+2004-03-06 Carlos Guzman Alvarez <carlosga@telefonica.net>\r
+\r
+ * Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs:\r
+ * Mono.Security.Protocol.Tls.Handshake.Server/TlsClientKeyExchange.cs:
+ * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerHello.cs:
+ * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerHelloDone.cs:
+ * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerCertificate.cs:
+\r
+ - Initial implementation ( not finished ) \r
+\r
+ * Mono.Security.Protocol.Tls/SslServerStream.cs:\r
+\r
+ - Initial implementation of the doHandshake method.
+
+ - Added initial events implementation.\r
+\r
+ * Mono.Security.Protocol.Tls/Ciphersuite.cs:\r
+ * Mono.Security.Protocol.Tls/TlsCiphersuite.cs:\r
+ * Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:\r
+ * Mono.Security.Protocol.Tls/ServerRecordProtocol.cs:\r
+ * Mono.Security.Protocol.Tls/SslClientStream.cs:\r
+ * Mono.Security.Protocol.Tls/TlsServerSettings.cs:\r
+ * Mono.Security.Protocol.Tls/TlsClientSettings.cs:\r
+ * Mono.Security.Protocol.Tls/ClientContext.cs:\r
+ * Mono.Security.Protocol.Tls.Handshake.Client/*.cs:\r
+ * Mono.Security.Protocol.Tls.Handshake.Server/*.cs:\r
+\r
+ - Changes for make use of the renamed classes and enums.\r
+\r
+ * Mono.Security.Protocol.Tls.Handshake/TlsHandshakeType.cs:\r
+\r
+ - Renamed to HandshakeType.cs (Enum and file)\r
+\r
+ * Mono.Security.Protocol.Tls.Handshake/TlsHandshakeMessage.cs:\r
+\r
+ - Renamed to HandshakeMessage.cs (Class and file)\r
+\r
+ * Mono.Security.Protocol.Tls.Handshake/TlsClientCertificateType.cs:\r
+\r
+ - Renamed to ClientCertificateType.cs (Enum and file)\r
+\r
+ * Mono.Security.Protocol.Tls.Alerts/TlsAlert.cs:\r
+\r
+ - Renamed to Alert (Class, enums and file)\r
+\r
+ * Mono.Security.Protocol.Tls/TlsContentType.cs:\r
+\r
+ - Renamed to ContentType.cs ( Enum and file )\r
+ \r
+ * Mono.Security.Protocol.Tls/TlsCiphersuiteCollection.cs:\r
+\r
+ - Renamed to CiphersuiteCollection.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsCiphersuiteFactory.cs:\r
+\r
+ - Renamed to CiphersuiteCollection.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsSslHandshakeHash.cs:\r
+\r
+ - Renamed to SslHandshakeHash.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs:\r
+\r
+ - Renamed to SslCipherSuite.cs ( Class and file )\r
+
2004-03-04 Carlos Guzman Alvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerHelloDone.cs:
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using Mono.Security.Protocol.Tls;
-
-namespace Mono.Security.Protocol.Tls.Alerts
-{
- #region Enumerations
-
- [Serializable]
- internal enum TlsAlertLevel : byte
- {
- Warning = 1,
- Fatal = 2
- }
-
- [Serializable]
- internal enum TlsAlertDescription : byte
- {
- CloseNotify = 0,
- UnexpectedMessage = 10,
- BadRecordMAC = 20,
- DecryptionFailed = 21,
- RecordOverflow = 22,
- DecompressionFailiure = 30,
- HandshakeFailiure = 40,
- BadCertificate = 42,
- UnsupportedCertificate = 43,
- CertificateRevoked = 44,
- CertificateExpired = 45,
- CertificateUnknown = 46,
- IlegalParameter = 47,
- UnknownCA = 48,
- AccessDenied = 49,
- DecodeError = 50,
- DecryptError = 51,
- ExportRestriction = 60,
- ProtocolVersion = 70,
- InsuficientSecurity = 71,
- InternalError = 80,
- UserCancelled = 90,
- NoRenegotiation = 100
- }
-
- #endregion
-
- internal class TlsAlert : TlsStream
- {
- #region Fields
-
- private Context context;
- private TlsAlertLevel level;
- private TlsAlertDescription description;
-
- #endregion
-
- #region Constructors
-
- public TlsAlert(
- Context context,
- TlsAlertDescription description) : base()
- {
- this.context = context;
- this.description = description;
-
- this.inferAlertLevel();
-
- this.fill();
- }
-
- public TlsAlert(
- Context context,
- TlsAlertLevel level,
- TlsAlertDescription description) : base()
- {
- this.context = context;
- this.level = level;
- this.description = description;
-
- this.fill();
- }
-
- #endregion
-
- #region Properties
-
- public string Message
- {
- get { return TlsAlert.GetAlertMessage(this.description); }
- }
-
- public bool IsWarning
- {
- get
- {
- return this.level == TlsAlertLevel.Warning ? true : false;
- }
- }
-
- public bool IsFatal
- {
- get
- {
- return this.level == TlsAlertLevel.Fatal ? true : false;
- }
- }
-
- public bool IsCloseNotify
- {
- get
- {
- if (this.IsWarning &&
- this.description == TlsAlertDescription.CloseNotify)
- {
- return true;
- }
-
- return false;
- }
- }
-
- #endregion
-
- #region Methods
-
- public void Update()
- {
- if ( this.description == TlsAlertDescription.CloseNotify )
- {
- this.context.ConnectionEnd = true;
- }
-
- if (this.IsFatal)
- {
- this.context.ConnectionEnd = true;
- if (this.context is ServerContext)
- {
- ((ServerContext)this.context).SslStream.Close();
- }
- }
- }
-
- #endregion
-
- #region Private Methods
-
- private void fill()
- {
- this.Write((byte)level);
- this.Write((byte)description);
- }
-
- private void inferAlertLevel()
- {
- switch (description)
- {
- case TlsAlertDescription.CloseNotify:
- case TlsAlertDescription.NoRenegotiation:
- case TlsAlertDescription.UserCancelled:
- this.level = TlsAlertLevel.Warning;
- break;
-
- case TlsAlertDescription.AccessDenied:
- case TlsAlertDescription.BadCertificate:
- case TlsAlertDescription.BadRecordMAC:
- case TlsAlertDescription.CertificateExpired:
- case TlsAlertDescription.CertificateRevoked:
- case TlsAlertDescription.CertificateUnknown:
- case TlsAlertDescription.DecodeError:
- case TlsAlertDescription.DecompressionFailiure:
- case TlsAlertDescription.DecryptError:
- case TlsAlertDescription.DecryptionFailed:
- case TlsAlertDescription.ExportRestriction:
- case TlsAlertDescription.HandshakeFailiure:
- case TlsAlertDescription.IlegalParameter:
- case TlsAlertDescription.InsuficientSecurity:
- case TlsAlertDescription.InternalError:
- case TlsAlertDescription.ProtocolVersion:
- case TlsAlertDescription.RecordOverflow:
- case TlsAlertDescription.UnexpectedMessage:
- case TlsAlertDescription.UnknownCA:
- case TlsAlertDescription.UnsupportedCertificate:
- default:
- this.level = TlsAlertLevel.Fatal;
- break;
- }
- }
-
- #endregion
-
- #region Static Methods
-
- public static string GetAlertMessage(TlsAlertDescription description)
- {
- #if (DEBUG)
- switch (description)
- {
- case TlsAlertDescription.AccessDenied:
- return "An inappropriate message was received.";
-
- case TlsAlertDescription.BadCertificate:
- return "TLSCiphertext decrypted in an invalid way.";
-
- case TlsAlertDescription.BadRecordMAC:
- return "Record with an incorrect MAC.";
-
- case TlsAlertDescription.CertificateExpired:
- return "Certificate has expired or is not currently valid";
-
- case TlsAlertDescription.CertificateRevoked:
- return "Certificate was revoked by its signer.";
-
- case TlsAlertDescription.CertificateUnknown:
- return "Certificate Unknown.";
-
- case TlsAlertDescription.CloseNotify:
- return "Connection closed";
-
- case TlsAlertDescription.DecodeError:
- return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
-
- case TlsAlertDescription.DecompressionFailiure:
- return "The decompression function received improper input (e.g. data that would expand to excessive length).";
-
- case TlsAlertDescription.DecryptError:
- return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
-
- case TlsAlertDescription.DecryptionFailed:
- return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
-
- case TlsAlertDescription.ExportRestriction:
- return "Negotiation not in compliance with export restrictions was detected.";
-
- case TlsAlertDescription.HandshakeFailiure:
- return "Unable to negotiate an acceptable set of security parameters given the options available.";
-
- case TlsAlertDescription.IlegalParameter:
- return "A field in the handshake was out of range or inconsistent with other fields.";
-
- case TlsAlertDescription.InsuficientSecurity:
- return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
-
- case TlsAlertDescription.InternalError:
- return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
-
- case TlsAlertDescription.NoRenegotiation:
- return "Invalid renegotiation.";
-
- case TlsAlertDescription.ProtocolVersion:
- return "Unsupported protocol version.";
-
- case TlsAlertDescription.RecordOverflow:
- return "Invalid length on TLSCiphertext record or TLSCompressed record.";
-
- case TlsAlertDescription.UnexpectedMessage:
- return "Invalid message received.";
-
- case TlsAlertDescription.UnknownCA:
- return "CA can't be identified as a trusted CA.";
-
- case TlsAlertDescription.UnsupportedCertificate:
- return "Certificate was of an unsupported type.";
-
- case TlsAlertDescription.UserCancelled:
- return "Handshake cancelled by user.";
-
- default:
- return "";
- }
- #else
- return "The authentication or decryption has failed.";
- #endif
- }
-
- #endregion
- }
-}
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography.X509Certificates;
-
-using Mono.Security.Protocol.Tls;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsClientCertificate : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientCertificate(Context context)
- : base(context, TlsHandshakeType.Certificate)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
- this.Reset();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
-#warning "Client certificate selection is unfinished"
- ClientContext context = (ClientContext)this.Context;
-
- if (context.ClientSettings.Certificates == null ||
- context.ClientSettings.Certificates.Count == 0)
- {
- throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified.");
- }
-
- // Select a valid certificate
- X509Certificate clientCert = this.Context.ClientSettings.Certificates[0];
-
- clientCert = context.SslStream.RaiseClientCertificateSelection(
- this.Context.ClientSettings.Certificates,
- new X509Certificate(this.Context.ServerSettings.Certificates[0].RawData),
- this.Context.ClientSettings.TargetHost,
- null);
-
- if (clientCert == null)
- {
- throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified.");
- }
-
- // Update the selected client certificate
- context.ClientSettings.ClientCertificate = clientCert;
-
- // Write client certificates information to a stream
- TlsStream stream = new TlsStream();
-
- stream.WriteInt24(clientCert.GetRawCertData().Length);
- stream.Write(clientCert.GetRawCertData());
-
- // Compose the message
- this.WriteInt24((int)stream.Length);
- this.Write(stream.ToArray());
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography.X509Certificates;\r
+\r
+using Mono.Security.Protocol.Tls;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsClientCertificate : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientCertificate(Context context) \r
+ : base(context, HandshakeType.Certificate)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+ this.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+#warning "Client certificate selection is unfinished"\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ if (context.ClientSettings.Certificates == null ||\r
+ context.ClientSettings.Certificates.Count == 0)\r
+ {\r
+ throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified.");\r
+ }\r
+ \r
+ // Select a valid certificate\r
+ X509Certificate clientCert = this.Context.ClientSettings.Certificates[0];\r
+\r
+ clientCert = context.SslStream.RaiseClientCertificateSelection(\r
+ this.Context.ClientSettings.Certificates,\r
+ new X509Certificate(this.Context.ServerSettings.Certificates[0].RawData),\r
+ this.Context.ClientSettings.TargetHost,\r
+ null);\r
+\r
+ if (clientCert == null)\r
+ {\r
+ throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified.");\r
+ }\r
+\r
+ // Update the selected client certificate\r
+ context.ClientSettings.ClientCertificate = clientCert;\r
+\r
+ // Write client certificates information to a stream\r
+ TlsStream stream = new TlsStream();\r
+\r
+ stream.WriteInt24(clientCert.GetRawCertData().Length);\r
+ stream.Write(clientCert.GetRawCertData());\r
+\r
+ // Compose the message\r
+ this.WriteInt24((int)stream.Length);\r
+ this.Write(stream.ToArray());\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography.X509Certificates;
-
-using System.Security.Cryptography;
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsClientCertificateVerify : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientCertificateVerify(Context context)
- : base(context, TlsHandshakeType.Finished)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
- this.Reset();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- AsymmetricAlgorithm privKey = null;
- ClientContext context = (ClientContext)this.Context;
-
- privKey = context.SslStream.RaisePrivateKeySelection(
- this.Context.ClientSettings.ClientCertificate,
- this.Context.ClientSettings.TargetHost);
-
- if (privKey == null)
- {
- throw this.Context.CreateException("Client certificate Private Key unavailable.");
- }
- else
- {
- // Compute handshake messages hash
- MD5SHA1 hash = new MD5SHA1();
- hash.ComputeHash(
- context.HandshakeMessages.ToArray(),
- 0,
- (int)context.HandshakeMessages.Length);
-
- // RSAManaged of the selected ClientCertificate
- // (at this moment the first one)
- RSA rsa = this.getClientCertRSA((RSA)privKey);
-
- // Write message
- this.Write(hash.CreateSignature(rsa));
- }
- }
-
- #endregion
-
- #region Private methods
-
- private RSA getClientCertRSA(RSA privKey)
- {
- RSAParameters rsaParams = new RSAParameters();
- RSAParameters privateParams = privKey.ExportParameters(true);
-
- // for RSA m_publickey contains 2 ASN.1 integers
- // the modulus and the public exponent
- ASN1 pubkey = new ASN1 (this.Context.ClientSettings.Certificates[0].GetPublicKey());
- ASN1 modulus = pubkey [0];
- if ((modulus == null) || (modulus.Tag != 0x02))
- {
- return null;
- }
- ASN1 exponent = pubkey [1];
- if (exponent.Tag != 0x02)
- {
- return null;
- }
-
- rsaParams.Modulus = this.getUnsignedBigInteger(modulus.Value);
- rsaParams.Exponent = exponent.Value;
-
- // Set private key parameters
- rsaParams.D = privateParams.D;
- rsaParams.DP = privateParams.DP;
- rsaParams.DQ = privateParams.DQ;
- rsaParams.InverseQ = privateParams.InverseQ;
- rsaParams.P = privateParams.P;
- rsaParams.Q = privateParams.Q;
-
- // BUG: MS BCL 1.0 can't import a key which
- // isn't the same size as the one present in
- // the container.
- int keySize = (rsaParams.Modulus.Length << 3);
- RSAManaged rsa = new RSAManaged(keySize);
- rsa.ImportParameters (rsaParams);
-
- return (RSA)rsa;
- }
-
- private byte[] getUnsignedBigInteger(byte[] integer)
- {
- if (integer [0] == 0x00)
- {
- // this first byte is added so we're sure it's an unsigned integer
- // however we can't feed it into RSAParameters or DSAParameters
- int length = integer.Length - 1;
- byte[] uinteger = new byte [length];
- Array.Copy (integer, 1, uinteger, 0, length);
- return uinteger;
- }
- else
- {
- return integer;
- }
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography.X509Certificates;\r
+\r
+using System.Security.Cryptography;\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsClientCertificateVerify : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientCertificateVerify(Context context) \r
+ : base(context, HandshakeType.Finished)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+ this.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ AsymmetricAlgorithm privKey = null;\r
+ ClientContext context = (ClientContext)this.Context;\r
+ \r
+ privKey = context.SslStream.RaisePrivateKeySelection(\r
+ this.Context.ClientSettings.ClientCertificate,\r
+ this.Context.ClientSettings.TargetHost);\r
+\r
+ if (privKey == null)\r
+ {\r
+ throw this.Context.CreateException("Client certificate Private Key unavailable.");\r
+ }\r
+ else\r
+ {\r
+ // Compute handshake messages hash\r
+ MD5SHA1 hash = new MD5SHA1();\r
+ hash.ComputeHash(\r
+ context.HandshakeMessages.ToArray(),\r
+ 0,\r
+ (int)context.HandshakeMessages.Length);\r
+\r
+ // RSAManaged of the selected ClientCertificate \r
+ // (at this moment the first one)\r
+ RSA rsa = this.getClientCertRSA((RSA)privKey);\r
+\r
+ // Write message\r
+ this.Write(hash.CreateSignature(rsa));\r
+ }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private methods\r
+\r
+ private RSA getClientCertRSA(RSA privKey)\r
+ {\r
+ RSAParameters rsaParams = new RSAParameters();\r
+ RSAParameters privateParams = privKey.ExportParameters(true);\r
+\r
+ // for RSA m_publickey contains 2 ASN.1 integers\r
+ // the modulus and the public exponent\r
+ ASN1 pubkey = new ASN1 (this.Context.ClientSettings.Certificates[0].GetPublicKey());\r
+ ASN1 modulus = pubkey [0];\r
+ if ((modulus == null) || (modulus.Tag != 0x02))\r
+ {\r
+ return null;\r
+ }\r
+ ASN1 exponent = pubkey [1];\r
+ if (exponent.Tag != 0x02)\r
+ {\r
+ return null;\r
+ }\r
+\r
+ rsaParams.Modulus = this.getUnsignedBigInteger(modulus.Value);\r
+ rsaParams.Exponent = exponent.Value;\r
+\r
+ // Set private key parameters\r
+ rsaParams.D = privateParams.D;\r
+ rsaParams.DP = privateParams.DP;\r
+ rsaParams.DQ = privateParams.DQ;\r
+ rsaParams.InverseQ = privateParams.InverseQ;\r
+ rsaParams.P = privateParams.P;\r
+ rsaParams.Q = privateParams.Q; \r
+\r
+ // BUG: MS BCL 1.0 can't import a key which \r
+ // isn't the same size as the one present in\r
+ // the container.\r
+ int keySize = (rsaParams.Modulus.Length << 3);\r
+ RSAManaged rsa = new RSAManaged(keySize);\r
+ rsa.ImportParameters (rsaParams);\r
+\r
+ return (RSA)rsa;\r
+ }\r
+\r
+ private byte[] getUnsignedBigInteger(byte[] integer) \r
+ {\r
+ if (integer [0] == 0x00) \r
+ {\r
+ // this first byte is added so we're sure it's an unsigned integer\r
+ // however we can't feed it into RSAParameters or DSAParameters\r
+ int length = integer.Length - 1;\r
+ byte[] uinteger = new byte [length];\r
+ Array.Copy (integer, 1, uinteger, 0, length);\r
+ return uinteger;\r
+ }\r
+ else\r
+ {\r
+ return integer;\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsClientFinished : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientFinished(Context context)
- : base(context, TlsHandshakeType.Finished)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
- this.Reset();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- // Compute handshake messages hashes
- HashAlgorithm hash = new TlsSslHandshakeHash(this.Context.MasterSecret);
-
- TlsStream data = new TlsStream();
- data.Write(this.Context.HandshakeMessages.ToArray());
- data.Write((int)0x434C4E54);
-
- hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);
-
- this.Write(hash.Hash);
-
- data.Reset();
- }
-
- protected override void ProcessAsTls1()
- {
- // Compute handshake messages hash
- HashAlgorithm hash = new MD5SHA1();
- hash.ComputeHash(
- this.Context.HandshakeMessages.ToArray(),
- 0,
- (int)this.Context.HandshakeMessages.Length);
-
- // Write message
- Write(this.Context.Cipher.PRF(this.Context.MasterSecret, "client finished", hash.Hash, 12));
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsClientFinished : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientFinished(Context context) \r
+ : base(context, HandshakeType.Finished)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+ this.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ // Compute handshake messages hashes\r
+ HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);\r
+\r
+ TlsStream data = new TlsStream();\r
+ data.Write(this.Context.HandshakeMessages.ToArray());\r
+ data.Write((int)0x434C4E54);\r
+ \r
+ hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);\r
+\r
+ this.Write(hash.Hash);\r
+\r
+ data.Reset();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Compute handshake messages hash\r
+ HashAlgorithm hash = new MD5SHA1();\r
+ hash.ComputeHash(\r
+ this.Context.HandshakeMessages.ToArray(),\r
+ 0,\r
+ (int)this.Context.HandshakeMessages.Length);\r
+\r
+ // Write message\r
+ Write(this.Context.Cipher.PRF(this.Context.MasterSecret, "client finished", hash.Hash, 12));\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsClientHello : TlsHandshakeMessage
- {
- #region Fields
-
- private byte[] random;
-
- #endregion
-
- #region Constructors
-
- public TlsClientHello(Context context)
- : base(context, TlsHandshakeType.ClientHello)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- ClientContext context = (ClientContext)this.Context;
-
- base.Update();
-
- context.ClientRandom = random;
- context.ClientHelloProtocol = this.Context.Protocol;
-
- random = null;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- // Client Version
- this.Write(this.Context.Protocol);
-
- // Random bytes - Unix time + Radom bytes [28]
- TlsStream clientRandom = new TlsStream();
- clientRandom.Write(this.Context.GetUnixTime());
- clientRandom.Write(this.Context.GetSecureRandomBytes(28));
- this.random = clientRandom.ToArray();
- clientRandom.Reset();
-
- this.Write(this.random);
-
- // Session id
- // Send the session ID empty
- if (this.Context.SessionId != null)
- {
- this.Write((byte)this.Context.SessionId.Length);
- if (this.Context.SessionId.Length > 0)
- {
- this.Write(this.Context.SessionId);
- }
- }
- else
- {
- this.Write((byte)0);
- }
-
- // Write length of Cipher suites
- this.Write((short)(this.Context.SupportedCiphers.Count*2));
-
- // Write Supported Cipher suites
- for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)
- {
- this.Write((short)this.Context.SupportedCiphers[i].Code);
- }
-
- // Compression methods length
- this.Write((byte)1);
-
- // Compression methods ( 0 = none )
- this.Write((byte)this.Context.CompressionMethod);
- }
-
- #endregion
- }
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsClientHello : HandshakeMessage\r
+ {\r
+ #region Fields\r
+\r
+ private byte[] random;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsClientHello(Context context) \r
+ : base(context, HandshakeType.ClientHello)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ base.Update();\r
+\r
+ context.ClientRandom = random;\r
+ context.ClientHelloProtocol = this.Context.Protocol;\r
+\r
+ random = null;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Client Version\r
+ this.Write(this.Context.Protocol);\r
+ \r
+ // Random bytes - Unix time + Radom bytes [28]\r
+ TlsStream clientRandom = new TlsStream();\r
+ clientRandom.Write(this.Context.GetUnixTime());\r
+ clientRandom.Write(this.Context.GetSecureRandomBytes(28));\r
+ this.random = clientRandom.ToArray();\r
+ clientRandom.Reset();\r
+\r
+ this.Write(this.random);\r
+\r
+ // Session id\r
+ // Send the session ID empty\r
+ if (this.Context.SessionId != null)\r
+ {\r
+ this.Write((byte)this.Context.SessionId.Length);\r
+ if (this.Context.SessionId.Length > 0)\r
+ {\r
+ this.Write(this.Context.SessionId);\r
+ }\r
+ }\r
+ else\r
+ {\r
+ this.Write((byte)0);\r
+ }\r
+ \r
+ // Write length of Cipher suites \r
+ this.Write((short)(this.Context.SupportedCiphers.Count*2));\r
+\r
+ // Write Supported Cipher suites\r
+ for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)\r
+ {\r
+ this.Write((short)this.Context.SupportedCiphers[i].Code);\r
+ }\r
+\r
+ // Compression methods length\r
+ this.Write((byte)1);\r
+ \r
+ // Compression methods ( 0 = none )\r
+ this.Write((byte)this.Context.CompressionMethod);\r
+ }\r
+\r
+ #endregion\r
+ }\r
}
\ No newline at end of file
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.IO;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsClientKeyExchange : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientKeyExchange (Context context) :
- base(context,
- TlsHandshakeType.ClientKeyExchange)
- {
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- // Compute pre master secret
- byte[] preMasterSecret = this.Context.Cipher.CreatePremasterSecret();
-
- // Create a new RSA key
- RSA rsa = this.Context.Cipher.CertificateRSA();
-
- // Encrypt premaster_sercret
- RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(rsa);
-
- // Write the preMasterSecret encrypted
- byte[] buffer = formatter.CreateKeyExchange(preMasterSecret);
- this.Write(buffer);
-
- // Create master secret
- this.Context.Cipher.ComputeMasterSecret(preMasterSecret);
-
- // Create keys
- this.Context.Cipher.ComputeKeys();
-
- // Clear resources
- rsa.Clear();
- }
-
- protected override void ProcessAsTls1()
- {
- // Compute pre master secret
- byte[] preMasterSecret = this.Context.Cipher.CreatePremasterSecret();
-
- // Create a new RSA key
- RSA rsa = this.Context.Cipher.CertificateRSA();
-
- // Encrypt premaster_sercret
- RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(rsa);
-
- // Write the preMasterSecret encrypted
- byte[] buffer = formatter.CreateKeyExchange(preMasterSecret);
- this.Write((short)buffer.Length);
- this.Write(buffer);
-
- // Create master secret
- this.Context.Cipher.ComputeMasterSecret(preMasterSecret);
-
- // Create keys
- this.Context.Cipher.ComputeKeys();
-
- // Clear resources
- rsa.Clear();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.IO;\r
+using System.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsClientKeyExchange : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientKeyExchange (Context context) : \r
+ base(context, HandshakeType.ClientKeyExchange)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ // Compute pre master secret\r
+ byte[] preMasterSecret = this.Context.Cipher.CreatePremasterSecret();\r
+\r
+ // Create a new RSA key\r
+ RSA rsa = this.Context.Cipher.CertificateRSA();\r
+ \r
+ // Encrypt premaster_sercret\r
+ RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(rsa);\r
+\r
+ // Write the preMasterSecret encrypted\r
+ byte[] buffer = formatter.CreateKeyExchange(preMasterSecret);\r
+ this.Write(buffer);\r
+\r
+ // Create master secret\r
+ this.Context.Cipher.ComputeMasterSecret(preMasterSecret);\r
+\r
+ // Create keys\r
+ this.Context.Cipher.ComputeKeys();\r
+\r
+ // Clear resources\r
+ rsa.Clear();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Compute pre master secret\r
+ byte[] preMasterSecret = this.Context.Cipher.CreatePremasterSecret();\r
+\r
+ // Create a new RSA key\r
+ RSA rsa = this.Context.Cipher.CertificateRSA();\r
+ \r
+ // Encrypt premaster_sercret\r
+ RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(rsa);\r
+\r
+ // Write the preMasterSecret encrypted\r
+ byte[] buffer = formatter.CreateKeyExchange(preMasterSecret);\r
+ this.Write((short)buffer.Length);\r
+ this.Write(buffer);\r
+\r
+ // Create master secret\r
+ this.Context.Cipher.ComputeMasterSecret(preMasterSecret);\r
+\r
+ // Create keys\r
+ this.Context.Cipher.ComputeKeys();\r
+\r
+ // Clear resources\r
+ rsa.Clear();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- * Sebastien Pouliot, Copyright (c) 2004 Novell (http://www.novell.com)
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Net;
-using System.Collections;
-using System.Globalization;
-using System.Text.RegularExpressions;
-using System.Security.Cryptography;
-using X509Cert = System.Security.Cryptography.X509Certificates;
-
-using Mono.Security.Protocol.Tls.Alerts;
-using Mono.Security.X509;
-using Mono.Security.X509.Extensions;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerCertificate : TlsHandshakeMessage
- {
- #region Fields
-
- private X509CertificateCollection certificates;
-
- #endregion
-
- #region Constructors
-
- public TlsServerCertificate(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.Certificate, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
- this.Context.ServerSettings.Certificates = certificates;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- this.certificates = new X509CertificateCollection();
-
- int readed = 0;
- int length = this.ReadInt24();
-
- while (readed < length)
- {
- // Read certificate length
- int certLength = ReadInt24();
-
- // Increment readed
- readed += 3;
-
- if (certLength > 0)
- {
- // Read certificate data
- byte[] buffer = this.ReadBytes(certLength);
-
- // Create a new X509 Certificate
- X509Certificate certificate = new X509Certificate(buffer);
- certificates.Add(certificate);
-
- readed += certLength;
- }
- }
-
- this.validateCertificates(certificates);
- }
-
- #endregion
-
- #region Private Methods
-
- // Note: this method only works for RSA certificates
- // DH certificates requires some changes - does anyone use one ?
- private bool checkCertificateUsage (X509Certificate cert)
- {
- ClientContext context = (ClientContext)this.Context;
-
- // certificate extensions are required for this
- // we "must" accept older certificates without proofs
- if (cert.Version < 3)
- return true;
-
- KeyUsage ku = KeyUsage.none;
- switch (context.Cipher.ExchangeAlgorithmType) {
- case ExchangeAlgorithmType.RsaSign:
- ku = KeyUsage.digitalSignature;
- break;
- case ExchangeAlgorithmType.RsaKeyX:
- ku = KeyUsage.keyEncipherment;
- break;
- case ExchangeAlgorithmType.DiffieHellman:
- ku = KeyUsage.keyAgreement;
- break;
- case ExchangeAlgorithmType.Fortezza:
- return false; // unsupported certificate type
- }
-
- KeyUsageExtension kux = null;
- ExtendedKeyUsageExtension eku = null;
-
- X509Extension xtn = cert.Extensions ["2.5.29.15"];
- if (xtn != null)
- kux = new KeyUsageExtension (xtn);
-
- xtn = cert.Extensions ["2.5.29.37"];
- if (xtn != null)
- eku = new ExtendedKeyUsageExtension (xtn);
-
- if ((kux != null) && (eku != null)) {
- // RFC3280 states that when both KeyUsageExtension and
- // ExtendedKeyUsageExtension are present then BOTH should
- // be valid
- return (kux.Support (ku) &&
- eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1"));
- }
- else if (kux != null) {
- return kux.Support (ku);
- }
- else if (eku != null) {
- // Server Authentication (1.3.6.1.5.5.7.3.1)
- return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1");
- }
-
- // last chance - try with older (deprecated) Netscape extensions
- xtn = cert.Extensions ["2.16.840.1.113730.1.1"];
- if (xtn != null) {
- NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn);
- return ct.Support (NetscapeCertTypeExtension.CertType.SslServer);
- }
-
- // certificate isn't valid for SSL server usage
- return false;
- }
-
- private void validateCertificates(X509CertificateCollection certificates)
- {
- ClientContext context = (ClientContext)this.Context;
-
- // the leaf is the web server certificate
- X509Certificate leaf = certificates [0];
- X509Cert.X509Certificate cert = new X509Cert.X509Certificate (leaf.RawData);
-
- ArrayList errors = new ArrayList();
-
- // SSL specific check - not all certificates can be
- // used to server-side SSL some rules applies after
- // all ;-)
- if (!checkCertificateUsage (leaf))
- {
- // WinError.h CERT_E_PURPOSE 0x800B0106
- errors.Add ((int)-2146762490);
- }
-
- // SSL specific check - does the certificate match
- // the host ?
- if (!checkServerIdentity (leaf))
- {
- // WinError.h CERT_E_CN_NO_MATCH 0x800B010F
- errors.Add ((int)-2146762481);
- }
-
- // Note: building and verifying a chain can take much time
- // so we do it last (letting simple things fails first)
-
- // Note: In TLS the certificates MUST be in order (and
- // optionally include the root certificate) so we're not
- // building the chain using LoadCertificate (it's faster)
-
- // Note: IIS doesn't seem to send the whole certificate chain
- // but only the server certificate :-( it's assuming that you
- // already have this chain installed on your computer. duh!
- // http://groups.google.ca/groups?q=IIS+server+certificate+chain&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=85058s%24avd%241%40nnrp1.deja.com&rnum=3
-
- // we must remove the leaf certificate from the chain
- X509CertificateCollection chain = new X509CertificateCollection (certificates);
- chain.Remove (leaf);
- X509Chain verify = new X509Chain (chain);
- if (!verify.Build (leaf)) {
- switch (verify.Status) {
- case X509ChainStatusFlags.InvalidBasicConstraints:
- // WinError.h TRUST_E_BASIC_CONSTRAINTS 0x80096019
- errors.Add ((int)-2146869223);
- break;
- case X509ChainStatusFlags.NotSignatureValid:
- // WinError.h TRUST_E_BAD_DIGEST 0x80096010
- errors.Add ((int)-2146869232);
- break;
- case X509ChainStatusFlags.NotTimeNested:
- // WinError.h CERT_E_VALIDITYPERIODNESTING 0x800B0102
- errors.Add ((int)-2146762494);
- break;
- case X509ChainStatusFlags.NotTimeValid:
- // WinError.h CERT_E_EXPIRED 0x800B0101
- errors.Add ((int)-2146762495);
- break;
- case X509ChainStatusFlags.PartialChain:
- // WinError.h CERT_E_CHAINING 0x800B010A
- errors.Add ((int)-2146762486);
- break;
- case X509ChainStatusFlags.UntrustedRoot:
- // WinError.h CERT_E_UNTRUSTEDROOT 0x800B0109
- errors.Add ((int)-2146762487);
- break;
- default:
- // unknown error
- errors.Add ((int)verify.Status);
- break;
- }
- }
-
- int[] certificateErrors = (int[])errors.ToArray(typeof(int));
-
- if (!context.SslStream.RaiseServerCertificateValidation(
- cert,
- certificateErrors))
- {
- throw context.CreateException("Invalid certificate received form server.");
- }
- }
-
- // RFC2818 - HTTP Over TLS, Section 3.1
- // http://www.ietf.org/rfc/rfc2818.txt
- //
- // 1. if present MUST use subjectAltName dNSName as identity
- // 1.1. if multiples entries a match of any one is acceptable
- // 1.2. wildcard * is acceptable
- // 2. URI may be an IP address -> subjectAltName.iPAddress
- // 2.1. exact match is required
- // 3. Use of the most specific Common Name (CN=) in the Subject
- // 3.1 Existing practice but DEPRECATED
- private bool checkServerIdentity (X509Certificate cert)
- {
- ClientContext context = (ClientContext)this.Context;
-
- string targetHost = context.ClientSettings.TargetHost;
-
- X509Extension ext = cert.Extensions ["2.5.29.17"];
- // 1. subjectAltName
- if (ext != null) {
- SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (ext);
- // 1.1 - multiple dNSName
- foreach (string dns in subjectAltName.DNSNames) {
- // 1.2 TODO - wildcard support
- if (dns == targetHost)
- return true;
- }
- // 2. ipAddress
- foreach (string ip in subjectAltName.IPAddresses) {
- // 2.1. Exact match required
- if (ip == targetHost)
- return true;
- }
- }
- // 3. Common Name (CN=)
- return checkDomainName (cert.SubjectName);
- }
-
- private bool checkDomainName(string subjectName)
- {
- ClientContext context = (ClientContext)this.Context;
-
- string domainName = String.Empty;
- Regex search = new Regex(@"([\w\s\d]*)\s*=\s*([^,]*)");
-
- MatchCollection elements = search.Matches(subjectName);
-
- foreach (Match element in elements)
- {
- switch (element.Groups[1].Value.Trim().ToUpper())
- {
- case "CN":
- domainName = element.Groups[2].Value;
- break;
- }
- }
-
- // TODO: add wildcard * support
- return (String.Compare (context.ClientSettings.TargetHost, domainName, true, CultureInfo.InvariantCulture) == 0);
-
-/*
- * the only document found describing this is:
- * http://www.geocities.com/SiliconValley/Byte/4170/articulos/tls/autentic.htm#Autenticaci%F3n%20del%20Server
- * however I don't see how this could deal with wildcards ?
- * other issues
- * a. there could also be many address returned
- * b. Address property is obsoleted in .NET 1.1
- *
- if (domainName == String.Empty)
- {
- return false;
- }
- else
- {
- string targetHost = context.ClientSettings.TargetHost;
-
- // Check that the IP is correct
- try
- {
- IPAddress ipHost = Dns.Resolve(targetHost).AddressList[0];
- IPAddress ipDomain = Dns.Resolve(domainName).AddressList[0];
-
- // Note: Address is obsolete in 1.1
- return (ipHost.Address == ipDomain.Address);
- }
- catch (Exception)
- {
- return false;
- }
- }*/
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * Sebastien Pouliot, Copyright (c) 2004 Novell (http://www.novell.com)\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Net;\r
+using System.Collections;\r
+using System.Globalization;\r
+using System.Text.RegularExpressions;\r
+using System.Security.Cryptography;\r
+using X509Cert = System.Security.Cryptography.X509Certificates;\r
+\r
+using Mono.Security.X509;\r
+using Mono.Security.X509.Extensions;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerCertificate : HandshakeMessage\r
+ {\r
+ #region Fields\r
+\r
+ private X509CertificateCollection certificates;\r
+ \r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsServerCertificate(Context context, byte[] buffer) \r
+ : base(context, HandshakeType.Certificate, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+ this.Context.ServerSettings.Certificates = certificates;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ this.certificates = new X509CertificateCollection();\r
+ \r
+ int readed = 0;\r
+ int length = this.ReadInt24();\r
+\r
+ while (readed < length)\r
+ {\r
+ // Read certificate length\r
+ int certLength = ReadInt24();\r
+\r
+ // Increment readed\r
+ readed += 3;\r
+\r
+ if (certLength > 0)\r
+ {\r
+ // Read certificate data\r
+ byte[] buffer = this.ReadBytes(certLength);\r
+\r
+ // Create a new X509 Certificate\r
+ X509Certificate certificate = new X509Certificate(buffer);\r
+ certificates.Add(certificate);\r
+\r
+ readed += certLength;\r
+ }\r
+ }\r
+\r
+ this.validateCertificates(certificates);\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ // Note: this method only works for RSA certificates\r
+ // DH certificates requires some changes - does anyone use one ?\r
+ private bool checkCertificateUsage (X509Certificate cert) \r
+ {\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ // certificate extensions are required for this\r
+ // we "must" accept older certificates without proofs\r
+ if (cert.Version < 3)\r
+ return true;\r
+\r
+ KeyUsage ku = KeyUsage.none;\r
+ switch (context.Cipher.ExchangeAlgorithmType) \r
+ {\r
+ case ExchangeAlgorithmType.RsaSign:\r
+ ku = KeyUsage.digitalSignature;\r
+ break;\r
+ case ExchangeAlgorithmType.RsaKeyX:\r
+ ku = KeyUsage.keyEncipherment;\r
+ break;\r
+ case ExchangeAlgorithmType.DiffieHellman:\r
+ ku = KeyUsage.keyAgreement;\r
+ break;\r
+ case ExchangeAlgorithmType.Fortezza:\r
+ return false; // unsupported certificate type\r
+ }\r
+\r
+ KeyUsageExtension kux = null;\r
+ ExtendedKeyUsageExtension eku = null;\r
+\r
+ X509Extension xtn = cert.Extensions ["2.5.29.15"];\r
+ if (xtn != null)\r
+ kux = new KeyUsageExtension (xtn);\r
+\r
+ xtn = cert.Extensions ["2.5.29.37"];\r
+ if (xtn != null)\r
+ eku = new ExtendedKeyUsageExtension (xtn);\r
+\r
+ if ((kux != null) && (eku != null)) \r
+ {\r
+ // RFC3280 states that when both KeyUsageExtension and \r
+ // ExtendedKeyUsageExtension are present then BOTH should\r
+ // be valid\r
+ return (kux.Support (ku) &&\r
+ eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1"));\r
+ }\r
+ else if (kux != null) \r
+ {\r
+ return kux.Support (ku);\r
+ }\r
+ else if (eku != null) \r
+ {\r
+ // Server Authentication (1.3.6.1.5.5.7.3.1)\r
+ return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1");\r
+ }\r
+\r
+ // last chance - try with older (deprecated) Netscape extensions\r
+ xtn = cert.Extensions ["2.16.840.1.113730.1.1"];\r
+ if (xtn != null) \r
+ {\r
+ NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn);\r
+ return ct.Support (NetscapeCertTypeExtension.CertType.SslServer);\r
+ }\r
+\r
+ // certificate isn't valid for SSL server usage\r
+ return false;\r
+ }\r
+\r
+ private void validateCertificates(X509CertificateCollection certificates)\r
+ {\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ // the leaf is the web server certificate\r
+ X509Certificate leaf = certificates [0];\r
+ X509Cert.X509Certificate cert = new X509Cert.X509Certificate (leaf.RawData);\r
+\r
+ ArrayList errors = new ArrayList();\r
+\r
+ // SSL specific check - not all certificates can be \r
+ // used to server-side SSL some rules applies after \r
+ // all ;-)\r
+ if (!checkCertificateUsage (leaf)) \r
+ {\r
+ // WinError.h CERT_E_PURPOSE 0x800B0106\r
+ errors.Add ((int)-2146762490);\r
+ }\r
+\r
+ // SSL specific check - does the certificate match \r
+ // the host ?\r
+ if (!checkServerIdentity (leaf))\r
+ {\r
+ // WinError.h CERT_E_CN_NO_MATCH 0x800B010F\r
+ errors.Add ((int)-2146762481);\r
+ }\r
+\r
+ // Note: building and verifying a chain can take much time\r
+ // so we do it last (letting simple things fails first)\r
+\r
+ // Note: In TLS the certificates MUST be in order (and\r
+ // optionally include the root certificate) so we're not\r
+ // building the chain using LoadCertificate (it's faster)\r
+\r
+ // Note: IIS doesn't seem to send the whole certificate chain\r
+ // but only the server certificate :-( it's assuming that you\r
+ // already have this chain installed on your computer. duh!\r
+ // http://groups.google.ca/groups?q=IIS+server+certificate+chain&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=85058s%24avd%241%40nnrp1.deja.com&rnum=3\r
+\r
+ // we must remove the leaf certificate from the chain\r
+ X509CertificateCollection chain = new X509CertificateCollection (certificates);\r
+ chain.Remove (leaf);\r
+ X509Chain verify = new X509Chain (chain);\r
+ if (!verify.Build (leaf)) \r
+ {\r
+ switch (verify.Status) \r
+ {\r
+ case X509ChainStatusFlags.InvalidBasicConstraints:\r
+ // WinError.h TRUST_E_BASIC_CONSTRAINTS 0x80096019\r
+ errors.Add ((int)-2146869223);\r
+ break;\r
+ case X509ChainStatusFlags.NotSignatureValid:\r
+ // WinError.h TRUST_E_BAD_DIGEST 0x80096010\r
+ errors.Add ((int)-2146869232);\r
+ break;\r
+ case X509ChainStatusFlags.NotTimeNested:\r
+ // WinError.h CERT_E_VALIDITYPERIODNESTING 0x800B0102\r
+ errors.Add ((int)-2146762494);\r
+ break;\r
+ case X509ChainStatusFlags.NotTimeValid:\r
+ // WinError.h CERT_E_EXPIRED 0x800B0101\r
+ errors.Add ((int)-2146762495);\r
+ break;\r
+ case X509ChainStatusFlags.PartialChain:\r
+ // WinError.h CERT_E_CHAINING 0x800B010A\r
+ errors.Add ((int)-2146762486);\r
+ break;\r
+ case X509ChainStatusFlags.UntrustedRoot:\r
+ // WinError.h CERT_E_UNTRUSTEDROOT 0x800B0109\r
+ errors.Add ((int)-2146762487);\r
+ break;\r
+ default:\r
+ // unknown error\r
+ errors.Add ((int)verify.Status);\r
+ break;\r
+ }\r
+ }\r
+\r
+ int[] certificateErrors = (int[])errors.ToArray(typeof(int));\r
+\r
+ if (!context.SslStream.RaiseServerCertificateValidation(\r
+ cert, \r
+ certificateErrors))\r
+ {\r
+ throw context.CreateException("Invalid certificate received form server.");\r
+ }\r
+ }\r
+\r
+ // RFC2818 - HTTP Over TLS, Section 3.1\r
+ // http://www.ietf.org/rfc/rfc2818.txt\r
+ // \r
+ // 1. if present MUST use subjectAltName dNSName as identity\r
+ // 1.1. if multiples entries a match of any one is acceptable\r
+ // 1.2. wildcard * is acceptable\r
+ // 2. URI may be an IP address -> subjectAltName.iPAddress\r
+ // 2.1. exact match is required\r
+ // 3. Use of the most specific Common Name (CN=) in the Subject\r
+ // 3.1 Existing practice but DEPRECATED\r
+ private bool checkServerIdentity (X509Certificate cert) \r
+ {\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ string targetHost = context.ClientSettings.TargetHost;\r
+\r
+ X509Extension ext = cert.Extensions ["2.5.29.17"];\r
+ // 1. subjectAltName\r
+ if (ext != null) \r
+ {\r
+ SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (ext);\r
+ // 1.1 - multiple dNSName\r
+ foreach (string dns in subjectAltName.DNSNames) \r
+ {\r
+ // 1.2 TODO - wildcard support\r
+ if (dns == targetHost)\r
+ return true;\r
+ }\r
+ // 2. ipAddress\r
+ foreach (string ip in subjectAltName.IPAddresses) \r
+ {\r
+ // 2.1. Exact match required\r
+ if (ip == targetHost)\r
+ return true;\r
+ }\r
+ }\r
+ // 3. Common Name (CN=)\r
+ return checkDomainName (cert.SubjectName);\r
+ }\r
+\r
+ private bool checkDomainName(string subjectName)\r
+ {\r
+ ClientContext context = (ClientContext)this.Context;\r
+\r
+ string domainName = String.Empty;\r
+ Regex search = new Regex(@"([\w\s\d]*)\s*=\s*([^,]*)");\r
+\r
+ MatchCollection elements = search.Matches(subjectName);\r
+\r
+ foreach (Match element in elements)\r
+ {\r
+ switch (element.Groups[1].Value.Trim().ToUpper())\r
+ {\r
+ case "CN":\r
+ domainName = element.Groups[2].Value;\r
+ break;\r
+ }\r
+ }\r
+\r
+ // TODO: add wildcard * support\r
+ return (String.Compare (context.ClientSettings.TargetHost, domainName, true, CultureInfo.InvariantCulture) == 0);\r
+\r
+ /*\r
+ * the only document found describing this is:\r
+ * http://www.geocities.com/SiliconValley/Byte/4170/articulos/tls/autentic.htm#Autenticaci%F3n%20del%20Server\r
+ * however I don't see how this could deal with wildcards ?\r
+ * other issues\r
+ * a. there could also be many address returned\r
+ * b. Address property is obsoleted in .NET 1.1\r
+ * \r
+ if (domainName == String.Empty)\r
+ {\r
+ return false;\r
+ }\r
+ else\r
+ {\r
+ string targetHost = context.ClientSettings.TargetHost;\r
+\r
+ // Check that the IP is correct\r
+ try\r
+ {\r
+ IPAddress ipHost = Dns.Resolve(targetHost).AddressList[0];\r
+ IPAddress ipDomain = Dns.Resolve(domainName).AddressList[0];\r
+\r
+ // Note: Address is obsolete in 1.1\r
+ return (ipHost.Address == ipDomain.Address);\r
+ }\r
+ catch (Exception)\r
+ {\r
+ return false;\r
+ }\r
+ }*/\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Text;
-using Mono.Security;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerCertificateRequest : TlsHandshakeMessage
- {
- #region Fields
-
- private TlsClientCertificateType[] certificateTypes;
- private string[] distinguisedNames;
-
- #endregion
-
- #region Constructors
-
- public TlsServerCertificateRequest(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ServerHello, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
-
- this.Context.ServerSettings.CertificateTypes = this.certificateTypes;
- this.Context.ServerSettings.DistinguisedNames = this.distinguisedNames;
- this.Context.ServerSettings.CertificateRequest = true;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- // Read requested certificate types
- int typesCount = this.ReadByte();
-
- this.certificateTypes = new TlsClientCertificateType[typesCount];
-
- for (int i = 0; i < typesCount; i++)
- {
- this.certificateTypes[i] = (TlsClientCertificateType)this.ReadByte();
- }
-
- /*
- * Read requested certificate authorities (Distinguised Names)
- *
- * Name ::= SEQUENCE OF RelativeDistinguishedName
- *
- * RelativeDistinguishedName ::= SET OF AttributeValueAssertion
- *
- * AttributeValueAssertion ::= SEQUENCE {
- * attributeType OBJECT IDENTIFIER
- * attributeValue ANY }
- */
- if (this.ReadInt16() != 0)
- {
- ASN1 rdn = new ASN1(this.ReadBytes(this.ReadInt16()));
-
- distinguisedNames = new string[rdn.Count];
-
- #warning "needs testing"
- for (int i = 0; i < rdn.Count; i++)
- {
- // element[0] = attributeType
- // element[1] = attributeValue
- ASN1 element = new ASN1(rdn[i].Value);
-
- distinguisedNames[i] = Encoding.UTF8.GetString(element[1].Value);
- }
- }
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Text;\r
+using Mono.Security;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerCertificateRequest : HandshakeMessage\r
+ {\r
+ #region Fields\r
+\r
+ private ClientCertificateType[] certificateTypes;\r
+ private string[] distinguisedNames;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsServerCertificateRequest(Context context, byte[] buffer) \r
+ : base(context, HandshakeType.ServerHello, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ this.Context.ServerSettings.CertificateTypes = this.certificateTypes;\r
+ this.Context.ServerSettings.DistinguisedNames = this.distinguisedNames;\r
+ this.Context.ServerSettings.CertificateRequest = true;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Read requested certificate types\r
+ int typesCount = this.ReadByte();\r
+ \r
+ this.certificateTypes = new ClientCertificateType[typesCount];\r
+\r
+ for (int i = 0; i < typesCount; i++)\r
+ {\r
+ this.certificateTypes[i] = (ClientCertificateType)this.ReadByte();\r
+ }\r
+\r
+ /*\r
+ * Read requested certificate authorities (Distinguised Names)\r
+ * \r
+ * Name ::= SEQUENCE OF RelativeDistinguishedName\r
+ * \r
+ * RelativeDistinguishedName ::= SET OF AttributeValueAssertion\r
+ * \r
+ * AttributeValueAssertion ::= SEQUENCE {\r
+ * attributeType OBJECT IDENTIFIER\r
+ * attributeValue ANY }\r
+ */\r
+ if (this.ReadInt16() != 0)\r
+ {\r
+ ASN1 rdn = new ASN1(this.ReadBytes(this.ReadInt16()));\r
+\r
+ distinguisedNames = new string[rdn.Count];\r
+\r
+ #warning "needs testing"\r
+ for (int i = 0; i < rdn.Count; i++)\r
+ {\r
+ // element[0] = attributeType\r
+ // element[1] = attributeValue\r
+ ASN1 element = new ASN1(rdn[i].Value);\r
+\r
+ distinguisedNames[i] = Encoding.UTF8.GetString(element[1].Value);\r
+ }\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerFinished : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerFinished(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ServerHello, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
-
- // Reset Hahdshake messages information
- this.Context.HandshakeMessages.Reset();
-
- // Hahdshake is finished
- this.Context.HandshakeState = HandshakeState.Finished;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- // Compute handshake messages hashes
- HashAlgorithm hash = new TlsSslHandshakeHash(this.Context.MasterSecret);
-
- TlsStream data = new TlsStream();
- data.Write(this.Context.HandshakeMessages.ToArray());
- data.Write((int)0x53525652);
-
- hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);
-
- data.Reset();
-
- byte[] serverHash = this.ReadBytes((int)Length);
- byte[] clientHash = hash.Hash;
-
- // Check server prf against client prf
- if (clientHash.Length != serverHash.Length)
- {
- throw new TlsException("Invalid ServerFinished message received.");
- }
- for (int i = 0; i < serverHash.Length; i++)
- {
- if (clientHash[i] != serverHash[i])
- {
- throw new TlsException("Invalid ServerFinished message received.");
- }
- }
- }
-
- protected override void ProcessAsTls1()
- {
- byte[] serverPRF = this.ReadBytes((int)Length);
- HashAlgorithm hash = new MD5SHA1();
-
- hash.ComputeHash(
- this.Context.HandshakeMessages.ToArray(),
- 0,
- (int)this.Context.HandshakeMessages.Length);
-
- byte[] clientPRF = this.Context.Cipher.PRF(this.Context.MasterSecret, "server finished", hash.Hash, 12);
-
- // Check server prf against client prf
- if (clientPRF.Length != serverPRF.Length)
- {
- throw new TlsException("Invalid ServerFinished message received.");
- }
- for (int i = 0; i < serverPRF.Length; i++)
- {
- if (clientPRF[i] != serverPRF[i])
- {
- throw new TlsException("Invalid ServerFinished message received.");
- }
- }
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerFinished : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerFinished(Context context, byte[] buffer) \r
+ : base(context, HandshakeType.ServerHello, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ // Reset Hahdshake messages information\r
+ this.Context.HandshakeMessages.Reset();\r
+\r
+ // Hahdshake is finished\r
+ this.Context.HandshakeState = HandshakeState.Finished;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ // Compute handshake messages hashes\r
+ HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);\r
+\r
+ TlsStream data = new TlsStream();\r
+ data.Write(this.Context.HandshakeMessages.ToArray());\r
+ data.Write((int)0x53525652);\r
+ \r
+ hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);\r
+\r
+ data.Reset();\r
+\r
+ byte[] serverHash = this.ReadBytes((int)Length); \r
+ byte[] clientHash = hash.Hash;\r
+ \r
+ // Check server prf against client prf\r
+ if (clientHash.Length != serverHash.Length)\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ for (int i = 0; i < serverHash.Length; i++)\r
+ {\r
+ if (clientHash[i] != serverHash[i])\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ }\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ byte[] serverPRF = this.ReadBytes((int)Length);\r
+ HashAlgorithm hash = new MD5SHA1();\r
+\r
+ hash.ComputeHash(\r
+ this.Context.HandshakeMessages.ToArray(), \r
+ 0,\r
+ (int)this.Context.HandshakeMessages.Length);\r
+\r
+ byte[] clientPRF = this.Context.Cipher.PRF(this.Context.MasterSecret, "server finished", hash.Hash, 12);\r
+\r
+ // Check server prf against client prf\r
+ if (clientPRF.Length != serverPRF.Length)\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ for (int i = 0; i < serverPRF.Length; i++)\r
+ {\r
+ if (clientPRF[i] != serverPRF[i])\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerHello : TlsHandshakeMessage
- {
- #region Fields
-
- private SecurityCompressionType compressionMethod;
- private byte[] random;
- private byte[] sessionId;
- private CipherSuite cipherSuite;
-
- #endregion
-
- #region Constructors
-
- public TlsServerHello(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ServerHello, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
-
- this.Context.SessionId = this.sessionId;
- this.Context.ServerRandom = this.random;
- this.Context.Cipher = this.cipherSuite;
- this.Context.CompressionMethod = this.compressionMethod;
- this.Context.Cipher.Context = this.Context;
- this.Context.ProtocolNegotiated = true;
-
- // Compute ClientRandom + ServerRandom
- TlsStream random = new TlsStream();
- random.Write(this.Context.ClientRandom);
- random.Write(this.Context.ServerRandom);
- this.Context.RandomCS = random.ToArray();
-
- // Server Random + Client Random
- random.Reset();
- random.Write(this.Context.ServerRandom);
- random.Write(this.Context.ClientRandom);
-
- this.Context.RandomSC = random.ToArray();
- random.Reset();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- // Read protocol version
- this.processProtocol(this.ReadInt16());
-
- // Read random - Unix time + Random bytes
- this.random = this.ReadBytes(32);
-
- // Read Session id
- int length = (int)ReadByte();
- if (length > 0)
- {
- this.sessionId = this.ReadBytes(length);
- }
-
- // Read cipher suite
- short cipherCode = this.ReadInt16();
- if (this.Context.SupportedCiphers.IndexOf(cipherCode) == -1)
- {
- // The server has sent an invalid ciphersuite
- throw new TlsException("Invalid cipher suite received from server");
- }
- this.cipherSuite = this.Context.SupportedCiphers[cipherCode];
-
- // Read compression methods ( always 0 )
- this.compressionMethod = (SecurityCompressionType)this.ReadByte();
- }
-
- #endregion
-
- #region Private Methods
-
- private void processProtocol(short protocol)
- {
- SecurityProtocolType serverProtocol = this.Context.DecodeProtocolCode(protocol);
-
- if ((serverProtocol & this.Context.SecurityProtocolFlags) == serverProtocol ||
- (this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
- {
- this.Context.SecurityProtocol = serverProtocol;
- this.Context.SupportedCiphers.Clear();
- this.Context.SupportedCiphers = null;
- this.Context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(serverProtocol);
- }
- else
- {
- throw this.Context.CreateException("Incorrect protocol version received from server");
- }
- }
-
- #endregion
- }
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerHello : HandshakeMessage\r
+ {\r
+ #region Fields\r
+\r
+ private SecurityCompressionType compressionMethod;\r
+ private byte[] random;\r
+ private byte[] sessionId;\r
+ private CipherSuite cipherSuite;\r
+ \r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsServerHello(Context context, byte[] buffer) \r
+ : base(context, HandshakeType.ServerHello, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ this.Context.SessionId = this.sessionId;\r
+ this.Context.ServerRandom = this.random;\r
+ this.Context.Cipher = this.cipherSuite;\r
+ this.Context.CompressionMethod = this.compressionMethod;\r
+ this.Context.ProtocolNegotiated = true;\r
+\r
+ // Compute ClientRandom + ServerRandom\r
+ TlsStream random = new TlsStream();\r
+ random.Write(this.Context.ClientRandom);\r
+ random.Write(this.Context.ServerRandom);\r
+ this.Context.RandomCS = random.ToArray();\r
+\r
+ // Server Random + Client Random\r
+ random.Reset();\r
+ random.Write(this.Context.ServerRandom);\r
+ random.Write(this.Context.ClientRandom);\r
+\r
+ this.Context.RandomSC = random.ToArray();\r
+ random.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Read protocol version\r
+ this.processProtocol(this.ReadInt16());\r
+ \r
+ // Read random - Unix time + Random bytes\r
+ this.random = this.ReadBytes(32);\r
+ \r
+ // Read Session id\r
+ int length = (int)ReadByte();\r
+ if (length > 0)\r
+ {\r
+ this.sessionId = this.ReadBytes(length);\r
+ }\r
+\r
+ // Read cipher suite\r
+ short cipherCode = this.ReadInt16();\r
+ if (this.Context.SupportedCiphers.IndexOf(cipherCode) == -1)\r
+ {\r
+ // The server has sent an invalid ciphersuite\r
+ throw new TlsException("Invalid cipher suite received from server");\r
+ }\r
+ this.cipherSuite = this.Context.SupportedCiphers[cipherCode];\r
+ \r
+ // Read compression methods ( always 0 )\r
+ this.compressionMethod = (SecurityCompressionType)this.ReadByte();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private void processProtocol(short protocol)\r
+ {\r
+ SecurityProtocolType serverProtocol = this.Context.DecodeProtocolCode(protocol);\r
+\r
+ if ((serverProtocol & this.Context.SecurityProtocolFlags) == serverProtocol ||\r
+ (this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)\r
+ {\r
+ this.Context.SecurityProtocol = serverProtocol;\r
+ this.Context.SupportedCiphers.Clear();\r
+ this.Context.SupportedCiphers = null;\r
+ this.Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(serverProtocol);\r
+ }\r
+ else\r
+ {\r
+ throw this.Context.CreateException("Incorrect protocol version received from server");\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
}
\ No newline at end of file
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerHelloDone : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerHelloDone(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ServerHelloDone, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- ClientContext context = (ClientContext)this.Context;
-
- base.Update();
-
- context.HelloDone = true;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- }
-
- protected override void ProcessAsTls1()
- {
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerHelloDone : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerHelloDone(Context context, byte[] buffer) \r
+ : base(context, HandshakeType.ServerHelloDone, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-using Mono.Security.X509;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Client
-{
- internal class TlsServerKeyExchange : TlsHandshakeMessage
- {
- #region Fields
-
- private RSAParameters rsaParams;
- private byte[] signedParams;
-
- #endregion
-
- #region Constructors
-
- public TlsServerKeyExchange(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ServerKeyExchange, buffer)
- {
- this.verifySignature();
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- base.Update();
-
- this.Context.ServerSettings.ServerKeyExchange = true;
- this.Context.ServerSettings.RsaParameters = this.rsaParams;
- this.Context.ServerSettings.SignedParams = this.signedParams;
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- this.rsaParams = new RSAParameters();
-
- // Read modulus
- this.rsaParams.Modulus = this.ReadBytes(this.ReadInt16());
-
- // Read exponent
- this.rsaParams.Exponent = this.ReadBytes(this.ReadInt16());
-
- // Read signed params
- this.signedParams = this.ReadBytes(this.ReadInt16());
- }
-
- #endregion
-
- #region Private Methods
-
- private void verifySignature()
- {
- MD5SHA1 hash = new MD5SHA1();
-
- // Calculate size of server params
- int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;
-
- // Create server params array
- TlsStream stream = new TlsStream();
-
- stream.Write(this.Context.RandomCS);
- stream.Write(this.ToArray(), 0, size);
-
- hash.ComputeHash(stream.ToArray());
-
- stream.Reset();
-
- bool isValidSignature = hash.VerifySignature(
- this.Context.Cipher.CertificateRSA(),
- this.signedParams);
-
- if (!isValidSignature)
- {
- throw this.Context.CreateException("Data was not signed with the server certificate.");
- }
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+using Mono.Security.X509;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Client\r
+{\r
+ internal class TlsServerKeyExchange : HandshakeMessage\r
+ {\r
+ #region Fields\r
+\r
+ private RSAParameters rsaParams;\r
+ private byte[] signedParams;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsServerKeyExchange(Context context, byte[] buffer)\r
+ : base(context, HandshakeType.ServerKeyExchange, buffer)\r
+ {\r
+ this.verifySignature();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ this.Context.ServerSettings.ServerKeyExchange = true;\r
+ this.Context.ServerSettings.RsaParameters = this.rsaParams;\r
+ this.Context.ServerSettings.SignedParams = this.signedParams;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ this.rsaParams = new RSAParameters();\r
+ \r
+ // Read modulus\r
+ this.rsaParams.Modulus = this.ReadBytes(this.ReadInt16());\r
+\r
+ // Read exponent\r
+ this.rsaParams.Exponent = this.ReadBytes(this.ReadInt16());\r
+\r
+ // Read signed params\r
+ this.signedParams = this.ReadBytes(this.ReadInt16());\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private void verifySignature()\r
+ {\r
+ MD5SHA1 hash = new MD5SHA1();\r
+\r
+ // Calculate size of server params\r
+ int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;\r
+\r
+ // Create server params array\r
+ TlsStream stream = new TlsStream();\r
+\r
+ stream.Write(this.Context.RandomCS);\r
+ stream.Write(this.ToArray(), 0, size);\r
+\r
+ hash.ComputeHash(stream.ToArray());\r
+\r
+ stream.Reset();\r
+ \r
+ bool isValidSignature = hash.VerifySignature(\r
+ this.Context.Cipher.CertificateRSA(),\r
+ this.signedParams);\r
+\r
+ if (!isValidSignature)\r
+ {\r
+ throw this.Context.CreateException("Data was not signed with the server certificate.");\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using Mono.Security.Protocol.Tls;
-using System.Security.Cryptography.X509Certificates;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsClientCertificate : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientCertificate(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.Certificate, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using Mono.Security.Protocol.Tls;\r
+using System.Security.Cryptography.X509Certificates;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsClientCertificate : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientCertificate(Context context, byte[] buffer)\r
+ : base(context, HandshakeType.Certificate, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography.X509Certificates;
-
-using System.Security.Cryptography;
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsClientCertificateVerify : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientCertificateVerify(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.Finished, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography.X509Certificates;\r
+\r
+using System.Security.Cryptography;\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsClientCertificateVerify : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientCertificateVerify(Context context, byte[] buffer)\r
+ : base(context, HandshakeType.Finished, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsClientFinished : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientFinished(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.Finished, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsClientFinished : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientFinished(Context context, byte[] buffer)\r
+ : base(context, HandshakeType.Finished, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ // Compute handshake messages hashes\r
+ HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);\r
+\r
+ TlsStream data = new TlsStream();\r
+ data.Write(this.Context.HandshakeMessages.ToArray());\r
+ data.Write((int)0x434C4E54);\r
+ \r
+ hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);\r
+\r
+ data.Reset();\r
+\r
+ byte[] clientHash = this.ReadBytes((int)Length); \r
+ byte[] serverHash = hash.Hash;\r
+ \r
+ // Check client prf against server prf\r
+ if (clientHash.Length != serverHash.Length)\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ for (int i = 0; i < clientHash.Length; i++)\r
+ {\r
+ if (clientHash[i] != serverHash[i])\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ }\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ byte[] clientPRF = this.ReadBytes((int)this.Length);\r
+ HashAlgorithm hash = new MD5SHA1();\r
+\r
+ hash.ComputeHash(\r
+ this.Context.HandshakeMessages.ToArray(), \r
+ 0,\r
+ (int)this.Context.HandshakeMessages.Length);\r
+\r
+ byte[] serverPRF = this.Context.Cipher.PRF(this.Context.MasterSecret, "client finished", hash.Hash, 12);\r
+\r
+ // Check client prf against server prf\r
+ if (clientPRF.Length != serverPRF.Length)\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ for (int i = 0; i < serverPRF.Length; i++)\r
+ {\r
+ if (clientPRF[i] != serverPRF[i])\r
+ {\r
+ throw new TlsException("Invalid ServerFinished message received.");\r
+ }\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsClientHello : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientHello(Context context, byte[] buffer)
- : base(context, TlsHandshakeType.ClientHello, buffer)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsClientHello : HandshakeMessage\r
+ {\r
+ #region Private Fields\r
+\r
+ private byte[] random;\r
+ private byte[] sessionId;\r
+ private short[] cipherSuites;\r
+ private byte[] compressionMethods;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsClientHello(Context context, byte[] buffer)\r
+ : base(context, HandshakeType.ClientHello, buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ this.selectCipherSuite();\r
+ this.selectCompressionMethod();\r
+\r
+ this.Context.SessionId = this.sessionId;\r
+ this.Context.ClientRandom = this.random;\r
+ this.Context.ProtocolNegotiated = true;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Client Version\r
+ this.processProtocol(this.ReadInt16());\r
+ \r
+ // Random bytes - Unix time + Radom bytes [28]\r
+ this.random = this.ReadBytes(32);\r
+ \r
+ // Session id\r
+ // Send the session ID empty\r
+ this.sessionId = this.ReadBytes(this.ReadByte());\r
+ \r
+ // Read Supported Cipher Suites count\r
+ this.cipherSuites = new short[this.ReadInt16()/2];\r
+\r
+ // Read Cipher Suites\r
+ for (int i = 0; i < this.cipherSuites.Length; i++)\r
+ {\r
+ this.cipherSuites[i] = this.ReadInt16();\r
+ }\r
+\r
+ // Compression methods length\r
+ this.compressionMethods = new byte[this.ReadByte()];\r
+ \r
+ for (int i = 0; i < this.compressionMethods.Length; i++)\r
+ {\r
+ this.compressionMethods[i] = this.ReadByte();\r
+ }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private void processProtocol(short protocol)\r
+ {\r
+ SecurityProtocolType clientProtocol = this.Context.DecodeProtocolCode(protocol);\r
+\r
+ if ((clientProtocol & this.Context.SecurityProtocolFlags) == clientProtocol ||\r
+ (this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)\r
+ {\r
+ this.Context.SecurityProtocol = clientProtocol;\r
+ this.Context.SupportedCiphers.Clear();\r
+ this.Context.SupportedCiphers = null;\r
+ this.Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(clientProtocol);\r
+ }\r
+ else\r
+ {\r
+#warning "Send alert"\r
+ throw this.Context.CreateException("Incorrect protocol version received from server");\r
+ }\r
+ }\r
+\r
+ private void selectCipherSuite()\r
+ {\r
+ int index = 0;\r
+ for (int i = 0; i < this.cipherSuites.Length; i++)\r
+ {\r
+ if ((index = this.Context.SupportedCiphers.IndexOf(this.cipherSuites[i])) != -1) \r
+ {\r
+ this.Context.Cipher = this.Context.SupportedCiphers[index]; \r
+ }\r
+ }\r
+\r
+ if (this.Context.Cipher == null)\r
+ {\r
+#warning "Send an Alert and Throw and exception"\r
+ }\r
+ }\r
+\r
+ private void selectCompressionMethod()\r
+ {\r
+ this.Context.CompressionMethod = SecurityCompressionType.None;\r
+ }\r
+\r
+ #endregion\r
+ }\r
}
\ No newline at end of file
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.IO;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsClientKeyExchange : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsClientKeyExchange (Context context, byte[] buffer) :
- base(context,
- TlsHandshakeType.ClientKeyExchange,
- buffer)
- {
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.IO;\r
+using System.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsClientKeyExchange : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsClientKeyExchange (Context context, byte[] buffer) : \r
+ base(context,\r
+ HandshakeType.ClientKeyExchange, \r
+ buffer)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Read client premaster secret\r
+ byte[] clientSecret = this.ReadBytes(this.ReadInt16());\r
+\r
+ // Create a new RSA key\r
+ RSA rsa = this.Context.Cipher.CertificateRSA();\r
+\r
+ // Decrypt premaster secret\r
+ RSAPKCS1KeyExchangeDeformatter deformatter = new RSAPKCS1KeyExchangeDeformatter(rsa);\r
+\r
+ byte[] preMasterSecret = deformatter.DecryptKeyExchange(clientSecret);\r
+ \r
+ // Create master secret\r
+ this.Context.Cipher.ComputeMasterSecret(preMasterSecret);\r
+\r
+ // Create keys\r
+ this.Context.Cipher.ComputeKeys();\r
+\r
+ // Clear resources\r
+ rsa.Clear();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Collections;
-using System.Text.RegularExpressions;
-using System.Security.Cryptography;
-using X509Cert = System.Security.Cryptography.X509Certificates;
-
-using Mono.Security.Protocol.Tls.Alerts;
-using Mono.Security.X509;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerCertificate : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerCertificate(Context context)
- : base(context, TlsHandshakeType.Certificate)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Collections;\r
+using System.Text.RegularExpressions;\r
+using System.Security.Cryptography;\r
+using X509Cert = System.Security.Cryptography.X509Certificates;\r
+\r
+using Mono.Security.X509;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerCertificate : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerCertificate(Context context) \r
+ : base(context, HandshakeType.Certificate)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ TlsStream certs = new TlsStream();\r
+\r
+ foreach (X509Certificate certificate in this.Context.ServerSettings.Certificates)\r
+ {\r
+ // Write certificate length\r
+ certs.WriteInt24(certificate.RawData.Length);\r
+\r
+ // Write certificate data\r
+ certs.Write(certificate.RawData);\r
+ }\r
+\r
+ this.WriteInt24(Convert.ToInt32(certs.Length));\r
+ this.Write(certs.ToArray());\r
+\r
+ certs.Close();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Text;
-using Mono.Security;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerCertificateRequest : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerCertificateRequest(Context context)
- : base(context, TlsHandshakeType.ServerHello)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Text;\r
+using Mono.Security;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerCertificateRequest : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerCertificateRequest(Context context) \r
+ : base(context, HandshakeType.ServerHello)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerFinished : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerFinished(Context context)
- : base(context, TlsHandshakeType.ServerHello)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerFinished : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerFinished(Context context) \r
+ : base(context, HandshakeType.ServerHello)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ // Compute handshake messages hashes\r
+ HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);\r
+\r
+ TlsStream data = new TlsStream();\r
+ data.Write(this.Context.HandshakeMessages.ToArray());\r
+ data.Write((int)0x53525652);\r
+ \r
+ hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);\r
+\r
+ this.Write(hash.Hash);\r
+\r
+ data.Reset();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Compute handshake messages hash\r
+ HashAlgorithm hash = new MD5SHA1();\r
+ hash.ComputeHash(\r
+ this.Context.HandshakeMessages.ToArray(),\r
+ 0,\r
+ (int)this.Context.HandshakeMessages.Length);\r
+\r
+ // Write message\r
+ this.Write(this.Context.Cipher.PRF(this.Context.MasterSecret, "server finished", hash.Hash, 12));\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerHello : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerHello(Context context)
- : base(context, TlsHandshakeType.ServerHello)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerHello : HandshakeMessage\r
+ {\r
+ #region Private Fields\r
+\r
+ private int unixTime;\r
+ private byte[] random;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public TlsServerHello(Context context) \r
+ : base(context, HandshakeType.ServerHello)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ base.Update();\r
+\r
+ TlsStream random = new TlsStream();\r
+\r
+ // Compute Server Random\r
+ random.Write(this.unixTime);\r
+ random.Write(this.random);\r
+\r
+ this.Context.ServerRandom = random.ToArray();\r
+\r
+ // Compute ClientRandom + ServerRandom\r
+ random.Reset();\r
+ random.Write(this.Context.ClientRandom);\r
+ random.Write(this.Context.ServerRandom);\r
+\r
+ this.Context.RandomCS = random.ToArray();\r
+\r
+ // Server Random + Client Random\r
+ random.Reset();\r
+ random.Write(this.Context.ServerRandom);\r
+ random.Write(this.Context.ClientRandom);\r
+\r
+ this.Context.RandomSC = random.ToArray();\r
+\r
+ random.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ // Write protocol version\r
+ this.Write(this.Context.Protocol);\r
+ \r
+ // Write Unix time\r
+ this.unixTime = this.Context.GetUnixTime();\r
+ this.Write(this.unixTime);\r
+\r
+ // Write Random bytes\r
+ random = this.Context.GetSecureRandomBytes(28);\r
+ this.Write(this.random);\r
+ \r
+ if (this.Context.SessionId == null)\r
+ {\r
+ this.WriteByte(0);\r
+ }\r
+ else\r
+ {\r
+ // Write Session ID length\r
+ this.WriteByte((byte)this.Context.SessionId.Length);\r
+\r
+ // Write Session ID\r
+ this.Write(this.Context.SessionId);\r
+ }\r
+\r
+ // Write selected cipher suite\r
+ this.Write(this.Context.Cipher.Code);\r
+ \r
+ // Write selected compression method\r
+ this.WriteByte((byte)this.Context.CompressionMethod);\r
+ }\r
+\r
+ #endregion\r
+ }\r
}
\ No newline at end of file
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerHelloDone : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerHelloDone(Context context)
- : base(context, TlsHandshakeType.ServerHelloDone)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- throw new NotSupportedException();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerHelloDone : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerHelloDone(Context context) \r
+ : base(context, HandshakeType.ServerHelloDone)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-using Mono.Security.Cryptography;
-using Mono.Security.X509;
-
-namespace Mono.Security.Protocol.Tls.Handshake.Server
-{
- internal class TlsServerKeyExchange : TlsHandshakeMessage
- {
- #region Constructors
-
- public TlsServerKeyExchange(Context context)
- : base(context, TlsHandshakeType.ServerKeyExchange)
- {
- }
-
- #endregion
-
- #region Methods
-
- public override void Update()
- {
- throw new NotSupportedException();
- }
-
- #endregion
-
- #region Protected Methods
-
- protected override void ProcessAsSsl3()
- {
- this.ProcessAsTls1();
- }
-
- protected override void ProcessAsTls1()
- {
- throw new NotSupportedException();
- }
-
- #endregion
- }
-}
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+using Mono.Security.Cryptography;\r
+using Mono.Security.X509;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake.Server\r
+{\r
+ internal class TlsServerKeyExchange : HandshakeMessage\r
+ {\r
+ #region Constructors\r
+\r
+ public TlsServerKeyExchange(Context context)\r
+ : base(context, HandshakeType.ServerKeyExchange)\r
+ {\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Update()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Protected Methods\r
+\r
+ protected override void ProcessAsSsl3()\r
+ {\r
+ this.ProcessAsTls1();\r
+ }\r
+\r
+ protected override void ProcessAsTls1()\r
+ {\r
+ throw new NotSupportedException();\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake\r
+{\r
+ [Serializable]\r
+ internal enum ClientCertificateType\r
+ {\r
+ RSA = 1,\r
+ DSS = 2,\r
+ RSAFixed = 3,\r
+ DSSFixed = 4,\r
+ Unknown = 255\r
+ }\r
+}\r
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake\r
+{\r
+ internal abstract class HandshakeMessage : TlsStream\r
+ {\r
+ #region Fields\r
+\r
+ private Context context;\r
+ private HandshakeType handshakeType;\r
+ private ContentType contentType;\r
+\r
+ #endregion\r
+\r
+ #region Properties\r
+\r
+ public Context Context\r
+ {\r
+ get { return this.context; }\r
+ }\r
+\r
+ public HandshakeType HandshakeType\r
+ {\r
+ get { return this.handshakeType; }\r
+ }\r
+\r
+ public ContentType ContentType\r
+ {\r
+ get { return this.contentType; }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public HandshakeMessage(\r
+ Context context,\r
+ HandshakeType handshakeType) \r
+ : this(context, handshakeType, ContentType.Handshake)\r
+ {\r
+ }\r
+\r
+ public HandshakeMessage(\r
+ Context context,\r
+ HandshakeType handshakeType,\r
+ ContentType contentType) : base()\r
+ {\r
+ this.context = context;\r
+ this.handshakeType = handshakeType;\r
+ this.contentType = contentType;\r
+\r
+ // Process message\r
+ this.process();\r
+ }\r
+\r
+ public HandshakeMessage(\r
+ Context context, \r
+ HandshakeType handshakeType, \r
+ byte[] data) : base(data)\r
+ {\r
+ this.context = context;\r
+ this.handshakeType = handshakeType;\r
+ \r
+ // Process message\r
+ this.process();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Abstract Methods\r
+\r
+ protected abstract void ProcessAsTls1();\r
+\r
+ protected abstract void ProcessAsSsl3();\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ private void process()\r
+ {\r
+ switch (this.Context.SecurityProtocol)\r
+ {\r
+ case SecurityProtocolType.Tls:\r
+ case SecurityProtocolType.Default:\r
+ this.ProcessAsTls1();\r
+ break;\r
+\r
+ case SecurityProtocolType.Ssl3:\r
+ this.ProcessAsSsl3();\r
+ break;\r
+\r
+ case SecurityProtocolType.Ssl2:\r
+ default:\r
+ throw new NotSupportedException("Unsupported security protocol type");\r
+ }\r
+ }\r
+\r
+ public virtual void Update()\r
+ {\r
+ if (this.CanWrite)\r
+ {\r
+ this.context.HandshakeMessages.Write(this.EncodeMessage());\r
+ this.Reset();\r
+ }\r
+ }\r
+\r
+ public virtual byte[] EncodeMessage()\r
+ {\r
+ byte[] result = null;\r
+\r
+ if (CanWrite)\r
+ {\r
+ TlsStream c = new TlsStream();\r
+\r
+ c.Write((byte)HandshakeType);\r
+ c.WriteInt24((int)this.Length);\r
+ c.Write(this.ToArray());\r
+\r
+ result = c.ToArray();\r
+ }\r
+\r
+ return result;\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls.Handshake\r
+{\r
+ [Serializable]\r
+ internal enum HandshakeType : byte\r
+ {\r
+ HelloRequest = 0,\r
+ ClientHello = 1,\r
+ ServerHello = 2,\r
+ Certificate = 11,\r
+ ServerKeyExchange = 12,\r
+ CertificateRequest = 13,\r
+ ServerHelloDone = 14,\r
+ CertificateVerify = 15,\r
+ ClientKeyExchange = 16,\r
+ Finished = 20,\r
+ None = 255\r
+ }\r
+}\r
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake
-{
- internal enum TlsClientCertificateType
- {
- RSA = 1,
- DSS = 2,
- RSAFixed = 3,
- DSSFixed = 4,
- Unknown = 255
- }
-}
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake
-{
- internal abstract class TlsHandshakeMessage : TlsStream
- {
- #region Fields
-
- private Context context;
- private TlsHandshakeType handshakeType;
- private TlsContentType contentType;
-
- #endregion
-
- #region Properties
-
- public Context Context
- {
- get { return this.context; }
- }
-
- public TlsHandshakeType HandshakeType
- {
- get { return this.handshakeType; }
- }
-
- public TlsContentType ContentType
- {
- get { return this.contentType; }
- }
-
- #endregion
-
- #region Constructors
-
- public TlsHandshakeMessage(
- Context context,
- TlsHandshakeType handshakeType)
- : this(context, handshakeType, TlsContentType.Handshake)
- {
- }
-
- public TlsHandshakeMessage(
- Context context,
- TlsHandshakeType handshakeType,
- TlsContentType contentType) : base()
- {
- this.context = context;
- this.handshakeType = handshakeType;
- this.contentType = contentType;
-
- // Process message
- this.process();
- }
-
- public TlsHandshakeMessage(
- Context context,
- TlsHandshakeType handshakeType,
- byte[] data) : base(data)
- {
- this.context = context;
- this.handshakeType = handshakeType;
-
- // Process message
- this.process();
- }
-
- #endregion
-
- #region Abstract Methods
-
- protected abstract void ProcessAsTls1();
-
- protected abstract void ProcessAsSsl3();
-
- #endregion
-
- #region Methods
-
- private void process()
- {
- switch (this.Context.SecurityProtocol)
- {
- case SecurityProtocolType.Tls:
- case SecurityProtocolType.Default:
- this.ProcessAsTls1();
- break;
-
- case SecurityProtocolType.Ssl3:
- this.ProcessAsSsl3();
- break;
-
- case SecurityProtocolType.Ssl2:
- default:
- throw new NotSupportedException("Unsupported security protocol type");
- }
- }
-
- public virtual void Update()
- {
- if (CanWrite)
- {
- this.context.HandshakeMessages.Write(this.EncodeMessage());
- this.Reset();
- }
- }
-
- public virtual byte[] EncodeMessage()
- {
- byte[] result = null;
-
- if (CanWrite)
- {
- TlsStream c = new TlsStream();
-
- c.Write((byte)HandshakeType);
- c.WriteInt24((int)this.Length);
- c.Write(this.ToArray());
-
- result = c.ToArray();
- }
-
- return result;
- }
-
- #endregion
- }
-}
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls.Handshake
-{
- internal enum TlsHandshakeType : byte
- {
- HelloRequest = 0,
- ClientHello = 1,
- ServerHello = 2,
- Certificate = 11,
- ServerKeyExchange = 12,
- CertificateRequest = 13,
- ServerHelloDone = 14,
- CertificateVerify = 15,
- ClientKeyExchange = 16,
- Finished = 20,
- }
-}
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using Mono.Security.Protocol.Tls;\r
+\r
+namespace Mono.Security.Protocol.Tls\r
+{\r
+ #region Enumerations\r
+\r
+ [Serializable]\r
+ internal enum AlertLevel : byte\r
+ {\r
+ Warning = 1,\r
+ Fatal = 2\r
+ }\r
+\r
+ [Serializable]\r
+ internal enum AlertDescription : byte\r
+ {\r
+ CloseNotify = 0,\r
+ UnexpectedMessage = 10,\r
+ BadRecordMAC = 20,\r
+ DecryptionFailed = 21,\r
+ RecordOverflow = 22,\r
+ DecompressionFailiure = 30,\r
+ HandshakeFailiure = 40,\r
+ BadCertificate = 42,\r
+ UnsupportedCertificate = 43,\r
+ CertificateRevoked = 44,\r
+ CertificateExpired = 45,\r
+ CertificateUnknown = 46,\r
+ IlegalParameter = 47,\r
+ UnknownCA = 48,\r
+ AccessDenied = 49,\r
+ DecodeError = 50,\r
+ DecryptError = 51,\r
+ ExportRestriction = 60,\r
+ ProtocolVersion = 70,\r
+ InsuficientSecurity = 71,\r
+ InternalError = 80,\r
+ UserCancelled = 90,\r
+ NoRenegotiation = 100\r
+ }\r
+\r
+ #endregion\r
+ \r
+ internal class Alert : TlsStream\r
+ {\r
+ #region Fields\r
+\r
+ private Context context;\r
+ private AlertLevel level;\r
+ private AlertDescription description;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public Alert(\r
+ Context context,\r
+ AlertDescription description) : base()\r
+ {\r
+ this.context = context;\r
+ this.description = description;\r
+ \r
+ this.inferAlertLevel();\r
+\r
+ this.fill();\r
+ }\r
+\r
+ public Alert(\r
+ Context context,\r
+ AlertLevel level,\r
+ AlertDescription description) : base()\r
+ {\r
+ this.context = context;\r
+ this.level = level;\r
+ this.description = description;\r
+\r
+ this.fill();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Properties\r
+\r
+ public string Message\r
+ {\r
+ get { return Alert.GetAlertMessage(this.description); }\r
+ }\r
+\r
+ public bool IsWarning\r
+ {\r
+ get\r
+ {\r
+ return this.level == AlertLevel.Warning ? true : false;\r
+ }\r
+ }\r
+\r
+ public bool IsFatal\r
+ {\r
+ get\r
+ {\r
+ return this.level == AlertLevel.Fatal ? true : false;\r
+ }\r
+ }\r
+\r
+ public bool IsCloseNotify\r
+ {\r
+ get\r
+ {\r
+ if (this.IsWarning &&\r
+ this.description == AlertDescription.CloseNotify)\r
+ {\r
+ return true;\r
+ }\r
+\r
+ return false;\r
+ }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+ \r
+ public void Update()\r
+ {\r
+ if ( this.description == AlertDescription.CloseNotify )\r
+ {\r
+ this.context.ConnectionEnd = true;\r
+ }\r
+\r
+ if (this.IsFatal)\r
+ {\r
+ this.context.ConnectionEnd = true;\r
+ if (this.context is ServerContext)\r
+ {\r
+ ((ServerContext)this.context).SslStream.Close();\r
+ }\r
+ }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private void fill()\r
+ {\r
+ this.Write((byte)level);\r
+ this.Write((byte)description);\r
+ }\r
+\r
+ private void inferAlertLevel()\r
+ {\r
+ switch (description)\r
+ {\r
+ case AlertDescription.CloseNotify:\r
+ case AlertDescription.NoRenegotiation:\r
+ case AlertDescription.UserCancelled:\r
+ this.level = AlertLevel.Warning;\r
+ break;\r
+\r
+ case AlertDescription.AccessDenied:\r
+ case AlertDescription.BadCertificate:\r
+ case AlertDescription.BadRecordMAC:\r
+ case AlertDescription.CertificateExpired:\r
+ case AlertDescription.CertificateRevoked:\r
+ case AlertDescription.CertificateUnknown:\r
+ case AlertDescription.DecodeError:\r
+ case AlertDescription.DecompressionFailiure:\r
+ case AlertDescription.DecryptError:\r
+ case AlertDescription.DecryptionFailed:\r
+ case AlertDescription.ExportRestriction:\r
+ case AlertDescription.HandshakeFailiure:\r
+ case AlertDescription.IlegalParameter:\r
+ case AlertDescription.InsuficientSecurity:\r
+ case AlertDescription.InternalError:\r
+ case AlertDescription.ProtocolVersion:\r
+ case AlertDescription.RecordOverflow:\r
+ case AlertDescription.UnexpectedMessage:\r
+ case AlertDescription.UnknownCA:\r
+ case AlertDescription.UnsupportedCertificate:\r
+ default:\r
+ this.level = AlertLevel.Fatal;\r
+ break;\r
+ }\r
+ }\r
+ \r
+ #endregion\r
+\r
+ #region Static Methods\r
+\r
+ public static string GetAlertMessage(AlertDescription description)\r
+ {\r
+ #if (DEBUG)\r
+ switch (description)\r
+ {\r
+ case AlertDescription.AccessDenied:\r
+ return "An inappropriate message was received.";\r
+\r
+ case AlertDescription.BadCertificate:\r
+ return "TLSCiphertext decrypted in an invalid way.";\r
+\r
+ case AlertDescription.BadRecordMAC:\r
+ return "Record with an incorrect MAC.";\r
+\r
+ case AlertDescription.CertificateExpired:\r
+ return "Certificate has expired or is not currently valid";\r
+\r
+ case AlertDescription.CertificateRevoked:\r
+ return "Certificate was revoked by its signer.";\r
+ \r
+ case AlertDescription.CertificateUnknown:\r
+ return "Certificate Unknown.";\r
+\r
+ case AlertDescription.CloseNotify:\r
+ return "Connection closed";\r
+\r
+ case AlertDescription.DecodeError:\r
+ return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";\r
+\r
+ case AlertDescription.DecompressionFailiure:\r
+ return "The decompression function received improper input (e.g. data that would expand to excessive length).";\r
+\r
+ case AlertDescription.DecryptError:\r
+ return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";\r
+\r
+ case AlertDescription.DecryptionFailed:\r
+ return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";\r
+\r
+ case AlertDescription.ExportRestriction:\r
+ return "Negotiation not in compliance with export restrictions was detected.";\r
+\r
+ case AlertDescription.HandshakeFailiure:\r
+ return "Unable to negotiate an acceptable set of security parameters given the options available.";\r
+\r
+ case AlertDescription.IlegalParameter:\r
+ return "A field in the handshake was out of range or inconsistent with other fields.";\r
+ \r
+ case AlertDescription.InsuficientSecurity:\r
+ return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";\r
+ \r
+ case AlertDescription.InternalError:\r
+ return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";\r
+\r
+ case AlertDescription.NoRenegotiation:\r
+ return "Invalid renegotiation.";\r
+\r
+ case AlertDescription.ProtocolVersion:\r
+ return "Unsupported protocol version.";\r
+\r
+ case AlertDescription.RecordOverflow:\r
+ return "Invalid length on TLSCiphertext record or TLSCompressed record.";\r
+\r
+ case AlertDescription.UnexpectedMessage:\r
+ return "Invalid message received.";\r
+\r
+ case AlertDescription.UnknownCA:\r
+ return "CA can't be identified as a trusted CA.";\r
+\r
+ case AlertDescription.UnsupportedCertificate:\r
+ return "Certificate was of an unsupported type.";\r
+\r
+ case AlertDescription.UserCancelled:\r
+ return "Handshake cancelled by user.";\r
+\r
+ default:\r
+ return "";\r
+ }\r
+ #else\r
+ return "The authentication or decryption has failed.";\r
+ #endif\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
+2004-03-06 Carlos Guzman Alvarez <carlosga@telefonica.net>
+
+ * Mono.Security.Protocol.Tls/SslServerStream.cs:\r
+\r
+ - Initial implementation of the doHandshake method.
+
+ - Added initial events implementation.\r
+\r
+ * Mono.Security.Protocol.Tls/Ciphersuite.cs:\r
+ * Mono.Security.Protocol.Tls/TlsCiphersuite.cs:\r
+ * Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:\r
+ * Mono.Security.Protocol.Tls/ServerRecordProtocol.cs:\r
+ * Mono.Security.Protocol.Tls/SslClientStream.cs:\r
+ * Mono.Security.Protocol.Tls/TlsServerSettings.cs:\r
+ * Mono.Security.Protocol.Tls/TlsClientSettings.cs:\r
+ * Mono.Security.Protocol.Tls/ClientContext.cs:\r
+\r
+ - Changes for make use of the renamed classes and enums.\r
+\r
+ * Mono.Security.Protocol.Tls/TlsContentType.cs:\r
+\r
+ - Renamed to ContentType.cs ( Enum and file )\r
+ \r
+ * Mono.Security.Protocol.Tls/TlsCiphersuiteCollection.cs:\r
+\r
+ - Renamed to CiphersuiteCollection.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsCiphersuiteFactory.cs:\r
+\r
+ - Renamed to CiphersuiteCollection.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsSslHandshakeHash.cs:\r
+\r
+ - Renamed to SslHandshakeHash.cs ( Class and file )\r
+\r
+ * Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs:\r
+\r
+ - Renamed to SslCipherSuite.cs ( Class and file )\r
+
2004-02-26 Carlos Guzman Alvarez <carlosga@telefonica.net>\r
\r
* Mono.Security.Protocol.Tls/HandshakeState.cs:\r
--- /dev/null
+/* Transport Security Layer (TLS)
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+using System;
+using System.Collections;
+using System.Globalization;
+using System.Security.Cryptography;
+
+namespace Mono.Security.Protocol.Tls
+{
+ internal sealed class CipherSuiteCollection : ArrayList
+ {
+ #region Fields
+
+ private SecurityProtocolType protocol;
+
+ #endregion
+
+ #region Properties
+
+ public CipherSuite this[string name]
+ {
+ get { return (CipherSuite)this[IndexOf(name)]; }
+ set { this[IndexOf(name)] = (CipherSuite)value; }
+ }
+
+ public CipherSuite this[short code]
+ {
+ get { return (CipherSuite)base[IndexOf(code)]; }
+ set { base[IndexOf(code)] = (CipherSuite)value; }
+ }
+
+ public new CipherSuite this[int code]
+ {
+ get { return (CipherSuite)base[code]; }
+ set { base[code] = (CipherSuite)value; }
+ }
+
+ #endregion
+
+ #region Constructors
+
+ public CipherSuiteCollection(SecurityProtocolType protocol) : base()
+ {
+ this.protocol = protocol;
+ }
+
+ #endregion
+
+ #region Methods
+
+ public bool Contains(string name)
+ {
+ return(-1 != IndexOf(name));
+ }
+
+ public int IndexOf(string name)
+ {
+ int index = 0;
+ foreach (CipherSuite suite in this)
+ {
+ if (cultureAwareCompare(suite.Name, name))
+ {
+ return index;
+ }
+ index++;
+ }
+ return -1;
+ }
+
+ public int IndexOf(short code)
+ {
+ int index = 0;
+ foreach (CipherSuite suite in this)
+ {
+ if (suite.Code == code)
+ {
+ return index;
+ }
+ index++;
+ }
+ return -1;
+ }
+
+ public void RemoveAt(string errorMessage)
+ {
+ RemoveAt(IndexOf(errorMessage));
+ }
+
+ public CipherSuite Add(
+ short code, string name, CipherAlgorithmType cipherType,
+ HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType,
+ bool exportable, bool blockMode, byte keyMaterialSize,
+ byte expandedKeyMaterialSize, short effectiveKeyBytes,
+ byte ivSize, byte blockSize)
+ {
+ switch (this.protocol)
+ {
+ case SecurityProtocolType.Default:
+ case SecurityProtocolType.Tls:
+ return this.add(
+ new TlsCipherSuite(
+ code, name, cipherType, hashType, exchangeType, exportable,
+ blockMode, keyMaterialSize, expandedKeyMaterialSize,
+ effectiveKeyBytes, ivSize, blockSize));
+
+ case SecurityProtocolType.Ssl3:
+ return this.add(
+ new SslCipherSuite(
+ code, name, cipherType, hashType, exchangeType, exportable,
+ blockMode, keyMaterialSize, expandedKeyMaterialSize,
+ effectiveKeyBytes, ivSize, blockSize));
+
+ case SecurityProtocolType.Ssl2:
+ default:
+ throw new NotSupportedException("Unsupported security protocol type.");
+ }
+ }
+
+ private TlsCipherSuite add(TlsCipherSuite cipherSuite)
+ {
+ base.Add(cipherSuite);
+
+ return cipherSuite;
+ }
+
+ private SslCipherSuite add(SslCipherSuite cipherSuite)
+ {
+ base.Add(cipherSuite);
+
+ return cipherSuite;
+ }
+
+ private bool cultureAwareCompare(string strA, string strB)
+ {
+ return CultureInfo.CurrentCulture.CompareInfo.Compare(
+ strA,
+ strB,
+ CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth |
+ CompareOptions.IgnoreCase) == 0 ? true : false;
+ }
+
+ #endregion
+ }
+}
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls\r
+{\r
+ internal class CipherSuiteFactory\r
+ {\r
+ public static CipherSuiteCollection GetSupportedCiphers(SecurityProtocolType protocol)\r
+ {\r
+ switch (protocol)\r
+ {\r
+ case SecurityProtocolType.Default:\r
+ case SecurityProtocolType.Tls: \r
+ return CipherSuiteFactory.GetTls1SupportedCiphers();\r
+\r
+ case SecurityProtocolType.Ssl3:\r
+ return CipherSuiteFactory.GetSsl3SupportedCiphers();\r
+\r
+ case SecurityProtocolType.Ssl2:\r
+ default:\r
+ throw new NotSupportedException("Unsupported security protocol type");\r
+ }\r
+ }\r
+\r
+ #region Private Static Methods\r
+\r
+ private static CipherSuiteCollection GetTls1SupportedCiphers()\r
+ {\r
+ CipherSuiteCollection scs = new CipherSuiteCollection(SecurityProtocolType.Tls);\r
+\r
+ // Supported ciphers\r
+ scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16);\r
+ scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16);\r
+ scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);\r
+ scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);\r
+ \r
+ // Default CipherSuite\r
+ // scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);\r
+ \r
+ // RSA Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x01, "TLS_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x02, "TLS_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); \r
+ // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x07, "TLS_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);\r
+\r
+ // Diffie-Hellman Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x0B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0C, "TLS_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0F, "TLS_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x10, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x11, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x12, "TLS_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x13, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x14, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x15, "TLS_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x16, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+\r
+ // Anonymous Diffie-Hellman Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x17, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x18, "TLS_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x19, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x1A, "TLS_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x1B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+\r
+ // AES CipherSuites\r
+ //\r
+ // Ref: RFC3268 - (http://www.ietf.org/rfc/rfc3268.txt)\r
+ \r
+ // scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x30, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x31, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x32, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x33, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x34, "TLS_DH_anon_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);\r
+\r
+ // scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x36, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x37, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x38, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x39, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);\r
+ // scs.Add((0x00 << 0x08) | 0x3A, "TLS_DH_anon_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);\r
+\r
+ return scs;\r
+ }\r
+\r
+ private static CipherSuiteCollection GetSsl3SupportedCiphers()\r
+ {\r
+ CipherSuiteCollection scs = new CipherSuiteCollection(SecurityProtocolType.Ssl3);\r
+\r
+ // Supported ciphers\r
+ scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);\r
+ scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);\r
+ \r
+ // Default CipherSuite\r
+ // scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);\r
+ \r
+ // RSA Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x01, "SSL_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x02, "SSL_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, true, ExchangeAlgorithmType.None, false, 0, 0, 0, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); \r
+ // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x07, "SSL_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyEx, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);\r
+ \r
+ // Diffie-Hellman Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x0B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0C, "SSL_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x0F, "SSL_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x10, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x11, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x12, "SSL_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x13, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x14, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x15, "SSL_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x16, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+\r
+ // Anonymous Diffie-Hellman Cipher Suites\r
+ // scs.Add((0x00 << 0x08) | 0x17, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x18, "SSL_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);\r
+ // scs.Add((0x00 << 0x08) | 0x19, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x1A, "SSL_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);\r
+ // scs.Add((0x00 << 0x08) | 0x1B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);\r
+\r
+ return scs;\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}
\ No newline at end of file
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+\r
+namespace Mono.Security.Protocol.Tls\r
+{\r
+ [Serializable]\r
+ internal enum ContentType : byte\r
+ {\r
+ ChangeCipherSpec = 20,\r
+ Alert = 21,\r
+ Handshake = 22,\r
+ ApplicationData = 23,\r
+ }\r
+}\r
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.IO;\r
+using System.Text;\r
+using System.Security.Cryptography;\r
+using System.Security.Cryptography.X509Certificates;\r
+\r
+using Mono.Security;\r
+using Mono.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls\r
+{\r
+ internal class SslCipherSuite : CipherSuite\r
+ {\r
+ #region Fields\r
+\r
+ private byte[] pad1;\r
+ private byte[] pad2;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+ \r
+ public SslCipherSuite(\r
+ short code, string name, CipherAlgorithmType cipherAlgorithmType, \r
+ HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,\r
+ bool exportable, bool blockMode, byte keyMaterialSize, \r
+ byte expandedKeyMaterialSize, short effectiveKeyBytes, \r
+ byte ivSize, byte blockSize) :\r
+ base(code, name, cipherAlgorithmType, hashAlgorithmType, \r
+ exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, \r
+ expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)\r
+\r
+ {\r
+ int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40;\r
+\r
+ // Fill pad arrays\r
+ this.pad1 = new byte[padLength];\r
+ this.pad2 = new byte[padLength];\r
+\r
+ /* Pad the key for inner and outer digest */\r
+ for (int i = 0; i < padLength; ++i) \r
+ {\r
+ pad1[i] = 0x36;\r
+ pad2[i] = 0x5C;\r
+ }\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region MAC Generation Methods\r
+\r
+ public override byte[] ComputeServerRecordMAC(ContentType contentType, byte[] fragment)\r
+ {\r
+ HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);\r
+ TlsStream block = new TlsStream();\r
+\r
+ block.Write(this.Context.ServerWriteMAC);\r
+ block.Write(this.pad1);\r
+ block.Write(this.Context.ReadSequenceNumber);\r
+ block.Write((byte)contentType);\r
+ block.Write((short)fragment.Length);\r
+ block.Write(fragment);\r
+ \r
+ hash.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ byte[] blockHash = hash.Hash;\r
+\r
+ block.Reset();\r
+\r
+ block.Write(this.Context.ServerWriteMAC);\r
+ block.Write(this.pad2);\r
+ block.Write(blockHash);\r
+\r
+ hash.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ block.Reset();\r
+\r
+ return hash.Hash;\r
+ }\r
+\r
+ public override byte[] ComputeClientRecordMAC(ContentType contentType, byte[] fragment)\r
+ {\r
+ HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);\r
+ TlsStream block = new TlsStream();\r
+\r
+ block.Write(this.Context.ClientWriteMAC);\r
+ block.Write(this.pad1);\r
+ block.Write(this.Context.WriteSequenceNumber);\r
+ block.Write((byte)contentType);\r
+ block.Write((short)fragment.Length);\r
+ block.Write(fragment);\r
+ \r
+ hash.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ byte[] blockHash = hash.Hash;\r
+\r
+ block.Reset();\r
+\r
+ block.Write(this.Context.ClientWriteMAC);\r
+ block.Write(this.pad2);\r
+ block.Write(blockHash);\r
+\r
+ hash.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ block.Reset();\r
+\r
+ return hash.Hash;\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Key Generation Methods\r
+\r
+ public override void ComputeMasterSecret(byte[] preMasterSecret)\r
+ {\r
+ TlsStream masterSecret = new TlsStream();\r
+\r
+ masterSecret.Write(this.prf(preMasterSecret, "A", this.Context.RandomCS));\r
+ masterSecret.Write(this.prf(preMasterSecret, "BB", this.Context.RandomCS));\r
+ masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));\r
+\r
+ this.Context.MasterSecret = masterSecret.ToArray();\r
+ }\r
+\r
+ public override void ComputeKeys()\r
+ {\r
+ // Compute KeyBlock\r
+ TlsStream tmp = new TlsStream();\r
+ \r
+ char labelChar = 'A';\r
+ int count = 1;\r
+ while (tmp.Length < this.KeyBlockSize)\r
+ {\r
+ string label = String.Empty;\r
+\r
+ for (int i = 0; i < count; i++)\r
+ {\r
+ label += labelChar.ToString();\r
+ }\r
+ \r
+ byte[] block = this.prf(this.Context.MasterSecret, label.ToString(), this.Context.RandomSC);\r
+\r
+ int size = (tmp.Length + block.Length) > this.KeyBlockSize ? (this.KeyBlockSize - (int)tmp.Length) : block.Length;\r
+ \r
+ tmp.Write(block, 0, size);\r
+\r
+ labelChar++;\r
+ count++;\r
+ }\r
+ \r
+ // Create keyblock\r
+ TlsStream keyBlock = new TlsStream(tmp.ToArray());\r
+\r
+ this.Context.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);\r
+ this.Context.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);\r
+ this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);\r
+ this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);\r
+\r
+ if (!this.IsExportable)\r
+ {\r
+ if (this.IvSize != 0)\r
+ {\r
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);\r
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);\r
+ }\r
+ else\r
+ {\r
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;\r
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ HashAlgorithm md5 = MD5.Create();\r
+\r
+ // Generate final write keys\r
+ byte[] finalClientWriteKey = new byte[md5.HashSize];\r
+ md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, finalClientWriteKey, 0);\r
+ finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);\r
+\r
+ byte[] finalServerWriteKey = new byte[md5.HashSize];\r
+ md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, finalServerWriteKey, 0);\r
+ finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);\r
+ \r
+ this.Context.ClientWriteKey = finalClientWriteKey;\r
+ this.Context.ServerWriteKey = finalServerWriteKey;\r
+\r
+ // Generate IV keys\r
+ this.Context.ClientWriteIV = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);\r
+ this.Context.ServerWriteIV = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);\r
+ }\r
+\r
+ // Clear no more needed data\r
+ keyBlock.Reset();\r
+ tmp.Reset();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private byte[] prf(byte[] secret, string label, byte[] random)\r
+ {\r
+ HashAlgorithm md5 = MD5.Create();\r
+ HashAlgorithm sha = SHA1.Create();\r
+\r
+ // Compute SHA hash\r
+ TlsStream block = new TlsStream();\r
+ block.Write(Encoding.ASCII.GetBytes(label));\r
+ block.Write(secret);\r
+ block.Write(random);\r
+ \r
+ byte[] shaHash = sha.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ block.Reset();\r
+\r
+ // Compute MD5 hash\r
+ block.Write(secret);\r
+ block.Write(shaHash);\r
+\r
+ byte[] result = md5.ComputeHash(block.ToArray(), 0, (int)block.Length);\r
+\r
+ // Free resources\r
+ block.Reset();\r
+\r
+ return result;\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}
\ No newline at end of file
--- /dev/null
+/* Transport Security Layer (TLS)\r
+ * Copyright (c) 2003-2004 Carlos Guzman Alvarez\r
+ * \r
+ * Permission is hereby granted, free of charge, to any person \r
+ * obtaining a copy of this software and associated documentation \r
+ * files (the "Software"), to deal in the Software without restriction, \r
+ * including without limitation the rights to use, copy, modify, merge, \r
+ * publish, distribute, sublicense, and/or sell copies of the Software, \r
+ * and to permit persons to whom the Software is furnished to do so, \r
+ * subject to the following conditions:\r
+ * \r
+ * The above copyright notice and this permission notice shall be included \r
+ * in all copies or substantial portions of the Software.\r
+ * \r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
+ * DEALINGS IN THE SOFTWARE.\r
+ */\r
+\r
+using System;\r
+using System.Security.Cryptography;\r
+\r
+namespace Mono.Security.Protocol.Tls\r
+{\r
+ internal class SslHandshakeHash : System.Security.Cryptography.HashAlgorithm\r
+ {\r
+ #region Fields\r
+\r
+ private HashAlgorithm md5;\r
+ private HashAlgorithm sha;\r
+ private bool hashing;\r
+ private byte[] secret;\r
+ private byte[] innerPadMD5;\r
+ private byte[] outerPadMD5;\r
+ private byte[] innerPadSHA;\r
+ private byte[] outerPadSHA;\r
+\r
+ #endregion\r
+\r
+ #region Constructors\r
+\r
+ public SslHandshakeHash(byte[] secret)\r
+ {\r
+ // Create md5 and sha1 hashes\r
+ this.md5 = HashAlgorithm.Create("MD5");\r
+ this.sha = HashAlgorithm.Create("SHA1");\r
+ \r
+ // Set HashSizeValue\r
+ this.HashSizeValue = md5.HashSize + sha.HashSize;\r
+\r
+ // Update secret\r
+ this.secret = secret;\r
+\r
+ this.Initialize();\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Methods\r
+\r
+ public override void Initialize()\r
+ {\r
+ md5.Initialize();\r
+ sha.Initialize();\r
+ initializePad();\r
+ hashing = false;\r
+ }\r
+\r
+ protected override byte[] HashFinal()\r
+ {\r
+ if (!hashing)\r
+ {\r
+ hashing = true;\r
+ }\r
+\r
+ // Finalize the md5 hash\r
+ md5.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);\r
+ md5.TransformFinalBlock(this.innerPadMD5, 0, this.innerPadMD5.Length);\r
+\r
+ byte[] firstResultMD5 = md5.Hash;\r
+\r
+ md5.Initialize();\r
+ md5.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);\r
+ md5.TransformBlock(this.outerPadMD5, 0, this.outerPadMD5.Length, this.outerPadMD5, 0);\r
+ md5.TransformFinalBlock(firstResultMD5, 0, firstResultMD5.Length);\r
+ \r
+ // Finalize the sha1 hash\r
+ sha.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);\r
+ sha.TransformFinalBlock(this.innerPadSHA, 0, this.innerPadSHA.Length);\r
+\r
+ byte[] firstResultSHA = sha.Hash;\r
+ \r
+ sha.Initialize();\r
+ sha.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);\r
+ sha.TransformBlock(this.outerPadSHA, 0, this.outerPadSHA.Length, this.outerPadSHA, 0);\r
+ sha.TransformFinalBlock(firstResultSHA, 0, firstResultSHA.Length);\r
+\r
+ this.Initialize();\r
+\r
+ byte[] result = new byte[36];\r
+\r
+ System.Array.Copy(md5.Hash, 0, result, 0, 16);\r
+ System.Array.Copy(sha.Hash, 0, result, 16, 20);\r
+\r
+ return result;\r
+ }\r
+\r
+ protected override void HashCore(\r
+ byte[] array,\r
+ int ibStart,\r
+ int cbSize)\r
+ {\r
+ if (!hashing)\r
+ {\r
+ hashing = true;\r
+ }\r
+ md5.TransformBlock(array, ibStart, cbSize, array, ibStart);\r
+ sha.TransformBlock(array, ibStart, cbSize, array, ibStart);\r
+ }\r
+\r
+ #endregion\r
+\r
+ #region Private Methods\r
+\r
+ private void initializePad()\r
+ {\r
+ // Fill md5 arrays\r
+ this.innerPadMD5 = new byte[48];\r
+ this.outerPadMD5 = new byte[48];\r
+\r
+ /* Pad the key for inner and outer digest */\r
+ for (int i = 0; i < 48; ++i) \r
+ {\r
+ this.innerPadMD5[i] = 0x36;\r
+ this.outerPadMD5[i] = 0x5C;\r
+ }\r
+\r
+ // Fill sha arrays\r
+ this.innerPadSHA = new byte[40];\r
+ this.outerPadSHA = new byte[40];\r
+\r
+ /* Pad the key for inner and outer digest */\r
+ for (int i = 0; i < 40; ++i) \r
+ {\r
+ this.innerPadSHA[i] = 0x36;\r
+ this.outerPadSHA[i] = 0x5C;\r
+ }\r
+ }\r
+\r
+ #endregion\r
+ }\r
+}\r
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Collections;
-using System.Globalization;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls
-{
- internal sealed class TlsCipherSuiteCollection : ArrayList
- {
- #region Fields
-
- private SecurityProtocolType protocol;
-
- #endregion
-
- #region Properties
-
- public CipherSuite this[string name]
- {
- get { return (CipherSuite)this[IndexOf(name)]; }
- set { this[IndexOf(name)] = (CipherSuite)value; }
- }
-
- public CipherSuite this[short code]
- {
- get { return (CipherSuite)base[IndexOf(code)]; }
- set { base[IndexOf(code)] = (CipherSuite)value; }
- }
-
- public new CipherSuite this[int code]
- {
- get { return (CipherSuite)base[code]; }
- set { base[code] = (CipherSuite)value; }
- }
-
- #endregion
-
- #region Constructors
-
- public TlsCipherSuiteCollection(SecurityProtocolType protocol) : base()
- {
- this.protocol = protocol;
- }
-
- #endregion
-
- #region Methods
-
- public bool Contains(string name)
- {
- return(-1 != IndexOf(name));
- }
-
- public int IndexOf(string name)
- {
- int index = 0;
- foreach (CipherSuite suite in this)
- {
- if (cultureAwareCompare(suite.Name, name))
- {
- return index;
- }
- index++;
- }
- return -1;
- }
-
- public int IndexOf(short code)
- {
- int index = 0;
- foreach (CipherSuite suite in this)
- {
- if (suite.Code == code)
- {
- return index;
- }
- index++;
- }
- return -1;
- }
-
- public void RemoveAt(string errorMessage)
- {
- RemoveAt(IndexOf(errorMessage));
- }
-
- public CipherSuite Add(
- short code, string name, CipherAlgorithmType cipherType,
- HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType,
- bool exportable, bool blockMode, byte keyMaterialSize,
- byte expandedKeyMaterialSize, short effectiveKeyBytes,
- byte ivSize, byte blockSize)
- {
- switch (this.protocol)
- {
- case SecurityProtocolType.Default:
- case SecurityProtocolType.Tls:
- return this.add(
- new TlsCipherSuite(
- code, name, cipherType, hashType, exchangeType, exportable,
- blockMode, keyMaterialSize, expandedKeyMaterialSize,
- effectiveKeyBytes, ivSize, blockSize));
-
- case SecurityProtocolType.Ssl3:
- return this.add(
- new TlsSslCipherSuite(
- code, name, cipherType, hashType, exchangeType, exportable,
- blockMode, keyMaterialSize, expandedKeyMaterialSize,
- effectiveKeyBytes, ivSize, blockSize));
-
- case SecurityProtocolType.Ssl2:
- default:
- throw new NotSupportedException("Unsupported security protocol type.");
- }
- }
-
- private TlsCipherSuite add(TlsCipherSuite cipherSuite)
- {
- base.Add(cipherSuite);
-
- return cipherSuite;
- }
-
- private TlsSslCipherSuite add(TlsSslCipherSuite cipherSuite)
- {
- base.Add(cipherSuite);
-
- return cipherSuite;
- }
-
- private bool cultureAwareCompare(string strA, string strB)
- {
- try
- {
- return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false;
- }
- catch (NotSupportedException)
- {
- return strA.ToUpper() == strB.ToUpper() ? true : false;
- }
- }
-
- #endregion
- }
-}
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls
-{
- internal class TlsCipherSuiteFactory
- {
- public static TlsCipherSuiteCollection GetSupportedCiphers(SecurityProtocolType protocol)
- {
- switch (protocol)
- {
- case SecurityProtocolType.Default:
- case SecurityProtocolType.Tls:
- return TlsCipherSuiteFactory.GetTls1SupportedCiphers();
-
- case SecurityProtocolType.Ssl3:
- return TlsCipherSuiteFactory.GetSsl3SupportedCiphers();
-
- case SecurityProtocolType.Ssl2:
- default:
- throw new NotSupportedException("Unsupported security protocol type");
- }
- }
-
- #region Private Static Methods
-
- private static TlsCipherSuiteCollection GetTls1SupportedCiphers()
- {
- TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(SecurityProtocolType.Tls);
-
- // Supported ciphers
- scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16);
- scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16);
- scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
- scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
-
- // Default CipherSuite
- // scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
-
- // RSA Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x01, "TLS_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x02, "TLS_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x07, "TLS_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
-
- // Diffie-Hellman Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x0B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0C, "TLS_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0F, "TLS_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x10, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x11, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x12, "TLS_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x13, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x14, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x15, "TLS_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x16, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
-
- // Anonymous Diffie-Hellman Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x17, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x18, "TLS_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x19, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x1A, "TLS_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x1B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
-
- // AES CipherSuites
- //
- // Ref: RFC3268 - (http://www.ietf.org/rfc/rfc3268.txt)
-
- // scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x30, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x31, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x32, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x33, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x34, "TLS_DH_anon_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
-
- // scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x36, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x37, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x38, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x39, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
- // scs.Add((0x00 << 0x08) | 0x3A, "TLS_DH_anon_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
-
- return scs;
- }
-
- private static TlsCipherSuiteCollection GetSsl3SupportedCiphers()
- {
- TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(SecurityProtocolType.Ssl3);
-
- // Supported ciphers
- scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
- scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
-
- // Default CipherSuite
- // scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
-
- // RSA Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x01, "SSL_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x02, "SSL_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, true, ExchangeAlgorithmType.None, false, 0, 0, 0, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x07, "SSL_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyEx, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
-
- // Diffie-Hellman Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x0B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0C, "SSL_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x0F, "SSL_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x10, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x11, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x12, "SSL_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x13, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x14, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x15, "SSL_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x16, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
-
- // Anonymous Diffie-Hellman Cipher Suites
- // scs.Add((0x00 << 0x08) | 0x17, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x18, "SSL_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);
- // scs.Add((0x00 << 0x08) | 0x19, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x1A, "SSL_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
- // scs.Add((0x00 << 0x08) | 0x1B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
-
- return scs;
- }
-
- #endregion
- }
-}
\ No newline at end of file
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-
-namespace Mono.Security.Protocol.Tls
-{
- internal enum TlsContentType : byte
- {
- ChangeCipherSpec = 20,
- Alert = 21,
- Handshake = 22,
- ApplicationData = 23,
- }
-}
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.IO;
-using System.Text;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-
-using Mono.Security;
-using Mono.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls
-{
- internal class TlsSslCipherSuite : CipherSuite
- {
- #region Fields
-
- private byte[] pad1;
- private byte[] pad2;
-
- #endregion
-
- #region Constructors
-
- public TlsSslCipherSuite(
- short code, string name, CipherAlgorithmType cipherAlgorithmType,
- HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType,
- bool exportable, bool blockMode, byte keyMaterialSize,
- byte expandedKeyMaterialSize, short effectiveKeyBytes,
- byte ivSize, byte blockSize) :
- base(code, name, cipherAlgorithmType, hashAlgorithmType,
- exchangeAlgorithmType, exportable, blockMode, keyMaterialSize,
- expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)
-
- {
- int padLength = (hashAlgorithmType == HashAlgorithmType.Md5) ? 48 : 40;
-
- // Fill pad arrays
- this.pad1 = new byte[padLength];
- this.pad2 = new byte[padLength];
-
- /* Pad the key for inner and outer digest */
- for (int i = 0; i < padLength; ++i)
- {
- pad1[i] = 0x36;
- pad2[i] = 0x5C;
- }
- }
-
- #endregion
-
- #region MAC Generation Methods
-
- public override byte[] ComputeServerRecordMAC(TlsContentType contentType, byte[] fragment)
- {
- HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);
- TlsStream block = new TlsStream();
-
- block.Write(this.Context.ServerWriteMAC);
- block.Write(this.pad1);
- block.Write(this.Context.ReadSequenceNumber);
- block.Write((byte)contentType);
- block.Write((short)fragment.Length);
- block.Write(fragment);
-
- hash.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- byte[] blockHash = hash.Hash;
-
- block.Reset();
-
- block.Write(this.Context.ServerWriteMAC);
- block.Write(this.pad2);
- block.Write(blockHash);
-
- hash.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- block.Reset();
-
- return hash.Hash;
- }
-
- public override byte[] ComputeClientRecordMAC(TlsContentType contentType, byte[] fragment)
- {
- HashAlgorithm hash = HashAlgorithm.Create(this.HashAlgorithmName);
- TlsStream block = new TlsStream();
-
- block.Write(this.Context.ClientWriteMAC);
- block.Write(this.pad1);
- block.Write(this.Context.WriteSequenceNumber);
- block.Write((byte)contentType);
- block.Write((short)fragment.Length);
- block.Write(fragment);
-
- hash.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- byte[] blockHash = hash.Hash;
-
- block.Reset();
-
- block.Write(this.Context.ClientWriteMAC);
- block.Write(this.pad2);
- block.Write(blockHash);
-
- hash.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- block.Reset();
-
- return hash.Hash;
- }
-
- #endregion
-
- #region Key Generation Methods
-
- public override void ComputeMasterSecret(byte[] preMasterSecret)
- {
- TlsStream masterSecret = new TlsStream();
-
- masterSecret.Write(this.prf(preMasterSecret, "A", this.Context.RandomCS));
- masterSecret.Write(this.prf(preMasterSecret, "BB", this.Context.RandomCS));
- masterSecret.Write(this.prf(preMasterSecret, "CCC", this.Context.RandomCS));
-
- this.Context.MasterSecret = masterSecret.ToArray();
- }
-
- public override void ComputeKeys()
- {
- // Compute KeyBlock
- TlsStream tmp = new TlsStream();
-
- char labelChar = 'A';
- int count = 1;
- while (tmp.Length < this.KeyBlockSize)
- {
- string label = String.Empty;
-
- for (int i = 0; i < count; i++)
- {
- label += labelChar.ToString();
- }
-
- byte[] block = this.prf(this.Context.MasterSecret, label.ToString(), this.Context.RandomSC);
-
- int size = (tmp.Length + block.Length) > this.KeyBlockSize ? (this.KeyBlockSize - (int)tmp.Length) : block.Length;
-
- tmp.Write(block, 0, size);
-
- labelChar++;
- count++;
- }
-
- // Create keyblock
- TlsStream keyBlock = new TlsStream(tmp.ToArray());
-
- this.Context.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize);
- this.Context.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize);
- this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
- this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
-
- if (!this.IsExportable)
- {
- if (this.IvSize != 0)
- {
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
- }
- else
- {
- HashAlgorithm md5 = MD5.Create();
-
- // Generate final write keys
- byte[] finalClientWriteKey = new byte[md5.HashSize];
- md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, finalClientWriteKey, 0);
- finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
-
- byte[] finalServerWriteKey = new byte[md5.HashSize];
- md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, finalServerWriteKey, 0);
- finalClientWriteKey = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
-
- this.Context.ClientWriteKey = finalClientWriteKey;
- this.Context.ServerWriteKey = finalServerWriteKey;
-
- // Generate IV keys
- this.Context.ClientWriteIV = md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
- this.Context.ServerWriteIV = md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
- }
-
- // Clear no more needed data
- keyBlock.Reset();
- tmp.Reset();
- }
-
- #endregion
-
- #region Private Methods
-
- private byte[] prf(byte[] secret, string label, byte[] random)
- {
- HashAlgorithm md5 = MD5.Create();
- HashAlgorithm sha = SHA1.Create();
-
- // Compute SHA hash
- TlsStream block = new TlsStream();
- block.Write(Encoding.ASCII.GetBytes(label));
- block.Write(secret);
- block.Write(random);
-
- byte[] shaHash = sha.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- block.Reset();
-
- // Compute MD5 hash
- block.Write(secret);
- block.Write(shaHash);
-
- byte[] result = md5.ComputeHash(block.ToArray(), 0, (int)block.Length);
-
- // Free resources
- block.Reset();
-
- return result;
- }
-
- #endregion
- }
-}
\ No newline at end of file
+++ /dev/null
-/* Transport Security Layer (TLS)
- * Copyright (c) 2003-2004 Carlos Guzman Alvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-using System;
-using System.Security.Cryptography;
-
-namespace Mono.Security.Protocol.Tls
-{
- internal class TlsSslHandshakeHash : System.Security.Cryptography.HashAlgorithm
- {
- #region Fields
-
- private HashAlgorithm md5;
- private HashAlgorithm sha;
- private bool hashing;
- private byte[] secret;
- private byte[] innerPadMD5;
- private byte[] outerPadMD5;
- private byte[] innerPadSHA;
- private byte[] outerPadSHA;
-
- #endregion
-
- #region Constructors
-
- public TlsSslHandshakeHash(byte[] secret)
- {
- // Create md5 and sha1 hashes
- this.md5 = HashAlgorithm.Create("MD5");
- this.sha = HashAlgorithm.Create("SHA1");
-
- // Set HashSizeValue
- this.HashSizeValue = md5.HashSize + sha.HashSize;
-
- // Update secret
- this.secret = secret;
-
- this.Initialize();
- }
-
- #endregion
-
- #region Methods
-
- public override void Initialize()
- {
- md5.Initialize();
- sha.Initialize();
- initializePad();
- hashing = false;
- }
-
- protected override byte[] HashFinal()
- {
- if (!hashing)
- {
- hashing = true;
- }
-
- // Finalize the md5 hash
- md5.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);
- md5.TransformFinalBlock(this.innerPadMD5, 0, this.innerPadMD5.Length);
-
- byte[] firstResultMD5 = md5.Hash;
-
- md5.Initialize();
- md5.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);
- md5.TransformBlock(this.outerPadMD5, 0, this.outerPadMD5.Length, this.outerPadMD5, 0);
- md5.TransformFinalBlock(firstResultMD5, 0, firstResultMD5.Length);
-
- // Finalize the sha1 hash
- sha.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);
- sha.TransformFinalBlock(this.innerPadSHA, 0, this.innerPadSHA.Length);
-
- byte[] firstResultSHA = sha.Hash;
-
- sha.Initialize();
- sha.TransformBlock(this.secret, 0, this.secret.Length, this.secret, 0);
- sha.TransformBlock(this.outerPadSHA, 0, this.outerPadSHA.Length, this.outerPadSHA, 0);
- sha.TransformFinalBlock(firstResultSHA, 0, firstResultSHA.Length);
-
- this.Initialize();
-
- byte[] result = new byte[36];
-
- System.Array.Copy(md5.Hash, 0, result, 0, 16);
- System.Array.Copy(sha.Hash, 0, result, 16, 20);
-
- return result;
- }
-
- protected override void HashCore(
- byte[] array,
- int ibStart,
- int cbSize)
- {
- if (!hashing)
- {
- hashing = true;
- }
- md5.TransformBlock(array, ibStart, cbSize, array, ibStart);
- sha.TransformBlock(array, ibStart, cbSize, array, ibStart);
- }
-
- #endregion
-
- #region Private Methods
-
- private void initializePad()
- {
- // Fill md5 arrays
- this.innerPadMD5 = new byte[48];
- this.outerPadMD5 = new byte[48];
-
- /* Pad the key for inner and outer digest */
- for (int i = 0; i < 48; ++i)
- {
- this.innerPadMD5[i] = 0x36;
- this.outerPadMD5[i] = 0x5C;
- }
-
- // Fill sha arrays
- this.innerPadSHA = new byte[40];
- this.outerPadSHA = new byte[40];
-
- /* Pad the key for inner and outer digest */
- for (int i = 0; i < 40; ++i)
- {
- this.innerPadSHA[i] = 0x36;
- this.outerPadSHA[i] = 0x5C;
- }
- }
-
- #endregion
- }
-}
projects / mono.git / commitdiff