Exemple #1
0
        public Task Initialize(TestContext ctx, CancellationToken cancellationToken)
        {
            return(Task.Run(() => {
                if (Parameters == null)
                {
                    return;
                }

                cipher = CipherSuiteFactory.CreateCipherSuite(Parameters.Protocol, Parameters.Code);

                if (Parameters.IsGCM)
                {
                    crypto = new MyGaloisCounterCipher(Parameters, cipher);

                    crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
                    crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
                    crypto.ServerWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce);
                    crypto.ClientWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce);

                    crypto.InitializeCipher();
                }
                else
                {
                    crypto = new MyCbcBlockCipher(Parameters, cipher);

                    crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
                    crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key);
                    crypto.ServerWriteMac = SecureBuffer.CreateCopy(Parameters.MAC);
                    crypto.ClientWriteMac = SecureBuffer.CreateCopy(Parameters.MAC);

                    crypto.InitializeCipher();
                }
            }));
        }
Exemple #2
0
        protected virtual void HandleServerHello(TlsServerHello message)
        {
            Context.VerifyServerProtocol(message.ServerProtocol);

            // Server random
            HandshakeParameters.ServerRandom = message.ServerRandom;

            // Session ID
            HandshakeParameters.SessionId = message.SessionID;

            HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(Context.NegotiatedProtocol);

            // Cipher suite
            if (!HandshakeParameters.SupportedCiphers.Contains(message.SelectedCipher))
            {
                // The server has sent an invalid ciphersuite
                throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server");
            }

            var cipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, message.SelectedCipher);

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                cipher.EnableDebugging = true;
            }
                        #endif
            Session.PendingCrypto = cipher.Initialize(false, Context.NegotiatedProtocol);
        }
Exemple #3
0
        protected virtual void SelectCipher(TlsClientHello message)
        {
            var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
            CipherSuiteCollection supportedCiphers;

            if (userCiphers != null)
            {
                supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers);
            }
            else
            {
                supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
            }

            HandshakeParameters.SupportedCiphers = supportedCiphers;

            CipherSuite selectedCipher = null;

            foreach (var code in message.ClientCiphers)
            {
                var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
                if (idx < 0)
                {
                    continue;
                }
                var cipher = HandshakeParameters.SupportedCiphers [idx];
                selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
                break;
            }

            if (selectedCipher == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
            }

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                selectedCipher.EnableDebugging = true;
            }
                        #endif

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
            }
                        #endif

            // FIXME: Select best one.
            Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
        }
Exemple #4
0
        public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
        {
            Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
                        #if DEBUG_FULL
            Cipher.EnableDebugging = EnableDebugging;
                        #endif
            Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce));

            Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ServerWriteIV  = SecureBuffer.CreateCopy(implNonce);
            Crypto.ClientWriteIV  = SecureBuffer.CreateCopy(implNonce);

            Crypto.InitializeCipher();
        }
Exemple #5
0
        public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
        {
            Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code);
                        #if DEBUG_FULL
            Cipher.EnableDebugging = EnableDebugging;
                        #endif
            Crypto = Add(new MyCbcBlockCipher(this, iv));

            Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key);
            Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac);
            Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac);

            Crypto.InitializeCipher();
        }
Exemple #6
0
        protected virtual void SelectCipher(TlsClientHello message)
        {
            var certificate = Config.Certificate;

            if (certificate == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
            }

            CipherSuiteCollection requestedCiphers;

            if (Settings.RequestedCiphers != null)
            {
                requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
            }
            else
            {
                requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
            }

            HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
                                #if INSTRUMENTATION
                if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
                {
                    return(true);
                }
                                #endif
                var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
                return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
            });

            CipherSuite selectedCipher = null;
            foreach (var code in message.ClientCiphers)
            {
                var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
                if (idx < 0)
                {
                    continue;
                }
                var cipher = HandshakeParameters.SupportedCiphers [idx];
                selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
                break;
            }

            if (selectedCipher == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
            }

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                selectedCipher.EnableDebugging = true;
            }
                        #endif

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
            }
                        #endif

            // FIXME: Select best one.
            Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
            Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
            Session.PendingCrypto.ServerCertificates.Add(certificate);
        }