public DiffieHellmanKeyExchange (TlsContext ctx) { this.protocol = ctx.NegotiatedProtocol; switch (protocol) { case TlsProtocolCode.Tls12: Signature = new SignatureTls12 (ctx.Session.ServerSignatureAlgorithm); break; case TlsProtocolCode.Tls10: Signature = new SignatureTls10 (); break; case TlsProtocolCode.Tls11: Signature = new SignatureTls11 (); break; default: throw new NotSupportedException (); } dh = new DiffieHellmanManaged (); Y = dh.CreateKeyExchange (); var dhparams = dh.ExportParameters (true); P = dhparams.P; G = dhparams.G; using (var buffer = CreateParameterBuffer (ctx.HandshakeParameters)) Signature.Create (buffer, ctx.Configuration.PrivateKey); }
public GaloisCounterCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base (isServer, protocol, cipher) { ImplicitNonceSize = 4; ExplicitNonceSize = 8; MacSize = 16; }
public TlsCertificateRequest (TlsProtocolCode protocol, TlsBuffer incoming) : base (HandshakeType.CertificateRequest) { Protocol = protocol; Parameters = new ClientCertificateParameters (); Read (incoming); }
public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions) : base (HandshakeType.ServerHello) { ServerProtocol = protocol; ServerRandom = random; SessionID = session; SelectedCipher = cipher; Extensions = extensions; }
public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions) : base (HandshakeType.ClientHello) { ClientProtocol = protocol; ClientRandom = random; SessionID = session; ClientCiphers = ciphers; Extensions = extensions; }
public TlsConfiguration (TlsProtocols protocols, TlsSettings settings, string targetHost) { supportedProtocols = protocols; requestedProtocol = CheckProtocol (ref supportedProtocols, false); TlsSettings = settings ?? new TlsSettings (); TargetHost = targetHost; RenegotiationFlags = DefaultRenegotiationFlags; }
public TlsConfiguration (TlsProtocols protocols, TlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey) { supportedProtocols = protocols; requestedProtocol = CheckProtocol (ref supportedProtocols, true); TlsSettings = settings ?? new TlsSettings (); Certificate = certificate; PrivateKey = privateKey; RenegotiationFlags = DefaultRenegotiationFlags; }
public static MonoClientAndServerParameters SelectCipherSuite (TestContext ctx, TlsProtocolCode protocol, CipherSuiteCode code) { var provider = DependencyInjector.Get<ICertificateProvider> (); var acceptAll = provider.AcceptAll (); string name = string.Format ("select-cipher-{0}-{1}", protocol, code); return new MonoClientAndServerParameters (name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }; }
public static KeyExchange Create (TlsProtocolCode protocol, ExchangeAlgorithmType algorithm) { switch (algorithm) { case ExchangeAlgorithmType.RsaSign: return new RSAKeyExchange (); case ExchangeAlgorithmType.DiffieHellman: return new DiffieHellmanKeyExchange (protocol); default: throw new InvalidOperationException (); } }
public static CipherSuite CreateCipherSuite (TlsProtocolCode protocol, CipherSuiteCode code) { if (protocol == TlsProtocolCode.Tls12) return CreateCipherSuiteTls12 (code); else if (protocol == TlsProtocolCode.Tls11) return CreateCipherSuiteTls11 (code); else if (protocol == TlsProtocolCode.Tls10) return CreateCipherSuiteTls10 (code); else throw new TlsException (AlertDescription.ProtocolVersion); }
static byte[] ComputeRecordMAC (TlsProtocolCode protocol, HMac hmac, ulong seqnum, ContentType contentType, IBufferOffsetSize fragment) { var header = new TlsBuffer (13); header.Write (seqnum); header.Write ((byte)contentType); header.Write ((short)protocol); header.Write ((short)fragment.Size); hmac.Reset (); hmac.TransformBlock (header.Buffer, 0, header.Size); hmac.TransformBlock (fragment.Buffer, fragment.Offset, fragment.Size); return hmac.TransformFinalBlock (); }
public static Signature Read (TlsProtocolCode protocol, TlsBuffer incoming) { switch (protocol) { case TlsProtocolCode.Tls10: return new SignatureTls10 (incoming); case TlsProtocolCode.Tls11: return new SignatureTls11 (incoming); case TlsProtocolCode.Tls12: return new SignatureTls12 (incoming); default: throw new NotSupportedException (); } }
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, string targetHost) { supportedProtocols = protocols; requestedProtocol = CheckProtocol (settings, ref supportedProtocols, false); TlsSettings = settings; TargetHost = targetHost; if (settings != null) UserSettings = (UserSettings)settings.UserSettings; if (UserSettings == null) UserSettings = new UserSettings (); RenegotiationFlags = DefaultRenegotiationFlags; }
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey) { supportedProtocols = protocols; requestedProtocol = CheckProtocol (settings, ref supportedProtocols, true); TlsSettings = settings; Certificate = certificate; PrivateKey = privateKey; if (settings != null) UserSettings = (UserSettings)settings.UserSettings; if (UserSettings == null) UserSettings = new UserSettings (); RenegotiationFlags = DefaultRenegotiationFlags; }
public static KeyExchange Create(TlsProtocolCode protocol, ExchangeAlgorithmType algorithm) { switch (algorithm) { case ExchangeAlgorithmType.Rsa: return(new RSAKeyExchange()); case ExchangeAlgorithmType.Dhe: return(new DiffieHellmanKeyExchange(protocol)); case ExchangeAlgorithmType.EcDhe: return(new EllipticCurveKeyExchange()); default: throw new InvalidOperationException(); } }
static TlsProtocols GetProtocol(TlsProtocolCode protocol) { switch (protocol) { case TlsProtocolCode.Tls10: return(TlsProtocols.Tls10); case TlsProtocolCode.Tls11: return(TlsProtocols.Tls11); case TlsProtocolCode.Tls12: return(TlsProtocols.Tls12); default: throw new NotSupportedException(); } }
public static Signature Read(TlsProtocolCode protocol, TlsBuffer incoming) { switch (protocol) { case TlsProtocolCode.Tls10: return(new SignatureTls10(incoming)); case TlsProtocolCode.Tls11: return(new SignatureTls11(incoming)); case TlsProtocolCode.Tls12: return(new SignatureTls12(incoming)); default: throw new NotSupportedException(); } }
public bool IsSupportedProtocol(TlsProtocolCode protocol) { switch (protocol) { case TlsProtocolCode.Tls10: return((supportedProtocols & TlsProtocols.Tls10) != 0); case TlsProtocolCode.Tls11: return((supportedProtocols & TlsProtocols.Tls11) != 0); case TlsProtocolCode.Tls12: return((supportedProtocols & TlsProtocols.Tls12) != 0); default: return(false); } }
public TlsConfiguration(TlsProtocols protocols, MonoTlsSettings settings, string targetHost) { supportedProtocols = protocols; requestedProtocol = CheckProtocol(settings, ref supportedProtocols, false); TlsSettings = settings; TargetHost = targetHost; if (settings != null) { UserSettings = (UserSettings)settings.UserSettings; } if (UserSettings == null) { UserSettings = new UserSettings(); } RenegotiationFlags = DefaultRenegotiationFlags; }
public static CipherSuite CreateCipherSuite(TlsProtocolCode protocol, CipherSuiteCode code) { if (protocol == TlsProtocolCode.Tls12) { return(CreateCipherSuiteTls12(code)); } else if (protocol == TlsProtocolCode.Tls11) { return(CreateCipherSuiteTls11(code)); } else if (protocol == TlsProtocolCode.Tls10) { return(CreateCipherSuiteTls10(code)); } else { throw new TlsException(AlertDescription.ProtocolVersion); } }
internal static CipherSuiteCode[] GetSupportedCiphersArray(TlsProtocolCode protocol) { if (protocol == TlsProtocolCode.Tls12) { return(SupportedCiphersTls12); } else if (protocol == TlsProtocolCode.Tls11) { return(SupportedCiphersTls11); } else if (protocol == TlsProtocolCode.Tls10) { return(SupportedCiphersTls10); } else { throw new TlsException(AlertDescription.ProtocolVersion); } }
static internal void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output) { var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0; var offset = buffer.Offset; var remaining = buffer.Size; do { BufferOffsetSize fragment; var encryptedSize = crypto != null?crypto.GetEncryptedSize(remaining) : remaining; if (encryptedSize <= MAX_FRAGMENT_SIZE) { fragment = new BufferOffsetSize(buffer.Buffer, offset, remaining); } else { fragment = new BufferOffsetSize(buffer.Buffer, offset, MAX_FRAGMENT_SIZE - maxExtraBytes); encryptedSize = crypto != null?crypto.GetEncryptedSize(fragment.Size) : fragment.Size; } // Write tls message output.Write((byte)contentType); output.Write((short)protocol); output.Write((short)encryptedSize); if (crypto != null) { output.MakeRoom(encryptedSize); var ret = crypto.Encrypt(contentType, fragment, output.GetRemaining()); output.Position += ret; } else { output.Write(fragment.Buffer, fragment.Offset, fragment.Size); } offset += fragment.Size; remaining -= fragment.Size; } while (remaining > 0); }
public TlsConfiguration(TlsProtocols protocols, MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey) { supportedProtocols = protocols; requestedProtocol = CheckProtocol(settings, ref supportedProtocols, true); TlsSettings = settings; Certificate = certificate; PrivateKey = privateKey; if (settings != null) { UserSettings = (UserSettings)settings.UserSettings; } if (UserSettings == null) { UserSettings = new UserSettings(); } RenegotiationFlags = DefaultRenegotiationFlags; }
internal void VerifyServerProtocol(TlsProtocolCode serverProtocol) { if (!Configuration.IsSupportedServerProtocol(serverProtocol)) { throw new TlsException(AlertDescription.ProtocolVersion); } if (HasNegotiatedProtocol && serverProtocol != NegotiatedProtocol) { throw new TlsException(AlertDescription.ProtocolVersion); } if (!IsAcceptableServerProtocol(serverProtocol)) { throw new TlsException( AlertDescription.ProtocolVersion, "Incorrect protocol version received from server"); } negotiatedProtocol = serverProtocol; }
internal void VerifyClientProtocol(TlsProtocolCode clientProtocol) { if (!Configuration.IsSupportedClientProtocol(clientProtocol)) { throw new TlsException(AlertDescription.ProtocolVersion); } if (HasNegotiatedProtocol && clientProtocol != NegotiatedProtocol) { throw new TlsException(AlertDescription.ProtocolVersion); } // FIXME: we're overly strict at the moment if (clientProtocol != Configuration.RequestedProtocol) { throw new TlsException( AlertDescription.ProtocolVersion, "Incorrect protocol version received from client"); } negotiatedProtocol = clientProtocol; }
bool IsAcceptableServerProtocol(TlsProtocolCode serverProtocol) { if (serverProtocol == Configuration.RequestedProtocol) { return(true); } if (Configuration.RequestedProtocol == TlsProtocolCode.Tls12) { switch (serverProtocol) { case TlsProtocolCode.Tls11: return((Configuration.SupportedProtocols & TlsProtocols.Tls11Client) != 0); case TlsProtocolCode.Tls10: return((Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0); default: return(false); } } else if (Configuration.RequestedProtocol == TlsProtocolCode.Tls11) { switch (serverProtocol) { case TlsProtocolCode.Tls10: return((Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0); default: return(false); } } else { return(false); } }
internal void VerifyClientProtocol (TlsProtocolCode clientProtocol) { if (!Configuration.IsSupportedClientProtocol (clientProtocol)) throw new TlsException (AlertDescription.ProtocolVersion); if (HasNegotiatedProtocol && clientProtocol != NegotiatedProtocol) throw new TlsException (AlertDescription.ProtocolVersion); // FIXME: we're overly strict at the moment if (clientProtocol != Configuration.RequestedProtocol) throw new TlsException ( AlertDescription.ProtocolVersion, "Incorrect protocol version received from client"); negotiatedProtocol = clientProtocol; }
public override CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol) { switch (CipherAlgorithmType) { case CipherAlgorithmType.AesGcm128: case CipherAlgorithmType.AesGcm256: return new GaloisCounterCipher (isServer, protocol, this); case CipherAlgorithmType.Aes128: case CipherAlgorithmType.Aes256: return new CbcBlockCipher (isServer, protocol, this); default: throw new NotSupportedException (); } }
public abstract CryptoParameters Initialize(bool isServer, TlsProtocolCode protocol);
bool IsAcceptableServerProtocol (TlsProtocolCode serverProtocol) { if (serverProtocol == Configuration.RequestedProtocol) return true; if (Configuration.RequestedProtocol == TlsProtocolCode.Tls12) { switch (serverProtocol) { case TlsProtocolCode.Tls11: return (Configuration.SupportedProtocols & TlsProtocols.Tls11Client) != 0; case TlsProtocolCode.Tls10: return (Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0; default: return false; } } else if (Configuration.RequestedProtocol == TlsProtocolCode.Tls11) { switch (serverProtocol) { case TlsProtocolCode.Tls10: return (Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0; default: return false; } } else { return false; } }
public static ExchangeAlgorithmType GetExchangeAlgorithmType(TlsProtocolCode protocol, CipherSuiteCode code) { var cipher = CreateCipherSuite(protocol, code); return(cipher.ExchangeAlgorithmType); }
public TlsCertificateRequest (TlsProtocolCode protocol, ClientCertificateParameters parameters) : base (HandshakeType.CertificateRequest) { Protocol = protocol; Parameters = parameters; }
internal CryptoParameters(bool isServer, TlsProtocolCode protocol, CipherSuite cipher) { this.isServer = isServer; this.protocol = protocol; this.cipher = cipher; }
public BlockCipherWithHMac (bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base (isServer, protocol, cipher) { MacSize = HMac.GetMacSize (Cipher.HashAlgorithmType); }
public bool IsSupportedClientProtocol (TlsProtocolCode protocol) { switch (protocol) { case TlsProtocolCode.Tls10: return (supportedProtocols & TlsProtocols.Tls10Server) != 0; case TlsProtocolCode.Tls11: return (supportedProtocols & TlsProtocols.Tls11Server) != 0; case TlsProtocolCode.Tls12: return (supportedProtocols & TlsProtocols.Tls12Server) != 0; default: return false; } }
static void EncodeRecord_internal (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output, int fragmentSize = MAX_FRAGMENT_SIZE) { var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0; var offset = buffer.Offset; var remaining = buffer.Size; #if !INSTRUMENTATION fragmentSize = MAX_FRAGMENT_SIZE; #endif do { BufferOffsetSize fragment; var encryptedSize = crypto != null ? crypto.GetEncryptedSize (remaining) : remaining; if (encryptedSize <= fragmentSize) fragment = new BufferOffsetSize (buffer.Buffer, offset, remaining); else { fragment = new BufferOffsetSize (buffer.Buffer, offset, fragmentSize - maxExtraBytes); encryptedSize = crypto != null ? crypto.GetEncryptedSize (fragment.Size) : fragment.Size; } // Write tls message output.Write ((byte)contentType); output.Write ((short)protocol); output.Write ((short)encryptedSize); if (crypto != null) { output.MakeRoom (encryptedSize); var ret = crypto.Encrypt (contentType, fragment, output.GetRemaining ()); output.Position += ret; } else { output.Write (fragment.Buffer, fragment.Offset, fragment.Size); } offset += fragment.Size; remaining -= fragment.Size; } while (remaining > 0); }
public MonoCryptoContext(TlsProtocolCode protocol, bool isServer) { Protocol = protocol; IsServer = isServer; }
public static CryptoTestParameters CreateCBC(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { return(new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv }); }
public static bool IsTls12OrNewer (TlsProtocolCode protocol) { return IsTls12OrNewer ((short)protocol); }
public BlockCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base(isServer, protocol, cipher) { BlockSize = cipher.BlockSize; }
public BlockCipherWithHMac(bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base(isServer, protocol, cipher) { MacSize = HMac.GetMacSize(Cipher.HashAlgorithmType); }
public static bool IsTls12OrNewer(TlsProtocolCode protocol) { return(IsTls12OrNewer((short)protocol)); }
public MyGaloisCounterCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher, byte[] iv) : base(isServer, protocol, cipher) { this.iv = iv; }
public TlsCertificateVerify(TlsProtocolCode protocol, TlsBuffer incoming) : base(HandshakeType.CertificateVerify) { Protocol = protocol; Read(incoming); }
public override CryptoParameters Initialize(bool isServer, TlsProtocolCode protocol) { return(new CbcBlockCipher(isServer, protocol, this)); }
public abstract CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol);
public TlsCertificateRequest(TlsProtocolCode protocol, ClientCertificateParameters parameters) : base(HandshakeType.CertificateRequest) { Protocol = protocol; Parameters = parameters; }
public static CipherSuiteCollection GetSupportedCiphers(TlsProtocolCode protocol) { return(new CipherSuiteCollection(protocol, GetSupportedCiphersArray(protocol))); }
public static void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output) { EncodeRecord_internal(protocol, contentType, crypto, buffer, output); }
public CbcBlockCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base (isServer, protocol, cipher) { }
public override CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol) { return new CbcBlockCipher (isServer, protocol, this); }
internal void VerifyServerProtocol (TlsProtocolCode serverProtocol) { if (!Configuration.IsSupportedServerProtocol (serverProtocol)) throw new TlsException (AlertDescription.ProtocolVersion); if (HasNegotiatedProtocol && serverProtocol != NegotiatedProtocol) throw new TlsException (AlertDescription.ProtocolVersion); if (!IsAcceptableServerProtocol (serverProtocol)) throw new TlsException ( AlertDescription.ProtocolVersion, "Incorrect protocol version received from server"); negotiatedProtocol = serverProtocol; }
public DiffieHellmanKeyExchange(TlsProtocolCode protocol) { this.protocol = protocol; }
public static void EncodeRecord (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output) { EncodeRecord_internal (protocol, contentType, crypto, buffer, output); }
public static CryptoTestParameters CreateGCM(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { return(new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true }); }
public BlockCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base (isServer, protocol, cipher) { BlockSize = cipher.BlockSize; }
public CbcBlockCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher) : base(isServer, protocol, cipher) { }
public void AssertProtocol (ITlsContext ctx, TlsProtocolCode protocol) { if (!ctx.HasNegotiatedProtocol || ctx.NegotiatedProtocol != protocol) throw new TlsException (AlertDescription.ProtocolVersion); }
public DiffieHellmanKeyExchange (TlsProtocolCode protocol) { this.protocol = protocol; }