| public static AddSupportedPointFormatsExtension ( IDictionary extensions, byte ecPointFormats ) : void | ||
| extensions | IDictionary | |
| ecPointFormats | byte | |
| Результат | void | |
public virtual IDictionary GetServerExtensions()
{
if (mEncryptThenMacOffered && AllowEncryptThenMac && TlsUtilities.IsBlockCipherSuite(mSelectedCipherSuite))
{
TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions());
}
if (mMaxFragmentLengthOffered >= 0 && TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) && MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
{
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered);
}
if (mTruncatedHMacOffered && AllowTruncatedHMac)
{
TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions());
}
if (mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(mSelectedCipherSuite))
{
mServerECPointFormats = new byte[3]
{
0,
1,
2
};
TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats);
}
return(mServerExtensions);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary val = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
val = TlsExtensionsUtilities.EnsureExtensionsInitialised(val);
TlsUtilities.AddSignatureAlgorithmsExtension(val, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
mNamedCurves = new int[2] {
23, 24
};
mClientECPointFormats = new byte[3] {
0, 1, 2
};
val = TlsExtensionsUtilities.EnsureExtensionsInitialised(val);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(val, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(val, mClientECPointFormats);
}
return(val);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary clientExtensions = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
/*
* RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2.
* Clients MUST NOT offer it if they are offering prior versions.
*/
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
// TODO Provide a way for the user to specify the acceptable hash/signature algorithms.
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
/*
* RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message
* appends these extensions (along with any others), enumerating the curves it supports
* and the point formats it can parse. Clients SHOULD send both the Supported Elliptic
* Curves Extension and the Supported Point Formats Extension.
*/
/*
* TODO Could just add all the curves since we support them all, but users may not want
* to use unnecessarily large fields. Need configuration options.
*/
this.mNamedCurves = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 };
this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats);
}
if (this.HostNames != null && this.HostNames.Count > 0)
{
var list = new System.Collections.Generic.List <ServerName>(this.HostNames.Count);
for (int i = 0; i < this.HostNames.Count; ++i)
{
list.Add(new ServerName(Tls.NameType.host_name, this.HostNames[i]));
}
TlsExtensionsUtilities.AddServerNameExtension(clientExtensions, new ServerNameList(list));
}
return(clientExtensions);
}
// IDictionary is (Int32 -> byte[])
public virtual IDictionary GetServerExtensions()
{
if (this.mEncryptThenMacOffered && AllowEncryptThenMac)
{
/*
* RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
* and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
* ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
* client.
*/
if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite))
{
TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions());
}
}
if (this.mMaxFragmentLengthOffered >= 0 &&
TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) &&
MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered))
{
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered);
}
if (this.mTruncatedHMacOffered && AllowTruncatedHMac)
{
TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions());
}
if (this.mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite))
{
/*
* RFC 4492 5.2. A server that selects an ECC cipher suite in response to a ClientHello
* message including a Supported Point Formats Extension appends this extension (along
* with others) to its ServerHello message, enumerating the point formats it can parse.
*/
this.mServerECPointFormats = new byte[] { ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };
TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats);
}
return(mServerExtensions);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary dictionary = null;
ProtocolVersion clientVersion = this.mContext.ClientVersion;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsUtilities.AddSignatureAlgorithmsExtension(dictionary, this.mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(this.GetCipherSuites()))
{
this.mNamedCurves = new int[]
{
23,
24
};
this.mClientECPointFormats = new byte[]
{
0,
1,
2
};
dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(dictionary, this.mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(dictionary, this.mClientECPointFormats);
}
if (this.HostNames != null && this.HostNames.Count > 0)
{
List <ServerName> list = new List <ServerName>(this.HostNames.Count);
for (int i = 0; i < this.HostNames.Count; i++)
{
list.Add(new ServerName(0, this.HostNames[i]));
}
TlsExtensionsUtilities.AddServerNameExtension(dictionary, new ServerNameList(list));
}
return(dictionary);
}
public virtual IDictionary GetServerExtensions()
{
if ((this.mEncryptThenMacOffered && this.AllowEncryptThenMac) && TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite))
{
TlsExtensionsUtilities.AddEncryptThenMacExtension(this.CheckServerExtensions());
}
if (((this.mMaxFragmentLengthOffered >= 0) && TlsUtilities.IsValidUint8((int)this.mMaxFragmentLengthOffered)) && MaxFragmentLength.IsValid((byte)this.mMaxFragmentLengthOffered))
{
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(this.CheckServerExtensions(), (byte)this.mMaxFragmentLengthOffered);
}
if (this.mTruncatedHMacOffered && this.AllowTruncatedHMac)
{
TlsExtensionsUtilities.AddTruncatedHMacExtension(this.CheckServerExtensions());
}
if ((this.mClientECPointFormats != null) && TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite))
{
byte[] buffer1 = new byte[3];
buffer1[1] = 1;
buffer1[2] = 2;
this.mServerECPointFormats = buffer1;
TlsEccUtilities.AddSupportedPointFormatsExtension(this.CheckServerExtensions(), this.mServerECPointFormats);
}
return(this.mServerExtensions);
}
public virtual IDictionary GetClientExtensions()
{
IDictionary clientExtensions = null;
ProtocolVersion clientVersion = mContext.ClientVersion;
/*
* RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2.
* Clients MUST NOT offer it if they are offering prior versions.
*/
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
// TODO Provide a way for the user to specify the acceptable hash/signature algorithms.
byte[] hashAlgorithms = new byte[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256,
HashAlgorithm.sha224, HashAlgorithm.sha1 };
// TODO Sort out ECDSA signatures and add them as the preferred option here
byte[] signatureAlgorithms = new byte[] { SignatureAlgorithm.rsa };
this.mSupportedSignatureAlgorithms = Platform.CreateArrayList();
for (int i = 0; i < hashAlgorithms.Length; ++i)
{
for (int j = 0; j < signatureAlgorithms.Length; ++j)
{
this.mSupportedSignatureAlgorithms.Add(new SignatureAndHashAlgorithm(hashAlgorithms[i],
signatureAlgorithms[j]));
}
}
/*
* RFC 5264 7.4.3. Currently, DSA [DSS] may only be used with SHA-1.
*/
this.mSupportedSignatureAlgorithms.Add(new SignatureAndHashAlgorithm(HashAlgorithm.sha1,
SignatureAlgorithm.dsa));
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms);
}
if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
{
/*
* RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message
* appends these extensions (along with any others), enumerating the curves it supports
* and the point formats it can parse. Clients SHOULD send both the Supported Elliptic
* Curves Extension and the Supported Point Formats Extension.
*/
/*
* TODO Could just add all the curves since we support them all, but users may not want
* to use unnecessarily large fields. Need configuration options.
*/
this.mNamedCurves = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 };
this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed,
ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };
clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves);
TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats);
}
return(clientExtensions);
}