Ejemplo n.º 1
0
		protected override void Read (TlsBuffer incoming)
		{
			ClientRandom = new SecureBuffer (incoming.ReadBytes (32));

			var length = (short)incoming.ReadByte ();
			SessionID = new SecureBuffer (incoming.ReadBytes (length));

			length = incoming.ReadInt16 ();
			if ((length % 2) != 0)
				throw new TlsException (AlertDescription.DecodeError);

			bool seenSCSV = false;
			ClientCiphers = new CipherSuiteCode [length >> 1];
			for (int i = 0; i < ClientCiphers.Length; i++) {
				ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 ();
				if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
					seenSCSV = true;
			}

			// Compression methods
			length = incoming.ReadByte ();
			incoming.Position += length;

			Extensions = new TlsExtensionCollection (incoming);

			if (seenSCSV)
				Extensions.AddRenegotiationExtension ();
		}
Ejemplo n.º 2
0
        static SignatureInstrumentParameters Create(
            TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
            SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
        {
            var parameters = CreateParameters(category, type, algorithm.Hash, algorithm.Signature, cipher);

            parameters.ClientCertificate        = ResourceManager.MonkeyCertificate;
            parameters.RequireClientCertificate = true;

            var signatureParameters = new SignatureParameters();

            signatureParameters.Add(algorithm);

            switch (type)
            {
            case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
                parameters.ClientSignatureParameters = signatureParameters;
                parameters.ClientCiphers             = new CipherSuiteCode[] { cipher };
                break;

            case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
                parameters.ServerSignatureAlgorithm = algorithm;
                parameters.ServerCiphers            = new CipherSuiteCode[] { cipher };
                break;

            default:
                ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
                break;
            }

            return(parameters);
        }
Ejemplo n.º 3
0
        static CipherSuite CreateCipherSuiteTls10(CipherSuiteCode code)
        {
            // Sanity check.
            if (!IsCipherSupported(TlsProtocolCode.Tls10, code))
            {
                throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
            }

            switch (code)
            {
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
                return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa));

            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
                return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
                return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
                return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe));

            default:
                throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
            }
        }
Ejemplo n.º 4
0
 public async Task TestServerTls11(TestContext ctx, CancellationToken cancellationToken,
                                   InstrumentationConnectionProvider provider,
                                   [CipherSuite] CipherSuiteCode cipher,
                                   CipherInstrumentParameters parameters,
                                   CipherInstrumentTestRunner runner)
 {
     await runner.Run(ctx, cancellationToken);
 }
Ejemplo n.º 5
0
		public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions)
			: base (HandshakeType.ClientHello)
		{
			ClientProtocol = protocol;
			ClientRandom = random;
			SessionID = session;
			ClientCiphers = ciphers;
			Extensions = extensions;
		}
Ejemplo n.º 6
0
 public TlsServerHello(TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions)
     : base(HandshakeType.ServerHello)
 {
     ServerProtocol = protocol;
     ServerRandom   = random;
     SessionID      = session;
     SelectedCipher = cipher;
     Extensions     = extensions;
 }
Ejemplo n.º 7
0
		public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions)
			: base (HandshakeType.ServerHello)
		{
			ServerProtocol = protocol;
			ServerRandom = random;
			SessionID = session;
			SelectedCipher = cipher;
			Extensions = extensions;
		}
Ejemplo n.º 8
0
		static CipherSuite CreateCipherSuiteTls12 (CipherSuiteCode code)
		{
			// Sanity check.
			if (!IsCipherSupported (TlsProtocolCode.Tls12, code))
				throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);

			switch (code) {
			// Galois-Counter Cipher Suites
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Dhe);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);

			// Diffie-Hellman Cipher Suites
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);

			// Galois-Counter with Legacy RSA Key Exchange
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Rsa);

			// AES Cipher Suites
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);

			// ECDHE Cipher Suites
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe);
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe);
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe);
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe);
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe);
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
				return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe);

			default:
				throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
			}
		}
Ejemplo n.º 9
0
 public CipherSuite(
     CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
     HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
 {
     Code = code;
     Name = code.ToString();
     CipherAlgorithmType   = cipherAlgorithmType;
     HashAlgorithmType     = hashAlgorithmType;
     ExchangeAlgorithmType = exchangeAlgorithmType;
 }
Ejemplo n.º 10
0
        public static bool CipherMatchesFilterFlags(CipherSuiteCode code, FilterFlags flags)
        {
            if ((flags & FilterFlags.All) != 0)
            {
                return(true);
            }

            bool rsa   = (flags & FilterFlags.Rsa) != 0;
            bool dhe   = (flags & FilterFlags.Dhe) != 0;
            bool ecdhe = (flags & FilterFlags.EcDhe) != 0;
            bool aead  = (flags & FilterFlags.Aead) != 0;
            bool cbc   = (flags & FilterFlags.Cbc) != 0;

            switch (code)
            {
            // Galois-Counter Cipher Suites.
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
                return(dhe | aead);

            // Galois-Counter with Legacy RSA Key Exchange.
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
                return(rsa | aead);

            // Diffie-Hellman Cipher Suites
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
                return(dhe | cbc);

            // Legacy AES Cipher Suites
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
                return(rsa | cbc);

            // ECDHE Galois-Counter Ciphers.
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
                return(ecdhe | aead);

            // ECDHE AES Ciphers.
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
                return(ecdhe | cbc);

            default:
                return(false);
            }
        }
Ejemplo n.º 11
0
		public static CipherSuite CreateCipherSuite (TlsProtocolCode protocol, CipherSuiteCode code)
		{
			if (protocol == TlsProtocolCode.Tls12)
				return CreateCipherSuiteTls12 (code);
			else if (protocol == TlsProtocolCode.Tls11)
				return CreateCipherSuiteTls11 (code);
			else if (protocol == TlsProtocolCode.Tls10)
				return CreateCipherSuiteTls10 (code);
			else
				throw new TlsException (AlertDescription.ProtocolVersion);
		}
		public static MonoClientAndServerParameters SelectCipherSuite (TestContext ctx, TlsProtocolCode protocol, CipherSuiteCode code)
		{
			var provider = DependencyInjector.Get<ICertificateProvider> ();
			var acceptAll = provider.AcceptAll ();

			string name = string.Format ("select-cipher-{0}-{1}", protocol, code);

			return new MonoClientAndServerParameters (name, ResourceManager.SelfSignedServerCertificate) {
				ClientCertificateValidator = acceptAll
			};
		}
Ejemplo n.º 13
0
 internal static CipherSuite CreateCipherSuite(TlsProtocolCode protocol, CipherSuiteCode code)
 {
     if (protocol == TlsProtocolCode.Tls12)
     {
         return(CreateCipherSuiteTls12(code));
     }
     else
     {
         throw new TlsException(AlertDescription.ProtocolVersion);
     }
 }
Ejemplo n.º 14
0
        protected bool CheckCipher(TestContext ctx, IMonoConnection connection, CipherSuiteCode cipher)
        {
            ctx.Assert(connection.SupportsConnectionInfo, "supports connection info");
            var connectionInfo = connection.GetConnectionInfo();

            if (!ctx.Expect(connectionInfo, Is.Not.Null, "connection info"))
            {
                return(false);
            }
            return(ctx.Expect(connectionInfo.CipherSuiteCode, Is.EqualTo(cipher), "expected cipher"));
        }
Ejemplo n.º 15
0
        static CipherSuite CreateCipherSuiteTls12(CipherSuiteCode code)
        {
            // Sanity check.
            if (!IsCipherSupported(TlsProtocolCode.Tls12, code))
            {
                throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
            }

            switch (code)
            {
            // Galois-Counter Cipher Suites
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.DiffieHellman));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));

            // Diffie-Hellman Cipher Suites
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman));

            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman));

            // Galois-Counter with Legacy RSA Key Exchange
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));

            case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.RsaSign));

            // AES Cipher Suites
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));

            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));

            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign));

            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
                return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign));

            default:
                throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
            }
        }
Ejemplo n.º 16
0
        public static bool IsCipherSupported(TlsProtocolCode protocol, CipherSuiteCode code)
        {
            var array = GetSupportedCiphersArray(protocol);

            for (int i = 0; i < array.Length; i++)
            {
                if (array [i] == code)
                {
                    return(true);
                }
            }
            return(false);
        }
Ejemplo n.º 17
0
        public async void TestInvalidCipher()
        {
            if (!Factory.CanSelectCiphers)
            {
                throw new IgnoreException("Current implementation does not let us select ciphers.");
            }

            var requestedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 };
            var supportedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };

            await ExpectAlert(new ClientAndServerParameters {
                VerifyPeerCertificate = false, ClientCiphers = requestedCipher, ServerCiphers = supportedCipher
            }, AlertDescription.HandshakeFailure);
        }
Ejemplo n.º 18
0
        public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
        {
            Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
                        #if DEBUG_FULL
            Cipher.EnableDebugging = EnableDebugging;
                        #endif
            Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce));

            Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ServerWriteIV  = SecureBuffer.CreateCopy(implNonce);
            Crypto.ClientWriteIV  = SecureBuffer.CreateCopy(implNonce);

            Crypto.InitializeCipher();
        }
Ejemplo n.º 19
0
        public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
        {
            Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
                        #if DEBUG_FULL
            Cipher.EnableDebugging = EnableDebugging;
                        #endif
            Crypto = Add(new MyCbcBlockCipher(this, iv));

            Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac);
            Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac);

            Crypto.InitializeCipher();
        }
Ejemplo n.º 20
0
        public static bool ProviderSupportsCipher(ConnectionProvider provider, CipherSuiteCode cipher)
        {
            bool aead  = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0;
            bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0;
            bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;

            switch (cipher)
            {
            // Galois-Counter Cipher Suites.
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
                return(aead);

            // Galois-Counter with Legacy RSA Key Exchange.
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
                return(aead);

            // Diffie-Hellman Cipher Suites
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
                return(tls12);

            // Legacy AES Cipher Suites
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
                return(true);

            // ECDHE Galois-Counter Ciphers.
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
                return(aead && ecdhe);

            // ECDHE AES Ciphers.
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
            case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
                return(ecdhe);

            default:
                return(false);
            }
        }
Ejemplo n.º 21
0
        public static bool FilterCipher(CipherSuiteCode cipher, string filter)
        {
            if (filter == null)
            {
                return(true);
            }

            FilterFlags?includeFlags = null;
            FilterFlags excludeFlags = FilterFlags.None;

            var parts = filter.Split(':');

            foreach (var part in parts)
            {
                var name = part;
                if (part [0] == '+' || part [0] == '-')
                {
                    name = name.Substring(1);
                }

                var flag = (FilterFlags)Enum.Parse(typeof(FilterFlags), name, true);
                if (part [0] == '-')
                {
                    excludeFlags |= flag;
                }
                else
                {
                    if (includeFlags == null)
                    {
                        includeFlags = FilterFlags.None;
                    }
                    includeFlags |= flag;
                }
            }

            if (CipherMatchesFilterFlags(cipher, excludeFlags))
            {
                return(false);
            }
            if (includeFlags != null && !CipherMatchesFilterFlags(cipher, includeFlags.Value))
            {
                return(false);
            }

            return(true);
        }
Ejemplo n.º 22
0
        public async void TestAllCiphers(CipherSuiteCode code)
        {
            if (!Factory.CanSelectCiphers)
            {
                throw new IgnoreException("Current implementation does not let us select ciphers.");
            }

            var requestedCiphers = new CipherSuiteCode[] { code };

            await Run(new ClientAndServerParameters {
                VerifyPeerCertificate = false,
                ClientCiphers         = requestedCiphers
            }, connection => {
                var connectionInfo = connection.Server.GetConnectionInfo();
                Assert.That(connectionInfo, Is.Not.Null, "#1");
                Assert.That(connectionInfo.CipherCode, Is.EqualTo(code), "#2");
            });
        }
Ejemplo n.º 23
0
		static CipherSuite CreateCipherSuiteTls11 (CipherSuiteCode code)
		{
			// Sanity check.
			if (!IsCipherSupported (TlsProtocolCode.Tls11, code))
				throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);

			switch (code) {
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
				return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
				return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
				return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
				return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
			default:
				throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
			}
		}
Ejemplo n.º 24
0
        protected override void Read(TlsBuffer incoming)
        {
            ClientRandom = new SecureBuffer(incoming.ReadBytes(32));

            var length = (short)incoming.ReadByte();

            SessionID = new SecureBuffer(incoming.ReadBytes(length));

            length = incoming.ReadInt16();
            if ((length % 2) != 0)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            bool seenSCSV = false;

            ClientCiphers = new CipherSuiteCode [length >> 1];
            for (int i = 0; i < ClientCiphers.Length; i++)
            {
                ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16();
                if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
                {
                    seenSCSV = true;
                }
            }

            // Compression methods
            length             = incoming.ReadByte();
            incoming.Position += length;

            Extensions = new TlsExtensionCollection(incoming);

            if (seenSCSV)
            {
                Extensions.AddRenegotiationExtension();
            }
        }
Ejemplo n.º 25
0
		public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher)
		{
			return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher);
		}
Ejemplo n.º 26
0
		public static bool ProviderSupportsCipher (ConnectionProvider provider, CipherSuiteCode cipher)
		{
			bool aead = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0;
			bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0;
			bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;

			switch (cipher) {
			// Galois-Counter Cipher Suites.
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
				return aead;

				// Galois-Counter with Legacy RSA Key Exchange.
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
				return aead;

				// Diffie-Hellman Cipher Suites
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
				return tls12;

				// Legacy AES Cipher Suites
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
				return true;

				// ECDHE Galois-Counter Ciphers.
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
				return aead && ecdhe;

				// ECDHE AES Ciphers.
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
				return ecdhe;

			default:
				return false;
			}
		}
Ejemplo n.º 27
0
		public static bool CipherMatchesFilterFlags (CipherSuiteCode code, FilterFlags flags)
		{
			if ((flags & FilterFlags.All) != 0)
				return true;

			bool rsa = (flags & FilterFlags.Rsa) != 0;
			bool dhe = (flags & FilterFlags.Dhe) != 0;
			bool ecdhe = (flags & FilterFlags.EcDhe) != 0;
			bool aead = (flags & FilterFlags.Aead) != 0;
			bool cbc = (flags & FilterFlags.Cbc) != 0;

			switch (code) {
			// Galois-Counter Cipher Suites.
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
				return dhe | aead;

				// Galois-Counter with Legacy RSA Key Exchange.
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
				return rsa | aead;

				// Diffie-Hellman Cipher Suites
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
				return dhe | cbc;

				// Legacy AES Cipher Suites
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
				return rsa | cbc;

				// ECDHE Galois-Counter Ciphers.
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
				return ecdhe | aead;

				// ECDHE AES Ciphers.
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
			case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
				return ecdhe | cbc;

			default:
				return false;
			}
		}
Ejemplo n.º 28
0
		public CipherSuite (
			CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, 
			HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
		{
			Code = code;
			Name = code.ToString ();
			CipherAlgorithmType = cipherAlgorithmType;
			HashAlgorithmType = hashAlgorithmType;
			ExchangeAlgorithmType = exchangeAlgorithmType;
		}
Ejemplo n.º 29
0
		public static bool IsCipherSupported (TlsProtocolCode protocol, CipherSuiteCode code)
		{
			var array = GetSupportedCiphersArray (protocol);
			for (int i = 0; i < array.Length; i++)
				if (array [i] == code)
					return true;
			return false;
		}
Ejemplo n.º 30
0
 public static CryptoTestParameters CreateGCM(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
 {
     return(new CryptoTestParameters {
         Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true
     });
 }
Ejemplo n.º 31
0
 public static CryptoTestParameters CreateCBC(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
 {
     return(new CryptoTestParameters {
         Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv
     });
 }
Ejemplo n.º 32
0
        public static ExchangeAlgorithmType GetExchangeAlgorithmType(TlsProtocolCode protocol, CipherSuiteCode code)
        {
            var cipher = CreateCipherSuite(protocol, code);

            return(cipher.ExchangeAlgorithmType);
        }
Ejemplo n.º 33
0
		public static CryptoTestParameters CreateCBC (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
		{
			return new CryptoTestParameters {
				Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv
			};
		}
Ejemplo n.º 34
0
		public static CryptoTestParameters CreateGCM (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
		{
			return new CryptoTestParameters {
				Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true
			};
		}
Ejemplo n.º 35
0
 public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher)
 {
     return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher));
 }
Ejemplo n.º 36
0
 public TlsCipherSuite12(
     CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
     HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
     : base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
 {
 }
Ejemplo n.º 37
0
		public static bool FilterCipher (CipherSuiteCode cipher, string filter)
		{
			if (filter == null)
				return true;

			FilterFlags? includeFlags = null;
			FilterFlags excludeFlags = FilterFlags.None;

			var parts = filter.Split (':');
			foreach (var part in parts) {
				var name = part;
				if (part [0] == '+' || part [0] == '-')
					name = name.Substring (1);

				var flag = (FilterFlags)Enum.Parse (typeof(FilterFlags), name, true);
				if (part [0] == '-') {
					excludeFlags |= flag;
				} else {
					if (includeFlags == null)
						includeFlags = FilterFlags.None;
					includeFlags |= flag;
				}
			}

			if (CipherMatchesFilterFlags (cipher, excludeFlags))
				return false;
			if (includeFlags != null && !CipherMatchesFilterFlags (cipher, includeFlags.Value))
				return false;

			return true;
		}
Ejemplo n.º 38
0
		public TlsCipherSuite11 (
			CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
			HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
			: base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
		{
		}
		static SignatureInstrumentParameters Create (
			TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
			SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
		{
			var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher);

			parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
			parameters.RequireClientCertificate = true;

			var signatureParameters = new SignatureParameters ();
			signatureParameters.Add (algorithm);

			switch (type) {
			case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
				parameters.ClientSignatureParameters = signatureParameters;
				parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
				break;

			case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
				parameters.ServerSignatureAlgorithm = algorithm;
				parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
				break;

			default:
				ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
				break;
			}

			return parameters;
		}
Ejemplo n.º 40
0
		public static ExchangeAlgorithmType GetExchangeAlgorithmType (TlsProtocolCode protocol, CipherSuiteCode code)
		{
			var cipher = CreateCipherSuite (protocol, code);
			return cipher.ExchangeAlgorithmType;
		}