[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls Assembl
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls AssemblyInfo.cs,NONE,1.1 CipherAlgorithmType.cs,NONE,1.1 CipherSuite.cs,NONE,1.1 ExchangeAlgorithmType.cs,NONE,1.1 HashAlgorithmType.cs,NONE,1.1 RSASslSignatureDeformatter.cs,NONE,1.1 RSASslSignatureFormatter.cs,NONE,1.1 SecurityCompressionType.cs,NONE,1.1 SecurityProtocolType.cs,NONE,1.1 SslClientStream.cs,NONE,1.1 SslServerStream.cs,NONE,1.1 TlsCipherSuite.cs,NONE,1.1 TlsCipherSuiteCollection.cs,NONE,1.1 TlsCipherSuiteFactory.cs,NONE,1.1 TlsClientSettings.cs,NONE,1.1 TlsContentType.cs,NONE,1.1 TlsContext.cs,NONE,1.1 TlsException.cs,NONE,1.1 TlsServerSettings.cs,NONE,1.1 TlsSslCipherSuite.cs,NONE,1.1 TlsSslHandshakeHash.cs,NONE,1.1 TlsStream.cs,NONE,1.1
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1023 Added Files: AssemblyInfo.cs CipherAlgorithmType.cs CipherSuite.cs ExchangeAlgorithmType.cs HashAlgorithmType.cs RSASslSignatureDeformatter.cs RSASslSignatureFormatter.cs SecurityCompressionType.cs SecurityProtocolType.cs SslClientStream.cs SslServerStream.cs TlsCipherSuite.cs TlsCipherSuiteCollection.cs TlsCipherSuiteFactory.cs TlsClientSettings.cs TlsContentType.cs TlsContext.cs TlsException.cs TlsServerSettings.cs TlsSslCipherSuite.cs TlsSslHandshakeHash.cs TlsStream.cs Log Message: Reorganization to match mono:: cvs structure --- NEW FILE: AssemblyInfo.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.Runtime.CompilerServices; using System.Resources; using System.Reflection; [assembly: AssemblyTitle("Transport Security Layer (TLS)")] [assembly: AssemblyDescription("Transport Security Layer (TLS) Protocol implementation")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("")] [assembly: AssemblyProduct("Transport Security Layer (TLS)")] [assembly: AssemblyCopyright("2003 - Carlos Guzmán Álvarez")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] [assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile("Mono.Security.Protocol.Tls.snk")] [assembly: AssemblyKeyName("")] [assembly: CLSCompliant(true)] --- NEW FILE: CipherAlgorithmType.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { public enum CipherAlgorithmType { Des, None, Rc2, Rc4, Rijndael, SkipJack, TripleDes } } --- NEW FILE: CipherSuite.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.IO; using System.Text; using System.Security.Cryptography; using Mono.Security; using Mono.Security.Cryptography; using Mono.Security.X509; using M = Mono.Security.Cryptography; namespace Mono.Security.Protocol.Tls { internal abstract class CipherSuite { #region Fields private short code; private string name; private CipherAlgorithmType cipherAlgorithmType; private HashAlgorithmType hashAlgorithmType; private ExchangeAlgorithmType exchangeAlgorithmType; private bool isExportable; private CipherMode cipherMode; private byte keyMaterialSize; private int keyBlockSize; private byte expandedKeyMaterialSize; private short effectiveKeyBits; private byte ivSize; private byte blockSize; private TlsContext context; private SymmetricAlgorithm encryptionAlgorithm; private ICryptoTransform encryptionCipher; private SymmetricAlgorithm decryptionAlgorithm; private ICryptoTransform decryptionCipher; private KeyedHashAlgorithm clientHMAC; private KeyedHashAlgorithm serverHMAC; #endregion #region Protected Properties protected ICryptoTransform EncryptionCipher { get { return this.encryptionCipher; } } protected ICryptoTransform DecryptionCipher { get { return this.decryptionCipher; } } protected KeyedHashAlgorithm ClientHMAC { get { return this.clientHMAC; } } protected KeyedHashAlgorithm ServerHMAC { get { return this.serverHMAC; } } #endregion #region Properties public CipherAlgorithmType CipherAlgorithmType { get { return this.cipherAlgorithmType; } } public string HashAlgorithmName { get { switch (this.hashAlgorithmType) { case HashAlgorithmType.Md5: return "MD5"; case HashAlgorithmType.Sha1: return "SHA1"; default: return "None"; } } } public HashAlgorithmType HashAlgorithmType { get { return this.hashAlgorithmType; } } public int HashSize { get { switch (this.hashAlgorithmType) { case HashAlgorithmType.Md5: return 16; case HashAlgorithmType.Sha1: return 20; default: return 0; } } } public ExchangeAlgorithmType ExchangeAlgorithmType { get { return this.exchangeAlgorithmType; } } public CipherMode CipherMode { get { return this.cipherMode; } } public short Code { get { return this.code; } } public string Name { get { return this.name; } } public bool IsExportable { get { return this.isExportable; } } public byte KeyMaterialSize { get { return this.keyMaterialSize; } } public int KeyBlockSize { get { return this.keyBlockSize; } } public byte ExpandedKeyMaterialSize { get { return this.expandedKeyMaterialSize; } } public byte EffectiveKeyBits { get { return this.EffectiveKeyBits; } } public byte IvSize { get { return this.ivSize; } } public byte BlockSize { get { return this.blockSize; } } public TlsContext Context { get { return this.context; } set { this.context = value; } } #endregion #region Constructors public CipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { this.code = code; this.name = name; this.cipherAlgorithmType = cipherAlgorithmType; this.hashAlgorithmType = hashAlgorithmType; this.exchangeAlgorithmType = exchangeAlgorithmType; this.isExportable = exportable; if (blockMode) { this.cipherMode = CipherMode.CBC; } this.keyMaterialSize = keyMaterialSize; this.expandedKeyMaterialSize= expandedKeyMaterialSize; this.effectiveKeyBits = effectiveKeyBits; this.ivSize = ivSize; this.blockSize = blockSize; this.keyBlockSize = this.keyMaterialSize*2 + this.HashSize*2 + this.ivSize*2; } #endregion #region Methods public void InitializeCipher() { this.createEncryptionCipher(); this.createDecryptionCipher(); } public RSA CertificateRSA() { RSA rsaCert = this.Context.ServerSettings.Certificates[0].RSA; RSA rsa = new RSAManaged(rsaCert.KeySize); rsa.ImportParameters(rsaCert.ExportParameters(false)); return rsa; } public void UpdateClientCipherIV(byte[] iv) { if (this.cipherMode == CipherMode.CBC) { // Set the new IV this.encryptionAlgorithm.IV = iv; // Create encryption cipher with the new IV this.encryptionCipher = this.encryptionAlgorithm.CreateEncryptor(); } } public void UpdateServerCipherIV(byte[] iv) { if (this.cipherMode == CipherMode.CBC) { // Set the new IV this.decryptionAlgorithm.IV = iv; // Create encryption cipher with the new IV this.decryptionCipher = this.decryptionAlgorithm.CreateDecryptor(); } } public byte[] EncryptRecord(byte[] fragment, byte[] mac) { // Encryption ( fragment + mac [+ padding + padding_length] ) MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, this.EncryptionCipher, CryptoStreamMode.Write); cs.Write(fragment, 0, fragment.Length); cs.Write(mac, 0, mac.Length); if (this.CipherMode == CipherMode.CBC) { // Calculate padding_length byte fragmentLength = (byte)(fragment.Length + mac.Length + 1); byte paddingLength = (byte)(this.blockSize - fragmentLength % this.blockSize); if (paddingLength == this.blockSize) { paddingLength = 0; } // Write padding length byte byte[] padding = new byte[(paddingLength + 1)]; for (int i = 0; i < (paddingLength + 1); i++) { padding[i] = paddingLength; } cs.Write(padding, 0, padding.Length); } cs.FlushFinalBlock(); cs.Close(); return ms.ToArray(); } public void DecryptRecord(byte[] fragment, ref byte[] dcrFragment, ref byte[] dcrMAC) { int fragmentSize = 0; int paddingLength = 0; // Decrypt message fragment ( fragment + mac [+ padding + padding_length] ) byte[] buffer = new byte[fragment.Length]; this.DecryptionCipher.TransformBlock(fragment, 0, fragment.Length, buffer, 0); // Calculate fragment size if (this.CipherMode == CipherMode.CBC) { // Calculate padding_length paddingLength = buffer[buffer.Length - 1]; fragmentSize = (buffer.Length - (paddingLength + 1)) - this.HashSize; } else { fragmentSize = buffer.Length - this.HashSize; } dcrFragment = new byte[fragmentSize]; dcrMAC = new byte[HashSize]; Buffer.BlockCopy(buffer, 0, dcrFragment, 0, dcrFragment.Length); Buffer.BlockCopy(buffer, dcrFragment.Length, dcrMAC, 0, dcrMAC.Length); } #endregion #region Abstract Methods public abstract byte[] ComputeClientRecordMAC(TlsContentType contentType, byte[] fragment); public abstract byte[] ComputeServerRecordMAC(TlsContentType contentType, byte[] fragment); public abstract void ComputeMasterSecret(byte[] preMasterSecret); public abstract void ComputeKeys(); #endregion #region Key Generation Methods public byte[] CreatePremasterSecret() { TlsStream stream = new TlsStream(); // Write protocol version stream.Write((short)this.Context.Protocol); // Generate random bytes stream.Write(this.context.GetSecureRandomBytes(46)); byte[] preMasterSecret = stream.ToArray(); stream.Reset(); return preMasterSecret; } public byte[] PRF(byte[] secret, string label, byte[] data, int length) { HashAlgorithm md5 = MD5.Create(); HashAlgorithm sha1 = SHA1.Create(); int secretLen = secret.Length / 2; // Seed TlsStream seedStream = new TlsStream(); seedStream.Write(Encoding.ASCII.GetBytes(label)); seedStream.Write(data); byte[] seed = seedStream.ToArray(); seedStream.Reset(); // Secret 1 byte[] secret1 = new byte[secretLen]; System.Array.Copy(secret, 0, secret1, 0, secretLen); // Secret2 byte[] secret2 = new byte[secretLen]; System.Array.Copy(secret, secretLen, secret2, 0, secretLen); // Secret 1 processing byte[] p_md5 = Expand("MD5", secret1, seed, length); // Secret 2 processing byte[] p_sha = Expand("SHA1", secret2, seed, length); // Perfor XOR of both results byte[] masterSecret = new byte[length]; for (int i = 0; i < masterSecret.Length; i++) { masterSecret[i] = (byte)(p_md5[i] ^ p_sha[i]); } return masterSecret; } public byte[] Expand(string hashName, byte[] secret, byte[] seed, int length) { int hashLength = hashName == "MD5" ? 16 : 20; int iterations = (int)(length / hashLength); if ((length % hashLength) > 0) { iterations++; } M.HMAC hmac = new M.HMAC(hashName, secret); TlsStream resMacs = new TlsStream(); byte[][] hmacs = new byte[iterations + 1][]; hmacs[0] = seed; for (int i = 1; i <= iterations; i++) { TlsStream hcseed = new TlsStream(); hmac.TransformFinalBlock(hmacs[i-1], 0, hmacs[i-1].Length); hmacs[i] = hmac.Hash; hcseed.Write(hmacs[i]); hcseed.Write(seed); hmac.TransformFinalBlock(hcseed.ToArray(), 0, (int)hcseed.Length); resMacs.Write(hmac.Hash); hcseed.Reset(); } byte[] res = new byte[length]; System.Array.Copy(resMacs.ToArray(), 0, res, 0, res.Length); resMacs.Reset(); return res; } #endregion #region Private Methods private void createEncryptionCipher() { // Create and configure the symmetric algorithm switch (this.cipherAlgorithmType) { case CipherAlgorithmType.Des: this.encryptionAlgorithm = DES.Create(); break; case CipherAlgorithmType.Rc2: this.encryptionAlgorithm = RC2.Create(); break; case CipherAlgorithmType.Rc4: this.encryptionAlgorithm = new ARC4Managed(); break; case CipherAlgorithmType.TripleDes: this.encryptionAlgorithm = TripleDES.Create(); break; case CipherAlgorithmType.Rijndael: this.encryptionAlgorithm = Rijndael.Create(); break; } // If it's a block cipher if (this.cipherMode == CipherMode.CBC) { // Configure encrypt algorithm this.encryptionAlgorithm.Mode = this.cipherMode; this.encryptionAlgorithm.Padding = PaddingMode.None; this.encryptionAlgorithm.KeySize = this.keyMaterialSize * 8; this.encryptionAlgorithm.BlockSize = this.blockSize * 8; } // Set the key and IV for the algorithm this.encryptionAlgorithm.Key = this.context.ClientWriteKey; this.encryptionAlgorithm.IV = this.context.ClientWriteIV; // Create encryption cipher this.encryptionCipher = this.encryptionAlgorithm.CreateEncryptor(); // Create the HMAC algorithm for the client this.clientHMAC = new M.HMAC( this.HashAlgorithmName, this.context.ClientWriteMAC); } private void createDecryptionCipher() { // Create and configure the symmetric algorithm switch (this.cipherAlgorithmType) { case CipherAlgorithmType.Des: this.decryptionAlgorithm = DES.Create(); break; case CipherAlgorithmType.Rc2: this.decryptionAlgorithm = RC2.Create(); break; case CipherAlgorithmType.Rc4: this.decryptionAlgorithm = new ARC4Managed(); break; case CipherAlgorithmType.TripleDes: this.decryptionAlgorithm = TripleDES.Create(); break; case CipherAlgorithmType.Rijndael: this.decryptionAlgorithm = Rijndael.Create(); break; } // If it's a block cipher if (this.cipherMode == CipherMode.CBC) { // Configure encrypt algorithm this.decryptionAlgorithm.Mode = this.cipherMode; this.decryptionAlgorithm.Padding = PaddingMode.None; this.decryptionAlgorithm.KeySize = this.keyMaterialSize * 8; this.decryptionAlgorithm.BlockSize = this.blockSize * 8; } // Set the key and IV for the algorithm this.decryptionAlgorithm.Key = this.context.ServerWriteKey; this.decryptionAlgorithm.IV = this.context.ServerWriteIV; // Create decryption cipher this.decryptionCipher = this.decryptionAlgorithm.CreateDecryptor(); // Create the HMAC algorithm for the server this.serverHMAC = new M.HMAC( this.HashAlgorithmName, this.context.ServerWriteMAC); } #endregion } } --- NEW FILE: ExchangeAlgorithmType.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { public enum ExchangeAlgorithmType { DiffieHellman, Fortezza, None, RsaKeyX, RsaSign } } --- NEW FILE: HashAlgorithmType.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { public enum HashAlgorithmType { Md5, None, Sha1 } } --- NEW FILE: RSASslSignatureDeformatter.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.Security.Cryptography; namespace Mono.Security.Protocol.Tls { internal class RSASslSignatureDeformatter : AsymmetricSignatureDeformatter { #region Fields private RSA key; private HashAlgorithm hash; #endregion #region Constructors public RSASslSignatureDeformatter() { } public RSASslSignatureDeformatter(AsymmetricAlgorithm key) { this.SetKey(key); } #endregion #region Methods public override bool VerifySignature( byte[] rgbHash, byte[] rgbSignature) { if (key == null) { throw new CryptographicUnexpectedOperationException("The key is a null reference"); } if (hash == null) { throw new CryptographicUnexpectedOperationException("The hash algorithm is a null reference."); } if (rgbHash == null) { throw new ArgumentNullException("The rgbHash parameter is a null reference."); } return Mono.Security.Cryptography.PKCS1.Verify_v15( this.key, this.hash, rgbHash, rgbSignature); } public override void SetHashAlgorithm(string strName) { switch (strName) { case "MD5SHA1": this.hash = new Mono.Security.Cryptography.MD5SHA1(); break; default: this.hash = HashAlgorithm.Create(strName); break; } } public override void SetKey(AsymmetricAlgorithm key) { if (!(key is RSA)) { throw new ArgumentException("Specfied key is not an RSA key"); } this.key = key as RSA; } #endregion } } --- NEW FILE: RSASslSignatureFormatter.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.Security.Cryptography; namespace Mono.Security.Protocol.Tls { internal class RSASslSignatureFormatter : AsymmetricSignatureFormatter { #region Fields private RSA key; private HashAlgorithm hash; #endregion #region Constructors public RSASslSignatureFormatter() { } public RSASslSignatureFormatter(AsymmetricAlgorithm key) { this.SetKey(key); } #endregion #region Methods public override byte[] CreateSignature(byte[] rgbHash) { if (key == null) { throw new CryptographicUnexpectedOperationException("The key is a null reference"); } if (hash == null) { throw new CryptographicUnexpectedOperationException("The hash algorithm is a null reference."); } if (rgbHash == null) { throw new ArgumentNullException("The rgbHash parameter is a null reference."); } return Mono.Security.Cryptography.PKCS1.Sign_v15( this.key, this.hash, rgbHash); } public override void SetHashAlgorithm(string strName) { switch (strName) { case "MD5SHA1": this.hash = new Mono.Security.Cryptography.MD5SHA1(); break; default: this.hash = HashAlgorithm.Create(strName); break; } } public override void SetKey(AsymmetricAlgorithm key) { if (!(key is RSA)) { throw new ArgumentException("Specfied key is not an RSA key"); } this.key = key as RSA; } #endregion } } --- NEW FILE: SecurityCompressionType.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { // Information about compression methods allowed by TLS // can be found in: // draft-ietf-tls-compression-05.txt (http://www.ietf.org/internet-drafts/draft-ietf-tls-compression-05.txt) public enum SecurityCompressionType : byte { None = 0, Zlib = 1 } } --- NEW FILE: SecurityProtocolType.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { public enum SecurityProtocolType : short { Default = (0x03 << 8) | 0x01, Ssl3 = (0x03 << 8) | 0x00, Tls = (0x03 << 8) | 0x01 } } --- NEW FILE: SslClientStream.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, [...1132 lines suppressed...] return null; } internal AsymmetricAlgorithm RaisePrivateKeySelection( X509Certificate clientCertificate, string targetHost) { if (this.PrivateKeySelection != null) { return this.PrivateKeySelection( clientCertificate, targetHost); } return null; } #endregion } } --- NEW FILE: SslServerStream.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.IO; using System.Security.Cryptography.X509Certificates; namespace Mono.Security.Protocol.Tls { public class SslServerStream : Stream, IDisposable { #region Fields private Stream innerStream; private bool disposed; private bool ownsStream; #endregion #region Properties public override bool CanRead { get { return this.innerStream.CanRead; } } public override bool CanWrite { get { return this.innerStream.CanWrite; } } public override bool CanSeek { get { return this.innerStream.CanSeek; } } public override long Length { get { throw new NotSupportedException(); } } public override long Position { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } } #endregion #region Security Properties public bool CheckCertRevocationStatus { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } } public CipherAlgorithmType CipherAlgorithm { get { throw new NotSupportedException(); } } public int CipherStrength { get { throw new NotSupportedException(); } } public X509Certificate ClientCertificate { get { throw new NotSupportedException(); } } public CertificateValidationCallback ClientCertValidationDelegate { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } } public HashAlgorithmType HashAlgorithm { get { throw new NotSupportedException(); } } public int HashStrength { get { throw new NotSupportedException(); } } public int KeyExchangeStrength { get { throw new NotSupportedException(); } } public ExchangeAlgorithmType KeyExchangeAlgorithm { get { throw new NotSupportedException(); } } public SecurityProtocolType SecurityProtocol { get { throw new NotSupportedException(); } } public X509Certificate ServerCertificate { get { throw new NotSupportedException(); } } #endregion #region Constructors public SslServerStream(Stream stream, X509Certificate serverCertificate) { throw new NotSupportedException(); } public SslServerStream( Stream stream, X509Certificate serverCertificate, bool clientCertificateRequired, bool ownsStream) { throw new NotSupportedException(); } public SslServerStream( Stream stream, X509Certificate serverCertificate, bool clientCertificateRequired, bool ownsStream, SecurityProtocolType securityProtocolType) { throw new NotSupportedException(); } #endregion #region Finalizer ~SslServerStream() { this.Dispose(false); } #endregion #region IDisposable Methods void IDisposable.Dispose() { this.Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (!this.disposed) { if (disposing) { if (this.innerStream != null) { if (this.ownsStream) { // Close inner stream this.innerStream.Close(); } } this.ownsStream = false; this.innerStream = null; } this.disposed = true; } } #endregion #region Methods public override IAsyncResult BeginRead( byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState) { throw new NotSupportedException(); } public override IAsyncResult BeginWrite( byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState) { throw new NotSupportedException(); } public override void Close() { throw new NotSupportedException(); } public override int EndRead(IAsyncResult asyncResult) { throw new NotSupportedException(); } public override void EndWrite(IAsyncResult asyncResult) { throw new NotSupportedException(); } public override void Flush() { if (this.disposed) { throw new ObjectDisposedException("The NetworkStream is closed."); } } public int Read(byte[] buffer) { throw new NotSupportedException(); } public override int Read( byte[] buffer, int offset, int count) { throw new NotSupportedException(); } public override long Seek(long offset, SeekOrigin origin) { throw new NotSupportedException(); } public override void SetLength(long value) { throw new NotSupportedException(); } public void Write(byte[] buffer) { throw new NotSupportedException(); } public override void Write( byte[] buffer, int offset, int count) { throw new NotSupportedException(); } #endregion } } --- NEW FILE: TlsCipherSuite.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.IO; using System.Text; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Mono.Security; using Mono.Security.Cryptography; namespace Mono.Security.Protocol.Tls { internal class TlsCipherSuite : CipherSuite { #region Constructors public TlsCipherSuite( short code, string name, CipherAlgorithmType cipherAlgorithmType, HashAlgorithmType hashAlgorithmType, ExchangeAlgorithmType exchangeAlgorithmType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) : base(code, name, cipherAlgorithmType, hashAlgorithmType, exchangeAlgorithmType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize) { } #endregion #region MAC Generation Methods public override byte[] ComputeServerRecordMAC(TlsContentType contentType, byte[] fragment) { TlsStream data = new TlsStream(); byte[] result = null; data.Write(this.Context.ReadSequenceNumber); data.Write((byte)contentType); data.Write((short)this.Context.Protocol); data.Write((short)fragment.Length); data.Write(fragment); result = this.ServerHMAC.ComputeHash(data.ToArray()); data.Reset(); return result; } public override byte[] ComputeClientRecordMAC(TlsContentType contentType, byte[] fragment) { TlsStream data = new TlsStream(); byte[] result = null; data.Write(this.Context.WriteSequenceNumber); data.Write((byte)contentType); data.Write((short)this.Context.Protocol); data.Write((short)fragment.Length); data.Write(fragment); result = this.ClientHMAC.ComputeHash(data.ToArray()); data.Reset(); return result; } #endregion #region Key Generation Methods public override void ComputeMasterSecret(byte[] preMasterSecret) { // Create master secret this.Context.MasterSecret = new byte[preMasterSecret.Length]; this.Context.MasterSecret = this.PRF( preMasterSecret, "master secret", this.Context.RandomCS, 48); } public override void ComputeKeys() { // Create keyblock TlsStream keyBlock = new TlsStream( this.PRF( this.Context.MasterSecret, "key expansion", this.Context.RandomSC, this.KeyBlockSize)); this.Context.ClientWriteMAC = keyBlock.ReadBytes(this.HashSize); this.Context.ServerWriteMAC = keyBlock.ReadBytes(this.HashSize); this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); if (!this.IsExportable) { if (this.IvSize != 0) { this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize); this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize); } else { this.Context.ClientWriteIV = new byte[0]; this.Context.ServerWriteIV = new byte[0]; } } else { // Generate final write keys byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.KeyMaterialSize); byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.KeyMaterialSize); this.Context.ClientWriteKey = finalClientWriteKey; this.Context.ServerWriteKey = finalServerWriteKey; // Generate IV block byte[] ivBlock = PRF(new byte[]{}, "IV block", this.Context.RandomCS, this.IvSize*2); // Generate IV keys this.Context.ClientWriteIV = new byte[this.IvSize]; System.Array.Copy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length); this.Context.ServerWriteIV = new byte[this.IvSize]; System.Array.Copy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length); } // Clear no more needed data keyBlock.Reset(); } #endregion } } --- NEW FILE: TlsCipherSuiteCollection.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; using System.Collections; using System.Globalization; using System.Security.Cryptography; namespace Mono.Security.Protocol.Tls { internal sealed class TlsCipherSuiteCollection : ArrayList { #region Fields private SecurityProtocolType protocol; #endregion #region Properties public CipherSuite this[string name] { get { return (CipherSuite)this[IndexOf(name)]; } set { this[IndexOf(name)] = (CipherSuite)value; } } public CipherSuite this[short code] { get { return (CipherSuite)base[IndexOf(code)]; } set { base[IndexOf(code)] = (CipherSuite)value; } } public new CipherSuite this[int code] { get { return (CipherSuite)base[code]; } set { base[code] = (CipherSuite)value; } } #endregion #region Constructors public TlsCipherSuiteCollection(SecurityProtocolType protocol) : base() { this.protocol = protocol; } #endregion #region Methods public bool Contains(string name) { return(-1 != IndexOf(name)); } public int IndexOf(string name) { int index = 0; foreach (CipherSuite suite in this) { if (cultureAwareCompare(suite.Name, name)) { return index; } index++; } return -1; } public int IndexOf(short code) { int index = 0; foreach (CipherSuite suite in this) { if (suite.Code == code) { return index; } index++; } return -1; } public void RemoveAt(string errorMessage) { RemoveAt(IndexOf(errorMessage)); } public CipherSuite Add( short code, string name, CipherAlgorithmType cipherType, HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType, bool exportable, bool blockMode, byte keyMaterialSize, byte expandedKeyMaterialSize, short effectiveKeyBytes, byte ivSize, byte blockSize) { switch (this.protocol) { case SecurityProtocolType.Ssl3: return this.add( new TlsSslCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); case SecurityProtocolType.Tls: return this.add( new TlsCipherSuite( code, name, cipherType, hashType, exchangeType, exportable, blockMode, keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize)); default: throw new NotSupportedException(); } } private TlsCipherSuite add(TlsCipherSuite cipherSuite) { base.Add(cipherSuite); return cipherSuite; } private TlsSslCipherSuite add(TlsSslCipherSuite cipherSuite) { base.Add(cipherSuite); return cipherSuite; } private bool cultureAwareCompare(string strA, string strB) { try { return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; } catch (NotSupportedException) { return strA.ToUpper() == strB.ToUpper() ? true : false; } } #endregion } } --- NEW FILE: TlsCipherSuiteFactory.cs --- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ using System; namespace Mono.Security.Protocol.Tls { internal class TlsCipherSuiteFactory { public static TlsCipherSuiteCollection GetSupportedCiphers(SecurityProtocolType protocol) { switch (protocol) { case SecurityProtocolType.Ssl3: return TlsCipherSuiteFactory.GetSsl3SupportedCiphers(); case SecurityProtocolType.Tls: return TlsCipherSuiteFactory.GetTls1SupportedCiphers(); default: throw new NotSupportedException(); } } #region Private Static Methods private static TlsCipherSuiteCollection GetTls1SupportedCiphers() { TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(SecurityProtocolType.Tls); // Supported ciphers scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16); scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16); scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8); scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // Default CipherSuite // scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); // RSA Cipher Suites // scs.Add((0x00 << 0x08) | 0x01, "TLS_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); // scs.Add((0x00 << 0x08) | 0x02, "TLS_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSignKeyX, true, false, 5, 16, 40, 0, 0); // scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x07, "TLS_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8); // Diffie-Hellman Cipher Suites // scs.Add((0x00 << 0x08) | 0x0B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x0C, "TLS_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x0D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // scs.Add((0x00 << 0x08) | 0x0E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x0F, "TLS_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x10, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // scs.Add((0x00 << 0x08) | 0x11, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x12, "TLS_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x13, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // scs.Add((0x00 << 0x08) | 0x14, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x15, "TLS_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x16, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // Anonymous Diffie-Hellman Cipher Suites // scs.Add((0x00 << 0x08) | 0x17, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0); // scs.Add((0x00 << 0x08) | 0x18, "TLS_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0); // scs.Add((0x00 << 0x08) | 0x19, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x1A, "TLS_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x1B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // AES CipherSuites // // Ref: RFC3268 - (http://www.ietf.org/rfc/rfc3268.txt) // scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16); // scs.Add((0x00 << 0x08) | 0x30, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x31, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x32, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x33, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x34, "TLS_DH_anon_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16); // scs.Add((0x00 << 0x08) | 0x36, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16); // scs.Add((0x00 << 0x08) | 0x37, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16); // scs.Add((0x00 << 0x08) | 0x38, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16); // scs.Add((0x00 << 0x08) | 0x39, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16); // scs.Add((0x00 << 0x08) | 0x3A, "TLS_DH_anon_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16); return scs; } private static TlsCipherSuiteCollection GetSsl3SupportedCiphers() { TlsCipherSuiteCollection scs = new TlsCipherSuiteCollection(SecurityProtocolType.Ssl3); // Supported ciphers scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8); scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // Default CipherSuite // scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0); // RSA Cipher Suites // scs.Add((0x00 << 0x08) | 0x01, "SSL_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); // scs.Add((0x00 << 0x08) | 0x02, "SSL_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, true, ExchangeAlgorithmType.None, false, 0, 0, 0, 0, 0); // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); // scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0); // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x07, "SSL_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8); // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyEx, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8); // Diffie-Hellman Cipher Suites // scs.Add((0x00 << 0x08) | 0x0B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x0C, "SSL_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x0D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // scs.Add((0x00 << 0x08) | 0x0E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x0F, "SSL_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8); // scs.Add((0x00 << 0x08) | 0x10, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8); // scs.Add((0x00 << 0x08) | 0x11, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8); // scs.Add((0x00 << 0x08) | 0x12, "SSL_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56... [truncated message content] |
