public void UpdateSslConnectionInfo(SafeDeleteContext securityContext)
{
SecPkgContext_ConnectionInfo interopConnectionInfo = default;
bool success = SSPIWrapper.QueryBlittableContextAttributes(
GlobalSSPI.SSPISecureChannel,
securityContext,
Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO,
ref interopConnectionInfo);
Debug.Assert(success);
TlsCipherSuite cipherSuite = default;
SecPkgContext_CipherInfo cipherInfo = default;
success = SSPIWrapper.QueryBlittableContextAttributes(GlobalSSPI.SSPISecureChannel, securityContext, Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CIPHER_INFO, ref cipherInfo);
if (success)
{
cipherSuite = (TlsCipherSuite)cipherInfo.dwCipherSuite;
}
Protocol = interopConnectionInfo.Protocol;
DataCipherAlg = interopConnectionInfo.DataCipherAlg;
DataKeySize = interopConnectionInfo.DataKeySize;
DataHashAlg = interopConnectionInfo.DataHashAlg;
DataHashKeySize = interopConnectionInfo.DataHashKeySize;
KeyExchangeAlg = interopConnectionInfo.KeyExchangeAlg;
KeyExchKeySize = interopConnectionInfo.KeyExchKeySize;
TlsCipherSuite = cipherSuite;
ApplicationProtocol = GetNegotiatedApplicationProtocol(securityContext);
}
internal static string?GetOpenSslCipherSuiteName(SafeSslHandle ssl, TlsCipherSuite cipherSuite, out bool isTls12OrLower)
{
string?ret = Marshal.PtrToStringAnsi(GetOpenSslCipherSuiteName(ssl, (int)cipherSuite, out int isTls12OrLowerInt));
isTls12OrLower = isTls12OrLowerInt != 0;
return(ret);
}
public void ProcessServerHello(SessionID sid,
byte[] serverRandom, ProtocolVersion serverVersion,
TlsCipherSuite chosenSuite, TlsCompressionMethod chosenCompMethod)
{
if (m_HandshakePhase != HandshakeDataType.ClientHello)
{
throw new SslAlertException(AlertLevel.Fatal, AlertDescription.UnexpectedMessage);
}
m_Session.Id = sid;
m_Session.CompressionMethod = chosenCompMethod;
m_Session.IsResumable = false;
if (CipherSuites.IsSupported(chosenSuite))
{
m_Session.CipherSuite = chosenSuite;
m_SecurityParameters.CipherSuite = chosenSuite;
}
else
{
throw new SslAlertException(AlertLevel.Fatal, AlertDescription.HandshakeFailure);
}
/* TODO: Check for wrong version */
if (serverVersion.Major != 3 || serverVersion.Minor != 1)
{
throw new SslAlertException(AlertLevel.Fatal, AlertDescription.HandshakeFailure);
}
m_SecurityParameters.ServerRandom = serverRandom;
m_HandshakePhase = HandshakeDataType.ServerHello;
}
public NegotiatedParams(SslStream serverStream, SslStream clientStream)
{
_failure = null;
CipherSuite = serverStream.NegotiatedCipherSuite;
Protocol = serverStream.SslProtocol;
Assert.Equal(CipherSuite, clientStream.NegotiatedCipherSuite);
Assert.Equal(Protocol, clientStream.SslProtocol);
}
public static TlsCipherSuiteData GetCipherSuiteData(TlsCipherSuite cipherSuite)
{
if (s_tlsLookup.TryGetValue(cipherSuite, out TlsCipherSuiteData mapping))
{
return(mapping);
}
Debug.Fail($"No mapping found for cipherSuite {cipherSuite}");
return(default(TlsCipherSuiteData));
}
public static CipherDefinition GetCipherDefinition(TlsCipherSuite suite)
{
for (int i = 0; i < Definitions.Length; i++)
{
if (Definitions[i].Suite == suite)
{
return(Definitions[i]);
}
}
return(null);
}
static TlsCipherSuiteData()
{
Debug.Assert(
s_tlsLookup.Count == LookupCount,
$"Lookup dictionary was of size {s_tlsLookup.Count} instead of {LookupCount}");
foreach (object?value in Enum.GetValues(typeof(TlsCipherSuite)))
{
TlsCipherSuite val = (TlsCipherSuite)value !;
Debug.Assert(s_tlsLookup.ContainsKey(val), $"No mapping found for {val} ({(int)val})");
}
}
public SslConnectionInfo(SecPkgContext_ConnectionInfo interopConnectionInfo, TlsCipherSuite cipherSuite)
{
Protocol = interopConnectionInfo.Protocol;
DataCipherAlg = interopConnectionInfo.DataCipherAlg;
DataKeySize = interopConnectionInfo.DataKeySize;
DataHashAlg = interopConnectionInfo.DataHashAlg;
DataHashKeySize = interopConnectionInfo.DataHashKeySize;
KeyExchangeAlg = interopConnectionInfo.KeyExchangeAlg;
KeyExchKeySize = interopConnectionInfo.KeyExchKeySize;
TlsCipherSuite = cipherSuite;
}
private void MapCipherSuite(TlsCipherSuite cipherSuite)
{
TlsCipherSuite = cipherSuite;
TlsCipherSuiteData data = TlsCipherSuiteData.GetCipherSuiteData(cipherSuite);
KeyExchangeAlg = (int)data.KeyExchangeAlgorithm;
KeyExchKeySize = 0;
DataCipherAlg = (int)data.CipherAlgorithm;
DataKeySize = data.CipherAlgorithmStrength;
DataHashAlg = (int)data.MACAlgorithm;
DataHashKeySize = data.MACAlgorithmStrength;
}
public static bool IsSupported(TlsCipherSuite suite)
{
bool result = false;
for (int i = 0; i < SupportedCipherSuites.Length; i++)
{
if (SupportedCipherSuites[i] == suite)
{
result = true;
break;
}
}
return(result);
}
public CipherDefinition(TlsCipherSuite suite, Type bulk, int keysize,
int ivsize, int expsize, Type hash, HashType hashType, int hashsize,
bool exportable)
{
this.Suite = suite;
this.BulkCipherAlgorithm = bulk;
this.BulkKeySize = keysize;
this.BulkIVSize = ivsize;
this.BulkExpandedSize = expsize;
this.HashAlgorithm = hash;
this.HashSize = hashsize;
this.Exportable = exportable;
this.HashAlgorithmType = hashType;
}
public ServerHello(byte[] buffer)
{
messageLength = buffer.Length;
if (data == null)
{
data = new byte[messageLength];
Array.Copy(buffer, data, messageLength);
}
int offset = 0;
int length = buffer.Length;
version = new ProtocolVersion(buffer, offset);
offset += version.Length;
length -= version.Length;
serverRandom = new byte[RandomUnit.Length];
System.Buffer.BlockCopy(buffer, offset, serverRandom, 0, serverRandom.Length);
offset += RandomUnit.Length;
length -= RandomUnit.Length;
/* Increment 1 byte for length and rt.Data[offset] bytes for size of sid */
int sidLength = (ushort)(buffer[offset]);
if (sidLength != 0)
{
sid = new SessionID(buffer, offset + 1, (ushort)(buffer[offset]));
}
offset += sidLength + 1;
length -= (sidLength + 1);
if (BitConverter.IsLittleEndian)
{
Array.Reverse(buffer, offset, 2);
}
chosenCipherSuite = (TlsCipherSuite)BitConverter.ToUInt16(buffer, offset);
offset += 2;
length -= 2;
chosenCompressionMethod = (TlsCompressionMethod)buffer[offset];
offset += 1;
length -= 1;
//TODO: Check for extensions
offset += length;
}
internal static extern int SslGetCipherSuite(SafeSslHandle sslHandle, out TlsCipherSuite cipherSuite);
public void CheckCipherSuite(TlsCipherSuite expectedCipherSuite)
{
Assert.Equal(expectedCipherSuite, CipherSuite);
}
private static bool RequiredByTls13Spec(TlsCipherSuite cs)
{
// per spec only one MUST be implemented
return(cs == TlsCipherSuite.TLS_AES_128_GCM_SHA256);
}
internal static partial int SslGetCipherSuite(SafeSslHandle sslHandle, out TlsCipherSuite cipherSuite);
public CipherSuite(TlsCipherSuite suite, byte[] master,
byte[] clientRandom, byte[] serverRandom)
{
if (master == null)
{
throw new ArgumentNullException();
}
if (clientRandom == null)
{
throw new ArgumentNullException();
}
if (serverRandom == null)
{
throw new ArgumentNullException();
}
CipherDefinition cipherDef = CipherSuites.GetCipherDefinition(suite);
int size = cipherDef.HashSize * 2 + cipherDef.BulkKeySize * 2;
if (cipherDef.BulkIVSize != 0)
{
size += cipherDef.BulkIVSize * 2;
}
PrfDeriveBytes prf = new PrfDeriveBytes(master,
"key expansion", ByteArray.Concat(serverRandom, clientRandom));
byte[] keyBlock = prf.GetBytes(size);
prf.Dispose();
int offset = 0;
byte[] client_write_mac = new byte[cipherDef.HashSize];
System.Buffer.BlockCopy(keyBlock, offset, client_write_mac, 0, cipherDef.HashSize);
offset += cipherDef.HashSize;
byte[] server_write_mac = new byte[cipherDef.HashSize];
System.Buffer.BlockCopy(keyBlock, offset, server_write_mac, 0, cipherDef.HashSize);
offset += cipherDef.HashSize;
byte[] client_write_key = new byte[cipherDef.BulkKeySize];
System.Buffer.BlockCopy(keyBlock, offset, client_write_key, 0, cipherDef.BulkKeySize);
offset += cipherDef.BulkKeySize;
byte[] server_write_key = new byte[cipherDef.BulkKeySize];
System.Buffer.BlockCopy(keyBlock, offset, server_write_key, 0, cipherDef.BulkKeySize);
offset += cipherDef.BulkKeySize;
byte[] client_write_iv = null;
byte[] server_write_iv = null;
if (cipherDef.BulkIVSize != 0)
{
client_write_iv = new byte[cipherDef.BulkIVSize];
System.Buffer.BlockCopy(keyBlock, offset, client_write_iv, 0, cipherDef.BulkIVSize);
offset += cipherDef.BulkIVSize;
server_write_iv = new byte[cipherDef.BulkIVSize];
System.Buffer.BlockCopy(keyBlock, offset, server_write_iv, 0, cipherDef.BulkIVSize);
offset += cipherDef.BulkIVSize;
}
prf.Dispose();
SymmetricAlgorithm sAlg = (SymmetricAlgorithm)Activator.CreateInstance(cipherDef.BulkCipherAlgorithm);
sAlg.BlockSize = cipherDef.BulkIVSize * 8;
if (cipherDef.Exportable)
{
//TODO: Make amends to support export cipher suites
}
m_Encryptor = sAlg.CreateEncryptor(client_write_key, client_write_iv);
m_Decryptor = sAlg.CreateDecryptor(server_write_key, server_write_iv);
m_ClientHasher = (KeyedHashAlgorithm)Activator.CreateInstance(cipherDef.HashAlgorithm, client_write_mac);
m_ServerHasher = (KeyedHashAlgorithm)Activator.CreateInstance(cipherDef.HashAlgorithm, server_write_mac);
/* clear up */
Array.Clear(client_write_mac, 0, client_write_mac.Length);
Array.Clear(server_write_mac, 0, server_write_mac.Length);
Array.Clear(client_write_key, 0, client_write_key.Length);
Array.Clear(server_write_key, 0, server_write_key.Length);
if (client_write_iv != null && server_write_iv != null)
{
Array.Clear(client_write_iv, 0, client_write_iv.Length);
Array.Clear(server_write_iv, 0, server_write_iv.Length);
}
}
static extern void sec_protocol_options_append_tls_ciphersuite(sec_protocol_options_t options, TlsCipherSuite ciphersuite);
public void AddTlsCipherSuite(TlsCipherSuite cipherSuite) => sec_protocol_options_append_tls_ciphersuite(GetCheckedHandle(), cipherSuite);
