public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed) {
for(int i = 0; i < algos.Length; i++) {
if (algos[i] == 0)
return SslAlgorithms.NULL_COMPRESSION;
}
throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods.");
}
private SecurityOptions CreateClientSecurityOptions(SSLComponentData sslData)
{
CertVerifyEventHandler serverCertificateCheckHandler = null;
CertRequestEventHandler clientCertificateRequestHandler = null;
CredentialVerification credentialVerification = CredentialVerification.Auto;
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms sslAlgs = SslAlgorithms.ALL;
if (((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((sslData.TargetRequiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
sslAlgs = SslAlgorithms.SECURE_CIPHERS;
credentialVerification = CredentialVerification.Manual;
serverCertificateCheckHandler = new CertVerifyEventHandler(this.CheckServerCertAtClient);
clientCertificateRequestHandler = new CertRequestEventHandler(this.GetClientCertAtClient);
}
SecurityOptions result =
new SecurityOptions(protocol,
null, ConnectionEnd.Client,
credentialVerification, serverCertificateCheckHandler,
null, SecurityFlags.Default, sslAlgs,
clientCertificateRequestHandler);
return(result);
}
public static byte GetAlgorithmByte(SslAlgorithms algorithm) {
switch(algorithm) {
case SslAlgorithms.NULL_COMPRESSION:
return 0;
default:
return 0; // perhaps throw error?
}
}
public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme)
{
for (int i = 0; i < Definitions.Length; i++)
{
if (Definitions[i].Scheme == scheme)
{
return(Definitions[i]);
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
public static SslAlgorithms GetCompressionAlgorithm(byte[] algos, SslAlgorithms allowed)
{
for (int i = 0; i < algos.Length; i++)
{
if (algos[i] == 0)
{
return(SslAlgorithms.NULL_COMPRESSION);
}
}
throw new SslException(AlertDescription.HandshakeFailure, "No compression method matches the available compression methods.");
}
public static byte GetAlgorithmByte(SslAlgorithms algorithm)
{
switch (algorithm)
{
case SslAlgorithms.NULL_COMPRESSION:
return(0);
default:
return(0); // perhaps throw error?
}
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler) {
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
public CipherDefinition(SslAlgorithms scheme, Type bulk, int keysize, int ivsize, int expsize, Type hash, HashType hashType, int hashsize, bool exportable)
{
this.Scheme = scheme;
this.BulkCipherAlgorithm = bulk;
this.BulkKeySize = keysize;
this.BulkIVSize = ivsize;
this.BulkExpandedSize = expsize;
this.HashAlgorithm = hash;
this.HashAlgorithmType = hashType;
this.HashSize = hashsize;
this.Exportable = exportable;
}
public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed)
{
int alwd = (int)allowed;
for (int i = 0; i < algorithms.Length; i += 2)
{
SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i);
if (((int)alg & alwd) != 0)
{
return(alg);
}
}
throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes.");
}
internal SslConnectionListener(SecurityAssociationOptions requiredOptions,
SecurityAssociationOptions supportedOptions,
IServerSideAuthentication serverAuth,
omg.org.IOP.Codec codec)
{
m_codec = codec;
if (((requiredOptions & SecurityAssociationOptions.NoProtection) > 0) &&
(((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)))
{
throw new ArgumentException("unsupported options combination: required no protection and supported EstablishTrustInTarget/Client");
}
SecureProtocol protocol = SecureProtocol.None;
SslAlgorithms allowedCiphers = SslAlgorithms.ALL;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInTarget) > 0) ||
((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
protocol = SecureProtocol.Tls1 | SecureProtocol.Ssl3;
allowedCiphers = SslAlgorithms.SECURE_CIPHERS;
m_isSecured = true;
}
CredentialVerification clientVerification = CredentialVerification.None;
CertVerifyEventHandler verifyClient = null;
SecurityFlags authFlags = SecurityFlags.Default;
if (((supportedOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0) ||
((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0))
{
clientVerification = CredentialVerification.Manual;
verifyClient = new CertVerifyEventHandler(this.CheckClientCertAtServer);
}
if ((requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0)
{
authFlags = SecurityFlags.MutualAuthentication;
}
m_sslOpts = new SecurityOptions(protocol, serverAuth.GetServerCertificate(), ConnectionEnd.Server,
clientVerification, verifyClient,
null, authFlags, allowedCiphers, null);
m_serverAuth = serverAuth;
m_supportedOptions = supportedOptions;
m_requiredOptions = requiredOptions;
}
public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm)
{
MemoryStream ms = new MemoryStream();
// write them to the memory stream in order of preference
int algo = (int)algorithm;
if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0)
{
ms.Write(new byte[] { 0, 53 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0)
{
ms.Write(new byte[] { 0, 47 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0)
{
ms.Write(new byte[] { 0, 5 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0)
{
ms.Write(new byte[] { 0, 4 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0)
{
ms.Write(new byte[] { 0, 10 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0)
{
ms.Write(new byte[] { 0, 9 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0)
{
ms.Write(new byte[] { 0, 3 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0)
{
ms.Write(new byte[] { 0, 6 }, 0, 2);
}
if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0)
{
ms.Write(new byte[] { 0, 8 }, 0, 2);
}
return(ms.ToArray());
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable <string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
public static byte[] GetCipherAlgorithmBytes(SslAlgorithms algorithm) {
MemoryStream ms = new MemoryStream();
// write them to the memory stream in order of preference
int algo = (int)algorithm;
if ((algo & (int)SslAlgorithms.RSA_AES_256_SHA) != 0)
ms.Write(new byte[]{0,53}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_AES_128_SHA) != 0)
ms.Write(new byte[]{0,47}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_RC4_128_SHA) != 0)
ms.Write(new byte[]{0,5}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_RC4_128_MD5) != 0)
ms.Write(new byte[]{0,4}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_3DES_168_SHA) != 0)
ms.Write(new byte[]{0,10}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_DES_56_SHA) != 0)
ms.Write(new byte[]{0,9}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_RC4_40_MD5) != 0)
ms.Write(new byte[]{0,3}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_RC2_40_MD5) != 0)
ms.Write(new byte[]{0,6}, 0, 2);
if ((algo & (int)SslAlgorithms.RSA_DES_40_SHA) != 0)
ms.Write(new byte[]{0,8}, 0, 2);
return ms.ToArray();
}
public static SslAlgorithms GetCipherSuiteAlgorithm(byte[] algorithms, SslAlgorithms allowed) {
int alwd = (int)allowed;
for(int i = 0; i < algorithms.Length; i+=2) {
SslAlgorithms alg = GetCipherAlgorithmType(algorithms, i);
if (((int)alg & alwd) != 0)
return alg;
}
throw new SslException(AlertDescription.HandshakeFailure, "No encryption scheme matches the available schemes.");
}
public CipherDefinition(SslAlgorithms scheme, Type bulk, int keysize, int ivsize, int expsize, Type hash, HashType hashType, int hashsize, bool exportable) {
this.Scheme = scheme;
this.BulkCipherAlgorithm = bulk;
this.BulkKeySize = keysize;
this.BulkIVSize = ivsize;
this.BulkExpandedSize = expsize;
this.HashAlgorithm = hash;
this.HashAlgorithmType = hashType;
this.HashSize = hashsize;
this.Exportable = exportable;
}
public static CipherDefinition GetCipherDefinition(SslAlgorithms scheme) {
for(int i = 0; i < Definitions.Length; i++) {
if (Definitions[i].Scheme == scheme) {
return Definitions[i];
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity) {
for(int i = 0; i < Definitions.Length; i++) {
if (Definitions[i].Scheme == scheme) {
if (protocol == SecureProtocol.Tls1) {
return Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity);
} else if (protocol == SecureProtocol.Ssl3) {
return Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity);
}
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
public static CipherSuite GetCipherSuite(SecureProtocol protocol, byte[] master, byte[] clientrnd, byte[] serverrnd, SslAlgorithms scheme, ConnectionEnd entity)
{
for (int i = 0; i < Definitions.Length; i++)
{
if (Definitions[i].Scheme == scheme)
{
if (protocol == SecureProtocol.Tls1)
{
return(Tls1CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
}
else if (protocol == SecureProtocol.Ssl3)
{
return(Ssl3CipherSuites.InitializeCipherSuite(master, clientrnd, serverrnd, Definitions[i], entity));
}
}
}
throw new SslException(AlertDescription.IllegalParameter, "The cipher suite is unknown.");
}
public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm)
{
return(new byte[] { 0 });
}
public SecurityOptions(SecureProtocol protocol, ExtensionType[] extensions, Certificate cert,
ConnectionEnd entity, IEnumerable<string> knownProtocols,
CredentialVerification verifyType, CertVerifyEventHandler verifier,
string commonName, SecurityFlags flags, SslAlgorithms allowed,
CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
this.KnownProtocols = knownProtocols;
this.Extensions = extensions;
this.ExtensionList = FormExtsList(extensions);
}
/// <summary>
/// Initializes a new instance of the SecurityOptions class.
/// </summary>
/// <param name="protocol">One of the <see cref="SecureProtocol"/> values.</param>
/// <param name="cert">A <see cref="Certificate"/> instance.</param>
/// <param name="entity">One of the <see cref="ConnectionEnd"/> values.</param>
/// <param name="verifyType">One of the <see cref="CredentialVerification"/> values.</param>
/// <param name="verifier">The <see cref="CertVerifyEventHandler"/> delegate.</param>
/// <param name="commonName">The common name of the remote computer. This is usually a domain name.</param>
/// <param name="flags">A bitwise combination of the <see cref="SecurityFlags"/> values.</param>
/// <param name="allowed">A bitwise combination of the <see cref="SslAlgorithms"/> values.</param>
/// <param name="requestHandler">The <see cref="CertRequestEventHandler"/> delegate.</param>
public SecurityOptions(SecureProtocol protocol, Certificate cert, ConnectionEnd entity, CredentialVerification verifyType, CertVerifyEventHandler verifier, string commonName, SecurityFlags flags, SslAlgorithms allowed, CertRequestEventHandler requestHandler)
{
this.Protocol = protocol;
this.Certificate = cert;
this.Entity = entity;
this.VerificationType = verifyType;
this.Verifier = verifier;
this.CommonName = commonName;
this.Flags = flags;
this.AllowedAlgorithms = allowed;
this.RequestHandler = requestHandler;
}
public static byte[] GetCompressionAlgorithmBytes(SslAlgorithms algorithm) {
return new byte[]{0};
}
