public unsafe CipherSuite GetCipherSuiteFromExtension(ReadableBuffer buffer, TlsVersion version) { var list = GetCipherSuites(version); if (buffer.Length % 2 != 0) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.illegal_parameter, "Cipher suite extension is not divisable by zero"); } var numberOfCiphers = buffer.Length / 2; var peerCipherList = stackalloc ushort[numberOfCiphers]; for (var i = 0; i < numberOfCiphers; i++) { peerCipherList[i] = buffer.ReadBigEndian <ushort>(); buffer = buffer.Slice(sizeof(ushort)); } for (var i = 0; i < list.Length; i++) { for (var x = 0; x < numberOfCiphers; x++) { if (peerCipherList[x] == list[i].CipherCode) { return(list[i]); } } } Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.insufficient_security, "Failed to get a bulk cipher from the cipher extensions"); return(null); }
public async Task <BouncyCastleTlsTestResult> Connect(string host, int port, TlsVersion version, List <CipherSuite> cipherSuites) { try { return(await DoConnect(host, port, version, cipherSuites).ConfigureAwait(false)); } catch (SocketException e) { _log.LogError($"{e.GetType().Name} occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(e.SocketErrorCode == SocketError.HostNotFound ? new BouncyCastleTlsTestResult(TlsError.HOST_NOT_FOUND, e.Message, null) : new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, e.Message, null)); } catch (ArgumentNullException e) { _log.LogError($"{e.GetType().Name} occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, e.Message, null)); } catch (IOException e) { _log.LogError($"{e.GetType().Name} occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, e.Message, null)); } catch (TimeoutException e) { _log.LogError($"{e.GetType().Name} occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, e.Message, null)); } catch (Exception e) { _log.LogError($"{e.GetType().Name} occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new BouncyCastleTlsTestResult(TlsError.INTERNAL_ERROR, e.Message, null)); } }
private void _read() { _handshakeMsgType = m_io.EnsureFixedContents(new byte[] { 22 }); _version = new TlsVersion(m_io, this, m_root); _length = m_io.ReadU2be(); _finishedBytes = m_io.ReadBytes(Length); }
public TestTlsClient(TlsVersion version, List <CipherSuite> cipherSuites, List <CurveGroup> supportedGroups = null) { _version = version; _cipherSuites = cipherSuites; _supportedGroups = supportedGroups ?? _defaultSupportedGroups; _namedCurves = _supportedGroups.Select(_ => (int)_).ToArray(); }
public async Task <TlsConnectionResult> Connect(string host, int port, TlsVersion version, List <CipherSuite> cipherSuites) { try { return(await DoConnect(host, port, version, cipherSuites).TimeoutAfter(_timeOut).ConfigureAwait(false)); } catch (SocketException e) { _log.Error($"An error occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new TlsConnectionResult(Error.TCP_CONNECTION_FAILED, e.Message, null)); } catch (ArgumentNullException e) { _log.Error($"An error occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new TlsConnectionResult(Error.TCP_CONNECTION_FAILED, e.Message, null)); } catch (IOException e) { _log.Error($"An error occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new TlsConnectionResult(Error.TCP_CONNECTION_FAILED, e.Message, null)); } catch (TimeoutException e) { _log.Error($"An error occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new TlsConnectionResult(Error.TCP_CONNECTION_FAILED, e.Message, null)); } catch (Exception e) { _log.Error($"An error occurred {e.Message}{System.Environment.NewLine}{e.StackTrace}"); return(new TlsConnectionResult(Error.INTERNAL_ERROR, e.Message, null)); } }
private BouncyCastleTlsTestResult ProcessKeyExchange(TlsRsaKeyExchange keyExchange) { TlsVersion version = Context.ServerVersion.ToTlsVersion(); CipherSuite cipherSuite = mSecurityParameters.CipherSuite.ToCipherSuite(); List <X509Certificate2> certificates = mPeerCertificate.ToCertificateList(); base.CleanupHandshake(); return(new BouncyCastleTlsTestResult(version, cipherSuite, null, null, _tlsError, _errorMessage, null, certificates)); }
public ClientHelloMessage(TlsVersion version, byte[] randomBytes, byte[] sessionId, HelloExtension[] extensions, CipherSuite[] cipherSuites, CompressionMethod[] compressionMethods) : base(HandshakeType.ClientHello, version, randomBytes, sessionId, extensions) { SecurityAssert.NotNull(cipherSuites); SecurityAssert.SAssert(cipherSuites.Length >= 2 && cipherSuites.Length <= 0xFFFE); CipherSuites = cipherSuites; SecurityAssert.NotNull(compressionMethods); SecurityAssert.SAssert(compressionMethods.Length >= 1 && cipherSuites.Length <= 0xFF); CompressionMethods = compressionMethods; }
private TlsConnectionResult ProcessKeyExchange(TestTlsDhKeyExchange keyExchange) { CurveGroup group = keyExchange.DhParameters.ToGroup(); TlsVersion version = Context.ServerVersion.ToTlsVersion(); CipherSuite cipherSuite = mSecurityParameters.CipherSuite.ToCipherSuite(); List <X509Certificate2> certificates = mPeerCertificate.ToCertificateList(); base.CleanupHandshake(); return(new TlsConnectionResult(version, cipherSuite, group, null, _error, _errorMessage, null, certificates)); }
private void _parse() { _version = new TlsVersion(m_io, this, m_root); _random = new Random(m_io, this, m_root); _sessionId = new SessionId(m_io, this, m_root); _cipherSuites = new CipherSuites(m_io, this, m_root); _compressionMethods = new CompressionMethods(m_io, this, m_root); if (M_Io.IsEof == false) { _extensions = new Extensions(m_io, this, m_root); } }
private CipherSuite[] GetCipherSuites(TlsVersion version) { if (version == TlsVersion.Tls12) { return(_priorityOrderedCipherSuitesTls12); } if (version == TlsVersion.Tls13Draft18) { return(_priorityOrderedCipherSuitesTls13); } return(null); }
private BouncyCastleTlsTestResult ProcessKeyExchange(TestTlsDheKeyExchange keyExchange) { CurveGroup group = keyExchange.DhParameters.ToGroup(); TlsVersion version = Context.ServerVersion.ToTlsVersion(); CipherSuite cipherSuite = mSecurityParameters.CipherSuite.ToCipherSuite(); SignatureHashAlgorithm signatureHashAlgorithm = keyExchange.EcSignatureAndHashAlgorithm.ToSignatureAlgorithm(); List <X509Certificate2> certificates = mPeerCertificate.ToCertificateList(); base.CleanupHandshake(); return(new BouncyCastleTlsTestResult(version, cipherSuite, group, signatureHashAlgorithm, _tlsError, _errorMessage, null, certificates)); }
private BouncyCastleTlsTestResult ProcessKeyExchange(TestTlsEcDhKeyExchange keyExchange) { string curveName = keyExchange.EcPublicKeyParameters.Parameters.Curve.GetType().Name.ToLower(); CurveGroup curve = curveName.ToCurve(); TlsVersion version = Context.ServerVersion.ToTlsVersion(); CipherSuite cipherSuite = mSecurityParameters.CipherSuite.ToCipherSuite(); List <X509Certificate2> certificates = mPeerCertificate.ToCertificateList(); base.CleanupHandshake(); return(new BouncyCastleTlsTestResult(version, cipherSuite, curve, null, _tlsError, _errorMessage, null, certificates)); }
public ServerHelloParser(ReadableBuffer buffer, SecurePipeConnection secureConnection) { _originalMessage = buffer.ToSpan(); var span = new BigEndianAdvancingSpan(_originalMessage); span.Read <HandshakeHeader>(); _tlsVersion = span.Read <TlsVersion>(); _serverRandom = span.TakeSlice(TlsConstants.RandomLength).ToSpan(); _sessionId = span.ReadVector <byte>().ToSpan(); _cipherSuite = span.Read <ushort>(); var compression = span.Read <byte>(); //Dump compression if (compression != 0) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.handshake_failure, "Compression is not supported"); } _supportedGroups = default; if (span.Length == 0) { return; } span = span.ReadVector <ushort>(); while (span.Length > 0) { var extType = span.Read <ExtensionType>(); var extBuffer = span.ReadVector <ushort>(); switch (extType) { case ExtensionType.supported_groups: throw new NotImplementedException(); case ExtensionType.application_layer_protocol_negotiation: throw new NotImplementedException(); case ExtensionType.server_name: throw new NotImplementedException(); case ExtensionType.SessionTicket: throw new NotImplementedException(); case ExtensionType.signature_algorithms: throw new NotImplementedException(); case ExtensionType.renegotiation_info: throw new NotImplementedException(); } } }
public CipherSuite GetCipherSuiteFromCode(ushort cipherCode, TlsVersion version) { var list = GetCipherSuites(version); for (int i = 0; i < list.Length; i++) { if (list[i] != null) { return(list[i]); } } return(null); }
private void _read() { _version = new TlsVersion(m_io, this, m_root); _random = new Random(m_io, this, m_root); _sessionId = new SessionId(m_io, this, m_root); _cipherSuite = new CipherSuite(m_io, this, m_root); _compressionMethod = ((TlsPacket.CompressionMethods)m_io.ReadU1()); _extensionsLength = m_io.ReadU2be(); __raw_extensions = m_io.ReadBytes(ExtensionsLength); var io___raw_extensions = new KaitaiStream(__raw_extensions); _extensions = new TlsExtensions(io___raw_extensions, this, m_root); }
private TlsConnectionResult ProcessKeyExchange(TestTlsEcDheKeyExchange keyExchange) { string curveName = keyExchange.EcPublicKeyParameters.Parameters.Curve.GetType().Name.ToLower(); CurveGroup curve = curveName.ToCurve(); TlsVersion version = Context.ServerVersion.ToTlsVersion(); CipherSuite cipherSuite = mSecurityParameters.CipherSuite.ToCipherSuite(); SignatureHashAlgorithm signatureHashAlgorithm = keyExchange.EcSignatureAndHashAlgorithm.ToSignatureAlgorithm(); List <X509Certificate2> certificates = mPeerCertificate.ToCertificateList(); base.CleanupHandshake(); return(new TlsConnectionResult(version, cipherSuite, curve, signatureHashAlgorithm, _error, _errorMessage, null, certificates)); }
///GENMHASH:BE6BA1183F3D45C65CDAC63F14746F24:D778A193C0BD265A4FDFF6A32CB536EE public RedisCacheImpl WithMinimumTlsVersion(TlsVersion tlsVersion) { if (this.IsInCreateMode) { createParameters.MinimumTlsVersion = tlsVersion.ToString(); } else { updateParameters.MinimumTlsVersion = tlsVersion.ToString(); } return(this); }
/// <summary> /// TLS version to SSL protocol version. /// </summary> /// <param name="tlsVersion"></param> /// <returns></returns> public static SslProtocols ToSslProtocols(this TlsVersion tlsVersion) { switch (tlsVersion) { case TlsVersion.Tls12: return(SslProtocols.Tls12); #if NET5_0_OR_GREATER case TlsVersion.Tls13: return(SslProtocols.Tls13); #endif default: throw new ArgumentOutOfRangeException($"Unsupported TLS version {tlsVersion}."); } }
internal CipherSuite GetCipherSuite(TlsVersion tlsVersion, ushort cipherSuite) { for (var x = 0; x < _cipherSuites.Length; x++) { if (cipherSuite == _cipherSuites[x].Code) { if (_cipherSuites[x].SupportsVersion(tlsVersion)) { return(_cipherSuites[x]); } } } Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.handshake_failure, "Unable to match cipher suites"); return(null); }
protected HelloMessage(HandshakeType type, TlsVersion version, byte[] randomBytes, byte[] sessionId, HelloExtension[] extensions) : base(type) { Version = version; SecurityAssert.NotNull(randomBytes); SecurityAssert.SAssert(randomBytes.Length == 32); RandomBytes = randomBytes; SecurityAssert.NotNull(sessionId); SecurityAssert.SAssert(sessionId.Length >= 0 && sessionId.Length <= 32); SessionId = sessionId; SecurityAssert.NotNull(extensions); SecurityAssert.SAssert(extensions.Length >= 0 && extensions.Length <= 0xFFFF); Extensions = extensions; }
private void _read() { _contentType = ((TlsContentType)m_io.ReadU1()); _version = new TlsVersion(m_io, this, m_root); _length = m_io.ReadU2be(); switch (ContentType) { case TlsContentType.Handshake: { __raw_fragment = m_io.ReadBytes(Length); var io___raw_fragment = new KaitaiStream(__raw_fragment); _fragment = new TlsHandshake(io___raw_fragment, this, m_root); break; } case TlsContentType.ApplicationData: { __raw_fragment = m_io.ReadBytes(Length); var io___raw_fragment = new KaitaiStream(__raw_fragment); _fragment = new TlsApplicationData(io___raw_fragment, this, m_root); break; } case TlsContentType.ChangeCipherSpec: { __raw_fragment = m_io.ReadBytes(Length); var io___raw_fragment = new KaitaiStream(__raw_fragment); _fragment = new TlsChangeCipherSpec(io___raw_fragment, this, m_root); break; } case TlsContentType.Alert: { __raw_fragment = m_io.ReadBytes(Length); var io___raw_fragment = new KaitaiStream(__raw_fragment); _fragment = new TlsEncryptedMessage(io___raw_fragment, this, m_root); break; } default: { __raw_fragment = m_io.ReadBytes(Length); var io___raw_fragment = new KaitaiStream(__raw_fragment); _fragment = new TlsEncryptedMessage(io___raw_fragment, this, m_root); break; } } if (ContentType == TlsContentType.ChangeCipherSpec) { _finished = new TlsFinished(m_io, this, m_root); } }
private void _read() { _version = new TlsVersion(m_io, this, m_root); _random = new Random(m_io, this, m_root); _sessionId = new SessionId(m_io, this, m_root); _cipherSuites = new CipherSuites(m_io, this, m_root); _compressionMethodsLength = m_io.ReadU1(); _compressionMethods = new List <CompressionMethods>((int)(CompressionMethodsLength)); for (var i = 0; i < CompressionMethodsLength; i++) { _compressionMethods.Add(((TlsPacket.CompressionMethods)m_io.ReadU1())); } _extensionsLength = m_io.ReadU2be(); __raw_extensions = m_io.ReadBytes(ExtensionsLength); var io___raw_extensions = new KaitaiStream(__raw_extensions); _extensions = new TlsExtensions(io___raw_extensions, this, m_root); }
public static TlsVersion ReadSupportedVersion(ReadableBuffer buffer, TlsVersion[] supportedVersions) { TlsVersion returnVersion = 0; buffer = BufferExtensions.SliceVector <byte>(ref buffer); while (buffer.Length > 1) { TlsVersion version; buffer = buffer.SliceBigEndian(out version); if (supportedVersions.Contains(version)) { if (version > returnVersion) { returnVersion = version; } } } return(returnVersion); }
public CipherSuite GetCipherSuite(TlsVersion tlsVersion, BigEndianAdvancingSpan cipherSuites) { for (var x = 0; x < _cipherSuites.Length; x++) { var tempSpan = cipherSuites; while (tempSpan.Length > 0) { var cipherSuite = tempSpan.Read <ushort>(); if (cipherSuite == _cipherSuites[x].Code) { if (_cipherSuites[x].SupportsVersion(tlsVersion)) { return(_cipherSuites[x]); } } } } Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.handshake_failure, "Unable to match cipher suites"); return(null); }
public static ProtocolVersion ToProtocolVersion(this TlsVersion version) { switch (version) { case TlsVersion.SslV3: return(ProtocolVersion.SSLv3); case TlsVersion.TlsV1: return(ProtocolVersion.TLSv10); case TlsVersion.TlsV11: return(ProtocolVersion.TLSv11); case TlsVersion.TlsV12: return(ProtocolVersion.TLSv12); default: throw new InvalidOperationException($"Cannot convert ({version}) to BouncyCastle ProtocolVersion."); } }
private async Task <TlsConnectionResult> DoConnect(string host, int port, TlsVersion version, List <CipherSuite> cipherSuites) { _tcpClient = new TcpClient { NoDelay = true, SendTimeout = _timeOut.Milliseconds, ReceiveTimeout = _timeOut.Milliseconds, }; _log.Debug($"Starting TCP connection to {host ?? "<null>"}:{port}"); await _tcpClient.ConnectAsync(host, port).ConfigureAwait(false); _log.Debug($"Successfully started TCP connection to {host ?? "<null>"}:{port}"); _log.Debug("Initializing session"); StartTlsResult sessionInitialized = await TryInitializeSession(_tcpClient.GetStream()).ConfigureAwait(false); _log.Debug("Successfully initialized session"); if (!sessionInitialized.Success) { _log.Debug("Failed to initialize session"); return(new TlsConnectionResult(Error.SESSION_INITIALIZATION_FAILED, sessionInitialized.Error, sessionInitialized.SmtpSession)); } TestTlsClientProtocol clientProtocol = new TestTlsClientProtocol(_tcpClient.GetStream()); TestTlsClient testSuiteTlsClient = new TestTlsClient(version, cipherSuites); _log.Debug("Starting TLS session"); TlsConnectionResult connectionResult = clientProtocol.ConnectWithResults(testSuiteTlsClient); _log.Debug("Successfully started TLS session"); return(connectionResult); }
/// <summary> /// Requires clients to use a specified TLS version (or higher) to connect (e,g, '1.0', '1.1', '1.2'). /// </summary> /// <param name="tlsVersion">Minimum TLS version.</param> /// <return>The next stage of Redis Cache definition.</return> RedisCache.Update.IUpdate RedisCache.Update.IUpdateBeta.WithMinimumTlsVersion(TlsVersion tlsVersion) { return(this.WithMinimumTlsVersion(tlsVersion)); }
protected RecordHandler(IKeyPair secureConnection, TlsVersion recordVersion, IPipeWriter output) { _recordVersion = recordVersion; _connection = secureConnection; _output = output; }
public GeneralRecordHandler(IKeyPair secureConnection, TlsVersion recordVersion, IPipeWriter output) : base(secureConnection, recordVersion, output) { }
public ClientHelloParser(ReadableBuffer buffer, SecurePipeConnection secureConnection) { _originalMessage = buffer.ToSpan(); var span = new BigEndianAdvancingSpan(_originalMessage); span.Read <HandshakeHeader>(); _tlsVersion = span.Read <TlsVersion>(); _clientRandom = span.TakeSlice(TlsConstants.RandomLength).ToSpan(); _sessionId = span.ReadVector <byte>().ToSpan(); _cipherSuite = span.ReadVector <ushort>(); _compressionMethods = span.ReadVector <byte>().ToSpan(); _negotiatedAlpn = ApplicationLayerProtocolType.None; _hostName = null; if (span.Length == 0) { return; } var extensionSpan = new BigEndianAdvancingSpan(span.ReadVector <ushort>().ToSpan()); while (extensionSpan.Length > 0) { var extType = extensionSpan.Read <ExtensionType>(); var extBuffer = extensionSpan.ReadVector <ushort>(); switch (extType) { case ExtensionType.application_layer_protocol_negotiation: _negotiatedAlpn = secureConnection.Listener.AlpnProvider.ProcessExtension(extBuffer); break; case ExtensionType.server_name: _hostName = secureConnection.Listener.HostNameProvider.ProcessHostNameExtension(extBuffer); break; case ExtensionType.signature_algorithms: _signatureAlgos = extBuffer; break; case ExtensionType.supported_groups: _supportedGroups = extBuffer; break; case ExtensionType.SessionTicket: _sessionTicket = extBuffer; break; case ExtensionType.psk_key_exchange_modes: case ExtensionType.pre_shared_key: case ExtensionType.supported_versions: case ExtensionType.key_share: break; } } if (span.Length > 0) { ThrowBytesLeftOver(); } }
public Record Read(RecordType type, TlsVersion version, ushort length) { return ReadStrategy.Read(type, version, length); }
public abstract void Encrypt(ref WritableBuffer writer, Span <byte> plainText, RecordType recordType, TlsVersion tlsVersion);
public abstract void Decrypt(ref ReadableBuffer messageBuffer, RecordType recordType, TlsVersion tlsVersion);
public void Write(RecordType type, TlsVersion version, byte[] data) { WriteStrategy.Write(type, version, data); }
public ServerHelloMessage(TlsVersion version, byte[] randomBytes, byte[] sessionId, HelloExtension[] extensions, CipherSuite cipherSuite, CompressionMethod compressionMethod) : base(HandshakeType.ServerHello, version, randomBytes, sessionId, extensions) { CipherSuite = cipherSuite; CompressionMethod = compressionMethod; }