protected virtual void Resolve() { HandshakeParameters.ClientRandom = Context.Session.GetSecureRandomBytes(32); CipherSuiteCollection requestedCiphers; if (Settings.RequestedCiphers != null) { requestedCiphers = new CipherSuiteCollection(Config.RequestedProtocol, Settings.RequestedCiphers); } else { requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Config.RequestedProtocol); } if (requestedCiphers.Protocol != Config.RequestedProtocol) { throw new TlsException(AlertDescription.ProtocolVersion); } HandshakeParameters.SupportedCiphers = requestedCiphers.Clone(); if (Config.EnableSecureRenegotiation && !Session.SecureRenegotiation && ((Config.RenegotiationFlags & RenegotiationFlags.SendCipherSpecCode) != 0)) { HandshakeParameters.SupportedCiphers.AddSCSV(); } Session.SignatureParameters = Context.SignatureProvider.GetClientSignatureParameters(Context); }
protected virtual void SelectCipher(TlsClientHello message) { var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null; CipherSuiteCollection supportedCiphers; if (userCiphers != null) { supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers); } else { supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = supportedCiphers; CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); }
protected virtual TlsClientHello GenerateClientHello() { var clientUnixTime = HandshakeParameters.GetUnixTime(); HandshakeParameters.ClientRandom = Context.Session.GetSecureRandomBytes(32); TlsBuffer.WriteInt32(HandshakeParameters.ClientRandom.Buffer, 0, clientUnixTime); var requestedUserCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null; CipherSuiteCollection requestedCiphers; if (requestedUserCiphers != null) { requestedCiphers = new CipherSuiteCollection(Config.RequestedProtocol, requestedUserCiphers); } else { requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Config.RequestedProtocol); } if (requestedCiphers.Protocol != Config.RequestedProtocol) { throw new TlsException(AlertDescription.ProtocolVersion); } HandshakeParameters.SupportedCiphers = requestedCiphers.Clone(); if (Config.EnableSecureRenegotiation && !Session.SecureRenegotiation && ((Config.RenegotiationFlags & RenegotiationFlags.SendCipherSpecCode) != 0)) { HandshakeParameters.SupportedCiphers.AddSCSV(); } if (ServerNameExtension.IsLegalHostName(Config.TargetHost)) { HandshakeParameters.RequestedExtensions.Add(new ServerNameExtension(Config.TargetHost)); } if (Config.EnableSecureRenegotiation && (Session.SecureRenegotiation || ((Config.RenegotiationFlags & RenegotiationFlags.SendClientHelloExtension) != 0))) { HandshakeParameters.RequestedExtensions.Add(RenegotiationExtension.CreateClient(Context)); } if (UserSettings.HasClientCertificateParameters) { HandshakeParameters.RequestedExtensions.Add(new SignatureAlgorithmsExtension(UserSettings.ClientCertificateParameters.SignatureAndHashAlgorithms)); } return(new TlsClientHello( Config.RequestedProtocol, HandshakeParameters.ClientRandom, HandshakeParameters.SessionId, HandshakeParameters.SupportedCiphers.ToArray(), HandshakeParameters.RequestedExtensions)); }
protected virtual void SelectCipher(TlsClientHello message) { var certificate = Config.Certificate; if (certificate == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate"); } CipherSuiteCollection requestedCiphers; if (Settings.RequestedCiphers != null) { requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers); } else { requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => { #if INSTRUMENTATION if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection)) { return(true); } #endif var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher); return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm)); }); CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); Session.PendingCrypto.ServerCertificates = new X509CertificateCollection(); Session.PendingCrypto.ServerCertificates.Add(certificate); }