示例#1
0
        public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
        {
            TlsSigner signer = null;

            switch (signatureHashAlgorithm.Signature)
            {
            case TSignatureAlgorithm.Anonymous:
                break;

            case TSignatureAlgorithm.RSA:
                signer = new TlsRsaSigner();
                break;

            case TSignatureAlgorithm.DSA:
                signer = new TlsDssSigner();
                break;

            case TSignatureAlgorithm.ECDSA:

                signer = new TlsECDsaSigner();
                break;

            default:
                break;
            }
            DTLSContext context = new DTLSContext(client, version, handshakeInfo);

            context.SecureRandom = Porthelp.CreateSecureRandom();

            signer.Init(context);
            if (TlsUtilities.IsTlsV12(context))
            {
                SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
                return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
            }
            else
            {
                return(signer.GenerateRawSignature(privateKey, hash));
            }
        }
示例#2
0
        public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
        {
            int                encryptionAlgorithm = GetEncryptionAlgorithm(handshakeInfo.CipherSuite);
            int                macAlgorithm        = GetMACAlgorithm(handshakeInfo.CipherSuite);
            TlsContext         context             = new DTLSContext(client, version, handshakeInfo);
            SecurityParameters securityParameters  = context.SecurityParameters;

            byte[] seed       = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom);
            string asciiLabel = ExporterLabel.master_secret;

            handshakeInfo.MasterSecret = TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
            //session.Handshake.MasterSecret = TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48);
#if DEBUG
            Console.Write($"MasterSecret: {WriteToString(handshakeInfo.MasterSecret)}");
#endif

            seed = Concat(securityParameters.ServerRandom, securityParameters.ClientRandom);
            byte[] key_block = TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
            //byte[] key_block = TlsUtilities.PRF_legacy(session.Handshake.MasterSecret, ExporterLabel.key_expansion, seed, 96);
#if DEBUG
            Console.Write($"Key block: {WriteToString(key_block)}");
#endif
            return(CipherFactory.CreateCipher(context, encryptionAlgorithm, macAlgorithm));
        }
示例#3
0
 public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished, byte[] handshakeHash)
 {
     string asciiLabel;
     TlsContext context = new DTLSContext(client, version, handshakeInfo);
     if (isClientFinished)
         asciiLabel = ExporterLabel.client_finished;
     else
         asciiLabel = ExporterLabel.server_finished;
     //return TlsUtilities.PRF_legacy(masterSecret, asciiLabel, handshakeHash, 12);
     return TlsUtilities.PRF(context, handshakeInfo.MasterSecret, asciiLabel, handshakeHash, 12);
 }
示例#4
0
        public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
        {
            TlsSigner signer = null;
            switch (signatureHashAlgorithm.Signature)
            {
                case TSignatureAlgorithm.Anonymous:
                    break;
                case TSignatureAlgorithm.RSA:
                    signer = new TlsRsaSigner();
                    break;
                case TSignatureAlgorithm.DSA:
                    signer = new TlsDssSigner();
                    break;
                case TSignatureAlgorithm.ECDSA:

                    signer = new TlsECDsaSigner();
                    break;
                default:
                    break;
            }
            DTLSContext context = new DTLSContext(client, version, handshakeInfo);
            Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator randomGenerator = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
            context.SecureRandom = new Org.BouncyCastle.Security.SecureRandom(randomGenerator);

            signer.Init(context);
            if (TlsUtilities.IsTlsV12(context))
            {
                SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
                return signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash);
            }
            else
            {
                return signer.GenerateRawSignature(privateKey, hash);
            }
        }
示例#5
0
        public static TlsCipher AssignCipher(byte[] preMasterSecret, bool client, Version version, HandshakeInfo handshakeInfo)
        {
            int encryptionAlgorithm = GetEncryptionAlgorithm(handshakeInfo.CipherSuite);
            int macAlgorithm = GetMACAlgorithm(handshakeInfo.CipherSuite);
            TlsContext context = new DTLSContext(client, version, handshakeInfo);
            SecurityParameters securityParameters = context.SecurityParameters;
            byte[] seed = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom);
            string asciiLabel = ExporterLabel.master_secret;
            handshakeInfo.MasterSecret = TlsUtilities.PRF(context, preMasterSecret, asciiLabel, seed, 48);
            //session.Handshake.MasterSecret = TlsUtilities.PRF_legacy(preMasterSecret, asciiLabel, seed, 48);
#if DEBUG
            Console.Write("MasterSecret :");
            WriteToConsole(handshakeInfo.MasterSecret);
#endif

            seed = Concat(securityParameters.ServerRandom, securityParameters.ClientRandom);
            byte[] key_block = TlsUtilities.PRF(context, handshakeInfo.MasterSecret, ExporterLabel.key_expansion, seed, 96);
            //byte[] key_block = TlsUtilities.PRF_legacy(session.Handshake.MasterSecret, ExporterLabel.key_expansion, seed, 96);
#if DEBUG
            Console.Write("Key block :");
            WriteToConsole(key_block);
#endif
            return CipherFactory.CreateCipher(context, encryptionAlgorithm, macAlgorithm);
        }
示例#6
0
        public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
                                  SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
#endif
        {
            if (privateKey == null && rsaKey == null)
            {
                throw new ArgumentException("No key or Rsa CSP provided");
            }

            if (privateKey == null)
            {
                if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
                {
                    return(SignRsa(rsaKey, hash));
                }

                throw new ArgumentException("Need private key for non-RSA Algorithms");
            }

            if (version == null)
            {
                throw new ArgumentNullException(nameof(version));
            }

            if (handshakeInfo == null)
            {
                throw new ArgumentNullException(nameof(handshakeInfo));
            }

            if (signatureHashAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureHashAlgorithm));
            }

            if (hash == null)
            {
                throw new ArgumentNullException(nameof(hash));
            }

            TlsSigner signer = null;

            switch (signatureHashAlgorithm.Signature)
            {
            case TSignatureAlgorithm.Anonymous:
                break;

            case TSignatureAlgorithm.RSA:
                signer = new TlsRsaSigner();
                break;

            case TSignatureAlgorithm.DSA:
                signer = new TlsDssSigner();
                break;

            case TSignatureAlgorithm.ECDSA:

                signer = new TlsECDsaSigner();
                break;

            default:
                break;
            }

            var context         = new DTLSContext(client, version, handshakeInfo);
            var randomGenerator = new CryptoApiRandomGenerator();

            context.SecureRandom = new SecureRandom(randomGenerator);

            signer.Init(context);
            if (TlsUtilities.IsTlsV12(context))
            {
                var signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
                return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
            }
            else
            {
                return(signer.GenerateRawSignature(privateKey, hash));
            }
        }