public virtual void Init(TlsContext context)
{
mContext = context;
ProtocolVersion clientVersion = context.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
if (mSupportedSignatureAlgorithms == null)
{
switch (mKeyExchange)
{
case 13:
case 14:
case 21:
case 24:
break;
case 3:
case 7:
case 22:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultDssSignatureAlgorithms();
break;
case 16:
case 17:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
break;
case 1:
case 5:
case 9:
case 15:
case 18:
case 19:
case 23:
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
}
}
else if (mSupportedSignatureAlgorithms != null)
{
throw new InvalidOperationException("supported_signature_algorithms not allowed for " + clientVersion);
}
}
public virtual void Init(TlsContext context)
{
this.mContext = context;
ProtocolVersion clientVersion = context.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
/*
* RFC 5246 7.4.1.4.1. If the client does not send the signature_algorithms extension,
* the server MUST do the following:
*
* - If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, DH_RSA, RSA_PSK,
* ECDH_RSA, ECDHE_RSA), behave as if client had sent the value {sha1,rsa}.
*
* - If the negotiated key exchange algorithm is one of (DHE_DSS, DH_DSS), behave as if
* the client had sent the value {sha1,dsa}.
*
* - If the negotiated key exchange algorithm is one of (ECDH_ECDSA, ECDHE_ECDSA),
* behave as if the client had sent value {sha1,ecdsa}.
*/
if (this.mSupportedSignatureAlgorithms == null)
{
switch (mKeyExchange)
{
case KeyExchangeAlgorithm.DH_DSS:
case KeyExchangeAlgorithm.DHE_DSS:
case KeyExchangeAlgorithm.SRP_DSS:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultDssSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.ECDH_ECDSA:
case KeyExchangeAlgorithm.ECDHE_ECDSA:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DHE_RSA:
case KeyExchangeAlgorithm.ECDH_RSA:
case KeyExchangeAlgorithm.ECDHE_RSA:
case KeyExchangeAlgorithm.RSA:
case KeyExchangeAlgorithm.RSA_PSK:
case KeyExchangeAlgorithm.SRP_RSA:
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
break;
}
case KeyExchangeAlgorithm.DHE_PSK:
case KeyExchangeAlgorithm.ECDHE_PSK:
case KeyExchangeAlgorithm.PSK:
case KeyExchangeAlgorithm.SRP:
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
}
}
else if (this.mSupportedSignatureAlgorithms != null)
{
throw new InvalidOperationException("supported_signature_algorithms not allowed for " + clientVersion);
}
}