public CipherSuite(
short code,
string name,
CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType,
ExchangeAlgorithmType exchangeAlgorithmType,
bool exportable,
bool blockMode,
byte keyMaterialSize,
byte expandedKeyMaterialSize,
short effectiveKeyBits,
byte ivSize,
byte blockSize)
{
this.code = code;
this.name = name;
this.cipherAlgorithmType = cipherAlgorithmType;
this.hashAlgorithmType = hashAlgorithmType;
this.exchangeAlgorithmType = exchangeAlgorithmType;
this.isExportable = exportable;
if (blockMode)
{
this.cipherMode = CipherMode.CBC;
}
this.keyMaterialSize = keyMaterialSize;
this.expandedKeyMaterialSize = expandedKeyMaterialSize;
this.effectiveKeyBits = effectiveKeyBits;
this.ivSize = ivSize;
this.blockSize = blockSize;
this.keyBlockSize = (int)this.keyMaterialSize + this.HashSize + (int)this.ivSize << 1;
}
public CipherSuite Add(
short code,
string name,
CipherAlgorithmType cipherType,
HashAlgorithmType hashType,
ExchangeAlgorithmType exchangeType,
bool exportable,
bool blockMode,
byte keyMaterialSize,
byte expandedKeyMaterialSize,
short effectiveKeyBytes,
byte ivSize,
byte blockSize)
{
switch (this.protocol)
{
case SecurityProtocolType.Default:
case SecurityProtocolType.Tls:
return((CipherSuite)this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)));
case SecurityProtocolType.Ssl3:
return((CipherSuite)this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)));
default:
throw new NotSupportedException("Unsupported security protocol type.");
}
}
public TlsCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType,
ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize,
short effectiveKeyBytes, byte ivSize, byte blockSize)
: base(
code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize)
{
}
public CipherSuite(
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
{
Code = code;
Name = code.ToString();
CipherAlgorithmType = cipherAlgorithmType;
HashAlgorithmType = hashAlgorithmType;
ExchangeAlgorithmType = exchangeAlgorithmType;
}
public TlsCipherSuite(
short code, string name, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBytes,
byte ivSize, byte blockSize)
:base(code, name, cipherAlgorithmType, hashAlgorithmType,
exchangeAlgorithmType, exportable, blockMode, keyMaterialSize,
expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
{
}
protected void OnRemoteConnectionAuthenticated(SslProtocols protocol, System.Security.Cryptography.X509Certificates.X509Certificate2 remoteCertificate,
CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength,
HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength,
ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength)
{
if (RemoteConnectionAuthenticated != null)
{
RemoteConnectionAuthenticated(protocol, remoteCertificate, cipherAlgorithmType, cipherAlgorithmStrength,
hashAlgorithmType, hashAlgorithmStrength, exchangeAlgorithmType, exchangeAlgorithmStrength);
}
}
protected void OnLocalConnectionAuthenticated(SslProtocols protocol,
CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength,
HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength,
ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength)
{
if (LocalConnectionAuthenticated != null)
{
LocalConnectionAuthenticated(protocol, cipherAlgorithmType, cipherAlgorithmStrength, hashAlgorithmType, hashAlgorithmStrength,
exchangeAlgorithmType, exchangeAlgorithmStrength);
}
}
public static KeyExchange Create (TlsProtocolCode protocol, ExchangeAlgorithmType algorithm)
{
switch (algorithm) {
case ExchangeAlgorithmType.RsaSign:
return new RSAKeyExchange ();
case ExchangeAlgorithmType.DiffieHellman:
return new DiffieHellmanKeyExchange (protocol);
default:
throw new InvalidOperationException ();
}
}
private static string KeyExToString(ExchangeAlgorithmType keyex)
{
// For some reason ECDH isn't showing up
if (keyex == (ExchangeAlgorithmType)44550)
{
return("ECDH");
}
else
{
return(keyex.ToString());
}
}
public void SspiSelectedCipherSuite(
string process,
SslProtocols sslProtocol,
CipherAlgorithmType cipherAlgorithm,
int cipherStrength,
HashAlgorithmType hashAlgorithm,
int hashStrength,
ExchangeAlgorithmType keyExchangeAlgorithm,
int keyExchangeStrength)
{
WriteEvent(SspiSelectedCipherSuitId,
process, (int)sslProtocol, (int)cipherAlgorithm, cipherStrength,
(int)hashAlgorithm, hashStrength, (int)keyExchangeAlgorithm, keyExchangeStrength);
}
public static KeyExchange Create(ExchangeAlgorithmType algorithm)
{
switch (algorithm)
{
case ExchangeAlgorithmType.RsaSign:
return(new RSAKeyExchange());
case ExchangeAlgorithmType.DiffieHellman:
return(new DiffieHellmanKeyExchange());
default:
throw new InvalidOperationException();
}
}
public static KeyExchange Create(TlsProtocolCode protocol, ExchangeAlgorithmType algorithm)
{
switch (algorithm)
{
case ExchangeAlgorithmType.Rsa:
return(new RSAKeyExchange());
case ExchangeAlgorithmType.Dhe:
return(new DiffieHellmanKeyExchange(protocol));
case ExchangeAlgorithmType.EcDhe:
return(new EllipticCurveKeyExchange());
default:
throw new InvalidOperationException();
}
}
private static TlsMapping Build(
ExchangeAlgorithmType exchange,
CipherAlgorithmType cipher,
int cipherSize,
HashAlgorithmType hash)
{
int hashSize = GetHashSize(hash);
return(new TlsMapping
{
KeyExchangeAlgorithm = exchange,
CipherAlgorithm = cipher,
CipherAlgorithmStrength = cipherSize,
HashAlgorithm = hash,
HashAlgorithmStrength = hashSize,
});
}
public void Add(
short code, string name, CipherAlgorithmType cipherType,
HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBytes,
byte ivSize, byte blockSize)
{
switch (protocol)
{
case SecurityProtocolType.Default:
case SecurityProtocolType.Tls:
Add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode,
keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
break;
case SecurityProtocolType.Ssl3:
Add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode,
keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
break;
}
}
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType,
ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize,
short effectiveKeyBytes, byte ivSize, byte blockSize)
: base(
code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize)
{
int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40;
// Fill pad arrays
this.pad1 = new byte[padLength];
this.pad2 = new byte[padLength];
/* Pad the key for inner and outer digest */
for (int i = 0; i < padLength; ++i)
{
this.pad1[i] = 0x36;
this.pad2[i] = 0x5C;
}
}
internal unsafe void SspiSelectedCipherSuite(
string process,
SslProtocols sslProtocol,
CipherAlgorithmType cipherAlgorithm,
int cipherStrength,
HashAlgorithmType hashAlgorithm,
int hashStrength,
ExchangeAlgorithmType keyExchangeAlgorithm,
int keyExchangeStrength)
{
if (!s_log.IsEnabled())
{
return;
}
fixed(char *arg1Ptr = process)
{
const int SizeData = 8;
EventData *dataDesc = stackalloc EventSource.EventData[SizeData];
dataDesc[0].DataPointer = (IntPtr)(arg1Ptr);
dataDesc[0].Size = (process.Length + 1) * sizeof(char);
dataDesc[1].DataPointer = (IntPtr)(&sslProtocol);
dataDesc[1].Size = sizeof(int);
dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm);
dataDesc[2].Size = sizeof(int);
dataDesc[3].DataPointer = (IntPtr)(&cipherStrength);
dataDesc[3].Size = sizeof(int);
dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm);
dataDesc[4].Size = sizeof(int);
dataDesc[2].DataPointer = (IntPtr)(&hashStrength);
dataDesc[2].Size = sizeof(int);
dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm);
dataDesc[3].Size = sizeof(int);
dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength);
dataDesc[4].Size = sizeof(int);
WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc);
}
}
internal static bool VerifyServerCertificate (TlsContext context, MX.X509Certificate certificate, ExchangeAlgorithmType algorithm)
{
if (context.NegotiatedProtocol == TlsProtocolCode.Tls12 && certificate.Version < 3)
throw new TlsException (AlertDescription.UnsupportedCertificate, "X.509v3 server certificate required");
if (certificate.KeyAlgorithm != null && !certificate.KeyAlgorithm.Equals (OidKeyAlgorithmRsa))
return false;
if (certificate.SignatureAlgorithm != null && !VerifySignatureAlgorithm (certificate.SignatureAlgorithm))
return false;
switch (algorithm) {
case ExchangeAlgorithmType.Rsa:
return VerifyKeyUsage (certificate, KeyUsages.keyEncipherment, OidServerAuth);
case ExchangeAlgorithmType.Dhe:
case ExchangeAlgorithmType.EcDhe:
return VerifyKeyUsage (certificate, KeyUsages.digitalSignature, OidServerAuth);
default:
throw new TlsException (AlertDescription.InternalError);
}
}
public CipherSuite(
short code, string name, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBits,
byte ivSize, byte blockSize)
{
Code = code;
Name = name;
CipherAlgorithmType = cipherAlgorithmType;
HashAlgorithmType = hashAlgorithmType;
ExchangeAlgorithmType = exchangeAlgorithmType;
IsExportable = exportable;
if (blockMode)
{
CipherMode = CipherMode.CBC;
}
KeyMaterialSize = keyMaterialSize;
ExpandedKeyMaterialSize = expandedKeyMaterialSize;
EffectiveKeyBits = effectiveKeyBits;
IvSize = ivSize;
this.blockSize = blockSize;
KeyBlockSize = (KeyMaterialSize + HashSize + IvSize) << 1;
}
public SslCipherSuite(
short code, string name, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBytes,
byte ivSize, byte blockSize) :
base(code, name, cipherAlgorithmType, hashAlgorithmType,
exchangeAlgorithmType, exportable, blockMode, keyMaterialSize,
expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
{
int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40;
// Fill pad arrays
this.pad1 = new byte[padLength];
this.pad2 = new byte[padLength];
/* Pad the key for inner and outer digest */
for (int i = 0; i < padLength; ++i)
{
this.pad1[i] = 0x36;
this.pad2[i] = 0x5C;
}
}
internal unsafe void SspiSelectedCipherSuite(
string process,
SslProtocols sslProtocol,
CipherAlgorithmType cipherAlgorithm,
int cipherStrength,
HashAlgorithmType hashAlgorithm,
int hashStrength,
ExchangeAlgorithmType keyExchangeAlgorithm,
int keyExchangeStrength)
{
if (!s_log.IsEnabled())
{
return;
}
fixed (char* arg1Ptr = process)
{
const int SizeData = 8;
EventData* dataDesc = stackalloc EventSource.EventData[SizeData];
dataDesc[0].DataPointer = (IntPtr)(arg1Ptr);
dataDesc[0].Size = (process.Length + 1) * sizeof(char);
dataDesc[1].DataPointer = (IntPtr)(&sslProtocol);
dataDesc[1].Size = sizeof(int);
dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm);
dataDesc[2].Size = sizeof(int);
dataDesc[3].DataPointer = (IntPtr)(&cipherStrength);
dataDesc[3].Size = sizeof(int);
dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm);
dataDesc[4].Size = sizeof(int);
dataDesc[2].DataPointer = (IntPtr)(&hashStrength);
dataDesc[2].Size = sizeof(int);
dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm);
dataDesc[3].Size = sizeof(int);
dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength);
dataDesc[4].Size = sizeof(int);
WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc);
}
}
public CipherSuite Add(
short code, string name, CipherAlgorithmType cipherType,
HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBytes,
byte ivSize, byte blockSize)
{
switch (this.protocol)
{
case SecurityProtocolType.Default:
case SecurityProtocolType.Tls:
return this.add(
new TlsCipherSuite(
code, name, cipherType, hashType, exchangeType, exportable,
blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize));
case SecurityProtocolType.Ssl3:
return this.add(
new SslCipherSuite(
code, name, cipherType, hashType, exchangeType, exportable,
blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize));
case SecurityProtocolType.Ssl2:
default:
throw new NotSupportedException("Unsupported security protocol type.");
}
}
public CipherSuite Add(short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
{
SecurityProtocolType securityProtocolType = this.protocol;
if (securityProtocolType != SecurityProtocolType.Default)
{
if (securityProtocolType != SecurityProtocolType.Ssl2)
{
if (securityProtocolType == SecurityProtocolType.Ssl3)
{
return(this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)));
}
if (securityProtocolType == SecurityProtocolType.Tls)
{
goto IL_32;
}
}
throw new NotSupportedException("Unsupported security protocol type.");
}
IL_32:
return(this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)));
}
private void Initialize()
{
if (this.ptr == IntPtr.Zero || isInitialized)
{
return;
}
isInitialized = true;
// marshal the structure
raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER));
// start picking the data out
bool isExport = IsExport(raw.algo_strength);
int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength);
int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength);
// Get the SSL Protocol version
if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2)
{
sslProtocol = SslProtocols.Ssl2;
}
else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3)
{
sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here...
}
else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2)
{
sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented
}
// set the keyExchange strength
keyExchangeStrength = privateKeyLength;
// Get the Key Exchange cipher and strength
switch (raw.algorithm_mkey)
{
case SSL_kRSA:
keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX;
break;
case SSL_kDHr:
case SSL_kDHd:
case SSL_kEDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman;
break;
case SSL_kKRB5:
keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos;
break;
case SSL_kECDHr:
case SSL_kECDHe:
case SSL_kEECDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman;
break;
case SSL_kPSK:
keyExchangeAlgorithm = ExchangeAlgorithmType.PSK;
break;
case SSL_kGOST:
keyExchangeAlgorithm = ExchangeAlgorithmType.GOST;
break;
case SSL_kSRP:
keyExchangeAlgorithm = ExchangeAlgorithmType.SRP;
break;
}
// Get the authentication method
switch (raw.algorithm_auth)
{
case SSL_aRSA:
authMethod = AuthenticationMethod.Rsa;
break;
case SSL_aDSS:
authMethod = AuthenticationMethod.Dss;
break;
case SSL_aDH:
authMethod = AuthenticationMethod.DiffieHellman;
break;
case SSL_aKRB5: /* VRS */
authMethod = AuthenticationMethod.Kerberos;
break;
case SSL_aNULL:
authMethod = AuthenticationMethod.None;
break;
case SSL_aECDSA:
authMethod = AuthenticationMethod.ECDsa;
break;
case SSL_aPSK:
authMethod = AuthenticationMethod.PSK;
break;
case SSL_aGOST94:
authMethod = AuthenticationMethod.GOST;
break;
case SSL_aGOST01:
authMethod = AuthenticationMethod.GOST;
break;
}
// Get the symmetric encryption cipher info
switch (raw.algorithm_enc)
{
case SSL_DES:
cipherAlgorithm = CipherAlgorithmType.Des;
if (isExport && keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
break;
case SSL_3DES:
cipherAlgorithm = CipherAlgorithmType.TripleDes;
cipherStrength = 168;
break;
case SSL_RC4:
cipherAlgorithm = CipherAlgorithmType.Rc4;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC)
{
cipherStrength = 64;
}
else
{
cipherStrength = 128;
}
}
break;
case SSL_RC2:
cipherAlgorithm = CipherAlgorithmType.Rc2;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
cipherStrength = 128;
}
break;
case SSL_IDEA:
cipherAlgorithm = CipherAlgorithmType.Idea;
cipherStrength = 128;
break;
case SSL_eNULL:
cipherAlgorithm = CipherAlgorithmType.None;
break;
case SSL_AES128:
cipherAlgorithm = CipherAlgorithmType.Aes128;
cipherStrength = 128;
break;
case SSL_AES256:
cipherAlgorithm = CipherAlgorithmType.Aes256;
cipherStrength = 256;
break;
case SSL_AES128GCM:
cipherAlgorithm = CipherAlgorithmType.Aes128GCM;
cipherStrength = 128;
break;
case SSL_AES256GCM:
cipherAlgorithm = CipherAlgorithmType.Aes256GCM;
cipherStrength = 256;
break;
/*
* switch (raw.strength_bits)
* {
* case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break;
* case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break;
* case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break;
* }
*/
case SSL_CAMELLIA128:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
case SSL_CAMELLIA256:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
/*
* switch (raw.strength_bits)
* {
* case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break;
* case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break;
* }
*/
case SSL_eGOST2814789CNT:
cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT;
cipherStrength = 128; // ???
break;
case SSL_SEED:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
}
// Get the MAC info
switch (raw.algorithm_mac)
{
case SSL_MD5:
hashAlgorithm = HashAlgorithmType.Md5;
break;
case SSL_SHA1:
hashAlgorithm = HashAlgorithmType.Sha1;
break;
case SSL_GOST94:
hashAlgorithm = HashAlgorithmType.Gost94;
break;
case SSL_GOST89MAC:
hashAlgorithm = HashAlgorithmType.Gost89MAC;
break;
case SSL_SHA256:
hashAlgorithm = HashAlgorithmType.Sha256;
break;
case SSL_SHA384:
hashAlgorithm = HashAlgorithmType.Sha384;
break;
default:
hashAlgorithm = HashAlgorithmType.None;
break;
}
}
public CipherSuite(
short code, string name, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
bool exportable, bool blockMode, byte keyMaterialSize,
byte expandedKeyMaterialSize, short effectiveKeyBits,
byte ivSize, byte blockSize)
{
this.code = code;
this.name = name;
this.cipherAlgorithmType = cipherAlgorithmType;
this.hashAlgorithmType = hashAlgorithmType;
this.exchangeAlgorithmType = exchangeAlgorithmType;
this.isExportable = exportable;
if (blockMode)
{
this.cipherMode = CipherMode.CBC;
}
this.keyMaterialSize = keyMaterialSize;
this.expandedKeyMaterialSize= expandedKeyMaterialSize;
this.effectiveKeyBits = effectiveKeyBits;
this.ivSize = ivSize;
this.blockSize = blockSize;
this.keyBlockSize = (this.keyMaterialSize + this.HashSize + this.ivSize) << 1;
}
internal static bool VerifyServerCertificate(TlsContext context, MX.X509Certificate certificate, ExchangeAlgorithmType algorithm)
{
if (context.NegotiatedProtocol == TlsProtocolCode.Tls12 && certificate.Version < 3)
{
throw new TlsException(AlertDescription.UnsupportedCertificate, "X.509v3 server certificate required");
}
if (certificate.KeyAlgorithm != null && !certificate.KeyAlgorithm.Equals(OidKeyAlgorithmRsa))
{
return(false);
}
if (certificate.SignatureAlgorithm != null && !VerifySignatureAlgorithm(certificate.SignatureAlgorithm))
{
return(false);
}
switch (algorithm)
{
case ExchangeAlgorithmType.Rsa:
return(VerifyKeyUsage(certificate, KeyUsages.keyEncipherment, OidServerAuth));
case ExchangeAlgorithmType.Dhe:
case ExchangeAlgorithmType.EcDhe:
return(VerifyKeyUsage(certificate, KeyUsages.digitalSignature, OidServerAuth));
default:
throw new TlsException(AlertDescription.InternalError);
}
}
private void Initialize()
{
if (this.ptr == IntPtr.Zero || isInitialized)
{
return;
}
isInitialized = true;
// marshal the structure
raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER));
// start picking the data out
bool isExport = IsExport(raw.algo_strength);
int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength);
int keyLength = ExportKeyLength(raw.algorithms, raw.algo_strength);
// Get the SSL Protocol version
if ((raw.algorithms & SSL_SSLV2) == SSL_SSLV2)
{
sslProtocol = SslProtocols.Ssl2;
}
else if ((raw.algorithms & SSL_SSLV3) == SSL_SSLV3)
{
sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here...
}
// set the keyExchange strength
keyExchangeStrength = privateKeyLength;
// Get the Key Exchange cipher and strength
switch (raw.algorithms & SSL_MKEY_MASK)
{
case SSL_kRSA:
keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX;
break;
case SSL_kDHr:
case SSL_kDHd:
case SSL_kEDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman;
break;
case SSL_kKRB5: /* VRS */
case SSL_KRB5: /* VRS */
keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos;
break;
case SSL_kFZA:
keyExchangeAlgorithm = ExchangeAlgorithmType.Fortezza;
break;
case SSL_kECDH:
case SSL_kECDHE:
keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman;
break;
}
// Get the authentication method
switch (raw.algorithms & SSL_AUTH_MASK)
{
case SSL_aRSA:
authMethod = AuthenticationMethod.Rsa;
break;
case SSL_aDSS:
authMethod = AuthenticationMethod.Dss;
break;
case SSL_aDH:
authMethod = AuthenticationMethod.DiffieHellman;
break;
case SSL_aKRB5: /* VRS */
case SSL_KRB5: /* VRS */
authMethod = AuthenticationMethod.Kerberos;
break;
case SSL_aFZA:
case SSL_aNULL:
authMethod = AuthenticationMethod.None;
break;
case SSL_aECDSA:
authMethod = AuthenticationMethod.ECDsa;
break;
}
// Get the symmetric encryption cipher info
switch (raw.algorithms & SSL_ENC_MASK)
{
case SSL_DES:
cipherAlgorithm = CipherAlgorithmType.Des;
if (isExport && keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
break;
case SSL_3DES:
cipherAlgorithm = CipherAlgorithmType.TripleDes;
cipherStrength = 168;
break;
case SSL_RC4:
cipherAlgorithm = CipherAlgorithmType.Rc4;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC)
{
cipherStrength = 64;
}
else
{
cipherStrength = 128;
}
}
break;
case SSL_RC2:
cipherAlgorithm = CipherAlgorithmType.Rc2;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
cipherStrength = 128;
}
break;
case SSL_IDEA:
cipherAlgorithm = CipherAlgorithmType.Idea;
cipherStrength = 128;
break;
case SSL_eFZA:
cipherAlgorithm = CipherAlgorithmType.Fortezza;
break;
case SSL_eNULL:
cipherAlgorithm = CipherAlgorithmType.None;
break;
case SSL_AES:
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break;
case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break;
}
break;
case SSL_CAMELLIA:
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break;
}
break;
case SSL_SEED:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
}
// Get the MAC info
switch (raw.algorithms & SSL_MAC_MASK)
{
case SSL_MD5:
hashAlgorithm = HashAlgorithmType.Md5;
break;
case SSL_SHA1:
hashAlgorithm = HashAlgorithmType.Sha1;
break;
default:
hashAlgorithm = HashAlgorithmType.None;
break;
}
}
private void Initialize()
{
if (this.ptr == IntPtr.Zero || isInitialized)
{
return;
}
isInitialized = true;
// marshal the structure
raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER));
// start picking the data out
bool isExport = IsExport(raw.algo_strength);
int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength);
int keyLength = ExportKeyLength(raw.algorithms, raw.algo_strength);
// Get the SSL Protocol version
if ((raw.algorithms & SSL_SSLV2) == SSL_SSLV2)
{
sslProtocol = SslProtocols.Ssl2;
}
else if ((raw.algorithms & SSL_SSLV3) == SSL_SSLV3)
{
sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here...
}
// set the keyExchange strength
keyExchangeStrength = privateKeyLength;
// Get the Key Exchange cipher and strength
switch (raw.algorithms & SSL_MKEY_MASK)
{
case SSL_kRSA:
keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX;
break;
case SSL_kDHr:
case SSL_kDHd:
case SSL_kEDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman;
break;
case SSL_kKRB5: /* VRS */
case SSL_KRB5: /* VRS */
keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos;
break;
case SSL_kFZA:
keyExchangeAlgorithm = ExchangeAlgorithmType.Fortezza;
break;
case SSL_kECDH:
case SSL_kECDHE:
keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman;
break;
}
// Get the authentication method
switch (raw.algorithms & SSL_AUTH_MASK)
{
case SSL_aRSA:
authMethod = AuthenticationMethod.Rsa;
break;
case SSL_aDSS:
authMethod = AuthenticationMethod.Dss;
break;
case SSL_aDH:
authMethod = AuthenticationMethod.DiffieHellman;
break;
case SSL_aKRB5: /* VRS */
case SSL_KRB5: /* VRS */
authMethod = AuthenticationMethod.Kerberos;
break;
case SSL_aFZA:
case SSL_aNULL:
authMethod = AuthenticationMethod.None;
break;
case SSL_aECDSA:
authMethod = AuthenticationMethod.ECDsa;
break;
}
// Get the symmetric encryption cipher info
switch (raw.algorithms & SSL_ENC_MASK)
{
case SSL_DES:
cipherAlgorithm = CipherAlgorithmType.Des;
if (isExport && keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
break;
case SSL_3DES:
cipherAlgorithm = CipherAlgorithmType.TripleDes;
cipherStrength = 168;
break;
case SSL_RC4:
cipherAlgorithm = CipherAlgorithmType.Rc4;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC)
{
cipherStrength = 64;
}
else
{
cipherStrength = 128;
}
}
break;
case SSL_RC2:
cipherAlgorithm = CipherAlgorithmType.Rc2;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
cipherStrength = 128;
}
break;
case SSL_IDEA:
cipherAlgorithm = CipherAlgorithmType.Idea;
cipherStrength = 128;
break;
case SSL_eFZA:
cipherAlgorithm = CipherAlgorithmType.Fortezza;
break;
case SSL_eNULL:
cipherAlgorithm = CipherAlgorithmType.None;
break;
case SSL_AES:
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break;
case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break;
}
break;
case SSL_CAMELLIA:
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break;
}
break;
case SSL_SEED:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
}
// Get the MAC info
switch (raw.algorithms & SSL_MAC_MASK)
{
case SSL_MD5:
hashAlgorithm = HashAlgorithmType.Md5;
break;
case SSL_SHA1:
hashAlgorithm = HashAlgorithmType.Sha1;
break;
default:
hashAlgorithm = HashAlgorithmType.None;
break;
}
}
public CipherSuite (
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
{
Code = code;
Name = code.ToString ();
CipherAlgorithmType = cipherAlgorithmType;
HashAlgorithmType = hashAlgorithmType;
ExchangeAlgorithmType = exchangeAlgorithmType;
}
public TlsCipherSuite11 (
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
: base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
{
}
public TlsCipherSuite12(
CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType,
HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType)
: base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType)
{
}
private void Initialize()
{
if (this.ptr == IntPtr.Zero || isInitialized)
{
return;
}
isInitialized = true;
// marshal the structure
raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER));
// start picking the data out
bool isExport = IsExport(raw.algo_strength);
int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength);
int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength);
// Get the SSL Protocol version
if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2)
{
sslProtocol = SslProtocols.Ssl2;
}
else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3)
{
sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here...
}
else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2)
{
sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented
}
// set the keyExchange strength
keyExchangeStrength = privateKeyLength;
// Get the Key Exchange cipher and strength
switch (raw.algorithm_mkey)
{
case SSL_kRSA:
keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX;
break;
case SSL_kDHr:
case SSL_kDHd:
case SSL_kEDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman;
break;
case SSL_kKRB5:
keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos;
break;
case SSL_kECDHr:
case SSL_kECDHe:
case SSL_kEECDH:
keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman;
break;
case SSL_kPSK:
keyExchangeAlgorithm = ExchangeAlgorithmType.PSK;
break;
case SSL_kGOST:
keyExchangeAlgorithm = ExchangeAlgorithmType.GOST;
break;
case SSL_kSRP:
keyExchangeAlgorithm = ExchangeAlgorithmType.SRP;
break;
}
// Get the authentication method
switch (raw.algorithm_auth)
{
case SSL_aRSA:
authMethod = AuthenticationMethod.Rsa;
break;
case SSL_aDSS:
authMethod = AuthenticationMethod.Dss;
break;
case SSL_aDH:
authMethod = AuthenticationMethod.DiffieHellman;
break;
case SSL_aKRB5: /* VRS */
authMethod = AuthenticationMethod.Kerberos;
break;
case SSL_aNULL:
authMethod = AuthenticationMethod.None;
break;
case SSL_aECDSA:
authMethod = AuthenticationMethod.ECDsa;
break;
case SSL_aPSK:
authMethod = AuthenticationMethod.PSK;
break;
case SSL_aGOST94:
authMethod = AuthenticationMethod.GOST;
break;
case SSL_aGOST01:
authMethod = AuthenticationMethod.GOST;
break;
}
// Get the symmetric encryption cipher info
switch (raw.algorithm_enc)
{
case SSL_DES:
cipherAlgorithm = CipherAlgorithmType.Des;
if (isExport && keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
break;
case SSL_3DES:
cipherAlgorithm = CipherAlgorithmType.TripleDes;
cipherStrength = 168;
break;
case SSL_RC4:
cipherAlgorithm = CipherAlgorithmType.Rc4;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC)
{
cipherStrength = 64;
}
else
{
cipherStrength = 128;
}
}
break;
case SSL_RC2:
cipherAlgorithm = CipherAlgorithmType.Rc2;
if (isExport)
{
if (keyLength == 5)
{
cipherStrength = 40;
}
else
{
cipherStrength = 56;
}
}
else
{
cipherStrength = 128;
}
break;
case SSL_IDEA:
cipherAlgorithm = CipherAlgorithmType.Idea;
cipherStrength = 128;
break;
case SSL_eNULL:
cipherAlgorithm = CipherAlgorithmType.None;
break;
case SSL_AES128:
cipherAlgorithm = CipherAlgorithmType.Aes128;
cipherStrength = 128;
break;
case SSL_AES256:
cipherAlgorithm = CipherAlgorithmType.Aes256;
cipherStrength = 256;
break;
case SSL_AES128GCM:
cipherAlgorithm = CipherAlgorithmType.Aes128GCM;
cipherStrength = 128;
break;
case SSL_AES256GCM:
cipherAlgorithm = CipherAlgorithmType.Aes256GCM;
cipherStrength = 256;
break;
/*
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break;
case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break;
}
*/
case SSL_CAMELLIA128:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
case SSL_CAMELLIA256:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
/*
switch (raw.strength_bits)
{
case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break;
case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break;
}
*/
case SSL_eGOST2814789CNT:
cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT;
cipherStrength = 128; // ???
break;
case SSL_SEED:
cipherAlgorithm = CipherAlgorithmType.Seed;
cipherStrength = 128;
break;
}
// Get the MAC info
switch (raw.algorithm_mac)
{
case SSL_MD5:
hashAlgorithm = HashAlgorithmType.Md5;
break;
case SSL_SHA1:
hashAlgorithm = HashAlgorithmType.Sha1;
break;
case SSL_GOST94:
hashAlgorithm = HashAlgorithmType.Gost94;
break;
case SSL_GOST89MAC:
hashAlgorithm = HashAlgorithmType.Gost89MAC;
break;
case SSL_SHA256:
hashAlgorithm = HashAlgorithmType.Sha256;
break;
case SSL_SHA384:
hashAlgorithm = HashAlgorithmType.Sha384;
break;
default:
hashAlgorithm = HashAlgorithmType.None;
break;
}
}
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize)
: base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
{
int num = (hashAlgorithmType != 0) ? 40 : 48;
pad1 = new byte[num];
pad2 = new byte[num];
for (int i = 0; i < num; i++)
{
pad1[i] = 54;
pad2[i] = 92;
}
}
