public virtual int GetSelectedCipherSuite() { /* * RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate * cipher suites against the "signature_algorithms" extension before selecting them. This is * somewhat inelegant but is a compromise designed to minimize changes to the original * cipher suite design. */ IList sigAlgs = TlsUtilities.GetUsableSignatureAlgorithms(this.mSupportedSignatureAlgorithms); /* * RFC 4429 5.1. A server that receives a ClientHello containing one or both of these * extensions MUST use the client's enumerated capabilities to guide its selection of an * appropriate cipher suite. One of the proposed ECC cipher suites must be negotiated only * if the server can successfully complete the handshake while using the curves and point * formats supported by the client [...]. */ bool eccCipherSuitesEnabled = SupportsClientEccCapabilities(this.mNamedCurves, this.mClientECPointFormats); int[] cipherSuites = GetCipherSuites(); for (int i = 0; i < cipherSuites.Length; ++i) { int cipherSuite = cipherSuites[i]; if (Arrays.Contains(this.mOfferedCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsEccUtilities.IsEccCipherSuite(cipherSuite)) && TlsUtilities.IsValidCipherSuiteForVersion(cipherSuite, mServerVersion) && TlsUtilities.IsValidCipherSuiteForSignatureAlgorithms(cipherSuite, sigAlgs)) { return(this.mSelectedCipherSuite = cipherSuite); } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
public virtual void ProcessServerExtensions(IDictionary serverExtensions) { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.signature_algorithms); CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.elliptic_curves); if (TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite)) { this.mServerECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(serverExtensions); } else { CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.ec_point_formats); } /* * RFC 7685 3. The server MUST NOT echo the extension. */ CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.padding); } }
// IDictionary is (Int32 -> byte[]) public virtual IDictionary GetServerExtensions() { if (this.mEncryptThenMacOffered && AllowEncryptThenMac) { /* * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client * and then selects a stream or Authenticated Encryption with Associated Data (AEAD) * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the * client. */ if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite)) { TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions()); } } if (this.mMaxFragmentLengthOffered >= 0 && TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) && MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered)) { TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered); } if (this.mTruncatedHMacOffered && AllowTruncatedHMac) { TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions()); } if (this.mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite)) { /* * RFC 4492 5.2. A server that selects an ECC cipher suite in response to a ClientHello * message including a Supported Point Formats Extension appends this extension (along * with others) to its ServerHello message, enumerating the point formats it can parse. */ this.mServerECPointFormats = new byte[] { ECPointFormat.uncompressed, ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, }; TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats); } return(mServerExtensions); }