public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
return(clientExtensions);
}
public override IDictionary GetClientExtensions()
{
IDictionary dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsSrpUtilities.AddSrpExtension(dictionary, mIdentity);
return(dictionary);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary dictionary = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsUtilities.AddSignatureAlgorithmsExtension(dictionary, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
mNamedCurves = new int[2]
{
23,
24
};
mClientECPointFormats = new byte[3]
{
0,
1,
2
};
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(dictionary, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(dictionary, mClientECPointFormats);
}
return(dictionary);
}
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
return(clientExtensions);
}
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
// TODO[draft-ietf-tls-session-hash-01] Enable once code-point assigned (only for compatible server though)
// TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
return(clientExtensions);
}
//public override int[] GetCipherSuites()
//{
// return Arrays.Concatenate(base.GetCipherSuites(),
// new int[]
// {
// CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
// });
//}
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
{
/*
* NOTE: If you are copying test code, do not blindly set these extensions in your own client.
*/
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16));
TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
}
return(clientExtensions);
}
/// <summary>
/// Decide which type of client and server certificates are going to be supported.
/// By default, we assume that only those certificate types which match the clients
/// certificate are going to be supported for the server.
/// </summary>
/// <returns></returns>
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
// TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
// TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
{
/*
* NOTE: If you are copying test code, do not blindly set these extensions in your own client.
*/
// TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
// TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16));
// TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
#if SUPPORT_RPK
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
{
TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 });
TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 });
}
#endif
#if SUPPORT_TLS_CWT
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
{
TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 });
TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 });
}
#endif
}
TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetExtensions)
{
Dictionary = clientExtensions
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
return(e.Dictionary);
}
protected virtual IDictionary CheckServerExtensions()
{
return(mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions));
}
protected virtual void SendServerHelloMessage()
{
HandshakeMessage handshakeMessage = new HandshakeMessage(2);
ProtocolVersion serverVersion = mTlsServer.GetServerVersion();
if (!serverVersion.IsEqualOrEarlierVersionOf(Context.ClientVersion))
{
throw new TlsFatalAlert(80);
}
mRecordStream.ReadVersion = serverVersion;
mRecordStream.SetWriteVersion(serverVersion);
mRecordStream.SetRestrictReadVersion(enabled: true);
ContextAdmin.SetServerVersion(serverVersion);
TlsUtilities.WriteVersion(serverVersion, handshakeMessage);
handshakeMessage.Write(mSecurityParameters.serverRandom);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage);
int selectedCipherSuite = mTlsServer.GetSelectedCipherSuite();
if (!Arrays.Contains(mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, Context.ServerVersion))
{
throw new TlsFatalAlert(80);
}
mSecurityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = mTlsServer.GetSelectedCompressionMethod();
if (!Arrays.Contains(mOfferedCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(80);
}
mSecurityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage);
TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage);
mServerExtensions = mTlsServer.GetServerExtensions();
if (mSecureRenegotiation)
{
byte[] extensionData = TlsUtilities.GetExtensionData(mServerExtensions, 65281);
if (null == extensionData)
{
mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions);
mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
}
}
if (mSecurityParameters.extendedMasterSecret)
{
mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(mServerExtensions);
}
if (mServerExtensions != null)
{
mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(mServerExtensions);
mSecurityParameters.maxFragmentLength = ProcessMaxFragmentLengthExtension(mClientExtensions, mServerExtensions, 80);
mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(mServerExtensions);
mAllowCertificateStatus = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 5, 80));
mExpectSessionTicket = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 35, 80));
TlsProtocol.WriteExtensions(handshakeMessage, mServerExtensions);
}
mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite);
mSecurityParameters.verifyDataLength = 12;
ApplyMaxFragmentLengthExtension();
handshakeMessage.WriteToRecordStream(this);
}