protected virtual void Resolve()
{
HandshakeParameters.ClientRandom = Context.Session.GetSecureRandomBytes(32);
CipherSuiteCollection requestedCiphers;
if (Settings.RequestedCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Config.RequestedProtocol, Settings.RequestedCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Config.RequestedProtocol);
}
if (requestedCiphers.Protocol != Config.RequestedProtocol)
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Clone();
if (Config.EnableSecureRenegotiation && !Session.SecureRenegotiation && ((Config.RenegotiationFlags & RenegotiationFlags.SendCipherSpecCode) != 0))
{
HandshakeParameters.SupportedCiphers.AddSCSV();
}
Session.SignatureParameters = Context.SignatureProvider.GetClientSignatureParameters(Context);
}
protected virtual void SelectCipher(TlsClientHello message)
{
var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
CipherSuiteCollection supportedCiphers;
if (userCiphers != null)
{
supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers);
}
else
{
supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = supportedCiphers;
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
}
protected virtual TlsClientHello GenerateClientHello()
{
var clientUnixTime = HandshakeParameters.GetUnixTime();
HandshakeParameters.ClientRandom = Context.Session.GetSecureRandomBytes(32);
TlsBuffer.WriteInt32(HandshakeParameters.ClientRandom.Buffer, 0, clientUnixTime);
var requestedUserCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
CipherSuiteCollection requestedCiphers;
if (requestedUserCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Config.RequestedProtocol, requestedUserCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Config.RequestedProtocol);
}
if (requestedCiphers.Protocol != Config.RequestedProtocol)
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Clone();
if (Config.EnableSecureRenegotiation && !Session.SecureRenegotiation && ((Config.RenegotiationFlags & RenegotiationFlags.SendCipherSpecCode) != 0))
{
HandshakeParameters.SupportedCiphers.AddSCSV();
}
if (ServerNameExtension.IsLegalHostName(Config.TargetHost))
{
HandshakeParameters.RequestedExtensions.Add(new ServerNameExtension(Config.TargetHost));
}
if (Config.EnableSecureRenegotiation && (Session.SecureRenegotiation || ((Config.RenegotiationFlags & RenegotiationFlags.SendClientHelloExtension) != 0)))
{
HandshakeParameters.RequestedExtensions.Add(RenegotiationExtension.CreateClient(Context));
}
if (UserSettings.HasClientCertificateParameters)
{
HandshakeParameters.RequestedExtensions.Add(new SignatureAlgorithmsExtension(UserSettings.ClientCertificateParameters.SignatureAndHashAlgorithms));
}
return(new TlsClientHello(
Config.RequestedProtocol, HandshakeParameters.ClientRandom, HandshakeParameters.SessionId,
HandshakeParameters.SupportedCiphers.ToArray(), HandshakeParameters.RequestedExtensions));
}
protected virtual void SelectCipher(TlsClientHello message)
{
var certificate = Config.Certificate;
if (certificate == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
}
CipherSuiteCollection requestedCiphers;
if (Settings.RequestedCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
#if INSTRUMENTATION
if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
{
return(true);
}
#endif
var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
});
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
Session.PendingCrypto.ServerCertificates.Add(certificate);
}
