public override void Dispose(bool disposing) { base.Dispose(disposing); if (disposing) { sslStream?.Dispose(); sslStream = null; connectionInfo = null; } }
public override void FinishHandshake() { sslStream.EndHandshake(handshakeResult); handshakeResult = null; // Once done, we can set up info values connectionInfo = new MonoTlsConnectionInfo(); connectionInfo.HashAlgorithmType = sslStream.HashAlgorithm switch { TlsHashAlgorithmType.Md5 => HashAlgorithmType.Md5, TlsHashAlgorithmType.None => HashAlgorithmType.None, TlsHashAlgorithmType.Sha1 => HashAlgorithmType.Sha1, _ => throw new InvalidOperationException( "Not supported hash algorithm is in use. It is likely a bug in SslStream.") }; connectionInfo.CipherSuiteCode = (CipherSuiteCode)sslStream.protocol.Context.Current.Cipher.Code; // Apparently it's possible to figure out the rest values from cipher suite code, but mono has no logic for that yet // On the other hand it seems like those values are not assigned either way (look at btls impl) // TODO: See if these values actually work and are valid connectionInfo.ExchangeAlgorithmType = sslStream.KeyExchangeAlgorithm switch { TlsExchangeAlgorithmType.DiffieHellman => ExchangeAlgorithmType.Dhe, TlsExchangeAlgorithmType.None => ExchangeAlgorithmType.None, TlsExchangeAlgorithmType.RsaSign => ExchangeAlgorithmType.Rsa, TlsExchangeAlgorithmType.RsaKeyX => ExchangeAlgorithmType.EcDhe, _ => throw new InvalidOperationException( $"Not supported exchange algorithm is in use ({sslStream.KeyExchangeAlgorithm}). It is likely a bug in SslStream.") }; var protocols = sslStream.SecurityProtocol switch { TlsSecurityProtocolType.Default => SslProtocols.Default, TlsSecurityProtocolType.Ssl2 => SslProtocols.Ssl2, TlsSecurityProtocolType.Ssl3 => SslProtocols.Ssl3, TlsSecurityProtocolType.Tls => SslProtocols.Tls, _ => throw new InvalidOperationException( $"Not supported TLS protocol is in use ({sslStream.SecurityProtocol}). It is likely a bug in SslStream.") }; connectionInfo.ProtocolVersion = (TlsProtocols)protocols; connectionInfo.CipherAlgorithmType = sslStream.CipherAlgorithm switch { TlsCipherAlgorithmType.None => CipherAlgorithmType.None, TlsCipherAlgorithmType.Rijndael => sslStream.CipherStrength switch { 128 => CipherAlgorithmType.Aes128, 256 => CipherAlgorithmType.Aes256, _ => throw new InvalidOperationException( $"Not supported cipher algorithm is in use ({sslStream.CipherAlgorithm}). It is likely a bug in SslStream.") },
public MonoTlsConnectionInfo GetConnectionInfo() { if (connectionInfo != null) { return(connectionInfo); } connectionInfo = new MonoTlsConnectionInfo { CipherSuiteCode = (CipherSuiteCode)openssl.CurrentCipher }; return(connectionInfo); }
void InitializeSession() { if (connectionInfo != null) { return; } var cipher = NegotiatedCipher; var protocol = GetNegotiatedProtocolVersion(); Debug("GET CONNECTION INFO: {0:x}:{0} {1:x}:{1} {2}", cipher, protocol, (TlsProtocolCode)protocol); connectionInfo = new MonoTlsConnectionInfo { CipherSuiteCode = (CipherSuiteCode)cipher, ProtocolVersion = GetProtocol(protocol) }; }
internal void FinishHandshake() { HandshakeParameters.Dispose(); HandshakeParameters = null; if (Session.CurrentCrypto == null || Session.PendingCrypto != null) { throw new TlsException(AlertDescription.InsuficientSecurity, "No ciper"); } if (Session.CurrentCrypto.Cipher == null) { throw new TlsException(AlertDescription.InsuficientSecurity, "No ciper"); } TlsProtocols protocol; switch (Session.CurrentCrypto.Protocol) { case TlsProtocolCode.Tls10: protocol = TlsProtocols.Tls10; break; case TlsProtocolCode.Tls11: protocol = TlsProtocols.Tls11; break; case TlsProtocolCode.Tls12: protocol = TlsProtocols.Tls12; break; default: throw new TlsException(AlertDescription.ProtocolVersion); } var cipher = Session.CurrentCrypto.Cipher; connectionInfo = new MonoTlsConnectionInfo { CipherSuiteCode = cipher.Code, ProtocolVersion = protocol, CipherAlgorithmType = cipher.CipherAlgorithmType, HashAlgorithmType = cipher.HashAlgorithmType, ExchangeAlgorithmType = cipher.ExchangeAlgorithmType }; }
void InitializeSession() { GetPeerCertificate(); if (IsServer && AskForClientCertificate && !certificateValidated) { if (!ValidateCertificate(null, null)) { throw new TlsException(AlertDescription.CertificateUnknown); } } var cipher = (CipherSuiteCode)ssl.GetCipher(); var protocol = (TlsProtocolCode)ssl.GetVersion(); Debug("GET CONNECTION INFO: {0:x}:{0} {1:x}:{1} {2}", cipher, protocol, (TlsProtocolCode)protocol); connectionInfo = new MonoTlsConnectionInfo { CipherSuiteCode = cipher, ProtocolVersion = GetProtocol(protocol) }; }
public override void FinishHandshake() { // Query some data. Ignore errors on the way since failure is not crucial. var errorState = UnityTls.NativeInterface.unitytls_errorstate_create(); var cipherSuite = UnityTls.NativeInterface.unitytls_tlsctx_get_ciphersuite(tlsContext, &errorState); var protocolVersion = UnityTls.NativeInterface.unitytls_tlsctx_get_protocol(tlsContext, &errorState); connectioninfo = new MonoTlsConnectionInfo { CipherSuiteCode = (CipherSuiteCode)cipherSuite, ProtocolVersion = UnityTlsConversions.ConvertProtocolVersion(protocolVersion), PeerDomainName = ServerName // TODO: // The following properties can be deducted from CipherSuiteCode. // It looks though like as of writing no Mono implemention fills it out and there is also no mechanism that does that automatically // //CipherAlgorithmType //HashAlgorithmType //ExchangeAlgorithmType }; isAuthenticated = true; }
public override void Dispose(bool disposing) { try { if (disposing) { Shutdown(); // reset states localClientCertificate = null; remoteCertificate = null; if (localClientCertificate != null) { localClientCertificate.Dispose(); localClientCertificate = null; } if (remoteCertificate != null) { remoteCertificate.Dispose(); remoteCertificate = null; } connectioninfo = null; isAuthenticated = false; hasContext = false; } handle.Free(); } finally { base.Dispose(disposing); } }
public MonoConnectionInfo(MonoTlsConnectionInfo info) { this.info = info; }