public override CertificateRequest GetCertificateRequest()
{
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
byte[] hashAlgorithms = new byte[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256,
HashAlgorithm.sha224, HashAlgorithm.sha1 };
byte[] signatureAlgorithms = new byte[] { SignatureAlgorithm.rsa };
serverSigAlgs = new ArrayList();
for (int i = 0; i < hashAlgorithms.Length; ++i)
{
for (int j = 0; j < signatureAlgorithms.Length; ++j)
{
serverSigAlgs.Add(new SignatureAndHashAlgorithm(hashAlgorithms[i],
signatureAlgorithms[j]));
}
}
}
IList certificateAuthorities = new ArrayList();
certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca.pem").Subject);
return(new CertificateRequest(new byte[] { ClientCertificateType.rsa_sign }, serverSigAlgs, certificateAuthorities));
}
public override CertificateRequest GetCertificateRequest()
{
List <SignatureAndHashAlgorithm> serverSigAlgs = new List <SignatureAndHashAlgorithm>();
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
byte[] hashAlgorithms = new byte[]
{
HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256, HashAlgorithm.sha224,
HashAlgorithm.sha1
};
byte[] signatureAlgorithms = new byte[] { SignatureAlgorithm.rsa, SignatureAlgorithm.ecdsa };
serverSigAlgs = new List <SignatureAndHashAlgorithm>();
for (int i = 0; i < hashAlgorithms.Length; ++i)
{
for (int j = 0; j < signatureAlgorithms.Length; ++j)
{
serverSigAlgs.Add(new SignatureAndHashAlgorithm(hashAlgorithms[i], signatureAlgorithms[j]));
}
}
}
return(new CertificateRequest(new byte[] { ClientCertificateType.rsa_sign }, serverSigAlgs, null));
}
public override CertificateRequest GetCertificateRequest()
{
if (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
{
return(null);
}
byte[] certificateTypes = new byte[] { ClientCertificateType.rsa_sign,
ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
serverSigAlgs = mConfig.serverCertReqSigAlgs;
if (serverSigAlgs == null)
{
serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
}
}
IList certificateAuthorities = new ArrayList();
certificateAuthorities.Add(TlsTestUtilities.LoadCertificateResource("x509-ca.pem").Subject);
return(new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities));
}
public virtual IDictionary GetClientExtensions()
{
IDictionary dictionary = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsUtilities.AddSignatureAlgorithmsExtension(dictionary, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
mNamedCurves = new int[2]
{
23,
24
};
mClientECPointFormats = new byte[3]
{
0,
1,
2
};
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(dictionary, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(dictionary, mClientECPointFormats);
}
return(dictionary);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary clientExtensions = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
/*
* RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2.
* Clients MUST NOT offer it if they are offering prior versions.
*/
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
// TODO Provide a way for the user to specify the acceptable hash/signature algorithms.
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
/*
* RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message
* appends these extensions (along with any others), enumerating the curves it supports
* and the point formats it can parse. Clients SHOULD send both the Supported Elliptic
* Curves Extension and the Supported Point Formats Extension.
*/
/*
* TODO Could just add all the curves since we support them all, but users may not want
* to use unnecessarily large fields. Need configuration options.
*/
this.mNamedCurves = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 };
this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats);
}
if (this.HostNames != null && this.HostNames.Count > 0)
{
var list = new System.Collections.Generic.List <ServerName>(this.HostNames.Count);
for (int i = 0; i < this.HostNames.Count; ++i)
{
list.Add(new ServerName(Tls.NameType.host_name, this.HostNames[i]));
}
TlsExtensionsUtilities.AddServerNameExtension(clientExtensions, new ServerNameList(list));
}
return(clientExtensions);
}
public override CertificateRequest GetCertificateRequest()
{
byte[] certificateTypes = new byte[] { ClientCertificateType.rsa_sign,
ClientCertificateType.ecdsa_sign };
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
}
return(new CertificateRequest(certificateTypes, serverSigAlgs, null));
}
public virtual void Init(TlsContext context)
{
mContext = context;
ProtocolVersion clientVersion = context.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
if (mSupportedSignatureAlgorithms == null)
{
switch (mKeyExchange)
{
case 13:
case 14:
case 21:
case 24:
break;
case 3:
case 7:
case 22:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultDssSignatureAlgorithms();
break;
case 16:
case 17:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
break;
case 1:
case 5:
case 9:
case 15:
case 18:
case 19:
case 23:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
}
}
else if (mSupportedSignatureAlgorithms != null)
{
throw new InvalidOperationException("supported_signature_algorithms not allowed for " + clientVersion);
}
}
public virtual void ProcessClientExtensions(IDictionary clientExtensions)
{
this.mClientExtensions = clientExtensions;
if (clientExtensions != null)
{
this.mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);
this.mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
this.mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);
this.mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
if (this.mSupportedSignatureAlgorithms != null)
{
/*
* RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior
* to 1.2. Clients MUST NOT offer it if they are offering prior versions.
*/
if (!TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion))
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
}
this.mNamedCurves = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
this.mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
}
/*
* RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it
* does not propose any ECC cipher suites.
*
* NOTE: This was overly strict as there may be ECC cipher suites that we don't recognize.
* Also, draft-ietf-tls-negotiated-ff-dhe will be overloading the 'elliptic_curves'
* extension to explicitly allow FFDHE (i.e. non-ECC) groups.
*/
//if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null))
// throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
public virtual void ProcessClientExtensions(IDictionary clientExtensions)
{
mClientExtensions = clientExtensions;
if (clientExtensions != null)
{
mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);
mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
{
throw new TlsFatalAlert(47);
}
mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);
mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
if (mSupportedSignatureAlgorithms != null && !TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion))
{
throw new TlsFatalAlert(47);
}
mNamedCurves = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
}
}
public virtual void Init(TlsContext context)
{
this.mContext = context;
ProtocolVersion clientVersion = context.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
/*
* RFC 5246 7.4.1.4.1. If the client does not send the signature_algorithms extension,
* the server MUST do the following:
*
* - If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, DH_RSA, RSA_PSK,
* ECDH_RSA, ECDHE_RSA), behave as if client had sent the value {sha1,rsa}.
*
* - If the negotiated key exchange algorithm is one of (DHE_DSS, DH_DSS), behave as if
* the client had sent the value {sha1,dsa}.
*
* - If the negotiated key exchange algorithm is one of (ECDH_ECDSA, ECDHE_ECDSA),
* behave as if the client had sent value {sha1,ecdsa}.
*/
if (this.mSupportedSignatureAlgorithms == null)
{
switch (mKeyExchange)
{
case KeyExchangeAlgorithm.DH_DSS:
case KeyExchangeAlgorithm.DHE_DSS:
case KeyExchangeAlgorithm.SRP_DSS:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultDssSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.ECDH_ECDSA:
case KeyExchangeAlgorithm.ECDHE_ECDSA:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DHE_RSA:
case KeyExchangeAlgorithm.ECDH_RSA:
case KeyExchangeAlgorithm.ECDHE_RSA:
case KeyExchangeAlgorithm.RSA:
case KeyExchangeAlgorithm.RSA_PSK:
case KeyExchangeAlgorithm.SRP_RSA:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.DHE_PSK:
case KeyExchangeAlgorithm.ECDHE_PSK:
case KeyExchangeAlgorithm.PSK:
case KeyExchangeAlgorithm.SRP:
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
}
}
else if (this.mSupportedSignatureAlgorithms != null)
{
throw new InvalidOperationException("supported_signature_algorithms not allowed for " + clientVersion);
}
}