public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed) {
			for(int i = 0; i < algos.Length; i++) {
				if (algos[i] == 0)
					return SslAlgorithms.NULL_COMPRESSION;
			}
			throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods.");
		}
Ejemplo n.º 2
0
        private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData)
        {
            CertVerifyEventHandler  serverCertificateCheckHandler   = null;
            CertRequestEventHandler clientCertificateRequestHandler = null;
            CredentialVerification  credentialVerification          = CredentialVerification.Auto;
            SecureProtocol          protocol = SecureProtocol.None;
            SslAlgorithms           sslAlgs  = SslAlgorithms.ALL;


            if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
                ((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
            {
                protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
                sslAlgs  = SslAlgorithms.SECURE_CIPHERS;

                credentialVerification          = CredentialVerification.Manual;
                serverCertificateCheckHandler   = new CertVerifyEventHandler(this.CheckServerCertAtClient);
                clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
            }

            SecurityOptions result =
                new SecurityOptions(protocol,
                                    null, ConnectionEnd.Client,
                                    credentialVerification, serverCertificateCheckHandler,
                                    null, SecurityFlags.Default, sslAlgs,
                                    clientCertificateRequestHandler);

            return(result);
        }
		public static byte GetAlgorithmByte(SslAlgorithms algorithm) {
			switch(algorithm) {
				case SslAlgorithms.NULL_COMPRESSION:
					return 0;
				default:
					return 0; // perhaps throw error?
			}
		}
Ejemplo n.º 4
0
 public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme)
 {
     for (int i = 0; i < Definitions.Length; i++)
     {
         if (Definitions[i].Scheme == scheme)
         {
             return(Definitions[i]);
         }
     }
     throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
 }
Ejemplo n.º 5
0
 public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed)
 {
     for (int i = 0; i < algos.Length; i++)
     {
         if (algos[i] == 0)
         {
             return(SslAlgorithms.NULL_COMPRESSION);
         }
     }
     throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods.");
 }
Ejemplo n.º 6
0
        public static byte GetAlgorithmByte(SslAlgorithms algorithm)
        {
            switch (algorithm)
            {
            case SslAlgorithms.NULL_COMPRESSION:
                return(0);

            default:
                return(0);                        // perhaps throw error?
            }
        }
Ejemplo n.º 7
0
		/// <summary>
		/// Initializes a new instance of the SecurityOptions class.
		/// </summary>
		/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
		/// <param name="cert">A <see cref="Certificate"/> instance.</param>
		/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
		/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
		/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
		/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
		/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
		/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
		/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
		public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) {
			this.Protocol = protocol;
			this.Certificate = cert;
			this.Entity = entity;
			this.VerificationType = verifyType;
			this.Verifier = verifier;
			this.CommonName = commonName;
			this.Flags = flags;
			this.AllowedAlgorithms = allowed;
			this.RequestHandler = requestHandler;
		}
Ejemplo n.º 8
0
 public CipherDefinition(SslAlgorithms scheme, Type bulk, int keysize, int ivsize, int expsize, Type hash, HashType hashType, int hashsize, bool exportable)
 {
     this.Scheme = scheme;
     this.BulkCipherAlgorithm = bulk;
     this.BulkKeySize         = keysize;
     this.BulkIVSize          = ivsize;
     this.BulkExpandedSize    = expsize;
     this.HashAlgorithm       = hash;
     this.HashAlgorithmType   = hashType;
     this.HashSize            = hashsize;
     this.Exportable          = exportable;
 }
Ejemplo n.º 9
0
        public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed)
        {
            int alwd = (int)allowed;

            for (int i = 0; i < algorithms.Length; i += 2)
            {
                SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i);
                if (((int)alg & alwd) != 0)
                {
                    return(alg);
                }
            }
            throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes.");
        }
Ejemplo n.º 10
0
        internal SslConnectionListener(SecurityAssociationOptions requiredOptions,
                                       SecurityAssociationOptions supportedOptions,
                                       IServerSideAuthentication serverAuth,
                                       omg.org.IOP.Codec codec)
        {
            m_codec = codec;

            if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) &&
                (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
                 ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)))
            {
                throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client");
            }

            SecureProtocol protocol       = SecureProtocol.None;
            SslAlgorithms  allowedCiphers = SslAlgorithms.ALL;

            if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
                ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
            {
                protocol       = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
                allowedCiphers = SslAlgorithms.SECURE_CIPHERS;
                m_isSecured    = true;
            }

            CredentialVerification clientVerification = CredentialVerification.None;
            CertVerifyEventHandler verifyClient       = null;
            SecurityFlags          authFlags          = SecurityFlags.Default;

            if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) ||
                ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
            {
                clientVerification = CredentialVerification.Manual;
                verifyClient       = new CertVerifyEventHandler(this.CheckClientCertAtServer);
            }
            if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)
            {
                authFlags = SecurityFlags.MutualAuthentication;
            }

            m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server,
                                            clientVerification, verifyClient,
                                            null, authFlags, allowedCiphers, null);
            m_serverAuth       = serverAuth;
            m_supportedOptions = supportedOptions;
            m_requiredOptions  = requiredOptions;
        }
Ejemplo n.º 11
0
        public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm)
        {
            MemoryStream ms = new MemoryStream();
            // write them to the memory stream in order of preference
            int algo = (int)algorithm;

            if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 53 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 47 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 5 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0)
            {
                ms.Write(new byte[] { 0, 4 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 10 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 9 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0)
            {
                ms.Write(new byte[] { 0, 3 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0)
            {
                ms.Write(new byte[] { 0, 6 }, 0, 2);
            }
            if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0)
            {
                ms.Write(new byte[] { 0, 8 }, 0, 2);
            }
            return(ms.ToArray());
        }
Ejemplo n.º 12
0
 public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
                        ConnectionEnd entity, IEnumerable <string> knownProtocols,
                        CredentialVerification verifyType, CertVerifyEventHandler verifier,
                        string commonName, SecurityFlags flags, SslAlgorithms allowed,
                        CertRequestEventHandler requestHandler)
 {
     this.Protocol          = protocol;
     this.Certificate       = cert;
     this.Entity            = entity;
     this.VerificationType  = verifyType;
     this.Verifier          = verifier;
     this.CommonName        = commonName;
     this.Flags             = flags;
     this.AllowedAlgorithms = allowed;
     this.RequestHandler    = requestHandler;
     this.KnownProtocols    = knownProtocols;
     this.Extensions        = extensions;
     this.ExtensionList     = FormExtsList(extensions);
 }
Ejemplo n.º 13
0
		public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm) {
			MemoryStream ms = new MemoryStream();
			// write them to the memory stream in order of preference
			int algo = (int)algorithm;
			if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0)
				ms.Write(new byte[]{0,53}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0)
				ms.Write(new byte[]{0,47}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0)
				ms.Write(new byte[]{0,5}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0)
				ms.Write(new byte[]{0,4}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0)
				ms.Write(new byte[]{0,10}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0)
				ms.Write(new byte[]{0,9}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0)
				ms.Write(new byte[]{0,3}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0)
				ms.Write(new byte[]{0,6}, 0, 2);
			if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0)
				ms.Write(new byte[]{0,8}, 0, 2);
			return ms.ToArray();
		}
Ejemplo n.º 14
0
		public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed) {
			int alwd = (int)allowed;
			for(int i = 0; i < algorithms.Length; i+=2) {
				SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i);
				if (((int)alg & alwd) != 0)
					return alg;
			}
			throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes.");
		}
Ejemplo n.º 15
0
		public CipherDefinition(SslAlgorithms scheme, Type bulk, int keysize, int ivsize, int expsize, Type hash, HashType hashType, int hashsize, bool exportable) {
			this.Scheme = scheme;
			this.BulkCipherAlgorithm = bulk;
			this.BulkKeySize = keysize;
			this.BulkIVSize = ivsize;
			this.BulkExpandedSize = expsize;
			this.HashAlgorithm = hash;
			this.HashAlgorithmType = hashType;
			this.HashSize = hashsize;
			this.Exportable = exportable;
		}
Ejemplo n.º 16
0
		public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme) {
			for(int i = 0; i < Definitions.Length; i++) {
				if (Definitions[i].Scheme == scheme) {
					return Definitions[i];
				}
			}
			throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
		}
Ejemplo n.º 17
0
		public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity) {
			for(int i = 0; i < Definitions.Length; i++) {
				if (Definitions[i].Scheme == scheme) {
					if (protocol == SecureProtocol.Tls1) {
						return Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity);
					} else if (protocol == SecureProtocol.Ssl3) {
						return Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity); 
					}
				}
			}
			throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
		}
Ejemplo n.º 18
0
 public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity)
 {
     for (int i = 0; i < Definitions.Length; i++)
     {
         if (Definitions[i].Scheme == scheme)
         {
             if (protocol == SecureProtocol.Tls1)
             {
                 return(Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
             }
             else if (protocol == SecureProtocol.Ssl3)
             {
                 return(Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
             }
         }
     }
     throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
 }
Ejemplo n.º 19
0
 public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm)
 {
     return(new byte[] { 0 });
 }
Ejemplo n.º 20
0
 public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
                        ConnectionEnd entity, IEnumerable<string> knownProtocols,
                        CredentialVerification verifyType, CertVerifyEventHandler verifier,
                        string commonName, SecurityFlags flags, SslAlgorithms allowed,
                        CertRequestEventHandler requestHandler)
 {
     this.Protocol = protocol;
     this.Certificate = cert;
     this.Entity = entity;
     this.VerificationType = verifyType;
     this.Verifier = verifier;
     this.CommonName = commonName;
     this.Flags = flags;
     this.AllowedAlgorithms = allowed;
     this.RequestHandler = requestHandler;
     this.KnownProtocols = knownProtocols;
     this.Extensions = extensions;
     this.ExtensionList = FormExtsList(extensions);
 }
Ejemplo n.º 21
0
 /// <summary>
 /// Initializes a new instance of the SecurityOptions class.
 /// </summary>
 /// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
 /// <param name="cert">A <see cref="Certificate"/> instance.</param>
 /// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
 /// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
 /// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
 /// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
 /// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
 /// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
 /// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
 public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler)
 {
     this.Protocol          = protocol;
     this.Certificate       = cert;
     this.Entity            = entity;
     this.VerificationType  = verifyType;
     this.Verifier          = verifier;
     this.CommonName        = commonName;
     this.Flags             = flags;
     this.AllowedAlgorithms = allowed;
     this.RequestHandler    = requestHandler;
 }
		public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm) {
			return new byte[]{0};
		}