public async Task ServerAllowNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { (NetworkStream clientStream, NetworkStream serverStream) = TestHelper.GetConnectedTcpStreams(); using (clientStream) using (serverStream) { using (var client = new SslStream(clientStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) using (var server = new SslStream(serverStream, false, TestHelper.AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) { #pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete await TestConfiguration.WhenAllOrAnyFailedWithTimeout( // null encryption is not permitted with Tls13 client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false), server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate)); #pragma warning restore SYSLIB0039 _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, client.CipherAlgorithm); Assert.Equal(0, client.CipherStrength); } } }
private static int GetCipherSize(CipherAlgorithmType cipher) { switch (cipher) { case CipherAlgorithmType.None: case CipherAlgorithmType.Null: return(0); case CipherAlgorithmType.Rc2: Debug.Fail($"RC2 should always include the keysize"); return(0); case CipherAlgorithmType.Des: return(56); case CipherAlgorithmType.Rc4: Debug.Fail($"RC4 should always include the keysize"); return(0); case CipherAlgorithmType.TripleDes: return(168); case CipherAlgorithmType.Aes128: return(128); case CipherAlgorithmType.Aes192: return(192); case CipherAlgorithmType.Aes256: return(256); default: throw new ArgumentOutOfRangeException(nameof(cipher)); } }
public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { this.code = code; this.name = name; this.cipherAlgorithmType = cipherAlgorithmType; this.hashAlgorithmType = hashAlgorithmType; this.exchangeAlgorithmType = exchangeAlgorithmType; this.isExportable = exportable; if (blockMode) { this.cipherMode = CipherMode.CBC; } this.keyMaterialSize = keyMaterialSize; this.expandedKeyMaterialSize = expandedKeyMaterialSize; this.effectiveKeyBits = effectiveKeyBits; this.ivSize = ivSize; this.blockSize = blockSize; this.keyBlockSize = (int)this.keyMaterialSize + this.HashSize + (int)this.ivSize << 1; }
public CipherSuite Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (this.protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: return((CipherSuite)this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); case SecurityProtocolType.Ssl3: return((CipherSuite)this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); default: throw new NotSupportedException("Unsupported security protocol type."); } }
public async Task ServerNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { if (SupportsNullEncryption) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } else { var ae = await Assert.ThrowsAsync <AuthenticationException>(() => sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false)); Assert.IsType <PlatformNotSupportedException>(ae.InnerException); } } } }
public TlsCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base( code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { }
internal SafeCipherParametersHandle(CipherAlgorithmType algorithm) : base(IntPtr.Zero, true) { IntPtr ptr = IntPtr.Zero; Interop.CkmcTypes.GenerateNewParam((int)algorithm, out ptr); this.SetHandle(ptr); }
public CipherSuite( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString(); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
protected void OnRemoteConnectionAuthenticated(SslProtocols protocol, System.Security.Cryptography.X509Certificates.X509Certificate2 remoteCertificate, CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { if (RemoteConnectionAuthenticated != null) { RemoteConnectionAuthenticated(protocol, remoteCertificate, cipherAlgorithmType, cipherAlgorithmStrength, hashAlgorithmType, hashAlgorithmStrength, exchangeAlgorithmType, exchangeAlgorithmStrength); } }
protected void OnLocalConnectionAuthenticated(SslProtocols protocol, CipherAlgorithmType cipherAlgorithmType, int cipherAlgorithmStrength, HashAlgorithmType hashAlgorithmType, int hashAlgorithmStrength, ExchangeAlgorithmType exchangeAlgorithmType, int exchangeAlgorithmStrength) { if (LocalConnectionAuthenticated != null) { LocalConnectionAuthenticated(protocol, cipherAlgorithmType, cipherAlgorithmStrength, hashAlgorithmType, hashAlgorithmStrength, exchangeAlgorithmType, exchangeAlgorithmStrength); } }
public TlsCipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) :base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { }
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int num = (hashAlgorithmType != HashAlgorithmType.Md5) ? 40 : 48; this.pad1 = new byte[num]; this.pad2 = new byte[num]; for (int i = 0; i < num; i++) { this.pad1[i] = 54; this.pad2[i] = 92; } }
public void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { WriteEvent(SspiSelectedCipherSuitId, process, (int)sslProtocol, (int)cipherAlgorithm, cipherStrength, (int)hashAlgorithm, hashStrength, (int)keyExchangeAlgorithm, keyExchangeStrength); }
private static TlsMapping Build( ExchangeAlgorithmType exchange, CipherAlgorithmType cipher, int cipherSize, HashAlgorithmType hash) { int hashSize = GetHashSize(hash); return(new TlsMapping { KeyExchangeAlgorithm = exchange, CipherAlgorithm = cipher, CipherAlgorithmStrength = cipherSize, HashAlgorithm = hash, HashAlgorithmStrength = hashSize, }); }
internal SecurityPackageContextConnectionInformation( CipherAlgorithmType algorithmIdentifier, int cipherStrength, int exchangeStrength, HashAlgorithmType hash, int hashStrength, int keyExchangeAlgorithm, SecurityProtocol protocol) { AlgorithmIdentifier = algorithmIdentifier; CipherStrength = cipherStrength; ExchangeStrength = exchangeStrength; Hash = hash; HashStrength = hashStrength; KeyExchangeAlgorithm = keyExchangeAlgorithm; Protocol = protocol; }
internal SecurityPackageContextConnectionInformation ( CipherAlgorithmType algorithmIdentifier, int cipherStrength, int exchangeStrength, HashAlgorithmType hash, int hashStrength, int keyExchangeAlgorithm, SecurityProtocol protocol) { AlgorithmIdentifier = algorithmIdentifier; CipherStrength = cipherStrength; ExchangeStrength = exchangeStrength; Hash = hash; HashStrength = hashStrength; KeyExchangeAlgorithm = keyExchangeAlgorithm; Protocol = protocol; }
public void Add (short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: Add (new TlsCipherSuite (code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); break; case SecurityProtocolType.Ssl3: Add (new SslCipherSuite (code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); break; } }
/// <summary> /// Gets the length in bits of the fixed part of the initialization vector. This is usually computed /// from the premaster key. Default is 32 bits. /// </summary> static int GetFixedVectorLength(CipherAlgorithmType cipherAlgorithm, TlsCipherType cipherType) { if (cipherType == TlsCipherType.Stream) { return(0); } switch (cipherAlgorithm) { case CipherAlgorithmType.Rc4: return(0); case CipherAlgorithmType.TripleDes: return(32); case CipherAlgorithmType.Aes128: case CipherAlgorithmType.Aes192: case CipherAlgorithmType.Aes256: return(32); default: return(0); } }
public SslCipherSuite(short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base( code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40; // Fill pad arrays this.pad1 = new byte[padLength]; this.pad2 = new byte[padLength]; /* Pad the key for inner and outer digest */ for (int i = 0; i < padLength; ++i) { this.pad1[i] = 0x36; this.pad2[i] = 0x5C; } }
public void ServerAllowNoEncryption_ClientNoEncryption_ConnectWithNoEncryption() { using (var serverAllowNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.AllowNoEncryption)) using (var client = new TcpClient()) { client.Connect(serverAllowNoEncryption.RemoteEndPoint); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption)) { sslStream.AuthenticateAsClient("localhost", null, TestConfiguration.DefaultSslProtocols, false); _log.WriteLine("Client({0}) authenticated to server({1}) with encryption cipher: {2} {3}-bit strength", client.Client.LocalEndPoint, client.Client.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } } }
public async Task ServerNoEncryption_ClientAllowNoEncryption_ConnectWithNoEncryption() { using (var serverNoEncryption = new DummyTcpServer( new IPEndPoint(IPAddress.Loopback, 0), EncryptionPolicy.NoEncryption)) using (var client = new TcpClient()) { await client.ConnectAsync(serverNoEncryption.RemoteEndPoint.Address, serverNoEncryption.RemoteEndPoint.Port); using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.AllowNoEncryption)) { await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false); _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength", serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength); CipherAlgorithmType expected = CipherAlgorithmType.Null; Assert.Equal(expected, sslStream.CipherAlgorithm); Assert.Equal(0, sslStream.CipherStrength); } } }
public CipherSuite Add(short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { SecurityProtocolType securityProtocolType = this.protocol; if (securityProtocolType != SecurityProtocolType.Default) { if (securityProtocolType != SecurityProtocolType.Ssl2) { if (securityProtocolType == SecurityProtocolType.Ssl3) { return(this.add(new SslCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); } if (securityProtocolType == SecurityProtocolType.Tls) { goto IL_32; } } throw new NotSupportedException("Unsupported security protocol type."); } IL_32: return(this.add(new TlsCipherSuite(code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize))); }
internal unsafe void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { if (!s_log.IsEnabled()) { return; } fixed(char *arg1Ptr = process) { const int SizeData = 8; EventData *dataDesc = stackalloc EventSource.EventData[SizeData]; dataDesc[0].DataPointer = (IntPtr)(arg1Ptr); dataDesc[0].Size = (process.Length + 1) * sizeof(char); dataDesc[1].DataPointer = (IntPtr)(&sslProtocol); dataDesc[1].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&cipherStrength); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm); dataDesc[4].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&hashStrength); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength); dataDesc[4].Size = sizeof(int); WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc); } }
public SslCipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40; // Fill pad arrays this.pad1 = new byte[padLength]; this.pad2 = new byte[padLength]; /* Pad the key for inner and outer digest */ for (int i = 0; i < padLength; ++i) { this.pad1[i] = 0x36; this.pad2[i] = 0x5C; } }
public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { Code = code; Name = name; CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; IsExportable = exportable; if (blockMode) { CipherMode = CipherMode.CBC; } KeyMaterialSize = keyMaterialSize; ExpandedKeyMaterialSize = expandedKeyMaterialSize; EffectiveKeyBits = effectiveKeyBits; IvSize = ivSize; this.blockSize = blockSize; KeyBlockSize = (KeyMaterialSize + HashSize + IvSize) << 1; }
public CipherSuite Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (this.protocol) { case SecurityProtocolType.Default: case SecurityProtocolType.Tls: return this.add( new TlsCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); case SecurityProtocolType.Ssl3: return this.add( new SslCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); case SecurityProtocolType.Ssl2: default: throw new NotSupportedException("Unsupported security protocol type."); } }
internal static TlsMapping DhStatic(CipherAlgorithmType cipher, int cipherSize, HashAlgorithmType hash) => Build(DiffieHellmanStatic, cipher, cipherSize, hash);
internal CipherParameters(CipherAlgorithmType algorithm) { this._handle = new SafeCipherParametersHandle(algorithm); }
internal static TlsMapping Rsa(CipherAlgorithmType cipher, int cipherSize, HashAlgorithmType hash) => Build(ExchangeAlgorithmType.RsaKeyX, cipher, cipherSize, hash);
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithms, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithms & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithms & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithms & SSL_MKEY_MASK) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: /* VRS */ case SSL_KRB5: /* VRS */ keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kFZA: keyExchangeAlgorithm = ExchangeAlgorithmType.Fortezza; break; case SSL_kECDH: case SSL_kECDHE: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; } // Get the authentication method switch (raw.algorithms & SSL_AUTH_MASK) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ case SSL_KRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aFZA: case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; } // Get the symmetric encryption cipher info switch (raw.algorithms & SSL_ENC_MASK) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eFZA: cipherAlgorithm = CipherAlgorithmType.Fortezza; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES: switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; } break; case SSL_CAMELLIA: switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; } break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithms & SSL_MAC_MASK) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
public CipherSuite ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) { Code = code; Name = code.ToString (); CipherAlgorithmType = cipherAlgorithmType; HashAlgorithmType = hashAlgorithmType; ExchangeAlgorithmType = exchangeAlgorithmType; }
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2) { sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithm_mkey) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kECDHr: case SSL_kECDHe: case SSL_kEECDH: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; case SSL_kPSK: keyExchangeAlgorithm = ExchangeAlgorithmType.PSK; break; case SSL_kGOST: keyExchangeAlgorithm = ExchangeAlgorithmType.GOST; break; case SSL_kSRP: keyExchangeAlgorithm = ExchangeAlgorithmType.SRP; break; } // Get the authentication method switch (raw.algorithm_auth) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; case SSL_aPSK: authMethod = AuthenticationMethod.PSK; break; case SSL_aGOST94: authMethod = AuthenticationMethod.GOST; break; case SSL_aGOST01: authMethod = AuthenticationMethod.GOST; break; } // Get the symmetric encryption cipher info switch (raw.algorithm_enc) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES128: cipherAlgorithm = CipherAlgorithmType.Aes128; cipherStrength = 128; break; case SSL_AES256: cipherAlgorithm = CipherAlgorithmType.Aes256; cipherStrength = 256; break; case SSL_AES128GCM: cipherAlgorithm = CipherAlgorithmType.Aes128GCM; cipherStrength = 128; break; case SSL_AES256GCM: cipherAlgorithm = CipherAlgorithmType.Aes256GCM; cipherStrength = 256; break; /* * switch (raw.strength_bits) * { * case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; * case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; * case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; * } */ case SSL_CAMELLIA128: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; case SSL_CAMELLIA256: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; /* * switch (raw.strength_bits) * { * case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; * case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; * } */ case SSL_eGOST2814789CNT: cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT; cipherStrength = 128; // ??? break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithm_mac) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; case SSL_GOST94: hashAlgorithm = HashAlgorithmType.Gost94; break; case SSL_GOST89MAC: hashAlgorithm = HashAlgorithmType.Gost89MAC; break; case SSL_SHA256: hashAlgorithm = HashAlgorithmType.Sha256; break; case SSL_SHA384: hashAlgorithm = HashAlgorithmType.Sha384; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
public TlsCipherSuite11 ( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base (code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
public TlsCipherSuite12( CipherSuiteCode code, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType) : base(code, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType) { }
private void Initialize() { if (this.ptr == IntPtr.Zero || isInitialized) { return; } isInitialized = true; // marshal the structure raw = (SSL_CIPHER)Marshal.PtrToStructure(ptr, typeof(SSL_CIPHER)); // start picking the data out bool isExport = IsExport(raw.algo_strength); int privateKeyLength = ExportPrivateKeyLength(raw.algo_strength); int keyLength = ExportKeyLength(raw.algorithm_enc, raw.algo_strength); // Get the SSL Protocol version if ((raw.algorithm_ssl & SSL_SSLV2) == SSL_SSLV2) { sslProtocol = SslProtocols.Ssl2; } else if ((raw.algorithm_ssl & SSL_SSLV3) == SSL_SSLV3) { sslProtocol = SslProtocols.Tls; // SSL3 & TLS are the same here... } else if ((raw.algorithm_ssl & SSL_TLSV1_2) == SSL_TLSV1_2) { sslProtocol = SslProtocols.Tls; // WARNING: TLSV1_2 support not fully implemented } // set the keyExchange strength keyExchangeStrength = privateKeyLength; // Get the Key Exchange cipher and strength switch (raw.algorithm_mkey) { case SSL_kRSA: keyExchangeAlgorithm = ExchangeAlgorithmType.RsaKeyX; break; case SSL_kDHr: case SSL_kDHd: case SSL_kEDH: keyExchangeAlgorithm = ExchangeAlgorithmType.DiffieHellman; break; case SSL_kKRB5: keyExchangeAlgorithm = ExchangeAlgorithmType.Kerberos; break; case SSL_kECDHr: case SSL_kECDHe: case SSL_kEECDH: keyExchangeAlgorithm = ExchangeAlgorithmType.ECDiffieHellman; break; case SSL_kPSK: keyExchangeAlgorithm = ExchangeAlgorithmType.PSK; break; case SSL_kGOST: keyExchangeAlgorithm = ExchangeAlgorithmType.GOST; break; case SSL_kSRP: keyExchangeAlgorithm = ExchangeAlgorithmType.SRP; break; } // Get the authentication method switch (raw.algorithm_auth) { case SSL_aRSA: authMethod = AuthenticationMethod.Rsa; break; case SSL_aDSS: authMethod = AuthenticationMethod.Dss; break; case SSL_aDH: authMethod = AuthenticationMethod.DiffieHellman; break; case SSL_aKRB5: /* VRS */ authMethod = AuthenticationMethod.Kerberos; break; case SSL_aNULL: authMethod = AuthenticationMethod.None; break; case SSL_aECDSA: authMethod = AuthenticationMethod.ECDsa; break; case SSL_aPSK: authMethod = AuthenticationMethod.PSK; break; case SSL_aGOST94: authMethod = AuthenticationMethod.GOST; break; case SSL_aGOST01: authMethod = AuthenticationMethod.GOST; break; } // Get the symmetric encryption cipher info switch (raw.algorithm_enc) { case SSL_DES: cipherAlgorithm = CipherAlgorithmType.Des; if (isExport && keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } break; case SSL_3DES: cipherAlgorithm = CipherAlgorithmType.TripleDes; cipherStrength = 168; break; case SSL_RC4: cipherAlgorithm = CipherAlgorithmType.Rc4; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { if ((raw.algorithm2 & SSL2_CF_8_BYTE_ENC) == SSL2_CF_8_BYTE_ENC) { cipherStrength = 64; } else { cipherStrength = 128; } } break; case SSL_RC2: cipherAlgorithm = CipherAlgorithmType.Rc2; if (isExport) { if (keyLength == 5) { cipherStrength = 40; } else { cipherStrength = 56; } } else { cipherStrength = 128; } break; case SSL_IDEA: cipherAlgorithm = CipherAlgorithmType.Idea; cipherStrength = 128; break; case SSL_eNULL: cipherAlgorithm = CipherAlgorithmType.None; break; case SSL_AES128: cipherAlgorithm = CipherAlgorithmType.Aes128; cipherStrength = 128; break; case SSL_AES256: cipherAlgorithm = CipherAlgorithmType.Aes256; cipherStrength = 256; break; case SSL_AES128GCM: cipherAlgorithm = CipherAlgorithmType.Aes128GCM; cipherStrength = 128; break; case SSL_AES256GCM: cipherAlgorithm = CipherAlgorithmType.Aes256GCM; cipherStrength = 256; break; /* switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Aes128; break; case 192: cipherAlgorithm = CipherAlgorithmType.Aes192; break; case 256: cipherAlgorithm = CipherAlgorithmType.Aes256; break; } */ case SSL_CAMELLIA128: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; case SSL_CAMELLIA256: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; /* switch (raw.strength_bits) { case 128: cipherAlgorithm = CipherAlgorithmType.Camellia128; break; case 256: cipherAlgorithm = CipherAlgorithmType.Camellia256; break; } */ case SSL_eGOST2814789CNT: cipherAlgorithm = CipherAlgorithmType.eGOST2814789CNT; cipherStrength = 128; // ??? break; case SSL_SEED: cipherAlgorithm = CipherAlgorithmType.Seed; cipherStrength = 128; break; } // Get the MAC info switch (raw.algorithm_mac) { case SSL_MD5: hashAlgorithm = HashAlgorithmType.Md5; break; case SSL_SHA1: hashAlgorithm = HashAlgorithmType.Sha1; break; case SSL_GOST94: hashAlgorithm = HashAlgorithmType.Gost94; break; case SSL_GOST89MAC: hashAlgorithm = HashAlgorithmType.Gost89MAC; break; case SSL_SHA256: hashAlgorithm = HashAlgorithmType.Sha256; break; case SSL_SHA384: hashAlgorithm = HashAlgorithmType.Sha384; break; default: hashAlgorithm = HashAlgorithmType.None; break; } }
internal static TlsMapping DhEphem(CipherAlgorithmType cipher, int cipherSize, HashAlgorithmType hash) => Build(ExchangeAlgorithmType.DiffieHellman, cipher, cipherSize, hash);
internal AesCipherParameters(CipherAlgorithmType algorithm) : base(algorithm) { }
internal unsafe void SspiSelectedCipherSuite( string process, SslProtocols sslProtocol, CipherAlgorithmType cipherAlgorithm, int cipherStrength, HashAlgorithmType hashAlgorithm, int hashStrength, ExchangeAlgorithmType keyExchangeAlgorithm, int keyExchangeStrength) { if (!s_log.IsEnabled()) { return; } fixed (char* arg1Ptr = process) { const int SizeData = 8; EventData* dataDesc = stackalloc EventSource.EventData[SizeData]; dataDesc[0].DataPointer = (IntPtr)(arg1Ptr); dataDesc[0].Size = (process.Length + 1) * sizeof(char); dataDesc[1].DataPointer = (IntPtr)(&sslProtocol); dataDesc[1].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&cipherAlgorithm); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&cipherStrength); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&hashAlgorithm); dataDesc[4].Size = sizeof(int); dataDesc[2].DataPointer = (IntPtr)(&hashStrength); dataDesc[2].Size = sizeof(int); dataDesc[3].DataPointer = (IntPtr)(&keyExchangeAlgorithm); dataDesc[3].Size = sizeof(int); dataDesc[4].DataPointer = (IntPtr)(&keyExchangeStrength); dataDesc[4].Size = sizeof(int); WriteEventCore(SspiSelectedCipherSuitId, SizeData, dataDesc); } }
public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBits, byte ivSize, byte blockSize) { this.code = code; this.name = name; this.cipherAlgorithmType = cipherAlgorithmType; this.hashAlgorithmType = hashAlgorithmType; this.exchangeAlgorithmType = exchangeAlgorithmType; this.isExportable = exportable; if (blockMode) { this.cipherMode = CipherMode.CBC; } this.keyMaterialSize = keyMaterialSize; this.expandedKeyMaterialSize= expandedKeyMaterialSize; this.effectiveKeyBits = effectiveKeyBits; this.ivSize = ivSize; this.blockSize = blockSize; this.keyBlockSize = (this.keyMaterialSize + this.HashSize + this.ivSize) << 1; }