/// <summary> /// The decrypt. /// </summary> /// <param name="encrypted"> /// The encrypted. /// </param> /// <param name="pk"> /// The pk. /// </param> /// <returns> /// The <see cref="string"/>. /// </returns> private string Decrypt(string encrypted, PrivateKey pk) { var keyParam = pk.GetPrivateKeyParam(); var engine = new Pkcs1Encoding(new RsaEngine()); engine.Init(false, keyParam); var blockSize = engine.GetInputBlockSize(); byte[] bytes = Convert.FromBase64String(encrypted); byte[] dec = engine.ProcessBlock(bytes, 0, blockSize); var clear = this.ToUTF8String(dec); return clear; }
internal string Decrypt(string cryptText, string encryptionKey, bool isPrivate) { RsaKeyParameters key; byte[] data = null; List<byte> output = new List<byte>(); string result = null; try { if (isPrivate) key = RsaPrivateStringToRsaKey(encryptionKey); else key = RsaPublicStringToRsaKey(encryptionKey); data = Hex.Decode(cryptText); IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher(); e.Init(false, key); int blockSize = e.GetInputBlockSize(); if (data != null) { for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize) { int chunkSize; if (data.Length <= blockSize) chunkSize = data.Length; else if ((chunkPosition + blockSize) > data.Length) chunkSize = data.Length - chunkPosition; else chunkSize = blockSize; if (chunkSize <= 0) break; output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize)); } result = ByteArrayToString(output.ToArray()); } } catch (Exception ex) { Debug.Write(ex.ToString()); } return result; }
public static byte[] GenerateEncryptedPreMasterSecret(SecureRandom random, RsaKeyParameters rsaServerPublicKey, Stream output) { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; random.NextBytes(premasterSecret); TlsUtilities.WriteVersion(premasterSecret, 0); Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine()); encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, random)); try { byte[] keData = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length); TlsUtilities.WriteOpaque16(keData, output); } catch (InvalidCipherTextException) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } return premasterSecret; }
public virtual void GenerateClientKeyExchange(Stream output) { /* * Choose a PremasterSecret and send it encrypted to the server */ premasterSecret = new byte[48]; context.SecureRandom.NextBytes(premasterSecret); TlsUtilities.WriteVersion(premasterSecret, 0); Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine()); encoding.Init(true, new ParametersWithRandom(this.rsaServerPublicKey, context.SecureRandom)); try { byte[] keData = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length); TlsUtilities.WriteUint24(keData.Length + 2, output); TlsUtilities.WriteOpaque16(keData, output); } catch (InvalidCipherTextException) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } }
public string decryptPasswordUsingPem(string password) { try { var passwordBytes = Convert.FromBase64String(password); AsymmetricCipherKeyPair keyPair; PathToPemKey = PathToPemKey ?? "Where is the PEM private Key".askUser(); if (PathToPemKey.isFolder()) PathToPemKey = PathToPemKey.files("*.pem").first(); if (PathToPemKey.valid() && PathToPemKey.fileExists()) { using (var reader = File.OpenText(PathToPemKey)) keyPair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject(); var decryptEngine = new Pkcs1Encoding(new RsaEngine()); decryptEngine.Init(false, keyPair.Private); var decryptedPassword = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(passwordBytes, 0, passwordBytes.Length)); return decryptedPassword; } "in decryptPasswordUsingPem, there was no PEM file provided or found".error(); } catch(Exception ex) { "[API_RSA] in decryptPasswordUsingPem: {0}".error(ex.Message); } return null; }
public string Decrypt(string str) { if (string.IsNullOrEmpty(str)) return ""; var dat = Convert.FromBase64String(str); var encoding = new Pkcs1Encoding(engine); encoding.Init(false, key); return Encoding.UTF8.GetString(encoding.ProcessBlock(dat, 0, dat.Length)); }
public string Encrypt(string str) { if (string.IsNullOrEmpty(str)) return ""; var dat = Encoding.UTF8.GetBytes(str); var encoding = new Pkcs1Encoding(engine); encoding.Init(true, key); return Convert.ToBase64String(encoding.ProcessBlock(dat, 0, dat.Length)); }
public string RsaEncrypt(string clearText, AsymmetricKeyParameter prywatny) { AsymmetricKeyParameter key = prywatny; var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText); var encryptEngine = new Pkcs1Encoding(new RsaEngine()); encryptEngine.Init(true, key); var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length)); return encrypted; }
public byte[] DeSignData(byte[] data) { if (OnlyPublic) throw new NotSupportedException("Private key not available"); var eng = new Pkcs1Encoding(new RsaEngine()); eng.Init(false, RSAKeyPair.Private); return eng.ProcessBlock(data, 0, data.Length); }
private void doTestStrictPkcs1Length(RsaKeyParameters pubParameters, RsaKeyParameters privParameters) { IAsymmetricBlockCipher eng = new RsaBlindedEngine(); eng.Init(true, privParameters); byte[] data = null; try { data = eng.ProcessBlock(oversizedSig, 0, oversizedSig.Length); } catch (Exception e) { Fail("RSA: failed - exception " + e.ToString(), e); } eng = new Pkcs1Encoding(eng); eng.Init(false, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); Fail("oversized signature block not recognised"); } catch (InvalidCipherTextException e) { if (!e.Message.Equals("block incorrect size")) { Fail("RSA: failed - exception " + e.ToString(), e); } } // Create the encoding with StrictLengthEnabled=false (done thru environment in Java version) Pkcs1Encoding.StrictLengthEnabled = false; eng = new Pkcs1Encoding(new RsaBlindedEngine()); eng.Init(false, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (InvalidCipherTextException e) { Fail("RSA: failed - exception " + e.ToString(), e); } Pkcs1Encoding.StrictLengthEnabled = true; }
public static byte[] Decrypt(byte[] buffer) { using (TextReader sr = new StringReader(PRIVATE_KEY)) { PemReader pemReader = new PemReader(sr); AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject(); RsaKeyParameters privateKey = (RsaKeyParameters)keyPair.Private; IAsymmetricBlockCipher cipher = new Pkcs1Encoding(new RsaEngine()); cipher.Init(false, privateKey); return cipher.ProcessBlock(buffer, 0, buffer.Length); } }
public string RsaEncryptWithPrivate(string clearText, string privateKey) { var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText); var encryptEngine = new Pkcs1Encoding(new RsaEngine()); using (var txtreader = new StringReader(privateKey)) { var keyPair = (AsymmetricCipherKeyPair)new PemReader(txtreader).ReadObject(); encryptEngine.Init(true, keyPair.Public); } var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length)); return encrypted; }
public static string Crypt(string input) { RsaKeyParameters parameters; AsymmetricCipherKeyPair keyPair; using (var reader = File.OpenText(@"publickey.pem")) // file containing RSA PKCS1 private key parameters = (RsaKeyParameters)new PemReader(reader).ReadObject(); keyPair = new AsymmetricCipherKeyPair(parameters, new AsymmetricKeyParameter(true)); var encryptEngine = new Pkcs1Encoding(new RsaEngine()); encryptEngine.Init(true, keyPair.Public); byte[] utf = Encoding.UTF8.GetBytes(input); return Convert.ToBase64String(encryptEngine.ProcessBlock(utf, 0, utf.Length)); }
// Decryption: public string RsaDecrypt(string base64Input, string privateKey) { var bytesToDecrypt = Convert.FromBase64String(base64Input); //get a stream from the string AsymmetricCipherKeyPair keyPair; var decryptEngine = new Pkcs1Encoding(new RsaEngine()); using (var txtreader = new StringReader(privateKey)) { keyPair = (AsymmetricCipherKeyPair)new PemReader(txtreader).ReadObject(); decryptEngine.Init(false, keyPair.Private); } var decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length)); return decrypted; }
public static string DecryptString(string encrypted = null, string keyName = "key") { string decrypted = null; // If no encrypted string, return if (encrypted == "") { return null; } var bytesToDecrypt = Convert.FromBase64String(encrypted); AsymmetricCipherKeyPair keypair; string path = Path.Combine(Directory.GetCurrentDirectory(), @"..\..\Keys\" + keyName + ".pem"); path = Path.GetFullPath(path); using (var reader = File.OpenText(path)) { keypair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject(); } var decryptEngine = new Pkcs1Encoding(new RsaEngine()); decryptEngine.Init(false, keypair.Private); decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length)); return decrypted; }
/// <exception cref="IOException"></exception> public static byte[] GenerateEncryptedPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPublicKey, Stream output) { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.SecureRandom.NextBytes(premasterSecret); TlsUtilities.WriteVersion(context.ClientVersion, premasterSecret, 0); Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine()); encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, context.SecureRandom)); try { byte[] encryptedPreMasterSecret = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length); if (TlsUtilities.IsSsl(context)) { // TODO Do any SSLv3 servers actually expect the length? output.Write(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length); } else { TlsUtilities.WriteOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error, e); } return premasterSecret; }
public static byte[] SafeDecryptPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPrivateKey, byte[] encryptedPreMasterSecret) { /* * RFC 5246 7.4.7.1. */ ProtocolVersion clientVersion = context.ClientVersion; // TODO Provide as configuration option? bool versionNumberCheckDisabled = false; /* * Generate 48 random bytes we can use as a Pre-Master-Secret, if the * PKCS1 padding check should fail. */ byte[] fallback = new byte[48]; context.SecureRandom.NextBytes(fallback); byte[] M = Arrays.Clone(fallback); try { Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine(), fallback); encoding.Init(false, new ParametersWithRandom(rsaServerPrivateKey, context.SecureRandom)); M = encoding.ProcessBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length); } catch (Exception) { /* * This should never happen since the decryption should never throw an exception * and return a random value instead. * * In any case, a TLS server MUST NOT generate an alert if processing an * RSA-encrypted premaster secret message fails, or the version number is not as * expected. Instead, it MUST continue the handshake with a randomly generated * premaster secret. */ } /* * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST * check the version number [..]. */ if (versionNumberCheckDisabled && clientVersion.IsEqualOrEarlierVersionOf(ProtocolVersion.TLSv10)) { /* * If the version number is TLS 1.0 or earlier, server * implementations SHOULD check the version number, but MAY have a * configuration option to disable the check. * * So there is nothing to do here. */ } else { /* * OK, we need to compare the version number in the decrypted Pre-Master-Secret with the * clientVersion received during the handshake. If they don't match, we replace the * decrypted Pre-Master-Secret with a random one. */ int correct = (clientVersion.MajorVersion ^ (M[0] & 0xff)) | (clientVersion.MinorVersion ^ (M[1] & 0xff)); correct |= correct >> 1; correct |= correct >> 2; correct |= correct >> 4; int mask = ~((correct & 1) - 1); /* * mask will be all bits set to 0xff if the version number differed. */ for (int i = 0; i < 48; i++) { M[i] = (byte)((M[i] & (~mask)) | (fallback[i] & mask)); } } return M; }
internal string Encrypt(string plainText, string encryptionKey, bool isPrivate) { RsaKeyParameters key; byte[] data = null; List<byte> output = new List<byte>(); string result = null; try { if (isPrivate) key = RsaPrivateStringToRsaKey(encryptionKey); else key = RsaPublicStringToRsaKey(encryptionKey); data = StringToByteArray(plainText); IAsymmetricBlockCipher e = new Pkcs1Encoding(new RsaEngine()).GetUnderlyingCipher(); e.Init(true, key); int blockSize = e.GetInputBlockSize(); if (data != null) { for (int chunkPosition = 0; chunkPosition < data.Length; chunkPosition += blockSize) { int chunkSize; if (data.Length <= blockSize) chunkSize = data.Length; // If we have less data then the blockSize, do it all else if ((chunkPosition + blockSize) > data.Length) // Do we have any remainder data chunkSize = data.Length - chunkPosition; else chunkSize = blockSize; // Normal process, chunk to blockSize // No more blocks to process if (chunkSize <= 0) break; output.AddRange(e.ProcessBlock(data, chunkPosition, chunkSize)); } result = Encoding.ASCII.GetString(Hex.Encode(output.ToArray())); } } catch (Exception) { } return result; }
private void testZeroBlock(ICipherParameters encParameters, ICipherParameters decParameters) { IAsymmetricBlockCipher eng = new Pkcs1Encoding(new RsaEngine()); eng.Init(true, encParameters); if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize()) { Fail("PKCS1 output block size incorrect"); } byte[] zero = new byte[0]; byte[] data = null; try { data = eng.ProcessBlock(zero, 0, zero.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, decParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!Arrays.AreEqual(zero, data)) { Fail("failed PKCS1 zero Test"); } }
/// <summary> /// The encrypt. /// </summary> /// <param name="data"> /// The data. /// </param> /// <param name="pk"> /// The pk. /// </param> /// <returns> /// The <see cref="string"/>. /// </returns> private string Encrypt(string data, PublicKey pk) { byte[] bytes = Encoding.UTF8.GetBytes(data); var keyParam = pk.GetPublicKeyParam(); var engine = new Pkcs1Encoding(new RsaEngine()); engine.Init(true, keyParam); var blockSize = bytes.Length; // engine.GetInputBlockSize(); byte[] enc = engine.ProcessBlock(bytes, 0, blockSize); return Convert.ToBase64String(enc); }
private void checkForPkcs1Exception(RsaKeyParameters pubParameters, RsaKeyParameters privParameters, byte[] inputData, string expectedMessage) { IAsymmetricBlockCipher eng = new RsaBlindedEngine(); eng.Init(true, privParameters); byte[] data = null; try { data = eng.ProcessBlock(inputData, 0, inputData.Length); } catch (Exception e) { Fail("RSA: failed - exception " + e.ToString(), e); } eng = new Pkcs1Encoding(eng); eng.Init(false, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); Fail("missing data block not recognised"); } catch (InvalidCipherTextException e) { if (!e.Message.Equals(expectedMessage)) { Fail("RSA: failed - exception " + e.ToString(), e); } } }
private void processHandshake() { bool read; do { read = false; /* * We need the first 4 bytes, they contain type and length of * the message. */ if (handshakeQueue.Available >= 4) { byte[] beginning = new byte[4]; handshakeQueue.Read(beginning, 0, 4, 0); MemoryStream bis = new MemoryStream(beginning, false); short type = TlsUtilities.ReadUint8(bis); int len = TlsUtilities.ReadUint24(bis); /* * Check if we have enough bytes in the buffer to read * the full message. */ if (handshakeQueue.Available >= (len + 4)) { /* * Read the message. */ byte[] buf = new byte[len]; handshakeQueue.Read(buf, 0, len, 4); handshakeQueue.RemoveData(len + 4); /* * If it is not a finished message, update our hashes * we prepare for the finish message. */ if (type != HP_FINISHED) { rs.hash1.BlockUpdate(beginning, 0, 4); rs.hash2.BlockUpdate(beginning, 0, 4); rs.hash1.BlockUpdate(buf, 0, len); rs.hash2.BlockUpdate(buf, 0, len); } /* * Now, parse the message. */ MemoryStream inStr = new MemoryStream(buf, false); /* * Check the type. */ switch (type) { case HP_CERTIFICATE: switch (connection_state) { case CS_SERVER_HELLO_RECEIVED: /* * Parse the certificates. */ Certificate cert = Certificate.Parse(inStr); AssertEmpty(inStr); /* * Verify them. */ if (!this.verifyer.IsValid(cert.GetCerts())) { this.FailWithError(AL_fatal, AP_user_canceled); } /* * We only support RSA certificates. Lets hope * this is one. */ RsaPublicKeyStructure rsaKey = null; try { rsaKey = RsaPublicKeyStructure.GetInstance( cert.certs[0].TbsCertificate.SubjectPublicKeyInfo.GetPublicKey()); } catch (Exception) { /* * Sorry, we have to fail ;-( */ this.FailWithError(AL_fatal, AP_unsupported_certificate); } /* * Parse the servers public RSA key. */ this.serverRsaKey = new RsaKeyParameters( false, rsaKey.Modulus, rsaKey.PublicExponent); connection_state = CS_SERVER_CERTIFICATE_RECEIVED; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_FINISHED: switch (connection_state) { case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED: /* * Read the checksum from the finished message, * it has always 12 bytes. */ byte[] receivedChecksum = new byte[12]; TlsUtilities.ReadFully(receivedChecksum, inStr); AssertEmpty(inStr); /* * Calculate our owne checksum. */ byte[] checksum = new byte[12]; byte[] md5andsha1 = new byte[16 + 20]; rs.hash2.DoFinal(md5andsha1, 0); TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum); /* * Compare both checksums. */ for (int i = 0; i < receivedChecksum.Length; i++) { if (receivedChecksum[i] != checksum[i]) { /* * Wrong checksum in the finished message. */ this.FailWithError(AL_fatal, AP_handshake_failure); } } connection_state = CS_DONE; /* * We are now ready to receive application data. */ this.appDataReady = true; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_SERVER_HELLO: switch (connection_state) { case CS_CLIENT_HELLO_SEND: /* * Read the server hello message */ TlsUtilities.CheckVersion(inStr, this); /* * Read the server random */ this.serverRandom = new byte[32]; TlsUtilities.ReadFully(this.serverRandom, inStr); /* * Currenty, we don't support session ids */ short sessionIdLength = TlsUtilities.ReadUint8(inStr); byte[] sessionId = new byte[sessionIdLength]; TlsUtilities.ReadFully(sessionId, inStr); /* * Find out which ciphersuite the server has * choosen. If we don't support this ciphersuite, * the TlsCipherSuiteManager will throw an * exception. */ this.choosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite( TlsUtilities.ReadUint16(inStr), this); /* * We support only the null compression which * means no compression. */ short compressionMethod = TlsUtilities.ReadUint8(inStr); if (compressionMethod != 0) { this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter); } AssertEmpty(inStr); connection_state = CS_SERVER_HELLO_RECEIVED; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_SERVER_HELLO_DONE: switch (connection_state) { case CS_SERVER_CERTIFICATE_RECEIVED: case CS_SERVER_KEY_EXCHANGE_RECEIVED: // NB: Original code used case label fall-through if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED) { /* * There was no server key exchange message, check * that we are doing RSA key exchange. */ if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA) { this.FailWithError(AL_fatal, AP_unexpected_message); } } AssertEmpty(inStr); connection_state = CS_SERVER_HELLO_DONE_RECEIVED; /* * Send the client key exchange message, depending * on the key exchange we are using in our * ciphersuite. */ short ke = this.choosenCipherSuite.KeyExchangeAlgorithm; switch (ke) { case TlsCipherSuite.KE_RSA: /* * We are doing RSA key exchange. We will * choose a pre master secret and send it * rsa encrypted to the server. * * Prepare pre master secret. */ pms = new byte[48]; pms[0] = 3; pms[1] = 1; random.NextBytes(pms, 2, 46); /* * Encode the pms and send it to the server. * * Prepare an Pkcs1Encoding with good random * padding. */ RsaBlindedEngine rsa = new RsaBlindedEngine(); Pkcs1Encoding encoding = new Pkcs1Encoding(rsa); encoding.Init(true, new ParametersWithRandom(this.serverRsaKey, this.random)); byte[] encrypted = null; try { encrypted = encoding.ProcessBlock(pms, 0, pms.Length); } catch (InvalidCipherTextException) { /* * This should never happen, only during decryption. */ this.FailWithError(AL_fatal, AP_internal_error); } /* * Send the encrypted pms. */ MemoryStream bos = new MemoryStream(); TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, bos); TlsUtilities.WriteUint24(encrypted.Length + 2, bos); TlsUtilities.WriteUint16(encrypted.Length, bos); bos.Write(encrypted, 0, encrypted.Length); byte[] message = bos.ToArray(); rs.WriteMessage((short)RL_HANDSHAKE, message, 0, message.Length); break; case TlsCipherSuite.KE_DHE_RSA: /* * Send the Client Key Exchange message for * DHE key exchange. */ byte[] YcByte = this.Yc.ToByteArray(); MemoryStream DHbos = new MemoryStream(); TlsUtilities.WriteUint8(HP_CLIENT_KEY_EXCHANGE, DHbos); TlsUtilities.WriteUint24(YcByte.Length + 2, DHbos); TlsUtilities.WriteUint16(YcByte.Length, DHbos); DHbos.Write(YcByte, 0, YcByte.Length); byte[] DHmessage = DHbos.ToArray(); rs.WriteMessage((short)RL_HANDSHAKE, DHmessage, 0, DHmessage.Length); break; default: /* * Proble during handshake, we don't know * how to thandle this key exchange method. */ this.FailWithError(AL_fatal, AP_unexpected_message); break; } connection_state = CS_CLIENT_KEY_EXCHANGE_SEND; /* * Now, we send change cipher state */ byte[] cmessage = new byte[1]; cmessage[0] = 1; rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length); connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND; /* * Calculate the ms */ this.ms = new byte[48]; byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length]; Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length); Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length); TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms); /* * Initialize our cipher suite */ rs.writeSuite = this.choosenCipherSuite; rs.writeSuite.Init(this.ms, clientRandom, serverRandom); /* * Send our finished message. */ byte[] checksum = new byte[12]; byte[] md5andsha1 = new byte[16 + 20]; rs.hash1.DoFinal(md5andsha1, 0); TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum); MemoryStream bos2 = new MemoryStream(); TlsUtilities.WriteUint8(HP_FINISHED, bos2); TlsUtilities.WriteUint24(12, bos2); bos2.Write(checksum, 0, checksum.Length); byte[] message2 = bos2.ToArray(); rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length); this.connection_state = CS_CLIENT_FINISHED_SEND; read = true; break; default: this.FailWithError(AL_fatal, AP_handshake_failure); break; } break; case HP_SERVER_KEY_EXCHANGE: switch (connection_state) { case CS_SERVER_CERTIFICATE_RECEIVED: /* * Check that we are doing DHE key exchange */ if (this.choosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_DHE_RSA) { this.FailWithError(AL_fatal, AP_unexpected_message); } /* * Parse the Structure */ int pLength = TlsUtilities.ReadUint16(inStr); byte[] pByte = new byte[pLength]; TlsUtilities.ReadFully(pByte, inStr); int gLength = TlsUtilities.ReadUint16(inStr); byte[] gByte = new byte[gLength]; TlsUtilities.ReadFully(gByte, inStr); int YsLength = TlsUtilities.ReadUint16(inStr); byte[] YsByte = new byte[YsLength]; TlsUtilities.ReadFully(YsByte, inStr); int sigLength = TlsUtilities.ReadUint16(inStr); byte[] sigByte = new byte[sigLength]; TlsUtilities.ReadFully(sigByte, inStr); this.AssertEmpty(inStr); /* * Verify the Signature. * * First, calculate the hash. */ CombinedHash sigDigest = new CombinedHash(); MemoryStream signedData = new MemoryStream(); TlsUtilities.WriteUint16(pLength, signedData); signedData.Write(pByte, 0, pByte.Length); TlsUtilities.WriteUint16(gLength, signedData); signedData.Write(gByte, 0, gByte.Length); TlsUtilities.WriteUint16(YsLength, signedData); signedData.Write(YsByte, 0, YsByte.Length); byte[] signed = signedData.ToArray(); sigDigest.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length); sigDigest.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length); sigDigest.BlockUpdate(signed, 0, signed.Length); byte[] hash = new byte[sigDigest.GetDigestSize()]; sigDigest.DoFinal(hash, 0); /* * Now, do the RSA operation */ RsaBlindedEngine rsa = new RsaBlindedEngine(); Pkcs1Encoding encoding = new Pkcs1Encoding(rsa); encoding.Init(false, this.serverRsaKey); /* * The data which was signed */ byte[] sigHash = null; try { sigHash = encoding.ProcessBlock(sigByte, 0, sigByte.Length); } catch (InvalidCipherTextException) { this.FailWithError(AL_fatal, AP_bad_certificate); } /* * Check if the data which was signed is equal to * the hash we calculated. */ if (sigHash.Length != hash.Length) { this.FailWithError(AL_fatal, AP_bad_certificate); } for (int i = 0; i < sigHash.Length; i++) { if (sigHash[i] != hash[i]) { this.FailWithError(AL_fatal, AP_bad_certificate); } } /* * OK, Signature was correct. * * Do the DH calculation. */ BigInteger p = new BigInteger(1, pByte); BigInteger g = new BigInteger(1, gByte); BigInteger Ys = new BigInteger(1, YsByte); BigInteger x = new BigInteger(p.BitLength - 1, this.random); Yc = g.ModPow(x, p); this.pms = (Ys.ModPow(x, p)).ToByteArray(); /* * Remove leading zero byte, if present. */ if (this.pms[0] == 0) { byte[] tmp = new byte[this.pms.Length - 1]; Array.Copy(this.pms, 1, tmp, 0, tmp.Length); this.pms = tmp; } this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_HELLO_REQUEST: case HP_CLIENT_KEY_EXCHANGE: case HP_CERTIFICATE_REQUEST: case HP_CERTIFICATE_VERIFY: case HP_CLIENT_HELLO: default: // We do not support this! this.FailWithError(AL_fatal, AP_unexpected_message); break; } } } } while (read); }
private void processHandshake() { bool read; do { read = false; /* * We need the first 4 bytes, they contain type and length of * the message. */ if (handshakeQueue.Available >= 4) { byte[] beginning = new byte[4]; handshakeQueue.Read(beginning, 0, 4, 0); MemoryStream bis = new MemoryStream(beginning, false); short type = TlsUtilities.ReadUint8(bis); int len = TlsUtilities.ReadUint24(bis); /* * Check if we have enough bytes in the buffer to read * the full message. */ if (handshakeQueue.Available >= (len + 4)) { /* * Read the message. */ byte[] buf = new byte[len]; handshakeQueue.Read(buf, 0, len, 4); handshakeQueue.RemoveData(len + 4); /* * If it is not a finished message, update our hashes * we prepare for the finish message. */ if (type != HP_FINISHED) { rs.hash1.BlockUpdate(beginning, 0, 4); rs.hash2.BlockUpdate(beginning, 0, 4); rs.hash1.BlockUpdate(buf, 0, len); rs.hash2.BlockUpdate(buf, 0, len); } /* * Now, parse the message. */ MemoryStream inStr = new MemoryStream(buf, false); /* * Check the type. */ switch (type) { case HP_CERTIFICATE: { switch (connection_state) { case CS_SERVER_HELLO_RECEIVED: { /* * Parse the certificates. */ Certificate cert = Certificate.Parse(inStr); AssertEmpty(inStr); X509CertificateStructure x509Cert = cert.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception) { this.FailWithError(AL_fatal, AP_unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.IsPrivate) { this.FailWithError(AL_fatal, AP_internal_error); } /* * Perform various checks per RFC2246 7.4.2 * TODO "Unless otherwise specified, the signing algorithm for the certificate * must be the same as the algorithm for the certificate key." */ switch (this.chosenCipherSuite.KeyExchangeAlgorithm) { case TlsCipherSuite.KE_RSA: if (!(this.serverPublicKey is RsaKeyParameters)) { this.FailWithError(AL_fatal, AP_certificate_unknown); } validateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); break; case TlsCipherSuite.KE_DHE_RSA: case TlsCipherSuite.KE_SRP_RSA: if (!(this.serverPublicKey is RsaKeyParameters)) { this.FailWithError(AL_fatal, AP_certificate_unknown); } validateKeyUsage(x509Cert, KeyUsage.DigitalSignature); break; case TlsCipherSuite.KE_DHE_DSS: case TlsCipherSuite.KE_SRP_DSS: if (!(this.serverPublicKey is DsaPublicKeyParameters)) { this.FailWithError(AL_fatal, AP_certificate_unknown); } break; default: this.FailWithError(AL_fatal, AP_unsupported_certificate); break; } /* * Verify them. */ if (!this.verifyer.IsValid(cert.GetCerts())) { this.FailWithError(AL_fatal, AP_user_canceled); } break; } default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } connection_state = CS_SERVER_CERTIFICATE_RECEIVED; read = true; break; } case HP_FINISHED: switch (connection_state) { case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED: /* * Read the checksum from the finished message, * it has always 12 bytes. */ byte[] receivedChecksum = new byte[12]; TlsUtilities.ReadFully(receivedChecksum, inStr); AssertEmpty(inStr); /* * Calculate our own checksum. */ byte[] checksum = new byte[12]; byte[] md5andsha1 = new byte[16 + 20]; rs.hash2.DoFinal(md5andsha1, 0); TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("server finished"), md5andsha1, checksum); /* * Compare both checksums. */ for (int i = 0; i < receivedChecksum.Length; i++) { if (receivedChecksum[i] != checksum[i]) { /* * Wrong checksum in the finished message. */ this.FailWithError(AL_fatal, AP_handshake_failure); } } connection_state = CS_DONE; /* * We are now ready to receive application data. */ this.appDataReady = true; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_SERVER_HELLO: switch (connection_state) { case CS_CLIENT_HELLO_SEND: /* * Read the server hello message */ TlsUtilities.CheckVersion(inStr, this); /* * Read the server random */ this.serverRandom = new byte[32]; TlsUtilities.ReadFully(this.serverRandom, inStr); /* * Currently, we don't support session ids */ byte[] sessionId = TlsUtilities.ReadOpaque8(inStr); /* * Find out which ciphersuite the server has * chosen. If we don't support this ciphersuite, * the TlsCipherSuiteManager will throw an * exception. */ this.chosenCipherSuite = TlsCipherSuiteManager.GetCipherSuite( TlsUtilities.ReadUint16(inStr), this); /* * We support only the null compression which * means no compression. */ short compressionMethod = TlsUtilities.ReadUint8(inStr); if (compressionMethod != 0) { this.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter); } /* * RFC4366 2.2 * The extended server hello message format MAY be sent * in place of the server hello message when the client * has requested extended functionality via the extended * client hello message specified in Section 2.1. */ if (extendedClientHello && inStr.Position < inStr.Length) { // Process extensions from extended server hello byte[] extBytes = TlsUtilities.ReadOpaque16(inStr); // Int32 -> byte[] Hashtable serverExtensions = new Hashtable(); MemoryStream ext = new MemoryStream(extBytes, false); while (ext.Position < ext.Length) { int extType = TlsUtilities.ReadUint16(ext); byte[] extValue = TlsUtilities.ReadOpaque16(ext); serverExtensions[extType] = extValue; } // TODO Validate/process serverExtensions (via client?) // TODO[SRP] } /* * Process any extensions */ // TODO[SRP] // if (inStr.Position < inStr.Length) // { // int extensionsLength = TlsUtilities.ReadUint16(inStr); // byte[] extensions = new byte[extensionsLength]; // TlsUtilities.ReadFully(extensions, inStr); // // // TODO Validate/process // } AssertEmpty(inStr); connection_state = CS_SERVER_HELLO_RECEIVED; read = true; break; default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; case HP_SERVER_HELLO_DONE: switch (connection_state) { case CS_SERVER_CERTIFICATE_RECEIVED: case CS_SERVER_KEY_EXCHANGE_RECEIVED: case CS_CERTIFICATE_REQUEST_RECEIVED: // NB: Original code used case label fall-through if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED) { /* * There was no server key exchange message, check * that we are doing RSA key exchange. */ if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA) { this.FailWithError(AL_fatal, AP_unexpected_message); } } AssertEmpty(inStr); bool isCertReq = (connection_state == CS_CERTIFICATE_REQUEST_RECEIVED); connection_state = CS_SERVER_HELLO_DONE_RECEIVED; if (isCertReq) { sendClientCertificate(); } /* * Send the client key exchange message, depending * on the key exchange we are using in our * ciphersuite. */ switch (this.chosenCipherSuite.KeyExchangeAlgorithm) { case TlsCipherSuite.KE_RSA: { /* * We are doing RSA key exchange. We will * choose a pre master secret and send it * rsa encrypted to the server. * * Prepare pre master secret. */ pms = new byte[48]; pms[0] = 3; pms[1] = 1; random.NextBytes(pms, 2, 46); /* * Encode the pms and send it to the server. * * Prepare an Pkcs1Encoding with good random * padding. */ RsaBlindedEngine rsa = new RsaBlindedEngine(); Pkcs1Encoding encoding = new Pkcs1Encoding(rsa); encoding.Init(true, new ParametersWithRandom(this.serverPublicKey, this.random)); byte[] encrypted = null; try { encrypted = encoding.ProcessBlock(pms, 0, pms.Length); } catch (InvalidCipherTextException) { /* * This should never happen, only during decryption. */ this.FailWithError(AL_fatal, AP_internal_error); } /* * Send the encrypted pms. */ sendClientKeyExchange(encrypted); break; } case TlsCipherSuite.KE_DHE_DSS: case TlsCipherSuite.KE_DHE_RSA: { /* * Send the Client Key Exchange message for * DHE key exchange. */ byte[] YcByte = BigIntegers.AsUnsignedByteArray(this.Yc); sendClientKeyExchange(YcByte); break; } case TlsCipherSuite.KE_SRP: case TlsCipherSuite.KE_SRP_RSA: case TlsCipherSuite.KE_SRP_DSS: { /* * Send the Client Key Exchange message for * SRP key exchange. */ byte[] bytes = BigIntegers.AsUnsignedByteArray(this.SRP_A); sendClientKeyExchange(bytes); break; } default: /* * Problem during handshake, we don't know * how to handle this key exchange method. */ this.FailWithError(AL_fatal, AP_unexpected_message); break; } connection_state = CS_CLIENT_KEY_EXCHANGE_SEND; /* * Now, we send change cipher state */ byte[] cmessage = new byte[1]; cmessage[0] = 1; rs.WriteMessage((short)RL_CHANGE_CIPHER_SPEC, cmessage, 0, cmessage.Length); connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND; /* * Calculate the ms */ this.ms = new byte[48]; byte[] randBytes = new byte[clientRandom.Length + serverRandom.Length]; Array.Copy(clientRandom, 0, randBytes, 0, clientRandom.Length); Array.Copy(serverRandom, 0, randBytes, clientRandom.Length, serverRandom.Length); TlsUtilities.PRF(pms, TlsUtilities.ToByteArray("master secret"), randBytes, this.ms); /* * Initialize our cipher suite */ rs.writeSuite = this.chosenCipherSuite; rs.writeSuite.Init(this.ms, clientRandom, serverRandom); /* * Send our finished message. */ byte[] checksum = new byte[12]; byte[] md5andsha1 = new byte[16 + 20]; rs.hash1.DoFinal(md5andsha1, 0); TlsUtilities.PRF(this.ms, TlsUtilities.ToByteArray("client finished"), md5andsha1, checksum); MemoryStream bos2 = new MemoryStream(); TlsUtilities.WriteUint8(HP_FINISHED, bos2); TlsUtilities.WriteUint24(12, bos2); bos2.Write(checksum, 0, checksum.Length); byte[] message2 = bos2.ToArray(); rs.WriteMessage((short)RL_HANDSHAKE, message2, 0, message2.Length); this.connection_state = CS_CLIENT_FINISHED_SEND; read = true; break; default: this.FailWithError(AL_fatal, AP_handshake_failure); break; } break; case HP_SERVER_KEY_EXCHANGE: { switch (connection_state) { case CS_SERVER_HELLO_RECEIVED: case CS_SERVER_CERTIFICATE_RECEIVED: { // NB: Original code used case label fall-through if (connection_state == CS_SERVER_HELLO_RECEIVED) { /* * There was no server certificate message, check * that we are doing SRP key exchange. */ if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_SRP) { this.FailWithError(AL_fatal, AP_unexpected_message); } } /* * Check that we are doing DHE key exchange */ switch (this.chosenCipherSuite.KeyExchangeAlgorithm) { case TlsCipherSuite.KE_DHE_RSA: { processDHEKeyExchange(inStr, new TlsRsaSigner()); break; } case TlsCipherSuite.KE_DHE_DSS: { processDHEKeyExchange(inStr, new TlsDssSigner()); break; } case TlsCipherSuite.KE_SRP: { processSRPKeyExchange(inStr, null); break; } case TlsCipherSuite.KE_SRP_RSA: { processSRPKeyExchange(inStr, new TlsRsaSigner()); break; } case TlsCipherSuite.KE_SRP_DSS: { processSRPKeyExchange(inStr, new TlsDssSigner()); break; } default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } break; } default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED; read = true; break; } case HP_CERTIFICATE_REQUEST: switch (connection_state) { case CS_SERVER_CERTIFICATE_RECEIVED: case CS_SERVER_KEY_EXCHANGE_RECEIVED: { // NB: Original code used case label fall-through if (connection_state == CS_SERVER_CERTIFICATE_RECEIVED) { /* * There was no server key exchange message, check * that we are doing RSA key exchange. */ if (this.chosenCipherSuite.KeyExchangeAlgorithm != TlsCipherSuite.KE_RSA) { this.FailWithError(AL_fatal, AP_unexpected_message); } } byte[] types = TlsUtilities.ReadOpaque8(inStr); byte[] auths = TlsUtilities.ReadOpaque8(inStr); // TODO Validate/process AssertEmpty(inStr); break; } default: this.FailWithError(AL_fatal, AP_unexpected_message); break; } this.connection_state = CS_CERTIFICATE_REQUEST_RECEIVED; read = true; break; case HP_HELLO_REQUEST: case HP_CLIENT_KEY_EXCHANGE: case HP_CERTIFICATE_VERIFY: case HP_CLIENT_HELLO: default: // We do not support this! this.FailWithError(AL_fatal, AP_unexpected_message); break; } } } } while (read); }
/// <summary> /// Answers the message. /// </summary> /// <param name='messageStream'>Message stream.</param> /// <param name="process">The calling process or <c>null</c> if the process /// could not be obtained.</param> /// <remarks>code based on winpgnt.c from PuTTY source code</remarks> public void AnswerMessage(Stream messageStream, Process process = null) { if (messageStream.CanTimeout) { messageStream.ReadTimeout = 5000; } var messageParser = new BlobParser(messageStream); var responseBuilder = new BlobBuilder(); BlobHeader header; try { header = messageParser.ReadHeader(); if (MessageReceived != null) { var eventArgs = new MessageReceivedEventArgs(header); MessageReceived(this, eventArgs); if (eventArgs.Fail) { throw new Exception (); } } } catch (Exception) { header = new BlobHeader(); header.Message = Message.UNKNOWN; // this will cause the switch statement below to use the default case // which returns an error to the stream. } switch (header.Message) { case Message.SSH1_AGENTC_REQUEST_RSA_IDENTITIES: /* * Reply with SSH1_AGENT_RSA_IDENTITIES_ANSWER. */ try { if (header.BlobLength > 1) { // ruby net-ssh tries to send a SSH2_AGENT_REQUEST_VERSION message // which has the same id number as SSH1_AGENTC_REQUEST_RSA_IDENTITIES // with a string tacked on. We need to read the string from the // stream, but it is not used for anything. messageParser.ReadString (); } var keyList = ListKeys(SshVersion.SSH1); if (FilterKeyListCallback != null) { keyList = FilterKeyListCallback(keyList); } foreach (SshKey key in keyList) { responseBuilder.AddBytes(key.GetPublicKeyBlob()); responseBuilder.AddStringBlob(key.Comment); } responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_IDENTITIES_ANSWER, keyList.Count); // TODO may want to check that there is enough room in the message stream break; // succeeded } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH2_AGENTC_REQUEST_IDENTITIES: /* * Reply with SSH2_AGENT_IDENTITIES_ANSWER. */ try { var keyList = ListKeys(SshVersion.SSH2); if (FilterKeyListCallback != null) { keyList = FilterKeyListCallback(keyList); } foreach (SshKey key in keyList) { responseBuilder.AddBlob(key.GetPublicKeyBlob()); responseBuilder.AddStringBlob(key.Comment); } responseBuilder.InsertHeader(Message.SSH2_AGENT_IDENTITIES_ANSWER, keyList.Count); // TODO may want to check that there is enough room in the message stream break; // succeeded } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH1_AGENTC_RSA_CHALLENGE: /* * Reply with either SSH1_AGENT_RSA_RESPONSE or * SSH_AGENT_FAILURE, depending on whether we have that key * or not. */ try { //Reading publicKey information var publicKeyParams = messageParser.ReadSsh1PublicKeyData(true); //Searching for Key here var matchingKey = mKeyList.Where(key => key.Version == SshVersion.SSH1 && (key.GetPublicKeyParameters().Equals(publicKeyParams))).Single(); //Reading challenge var encryptedChallenge = messageParser.ReadSsh1BigIntBlob(); var sessionId = messageParser.ReadBytes(16); //Checking responseType field if (messageParser.ReadInt() != 1) { goto default; //responseType !=1 is not longer supported } //Answering to the challenge var engine = new Pkcs1Encoding(new RsaEngine()); engine.Init(false /* decrypt */, matchingKey.GetPrivateKeyParameters()); var decryptedChallenge = engine.ProcessBlock(encryptedChallenge, 0, encryptedChallenge.Length); using (MD5 md5 = MD5.Create()) { var md5Buffer = new byte[48]; decryptedChallenge.CopyTo(md5Buffer, 0); sessionId.CopyTo(md5Buffer, 32); responseBuilder.AddBytes(md5.ComputeHash(md5Buffer)); responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_RESPONSE); break; } } catch (InvalidOperationException) { // this is expected if there is not a matching key } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH2_AGENTC_SIGN_REQUEST: /* * Reply with either SSH2_AGENT_SIGN_RESPONSE or SSH_AGENT_FAILURE, * depending on whether we have that key or not. */ try { var keyBlob = messageParser.ReadBlob(); var reqData = messageParser.ReadBlob(); var flags = new SignRequestFlags(); try { // usually, there are no flags, so parser will throw flags = (SignRequestFlags)messageParser.ReadInt(); } catch { } var matchingKey = mKeyList.Where(key => key.Version == SshVersion.SSH2 && key.GetPublicKeyBlob().SequenceEqual(keyBlob)).First(); var confirmConstraints = matchingKey.Constraints .Where(constraint => constraint.Type == KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM); if (confirmConstraints.Count() > 0) { if (!ConfirmUserPermissionCallback.Invoke(matchingKey, process)) { goto default; } } /* create signature */ var signKey = matchingKey; var signer = signKey.GetSigner(); var algName = signKey.Algorithm.GetIdentifierString(); signer.Init(true, signKey.GetPrivateKeyParameters()); signer.BlockUpdate(reqData, 0, reqData.Length); byte[] signature = signer.GenerateSignature(); signature = signKey.FormatSignature(signature); BlobBuilder signatureBuilder = new BlobBuilder(); if (!flags.HasFlag(SignRequestFlags.SSH_AGENT_OLD_SIGNATURE)) { signatureBuilder.AddStringBlob(algName); } signatureBuilder.AddBlob(signature); responseBuilder.AddBlob(signatureBuilder.GetBlob()); responseBuilder.InsertHeader(Message.SSH2_AGENT_SIGN_RESPONSE); try { KeyUsed(this, new KeyUsedEventArgs(signKey, process)); } catch { } break; // succeeded } catch (InvalidOperationException) { // this is expected if there is not a matching key } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failure case Message.SSH1_AGENTC_ADD_RSA_IDENTITY: case Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED: /* * Add to the list and return SSH_AGENT_SUCCESS, or * SSH_AGENT_FAILURE if the key was malformed. */ if (IsLocked) { goto default; } bool ssh1constrained = (header.Message == Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED); try { var publicKeyParams = messageParser.ReadSsh1PublicKeyData(false); var keyPair = messageParser.ReadSsh1KeyData(publicKeyParams); SshKey key = new SshKey(SshVersion.SSH1, keyPair); key.Comment = messageParser.ReadString(); key.Source = "External client"; if (ssh1constrained) { while (messageStream.Position < header.BlobLength + 4) { KeyConstraint constraint = new KeyConstraint(); constraint.Type = (KeyConstraintType)messageParser.ReadByte(); if (constraint.Type == KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME) { constraint.Data = messageParser.ReadInt(); } key.AddConstraint(constraint); } } AddKey(key); responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; } catch (CallbackNullException) { // this is expected } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH2_AGENTC_ADD_IDENTITY: case Message.SSH2_AGENTC_ADD_ID_CONSTRAINED: /* * Add to the list and return SSH_AGENT_SUCCESS, or * SSH_AGENT_FAILURE if the key was malformed. */ if (IsLocked) { goto default; } bool constrained = (header.Message == Message.SSH2_AGENTC_ADD_ID_CONSTRAINED); try { var publicKeyParams = messageParser.ReadSsh2PublicKeyData(); var keyPair = messageParser.ReadSsh2KeyData(publicKeyParams); SshKey key = new SshKey(SshVersion.SSH2, keyPair); key.Comment = messageParser.ReadString(); key.Source = "External client"; if (constrained) { while (messageStream.Position < header.BlobLength + 4) { KeyConstraint constraint = new KeyConstraint(); constraint.Type = (KeyConstraintType)messageParser.ReadByte(); if (constraint.Type == KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME) { constraint.Data = messageParser.ReadInt(); } key.AddConstraint(constraint); } } AddKey(key); responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; // success! } catch (CallbackNullException) { // this is expected } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY: case Message.SSH2_AGENTC_REMOVE_IDENTITY: /* * Remove from the list and return SSH_AGENT_SUCCESS, or * perhaps SSH_AGENT_FAILURE if it wasn't in the list to * start with. */ if (IsLocked) { goto default; } SshVersion removeVersion; byte[] rKeyBlob; if (header.Message == Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY) { removeVersion = SshVersion.SSH1; rKeyBlob = messageParser.ReadBytes(header.BlobLength - 1); } else if (header.Message == Message.SSH2_AGENTC_REMOVE_IDENTITY) { removeVersion = SshVersion.SSH2; rKeyBlob = messageParser.ReadBlob(); } else { Debug.Fail("Should not get here."); goto default; } try { var matchingKey = mKeyList.Get(removeVersion, rKeyBlob); var startKeyListLength = mKeyList.Count; RemoveKey(matchingKey); // only succeed if key was removed if (mKeyList.Count == startKeyListLength - 1) { responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; //success! } } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES: case Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES: /* * Remove all SSH-1 or SSH-2 keys. */ if (IsLocked) { goto default; } SshVersion removeAllVersion; if (header.Message == Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES) { removeAllVersion = SshVersion.SSH1; } else if (header.Message == Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES) { removeAllVersion = SshVersion.SSH2; } else { Debug.Fail("Should not get here."); goto default; } try { RemoveAllKeys(removeAllVersion); responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; //success! } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; // failed case Message.SSH_AGENTC_LOCK: try { var passphrase = new PinnedArray<byte>(messageParser.ReadBlob()); try { Lock(passphrase.Data); } finally { passphrase.Clear(); } if (IsLocked) { responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; } } catch (AgentLockedException) { // This is expected } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; case Message.SSH_AGENTC_UNLOCK: try { var passphrase = new PinnedArray<byte>(messageParser.ReadBlob()); try { Unlock(passphrase.Data); } finally { passphrase.Clear(); } if (!IsLocked) { responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS); break; } } catch (AgentLockedException) { // This is expected } catch (PassphraseException) { // This is expected } catch (Exception ex) { Debug.Fail(ex.ToString()); } goto default; default: responseBuilder.Clear(); responseBuilder.InsertHeader(Message.SSH_AGENT_FAILURE); break; } /* write response to stream */ if (messageStream.CanSeek) messageStream.Position = 0; messageStream.Write(responseBuilder.GetBlob(), 0, responseBuilder.Length); messageStream.Flush(); }
/// <summary> /// Server side encryption /// </summary> public CryptoMC(Stream baseStream, EncryptionResponse resp) { this.BaseStream = baseStream; Pkcs1Encoding padding = new Pkcs1Encoding(new RsaEngine()); padding.Init(false, keyParameters); SharedKey = padding.ProcessBlock(resp.SharedKey, 0, resp.SharedKey.Length); InitCiphers(); }
//PrivateKey priv, PublicKey pub) // TODO Move this when other JCE tests are ported from Java /** * signature with a "forged signature" (sig block not at end of plain text) */ private void doTestBadSig() { // Signature sig = Signature.getInstance("SHA1WithRSAEncryption", "BC"); ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption"); // KeyPairGenerator fact; // KeyPair keyPair; // byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; // fact = KeyPairGenerator.getInstance("RSA", "BC"); RsaKeyPairGenerator fact = new RsaKeyPairGenerator(); // fact.initialize(768, new SecureRandom()); RsaKeyGenerationParameters factParams = new RsaKeyGenerationParameters( // BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25); BigInteger.ValueOf(3), new SecureRandom(), 768, 25); fact.Init(factParams); // keyPair = fact.generateKeyPair(); // // PrivateKey signingKey = keyPair.getPrivate(); // PublicKey verifyKey = keyPair.getPublic(); IAsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair(); IAsymmetricKeyParameter priv = keyPair.Private; IAsymmetricKeyParameter pub = keyPair.Public; // testBadSig(signingKey, verifyKey); // MessageDigest sha1 = MessageDigest.getInstance("SHA1", "BC"); IDigest sha1 = DigestUtilities.GetDigest("SHA1"); // Cipher signer = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC"); // IBufferedCipher signer = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding"); IAsymmetricBlockCipher signer = new Pkcs1Encoding(new RsaEngine()); // signer.init(Cipher.ENCRYPT_MODE, priv); signer.Init(true, priv); // byte[] block = new byte[signer.getBlockSize()]; // byte[] block = new byte[signer.GetBlockSize()]; byte[] block = new byte[signer.GetInputBlockSize()]; // sha1.update((byte)0); sha1.Update(0); // byte[] sigHeader = Hex.decode("3021300906052b0e03021a05000414"); byte[] sigHeader = Hex.Decode("3021300906052b0e03021a05000414"); // System.arraycopy(sigHeader, 0, block, 0, sigHeader.length); Array.Copy(sigHeader, 0, block, 0, sigHeader.Length); // sha1.digest(block, sigHeader.length, sha1.getDigestLength()); sha1.DoFinal(block, sigHeader.Length); // System.arraycopy(sigHeader, 0, block, // sigHeader.length + sha1.getDigestLength(), sigHeader.length); Array.Copy(sigHeader, 0, block, sigHeader.Length + sha1.GetDigestSize(), sigHeader.Length); // byte[] sigBytes = signer.doFinal(block); byte[] sigBytes = signer.ProcessBlock(block, 0, block.Length); // Signature verifier = Signature.getInstance("SHA1WithRSA", "BC"); ISigner verifier = SignerUtilities.GetSigner("SHA1WithRSA"); // verifier.initVerify(pub); verifier.Init(false, pub); // verifier.update((byte)0); verifier.Update(0); // if (verifier.verify(sig)) if (verifier.VerifySignature(sigBytes)) { // fail("bad signature passed"); Fail("bad signature passed"); } }
public override void PerformTest() { RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp); RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef); byte[] data = Hex.Decode(edgeInput); // // RAW // IAsymmetricBlockCipher eng = new RsaBlindedEngine(); eng.Init(true, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("RSA: failed - exception " + e.ToString(), e); } eng.Init(false, privParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!edgeInput.Equals(Hex.ToHexString(data))) { Fail("failed RAW edge Test"); } data = Hex.Decode(input); eng.Init(true, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, privParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!input.Equals(Hex.ToHexString(data))) { Fail("failed RAW Test"); } // // PKCS1 - public encrypt, private decrypt // eng = new Pkcs1Encoding(eng); eng.Init(true, pubParameters); if (eng.GetOutputBlockSize() != ((Pkcs1Encoding)eng).GetUnderlyingCipher().GetOutputBlockSize()) { Fail("PKCS1 output block size incorrect"); } try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, privParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!input.Equals(Hex.ToHexString(data))) { Fail("failed PKCS1 public/private Test"); } // // PKCS1 - private encrypt, public decrypt // eng = new Pkcs1Encoding(((Pkcs1Encoding)eng).GetUnderlyingCipher()); eng.Init(true, privParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, pubParameters); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!input.Equals(Hex.ToHexString(data))) { Fail("failed PKCS1 private/public Test"); } // // key generation test // RsaKeyPairGenerator pGen = new RsaKeyPairGenerator(); RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters( BigInteger.ValueOf(0x11), new SecureRandom(), 768, 25); pGen.Init(genParam); AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair(); eng = new RsaBlindedEngine(); if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 768) { Fail("failed key generation (768) length test"); } eng.Init(true, pair.Public); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, pair.Private); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!input.Equals(Hex.ToHexString(data))) { Fail("failed key generation (768) Test"); } genParam = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x11), new SecureRandom(), 1024, 25); pGen.Init(genParam); pair = pGen.GenerateKeyPair(); eng.Init(true, pair.Public); if (((RsaKeyParameters)pair.Public).Modulus.BitLength < 1024) { Fail("failed key generation (1024) length test"); } try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } eng.Init(false, pair.Private); try { data = eng.ProcessBlock(data, 0, data.Length); } catch (Exception e) { Fail("failed - exception " + e.ToString(), e); } if (!input.Equals(Hex.ToHexString(data))) { Fail("failed key generation (1024) test"); } doTestOaep(pubParameters, privParameters); doTestStrictPkcs1Length(pubParameters, privParameters); doTestDudPkcs1Block(pubParameters, privParameters); doTestMissingDataPkcs1Block(pubParameters, privParameters); doTestTruncatedPkcs1Block(pubParameters, privParameters); doTestWrongPaddingPkcs1Block(pubParameters, privParameters); try { new RsaBlindedEngine().ProcessBlock(new byte[]{ 1 }, 0, 1); Fail("failed initialisation check"); } catch (InvalidOperationException) { // expected } }
private static void ReadFromRawKey(string rawKey) { Reset(); var encryptedKey = Convert.FromBase64String(Regex.Replace(rawKey, "-+.*?-+", "").Replace("\r", "").Replace("\n", "")); var cipher = new Pkcs1Encoding(new RsaEngine()); cipher.Init(false, CreateCipherParameters()); var decryptedKey = cipher.ProcessBlock(encryptedKey, 0, encryptedKey.Length); var licenseInfo = Encoding.UTF8.GetString(decryptedKey).Split('\n'); Product = licenseInfo[0]; Version = licenseInfo[1]; Date = string.Format("20{0}-{1}-{2}", licenseInfo[2].Substring(0, 2), licenseInfo[2].Substring(2, 2), licenseInfo[2].Substring(4, 2)); Id = licenseInfo[3]; Licensee = licenseInfo[4]; Validate(); Properties.Settings.Default.LicenseKey = IsValid() ? rawKey : ""; }
/// <summary> /// Client side encryption /// </summary> public CryptoMC(Stream baseStream, EncryptionRequest req) { this.BaseStream = baseStream; RijndaelManaged rm = new RijndaelManaged(); rm.KeySize = 128; rm.GenerateKey(); SharedKey = rm.Key; InitCiphers(); //Encrypt shared key using public key in req AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(req.PublicKey); RsaKeyParameters key = (RsaKeyParameters)asymmetricKeyParameter; //SubjectPublicKeyInfo s = new SubjectPublicKeyInfo(AlgorithmIdentifier.Der, req.PublicKey); //RsaKeyParameters key = (RsaKeyParameters)PublicKeyFactory.CreateKey(s); Pkcs1Encoding padding = new Pkcs1Encoding(new RsaEngine()); padding.Init(true, key); SharedKeyEncrypted = padding.ProcessBlock(SharedKey, 0, SharedKey.Length); Pkcs1Encoding padding2 = new Pkcs1Encoding(new RsaEngine()); padding2.Init(true, keyParameters); TestEncrypted = padding.ProcessBlock(req.VerifyToken, 0, req.VerifyToken.Length); }
private string EncryptDESKey() { var pemReader = new PemReader(_clientKeys.AbenityPublicKeyFileStream); var key = (AsymmetricKeyParameter)pemReader.ReadObject(); var engine = new Pkcs1Encoding(new RsaEngine()); engine.Init(true, key); var data = engine.ProcessBlock(_desKey, 0, _desKey.Length); return Utility.UrlEncode(Utility.Base64String(data)) + "decode"; }