GetSignatureAlgorithmsExtension() 공개 정적인 메소드

public static GetSignatureAlgorithmsExtension ( IDictionary extensions ) : IList
extensions IDictionary
리턴 IList
예제 #1
0
 public virtual void ProcessClientExtensions(IDictionary clientExtensions)
 {
     mClientExtensions = clientExtensions;
     if (clientExtensions != null)
     {
         mEncryptThenMacOffered    = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);
         mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
         if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
         {
             throw new TlsFatalAlert(47);
         }
         mTruncatedHMacOffered         = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);
         mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
         if (mSupportedSignatureAlgorithms != null && !TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion))
         {
             throw new TlsFatalAlert(47);
         }
         mNamedCurves          = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
         mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
     }
     if (!mEccCipherSuitesOffered && (mNamedCurves != null || mClientECPointFormats != null))
     {
         throw new TlsFatalAlert(47);
     }
 }
예제 #2
0
        public virtual void ProcessClientExtensions(IDictionary clientExtensions)
        {
            this.mClientExtensions = clientExtensions;

            if (clientExtensions != null)
            {
                this.mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);

                this.mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
                if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
                {
                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                }

                this.mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);

                this.mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
                if (this.mSupportedSignatureAlgorithms != null)
                {
                    /*
                     * RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior
                     * to 1.2. Clients MUST NOT offer it if they are offering prior versions.
                     */
                    if (!TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion))
                    {
                        throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                    }
                }

                this.mNamedCurves          = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
                this.mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
            }

            /*
             * RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it
             * does not propose any ECC cipher suites.
             *
             * NOTE: This was overly strict as there may be ECC cipher suites that we don't recognize.
             * Also, draft-ietf-tls-negotiated-ff-dhe will be overloading the 'elliptic_curves'
             * extension to explicitly allow FFDHE (i.e. non-ECC) groups.
             */
            //if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null))
            //    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
        }
        public virtual void ProcessClientExtensions(IDictionary clientExtensions)
        {
            this.mClientExtensions = clientExtensions;

            if (clientExtensions != null)
            {
                this.mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);

                this.mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
                if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
                {
                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                }

                this.mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);

                this.mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
                if (this.mSupportedSignatureAlgorithms != null)
                {
                    /*
                     * RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior
                     * to 1.2. Clients MUST NOT offer it if they are offering prior versions.
                     */
                    if (!TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion))
                    {
                        throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                    }
                }

                this.mNamedCurves          = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
                this.mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
            }

            /*
             * RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it
             * does not propose any ECC cipher suites.
             */
            if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null))
            {
                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
            }
        }
예제 #4
0
 public virtual void ProcessClientExtensions(IDictionary clientExtensions)
 {
     this.mClientExtensions = clientExtensions;
     if (clientExtensions != null)
     {
         this.mEncryptThenMacOffered    = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions);
         this.mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions);
         if ((this.mMaxFragmentLengthOffered >= 0) && !MaxFragmentLength.IsValid((byte)this.mMaxFragmentLengthOffered))
         {
             throw new TlsFatalAlert(0x2f);
         }
         this.mTruncatedHMacOffered         = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions);
         this.mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions);
         if ((this.mSupportedSignatureAlgorithms != null) && !TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(this.mClientVersion))
         {
             throw new TlsFatalAlert(0x2f);
         }
         this.mNamedCurves          = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions);
         this.mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions);
     }
 }