public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { this.code = code; this.name = name; this.cipherAlgorithmType = cipherAlgorithmType; this.hashAlgorithmType = hashAlgorithmType; this.exchangeAlgorithmType = exchangeAlgorithmType; this.isExportable = exportable; if (blockMode) { this.cipherMode = CipherMode.CBC; } this.keyMaterialSize = keyMaterialSize; this.expandedKeyMaterialSize = expandedKeyMaterialSize; this.effectiveKeyBits = effectiveKeyBits; this.ivSize = ivSize; this.blockSize = blockSize; this.keyBlockSize = (int)this.keyMaterialSize + this.HashSize + (int)this.ivSize << 1; }
public CipherSuite Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (this.protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: return((CipherSuite)this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); case SecurityProtocolType.Ssl3: return((CipherSuite)this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); default: throw new NotSupportedException("Unsupported security protocol type."); } }
public TlsCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base( code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { }
public CipherSuite( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString(); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
public TlsCipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) :base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { }
protected void OnRemoteConnectionAuthenticated(SslProtocols protocol, System.Security.Cryptography.X509Certificates.X509Certificate2 remoteCertificate, CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { if (RemoteConnectionAuthenticated != null) { RemoteConnectionAuthenticated(protocol, remoteCertificate, cipherAlgorithmType, cipherAlgorithmStrength, hashAlgorithmType, hashAlgorithmStrength, exchangeAlgorithmType, exchangeAlgorithmStrength); } }
protected void OnLocalConnectionAuthenticated(SslProtocols protocol, CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { if (LocalConnectionAuthenticated != null) { LocalConnectionAuthenticated(protocol, cipherAlgorithmType, cipherAlgorithmStrength, hashAlgorithmType, hashAlgorithmStrength, exchangeAlgorithmType, exchangeAlgorithmStrength); } }
public static KeyExchange Create (TlsProtocolCode protocol, ExchangeAlgorithmType algorithm) { switch (algorithm) { case ExchangeAlgorithmType.RsaSign: return new RSAKeyExchange (); case ExchangeAlgorithmType.DiffieHellman: return new DiffieHellmanKeyExchange (protocol); default: throw new InvalidOperationException (); } }
private static string KeyExToString(ExchangeAlgorithmType keyex) { // For some reason ECDH isn't showing up if (keyex == (ExchangeAlgorithmType)44550) { return("ECDH"); } else { return(keyex.ToString()); } }
public void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { WriteEvent(SspiSelectedCipherSuitId, process, (int)sslProtocol, (int)cipherAlgorithm, cipherStrength, (int)hashAlgorithm, hashStrength, (int)keyExchangeAlgorithm, keyExchangeStrength); }
public static KeyExchange Create(ExchangeAlgorithmType algorithm) { switch (algorithm) { case ExchangeAlgorithmType.RsaSign: return(new RSAKeyExchange()); case ExchangeAlgorithmType.DiffieHellman: return(new DiffieHellmanKeyExchange()); default: throw new InvalidOperationException(); } }
public static KeyExchange Create(TlsProtocolCode protocol, ExchangeAlgorithmType algorithm) { switch (algorithm) { case ExchangeAlgorithmType.Rsa: return(new RSAKeyExchange()); case ExchangeAlgorithmType.Dhe: return(new DiffieHellmanKeyExchange(protocol)); case ExchangeAlgorithmType.EcDhe: return(new EllipticCurveKeyExchange()); default: throw new InvalidOperationException(); } }
private static TlsMapping Build( ExchangeAlgorithmType exchange, CipherAlgorithmType cipher, int cipherSize, HashAlgorithmType hash) { int hashSize = GetHashSize(hash); return(new TlsMapping { KeyExchangeAlgorithm = exchange, CipherAlgorithm = cipher, CipherAlgorithmStrength = cipherSize, HashAlgorithm = hash, HashAlgorithmStrength = hashSize, }); }
public void Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: Add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); break; case SecurityProtocolType.Ssl3: Add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); break; } }
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base( code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40; // Fill pad arrays this.pad1 = new byte[padLength]; this.pad2 = new byte[padLength]; /* Pad the key for inner and outer digest */ for (int i = 0; i < padLength; ++i) { this.pad1[i] = 0x36; this.pad2[i] = 0x5C; } }
internal unsafe void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { if (!s_log.IsEnabled()) { return; } fixed(char *arg1Ptr = process) { const int SizeData = 8; EventData *dataDesc = stackalloc EventSource.EventData[SizeData]; dataDesc[0].DataPointer = (IntPtr)(arg1Ptr); dataDesc[0].Size = (process.Length + 1) * sizeof(char); dataDesc[1].DataPointer = (IntPtr)(&sslProtocol); dataDesc[1].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&cipherStrength); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm); dataDesc[4].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&hashStrength); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength); dataDesc[4].Size = sizeof(int); WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc); } }
internal static bool VerifyServerCertificate (TlsContext context, MX.X509Certificate certificate, ExchangeAlgorithmType algorithm) { if (context.NegotiatedProtocol == TlsProtocolCode.Tls12 && certificate.Version < 3) throw new TlsException (AlertDescription.UnsupportedCertificate, "X.509v3 server certificate required"); if (certificate.KeyAlgorithm != null && !certificate.KeyAlgorithm.Equals (OidKeyAlgorithmRsa)) return false; if (certificate.SignatureAlgorithm != null && !VerifySignatureAlgorithm (certificate.SignatureAlgorithm)) return false; switch (algorithm) { case ExchangeAlgorithmType.Rsa: return VerifyKeyUsage (certificate, KeyUsages.keyEncipherment, OidServerAuth); case ExchangeAlgorithmType.Dhe: case ExchangeAlgorithmType.EcDhe: return VerifyKeyUsage (certificate, KeyUsages.digitalSignature, OidServerAuth); default: throw new TlsException (AlertDescription.InternalError); } }
public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { Code = code; Name = name; CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; IsExportable = exportable; if (blockMode) { CipherMode = CipherMode.CBC; } KeyMaterialSize = keyMaterialSize; ExpandedKeyMaterialSize = expandedKeyMaterialSize; EffectiveKeyBits = effectiveKeyBits; IvSize = ivSize; this.blockSize = blockSize; KeyBlockSize = (KeyMaterialSize + HashSize + IvSize) << 1; }
public SslCipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40; // Fill pad arrays this.pad1 = new byte[padLength]; this.pad2 = new byte[padLength]; /* Pad the key for inner and outer digest */ for (int i = 0; i < padLength; ++i) { this.pad1[i] = 0x36; this.pad2[i] = 0x5C; } }
internal unsafe void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { if (!s_log.IsEnabled()) { return; } fixed (char* arg1Ptr = process) { const int SizeData = 8; EventData* dataDesc = stackalloc EventSource.EventData[SizeData]; dataDesc[0].DataPointer = (IntPtr)(arg1Ptr); dataDesc[0].Size = (process.Length + 1) * sizeof(char); dataDesc[1].DataPointer = (IntPtr)(&sslProtocol); dataDesc[1].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&cipherStrength); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm); dataDesc[4].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&hashStrength); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength); dataDesc[4].Size = sizeof(int); WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc); } }
public CipherSuite Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (this.protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: return this.add( new TlsCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); case SecurityProtocolType.Ssl3: return this.add( new SslCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); case SecurityProtocolType.Ssl2: default: throw new NotSupportedException("Unsupported security protocol type."); } }
public CipherSuite Add(short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { SecurityProtocolType securityProtocolType = this.protocol; if (securityProtocolType != SecurityProtocolType.Default) { if (securityProtocolType != SecurityProtocolType.Ssl2) { if (securityProtocolType == SecurityProtocolType.Ssl3) { return(this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); } if (securityProtocolType == SecurityProtocolType.Tls) { goto IL_32; } } throw new NotSupportedException("Unsupported security protocol type."); } IL_32: return(this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); }
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2) { sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithm_mkey) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kECDHr: case SSL_kECDHe: case SSL_kEECDH: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; case SSL_kPSK: keyExchangeAlgorithm = ExchangeAlgorithmType.PSK; break; case SSL_kGOST: keyExchangeAlgorithm = ExchangeAlgorithmType.GOST; break; case SSL_kSRP: keyExchangeAlgorithm = ExchangeAlgorithmType.SRP; break; } // Get the authentication method switch (raw.algorithm_auth) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; case SSL_aPSK: authMethod = AuthenticationMethod.PSK; break; case SSL_aGOST94: authMethod = AuthenticationMethod.GOST; break; case SSL_aGOST01: authMethod = AuthenticationMethod.GOST; break; } // Get the symmetric encryption cipher info switch (raw.algorithm_enc) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES128: cipherAlgorithm = CipherAlgorithmType.Aes128; cipherStrength = 128; break; case SSL_AES256: cipherAlgorithm = CipherAlgorithmType.Aes256; cipherStrength = 256; break; case SSL_AES128GCM: cipherAlgorithm = CipherAlgorithmType.Aes128GCM; cipherStrength = 128; break; case SSL_AES256GCM: cipherAlgorithm = CipherAlgorithmType.Aes256GCM; cipherStrength = 256; break; /* * switch (raw.strength_bits) * { * case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; * case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; * case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; * } */ case SSL_CAMELLIA128: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; case SSL_CAMELLIA256: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; /* * switch (raw.strength_bits) * { * case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; * case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; * } */ case SSL_eGOST2814789CNT: cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT; cipherStrength = 128; // ??? break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithm_mac) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; case SSL_GOST94: hashAlgorithm = HashAlgorithmType.Gost94; break; case SSL_GOST89MAC: hashAlgorithm = HashAlgorithmType.Gost89MAC; break; case SSL_SHA256: hashAlgorithm = HashAlgorithmType.Sha256; break; case SSL_SHA384: hashAlgorithm = HashAlgorithmType.Sha384; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { this.code = code; this.name = name; this.cipherAlgorithmType = cipherAlgorithmType; this.hashAlgorithmType = hashAlgorithmType; this.exchangeAlgorithmType = exchangeAlgorithmType; this.isExportable = exportable; if (blockMode) { this.cipherMode = CipherMode.CBC; } this.keyMaterialSize = keyMaterialSize; this.expandedKeyMaterialSize= expandedKeyMaterialSize; this.effectiveKeyBits = effectiveKeyBits; this.ivSize = ivSize; this.blockSize = blockSize; this.keyBlockSize = (this.keyMaterialSize + this.HashSize + this.ivSize) << 1; }
internal static bool VerifyServerCertificate(TlsContext context, MX.X509Certificate certificate, ExchangeAlgorithmType algorithm) { if (context.NegotiatedProtocol == TlsProtocolCode.Tls12 && certificate.Version < 3) { throw new TlsException(AlertDescription.UnsupportedCertificate, "X.509v3 server certificate required"); } if (certificate.KeyAlgorithm != null && !certificate.KeyAlgorithm.Equals(OidKeyAlgorithmRsa)) { return(false); } if (certificate.SignatureAlgorithm != null && !VerifySignatureAlgorithm(certificate.SignatureAlgorithm)) { return(false); } switch (algorithm) { case ExchangeAlgorithmType.Rsa: return(VerifyKeyUsage(certificate, KeyUsages.keyEncipherment, OidServerAuth)); case ExchangeAlgorithmType.Dhe: case ExchangeAlgorithmType.EcDhe: return(VerifyKeyUsage(certificate, KeyUsages.digitalSignature, OidServerAuth)); default: throw new TlsException(AlertDescription.InternalError); } }
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithms, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithms & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithms & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithms & SSL_MKEY_MASK) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: /* VRS */ case SSL_KRB5: /* VRS */ keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kFZA: keyExchangeAlgorithm = ExchangeAlgorithmType.Fortezza; break; case SSL_kECDH: case SSL_kECDHE: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; } // Get the authentication method switch (raw.algorithms & SSL_AUTH_MASK) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ case SSL_KRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aFZA: case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; } // Get the symmetric encryption cipher info switch (raw.algorithms & SSL_ENC_MASK) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eFZA: cipherAlgorithm = CipherAlgorithmType.Fortezza; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES: switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; } break; case SSL_CAMELLIA: switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; } break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithms & SSL_MAC_MASK) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
public CipherSuite ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString (); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
public TlsCipherSuite11 ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
public TlsCipherSuite12( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2) { sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithm_mkey) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kECDHr: case SSL_kECDHe: case SSL_kEECDH: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; case SSL_kPSK: keyExchangeAlgorithm = ExchangeAlgorithmType.PSK; break; case SSL_kGOST: keyExchangeAlgorithm = ExchangeAlgorithmType.GOST; break; case SSL_kSRP: keyExchangeAlgorithm = ExchangeAlgorithmType.SRP; break; } // Get the authentication method switch (raw.algorithm_auth) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; case SSL_aPSK: authMethod = AuthenticationMethod.PSK; break; case SSL_aGOST94: authMethod = AuthenticationMethod.GOST; break; case SSL_aGOST01: authMethod = AuthenticationMethod.GOST; break; } // Get the symmetric encryption cipher info switch (raw.algorithm_enc) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES128: cipherAlgorithm = CipherAlgorithmType.Aes128; cipherStrength = 128; break; case SSL_AES256: cipherAlgorithm = CipherAlgorithmType.Aes256; cipherStrength = 256; break; case SSL_AES128GCM: cipherAlgorithm = CipherAlgorithmType.Aes128GCM; cipherStrength = 128; break; case SSL_AES256GCM: cipherAlgorithm = CipherAlgorithmType.Aes256GCM; cipherStrength = 256; break; /* switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; } */ case SSL_CAMELLIA128: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; case SSL_CAMELLIA256: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; /* switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; } */ case SSL_eGOST2814789CNT: cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT; cipherStrength = 128; // ??? break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithm_mac) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; case SSL_GOST94: hashAlgorithm = HashAlgorithmType.Gost94; break; case SSL_GOST89MAC: hashAlgorithm = HashAlgorithmType.Gost89MAC; break; case SSL_SHA256: hashAlgorithm = HashAlgorithmType.Sha256; break; case SSL_SHA384: hashAlgorithm = HashAlgorithmType.Sha384; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int num = (hashAlgorithmType != 0) ? 40 : 48; pad1 = new byte[num]; pad2 = new byte[num]; for (int i = 0; i < num; i++) { pad1[i] = 54; pad2[i] = 92; } }