public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed) { for(int i = 0; i < algos.Length; i++) { if (algos[i] == 0) return SslAlgorithms.NULL_COMPRESSION; } throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods."); }
private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData) { CertVerifyEventHandler serverCertificateCheckHandler = null; CertRequestEventHandler clientCertificateRequestHandler = null; CredentialVerification credentialVerification = CredentialVerification.Auto; SecureProtocol protocol = SecureProtocol.None; SslAlgorithms sslAlgs = SslAlgorithms.ALL; if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3; sslAlgs = SslAlgorithms.SECURE_CIPHERS; credentialVerification = CredentialVerification.Manual; serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient); clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient); } SecurityOptions result = new SecurityOptions(protocol, null, ConnectionEnd.Client, credentialVerification, serverCertificateCheckHandler, null, SecurityFlags.Default, sslAlgs, clientCertificateRequestHandler); return(result); }
public static byte GetAlgorithmByte(SslAlgorithms algorithm) { switch(algorithm) { case SslAlgorithms.NULL_COMPRESSION: return 0; default: return 0; // perhaps throw error? } }
public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme) { for (int i = 0; i < Definitions.Length; i++) { if (Definitions[i].Scheme == scheme) { return(Definitions[i]); } } throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown."); }
public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed) { for (int i = 0; i < algos.Length; i++) { if (algos[i] == 0) { return(SslAlgorithms.NULL_COMPRESSION); } } throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods."); }
public static byte GetAlgorithmByte(SslAlgorithms algorithm) { switch (algorithm) { case SslAlgorithms.NULL_COMPRESSION: return(0); default: return(0); // perhaps throw error? } }
/// <summary> /// Initializes a new instance of the SecurityOptions class. /// </summary> /// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param> /// <param name="cert">A <see cref="Certificate"/> instance.</param> /// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param> /// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param> /// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param> /// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param> /// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param> /// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param> /// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param> public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; }
public CipherDefinition(SslAlgorithms scheme, Type bulk, int keysize, int ivsize, int expsize, Type hash, HashType hashType, int hashsize, bool exportable) { this.Scheme = scheme; this.BulkCipherAlgorithm = bulk; this.BulkKeySize = keysize; this.BulkIVSize = ivsize; this.BulkExpandedSize = expsize; this.HashAlgorithm = hash; this.HashAlgorithmType = hashType; this.HashSize = hashsize; this.Exportable = exportable; }
public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed) { int alwd = (int)allowed; for (int i = 0; i < algorithms.Length; i += 2) { SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i); if (((int)alg & alwd) != 0) { return(alg); } } throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes."); }
internal SslConnectionListener(SecurityAssociationOptions requiredOptions, SecurityAssociationOptions supportedOptions, IServerSideAuthentication serverAuth, omg.org.IOP.Codec codec) { m_codec = codec; if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) && (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))) { throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client"); } SecureProtocol protocol = SecureProtocol.None; SslAlgorithms allowedCiphers = SslAlgorithms.ALL; if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) || ((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3; allowedCiphers = SslAlgorithms.SECURE_CIPHERS; m_isSecured = true; } CredentialVerification clientVerification = CredentialVerification.None; CertVerifyEventHandler verifyClient = null; SecurityFlags authFlags = SecurityFlags.Default; if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) || ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)) { clientVerification = CredentialVerification.Manual; verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer); } if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) { authFlags = SecurityFlags.MutualAuthentication; } m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server, clientVerification, verifyClient, null, authFlags, allowedCiphers, null); m_serverAuth = serverAuth; m_supportedOptions = supportedOptions; m_requiredOptions = requiredOptions; }
public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm) { MemoryStream ms = new MemoryStream(); // write them to the memory stream in order of preference int algo = (int)algorithm; if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0) { ms.Write(new byte[] { 0, 53 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0) { ms.Write(new byte[] { 0, 47 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0) { ms.Write(new byte[] { 0, 5 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0) { ms.Write(new byte[] { 0, 4 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0) { ms.Write(new byte[] { 0, 10 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0) { ms.Write(new byte[] { 0, 9 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0) { ms.Write(new byte[] { 0, 3 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0) { ms.Write(new byte[] { 0, 6 }, 0, 2); } if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0) { ms.Write(new byte[] { 0, 8 }, 0, 2); } return(ms.ToArray()); }
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert, ConnectionEnd entity, IEnumerable <string> knownProtocols, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; this.KnownProtocols = knownProtocols; this.Extensions = extensions; this.ExtensionList = FormExtsList(extensions); }
public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm) { MemoryStream ms = new MemoryStream(); // write them to the memory stream in order of preference int algo = (int)algorithm; if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0) ms.Write(new byte[]{0,53}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0) ms.Write(new byte[]{0,47}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0) ms.Write(new byte[]{0,5}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0) ms.Write(new byte[]{0,4}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0) ms.Write(new byte[]{0,10}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0) ms.Write(new byte[]{0,9}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0) ms.Write(new byte[]{0,3}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0) ms.Write(new byte[]{0,6}, 0, 2); if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0) ms.Write(new byte[]{0,8}, 0, 2); return ms.ToArray(); }
public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed) { int alwd = (int)allowed; for(int i = 0; i < algorithms.Length; i+=2) { SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i); if (((int)alg & alwd) != 0) return alg; } throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes."); }
public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme) { for(int i = 0; i < Definitions.Length; i++) { if (Definitions[i].Scheme == scheme) { return Definitions[i]; } } throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown."); }
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity) { for(int i = 0; i < Definitions.Length; i++) { if (Definitions[i].Scheme == scheme) { if (protocol == SecureProtocol.Tls1) { return Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity); } else if (protocol == SecureProtocol.Ssl3) { return Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity); } } } throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown."); }
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity) { for (int i = 0; i < Definitions.Length; i++) { if (Definitions[i].Scheme == scheme) { if (protocol == SecureProtocol.Tls1) { return(Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity)); } else if (protocol == SecureProtocol.Ssl3) { return(Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity)); } } } throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown."); }
public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm) { return(new byte[] { 0 }); }
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert, ConnectionEnd entity, IEnumerable<string> knownProtocols, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) { this.Protocol = protocol; this.Certificate = cert; this.Entity = entity; this.VerificationType = verifyType; this.Verifier = verifier; this.CommonName = commonName; this.Flags = flags; this.AllowedAlgorithms = allowed; this.RequestHandler = requestHandler; this.KnownProtocols = knownProtocols; this.Extensions = extensions; this.ExtensionList = FormExtsList(extensions); }
public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm) { return new byte[]{0}; }