public DiffieHellmanKeyExchange (TlsContext ctx)
{
this.protocol = ctx.NegotiatedProtocol;
switch (protocol) {
case TlsProtocolCode.Tls12:
Signature = new SignatureTls12 (ctx.Session.ServerSignatureAlgorithm);
break;
case TlsProtocolCode.Tls10:
Signature = new SignatureTls10 ();
break;
case TlsProtocolCode.Tls11:
Signature = new SignatureTls11 ();
break;
default:
throw new NotSupportedException ();
}
dh = new DiffieHellmanManaged ();
Y = dh.CreateKeyExchange ();
var dhparams = dh.ExportParameters (true);
P = dhparams.P;
G = dhparams.G;
using (var buffer = CreateParameterBuffer (ctx.HandshakeParameters))
Signature.Create (buffer, ctx.Configuration.PrivateKey);
}
public GaloisCounterCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base (isServer, protocol, cipher)
{
ImplicitNonceSize = 4;
ExplicitNonceSize = 8;
MacSize = 16;
}
public TlsCertificateRequest (TlsProtocolCode protocol, TlsBuffer incoming)
: base (HandshakeType.CertificateRequest)
{
Protocol = protocol;
Parameters = new ClientCertificateParameters ();
Read (incoming);
}
public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions)
: base (HandshakeType.ServerHello)
{
ServerProtocol = protocol;
ServerRandom = random;
SessionID = session;
SelectedCipher = cipher;
Extensions = extensions;
}
public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions)
: base (HandshakeType.ClientHello)
{
ClientProtocol = protocol;
ClientRandom = random;
SessionID = session;
ClientCiphers = ciphers;
Extensions = extensions;
}
public TlsConfiguration (TlsProtocols protocols, TlsSettings settings, string targetHost)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (ref supportedProtocols, false);
TlsSettings = settings ?? new TlsSettings ();
TargetHost = targetHost;
RenegotiationFlags = DefaultRenegotiationFlags;
}
public TlsConfiguration (TlsProtocols protocols, TlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (ref supportedProtocols, true);
TlsSettings = settings ?? new TlsSettings ();
Certificate = certificate;
PrivateKey = privateKey;
RenegotiationFlags = DefaultRenegotiationFlags;
}
public static MonoClientAndServerParameters SelectCipherSuite (TestContext ctx, TlsProtocolCode protocol, CipherSuiteCode code)
{
var provider = DependencyInjector.Get<ICertificateProvider> ();
var acceptAll = provider.AcceptAll ();
string name = string.Format ("select-cipher-{0}-{1}", protocol, code);
return new MonoClientAndServerParameters (name, ResourceManager.SelfSignedServerCertificate) {
ClientCertificateValidator = acceptAll
};
}
public static KeyExchange Create (TlsProtocolCode protocol, ExchangeAlgorithmType algorithm)
{
switch (algorithm) {
case ExchangeAlgorithmType.RsaSign:
return new RSAKeyExchange ();
case ExchangeAlgorithmType.DiffieHellman:
return new DiffieHellmanKeyExchange (protocol);
default:
throw new InvalidOperationException ();
}
}
public static CipherSuite CreateCipherSuite (TlsProtocolCode protocol, CipherSuiteCode code)
{
if (protocol == TlsProtocolCode.Tls12)
return CreateCipherSuiteTls12 (code);
else if (protocol == TlsProtocolCode.Tls11)
return CreateCipherSuiteTls11 (code);
else if (protocol == TlsProtocolCode.Tls10)
return CreateCipherSuiteTls10 (code);
else
throw new TlsException (AlertDescription.ProtocolVersion);
}
static byte[] ComputeRecordMAC (TlsProtocolCode protocol, HMac hmac, ulong seqnum, ContentType contentType, IBufferOffsetSize fragment)
{
var header = new TlsBuffer (13);
header.Write (seqnum);
header.Write ((byte)contentType);
header.Write ((short)protocol);
header.Write ((short)fragment.Size);
hmac.Reset ();
hmac.TransformBlock (header.Buffer, 0, header.Size);
hmac.TransformBlock (fragment.Buffer, fragment.Offset, fragment.Size);
return hmac.TransformFinalBlock ();
}
public static Signature Read (TlsProtocolCode protocol, TlsBuffer incoming)
{
switch (protocol) {
case TlsProtocolCode.Tls10:
return new SignatureTls10 (incoming);
case TlsProtocolCode.Tls11:
return new SignatureTls11 (incoming);
case TlsProtocolCode.Tls12:
return new SignatureTls12 (incoming);
default:
throw new NotSupportedException ();
}
}
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, string targetHost)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (settings, ref supportedProtocols, false);
TlsSettings = settings;
TargetHost = targetHost;
if (settings != null)
UserSettings = (UserSettings)settings.UserSettings;
if (UserSettings == null)
UserSettings = new UserSettings ();
RenegotiationFlags = DefaultRenegotiationFlags;
}
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (settings, ref supportedProtocols, true);
TlsSettings = settings;
Certificate = certificate;
PrivateKey = privateKey;
if (settings != null)
UserSettings = (UserSettings)settings.UserSettings;
if (UserSettings == null)
UserSettings = new UserSettings ();
RenegotiationFlags = DefaultRenegotiationFlags;
}
public static KeyExchange Create(TlsProtocolCode protocol, ExchangeAlgorithmType algorithm)
{
switch (algorithm)
{
case ExchangeAlgorithmType.Rsa:
return(new RSAKeyExchange());
case ExchangeAlgorithmType.Dhe:
return(new DiffieHellmanKeyExchange(protocol));
case ExchangeAlgorithmType.EcDhe:
return(new EllipticCurveKeyExchange());
default:
throw new InvalidOperationException();
}
}
static TlsProtocols GetProtocol(TlsProtocolCode protocol)
{
switch (protocol)
{
case TlsProtocolCode.Tls10:
return(TlsProtocols.Tls10);
case TlsProtocolCode.Tls11:
return(TlsProtocols.Tls11);
case TlsProtocolCode.Tls12:
return(TlsProtocols.Tls12);
default:
throw new NotSupportedException();
}
}
public static Signature Read(TlsProtocolCode protocol, TlsBuffer incoming)
{
switch (protocol)
{
case TlsProtocolCode.Tls10:
return(new SignatureTls10(incoming));
case TlsProtocolCode.Tls11:
return(new SignatureTls11(incoming));
case TlsProtocolCode.Tls12:
return(new SignatureTls12(incoming));
default:
throw new NotSupportedException();
}
}
public bool IsSupportedProtocol(TlsProtocolCode protocol)
{
switch (protocol)
{
case TlsProtocolCode.Tls10:
return((supportedProtocols & TlsProtocols.Tls10) != 0);
case TlsProtocolCode.Tls11:
return((supportedProtocols & TlsProtocols.Tls11) != 0);
case TlsProtocolCode.Tls12:
return((supportedProtocols & TlsProtocols.Tls12) != 0);
default:
return(false);
}
}
public TlsConfiguration(TlsProtocols protocols, MonoTlsSettings settings, string targetHost)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol(settings, ref supportedProtocols, false);
TlsSettings = settings;
TargetHost = targetHost;
if (settings != null)
{
UserSettings = (UserSettings)settings.UserSettings;
}
if (UserSettings == null)
{
UserSettings = new UserSettings();
}
RenegotiationFlags = DefaultRenegotiationFlags;
}
public static CipherSuite CreateCipherSuite(TlsProtocolCode protocol, CipherSuiteCode code)
{
if (protocol == TlsProtocolCode.Tls12)
{
return(CreateCipherSuiteTls12(code));
}
else if (protocol == TlsProtocolCode.Tls11)
{
return(CreateCipherSuiteTls11(code));
}
else if (protocol == TlsProtocolCode.Tls10)
{
return(CreateCipherSuiteTls10(code));
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
}
internal static CipherSuiteCode[] GetSupportedCiphersArray(TlsProtocolCode protocol)
{
if (protocol == TlsProtocolCode.Tls12)
{
return(SupportedCiphersTls12);
}
else if (protocol == TlsProtocolCode.Tls11)
{
return(SupportedCiphersTls11);
}
else if (protocol == TlsProtocolCode.Tls10)
{
return(SupportedCiphersTls10);
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
}
static internal void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0;
var offset = buffer.Offset;
var remaining = buffer.Size;
do
{
BufferOffsetSize fragment;
var encryptedSize = crypto != null?crypto.GetEncryptedSize(remaining) : remaining;
if (encryptedSize <= MAX_FRAGMENT_SIZE)
{
fragment = new BufferOffsetSize(buffer.Buffer, offset, remaining);
}
else
{
fragment = new BufferOffsetSize(buffer.Buffer, offset, MAX_FRAGMENT_SIZE - maxExtraBytes);
encryptedSize = crypto != null?crypto.GetEncryptedSize(fragment.Size) : fragment.Size;
}
// Write tls message
output.Write((byte)contentType);
output.Write((short)protocol);
output.Write((short)encryptedSize);
if (crypto != null)
{
output.MakeRoom(encryptedSize);
var ret = crypto.Encrypt(contentType, fragment, output.GetRemaining());
output.Position += ret;
}
else
{
output.Write(fragment.Buffer, fragment.Offset, fragment.Size);
}
offset += fragment.Size;
remaining -= fragment.Size;
} while (remaining > 0);
}
public TlsConfiguration(TlsProtocols protocols, MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol(settings, ref supportedProtocols, true);
TlsSettings = settings;
Certificate = certificate;
PrivateKey = privateKey;
if (settings != null)
{
UserSettings = (UserSettings)settings.UserSettings;
}
if (UserSettings == null)
{
UserSettings = new UserSettings();
}
RenegotiationFlags = DefaultRenegotiationFlags;
}
internal void VerifyServerProtocol(TlsProtocolCode serverProtocol)
{
if (!Configuration.IsSupportedServerProtocol(serverProtocol))
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
if (HasNegotiatedProtocol && serverProtocol != NegotiatedProtocol)
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
if (!IsAcceptableServerProtocol(serverProtocol))
{
throw new TlsException(
AlertDescription.ProtocolVersion,
"Incorrect protocol version received from server");
}
negotiatedProtocol = serverProtocol;
}
internal void VerifyClientProtocol(TlsProtocolCode clientProtocol)
{
if (!Configuration.IsSupportedClientProtocol(clientProtocol))
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
if (HasNegotiatedProtocol && clientProtocol != NegotiatedProtocol)
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
// FIXME: we're overly strict at the moment
if (clientProtocol != Configuration.RequestedProtocol)
{
throw new TlsException(
AlertDescription.ProtocolVersion,
"Incorrect protocol version received from client");
}
negotiatedProtocol = clientProtocol;
}
bool IsAcceptableServerProtocol(TlsProtocolCode serverProtocol)
{
if (serverProtocol == Configuration.RequestedProtocol)
{
return(true);
}
if (Configuration.RequestedProtocol == TlsProtocolCode.Tls12)
{
switch (serverProtocol)
{
case TlsProtocolCode.Tls11:
return((Configuration.SupportedProtocols & TlsProtocols.Tls11Client) != 0);
case TlsProtocolCode.Tls10:
return((Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0);
default:
return(false);
}
}
else if (Configuration.RequestedProtocol == TlsProtocolCode.Tls11)
{
switch (serverProtocol)
{
case TlsProtocolCode.Tls10:
return((Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0);
default:
return(false);
}
}
else
{
return(false);
}
}
internal void VerifyClientProtocol (TlsProtocolCode clientProtocol)
{
if (!Configuration.IsSupportedClientProtocol (clientProtocol))
throw new TlsException (AlertDescription.ProtocolVersion);
if (HasNegotiatedProtocol && clientProtocol != NegotiatedProtocol)
throw new TlsException (AlertDescription.ProtocolVersion);
// FIXME: we're overly strict at the moment
if (clientProtocol != Configuration.RequestedProtocol)
throw new TlsException (
AlertDescription.ProtocolVersion,
"Incorrect protocol version received from client");
negotiatedProtocol = clientProtocol;
}
public override CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol)
{
switch (CipherAlgorithmType) {
case CipherAlgorithmType.AesGcm128:
case CipherAlgorithmType.AesGcm256:
return new GaloisCounterCipher (isServer, protocol, this);
case CipherAlgorithmType.Aes128:
case CipherAlgorithmType.Aes256:
return new CbcBlockCipher (isServer, protocol, this);
default:
throw new NotSupportedException ();
}
}
public abstract CryptoParameters Initialize(bool isServer, TlsProtocolCode protocol);
bool IsAcceptableServerProtocol (TlsProtocolCode serverProtocol)
{
if (serverProtocol == Configuration.RequestedProtocol)
return true;
if (Configuration.RequestedProtocol == TlsProtocolCode.Tls12) {
switch (serverProtocol) {
case TlsProtocolCode.Tls11:
return (Configuration.SupportedProtocols & TlsProtocols.Tls11Client) != 0;
case TlsProtocolCode.Tls10:
return (Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0;
default:
return false;
}
} else if (Configuration.RequestedProtocol == TlsProtocolCode.Tls11) {
switch (serverProtocol) {
case TlsProtocolCode.Tls10:
return (Configuration.SupportedProtocols & TlsProtocols.Tls10Client) != 0;
default:
return false;
}
} else {
return false;
}
}
public static ExchangeAlgorithmType GetExchangeAlgorithmType(TlsProtocolCode protocol, CipherSuiteCode code)
{
var cipher = CreateCipherSuite(protocol, code);
return(cipher.ExchangeAlgorithmType);
}
public TlsCertificateRequest (TlsProtocolCode protocol, ClientCertificateParameters parameters)
: base (HandshakeType.CertificateRequest)
{
Protocol = protocol;
Parameters = parameters;
}
internal CryptoParameters(bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
{
this.isServer = isServer;
this.protocol = protocol;
this.cipher = cipher;
}
public BlockCipherWithHMac (bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base (isServer, protocol, cipher)
{
MacSize = HMac.GetMacSize (Cipher.HashAlgorithmType);
}
public bool IsSupportedClientProtocol (TlsProtocolCode protocol)
{
switch (protocol) {
case TlsProtocolCode.Tls10:
return (supportedProtocols & TlsProtocols.Tls10Server) != 0;
case TlsProtocolCode.Tls11:
return (supportedProtocols & TlsProtocols.Tls11Server) != 0;
case TlsProtocolCode.Tls12:
return (supportedProtocols & TlsProtocols.Tls12Server) != 0;
default:
return false;
}
}
static void EncodeRecord_internal (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output,
int fragmentSize = MAX_FRAGMENT_SIZE)
{
var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0;
var offset = buffer.Offset;
var remaining = buffer.Size;
#if !INSTRUMENTATION
fragmentSize = MAX_FRAGMENT_SIZE;
#endif
do {
BufferOffsetSize fragment;
var encryptedSize = crypto != null ? crypto.GetEncryptedSize (remaining) : remaining;
if (encryptedSize <= fragmentSize)
fragment = new BufferOffsetSize (buffer.Buffer, offset, remaining);
else {
fragment = new BufferOffsetSize (buffer.Buffer, offset, fragmentSize - maxExtraBytes);
encryptedSize = crypto != null ? crypto.GetEncryptedSize (fragment.Size) : fragment.Size;
}
// Write tls message
output.Write ((byte)contentType);
output.Write ((short)protocol);
output.Write ((short)encryptedSize);
if (crypto != null) {
output.MakeRoom (encryptedSize);
var ret = crypto.Encrypt (contentType, fragment, output.GetRemaining ());
output.Position += ret;
} else {
output.Write (fragment.Buffer, fragment.Offset, fragment.Size);
}
offset += fragment.Size;
remaining -= fragment.Size;
} while (remaining > 0);
}
public MonoCryptoContext(TlsProtocolCode protocol, bool isServer)
{
Protocol = protocol;
IsServer = isServer;
}
public static CryptoTestParameters CreateCBC(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv)
{
return(new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv
});
}
public static bool IsTls12OrNewer (TlsProtocolCode protocol)
{
return IsTls12OrNewer ((short)protocol);
}
public BlockCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base(isServer, protocol, cipher)
{
BlockSize = cipher.BlockSize;
}
public BlockCipherWithHMac(bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base(isServer, protocol, cipher)
{
MacSize = HMac.GetMacSize(Cipher.HashAlgorithmType);
}
public static bool IsTls12OrNewer(TlsProtocolCode protocol)
{
return(IsTls12OrNewer((short)protocol));
}
public MyGaloisCounterCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher, byte[] iv)
: base(isServer, protocol, cipher)
{
this.iv = iv;
}
public TlsCertificateVerify(TlsProtocolCode protocol, TlsBuffer incoming)
: base(HandshakeType.CertificateVerify)
{
Protocol = protocol;
Read(incoming);
}
public override CryptoParameters Initialize(bool isServer, TlsProtocolCode protocol)
{
return(new CbcBlockCipher(isServer, protocol, this));
}
public abstract CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol);
public TlsCertificateRequest(TlsProtocolCode protocol, ClientCertificateParameters parameters)
: base(HandshakeType.CertificateRequest)
{
Protocol = protocol;
Parameters = parameters;
}
public static CipherSuiteCollection GetSupportedCiphers(TlsProtocolCode protocol)
{
return(new CipherSuiteCollection(protocol, GetSupportedCiphersArray(protocol)));
}
public static void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
EncodeRecord_internal(protocol, contentType, crypto, buffer, output);
}
public CbcBlockCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base (isServer, protocol, cipher)
{
}
public override CryptoParameters Initialize (bool isServer, TlsProtocolCode protocol)
{
return new CbcBlockCipher (isServer, protocol, this);
}
internal void VerifyServerProtocol (TlsProtocolCode serverProtocol)
{
if (!Configuration.IsSupportedServerProtocol (serverProtocol))
throw new TlsException (AlertDescription.ProtocolVersion);
if (HasNegotiatedProtocol && serverProtocol != NegotiatedProtocol)
throw new TlsException (AlertDescription.ProtocolVersion);
if (!IsAcceptableServerProtocol (serverProtocol))
throw new TlsException (
AlertDescription.ProtocolVersion,
"Incorrect protocol version received from server");
negotiatedProtocol = serverProtocol;
}
public DiffieHellmanKeyExchange(TlsProtocolCode protocol)
{
this.protocol = protocol;
}
public static void EncodeRecord (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
EncodeRecord_internal (protocol, contentType, crypto, buffer, output);
}
public static CryptoTestParameters CreateGCM(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce)
{
return(new CryptoTestParameters {
Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true
});
}
public BlockCipher (bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base (isServer, protocol, cipher)
{
BlockSize = cipher.BlockSize;
}
public CbcBlockCipher(bool isServer, TlsProtocolCode protocol, CipherSuite cipher)
: base(isServer, protocol, cipher)
{
}
public void AssertProtocol (ITlsContext ctx, TlsProtocolCode protocol)
{
if (!ctx.HasNegotiatedProtocol || ctx.NegotiatedProtocol != protocol)
throw new TlsException (AlertDescription.ProtocolVersion);
}
public DiffieHellmanKeyExchange (TlsProtocolCode protocol)
{
this.protocol = protocol;
}
