예제 #1
0
 public virtual IDictionary GetServerExtensions()
 {
     if (mEncryptThenMacOffered && AllowEncryptThenMac && TlsUtilities.IsBlockCipherSuite(mSelectedCipherSuite))
     {
         TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions());
     }
     if (mMaxFragmentLengthOffered >= 0 && TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) && MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
     {
         TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered);
     }
     if (mTruncatedHMacOffered && AllowTruncatedHMac)
     {
         TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions());
     }
     if (mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(mSelectedCipherSuite))
     {
         mServerECPointFormats = new byte[3]
         {
             0,
             1,
             2
         };
         TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats);
     }
     return(mServerExtensions);
 }
예제 #2
0
 public SignatureAndHashAlgorithm(byte hash, byte signature)
 {
     if (!TlsUtilities.IsValidUint8(hash))
     {
         throw new ArgumentException("should be a uint8", "hash");
     }
     if (!TlsUtilities.IsValidUint8(signature))
     {
         throw new ArgumentException("should be a uint8", "signature");
     }
     if (signature == 0)
     {
         throw new ArgumentException("MUST NOT be \"anonymous\"", "signature");
     }
     mHash      = hash;
     mSignature = signature;
 }
예제 #3
0
        // IDictionary is (Int32 -> byte[])
        public virtual IDictionary GetServerExtensions()
        {
            if (this.mEncryptThenMacOffered && AllowEncryptThenMac)
            {
                /*
                 * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
                 * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
                 * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
                 * client.
                 */
                if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite))
                {
                    TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions());
                }
            }

            if (this.mMaxFragmentLengthOffered >= 0 &&
                TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) &&
                MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
            {
                TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered);
            }

            if (this.mTruncatedHMacOffered && AllowTruncatedHMac)
            {
                TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions());
            }

            if (this.mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite))
            {
                /*
                 * RFC 4492 5.2. A server that selects an ECC cipher suite in response to a ClientHello
                 * message including a Supported Point Formats Extension appends this extension (along
                 * with others) to its ServerHello message, enumerating the point formats it can parse.
                 */
                this.mServerECPointFormats = new byte[] { ECPointFormat.uncompressed,
                                                          ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };

                TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats);
            }

            return(mServerExtensions);
        }