public Task Initialize(TestContext ctx, CancellationToken cancellationToken)
{
return(Task.Run(() => {
if (Parameters == null)
{
return;
}
cipher = CipherSuiteFactory.CreateCipherSuite(Parameters.Protocol, Parameters.Code);
if (Parameters.IsGCM)
{
crypto = new MyGaloisCounterCipher(Parameters, cipher);
crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
crypto.ServerWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce);
crypto.ClientWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce);
crypto.InitializeCipher();
}
else
{
crypto = new MyCbcBlockCipher(Parameters, cipher);
crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
crypto.ServerWriteMac = SecureBuffer.CreateCopy(Parameters.MAC);
crypto.ClientWriteMac = SecureBuffer.CreateCopy(Parameters.MAC);
crypto.InitializeCipher();
}
}));
}
protected virtual void HandleServerHello(TlsServerHello message)
{
Context.VerifyServerProtocol(message.ServerProtocol);
// Server random
HandshakeParameters.ServerRandom = message.ServerRandom;
// Session ID
HandshakeParameters.SessionId = message.SessionID;
HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(Context.NegotiatedProtocol);
// Cipher suite
if (!HandshakeParameters.SupportedCiphers.Contains(message.SelectedCipher))
{
// The server has sent an invalid ciphersuite
throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server");
}
var cipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, message.SelectedCipher);
#if DEBUG_FULL
if (Context.EnableDebugging)
{
cipher.EnableDebugging = true;
}
#endif
Session.PendingCrypto = cipher.Initialize(false, Context.NegotiatedProtocol);
}
protected virtual void SelectCipher(TlsClientHello message)
{
var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
CipherSuiteCollection supportedCiphers;
if (userCiphers != null)
{
supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers);
}
else
{
supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = supportedCiphers;
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
}
public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
{
Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
#if DEBUG_FULL
Cipher.EnableDebugging = EnableDebugging;
#endif
Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce));
Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ServerWriteIV = SecureBuffer.CreateCopy(implNonce);
Crypto.ClientWriteIV = SecureBuffer.CreateCopy(implNonce);
Crypto.InitializeCipher();
}
public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
{
Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
#if DEBUG_FULL
Cipher.EnableDebugging = EnableDebugging;
#endif
Crypto = Add(new MyCbcBlockCipher(this, iv));
Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac);
Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac);
Crypto.InitializeCipher();
}
protected virtual void SelectCipher(TlsClientHello message)
{
var certificate = Config.Certificate;
if (certificate == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
}
CipherSuiteCollection requestedCiphers;
if (Settings.RequestedCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
#if INSTRUMENTATION
if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
{
return(true);
}
#endif
var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
});
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
Session.PendingCrypto.ServerCertificates.Add(certificate);
}