protected override void Read (TlsBuffer incoming)
{
ClientRandom = new SecureBuffer (incoming.ReadBytes (32));
var length = (short)incoming.ReadByte ();
SessionID = new SecureBuffer (incoming.ReadBytes (length));
length = incoming.ReadInt16 ();
if ((length % 2) != 0)
throw new TlsException (AlertDescription.DecodeError);
bool seenSCSV = false;
ClientCiphers = new CipherSuiteCode [length >> 1];
for (int i = 0; i < ClientCiphers.Length; i++) {
ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 ();
if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
seenSCSV = true;
}
// Compression methods
length = incoming.ReadByte ();
incoming.Position += length;
Extensions = new TlsExtensionCollection (incoming);
if (seenSCSV)
Extensions.AddRenegotiationExtension ();
}
static SignatureInstrumentParameters Create(
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters(category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters();
signatureParameters.Add(algorithm);
switch (type)
{
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail("Unsupported signature instrument: '{0}'.", type);
break;
}
return(parameters);
}
static CipherSuite CreateCipherSuiteTls10(CipherSuiteCode code)
{
// Sanity check.
if (!IsCipherSupported(TlsProtocolCode.Tls10, code))
{
throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
switch (code)
{
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa));
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe));
default:
throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
}
public async Task TestServerTls11(TestContext ctx, CancellationToken cancellationToken,
InstrumentationConnectionProvider provider,
[CipherSuite] CipherSuiteCode cipher,
CipherInstrumentParameters parameters,
CipherInstrumentTestRunner runner)
{
await runner.Run(ctx, cancellationToken);
}
public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions)
: base (HandshakeType.ClientHello)
{
ClientProtocol = protocol;
ClientRandom = random;
SessionID = session;
ClientCiphers = ciphers;
Extensions = extensions;
}
public TlsServerHello(TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions)
: base(HandshakeType.ServerHello)
{
ServerProtocol = protocol;
ServerRandom = random;
SessionID = session;
SelectedCipher = cipher;
Extensions = extensions;
}
public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions)
: base (HandshakeType.ServerHello)
{
ServerProtocol = protocol;
ServerRandom = random;
SessionID = session;
SelectedCipher = cipher;
Extensions = extensions;
}
static CipherSuite CreateCipherSuiteTls12 (CipherSuiteCode code)
{
// Sanity check.
if (!IsCipherSupported (TlsProtocolCode.Tls12, code))
throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
switch (code) {
// Galois-Counter Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Dhe);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
// Galois-Counter with Legacy RSA Key Exchange
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Rsa);
// AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
// ECDHE Cipher Suites
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe);
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe);
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe);
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe);
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe);
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe);
default:
throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
}
public CipherSuite(
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
{
Code = code;
Name = code.ToString();
CipherAlgorithmType = cipherAlgorithmType;
HashAlgorithmType = hashAlgorithmType;
ExchangeAlgorithmType = exchangeAlgorithmType;
}
public static bool CipherMatchesFilterFlags(CipherSuiteCode code, FilterFlags flags)
{
if ((flags & FilterFlags.All) != 0)
{
return(true);
}
bool rsa = (flags & FilterFlags.Rsa) != 0;
bool dhe = (flags & FilterFlags.Dhe) != 0;
bool ecdhe = (flags & FilterFlags.EcDhe) != 0;
bool aead = (flags & FilterFlags.Aead) != 0;
bool cbc = (flags & FilterFlags.Cbc) != 0;
switch (code)
{
// Galois-Counter Cipher Suites.
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return(dhe | aead);
// Galois-Counter with Legacy RSA Key Exchange.
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return(rsa | aead);
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return(dhe | cbc);
// Legacy AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return(rsa | cbc);
// ECDHE Galois-Counter Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
return(ecdhe | aead);
// ECDHE AES Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return(ecdhe | cbc);
default:
return(false);
}
}
public static CipherSuite CreateCipherSuite (TlsProtocolCode protocol, CipherSuiteCode code)
{
if (protocol == TlsProtocolCode.Tls12)
return CreateCipherSuiteTls12 (code);
else if (protocol == TlsProtocolCode.Tls11)
return CreateCipherSuiteTls11 (code);
else if (protocol == TlsProtocolCode.Tls10)
return CreateCipherSuiteTls10 (code);
else
throw new TlsException (AlertDescription.ProtocolVersion);
}
public static MonoClientAndServerParameters SelectCipherSuite (TestContext ctx, TlsProtocolCode protocol, CipherSuiteCode code)
{
var provider = DependencyInjector.Get<ICertificateProvider> ();
var acceptAll = provider.AcceptAll ();
string name = string.Format ("select-cipher-{0}-{1}", protocol, code);
return new MonoClientAndServerParameters (name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = acceptAll
};
}
internal static CipherSuite CreateCipherSuite(TlsProtocolCode protocol, CipherSuiteCode code)
{
if (protocol == TlsProtocolCode.Tls12)
{
return(CreateCipherSuiteTls12(code));
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
}
protected bool CheckCipher(TestContext ctx, IMonoConnection connection, CipherSuiteCode cipher)
{
ctx.Assert(connection.SupportsConnectionInfo, "supports connection info");
var connectionInfo = connection.GetConnectionInfo();
if (!ctx.Expect(connectionInfo, Is.Not.Null, "connection info"))
{
return(false);
}
return(ctx.Expect(connectionInfo.CipherSuiteCode, Is.EqualTo(cipher), "expected cipher"));
}
static CipherSuite CreateCipherSuiteTls12(CipherSuiteCode code)
{
// Sanity check.
if (!IsCipherSupported(TlsProtocolCode.Tls12, code))
{
throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
switch (code)
{
// Galois-Counter Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.DiffieHellman));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman));
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman));
// Galois-Counter with Legacy RSA Key Exchange
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.RsaSign));
// AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign));
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign));
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign));
default:
throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
}
public static bool IsCipherSupported(TlsProtocolCode protocol, CipherSuiteCode code)
{
var array = GetSupportedCiphersArray(protocol);
for (int i = 0; i < array.Length; i++)
{
if (array [i] == code)
{
return(true);
}
}
return(false);
}
public async void TestInvalidCipher()
{
if (!Factory.CanSelectCiphers)
{
throw new IgnoreException("Current implementation does not let us select ciphers.");
}
var requestedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 };
var supportedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA };
await ExpectAlert(new ClientAndServerParameters {
VerifyPeerCertificate = false, ClientCiphers = requestedCipher, ServerCiphers = supportedCipher
}, AlertDescription.HandshakeFailure);
}
public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
{
Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
#if DEBUG_FULL
Cipher.EnableDebugging = EnableDebugging;
#endif
Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce));
Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ServerWriteIV = SecureBuffer.CreateCopy(implNonce);
Crypto.ClientWriteIV = SecureBuffer.CreateCopy(implNonce);
Crypto.InitializeCipher();
}
public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
{
Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
#if DEBUG_FULL
Cipher.EnableDebugging = EnableDebugging;
#endif
Crypto = Add(new MyCbcBlockCipher(this, iv));
Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac);
Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac);
Crypto.InitializeCipher();
}
public static bool ProviderSupportsCipher(ConnectionProvider provider, CipherSuiteCode cipher)
{
bool aead = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0;
bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0;
bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
switch (cipher)
{
// Galois-Counter Cipher Suites.
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return(aead);
// Galois-Counter with Legacy RSA Key Exchange.
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return(aead);
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return(tls12);
// Legacy AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return(true);
// ECDHE Galois-Counter Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
return(aead && ecdhe);
// ECDHE AES Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return(ecdhe);
default:
return(false);
}
}
public static bool FilterCipher(CipherSuiteCode cipher, string filter)
{
if (filter == null)
{
return(true);
}
FilterFlags?includeFlags = null;
FilterFlags excludeFlags = FilterFlags.None;
var parts = filter.Split(':');
foreach (var part in parts)
{
var name = part;
if (part [0] == '+' || part [0] == '-')
{
name = name.Substring(1);
}
var flag = (FilterFlags)Enum.Parse(typeof(FilterFlags), name, true);
if (part [0] == '-')
{
excludeFlags |= flag;
}
else
{
if (includeFlags == null)
{
includeFlags = FilterFlags.None;
}
includeFlags |= flag;
}
}
if (CipherMatchesFilterFlags(cipher, excludeFlags))
{
return(false);
}
if (includeFlags != null && !CipherMatchesFilterFlags(cipher, includeFlags.Value))
{
return(false);
}
return(true);
}
public async void TestAllCiphers(CipherSuiteCode code)
{
if (!Factory.CanSelectCiphers)
{
throw new IgnoreException("Current implementation does not let us select ciphers.");
}
var requestedCiphers = new CipherSuiteCode[] { code };
await Run(new ClientAndServerParameters {
VerifyPeerCertificate = false,
ClientCiphers = requestedCiphers
}, connection => {
var connectionInfo = connection.Server.GetConnectionInfo();
Assert.That(connectionInfo, Is.Not.Null, "#1");
Assert.That(connectionInfo.CipherCode, Is.EqualTo(code), "#2");
});
}
static CipherSuite CreateCipherSuiteTls11 (CipherSuiteCode code)
{
// Sanity check.
if (!IsCipherSupported (TlsProtocolCode.Tls11, code))
throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
switch (code) {
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe);
default:
throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code);
}
}
protected override void Read(TlsBuffer incoming)
{
ClientRandom = new SecureBuffer(incoming.ReadBytes(32));
var length = (short)incoming.ReadByte();
SessionID = new SecureBuffer(incoming.ReadBytes(length));
length = incoming.ReadInt16();
if ((length % 2) != 0)
{
throw new TlsException(AlertDescription.DecodeError);
}
bool seenSCSV = false;
ClientCiphers = new CipherSuiteCode [length >> 1];
for (int i = 0; i < ClientCiphers.Length; i++)
{
ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16();
if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
{
seenSCSV = true;
}
}
// Compression methods
length = incoming.ReadByte();
incoming.Position += length;
Extensions = new TlsExtensionCollection(incoming);
if (seenSCSV)
{
Extensions.AddRenegotiationExtension();
}
}
public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher)
{
return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher);
}
public static bool ProviderSupportsCipher (ConnectionProvider provider, CipherSuiteCode cipher)
{
bool aead = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0;
bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0;
bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0;
switch (cipher) {
// Galois-Counter Cipher Suites.
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return aead;
// Galois-Counter with Legacy RSA Key Exchange.
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return aead;
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return tls12;
// Legacy AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return true;
// ECDHE Galois-Counter Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
return aead && ecdhe;
// ECDHE AES Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return ecdhe;
default:
return false;
}
}
public static bool CipherMatchesFilterFlags (CipherSuiteCode code, FilterFlags flags)
{
if ((flags & FilterFlags.All) != 0)
return true;
bool rsa = (flags & FilterFlags.Rsa) != 0;
bool dhe = (flags & FilterFlags.Dhe) != 0;
bool ecdhe = (flags & FilterFlags.EcDhe) != 0;
bool aead = (flags & FilterFlags.Aead) != 0;
bool cbc = (flags & FilterFlags.Cbc) != 0;
switch (code) {
// Galois-Counter Cipher Suites.
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return dhe | aead;
// Galois-Counter with Legacy RSA Key Exchange.
case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384:
return rsa | aead;
// Diffie-Hellman Cipher Suites
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return dhe | cbc;
// Legacy AES Cipher Suites
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA:
return rsa | cbc;
// ECDHE Galois-Counter Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
return ecdhe | aead;
// ECDHE AES Ciphers.
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return ecdhe | cbc;
default:
return false;
}
}
public CipherSuite (
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
{
Code = code;
Name = code.ToString ();
CipherAlgorithmType = cipherAlgorithmType;
HashAlgorithmType = hashAlgorithmType;
ExchangeAlgorithmType = exchangeAlgorithmType;
}
public static bool IsCipherSupported (TlsProtocolCode protocol, CipherSuiteCode code)
{
var array = GetSupportedCiphersArray (protocol);
for (int i = 0; i < array.Length; i++)
if (array [i] == code)
return true;
return false;
}
public static CryptoTestParameters CreateGCM(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
{
return(new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true
});
}
public static CryptoTestParameters CreateCBC(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
{
return(new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv
});
}
public static ExchangeAlgorithmType GetExchangeAlgorithmType(TlsProtocolCode protocol, CipherSuiteCode code)
{
var cipher = CreateCipherSuite(protocol, code);
return(cipher.ExchangeAlgorithmType);
}
public static CryptoTestParameters CreateCBC (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
{
return new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv
};
}
public static CryptoTestParameters CreateGCM (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
{
return new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true
};
}
public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher)
{
return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher));
}
public TlsCipherSuite12(
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
: base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
{
}
public static bool FilterCipher (CipherSuiteCode cipher, string filter)
{
if (filter == null)
return true;
FilterFlags? includeFlags = null;
FilterFlags excludeFlags = FilterFlags.None;
var parts = filter.Split (':');
foreach (var part in parts) {
var name = part;
if (part [0] == '+' || part [0] == '-')
name = name.Substring (1);
var flag = (FilterFlags)Enum.Parse (typeof(FilterFlags), name, true);
if (part [0] == '-') {
excludeFlags |= flag;
} else {
if (includeFlags == null)
includeFlags = FilterFlags.None;
includeFlags |= flag;
}
}
if (CipherMatchesFilterFlags (cipher, excludeFlags))
return false;
if (includeFlags != null && !CipherMatchesFilterFlags (cipher, includeFlags.Value))
return false;
return true;
}
public TlsCipherSuite11 (
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
: base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
{
}
static SignatureInstrumentParameters Create (
TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type,
SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher)
{
var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher);
parameters.ClientCertificate = ResourceManager.MonkeyCertificate;
parameters.RequireClientCertificate = true;
var signatureParameters = new SignatureParameters ();
signatureParameters.Add (algorithm);
switch (type) {
case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher:
parameters.ClientSignatureParameters = signatureParameters;
parameters.ClientCiphers = new CipherSuiteCode[] { cipher };
break;
case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher:
parameters.ServerSignatureAlgorithm = algorithm;
parameters.ServerCiphers = new CipherSuiteCode[] { cipher };
break;
default:
ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type);
break;
}
return parameters;
}
public static ExchangeAlgorithmType GetExchangeAlgorithmType (TlsProtocolCode protocol, CipherSuiteCode code)
{
var cipher = CreateCipherSuite (protocol, code);
return cipher.ExchangeAlgorithmType;
}