protected override void Read (TlsBuffer incoming) { ClientRandom = new SecureBuffer (incoming.ReadBytes (32)); var length = (short)incoming.ReadByte (); SessionID = new SecureBuffer (incoming.ReadBytes (length)); length = incoming.ReadInt16 (); if ((length % 2) != 0) throw new TlsException (AlertDescription.DecodeError); bool seenSCSV = false; ClientCiphers = new CipherSuiteCode [length >> 1]; for (int i = 0; i < ClientCiphers.Length; i++) { ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 (); if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) seenSCSV = true; } // Compression methods length = incoming.ReadByte (); incoming.Position += length; Extensions = new TlsExtensionCollection (incoming); if (seenSCSV) Extensions.AddRenegotiationExtension (); }
static SignatureInstrumentParameters Create( TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type, SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher) { var parameters = CreateParameters(category, type, algorithm.Hash, algorithm.Signature, cipher); parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.RequireClientCertificate = true; var signatureParameters = new SignatureParameters(); signatureParameters.Add(algorithm); switch (type) { case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher: parameters.ClientSignatureParameters = signatureParameters; parameters.ClientCiphers = new CipherSuiteCode[] { cipher }; break; case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher: parameters.ServerSignatureAlgorithm = algorithm; parameters.ServerCiphers = new CipherSuiteCode[] { cipher }; break; default: ctx.AssertFail("Unsupported signature instrument: '{0}'.", type); break; } return(parameters); }
static CipherSuite CreateCipherSuiteTls10(CipherSuiteCode code) { // Sanity check. if (!IsCipherSupported(TlsProtocolCode.Tls10, code)) { throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } switch (code) { case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa)); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(new TlsCipherSuite10(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe)); default: throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } }
public async Task TestServerTls11(TestContext ctx, CancellationToken cancellationToken, InstrumentationConnectionProvider provider, [CipherSuite] CipherSuiteCode cipher, CipherInstrumentParameters parameters, CipherInstrumentTestRunner runner) { await runner.Run(ctx, cancellationToken); }
public TlsClientHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode[] ciphers, TlsExtensionCollection extensions) : base (HandshakeType.ClientHello) { ClientProtocol = protocol; ClientRandom = random; SessionID = session; ClientCiphers = ciphers; Extensions = extensions; }
public TlsServerHello(TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions) : base(HandshakeType.ServerHello) { ServerProtocol = protocol; ServerRandom = random; SessionID = session; SelectedCipher = cipher; Extensions = extensions; }
public TlsServerHello (TlsProtocolCode protocol, SecureBuffer random, SecureBuffer session, CipherSuiteCode cipher, TlsExtensionCollection extensions) : base (HandshakeType.ServerHello) { ServerProtocol = protocol; ServerRandom = random; SessionID = session; SelectedCipher = cipher; Extensions = extensions; }
static CipherSuite CreateCipherSuiteTls12 (CipherSuiteCode code) { // Sanity check. if (!IsCipherSupported (TlsProtocolCode.Tls12, code)) throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); switch (code) { // Galois-Counter Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Dhe); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe); // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Dhe); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe); // Galois-Counter with Legacy RSA Key Exchange case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.Rsa); // AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa); // ECDHE Cipher Suites case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe); case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe); case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.EcDhe); case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe); case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.EcDhe); case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return new TlsCipherSuite12 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.EcDhe); default: throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } }
public CipherSuite( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString(); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
public static bool CipherMatchesFilterFlags(CipherSuiteCode code, FilterFlags flags) { if ((flags & FilterFlags.All) != 0) { return(true); } bool rsa = (flags & FilterFlags.Rsa) != 0; bool dhe = (flags & FilterFlags.Dhe) != 0; bool ecdhe = (flags & FilterFlags.EcDhe) != 0; bool aead = (flags & FilterFlags.Aead) != 0; bool cbc = (flags & FilterFlags.Cbc) != 0; switch (code) { // Galois-Counter Cipher Suites. case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return(dhe | aead); // Galois-Counter with Legacy RSA Key Exchange. case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return(rsa | aead); // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(dhe | cbc); // Legacy AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return(rsa | cbc); // ECDHE Galois-Counter Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: return(ecdhe | aead); // ECDHE AES Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return(ecdhe | cbc); default: return(false); } }
public static CipherSuite CreateCipherSuite (TlsProtocolCode protocol, CipherSuiteCode code) { if (protocol == TlsProtocolCode.Tls12) return CreateCipherSuiteTls12 (code); else if (protocol == TlsProtocolCode.Tls11) return CreateCipherSuiteTls11 (code); else if (protocol == TlsProtocolCode.Tls10) return CreateCipherSuiteTls10 (code); else throw new TlsException (AlertDescription.ProtocolVersion); }
public static MonoClientAndServerParameters SelectCipherSuite (TestContext ctx, TlsProtocolCode protocol, CipherSuiteCode code) { var provider = DependencyInjector.Get<ICertificateProvider> (); var acceptAll = provider.AcceptAll (); string name = string.Format ("select-cipher-{0}-{1}", protocol, code); return new MonoClientAndServerParameters (name, ResourceManager.SelfSignedServerCertificate) { ClientCertificateValidator = acceptAll }; }
internal static CipherSuite CreateCipherSuite(TlsProtocolCode protocol, CipherSuiteCode code) { if (protocol == TlsProtocolCode.Tls12) { return(CreateCipherSuiteTls12(code)); } else { throw new TlsException(AlertDescription.ProtocolVersion); } }
protected bool CheckCipher(TestContext ctx, IMonoConnection connection, CipherSuiteCode cipher) { ctx.Assert(connection.SupportsConnectionInfo, "supports connection info"); var connectionInfo = connection.GetConnectionInfo(); if (!ctx.Expect(connectionInfo, Is.Not.Null, "connection info")) { return(false); } return(ctx.Expect(connectionInfo.CipherSuiteCode, Is.EqualTo(cipher), "expected cipher")); }
static CipherSuite CreateCipherSuiteTls12(CipherSuiteCode code) { // Sanity check. if (!IsCipherSupported(TlsProtocolCode.Tls12, code)) { throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } switch (code) { // Galois-Counter Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.DiffieHellman)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman)); // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.DiffieHellman)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman)); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman)); // Galois-Counter with Legacy RSA Key Exchange case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign)); case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return(new TlsCipherSuite12(code, CipherAlgorithmType.AesGcm256, HashAlgorithmType.Sha384, ExchangeAlgorithmType.RsaSign)); // AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign)); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha256, ExchangeAlgorithmType.RsaSign)); case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign)); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return(new TlsCipherSuite12(code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign)); default: throw new TlsException(AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } }
public static bool IsCipherSupported(TlsProtocolCode protocol, CipherSuiteCode code) { var array = GetSupportedCiphersArray(protocol); for (int i = 0; i < array.Length; i++) { if (array [i] == code) { return(true); } } return(false); }
public async void TestInvalidCipher() { if (!Factory.CanSelectCiphers) { throw new IgnoreException("Current implementation does not let us select ciphers."); } var requestedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 }; var supportedCipher = new CipherSuiteCode[] { CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA }; await ExpectAlert(new ClientAndServerParameters { VerifyPeerCertificate = false, ClientCiphers = requestedCipher, ServerCiphers = supportedCipher }, AlertDescription.HandshakeFailure); }
public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.ClientWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.InitializeCipher(); }
public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyCbcBlockCipher(this, iv)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac); Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac); Crypto.InitializeCipher(); }
public static bool ProviderSupportsCipher(ConnectionProvider provider, CipherSuiteCode cipher) { bool aead = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0; bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0; bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; switch (cipher) { // Galois-Counter Cipher Suites. case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return(aead); // Galois-Counter with Legacy RSA Key Exchange. case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return(aead); // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return(tls12); // Legacy AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return(true); // ECDHE Galois-Counter Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: return(aead && ecdhe); // ECDHE AES Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return(ecdhe); default: return(false); } }
public static bool FilterCipher(CipherSuiteCode cipher, string filter) { if (filter == null) { return(true); } FilterFlags?includeFlags = null; FilterFlags excludeFlags = FilterFlags.None; var parts = filter.Split(':'); foreach (var part in parts) { var name = part; if (part [0] == '+' || part [0] == '-') { name = name.Substring(1); } var flag = (FilterFlags)Enum.Parse(typeof(FilterFlags), name, true); if (part [0] == '-') { excludeFlags |= flag; } else { if (includeFlags == null) { includeFlags = FilterFlags.None; } includeFlags |= flag; } } if (CipherMatchesFilterFlags(cipher, excludeFlags)) { return(false); } if (includeFlags != null && !CipherMatchesFilterFlags(cipher, includeFlags.Value)) { return(false); } return(true); }
public async void TestAllCiphers(CipherSuiteCode code) { if (!Factory.CanSelectCiphers) { throw new IgnoreException("Current implementation does not let us select ciphers."); } var requestedCiphers = new CipherSuiteCode[] { code }; await Run(new ClientAndServerParameters { VerifyPeerCertificate = false, ClientCiphers = requestedCiphers }, connection => { var connectionInfo = connection.Server.GetConnectionInfo(); Assert.That(connectionInfo, Is.Not.Null, "#1"); Assert.That(connectionInfo.CipherCode, Is.EqualTo(code), "#2"); }); }
static CipherSuite CreateCipherSuiteTls11 (CipherSuiteCode code) { // Sanity check. if (!IsCipherSupported (TlsProtocolCode.Tls11, code)) throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); switch (code) { case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Rsa); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes256, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe); case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return new TlsCipherSuite11 (code, CipherAlgorithmType.Aes128, HashAlgorithmType.Sha1, ExchangeAlgorithmType.Dhe); default: throw new TlsException (AlertDescription.InsuficientSecurity, "Unknown cipher suite: {0}", code); } }
protected override void Read(TlsBuffer incoming) { ClientRandom = new SecureBuffer(incoming.ReadBytes(32)); var length = (short)incoming.ReadByte(); SessionID = new SecureBuffer(incoming.ReadBytes(length)); length = incoming.ReadInt16(); if ((length % 2) != 0) { throw new TlsException(AlertDescription.DecodeError); } bool seenSCSV = false; ClientCiphers = new CipherSuiteCode [length >> 1]; for (int i = 0; i < ClientCiphers.Length; i++) { ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16(); if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { seenSCSV = true; } } // Compression methods length = incoming.ReadByte(); incoming.Position += length; Extensions = new TlsExtensionCollection(incoming); if (seenSCSV) { Extensions.AddRenegotiationExtension(); } }
public static bool ProviderSupportsCipher (ClientAndServerProvider provider, CipherSuiteCode cipher) { return ProviderSupportsCipher (provider.Client, cipher) && ProviderSupportsCipher (provider.Server, cipher); }
public static bool ProviderSupportsCipher (ConnectionProvider provider, CipherSuiteCode cipher) { bool aead = (provider.Flags & ConnectionProviderFlags.SupportsAeadCiphers) != 0; bool tls12 = (provider.Flags & ConnectionProviderFlags.SupportsTls12) != 0; bool ecdhe = (provider.Flags & ConnectionProviderFlags.SupportsEcDheCiphers) != 0; switch (cipher) { // Galois-Counter Cipher Suites. case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return aead; // Galois-Counter with Legacy RSA Key Exchange. case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return aead; // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return tls12; // Legacy AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return true; // ECDHE Galois-Counter Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: return aead && ecdhe; // ECDHE AES Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return ecdhe; default: return false; } }
public static bool CipherMatchesFilterFlags (CipherSuiteCode code, FilterFlags flags) { if ((flags & FilterFlags.All) != 0) return true; bool rsa = (flags & FilterFlags.Rsa) != 0; bool dhe = (flags & FilterFlags.Dhe) != 0; bool ecdhe = (flags & FilterFlags.EcDhe) != 0; bool aead = (flags & FilterFlags.Aead) != 0; bool cbc = (flags & FilterFlags.Cbc) != 0; switch (code) { // Galois-Counter Cipher Suites. case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return dhe | aead; // Galois-Counter with Legacy RSA Key Exchange. case CipherSuiteCode.TLS_RSA_WITH_AES_128_GCM_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_GCM_SHA384: return rsa | aead; // Diffie-Hellman Cipher Suites case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return dhe | cbc; // Legacy AES Cipher Suites case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_RSA_WITH_AES_128_CBC_SHA: return rsa | cbc; // ECDHE Galois-Counter Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: return ecdhe | aead; // ECDHE AES Ciphers. case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case CipherSuiteCode.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return ecdhe | cbc; default: return false; } }
public CipherSuite ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString (); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
public static bool IsCipherSupported (TlsProtocolCode protocol, CipherSuiteCode code) { var array = GetSupportedCiphersArray (protocol); for (int i = 0; i < array.Length; i++) if (array [i] == code) return true; return false; }
public static CryptoTestParameters CreateGCM(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { return(new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true }); }
public static CryptoTestParameters CreateCBC(TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { return(new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv }); }
public static ExchangeAlgorithmType GetExchangeAlgorithmType(TlsProtocolCode protocol, CipherSuiteCode code) { var cipher = CreateCipherSuite(protocol, code); return(cipher.ExchangeAlgorithmType); }
public static CryptoTestParameters CreateCBC (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { return new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, MAC = mac, IV = iv }; }
public static CryptoTestParameters CreateGCM (TlsProtocolCode protocol, CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { return new CryptoTestParameters { Protocol = protocol, Code = code, Key = key, ImplicitNonce = implNonce, ExplicitNonce = explNonce, IsGCM = true }; }
public static bool ProviderSupportsCipher(ClientAndServerProvider provider, CipherSuiteCode cipher) { return(ProviderSupportsCipher(provider.Client, cipher) && ProviderSupportsCipher(provider.Server, cipher)); }
public TlsCipherSuite12( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
public static bool FilterCipher (CipherSuiteCode cipher, string filter) { if (filter == null) return true; FilterFlags? includeFlags = null; FilterFlags excludeFlags = FilterFlags.None; var parts = filter.Split (':'); foreach (var part in parts) { var name = part; if (part [0] == '+' || part [0] == '-') name = name.Substring (1); var flag = (FilterFlags)Enum.Parse (typeof(FilterFlags), name, true); if (part [0] == '-') { excludeFlags |= flag; } else { if (includeFlags == null) includeFlags = FilterFlags.None; includeFlags |= flag; } } if (CipherMatchesFilterFlags (cipher, excludeFlags)) return false; if (includeFlags != null && !CipherMatchesFilterFlags (cipher, includeFlags.Value)) return false; return true; }
public TlsCipherSuite11 ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
static SignatureInstrumentParameters Create ( TestContext ctx, InstrumentationCategory category, SignatureInstrumentType type, SignatureAndHashAlgorithm algorithm, CipherSuiteCode cipher) { var parameters = CreateParameters (category, type, algorithm.Hash, algorithm.Signature, cipher); parameters.ClientCertificate = ResourceManager.MonkeyCertificate; parameters.RequireClientCertificate = true; var signatureParameters = new SignatureParameters (); signatureParameters.Add (algorithm); switch (type) { case SignatureInstrumentType.ClientSignatureAlgorithmAndCipher: parameters.ClientSignatureParameters = signatureParameters; parameters.ClientCiphers = new CipherSuiteCode[] { cipher }; break; case SignatureInstrumentType.ServerSignatureAlgorithmAndCipher: parameters.ServerSignatureAlgorithm = algorithm; parameters.ServerCiphers = new CipherSuiteCode[] { cipher }; break; default: ctx.AssertFail ("Unsupported signature instrument: '{0}'.", type); break; } return parameters; }
public static ExchangeAlgorithmType GetExchangeAlgorithmType (TlsProtocolCode protocol, CipherSuiteCode code) { var cipher = CreateCipherSuite (protocol, code); return cipher.ExchangeAlgorithmType; }