Home Explore Help
Sign In
c
/
mono
mirror of https://github.com/mono/mono.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: dfd1716b11
Branches Tags
mono
/
mcs
/
class
/
System.ServiceModel
/
Mono.Security.Protocol.Tls
/
TlsCipherSuite.cs

TlsCipherSuite.cs 6.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. // Transport Security Layer (TLS)
    2. 

  2. // Copyright (c) 2003-2004 Carlos Guzman Alvarez
    3. 

  3. // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
    4. 

  4. //
    5. 

  5. // Permission is hereby granted, free of charge, to any person obtaining
    6. 

  6. // a copy of this software and associated documentation files (the
    7. 

  7. // "Software"), to deal in the Software without restriction, including
    8. 

  8. // without limitation the rights to use, copy, modify, merge, publish,
    9. 

  9. // distribute, sublicense, and/or sell copies of the Software, and to
    10. 

  10. // permit persons to whom the Software is furnished to do so, subject to
    11. 

  11. // the following conditions:
    12. 

  12. // 
    13. 

  13. // The above copyright notice and this permission notice shall be
    14. 

  14. // included in all copies or substantial portions of the Software.
    15. 

  15. // 
    16. 

  16. // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
    17. 

  17. // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    18. 

  18. // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
    19. 

  19. // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
    20. 

  20. // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    21. 

  21. // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
    22. 

  22. // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    23. 

  23. //
    24. 

  24. 

  25. using System;
    26. 

  26. using System.IO;
    27. 

  27. using System.Security.Cryptography;
    28. 

  28. 

  29. namespace Mono.Security.Protocol.Tls
    30. 

  30. {
    31. 

  31. 	internal class TlsCipherSuite : CipherSuite
    32. 

  32. 	{
    33. 

  33. 		private const int MacHeaderLength = 13;
    34. 

  34. 		private byte[] header;
    35. 

  35. 

  36. 		#region Constructors
    37. 

  37. 		
    38. 

  38. 		public TlsCipherSuite(
    39. 

  39. 			short code, string name, CipherAlgorithmType cipherAlgorithmType, 
    40. 

  40. 			HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
    41. 

  41. 			bool exportable, bool blockMode, byte keyMaterialSize, 
    42. 

  42. 			byte expandedKeyMaterialSize, short effectiveKeyBytes, 
    43. 

  43. 			byte ivSize, byte blockSize) 
    44. 

  44. 			:base(code, name, cipherAlgorithmType, hashAlgorithmType, 
    45. 

  45. 			exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, 
    46. 

  46. 			expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
    47. 

  47. 		{
    48. 

  48. 		}
    49. 

  49. 

  50. 		#endregion
    51. 

  51. 

  52. 		#region MAC Generation Methods
    53. 

  53. 

  54. 		public override byte[] ComputeServerRecordMAC(ContentType contentType, byte[] fragment)
    55. 

  55. 		{
    56. 

  56. 			if (header == null)
    57. 

  57. 				header = new byte [MacHeaderLength];
    58. 

  58. 

  59. 			ulong seqnum = (Context is ClientContext) ? Context.ReadSequenceNumber : Context.WriteSequenceNumber;
    60. 

  60. 			Write (header, 0, seqnum);
    61. 

  61. 			header [8] = (byte) contentType;
    62. 

  62. 			Write (header, 9, this.Context.Protocol);
    63. 

  63. 			Write (header, 11, (short)fragment.Length);
    64. 

  64. 

  65. 			HashAlgorithm mac = this.ServerHMAC;
    66. 

  66. 			mac.TransformBlock (header, 0, header.Length, header, 0);
    67. 

  67. 			mac.TransformBlock (fragment, 0, fragment.Length, fragment, 0);
    68. 

  68. 			// hack, else the method will allocate a new buffer of the same length (negative half the optimization)
    69. 

  69. 			mac.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
    70. 

  70. 			return mac.Hash;
    71. 

  71. 		}
    72. 

  72. 

  73. 		public override byte[] ComputeClientRecordMAC(ContentType contentType, byte[] fragment)
    74. 

  74. 		{
    75. 

  75. 			if (header == null)
    76. 

  76. 				header = new byte [MacHeaderLength];
    77. 

  77. 

  78. 			ulong seqnum = (Context is ClientContext) ? Context.WriteSequenceNumber : Context.ReadSequenceNumber;
    79. 

  79. 			Write (header, 0, seqnum);
    80. 

  80. 			header [8] = (byte) contentType;
    81. 

  81. 			Write (header, 9, this.Context.Protocol);
    82. 

  82. 			Write (header, 11, (short)fragment.Length);
    83. 

  83. 

  84. 			HashAlgorithm mac = this.ClientHMAC;
    85. 

  85. 			mac.TransformBlock (header, 0, header.Length, header, 0);
    86. 

  86. 			mac.TransformBlock (fragment, 0, fragment.Length, fragment, 0);
    87. 

  87. 			// hack, else the method will allocate a new buffer of the same length (negative half the optimization)
    88. 

  88. 			mac.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
    89. 

  89. 			return mac.Hash;
    90. 

  90. 		}
    91. 

  91. 

  92. 		#endregion
    93. 

  93. 

  94. 		#region Key Generation Methods
    95. 

  95. 

  96. 		public override void ComputeMasterSecret(byte[] preMasterSecret)
    97. 

  97. 		{
    98. 

  98. 			// Create master secret
    99. 

  99. 			this.Context.MasterSecret = new byte[preMasterSecret.Length];
    100. 

  100. 			this.Context.MasterSecret = this.PRF(
    101. 

  101. 				preMasterSecret, "master secret", this.Context.RandomCS, 48);
    102. 

  102. 

  103. 			DebugHelper.WriteLine(">>>> MasterSecret", this.Context.MasterSecret);
    104. 

  104. 		}
    105. 

  105. 

  106. 		public override void ComputeKeys()
    107. 

  107. 		{
    108. 

  108. 			// Create keyblock
    109. 

  109. 			TlsStream keyBlock = new TlsStream(
    110. 

  110. 				this.PRF(
    111. 

  111. 				this.Context.MasterSecret, 
    112. 

  112. 				"key expansion",
    113. 

  113. 				this.Context.RandomSC,
    114. 

  114. 				this.KeyBlockSize));
    115. 

  115. 

  116. 			this.Context.Negotiating.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);
    117. 

  117. 			this.Context.Negotiating.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);
    118. 

  118. 			this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
    119. 

  119. 			this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
    120. 

  120. 

  121. 			if (!this.IsExportable)
    122. 

  122. 			{
    123. 

  123. 				if (this.IvSize != 0)
    124. 

  124. 				{
    125. 

  125. 					this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
    126. 

  126. 					this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
    127. 

  127. 				}
    128. 

  128. 				else
    129. 

  129. 				{
    130. 

  130. 					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
    131. 

  131. 					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
    132. 

  132. 				}
    133. 

  133. 			}
    134. 

  134. 			else
    135. 

  135. 			{
    136. 

  136. 				// Generate final write keys
    137. 

  137. 				byte[] finalClientWriteKey	= PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
    138. 

  138. 				byte[] finalServerWriteKey	= PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
    139. 

  139. 				
    140. 

  140. 				this.Context.ClientWriteKey	= finalClientWriteKey;
    141. 

  141. 				this.Context.ServerWriteKey	= finalServerWriteKey;
    142. 

  142. 

  143. 				if (this.IvSize > 0) 
    144. 

  144. 				{
    145. 

  145. 					// Generate IV block
    146. 

  146. 					byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
    147. 

  147. 

  148. 					// Generate IV keys
    149. 

  149. 					this.Context.ClientWriteIV = new byte[this.IvSize];				
    150. 

  150. 					Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
    151. 

  151. 

  152. 					this.Context.ServerWriteIV = new byte[this.IvSize];
    153. 

  153. 					Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
    154. 

  154. 				}
    155. 

  155. 				else 
    156. 

  156. 				{
    157. 

  157. 					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
    158. 

  158. 					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
    159. 

  159. 				}
    160. 

  160. 			}
    161. 

  161. 

  162. 			DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
    163. 

  163. 			DebugHelper.WriteLine(">>>> ClientWriteKey", this.Context.ClientWriteKey);
    164. 

  164. 			DebugHelper.WriteLine(">>>> ClientWriteIV", this.Context.ClientWriteIV);
    165. 

  165. 			DebugHelper.WriteLine(">>>> ClientWriteMAC", this.Context.Negotiating.ClientWriteMAC);
    166. 

  166. 			DebugHelper.WriteLine(">>>> ServerWriteKey", this.Context.ServerWriteKey);
    167. 

  167. 			DebugHelper.WriteLine(">>>> ServerWriteIV", this.Context.ServerWriteIV);
    168. 

  168. 			DebugHelper.WriteLine(">>>> ServerWriteMAC", this.Context.Negotiating.ServerWriteMAC);
    169. 

  169. 

  170. 			ClientSessionCache.SetContextInCache (this.Context);
    171. 

  171. 			// Clear no more needed data
    172. 

  172. 			keyBlock.Reset();
    173. 

  173. 		}
    174. 

  174. 

  175. 		#endregion
    176. 

  176. 	}
    177. 

  177. }
    178.