public static HandshakeMessage ReadMessage (TlsContext context, HandshakeType handshakeType, TlsBuffer incoming)
{
HandshakeMessage message;
switch (handshakeType) {
case HandshakeType.HelloRequest:
message = new TlsHelloRequest ();
break;
case HandshakeType.ServerHello:
return new TlsServerHello (context, incoming);
case HandshakeType.Certificate:
return new TlsCertificate (incoming);
case HandshakeType.ServerHelloDone:
message = new TlsServerHelloDone ();
break;
case HandshakeType.Finished:
return new TlsFinished (incoming);
case HandshakeType.ClientHello:
return new TlsClientHello (context, incoming);
case HandshakeType.ClientKeyExchange:
return new TlsClientKeyExchange (context, incoming);
case HandshakeType.CertificateRequest:
return new TlsCertificateRequest (context.NegotiatedProtocol, incoming);
case HandshakeType.CertificateVerify:
return new TlsCertificateVerify (context.NegotiatedProtocol, incoming);
case HandshakeType.ServerKeyExchange:
return new TlsServerKeyExchange (context, incoming);
default:
throw new TlsException (AlertDescription.UnexpectedMessage, "Unknown server handshake message received: {0}", handshakeType);
}
message.Read (incoming);
return message;
}
public TlsClientHello (TlsContext context, TlsBuffer incoming)
: base (HandshakeType.ClientHello)
{
ClientProtocol = (TlsProtocolCode)incoming.ReadInt16 ();
Read (incoming);
}
public override void GenerateClient (TlsContext ctx)
{
// Compute pre master secret
using (var preMasterSecret = ctx.Session.GetSecureRandomBytes (48)) {
preMasterSecret.Buffer [0] = (byte)((short)ctx.Configuration.RequestedProtocol >> 8);
preMasterSecret.Buffer [1] = (byte)ctx.Configuration.RequestedProtocol;
RSA rsa = null;
// Create a new RSA key
var serverCertificates = ctx.Session.PendingCrypto.ServerCertificates;
if (serverCertificates == null || serverCertificates.Count == 0) {
// FIXME: Should have received ServerKeyExchange message.
throw new TlsException (AlertDescription.IlegalParameter);
} else {
rsa = new RSAManaged (serverCertificates [0].RSA.KeySize);
rsa.ImportParameters (serverCertificates [0].RSA.ExportParameters (false));
}
ComputeMasterSecret (ctx, preMasterSecret);
// Encrypt premaster_sercret
var formatter = new RSAPKCS1KeyExchangeFormatter (rsa);
encryptedPreMasterSecret = formatter.CreateKeyExchange (preMasterSecret.Buffer);
rsa.Clear ();
}
}
/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.context = context;
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, 64);
KeyParameter client_write_key = new KeyParameter(key_block, 0, 32);
KeyParameter server_write_key = new KeyParameter(key_block, 32, 32);
this.encryptCipher = new ChaChaEngine(20);
this.decryptCipher = new ChaChaEngine(20);
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[8];
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, dummyNonce));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, dummyNonce));
}
public DiffieHellmanKeyExchange (TlsContext ctx)
{
this.protocol = ctx.NegotiatedProtocol;
switch (protocol) {
case TlsProtocolCode.Tls12:
Signature = new SignatureTls12 (ctx.Session.ServerSignatureAlgorithm);
break;
case TlsProtocolCode.Tls10:
Signature = new SignatureTls10 ();
break;
case TlsProtocolCode.Tls11:
Signature = new SignatureTls11 ();
break;
default:
throw new NotSupportedException ();
}
dh = new DiffieHellmanManaged ();
Y = dh.CreateKeyExchange ();
var dhparams = dh.ExportParameters (true);
P = dhparams.P;
G = dhparams.G;
using (var buffer = CreateParameterBuffer (ctx.HandshakeParameters))
Signature.Create (buffer, ctx.Configuration.PrivateKey);
}
public TlsServerHello (TlsContext context, TlsBuffer incoming)
: base (HandshakeType.ServerHello)
{
ServerProtocol = (TlsProtocolCode)incoming.ReadInt16 ();
Read (incoming);
}
internal static RenegotiationExtension CreateClient (TlsContext context)
{
if (!context.Session.SecureRenegotiation && (context.Configuration.RenegotiationFlags & RenegotiationFlags.SendClientHelloExtension) == 0)
return null;
context.HandshakeParameters.RequestedSecureNegotiation = true;
return new RenegotiationExtension (context.Session.ClientVerifyData);
}
internal static TlsEncryptionCredentials LoadEncryptionCredentials(TlsContext context,
string[] certResources, string keyResource)
{
Certificate certificate = LoadCertificateChain(certResources);
AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
return new DefaultTlsEncryptionCredentials(context, certificate, privateKey);
}
internal static TlsSignerCredentials LoadSignerCredentials(TlsContext context, string[] certResources,
string keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
Certificate certificate = LoadCertificateChain(certResources);
AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource);
return new DefaultTlsSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm);
}
/// <exception cref="IOException"></exception>
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.context = context;
this.macSize = macSize;
// NOTE: Valid for RFC 5288/6655 ciphers but may need review for other AEAD ciphers
this.nonce_explicit_length = 8;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 4;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
throw new TlsFatalAlert(AlertDescription.internal_error);
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + nonce_explicit_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
public override void Init(TlsContext context)
{
base.Init(context);
if (this.mTlsSigner != null)
{
this.mTlsSigner.Init(context);
}
}
public override void GenerateClient (TlsContext ctx)
{
using (var dh = new DiffieHellmanManaged (P, G, 0)) {
using (var X = new SecureBuffer (dh.DecryptKeyExchange (Y))) {
Y = dh.CreateKeyExchange ();
ComputeMasterSecret (ctx, X);
}
}
}
public override void GenerateClient (TlsContext context)
{
GenerateKeyPair (context, domainParameters, out clientQ, out clientD);
clientKey = ExternalizeKey (clientQ);
var agreement = CalculateAgreement (serverQ, clientD);
using (var preMaster = new SecureBuffer (agreement.ToByteArrayUnsigned ()))
ComputeMasterSecret (context, preMaster);
}
internal virtual void Init(TlsContext context)
{
this.mReadCipher = new TlsNullCipher(context);
this.mWriteCipher = this.mReadCipher;
this.mHandshakeHash = new DeferredHash();
this.mHandshakeHash.Init(context);
SetPlaintextLimit(DEFAULT_PLAINTEXT_LIMIT);
}
/// <exception cref="IOException"></exception>
public override TlsCipher CreateCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm)
{
switch (encryptionAlgorithm)
{
case EncryptionAlgorithm.cls_3DES_EDE_CBC:
return CreateDesEdeCipher(context, macAlgorithm);
case EncryptionAlgorithm.AES_128_CBC:
return CreateAESCipher(context, 16, macAlgorithm);
case EncryptionAlgorithm.AES_128_CCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ccm(context, 16, 16);
case EncryptionAlgorithm.AES_128_CCM_8:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ccm(context, 16, 8);
case EncryptionAlgorithm.AES_128_GCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Gcm(context, 16, 16);
case EncryptionAlgorithm.AES_128_OCB_TAGLEN96:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ocb(context, 16, 12);
case EncryptionAlgorithm.AES_256_CBC:
return CreateAESCipher(context, 32, macAlgorithm);
case EncryptionAlgorithm.AES_256_CCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ccm(context, 32, 16);
case EncryptionAlgorithm.AES_256_CCM_8:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ccm(context, 32, 8);
case EncryptionAlgorithm.AES_256_GCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Gcm(context, 32, 16);
case EncryptionAlgorithm.AES_256_OCB_TAGLEN96:
// NOTE: Ignores macAlgorithm
return CreateCipher_Aes_Ocb(context, 32, 12);
case EncryptionAlgorithm.CAMELLIA_128_CBC:
return CreateCamelliaCipher(context, 16, macAlgorithm);
case EncryptionAlgorithm.CAMELLIA_128_GCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Camellia_Gcm(context, 16, 16);
case EncryptionAlgorithm.CAMELLIA_256_CBC:
return CreateCamelliaCipher(context, 32, macAlgorithm);
case EncryptionAlgorithm.CAMELLIA_256_GCM:
// NOTE: Ignores macAlgorithm
return CreateCipher_Camellia_Gcm(context, 32, 16);
case EncryptionAlgorithm.CHACHA20_POLY1305:
// NOTE: Ignores macAlgorithm
return CreateChaCha20Poly1305(context);
case EncryptionAlgorithm.NULL:
return CreateNullCipher(context, macAlgorithm);
case EncryptionAlgorithm.RC4_128:
return CreateRC4Cipher(context, 16, macAlgorithm);
case EncryptionAlgorithm.SEED_CBC:
return CreateSeedCipher(context, macAlgorithm);
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
public override void HandleClient (TlsContext context, KeyExchange clientExchange)
{
var clientKey = ((EllipticCurveKeyExchange)clientExchange).clientKey;
clientQ = domainParameters.Curve.DecodePoint (clientKey);
var agreement = CalculateAgreement (clientQ, serverD);
using (var preMaster = new SecureBuffer (agreement.ToByteArrayUnsigned ()))
ComputeMasterSecret (context, preMaster);
}
/**
* Parse a {@link DigitallySigned} from a {@link Stream}.
*
* @param context
* the {@link TlsContext} of the current connection.
* @param input
* the {@link Stream} to parse from.
* @return a {@link DigitallySigned} object.
* @throws IOException
*/
public static DigitallySigned Parse(TlsContext context, Stream input)
{
SignatureAndHashAlgorithm algorithm = null;
if (TlsUtilities.IsTlsV12(context))
{
algorithm = SignatureAndHashAlgorithm.Parse(input);
}
byte[] signature = TlsUtilities.ReadOpaque16(input);
return new DigitallySigned(algorithm, signature);
}
void ComputeMasterSecret (DisposeContext d, TlsContext ctx, SecureBuffer preMasterSecret)
{
// Compute ClientRandom + ServerRandom
int clen = ctx.HandshakeParameters.ClientRandom.Size;
int slen = ctx.HandshakeParameters.ServerRandom.Size;
int rlen = clen + slen;
var cs = d.CreateBuffer (rlen);
Buffer.BlockCopy (ctx.HandshakeParameters.ClientRandom.Buffer, 0, cs.Buffer, 0, clen);
Buffer.BlockCopy (ctx.HandshakeParameters.ServerRandom.Buffer, 0, cs.Buffer, clen, slen);
// Server Random + Client Random
var sc = d.CreateBuffer (rlen);
Buffer.BlockCopy (ctx.HandshakeParameters.ServerRandom.Buffer, 0, sc.Buffer, 0, slen);
Buffer.BlockCopy (ctx.HandshakeParameters.ClientRandom.Buffer, 0, sc.Buffer, slen, clen);
// Create master secret
var crypto = ctx.Session.PendingCrypto;
crypto.MasterSecret = crypto.Cipher.PRF.ComputeMasterSecret (preMasterSecret, cs);
#if DEBUG_FULL
if (ctx.EnableDebugging) {
DebugHelper.WriteLine ("CS", cs);
DebugHelper.WriteLine ("SC", sc);
DebugHelper.WriteLine ("PRE-MASTER", preMasterSecret);
DebugHelper.WriteLine ("MASTER SECRET", crypto.MasterSecret.Buffer);
}
#endif
var keyBlock = crypto.Cipher.PRF.ComputeKeyExpansion (d, crypto.MasterSecret, sc, crypto.Cipher.KeyBlockSize);
#if DEBUG_FULL
if (ctx.EnableDebugging) {
DebugHelper.WriteLine ("KEY BLOCK SIZE: {0}", crypto.Cipher.KeyBlockSize);
DebugHelper.WriteLine ("KEY BLOCK", keyBlock.Buffer);
}
#endif
crypto.ClientWriteMac = keyBlock.ReadSecureBuffer (crypto.Cipher.HashSize);
crypto.ServerWriteMac = keyBlock.ReadSecureBuffer (crypto.Cipher.HashSize);
crypto.ClientWriteKey = keyBlock.ReadSecureBuffer (crypto.Cipher.KeyMaterialSize);
crypto.ServerWriteKey = keyBlock.ReadSecureBuffer (crypto.Cipher.KeyMaterialSize);
if (crypto.Cipher.HasFixedIV) {
crypto.ClientWriteIV = keyBlock.ReadSecureBuffer (crypto.Cipher.FixedIvSize);
crypto.ServerWriteIV = keyBlock.ReadSecureBuffer (crypto.Cipher.FixedIvSize);
#if DEBUG_FULL
if (ctx.EnableDebugging) {
DebugHelper.WriteLine ("CLIENT IV", crypto.ClientWriteIV.Buffer);
DebugHelper.WriteLine ("SERVER IV", crypto.ServerWriteIV.Buffer);
}
#endif
}
}
/**
* Encode this {@link HeartbeatMessage} to a {@link Stream}.
*
* @param output
* the {@link Stream} to encode to.
* @throws IOException
*/
public virtual void Encode(TlsContext context, Stream output)
{
TlsUtilities.WriteUint8(mType, output);
TlsUtilities.CheckUint16(mPayload.Length);
TlsUtilities.WriteUint16(mPayload.Length, output);
output.Write(mPayload, 0, mPayload.Length);
byte[] padding = new byte[mPaddingLength];
context.NonceRandomGenerator.NextBytes(padding);
output.Write(padding, 0, padding.Length);
}
/// <exception cref="IOException"></exception>
public Chacha20Poly1305(TlsContext context)
{
if (!TlsUtilities.IsTlsV12(context))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.context = context;
int cipherKeySize = 32;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 12;
// TODO SecurityParameters.record_iv_length = 0
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
throw new TlsFatalAlert(AlertDescription.internal_error);
this.encryptCipher = new ChaCha7539Engine();
this.decryptCipher = new ChaCha7539Engine();
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
encryptKey = server_write_key;
decryptKey = client_write_key;
this.encryptIV = server_write_IV;
this.decryptIV = client_write_IV;
}
else
{
encryptKey = client_write_key;
decryptKey = server_write_key;
this.encryptIV = client_write_IV;
this.decryptIV = server_write_IV;
}
this.encryptCipher.Init(true, new ParametersWithIV(encryptKey, encryptIV));
this.decryptCipher.Init(false, new ParametersWithIV(decryptKey, decryptIV));
}
public EllipticCurveKeyExchange (TlsContext context)
{
curveType = ECCurveType.named_curve;
namedCurve = context.Configuration.UserSettings.NamedCurve ?? NamedCurve.secp256k1;
domainParameters = NamedCurveHelper.GetECParameters (namedCurve);
GenerateKeyPair (context, domainParameters, out serverQ, out serverD);
publicBytes = ExternalizeKey (serverQ);
Signature = new SignatureTls12 (context.Session.ServerSignatureAlgorithm);
using (var buffer = CreateParameterBuffer (context.HandshakeParameters))
Signature.Create (buffer, context.Configuration.PrivateKey);
}
/**
* Generate a new instance of an TlsMac.
*
* @param context the TLS client context
* @param digest The digest to use.
* @param key A byte-array where the key for this MAC is located.
* @param keyOff The number of bytes to skip, before the key starts in the buffer.
* @param keyLen The length of the key.
*/
public TlsMac(TlsContext context, IDigest digest, byte[] key, int keyOff, int keyLen)
{
this.context = context;
KeyParameter keyParameter = new KeyParameter(key, keyOff, keyLen);
this.secret = Arrays.Clone(keyParameter.GetKey());
// TODO This should check the actual algorithm, not rely on the engine type
if (digest is LongDigest)
{
this.digestBlockSize = 128;
this.digestOverhead = 16;
}
else
{
this.digestBlockSize = 64;
this.digestOverhead = 8;
}
if (TlsUtilities.IsSsl(context))
{
this.mac = new Ssl3Mac(digest);
// TODO This should check the actual algorithm, not assume based on the digest size
if (digest.GetDigestSize() == 20)
{
/*
* NOTE: When SHA-1 is used with the SSL 3.0 MAC, the secret + input pad is not
* digest block-aligned.
*/
this.digestOverhead = 4;
}
}
else
{
this.mac = new HMac(digest);
// NOTE: The input pad for HMAC is always a full digest block
}
this.mac.Init(keyParameter);
this.macLength = mac.GetMacSize();
if (context.SecurityParameters.truncatedHMac)
{
this.macLength = System.Math.Min(this.macLength, 10);
}
}
internal DtlsRecordLayer(DatagramTransport transport, TlsContext context, TlsPeer peer, byte contentType)
{
this.mTransport = transport;
this.mContext = context;
this.mPeer = peer;
this.mInHandshake = true;
this.mCurrentEpoch = new DtlsEpoch(0, new TlsNullCipher(context));
this.mPendingEpoch = null;
this.mReadEpoch = mCurrentEpoch;
this.mWriteEpoch = mCurrentEpoch;
SetPlaintextLimit(MAX_FRAGMENT_LENGTH);
}
public override void HandleClient (TlsContext ctx, KeyExchange clientExchange)
{
// Read client premaster secret
var encryptedPreMaster = ((RSAKeyExchange)clientExchange).encryptedPreMasterSecret;
if (!ctx.Configuration.HasCredentials)
throw new TlsException (AlertDescription.BadCertificate, "Server certificate Private Key unavailable.");
// Decrypt premaster secret
var deformatter = new RSAPKCS1KeyExchangeDeformatter (ctx.Configuration.PrivateKey);
using (var preMasterSecret = new SecureBuffer (deformatter.DecryptKeyExchange (encryptedPreMaster))) {
// Create master secret
ComputeMasterSecret (ctx, preMasterSecret);
}
}
/// <exception cref="IOException"></exception>
public TlsNullCipher(TlsContext context, IDigest clientWriteDigest, IDigest serverWriteDigest)
{
if ((clientWriteDigest == null) != (serverWriteDigest == null))
throw new TlsFatalAlert(AlertDescription.internal_error);
this.context = context;
TlsMac clientWriteMac = null, serverWriteMac = null;
if (clientWriteDigest != null)
{
int key_block_size = clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
if (context.IsServer)
{
writeMac = serverWriteMac;
readMac = clientWriteMac;
}
else
{
writeMac = clientWriteMac;
readMac = serverWriteMac;
}
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey,
SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
if (certificate.IsEmpty)
throw new ArgumentException("cannot be empty", "clientCertificate");
if (privateKey == null)
throw new ArgumentNullException("privateKey");
if (!privateKey.IsPrivate)
throw new ArgumentException("must be private", "privateKey");
if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");
if (privateKey is RsaKeyParameters)
{
mSigner = new TlsRsaSigner();
}
else if (privateKey is DsaPrivateKeyParameters)
{
mSigner = new TlsDssSigner();
}
else if (privateKey is ECPrivateKeyParameters)
{
mSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: " + privateKey.GetType().FullName, "privateKey");
}
this.mSigner.Init(context);
this.mContext = context;
this.mCertificate = certificate;
this.mPrivateKey = privateKey;
this.mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
/**
* Parse a {@link CertificateUrl} from a {@link Stream}.
*
* @param context
* the {@link TlsContext} of the current connection.
* @param input
* the {@link Stream} to parse from.
* @return a {@link CertificateUrl} object.
* @throws IOException
*/
public static CertificateUrl parse(TlsContext context, Stream input)
{
byte type = TlsUtilities.ReadUint8(input);
if (!CertChainType.IsValid(type))
throw new TlsFatalAlert(AlertDescription.decode_error);
int totalLength = TlsUtilities.ReadUint16(input);
if (totalLength < 1)
throw new TlsFatalAlert(AlertDescription.decode_error);
byte[] urlAndHashListData = TlsUtilities.ReadFully(totalLength, input);
MemoryStream buf = new MemoryStream(urlAndHashListData, false);
IList url_and_hash_list = Platform.CreateArrayList();
while (buf.Position < buf.Length)
{
UrlAndHash url_and_hash = UrlAndHash.Parse(context, buf);
url_and_hash_list.Add(url_and_hash);
}
return new CertificateUrl(type, url_and_hash_list);
}
/// <exception cref="IOException"></exception>
public static byte[] GenerateEncryptedPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPublicKey,
Stream output)
{
/*
* Choose a PremasterSecret and send it encrypted to the server
*/
byte[] premasterSecret = new byte[48];
context.SecureRandom.NextBytes(premasterSecret);
TlsUtilities.WriteVersion(context.ClientVersion, premasterSecret, 0);
Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine());
encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, context.SecureRandom));
try
{
byte[] encryptedPreMasterSecret = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length);
if (TlsUtilities.IsSsl(context))
{
// TODO Do any SSLv3 servers actually expect the length?
output.Write(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length);
}
else
{
TlsUtilities.WriteOpaque16(encryptedPreMasterSecret, output);
}
}
catch (InvalidCipherTextException e)
{
/*
* This should never happen, only during decryption.
*/
throw new TlsFatalAlert(AlertDescription.internal_error, e);
}
return premasterSecret;
}
public override bool ProcessClient (TlsContext context)
{
if (context.IsServer)
throw new InvalidOperationException ();
if (!context.HandshakeParameters.RequestedSecureNegotiation)
throw new TlsException (AlertDescription.HandshakeFailure);
if (!context.Session.SecureRenegotiation) {
// Initial handshake
if (Data != null && Data.Size > 0)
throw new TlsException (AlertDescription.HandshakeFailure);
context.HandshakeParameters.SecureNegotiationSupported = true;
return true;
}
var clientData = context.Session.ClientVerifyData;
var serverData = context.Session.ServerVerifyData;
#if DEBUG_FULL
if (context.EnableDebugging) {
DebugHelper.WriteLine ("CHECKING CLIENT DATA", clientData);
DebugHelper.WriteLine ("CHECKING SERVER DATA", serverData);
DebugHelper.WriteLine ("CHECKING WHAT WE GOT", Data);
}
#endif
var expectedLength = clientData.Size + serverData.Size;
if (Data.Size != expectedLength)
throw new TlsException (AlertDescription.DecodeError);
if (!TlsBuffer.Compare (clientData.Buffer, 0, clientData.Size, Data.Buffer, 0, clientData.Size))
throw new TlsException (AlertDescription.HandshakeFailure);
if (!TlsBuffer.Compare (serverData.Buffer, 0, serverData.Size, Data.Buffer, clientData.Size, serverData.Size))
throw new TlsException (AlertDescription.HandshakeFailure);
context.HandshakeParameters.SecureNegotiationSupported = true;
return true;
}
public DefaultTlsEncryptionCredentials(TlsContext context, Certificate certificate,
AsymmetricKeyParameter privateKey)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
if (certificate.IsEmpty)
throw new ArgumentException("cannot be empty", "certificate");
if (privateKey == null)
throw new ArgumentNullException("'privateKey' cannot be null");
if (!privateKey.IsPrivate)
throw new ArgumentException("must be private", "privateKey");
if (privateKey is RsaKeyParameters)
{
}
else
{
throw new ArgumentException("type not supported: " + Platform.GetTypeName(privateKey), "privateKey");
}
this.mContext = context;
this.mCertificate = certificate;
this.mPrivateKey = privateKey;
}
protected virtual TlsBlockCipher CreateAESCipher(TlsContext context, int cipherKeySize, int macAlgorithm)
{
return(new TlsBlockCipher(context, CreateAesBlockCipher(), CreateAesBlockCipher(), CreateHMacDigest(macAlgorithm), CreateHMacDigest(macAlgorithm), cipherKeySize));
}
/// <exception cref="IOException"></exception>
public override TlsCipher CreateCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm)
{
switch (encryptionAlgorithm)
{
case EncryptionAlgorithm.cls_3DES_EDE_CBC:
return(CreateDesEdeCipher(context, macAlgorithm));
case EncryptionAlgorithm.AEAD_CHACHA20_POLY1305:
// NOTE: Ignores macAlgorithm
return(CreateChaCha20Poly1305(context));
case EncryptionAlgorithm.AES_128_CBC:
return(CreateAESCipher(context, 16, macAlgorithm));
case EncryptionAlgorithm.AES_128_CCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Ccm(context, 16, 16));
case EncryptionAlgorithm.AES_128_CCM_8:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Ccm(context, 16, 8));
case EncryptionAlgorithm.AES_256_CCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Ccm(context, 32, 16));
case EncryptionAlgorithm.AES_256_CCM_8:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Ccm(context, 32, 8));
case EncryptionAlgorithm.AES_128_GCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Gcm(context, 16, 16));
case EncryptionAlgorithm.AES_256_CBC:
return(CreateAESCipher(context, 32, macAlgorithm));
case EncryptionAlgorithm.AES_256_GCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Aes_Gcm(context, 32, 16));
case EncryptionAlgorithm.CAMELLIA_128_CBC:
return(CreateCamelliaCipher(context, 16, macAlgorithm));
case EncryptionAlgorithm.CAMELLIA_128_GCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Camellia_Gcm(context, 16, 16));
case EncryptionAlgorithm.CAMELLIA_256_CBC:
return(CreateCamelliaCipher(context, 32, macAlgorithm));
case EncryptionAlgorithm.CAMELLIA_256_GCM:
// NOTE: Ignores macAlgorithm
return(CreateCipher_Camellia_Gcm(context, 32, 16));
case EncryptionAlgorithm.ESTREAM_SALSA20:
return(CreateSalsa20Cipher(context, 12, 32, macAlgorithm));
case EncryptionAlgorithm.NULL:
return(CreateNullCipher(context, macAlgorithm));
case EncryptionAlgorithm.RC4_128:
return(CreateRC4Cipher(context, 16, macAlgorithm));
case EncryptionAlgorithm.SALSA20:
return(CreateSalsa20Cipher(context, 20, 32, macAlgorithm));
case EncryptionAlgorithm.SEED_CBC:
return(CreateSeedCipher(context, macAlgorithm));
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
protected virtual TlsCipher CreateChaCha20Poly1305(TlsContext context)
{
return(new Chacha20Poly1305(context));
}
protected virtual TlsAeadCipher CreateCipher_Aes_Ccm(TlsContext context, int cipherKeySize, int macSize)
{
return(new TlsAeadCipher(context, this.CreateAeadBlockCipher_Aes_Ccm(), this.CreateAeadBlockCipher_Aes_Ccm(), cipherKeySize, macSize));
}
protected virtual TlsNullCipher CreateNullCipher(TlsContext context, int macAlgorithm)
{
return(new TlsNullCipher(context, this.CreateHMacDigest(macAlgorithm), this.CreateHMacDigest(macAlgorithm)));
}
public override TlsCipher CreateCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm)
{
switch (encryptionAlgorithm)
{
case 0:
return(this.CreateNullCipher(context, macAlgorithm));
case 1:
case 3:
case 4:
case 5:
case 6:
break;
case 2:
return(this.CreateRC4Cipher(context, 16, macAlgorithm));
case 7:
return(this.CreateDesEdeCipher(context, macAlgorithm));
case 8:
return(this.CreateAESCipher(context, 16, macAlgorithm));
case 9:
return(this.CreateAESCipher(context, 32, macAlgorithm));
case 10:
return(this.CreateCipher_Aes_Gcm(context, 16, 16));
case 11:
return(this.CreateCipher_Aes_Gcm(context, 32, 16));
case 12:
return(this.CreateCamelliaCipher(context, 16, macAlgorithm));
case 13:
return(this.CreateCamelliaCipher(context, 32, macAlgorithm));
case 14:
return(this.CreateSeedCipher(context, macAlgorithm));
case 15:
return(this.CreateCipher_Aes_Ccm(context, 16, 16));
case 16:
return(this.CreateCipher_Aes_Ccm(context, 16, 8));
case 17:
return(this.CreateCipher_Aes_Ccm(context, 32, 16));
case 18:
return(this.CreateCipher_Aes_Ccm(context, 32, 8));
case 19:
return(this.CreateCipher_Camellia_Gcm(context, 16, 16));
case 20:
return(this.CreateCipher_Camellia_Gcm(context, 32, 16));
default:
switch (encryptionAlgorithm)
{
case 100:
return(this.CreateSalsa20Cipher(context, 12, 32, macAlgorithm));
case 101:
return(this.CreateSalsa20Cipher(context, 20, 32, macAlgorithm));
case 102:
return(this.CreateChaCha20Poly1305(context));
}
break;
}
throw new TlsFatalAlert(80);
}
public ClientKeyExchange(TlsContext context)
: base(context, NegotiationState.ClientKeyExchange)
{
}
public override TlsExtension ProcessServer(TlsContext context)
{
return(null);
}
public TlsBlockCipher(TlsContext context, IBlockCipher clientWriteCipher, IBlockCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest, int cipherKeySize)
{
this.context = context;
randomData = new byte[256];
context.NonceRandomGenerator.NextBytes(randomData);
useExplicitIV = TlsUtilities.IsTlsV11(context);
encryptThenMac = context.SecurityParameters.encryptThenMac;
int num = 2 * cipherKeySize + clientWriteDigest.GetDigestSize() + serverWriteDigest.GetDigestSize();
if (!useExplicitIV)
{
num += clientWriteCipher.GetBlockSize() + serverWriteCipher.GetBlockSize();
}
byte[] array = TlsUtilities.CalculateKeyBlock(context, num);
int num2 = 0;
TlsMac tlsMac = new TlsMac(context, clientWriteDigest, array, num2, clientWriteDigest.GetDigestSize());
num2 += clientWriteDigest.GetDigestSize();
TlsMac tlsMac2 = new TlsMac(context, serverWriteDigest, array, num2, serverWriteDigest.GetDigestSize());
num2 += serverWriteDigest.GetDigestSize();
KeyParameter parameters = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
KeyParameter parameters2 = new KeyParameter(array, num2, cipherKeySize);
num2 += cipherKeySize;
byte[] iv;
byte[] iv2;
if (useExplicitIV)
{
iv = new byte[clientWriteCipher.GetBlockSize()];
iv2 = new byte[serverWriteCipher.GetBlockSize()];
}
else
{
iv = Arrays.CopyOfRange(array, num2, num2 + clientWriteCipher.GetBlockSize());
num2 += clientWriteCipher.GetBlockSize();
iv2 = Arrays.CopyOfRange(array, num2, num2 + serverWriteCipher.GetBlockSize());
num2 += serverWriteCipher.GetBlockSize();
}
if (num2 != num)
{
throw new TlsFatalAlert(80);
}
ICipherParameters parameters3;
ICipherParameters parameters4;
if (context.IsServer)
{
mWriteMac = tlsMac2;
mReadMac = tlsMac;
encryptCipher = serverWriteCipher;
decryptCipher = clientWriteCipher;
parameters3 = new ParametersWithIV(parameters2, iv2);
parameters4 = new ParametersWithIV(parameters, iv);
}
else
{
mWriteMac = tlsMac;
mReadMac = tlsMac2;
encryptCipher = clientWriteCipher;
decryptCipher = serverWriteCipher;
parameters3 = new ParametersWithIV(parameters, iv);
parameters4 = new ParametersWithIV(parameters2, iv2);
}
encryptCipher.Init(forEncryption: true, parameters3);
decryptCipher.Init(forEncryption: false, parameters4);
}
internal HueTlsAuthentication(TlsContext context)
{
_context = context;
}
protected virtual TlsBlockCipher CreateSeedCipher(TlsContext context, int macAlgorithm)
{
return(new TlsBlockCipher(context, this.CreateSeedBlockCipher(), this.CreateSeedBlockCipher(), this.CreateHMacDigest(macAlgorithm), this.CreateHMacDigest(macAlgorithm), 16));
}
public static TlsSignerCredentials LoadSignerCredentials(TlsContext context,
Certificate certificate, AsymmetricKeyParameter privateKey)
{
return(new DefaultTlsSignerCredentials(context, certificate, privateKey));
}
public virtual void Init(TlsContext context)
{
this.mContext = context;
}
/// <exception cref="IOException"></exception>
public TlsAeadCipher(TlsContext context, IAeadBlockCipher clientWriteCipher, IAeadBlockCipher serverWriteCipher,
int cipherKeySize, int macSize)
{
if (!TlsUtilities.IsTlsV12(context))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.context = context;
this.macSize = macSize;
// NOTE: Valid for RFC 5288/6655 ciphers but may need review for other AEAD ciphers
this.nonce_explicit_length = 8;
// TODO SecurityParameters.fixed_iv_length
int fixed_iv_length = 4;
int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length);
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
byte[] client_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
byte[] server_write_IV = Arrays.CopyOfRange(key_block, offset, offset + fixed_iv_length);
offset += fixed_iv_length;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
KeyParameter encryptKey, decryptKey;
if (context.IsServer)
{
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
this.encryptImplicitNonce = server_write_IV;
this.decryptImplicitNonce = client_write_IV;
encryptKey = server_write_key;
decryptKey = client_write_key;
}
else
{
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
this.encryptImplicitNonce = client_write_IV;
this.decryptImplicitNonce = server_write_IV;
encryptKey = client_write_key;
decryptKey = server_write_key;
}
byte[] dummyNonce = new byte[fixed_iv_length + nonce_explicit_length];
this.encryptCipher.Init(true, new AeadParameters(encryptKey, 8 * macSize, dummyNonce));
this.decryptCipher.Init(false, new AeadParameters(decryptKey, 8 * macSize, dummyNonce));
}
/// <exception cref="IOException"></exception>
public virtual TlsCipher CreateCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public TlsClientKeyExchange(TlsContext context, TlsBuffer incoming)
: base(HandshakeType.ClientKeyExchange)
{
KeyExchange = KeyExchange.Create(context.NegotiatedProtocol, context.Session.PendingCrypto.Cipher.ExchangeAlgorithmType);
Read(incoming);
}
protected virtual TlsBlockCipher CreateCamelliaCipher(TlsContext context, int cipherKeySize, int macAlgorithm)
{
return(new TlsBlockCipher(context, this.CreateCamelliaBlockCipher(), this.CreateCamelliaBlockCipher(), this.CreateHMacDigest(macAlgorithm), this.CreateHMacDigest(macAlgorithm), cipherKeySize));
}
/// <exception cref="IOException"></exception>
public TlsStreamCipher(TlsContext context, IStreamCipher clientWriteCipher,
IStreamCipher serverWriteCipher, IDigest clientWriteDigest, IDigest serverWriteDigest,
int cipherKeySize, bool usesNonce)
{
bool isServer = context.IsServer;
this.context = context;
this.usesNonce = usesNonce;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.GetDigestSize()
+ serverWriteDigest.GetDigestSize();
byte[] key_block = TlsUtilities.CalculateKeyBlock(context, key_block_size);
int offset = 0;
// Init MACs
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.GetDigestSize());
offset += clientWriteDigest.GetDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.GetDigestSize());
offset += serverWriteDigest.GetDigestSize();
// Build keys
KeyParameter clientWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter serverWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ICipherParameters encryptParams, decryptParams;
if (isServer)
{
this.writeMac = serverWriteMac;
this.readMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.decryptCipher = clientWriteCipher;
encryptParams = serverWriteKey;
decryptParams = clientWriteKey;
}
else
{
this.writeMac = clientWriteMac;
this.readMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.decryptCipher = serverWriteCipher;
encryptParams = clientWriteKey;
decryptParams = serverWriteKey;
}
if (usesNonce)
{
byte[] dummyNonce = new byte[8];
encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
decryptParams = new ParametersWithIV(decryptParams, dummyNonce);
}
this.encryptCipher.Init(true, encryptParams);
this.decryptCipher.Init(false, decryptParams);
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey) : this(context, certificate, privateKey, null)
{
}
protected virtual TlsStreamCipher CreateRC4Cipher(TlsContext context, int cipherKeySize, int macAlgorithm)
{
return(new TlsStreamCipher(context, this.CreateRC4StreamCipher(), this.CreateRC4StreamCipher(), this.CreateHMacDigest(macAlgorithm), this.CreateHMacDigest(macAlgorithm), cipherKeySize, false));
}
protected virtual TlsBlockCipher CreateDesEdeCipher(TlsContext context, int macAlgorithm)
{
return(new TlsBlockCipher(context, CreateDesEdeBlockCipher(), CreateDesEdeBlockCipher(), CreateHMacDigest(macAlgorithm), CreateHMacDigest(macAlgorithm), 24));
}
internal MyTlsAuthentication(TlsTestClientImpl outer, TlsContext context)
{
this.mOuter = outer;
this.mContext = context;
}
protected virtual TlsAeadCipher CreateCipher_Camellia_Gcm(TlsContext context, int cipherKeySize, int macSize)
{
return(new TlsAeadCipher(context, CreateAeadBlockCipher_Camellia_Gcm(), CreateAeadBlockCipher_Camellia_Gcm(), cipherKeySize, macSize));
}
protected virtual TlsStreamCipher CreateSalsa20Cipher(TlsContext context, int rounds, int cipherKeySize, int macAlgorithm)
{
return(new TlsStreamCipher(context, this.CreateSalsa20StreamCipher(rounds), this.CreateSalsa20StreamCipher(rounds), this.CreateHMacDigest(macAlgorithm), this.CreateHMacDigest(macAlgorithm), cipherKeySize, true));
}
public override bool ProcessClient(TlsContext context)
{
return(false);
}
public virtual TlsCredentials GetClientCredentials(TlsContext context, CertificateRequest certificateRequest)
{
return(credProvider == null ? null : credProvider.GetClientCredentials(context, certificateRequest));
}
public static byte[] SafeDecryptPreMasterSecret(TlsContext context, RsaKeyParameters rsaServerPrivateKey,
byte[] encryptedPreMasterSecret)
{
/*
* RFC 5246 7.4.7.1.
*/
ProtocolVersion clientVersion = context.ClientVersion;
// TODO Provide as configuration option?
bool versionNumberCheckDisabled = false;
/*
* Generate 48 random bytes we can use as a Pre-Master-Secret, if the
* PKCS1 padding check should fail.
*/
byte[] fallback = new byte[48];
context.SecureRandom.NextBytes(fallback);
byte[] M = Arrays.Clone(fallback);
try
{
Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine(), fallback);
encoding.Init(false,
new ParametersWithRandom(rsaServerPrivateKey, context.SecureRandom));
M = encoding.ProcessBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.Length);
}
catch (Exception)
{
/*
* This should never happen since the decryption should never throw an exception
* and return a random value instead.
*
* In any case, a TLS server MUST NOT generate an alert if processing an
* RSA-encrypted premaster secret message fails, or the version number is not as
* expected. Instead, it MUST continue the handshake with a randomly generated
* premaster secret.
*/
}
/*
* If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST
* check the version number [..].
*/
if (versionNumberCheckDisabled && clientVersion.IsEqualOrEarlierVersionOf(ProtocolVersion.TLSv10))
{
/*
* If the version number is TLS 1.0 or earlier, server
* implementations SHOULD check the version number, but MAY have a
* configuration option to disable the check.
*
* So there is nothing to do here.
*/
}
else
{
/*
* OK, we need to compare the version number in the decrypted Pre-Master-Secret with the
* clientVersion received during the handshake. If they don't match, we replace the
* decrypted Pre-Master-Secret with a random one.
*/
int correct = (clientVersion.MajorVersion ^ (M[0] & 0xff))
| (clientVersion.MinorVersion ^ (M[1] & 0xff));
correct |= correct >> 1;
correct |= correct >> 2;
correct |= correct >> 4;
int mask = ~((correct & 1) - 1);
/*
* mask will be all bits set to 0xff if the version number differed.
*/
for (int i = 0; i < 48; i++)
{
M[i] = (byte)((M[i] & (~mask)) | (fallback[i] & mask));
}
}
return(M);
}
internal MyTlsAuthentication(TlsContext context)
{
this._mContext = context;
}
public TlsNullCipher(TlsContext context)
{
this.context = context;
this.writeMac = null;
this.readMac = null;
}
protected internal static int GetPrfAlgorithm(TlsContext context, int ciphersuite)
{
bool isTLSv12 = TlsUtilities.IsTlsV12(context);
switch (ciphersuite)
{
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
case CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
case CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
{
if (isTLSv12)
{
return(PrfAlgorithm.tls_prf_sha256);
}
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
{
if (isTLSv12)
{
return(PrfAlgorithm.tls_prf_sha384);
}
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
{
if (isTLSv12)
{
return(PrfAlgorithm.tls_prf_sha384);
}
return(PrfAlgorithm.tls_prf_legacy);
}
default:
{
if (isTLSv12)
{
return(PrfAlgorithm.tls_prf_sha256);
}
return(PrfAlgorithm.tls_prf_legacy);
}
}
}
