1 /* Transport Security Layer (TLS)
2 * Copyright (c) 2003-2004 Carlos Guzman Alvarez
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without restriction,
7 * including without limitation the rights to use, copy, modify, merge,
8 * publish, distribute, sublicense, and/or sell copies of the Software,
9 * and to permit persons to whom the Software is furnished to do so,
10 * subject to the following conditions:
12 * The above copyright notice and this permission notice shall be included
13 * in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22 * DEALINGS IN THE SOFTWARE.
28 using System.Security.Cryptography;
29 using System.Security.Cryptography.X509Certificates;
32 using Mono.Security.Cryptography;
34 namespace Mono.Security.Protocol.Tls
36 internal class TlsCipherSuite : CipherSuite
40 public TlsCipherSuite(
41 short code, string name, CipherAlgorithmType cipherAlgorithmType,
42 HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
43 bool exportable, bool blockMode, byte keyMaterialSize,
44 byte expandedKeyMaterialSize, short effectiveKeyBytes,
45 byte ivSize, byte blockSize)
46 :base(code, name, cipherAlgorithmType, hashAlgorithmType,
47 exchangeAlgorithmType, exportable, blockMode, keyMaterialSize,
48 expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
54 #region MAC Generation Methods
56 public override byte[] ComputeServerRecordMAC(ContentType contentType, byte[] fragment)
58 TlsStream data = new TlsStream();
61 if (this.Context is ClientContext)
63 data.Write(this.Context.ReadSequenceNumber);
67 data.Write(this.Context.WriteSequenceNumber);
70 data.Write((byte)contentType);
71 data.Write(this.Context.Protocol);
72 data.Write((short)fragment.Length);
75 result = this.ServerHMAC.ComputeHash(data.ToArray());
82 public override byte[] ComputeClientRecordMAC(ContentType contentType, byte[] fragment)
84 TlsStream data = new TlsStream();
87 if (this.Context is ClientContext)
89 data.Write(this.Context.WriteSequenceNumber);
93 data.Write(this.Context.ReadSequenceNumber);
96 data.Write((byte)contentType);
97 data.Write(this.Context.Protocol);
98 data.Write((short)fragment.Length);
101 result = this.ClientHMAC.ComputeHash(data.ToArray());
110 #region Key Generation Methods
112 public override void ComputeMasterSecret(byte[] preMasterSecret)
114 // Create master secret
115 this.Context.MasterSecret = new byte[preMasterSecret.Length];
116 this.Context.MasterSecret = this.PRF(
117 preMasterSecret, "master secret", this.Context.RandomCS, 48);
120 public override void ComputeKeys()
123 TlsStream keyBlock = new TlsStream(
125 this.Context.MasterSecret,
127 this.Context.RandomSC,
130 this.Context.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);
131 this.Context.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);
132 this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
133 this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
135 if (!this.IsExportable)
137 if (this.IvSize != 0)
139 this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
140 this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
144 this.Context.ClientWriteIV = CipherSuite.EmptyArray;
145 this.Context.ServerWriteIV = CipherSuite.EmptyArray;
150 // Generate final write keys
151 byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.KeyMaterialSize);
152 byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.KeyMaterialSize);
154 this.Context.ClientWriteKey = finalClientWriteKey;
155 this.Context.ServerWriteKey = finalServerWriteKey;
158 byte[] ivBlock = PRF(new byte[]{}, "IV block", this.Context.RandomCS, this.IvSize*2);
161 this.Context.ClientWriteIV = new byte[this.IvSize];
162 System.Array.Copy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
164 this.Context.ServerWriteIV = new byte[this.IvSize];
165 System.Array.Copy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
168 // Clear no more needed data