public Task Initialize(TestContext ctx, CancellationToken cancellationToken) { return(Task.Run(() => { if (Parameters == null) { return; } cipher = CipherSuiteFactory.CreateCipherSuite(Parameters.Protocol, Parameters.Code); if (Parameters.IsGCM) { crypto = new MyGaloisCounterCipher(Parameters, cipher); crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key); crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key); crypto.ServerWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce); crypto.ClientWriteIV = SecureBuffer.CreateCopy(Parameters.ImplicitNonce); crypto.InitializeCipher(); } else { crypto = new MyCbcBlockCipher(Parameters, cipher); crypto.ServerWriteKey = SecureBuffer.CreateCopy(Parameters.Key); crypto.ClientWriteKey = SecureBuffer.CreateCopy(Parameters.Key); crypto.ServerWriteMac = SecureBuffer.CreateCopy(Parameters.MAC); crypto.ClientWriteMac = SecureBuffer.CreateCopy(Parameters.MAC); crypto.InitializeCipher(); } })); }
protected virtual void HandleServerHello(TlsServerHello message) { Context.VerifyServerProtocol(message.ServerProtocol); // Server random HandshakeParameters.ServerRandom = message.ServerRandom; // Session ID HandshakeParameters.SessionId = message.SessionID; HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(Context.NegotiatedProtocol); // Cipher suite if (!HandshakeParameters.SupportedCiphers.Contains(message.SelectedCipher)) { // The server has sent an invalid ciphersuite throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server"); } var cipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, message.SelectedCipher); #if DEBUG_FULL if (Context.EnableDebugging) { cipher.EnableDebugging = true; } #endif Session.PendingCrypto = cipher.Initialize(false, Context.NegotiatedProtocol); }
protected virtual void SelectCipher(TlsClientHello message) { var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null; CipherSuiteCollection supportedCiphers; if (userCiphers != null) { supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers); } else { supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = supportedCiphers; CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); }
public void InitializeGCM(CipherSuiteCode code, byte[] key, byte[] implNonce, byte[] explNonce) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyGaloisCounterCipher(IsServer, Protocol, Cipher, explNonce)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.ClientWriteIV = SecureBuffer.CreateCopy(implNonce); Crypto.InitializeCipher(); }
public void InitializeCBC(CipherSuiteCode code, byte[] key, byte[] mac, byte[] iv) { Cipher = CipherSuiteFactory.CreateCipherSuite(Protocol, code); #if DEBUG_FULL Cipher.EnableDebugging = EnableDebugging; #endif Crypto = Add(new MyCbcBlockCipher(this, iv)); Crypto.ServerWriteKey = SecureBuffer.CreateCopy(key); Crypto.ClientWriteKey = SecureBuffer.CreateCopy(key); Crypto.ServerWriteMac = SecureBuffer.CreateCopy(mac); Crypto.ClientWriteMac = SecureBuffer.CreateCopy(mac); Crypto.InitializeCipher(); }
protected virtual void SelectCipher(TlsClientHello message) { var certificate = Config.Certificate; if (certificate == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate"); } CipherSuiteCollection requestedCiphers; if (Settings.RequestedCiphers != null) { requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers); } else { requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => { #if INSTRUMENTATION if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection)) { return(true); } #endif var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher); return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm)); }); CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); Session.PendingCrypto.ServerCertificates = new X509CertificateCollection(); Session.PendingCrypto.ServerCertificates.Add(certificate); }