public override void Dispose(bool disposing)
{
base.Dispose(disposing);
if (disposing)
{
sslStream?.Dispose();
sslStream = null;
connectionInfo = null;
}
}
public override void FinishHandshake()
{
sslStream.EndHandshake(handshakeResult);
handshakeResult = null;
// Once done, we can set up info values
connectionInfo = new MonoTlsConnectionInfo();
connectionInfo.HashAlgorithmType = sslStream.HashAlgorithm switch
{
TlsHashAlgorithmType.Md5 => HashAlgorithmType.Md5,
TlsHashAlgorithmType.None => HashAlgorithmType.None,
TlsHashAlgorithmType.Sha1 => HashAlgorithmType.Sha1,
_ => throw new InvalidOperationException(
"Not supported hash algorithm is in use. It is likely a bug in SslStream.")
};
connectionInfo.CipherSuiteCode = (CipherSuiteCode)sslStream.protocol.Context.Current.Cipher.Code;
// Apparently it's possible to figure out the rest values from cipher suite code, but mono has no logic for that yet
// On the other hand it seems like those values are not assigned either way (look at btls impl)
// TODO: See if these values actually work and are valid
connectionInfo.ExchangeAlgorithmType = sslStream.KeyExchangeAlgorithm switch
{
TlsExchangeAlgorithmType.DiffieHellman => ExchangeAlgorithmType.Dhe,
TlsExchangeAlgorithmType.None => ExchangeAlgorithmType.None,
TlsExchangeAlgorithmType.RsaSign => ExchangeAlgorithmType.Rsa,
TlsExchangeAlgorithmType.RsaKeyX => ExchangeAlgorithmType.EcDhe,
_ => throw new InvalidOperationException(
$"Not supported exchange algorithm is in use ({sslStream.KeyExchangeAlgorithm}). It is likely a bug in SslStream.")
};
var protocols = sslStream.SecurityProtocol switch
{
TlsSecurityProtocolType.Default => SslProtocols.Default,
TlsSecurityProtocolType.Ssl2 => SslProtocols.Ssl2,
TlsSecurityProtocolType.Ssl3 => SslProtocols.Ssl3,
TlsSecurityProtocolType.Tls => SslProtocols.Tls,
_ => throw new InvalidOperationException(
$"Not supported TLS protocol is in use ({sslStream.SecurityProtocol}). It is likely a bug in SslStream.")
};
connectionInfo.ProtocolVersion = (TlsProtocols)protocols;
connectionInfo.CipherAlgorithmType = sslStream.CipherAlgorithm switch
{
TlsCipherAlgorithmType.None => CipherAlgorithmType.None,
TlsCipherAlgorithmType.Rijndael => sslStream.CipherStrength switch
{
128 => CipherAlgorithmType.Aes128,
256 => CipherAlgorithmType.Aes256,
_ => throw new InvalidOperationException(
$"Not supported cipher algorithm is in use ({sslStream.CipherAlgorithm}). It is likely a bug in SslStream.")
},
public MonoTlsConnectionInfo GetConnectionInfo()
{
if (connectionInfo != null)
{
return(connectionInfo);
}
connectionInfo = new MonoTlsConnectionInfo {
CipherSuiteCode = (CipherSuiteCode)openssl.CurrentCipher
};
return(connectionInfo);
}
void InitializeSession()
{
if (connectionInfo != null)
{
return;
}
var cipher = NegotiatedCipher;
var protocol = GetNegotiatedProtocolVersion();
Debug("GET CONNECTION INFO: {0:x}:{0} {1:x}:{1} {2}", cipher, protocol, (TlsProtocolCode)protocol);
connectionInfo = new MonoTlsConnectionInfo {
CipherSuiteCode = (CipherSuiteCode)cipher,
ProtocolVersion = GetProtocol(protocol)
};
}
internal void FinishHandshake()
{
HandshakeParameters.Dispose();
HandshakeParameters = null;
if (Session.CurrentCrypto == null || Session.PendingCrypto != null)
{
throw new TlsException(AlertDescription.InsuficientSecurity, "No ciper");
}
if (Session.CurrentCrypto.Cipher == null)
{
throw new TlsException(AlertDescription.InsuficientSecurity, "No ciper");
}
TlsProtocols protocol;
switch (Session.CurrentCrypto.Protocol)
{
case TlsProtocolCode.Tls10:
protocol = TlsProtocols.Tls10;
break;
case TlsProtocolCode.Tls11:
protocol = TlsProtocols.Tls11;
break;
case TlsProtocolCode.Tls12:
protocol = TlsProtocols.Tls12;
break;
default:
throw new TlsException(AlertDescription.ProtocolVersion);
}
var cipher = Session.CurrentCrypto.Cipher;
connectionInfo = new MonoTlsConnectionInfo {
CipherSuiteCode = cipher.Code, ProtocolVersion = protocol,
CipherAlgorithmType = cipher.CipherAlgorithmType,
HashAlgorithmType = cipher.HashAlgorithmType,
ExchangeAlgorithmType = cipher.ExchangeAlgorithmType
};
}
void InitializeSession()
{
GetPeerCertificate();
if (IsServer && AskForClientCertificate && !certificateValidated)
{
if (!ValidateCertificate(null, null))
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
}
var cipher = (CipherSuiteCode)ssl.GetCipher();
var protocol = (TlsProtocolCode)ssl.GetVersion();
Debug("GET CONNECTION INFO: {0:x}:{0} {1:x}:{1} {2}", cipher, protocol, (TlsProtocolCode)protocol);
connectionInfo = new MonoTlsConnectionInfo {
CipherSuiteCode = cipher,
ProtocolVersion = GetProtocol(protocol)
};
}
public override void FinishHandshake()
{
// Query some data. Ignore errors on the way since failure is not crucial.
var errorState = UnityTls.NativeInterface.unitytls_errorstate_create();
var cipherSuite = UnityTls.NativeInterface.unitytls_tlsctx_get_ciphersuite(tlsContext, &errorState);
var protocolVersion = UnityTls.NativeInterface.unitytls_tlsctx_get_protocol(tlsContext, &errorState);
connectioninfo = new MonoTlsConnectionInfo
{
CipherSuiteCode = (CipherSuiteCode)cipherSuite,
ProtocolVersion = UnityTlsConversions.ConvertProtocolVersion(protocolVersion),
PeerDomainName = ServerName
// TODO:
// The following properties can be deducted from CipherSuiteCode.
// It looks though like as of writing no Mono implemention fills it out and there is also no mechanism that does that automatically
//
//CipherAlgorithmType
//HashAlgorithmType
//ExchangeAlgorithmType
};
isAuthenticated = true;
}
public override void Dispose(bool disposing)
{
try
{
if (disposing)
{
Shutdown();
// reset states
localClientCertificate = null;
remoteCertificate = null;
if (localClientCertificate != null)
{
localClientCertificate.Dispose();
localClientCertificate = null;
}
if (remoteCertificate != null)
{
remoteCertificate.Dispose();
remoteCertificate = null;
}
connectioninfo = null;
isAuthenticated = false;
hasContext = false;
}
handle.Free();
}
finally
{
base.Dispose(disposing);
}
}
public MonoConnectionInfo(MonoTlsConnectionInfo info)
{
this.info = info;
}
