public void Register(
CipherSuite suite,
TLSCipherAlgorithm cipher,
TLSHashAlgorithm digest,
TLSSignatureAlgorithm signature,
TLSKeyExchange exchange)
{
_suites.Add(suite);
_cipherMapping.Add(suite, cipher);
_hashMapping.Add(suite, digest);
_signatureMapping.Add(suite, signature);
_keyExchangeMapping.Add(suite, exchange);
}
public static IServiceCollection RegisterCipherSuite(
this IServiceCollection serviceCollection,
CipherSuite suite,
TLSCipherAlgorithm cipher,
TLSHashAlgorithm digest,
TLSSignatureAlgorithm signature,
TLSKeyExchange exchange)
{
return(serviceCollection.Update <CipherSuitesRegistry>(prev =>
{
prev = prev ?? new CipherSuitesRegistry();
prev.Register(
suite: suite,
cipher: cipher,
digest: digest,
signature: signature,
exchange: exchange);
return prev;
}));
}
public bool IsSupported(TLSSignatureAlgorithm algorithm)
{
return(_signatureCipherParameterFactoryRegistry.IsSupported(algorithm));
}
public ICipherParameterFactory Create(TLSSignatureAlgorithm algorithm)
{
return(_signatureCipherParameterFactoryRegistry.Resolve(_serviceProvider, algorithm));
}
public static IServiceCollection RegisterSignatureCipherParameterFactory <T>(this IServiceCollection serviceCollection, TLSSignatureAlgorithm signatureAlgorithm)
where T : class, ICipherParameterFactory
{
serviceCollection.AddTransient <T>();
return(serviceCollection.Update <SignatureCipherParameterFactoryRegistry>(prev =>
{
prev = prev ?? new SignatureCipherParameterFactoryRegistry();
prev.Register(signatureAlgorithm, sp => sp.GetRequiredService <T>());
return prev;
}));
}
public static IServiceCollection RegisterSignatureAlgorithms(this IServiceCollection serviceCollection, TLSSignatureAlgorithm signatureAlgorithm, Func <ISignatureCipher> factory)
{
return(serviceCollection.Update <SignatureAlgorithmsRegistry>(prev =>
{
prev = prev ?? new SignatureAlgorithmsRegistry();
prev.Register(signatureAlgorithm, factory);
return prev;
}));
}
public static IServiceCollection RegisterSignatureAlgorithms <T>(this IServiceCollection serviceCollection, TLSSignatureAlgorithm signatureAlgorithm)
where T : class, ISignatureCipher, new()
{
return(serviceCollection.Update <SignatureAlgorithmsRegistry>(prev =>
{
prev = prev ?? new SignatureAlgorithmsRegistry();
prev.Register(signatureAlgorithm, () => new T());
return prev;
}));
}
public static void VerifyTlsSignature(this SignedStream stream, TLSHashAlgorithm hashAlgorithm, TLSSignatureAlgorithm signatureAlgorithm)
{
var reader = new EndianBinaryReader(EndianBitConverter.Big, stream.InnerStream);
var actualHashAlgo = reader.ReadByte();
SecurityAssert.Assert(actualHashAlgo == hashAlgorithm.Id);
var actualSignAlgo = reader.ReadByte();
SecurityAssert.Assert(actualSignAlgo == signatureAlgorithm.Id);
var signLength = reader.ReadUInt16();
var actualSign = reader.ReadBytes(signLength);
SecurityAssert.Assert(stream.Verify(actualSign));
}
public static void WriteTlsSignature(this SignedStream stream, TLSHashAlgorithm hashAlgorithm, TLSSignatureAlgorithm signatureAlgorithm)
{
stream.InnerStream.Write(new[]
{
hashAlgorithm.Id,
signatureAlgorithm.Id
}, 0, 2);
var signature = stream.Sign();
stream.InnerStream.Write(EndianBitConverter.Big.GetBytes((ushort)signature.Length), 0, 2);
stream.InnerStream.Write(signature, 0, signature.Length);
}
public static SignedStream CreateSignedStream(this IServiceProvider serviceProvider, Stream stream, TLSHashAlgorithm hashAlgorithm, TLSSignatureAlgorithm signatureAlgorithm)
{
var signatureRegistry = serviceProvider.GetRequiredService <SignatureAlgorithmsRegistry>();
var signatureCipherParameterFactoryProvider = serviceProvider.GetRequiredService <ISignatureCipherParameterFactoryProvider>();
var hashRegistry = serviceProvider.GetRequiredService <HashAlgorithmRegistry>();
var signature = signatureRegistry.Resolve(signatureAlgorithm);
var signatureCipherFactory = signatureCipherParameterFactoryProvider.Create(signatureAlgorithm);
var digest = hashRegistry.Resolve(hashAlgorithm);
var endConfig = serviceProvider.GetRequiredService <EndConfig>();
signature.Init(signatureCipherFactory.Create(endConfig.End, ConnectionDirection.Write));
return(new SignedStream(stream, signature, digest));
}