【转】证书之动之一 —— TCP&SSL通信实例及谋分析(下)[原创]AES加密类使用方法。

原稿链接

  很多早晚会就此到AES加密。下面是加密解密方法:

前两有各自授课了争在.net程序中以SSL实现安康通信与SSL的通信过程,并透过抓包工具具体分析了ssl的拉手过程,本文通过一个demo来模拟ssl协议,在TCP之上实现协调之平安通信。

/// <summary>
  /// AES加密字符串
  /// </summary>
  /// <param name=”encryptString”>待加密的字符串</param>
  /// <param name=”keySize”>密钥类型(密钥位数)<see
cref=”Aes.KeySize”>Aes.KeySize</see></param>
  /// <param name=”keyBytes”>对称密钥</param>
  ///
<returns>加密成功返回加密后的字符串,失败返回源串</returns>
  public static string EncryptAES(string encryptString, Aes.KeySize
keySize, Byte [] keyBytes)
  {
   byte[] inputByteArray =
System.Text.Encoding.UTF8.GetBytes(encryptString);
   byte[] outputByteArray = null;

 

   AesEncryptCore(keySize, keyBytes, inputByteArray, out
outputByteArray);

缔造证书

   return Convert.ToBase64String(outputByteArray);
  }

为了兑现安全的通信,必须动证书对传输的数进行加密,有一定量种植方式可以得到证明,一凡安装CA服务器,使用CA来发放证书,二是经过makecert.exe工具自己创办。

 

创服务器证书:

  /// <summary>
  /// AES解密字符串
  /// </summary>
  /// <param name=”decryptString”>待解密之字符串</param>
  /// <param
name=”decryptKey”>解密密钥,要求啊8位,和加密密钥相同</param>
  ///
<returns>解密成功返回解密后底字符串,失败返源串</returns>
  public static string DecryptAES(string decryptString, Aes.KeySize
keySize, Byte [] keyBytes)
  {
   byte[] inputByteArray = Convert.FromBase64String(decryptString);
   byte[] outputByteArray = null;
   

cmd>makecert.exe -r -pe -n “CN=MySslServer” -sky Exchange -ss My

   AesDecryptCore(keySize, keyBytes, inputByteArray, out
outputByteArray);
   string outString =
System.Text.Encoding.UTF8.GetString(outputByteArray);

创立客户端证书

   return outString;

cmd>makecert.exe -r -pe -n “CN=MySslClient” -sky Exchange -ss My

  }

至于makecert.exe的重多信息可以操作这里。

namespace AesLib
{
 public class Aes  // Advanced Encryption Standard
 {
  public enum KeySize { Bits128, Bits192, Bits256 };  // key size, in
bits, for construtor

 

  private int Nb;         // block size in 32-bit words.  Always 4 for
AES.  (128 bits).
  private int Nk;         // key size in 32-bit words.  4, 6, 8.  (128,
192, 256 bits).
  private int Nr;         // number of rounds. 10, 12, 14.

建立TCP连接

  private byte[] key;     // the seed key. size will be 4 * keySize
from ctor.
  private byte[,] Sbox;   // Substitution box
  private byte[,] iSbox;  // inverse Substitution box
  private byte[,] w;      // key schedule array.
  private byte[,] Rcon;   // Round constants.
  private byte[,] State;  // State matrix

行使普通的Socket类来起TCP连接即可。后续的抓手,传输数据都是以TCP之上的,在这里,定义每条信息之率先只字节是种,0x01是整数,0x02凡是session
key,0x03凡是应用层数据,0x04凡是错误信息,未下。

  public Aes(KeySize keySize, byte[] keyBytes)
  {
   SetNbNkNr(keySize);
 
   this.key = new byte[this.Nk * 4];  // 16, 24, 32 bytes
   keyBytes.CopyTo(this.key, 0);

我们理解TCP通信是stream的,消息没有界限,有或发送方发送的多少,在接收方两次等才能够接受了,或者发送方连续发送两次于数据,接收方一坏就是整经受,这虽要求应用层自己对信息的界限进行区分,常用之出3种方式,一是定位长度,所有消息长度一样,不够就填充,显然不够实用又浪费带富;二是概念消息边界,每条消息因一贯字节约流结尾如,如果传输的数刚好含有这么的字节流,就亟须开展转义;三凡是信之起始处使用固定字节来讲述本消息的长。本文也便于起见,没有开展信息边界处理,每半蹩脚发送出个区间。

   BuildSbox();
   BuildInvSbox();
   BuildRcon();
   KeyExpansion();  // expand the seed key into a key schedule and store
in w
 
  }  // Aes constructor

交换证书

  public void Cipher(byte[] input, byte[] output)  // encipher
16-bit input
  {
   // state = input
   this.State = new byte[4,Nb];  // always [4,4]
   for (int i = 0; i < (4 * Nb); ++i)
   {
    this.State[i % 4, i / 4] = input[i];
   }

以TCP连接起以后,开始开展握手过程,主要是换成证书,交换session key。

   AddRoundKey(0);
         
   for (int round = 1; round <= (Nr – 1); ++round)  // main round
loop
   {
    SubBytes();
    ShiftRows(); 
    MixColumns();
    AddRoundKey(round);
   }  // main round loop

server与client各自将团结的证件发送给对方,证书被export成.cer格式,只包含public
key。证书的图一样凡换成session key,二是发送数据时签约。

   SubBytes();
   ShiftRows();
   AddRoundKey(Nr);
           
   // output = state
   for (int i = 0; i < (4 * Nb); ++i)
   {
    output[i] = this.State[i % 4, i / 4];
   }

lovebet 1

  }  // Cipher()

1
byte[]

  public void InvCipher(byte[] input, byte[] output)  // decipher
16-bit input
  {
   // state = input
   this.State = new byte[4,Nb];  // always [4,4]
   for (int i = 0; i < (4 * Nb); ++i)
   {
    this.State[i % 4, i / 4] = input[i];
   }

certBytes

so.localCert.Export(X509ContentType.Cert);

2
byte[]

   AddRoundKey(Nr);
     
   for (int round = Nr-1; round >= 1; –round)  // main round loop
   {
    InvShiftRows();
    InvSubBytes();
    AddRoundKey(round);
    InvMixColumns();
   }  // end main round loop for InvCipher

sentBytes

AddType(certBytes, type);

3
so.workSocket.Send(sentBytes,
0,
sentBytes.Length, SocketFlags.None);

4
Console.WriteLine(“Send>>>>>>>>>>>>>>>>>>>>>”);

5
PrintCert(so.localCert);

6
。。。。。。

7
byte[]

   InvShiftRows();
   InvSubBytes();
   AddRoundKey(0);

data

RemoveType(so.buffer, read);

8

   // output = state
   for (int i = 0; i < (4 * Nb); ++i)
   {
    output[i] = this.State[i % 4, i / 4];
   }

so.remoteCert

new
X509Certificate2(data);

9
Console.WriteLine(“Recv<<<<<<<<<<<<<<<<<<<<<<“);
10

PrintCert(so.remoteCert);

lovebet 2

交换session
key

本demo使用DES对称算法来加密,必须于殡葬应用层数据之前交换算法的key,使用双方约定固定的IV。

中同样正在特别成自由的key,用对方的证件加密,调用RSA的Encrypt方法,会利用Public
key,将加密后的数额发送给对方,由于只有对方才有关系的private
key,所以呢只有对方才会解密出key,第三正就中途截获了数码也不可知破解出key。

 

 

lovebet 3

生成session
key

1

  }  // InvCipher()

RSACryptoServiceProvider rsa

(RSACryptoServiceProvider)so.remoteCert.PublicKey.Key;
2

byte[]

  private void SetNbNkNr(KeySize keySize)
  {
   this.Nb = 4;     // block size always = 4 words = 16 bytes = 128 bits
for AES

encrypedSessionKey

rsa.Encrypt(so.localSessionKey,
false);
3

byte[]

   if (keySize == KeySize.Bits128)
   {
    this.Nk = 4;   // key size = 4 words = 16 bytes = 128 bits
    this.Nr = 10;  // rounds for algorithm = 10
   }
   else if (keySize == KeySize.Bits192)
   {
    this.Nk = 6;   // 6 words = 24 bytes = 192 bits
    this.Nr = 12;
   }
   else if (keySize == KeySize.Bits256)
   {
    this.Nk = 8;   // 8 words = 32 bytes = 256 bits
    this.Nr = 14;
   }
  }  // SetNbNkNr()

sentBytes

AddType(encrypedSessionKey, type);
4

so.workSocket.Send(sentBytes,
0,
sentBytes.Length, SocketFlags.None);
5

Console.WriteLine(“Send>>>>>>>>>>>>>>>>>>>>>”);
6

PrintSessionKey(so.localSessionKey);

lovebet 4

 

lovebet 5解析session
key

1
byte[]

  private void BuildSbox()
  {
   this.Sbox = new byte[16,16] {  // populate the Sbox matrix
           /* 0     1     2     3     4     5     6     7     8    
9     a     b     c     d     e     f */
           /*0*/  {0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76},
           /*1*/  {0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0},
           /*2*/  {0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15},
           /*3*/  {0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75},
           /*4*/  {0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84},
           /*5*/  {0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf},
           /*6*/  {0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8},
           /*7*/  {0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2},
           /*8*/  {0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73},
           /*9*/  {0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb},
           /*a*/  {0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79},
           /*b*/  {0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08},
           /*c*/  {0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a},
           /*d*/  {0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e},
           /*e*/  {0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf},
           /*f*/  {0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16} };

data

RemoveType(so.buffer, read);
2

  }  // BuildSbox()

RSACryptoServiceProvider rsa

(RSACryptoServiceProvider)so.localCert.PrivateKey;
3

  private void BuildInvSbox()
  {
   this.iSbox = new byte[16,16] {  // populate the iSbox matrix
            /* 0     1     2     3     4     5     6     7     8    
9     a     b     c     d     e     f */
            /*0*/  {0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb},
            /*1*/  {0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb},
            /*2*/  {0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e},
            /*3*/  {0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25},
            /*4*/  {0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92},
            /*5*/  {0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84},
            /*6*/  {0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06},
            /*7*/  {0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b},
            /*8*/  {0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73},
            /*9*/  {0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e},
            /*a*/  {0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b},
            /*b*/  {0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4},
            /*c*/  {0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f},
            /*d*/  {0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef},
            /*e*/  {0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61},
            /*f*/  {0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d} };

so.remoteSessionKey

rsa.Decrypt(data,
false);
4

Console.WriteLine(“Recv<<<<<<<<<<<<<<<<<<<<<<“);
5

PrintSessionKey(so.remoteSessionKey);

出殡加密跟签署数据

发送数据使用DES算法加密,防止被第三正截获;同时对发送的多寡签名,让对方肯定数据尚未受篡改而承认数据是自己发送的。

数量格式:

0x03

密文长度

密文

签名长度

签名

密文用DES算法机密得到。

本着原文使用hash算法,并应用好的说明对hash进行签字,签名是以的private
key,接收方收到数量后,用DES解密出原文,对原文计算hash,然后针对收到的署名使用对方的关系之public
key还原,比较和hash是否相同。

lovebet 6

lovebet 7

lovebet 8加密数并签约

1

  }  // BuildInvSbox()

MemoryStream memoryStream

new
MemoryStream();

2

3
//
encrypt

4
 

  private void BuildRcon()
  {
   this.Rcon = new byte[11,4] { {0x00, 0x00, 0x00, 0x00}, 
           {0x01, 0x00, 0x00, 0x00},
           {0x02, 0x00, 0x00, 0x00},
           {0x04, 0x00, 0x00, 0x00},
           {0x08, 0x00, 0x00, 0x00},
           {0x10, 0x00, 0x00, 0x00},
           {0x20, 0x00, 0x00, 0x00},
           {0x40, 0x00, 0x00, 0x00},
           {0x80, 0x00, 0x00, 0x00},
           {0x1b, 0x00, 0x00, 0x00},
           {0x36, 0x00, 0x00, 0x00} };
  }  // BuildRcon()

DESCryptoServiceProvider des

new
DESCryptoServiceProvider();

5

  private void AddRoundKey(int round)
  {

ICryptoTransform cTransform

des.CreateEncryptor(so.remoteSessionKey,
new
byte[8]);

6

   for (int r = 0; r < 4; ++r)
   {
    for (int c = 0; c < 4; ++c)
    {
     this.State[r,c] = (byte) ( (int)this.State[r,c] ^
(int)w[(round*4)+c,r] );
    }
   }
  }  // AddRoundKey()

MemoryStream ms

new
MemoryStream();

7

  private void SubBytes()
  {
   for (int r = 0; r < 4; ++r)
   {
    for (int c = 0; c < 4; ++c)
    {
     this.State[r,c] = this.Sbox[ (this.State[r,c] >> 4),
(this.State[r,c] & 0x0f) ];
    }
   }
  }  // SubBytes

CryptoStream encStream

new
CryptoStream(ms, cTransform, CryptoStreamMode.Write);

8
encStream.Write(so.sentData,
0,
so.sentData.Length);

9
encStream.FlushFinalBlock();
10

11

byte[]

  private void InvSubBytes()
  {
   for (int r = 0; r < 4; ++r)
   {
    for (int c = 0; c < 4; ++c)
    {
     this.State[r,c] = this.iSbox[ (this.State[r,c] >> 4),
(this.State[r,c] & 0x0f) ];
    }
   }
  }  // InvSubBytes

temp

ms.ToArray();
12

memoryStream.Write(BitConverter.GetBytes(temp.Length),
0,

4);
13

memoryStream.Write(temp,
0,
temp.Length);
14

15

//
hash
16

 

  private void ShiftRows()
  {
   byte[,] temp = new byte[4,4];
   for (int r = 0; r < 4; ++r)  // copy State into temp[]
   {
    for (int c = 0; c < 4; ++c)
    {
     temp[r,c] = this.State[r,c];
    }
   }

MD5CryptoServiceProvider md5

new
MD5CryptoServiceProvider();
17

byte[]

   for (int r = 1; r < 4; ++r)  // shift temp into State
   {
    for (int c = 0; c < 4; ++c)
    {
     this.State[r,c] = temp[ r, (c + r) % Nb ];
    }
   }
  }  // ShiftRows()

hash

md5.ComputeHash(so.sentData);
18

19

//
sign
20

 

  private void InvShiftRows()
  {
   byte[,] temp = new byte[4,4];
   for (int r = 0; r < 4; ++r)  // copy State into temp[]
   {
    for (int c = 0; c < 4; ++c)
    {
     temp[r,c] = this.State[r,c];
    }
   }
   for (int r = 1; r < 4; ++r)  // shift temp into State
   {
    for (int c = 0; c < 4; ++c)
    {
     this.State[r, (c + r) % Nb ] = temp[r,c];
    }
   }
  }  // InvShiftRows()

RSACryptoServiceProvider rsa

(RSACryptoServiceProvider) so.localCert.PrivateKey;
21

byte[]

  private void MixColumns()
  {
   byte[,] temp = new byte[4,4];
   for (int r = 0; r < 4; ++r)  // copy State into temp[]
   {
    for (int c = 0; c < 4; ++c)
    {
     temp[r,c] = this.State[r,c];
    }
   }
       
   for (int c = 0; c < 4; ++c)
   {
    this.State[0,c] = (byte) ( (int)gfmultby02(temp[0,c]) ^
(int)gfmultby03(temp[1,c]) ^
     (int)gfmultby01(temp[2,c]) ^ (int)gfmultby01(temp[3,c]) );
    this.State[1,c] = (byte) ( (int)gfmultby01(temp[0,c]) ^
(int)gfmultby02(temp[1,c]) ^
     (int)gfmultby03(temp[2,c]) ^ (int)gfmultby01(temp[3,c]) );
    this.State[2,c] = (byte) ( (int)gfmultby01(temp[0,c]) ^
(int)gfmultby01(temp[1,c]) ^
     (int)gfmultby02(temp[2,c]) ^ (int)gfmultby03(temp[3,c]) );
    this.State[3,c] = (byte) ( (int)gfmultby03(temp[0,c]) ^
(int)gfmultby01(temp[1,c]) ^
     (int)gfmultby01(temp[2,c]) ^ (int)gfmultby02(temp[3,c]) );
   }
  }  // MixColumns

sign

rsa.SignHash(hash, CryptoConfig.MapNameToOID(“MD5”));
22

23

memoryStream.Write(BitConverter.GetBytes(sign.Length),
0,

4);
24

memoryStream.Write(sign,
0,
sign.Length);
25

26

byte[]

  private void InvMixColumns()
  {
   byte[,] temp = new byte[4,4];
   for (int r = 0; r < 4; ++r)  // copy State into temp[]
   {
    for (int c = 0; c < 4; ++c)
    {
     temp[r,c] = this.State[r,c];
    }
   }
       
   for (int c = 0; c < 4; ++c)
   {
    this.State[0,c] = (byte) ( (int)gfmultby0e(temp[0,c]) ^
(int)gfmultby0b(temp[1,c]) ^
     (int)gfmultby0d(temp[2,c]) ^ (int)gfmultby09(temp[3,c]) );
    this.State[1,c] = (byte) ( (int)gfmultby09(temp[0,c]) ^
(int)gfmultby0e(temp[1,c]) ^
     (int)gfmultby0b(temp[2,c]) ^ (int)gfmultby0d(temp[3,c]) );
    this.State[2,c] = (byte) ( (int)gfmultby0d(temp[0,c]) ^
(int)gfmultby09(temp[1,c]) ^
     (int)gfmultby0e(temp[2,c]) ^ (int)gfmultby0b(temp[3,c]) );
    this.State[3,c] = (byte) ( (int)gfmultby0b(temp[0,c]) ^
(int)gfmultby0d(temp[1,c]) ^
     (int)gfmultby09(temp[2,c]) ^ (int)gfmultby0e(temp[3,c]) );
   }
  }  // InvMixColumns

sentBytes

AddType(memoryStream.ToArray(), type);
27

so.workSocket.Send(sentBytes,
0,
sentBytes.Length, SocketFlags.None);
28

Console.WriteLine(“Send>>>>>>>>>>>>>>>>>>>>>”);
29

PrintData(so.sentData);

lovebet 9

 

lovebet 10

lovebet 11

lovebet 12

lovebet 13解密数据并证实

1
byte[]

  private static byte gfmultby01(byte b)
  {
   return b;
  }

data

RemoveType(so.buffer, read);

2

3
//
Decrypt

4
 

  private static byte gfmultby02(byte b)
  {
   if (b < 0x80)
    return (byte)(int)(b <<1);
   else
    return (byte)( (int)(b << 1) ^ (int)(0x1b) );
  }

DESCryptoServiceProvider des

new
DESCryptoServiceProvider();

5

  private static byte gfmultby03(byte b)
  {
   return (byte) ( (int)gfmultby02(b) ^ (int)b );
  }

ICryptoTransform cTransform

des.CreateDecryptor(so.localSessionKey,
new
byte[8]);

6
int

  private static byte gfmultby09(byte b)
  {
   return (byte)( (int)gfmultby02(gfmultby02(gfmultby02(b))) ^
    (int)b );
  }

len

BitConverter.ToInt32(data,
0);

7
byte[]

  private static byte gfmultby0b(byte b)
  {
   return (byte)( (int)gfmultby02(gfmultby02(gfmultby02(b))) ^
    (int)gfmultby02(b) ^
    (int)b );
  }

cipherText

new
byte[len];

8
Array.Copy(data,
4,
cipherText,
0,
len);

9

  private static byte gfmultby0d(byte b)
  {
   return (byte)( (int)gfmultby02(gfmultby02(gfmultby02(b))) ^
    (int)gfmultby02(gfmultby02(b)) ^
    (int)(b) );
  }

MemoryStream ms2

new
MemoryStream(cipherText);
10

  private static byte gfmultby0e(byte b)
  {
   return (byte)( (int)gfmultby02(gfmultby02(gfmultby02(b))) ^
    (int)gfmultby02(gfmultby02(b)) ^
    (int)gfmultby02(b) );
  }

CryptoStream decStream

new
CryptoStream(ms2, cTransform, CryptoStreamMode.Read);
11

12

  private void KeyExpansion()
  {
   this.w = new byte[Nb * (Nr+1), 4];  // 4 columns of bytes
corresponds to a word
   
   for (int row = 0; row < Nk; ++row)
   {
    this.w[row,0] = this.key[4*row];
    this.w[row,1] = this.key[4*row+1];
    this.w[row,2] = this.key[4*row+2];
    this.w[row,3] = this.key[4*row+3];
   }

Byte[] tempBuffer

new
Byte[1024];
13

   byte[] temp = new byte[4];

Byte[] outputBytes

new
byte[0];
14

int

   for (int row = Nk; row < Nb * (Nr+1); ++row)
   {
    temp[0] = this.w[row-1,0]; temp[1] = this.w[row-1,1];
    temp[2] = this.w[row-1,2]; temp[3] = this.w[row-1,3];

nRead

decStream.Read(tempBuffer,
0,
tempBuffer.Length);
15

int

    if (row % Nk == 0) 
    {
     temp = SubWord(RotWord(temp));
         
     temp[0] = (byte)( (int)temp[0] ^ (int)this.Rcon[row/Nk,0]
);
     temp[1] = (byte)( (int)temp[1] ^ (int)this.Rcon[row/Nk,1]
);
     temp[2] = (byte)( (int)temp[2] ^ (int)this.Rcon[row/Nk,2]
);
     temp[3] = (byte)( (int)temp[3] ^ (int)this.Rcon[row/Nk,3]
);
    }
    else if ( Nk > 6 && (row % Nk == 4) ) 
    {
     temp = SubWord(temp);
    }
       
    // w[row] = w[row-Nk] xor temp
    this.w[row,0] = (byte) ( (int)this.w[row-Nk,0] ^ (int)temp[0]
);
    this.w[row,1] = (byte) ( (int)this.w[row-Nk,1] ^ (int)temp[1]
);
    this.w[row,2] = (byte) ( (int)this.w[row-Nk,2] ^ (int)temp[2]
);
    this.w[row,3] = (byte) ( (int)this.w[row-Nk,3] ^ (int)temp[3]
);
      
   }  // for loop
  }  // KeyExpansion()

nLength

0;
16

while
(0

!=
nRead)
17

{
18

  private byte[] SubWord(byte[] word)
  {
   byte[] result = new byte[4];
   result[0] = this.Sbox[ word[0] >> 4, word[0] & 0x0f
];
   result[1] = this.Sbox[ word[1] >> 4, word[1] & 0x0f
];
   result[2] = this.Sbox[ word[2] >> 4, word[2] & 0x0f
];
   result[3] = this.Sbox[ word[3] >> 4, word[3] & 0x0f
];
   return result;
  }

nLength

outputBytes.Length;
19

Array.Resize(ref

outputBytes, nLength

  • nRead);
    20

Array.Copy(tempBuffer,
0,
outputBytes, nLength, nRead);
21

  private byte[] RotWord(byte[] word)
  {
   byte[] result = new byte[4];
   result[0] = word[1];
   result[1] = word[2];
   result[2] = word[3];
   result[3] = word[0];
   return result;
  }

nRead

decStream.Read(tempBuffer,
0,
tempBuffer.Length);
22

}
23

  public  void Dump()
  {
   Console.WriteLine(“Nb = ” + Nb + ” Nk = ” + Nk + ” Nr = ” + Nr);
   Console.WriteLine(“\nThe key is \n” + DumpKey() );
   Console.WriteLine(“\nThe Sbox is \n” + DumpTwoByTwo(Sbox));
   Console.WriteLine(“\nThe w array is \n” + DumpTwoByTwo(w));
   Console.WriteLine(“\nThe State array is \n” +
DumpTwoByTwo(State));
  }

so.recvData

outputBytes;
24

Console.WriteLine(“Recv<<<<<<<<<<<<<<<<<<<<<<“);
25

PrintData(so.recvData);
26

27

//
hash
28

 

  public string DumpKey()
  {
   string s = “”;
   for (int i = 0; i < key.Length; ++i)
    s += key[i].ToString(“x2″) + ” “;
   return s;
  }

MD5CryptoServiceProvider md5

new
MD5CryptoServiceProvider();
29

byte[]

  public string DumpTwoByTwo(byte[,] a)
  {
   string s =””;
   for (int r = 0; r < a.GetLength(0); ++r)
   {
    s += “[“+r+”]” + ” “;
    for (int c = 0; c < a.GetLength(1); ++c)
    {
     s += a[r,c].ToString(“x2″) + ” ” ;
    }
    s += “\n”;
   }
   return s;
  }

hash

md5.ComputeHash(so.recvData);
30

31

//
verify
32

 
int

 }  // class Aes

signlen

BitConverter.ToInt32(data, len

  • 4);
    33

byte[]

sign

new
byte[signlen];
34

Array.Copy(data,
4+len+4,sign,

0,
signlen);
35

RSACryptoServiceProvider rsa

(RSACryptoServiceProvider)so.remoteCert.PublicKey.Key;
36

try
37

{
38

bool

verify

rsa.VerifyHash(hash, CryptoConfig.MapNameToOID(“MD5”),
sign);
39

if
(verify)
40

{
41

Console.WriteLine(“verify
correct!”);
42

}
43

else
44

{
45

Console.WriteLine(“verify
error!”);
46

}
47

}
48

catch
49

{
50

Console.WriteLine(“verify
error!”);
51

return
PackageType.Error;
52

}

lovebet 14

 

lovebet 15

运转结果

lovebet 16

lovebet 17

1
C:\D\BACKUP\Projects\TestProject\MySSLServer\bin\Debug>MySSLServer.exe

2
Recv<<<<<<<<<<<<<<<<<<<<<<

3
 ============================================

4
cert

5
 ============================================

6
Subject: CN=MySslClient

7
Issuer: CN=MySslClient

8
Version:
3

9
Valid Date:
7/7/2010

11:25:28

AM
10

Expiry Date:
1/1/2040

7:59:59

AM
11

Thumbprint: D9AE7CF97A254FCA05EB7B704DDC90878FC56B0C
12

Serial Number: 2500552056343D874C0B714A71CB047B
13

Friendly Name: RSA
14

Public Key Format:
30
81
89
02
81
81
00
9f 6f
17
84
0f
03
a0 8c b7
86
45
49
ba 0c c5 ab
37
c9
30
24
32
b5 dc
90
31
e4 d6
15

ea
83
45
1f c8 2d dd 2f
81
3e da
09
44
7f 2a cf bb
18
9a
92
28
d3
79
f0
33
b8
04
f2 1a 1d f8 e0 b6 f9 cc da
36
16
2b e3
16

8b 8d
82
5f 9c
88
6a
79
54
53
4f
08
10
dc b9
53
f1 c8 d4 bd 3d c4
94
71
1d db a2
76
65
8c
37
a3 cd
88
0d a0
72
0e
93
3a
17

64
62
dc
90
cf
19
3f f7
58
59
d6 bd 4e 3f a4
15
30
5b
36
75
2f
02
03
01
00
01
18

Send>>>>>>>>>>>>>>>>>>>>>
19

 ============================================
20

cert
21

 ============================================
22

Subject: CN=MySslServer
23

Issuer: CN=MySslServer
24

Version:
3
25

Valid Date:
7/7/2010

11:25:32

AM
26

Expiry Date:
1/1/2040

7:59:59

AM
27

Thumbprint: 5B1CEC828E92A64950284E557477FDD7E2C05300
28

Serial Number: 907E95210C949144FD68342B32FD07
29

Friendly Name: RSA
30

Public Key Format:
30
81
89
02
81
81
00
a4
97
38
0d dd c7 fa 6b b3 e6
23
17
df cd bf
06
c7
40
e1 5e 9a
04
81
02
62
00
b5
31

52
82
c9 6d b0 fc
16
ce e8
72
be ae
31
80
85
44
75
6c 1d 6a 2c
33
55
ee
04
6a fd f8 f4 ff 3a e0
22
28
a7 4f f8 c4 ba
96
32

c7 e6 f0
27
aa
43
09
11
ce eb cb 5e fe
63
84
ef e0
74
11
99
91
5d a0
39
5b
54
e6
74
8d db c8 ce d2 bd
08
53
63
19
3d d6
33

4c
37
99
b1
28
6a
07
2b 0c
70
49
fa df 9e ed 8b 2d e0 ed bf
03
02
03
01
00
01
34

Send>>>>>>>>>>>>>>>>>>>>>
35

 ============================================
36

session key
37

 ============================================
38

Session Key:
44
97
AC
07
5E
41
27
0B[8]
39

Recv<<<<<<<<<<<<<<<<<<<<<<
40

 ============================================
41

session key
42

 ============================================
43

Session Key: BD
28
62
18
04
90
C9
57[8]
44

Recv<<<<<<<<<<<<<<<<<<<<<<
45

 ============================================
46

data
47

 ============================================
48

It’s
just a text.
49

 verify
correct!
50

Send>>>>>>>>>>>>>>>>>>>>>
51

 ============================================
52

data
53

 ============================================
54

Response to client.

lovebet 18

 

lovebet 19

lovebet 20

1
C:\D\BACKUP\Projects\TestProject\MySSLClient\bin\Debug>MySSLClient.exe

10.175.13.77

2
Send>>>>>>>>>>>>>>>>>>>>>

3
 ============================================

4
cert

5
 ============================================

6
Subject: CN=MySslClient

7
Issuer: CN=MySslClient

8
Version:
3

9
Valid Date:
7/7/2010

11:25:28

AM
10

Expiry Date:
1/1/2040

7:59:59

AM
11

Thumbprint: D9AE7CF97A254FCA05EB7B704DDC90878FC56B0C
12

Serial Number: 2500552056343D874C0B714A71CB047B
13

Friendly Name: RSA
14

Public Key Format:
30
81
89
02
81
81
00
9f 6f
17
84
0f
03
a0 8c b7
86
45
49
ba 0c c5 ab
37
c9
30
24
32
b5 dc
90
31
e4 d6
15

ea
83
45
1f c8 2d dd 2f
81
3e da
09
44
7f 2a cf bb
18
9a
92
28
d3
79
f0
33
b8
04
f2 1a 1d f8 e0 b6 f9 cc da
36
16
2b e3
16

8b 8d
82
5f 9c
88
6a
79
54
53
4f
08
10
dc b9
53
f1 c8 d4 bd 3d c4
94
71
1d db a2
76
65
8c
37
a3 cd
88
0d a0
72
0e
93
3a
17

64
62
dc
90
cf
19
3f f7
58
59
d6 bd 4e 3f a4
15
30
5b
36
75
2f
02
03
01
00
01
18

Recv<<<<<<<<<<<<<<<<<<<<<<
19

 ============================================
20

cert
21

 ============================================
22

Subject: CN=MySslServer
23

Issuer: CN=MySslServer
24

Version:
3
25

Valid Date:
7/7/2010

11:25:32

AM
26

Expiry Date:
1/1/2040

7:59:59

AM
27

Thumbprint: 5B1CEC828E92A64950284E557477FDD7E2C05300
28

Serial Number: 907E95210C949144FD68342B32FD07
29

Friendly Name: RSA
30

Public Key Format:
30
81
89
02
81
81
00
a4
97
38
0d dd c7 fa 6b b3 e6
23
17
df cd bf
06
c7
40
e1 5e 9a
04
81
02
62
00
b5
31

52
82
c9 6d b0 fc
16
ce e8
72
be ae
31
80
85
44
75
6c 1d 6a 2c
33
55
ee
04
6a fd f8 f4 ff 3a e0
22
28
a7 4f f8 c4 ba
96
32

c7 e6 f0
27
aa
43
09
11
ce eb cb 5e fe
63
84
ef e0
74
11
99
91
5d a0
39
5b
54
e6
74
8d db c8 ce d2 bd
08
53
63
19
3d d6
33

4c
37
99
b1
28
6a
07
2b 0c
70
49
fa df 9e ed 8b 2d e0 ed bf
03
02
03
01
00
01
34

Send>>>>>>>>>>>>>>>>>>>>>
35

 ============================================
36

session key
37

 ============================================
38

Session Key: BD
28
62
18
04
90
C9
57[8]
39

Recv<<<<<<<<<<<<<<<<<<<<<<
40

 ============================================
41

session key
42

 ============================================
43

Session Key:
44
97
AC
07
5E
41
27
0B[8]
44

Send>>>>>>>>>>>>>>>>>>>>>
45

 ============================================
46

data
47

 ============================================
48

It’s
just a text.
49

 Recv<<<<<<<<<<<<<<<<<<<<<<
50

 ============================================
51

data
52

 ============================================
53

Response to client.
54

verify correct!

lovebet 21

相关文章