TlsUtilities.PRF_legacy(session.Handshake.MasterSecret, ExporterLabel.key_expansion, seed, 96);
#if DEBUG
Console.Write("Key block :");
WriteToConsole(key_block);
#endif
return(CipherFactory.CreateCipher(context, encryptionAlgorithm, macAlgorithm));
}
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished,
byte[] handshakeHash)
{
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
if (handshakeHash == null)
{
throw new ArgumentNullException(nameof(handshakeHash));
}
TlsContext context = new DTLSContext(client, version, handshakeInfo);
var asciiLabel = isClientFinished ? ExporterLabel.client_finished : ExporterLabel.server_finished;
return(TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12)
: TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12));
}
public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
{
if (preMasterSecret == null)
{
throw new ArgumentNullException(nameof(preMasterSecret));
}
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
TlsContext context = new DTLSContext(client, version, handshakeInfo);
var securityParameters = context.SecurityParameters;
var seed = securityParameters.ClientRandom.Concat(securityParameters.ServerRandom).ToArray();
var asciiLabel = ExporterLabel.master_secret;
handshakeInfo.MasterSecret = TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48)
: TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
seed = securityParameters.ServerRandom.Concat(securityParameters.ClientRandom).ToArray();
var key_block = TlsUtilities.IsTlsV11(context) ?
TlsUtilities.PRF_legacy(handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96)
: TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
return(_CipherFactory
.CreateCipher(context, _GetEncryptionAlgorithm(handshakeInfo.CipherSuite), _GetMACAlgorithm(handshakeInfo.CipherSuite)));
}
public virtual byte[] ExportKeyingMaterial(string asciiLabel, byte[] context_value, int length)
{
if (context_value != null && !TlsUtilities.IsValidUint16(context_value.Length))
{
throw new ArgumentException("must have length less than 2^16 (or be null)", "context_value");
}
SecurityParameters sp = SecurityParameters;
if (!sp.IsExtendedMasterSecret)
{
/*
* RFC 7627 5.4. If a client or server chooses to continue with a full handshake without
* the extended master secret extension, [..] the client or server MUST NOT export any
* key material based on the new master secret for any subsequent application-level
* authentication. In particular, it MUST disable [RFC5705] [..].
*/
throw new InvalidOperationException("cannot export keying material without extended_master_secret");
}
byte[] cr = sp.ClientRandom, sr = sp.ServerRandom;
int seedLength = cr.Length + sr.Length;
if (context_value != null)
{
seedLength += (2 + context_value.Length);
}
byte[] seed = new byte[seedLength];
int seedPos = 0;
Array.Copy(cr, 0, seed, seedPos, cr.Length);
seedPos += cr.Length;
Array.Copy(sr, 0, seed, seedPos, sr.Length);
seedPos += sr.Length;
if (context_value != null)
{
TlsUtilities.WriteUint16(context_value.Length, seed, seedPos);
seedPos += 2;
Array.Copy(context_value, 0, seed, seedPos, context_value.Length);
seedPos += context_value.Length;
}
if (seedPos != seedLength)
{
throw new InvalidOperationException("error in calculation of seed for export");
}
return(TlsUtilities.PRF(this, sp.MasterSecret, asciiLabel, seed, length));
}
public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished, byte[] handshakeHash)
{
string asciiLabel;
TlsContext context = new DTLSContext(client, version, handshakeInfo);
if (isClientFinished)
{
asciiLabel = ExporterLabel.client_finished;
}
else
{
asciiLabel = ExporterLabel.server_finished;
}
//return TlsUtilities.PRF_legacy(masterSecret, asciiLabel, handshakeHash, 12);
return(TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12));
}
public static byte[] CalculateKeyBlock(TlsContext context, int size)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
if (size < 0)
{
throw new ArgumentOutOfRangeException(nameof(size));
}
var securityParameters = context.SecurityParameters;
var master_secret = securityParameters.MasterSecret;
var seed = securityParameters.ServerRandom.Concat(securityParameters.ClientRandom).ToArray();
return(TlsUtilities.IsTlsV11(context)
? TlsUtilities.PRF_legacy(master_secret, ExporterLabel.key_expansion, seed, size)
: TlsUtilities.PRF(context, master_secret, ExporterLabel.key_expansion, seed, size));
}
public byte[] ExportKeyingMaterial(string asciiLabel, byte[] context_value, int length)
{
if (context_value != null && !TlsUtilities.IsValidUint16(context_value.Length))
{
throw new ArgumentException("'context_value' must have length less than 2^16 (or be null)");
}
SecurityParameters sp = this.securityParameters;
byte[] cr = sp.ClientRandom, sr = sp.ServerRandom;
int seedLength = cr.Length + sr.Length;
if (context_value != null)
{
seedLength += (2 + context_value.Length);
}
byte[] seed = new byte[seedLength];
int seedPos = 0;
Array.Copy(cr, 0, seed, seedPos, cr.Length);
seedPos += cr.Length;
Array.Copy(sr, 0, seed, seedPos, sr.Length);
seedPos += sr.Length;
if (context_value != null)
{
TlsUtilities.WriteUint16(context_value.Length, seed, seedPos);
seedPos += 2;
Array.Copy(context_value, 0, seed, seedPos, context_value.Length);
seedPos += context_value.Length;
}
if (seedPos != seedLength)
{
throw new InvalidOperationException("error in calculation of seed for export");
}
return(TlsUtilities.PRF(this, sp.MasterSecret, asciiLabel, seed, length));
}
public virtual byte[] ExportKeyingMaterial(string asciiLabel, byte[] context_value, int length)
{
if (context_value != null && !TlsUtilities.IsValidUint16(context_value.Length))
{
throw new ArgumentException("must have length less than 2^16 (or be null)", "context_value");
}
SecurityParameters securityParameters = SecurityParameters;
byte[] clientRandom = securityParameters.ClientRandom;
byte[] serverRandom = securityParameters.ServerRandom;
int num = clientRandom.Length + serverRandom.Length;
if (context_value != null)
{
num += 2 + context_value.Length;
}
byte[] array = new byte[num];
int num2 = 0;
Array.Copy(clientRandom, 0, array, num2, clientRandom.Length);
num2 += clientRandom.Length;
Array.Copy(serverRandom, 0, array, num2, serverRandom.Length);
num2 += serverRandom.Length;
if (context_value != null)
{
TlsUtilities.WriteUint16(context_value.Length, array, num2);
num2 += 2;
Array.Copy(context_value, 0, array, num2, context_value.Length);
num2 += context_value.Length;
}
if (num2 != num)
{
throw new InvalidOperationException("error in calculation of seed for export");
}
return(TlsUtilities.PRF(this, securityParameters.MasterSecret, asciiLabel, array, length));
}
