2004-02-17 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+ * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs:
+
+ - Raise the Client Certificate event.
+
+ * Mono.Security.Protocol.Tls/CipherSuite.cs:
+ * Mono.Security.Protocol.Tls/SslClientStream.cs:
+ * Mono.Security.Protocol.Tls/SecurityProtocolType.cs:
+ * Mono.Security.Protocol.Tls/TlsCipherSuite.cs:
+ * Mono.Security.Protocol.Tls/TlsCipherSuiteCollection.cs:
+ * Mono.Security.Protocol.Tls/TlsCipherSuiteFactory.cs:
+ * Mono.Security.Protocol.Tls/TlsContext.cs:
+ * Mono.Security.Protocol.Tls.Handshake/TlsHandshakeMessage.cs:
+ * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs:
+
+ - Change the SecurityProtocolType enum to mtch .NET 1.2 documentation definition.
+
+ * Mono.Security.Protocol.Tls/SslClientStream.cs:
+
+ - Impement SelectedClientCertificate and ServerCertificate properties.
+
* Mono.Security.Protocol.Tls/SslClientStream.cs:
- Added changes for bring async methods to work ( Thanks to Sebastien Pouliot )
protected override void ProcessAsTls1()
{
+#warning "Client certificate selection is unfinished"
+
if (this.Context.ClientSettings.Certificates == null ||
this.Context.ClientSettings.Certificates.Count == 0)
{
// Select a valid certificate
X509Certificate clientCert = this.Context.ClientSettings.Certificates[0];
- /*
clientCert = this.Context.SslStream.RaiseClientCertificateSelection(
- this.Context.ClientSettings.Certificates,
- this.Context.ServerSettings.Certificates[0],
- this.Context.ClientSettings.TargetHost,
- null);
- */
-
+ this.Context.ClientSettings.Certificates,
+ new X509Certificate(this.Context.ServerSettings.Certificates[0].RawData),
+ this.Context.ClientSettings.TargetHost,
+ null);
+
+ if (clientCert == null)
+ {
+ throw this.Context.CreateException("Client certificate requested by the server and no client certificate specified.");
+ }
+
+ // Update the selected client certificate
this.Context.ClientSettings.ClientCertificate = clientCert;
// Write client certificates information to a stream
protected override void ProcessAsTls1()
{
// Client Version
- this.Write((short)this.Context.Protocol);
+ this.Write(this.Context.Protocol);
// Random bytes - Unix time + Radom bytes [28]
TlsStream clientRandom = new TlsStream();
private void process()
{
- switch (this.Context.Protocol)
+ switch (this.Context.SecurityProtocol)
{
+ case SecurityProtocolType.Tls:
+ case SecurityProtocolType.Default:
+ this.ProcessAsTls1();
+ break;
+
case SecurityProtocolType.Ssl3:
this.ProcessAsSsl3();
break;
- case SecurityProtocolType.Tls:
- this.ProcessAsTls1();
- break;
+ case SecurityProtocolType.Ssl2:
+ default:
+ throw new NotSupportedException("Unsupported security protocol type");
}
}
TlsStream stream = new TlsStream();
// Write protocol version
- stream.Write((short)this.Context.Protocol);
+ stream.Write(this.Context.Protocol);
// Generate random bytes
stream.Write(this.context.GetSecureRandomBytes(46));
namespace Mono.Security.Protocol.Tls
{
- public enum SecurityProtocolType : short
+ [Flags]
+ public enum SecurityProtocolType
{
- Default = (0x03 << 8) | 0x01,
- Ssl3 = (0x03 << 8) | 0x00,
- Tls = (0x03 << 8) | 0x01
+ Default = -1073741824,
+ Ssl2 = 12,
+ Ssl3 = 48,
+ Tls = 192
}
}
\ No newline at end of file
public SecurityProtocolType SecurityProtocol
{
- get { return this.context.Protocol; }
+ get { return this.context.SecurityProtocol; }
}
public X509Certificate SelectedClientCertificate
{
- get { throw new NotImplementedException(); }
+ get { return this.context.ClientSettings.ClientCertificate; }
}
public X509Certificate ServerCertificate
{
- get { throw new NotImplementedException(); }
+ get
+ {
+ if (!this.context.HandshakeFinished)
+ {
+ if (this.context.ServerSettings.Certificates != null &&
+ this.context.ServerSettings.Certificates.Count > 0)
+ {
+ return new X509Certificate(this.context.ServerSettings.Certificates[0].RawData);
+ }
+ }
+
+ return null;
+ }
}
#endregion
return null;
}
- TlsContentType contentType = (TlsContentType)type;
- SecurityProtocolType protocol = (SecurityProtocolType)this.ReadShort();
- short length = this.ReadShort();
+ TlsContentType contentType = (TlsContentType)type;
+ short protocol = this.ReadShort();
+ short length = this.ReadShort();
// Read Record data
int received = 0;
{
message = this.decryptRecordFragment(
contentType,
- protocol,
message.ToArray());
}
}
// Write tls message
record.Write((byte)contentType);
- record.Write((short)this.context.Protocol);
+ record.Write(this.context.Protocol);
record.Write((short)fragment.Length);
record.Write(fragment);
}
private TlsStream decryptRecordFragment(
- TlsContentType contentType,
- SecurityProtocolType protocol,
- byte[] fragment)
+ TlsContentType contentType,
+ byte[] fragment)
{
byte[] dcrFragment = null;
byte[] dcrMAC = null;
private void doHandshake()
{
// Obtain supported cipher suite collection
- this.context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.Protocol);
+ this.context.SupportedCiphers = TlsCipherSuiteFactory.GetSupportedCiphers(context.SecurityProtocol);
// Send client hello
this.sendRecord(TlsHandshakeType.ClientHello);
data.Write(this.Context.ReadSequenceNumber);
data.Write((byte)contentType);
- data.Write((short)this.Context.Protocol);
+ data.Write(this.Context.Protocol);
data.Write((short)fragment.Length);
data.Write(fragment);
data.Write(this.Context.WriteSequenceNumber);
data.Write((byte)contentType);
- data.Write((short)this.Context.Protocol);
+ data.Write(this.Context.Protocol);
data.Write((short)fragment.Length);
data.Write(fragment);
{
switch (this.protocol)
{
- case SecurityProtocolType.Ssl3:
+ case SecurityProtocolType.Default:
+ case SecurityProtocolType.Tls:
return this.add(
- new TlsSslCipherSuite(
+ new TlsCipherSuite(
code, name, cipherType, hashType, exchangeType, exportable,
blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize));
- case SecurityProtocolType.Tls:
+ case SecurityProtocolType.Ssl3:
return this.add(
- new TlsCipherSuite(
+ new TlsSslCipherSuite(
code, name, cipherType, hashType, exchangeType, exportable,
blockMode, keyMaterialSize, expandedKeyMaterialSize,
effectiveKeyBytes, ivSize, blockSize));
+ case SecurityProtocolType.Ssl2:
default:
- throw new NotSupportedException();
+ throw new NotSupportedException("Unsupported security protocol type.");
}
}
{
switch (protocol)
{
+ case SecurityProtocolType.Default:
+ case SecurityProtocolType.Tls:
+ return TlsCipherSuiteFactory.GetTls1SupportedCiphers();
+
case SecurityProtocolType.Ssl3:
return TlsCipherSuiteFactory.GetSsl3SupportedCiphers();
- case SecurityProtocolType.Tls:
- return TlsCipherSuiteFactory.GetTls1SupportedCiphers();
-
+ case SecurityProtocolType.Ssl2:
default:
- throw new NotSupportedException();
+ throw new NotSupportedException("Unsupported security protocol type");
}
}
#endregion
}
-}
+}
\ No newline at end of file
private SslClientStream sslStream;
// Protocol version
- private SecurityProtocolType protocol;
+ private SecurityProtocolType securityProtocol;
// Sesison ID
private byte[] sessionId;
#endregion
- #region INTERNAL_CONSTANTS
+ #region Internal Constants
- internal const short MAX_FRAGMENT_SIZE = 16384; // 2^14
+ internal const short MAX_FRAGMENT_SIZE = 16384; // 2^14
+ internal const short TLS1_PROTOCOL_CODE = (0x03 << 8) | 0x01;
+ internal const short SSL3_PROTOCOL_CODE = (0x03 << 8) | 0x00;
#endregion
get { return sslStream; }
}
- public SecurityProtocolType Protocol
+ public SecurityProtocolType SecurityProtocol
{
- get { return this.protocol; }
- set { this.protocol = value; }
+ get { return this.securityProtocol; }
+ set { this.securityProtocol = value; }
+ }
+
+ public short Protocol
+ {
+ get
+ {
+ switch (this.securityProtocol)
+ {
+ case SecurityProtocolType.Tls:
+ case SecurityProtocolType.Default:
+ return TLS1_PROTOCOL_CODE;
+
+ case SecurityProtocolType.Ssl3:
+ return SSL3_PROTOCOL_CODE;
+
+ case SecurityProtocolType.Ssl2:
+ default:
+ throw new NotSupportedException("Unsupported security protocol type");
+ }
+ }
}
public byte[] SessionId
#region Constructors
public TlsContext(
- SslClientStream sslStream,
- SecurityProtocolType securityProtocolType,
- string targetHost,
- X509CertificateCollection clientCertificates)
+ SslClientStream sslStream,
+ SecurityProtocolType securityProtocolType,
+ string targetHost,
+ X509CertificateCollection clientCertificates)
{
this.sslStream = sslStream;
- this.protocol = securityProtocolType;
+ this.securityProtocol = securityProtocolType;
this.compressionMethod = SecurityCompressionType.None;
this.serverSettings = new TlsServerSettings();
this.clientSettings = new TlsClientSettings();
this.serverWriteIV = null;
// Clear MAC keys if protocol is different than Ssl3
- if (this.protocol != SecurityProtocolType.Ssl3)
+ if (this.securityProtocol != SecurityProtocolType.Ssl3)
{
this.clientWriteMAC = null;
this.serverWriteMAC = null;