--- /dev/null
+/*
+ * Copyright (c) 2018 Thomas Pornin <pornin@bolet.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Net.Sockets;
+using System.Text;
+using System.Threading;
+
+using Asn1;
+using Crypto;
+using IO;
+using SSLTLS;
+using XKeys;
+
+/*
+ * A simple command-line application that runs a client that connects
+ * to a provided server. This is meant for debug purposes.
+ */
+
+public class Client {
+
+ public static void Main(string[] args)
+ {
+ try {
+ new Client().Run(args);
+ } catch (Exception e) {
+ Console.WriteLine(e.ToString());
+ Environment.Exit(1);
+ }
+ }
+
+ void Run(string[] args)
+ {
+ bool verbose = true;
+ bool trace = false;
+ string host = null;
+ string sni = null;
+ List<string> csNames = null;
+ List<string> hsNames = null;
+ int vmin = 0;
+ int vmax = 0;
+ for (int i = 0; i < args.Length; i ++) {
+ string a = args[i];
+ if (!a.StartsWith("-")) {
+ if (host != null) {
+ throw new Exception(
+ "duplicate host name");
+ }
+ host = a;
+ continue;
+ }
+ a = a.Substring(1).ToLowerInvariant();
+ switch (a) {
+ case "v":
+ verbose = true;
+ break;
+ case "q":
+ verbose = false;
+ break;
+ case "trace":
+ trace = true;
+ break;
+ case "sni":
+ if (sni != null) {
+ throw new Exception(
+ "duplicate SNI");
+ }
+ if (++ i >= args.Length) {
+ throw new Exception(
+ "no SNI provided");
+ }
+ sni = args[i];
+ break;
+ case "nosni":
+ if (sni != null) {
+ throw new Exception(
+ "duplicate SNI");
+ }
+ sni = "";
+ break;
+ case "cs":
+ if (++ i >= args.Length) {
+ throw new Exception(
+ "no cipher names provided");
+ }
+ if (csNames == null) {
+ csNames = new List<string>();
+ }
+ AddNames(csNames, args[i]);
+ break;
+ case "hs":
+ if (++ i >= args.Length) {
+ throw new Exception(
+ "no hash-and-sign provided");
+ }
+ if (hsNames == null) {
+ hsNames = new List<string>();
+ }
+ AddNames(hsNames, args[i]);
+ break;
+ case "vmin":
+ if (vmin != 0) {
+ throw new Exception(
+ "duplicate minimum version");
+ }
+ if (++ i >= args.Length) {
+ throw new Exception(
+ "no minimum version provided");
+ }
+ vmin = SSL.GetVersionByName(args[i]);
+ break;
+ case "vmax":
+ if (vmax != 0) {
+ throw new Exception(
+ "duplicate maximum version");
+ }
+ if (++ i >= args.Length) {
+ throw new Exception(
+ "no maximum version provided");
+ }
+ vmax = SSL.GetVersionByName(args[i]);
+ break;
+ default:
+ throw new Exception(string.Format(
+ "Unknown option: '-{0}'", a));
+ }
+ }
+
+ if (host == null) {
+ throw new Exception("no host name provided");
+ }
+ int j = host.LastIndexOf(':');
+ int port;
+ if (j < 0) {
+ port = 443;
+ } else {
+ if (!Int32.TryParse(host.Substring(j + 1), out port)
+ || port <= 0 || port > 65535)
+ {
+ throw new Exception("invalid port number");
+ }
+ host = host.Substring(0, j);
+ }
+ if (sni == null) {
+ sni = host;
+ }
+ int[] css = null;
+ if (csNames != null) {
+ css = new int[csNames.Count];
+ for (int i = 0; i < css.Length; i ++) {
+ css[i] = SSL.GetSuiteByName(csNames[i]);
+ }
+ }
+ int[] hss = null;
+ if (hsNames != null) {
+ hss = new int[hsNames.Count];
+ for (int i = 0; i < hss.Length; i ++) {
+ hss[i] = SSL.GetHashAndSignByName(hsNames[i]);
+ }
+ }
+ if (vmin != 0 && vmax != 0 && vmin > vmax) {
+ throw new Exception("invalid version range");
+ }
+
+ /*
+ * Connect to the designated server.
+ */
+ TcpClient tc = new TcpClient(host, port);
+ Socket sock = tc.Client;
+ Stream ns = tc.GetStream();
+ if (trace) {
+ MergeStream ms = new MergeStream(ns, ns);
+ ms.Debug = Console.Out;
+ ns = ms;
+ }
+ SSLClient ssl = new SSLClient(ns);
+ if (sni != "") {
+ ssl.ServerName = sni;
+ }
+ if (css != null) {
+ ssl.SupportedCipherSuites = css;
+ }
+ if (hss != null) {
+ ssl.SupportedHashAndSign = hss;
+ }
+ if (vmin != 0) {
+ ssl.VersionMin = vmin;
+ }
+ if (vmax != 0) {
+ ssl.VersionMax = vmax;
+ }
+
+ /*
+ * This is a debug tool; we accept the server certificate
+ * without validation.
+ */
+ ssl.ServerCertValidator = SSLClient.InsecureCertValidator;
+
+ /*
+ * Force a Flush. There is no application data to flush
+ * at this point, but as a side-effect it forces the
+ * handshake to complete.
+ */
+ ssl.Flush();
+
+ if (verbose) {
+ Console.WriteLine("Handshake completed:");
+ Console.WriteLine(" Version = {0}",
+ SSL.VersionName(ssl.Version));
+ Console.WriteLine(" Cipher suite = {0}",
+ SSL.CipherSuiteName(ssl.CipherSuite));
+ }
+
+ /*
+ * Now relay data back and forth between the connection
+ * and the console. Since the underlying SSL stream does
+ * not support simultaneous reads and writes, we use
+ * the following approximation:
+ *
+ * - We poll on the socket for incoming data. When there
+ * is some activity, we assume that some application
+ * data (or closure) follows, and we read it. It is
+ * then immediately written out (synchronously) on
+ * standard output.
+ *
+ * - When waiting for read activity on the socket, we
+ * regularly (every 200 ms) check for data to read on
+ * standard input. If there is, we read it, and send
+ * it synchronously on the SSL stream.
+ *
+ * - The data reading from console is performed by
+ * another thread.
+ *
+ * Since SSL records are read one by one, we know that,
+ * by using a buffer larger than 16 kB, a single Read()
+ * call cannot leave any buffered application data.
+ */
+ ssl.CloseSub = false;
+ Thread t = new Thread(new ThreadStart(CRThread));
+ t.IsBackground = true;
+ t.Start();
+ byte[] buf = new byte[16384];
+ Stream stdout = Console.OpenStandardOutput();
+ for (;;) {
+ if (sock.Poll(200000, SelectMode.SelectRead)) {
+ int rlen = ssl.Read(buf, 0, buf.Length);
+ if (rlen < 0) {
+ Console.WriteLine(
+ "Connection closed.\n");
+ break;
+ }
+ stdout.Write(buf, 0, rlen);
+ } else {
+ while (CRHasData()) {
+ int rlen = CRRead(buf, 0, buf.Length);
+ if (rlen < 0) {
+ ssl.Close();
+ break;
+ }
+ if (rlen > 0) {
+ ssl.Write(buf, 0, rlen);
+ }
+ }
+ }
+ }
+ sock.Close();
+ }
+
+ static void AddNames(List<string> d, string str)
+ {
+ foreach (string name in str.Split(
+ new char[] { ',', ':', ';' },
+ StringSplitOptions.RemoveEmptyEntries))
+ {
+ d.Add(name.Trim());
+ }
+ }
+
+ object consoleReadLock = new object();
+ byte[] crBuf = new byte[16384];
+ int crPtr = 0;
+ bool crClosed = false;
+
+ bool CRHasData()
+ {
+ lock (consoleReadLock) {
+ return crPtr != 0 || crClosed;
+ }
+ }
+
+ int CRRead(byte[] buf, int off, int len)
+ {
+ lock (consoleReadLock) {
+ if (crPtr == 0 && crClosed) {
+ return -1;
+ }
+ int rlen = Math.Min(len, crPtr);
+ Array.Copy(crBuf, 0, buf, off, rlen);
+ if (rlen > 0 && rlen < crPtr) {
+ Array.Copy(crBuf, rlen, crBuf, 0, crPtr - rlen);
+ }
+ crPtr -= rlen;
+ Monitor.PulseAll(consoleReadLock);
+ return rlen;
+ }
+ }
+
+ void CRThread()
+ {
+ byte[] buf = new byte[crBuf.Length];
+ Stream stdin = Console.OpenStandardInput();
+
+ for (;;) {
+ lock (consoleReadLock) {
+ while (crPtr == crBuf.Length) {
+ Monitor.Wait(consoleReadLock);
+ }
+ }
+ int rlen = stdin.Read(buf, 0, buf.Length);
+ lock (consoleReadLock) {
+ Monitor.PulseAll(consoleReadLock);
+ if (rlen < 0) {
+ crClosed = true;
+ break;
+ }
+ Array.Copy(buf, 0, crBuf, crPtr, rlen);
+ crPtr += rlen;
+ }
+ }
+ }
+}
return String.Format("UNKNOWN:0x{0:X4}", version);
}
+ /*
+ * Parse a version name.
+ */
+ public static int GetVersionByName(string s)
+ {
+ string t = s.Trim().Replace(" ", "").Replace(".", "")
+ .Replace("-", "").ToUpperInvariant();
+ switch (t) {
+ case "SSL3":
+ case "SSLV3":
+ case "SSL30":
+ case "SSLV30":
+ return SSL30;
+ case "TLS1":
+ case "TLSV1":
+ case "TLS10":
+ case "TLSV10":
+ return TLS10;
+ case "TLS11":
+ case "TLSV11":
+ return TLS11;
+ case "TLS12":
+ case "TLSV12":
+ return TLS12;
+ default:
+ throw new Exception(string.Format(
+ "Unknown protocol version: '{0}'", s));
+ }
+ }
+
/*
* Get a human-readable name for a cipher suite.
*/
}
}
+ /*
+ * Parse a cipher suite name.
+ */
+ public static int GetSuiteByName(string s)
+ {
+ string t = s.Trim().Replace("_", "").Replace("-", "")
+ .ToUpperInvariant();
+ if (t.StartsWith("TLS") || t.StartsWith("SSL")) {
+ t = t.Substring(3);
+ }
+ switch (t) {
+ case "NULLWITHNULLNULL":
+ return NULL_WITH_NULL_NULL;
+ case "RSAWITHNULLMD5":
+ return RSA_WITH_NULL_MD5;
+ case "RSAWITHNULLSHA":
+ return RSA_WITH_NULL_SHA;
+ case "RSAWITHNULLSHA256":
+ return RSA_WITH_NULL_SHA256;
+ case "RSAWITHRC4128MD5":
+ return RSA_WITH_RC4_128_MD5;
+ case "RSAWITHRC4128SHA":
+ return RSA_WITH_RC4_128_SHA;
+ case "RSAWITH3DESEDECBCSHA":
+ return RSA_WITH_3DES_EDE_CBC_SHA;
+ case "RSAWITHAES128CBCSHA":
+ return RSA_WITH_AES_128_CBC_SHA;
+ case "RSAWITHAES256CBCSHA":
+ return RSA_WITH_AES_256_CBC_SHA;
+ case "RSAWITHAES128CBCSHA256":
+ return RSA_WITH_AES_128_CBC_SHA256;
+ case "RSAWITHAES256CBCSHA256":
+ return RSA_WITH_AES_256_CBC_SHA256;
+ case "DHDSSWITH3DESEDECBCSHA":
+ return DH_DSS_WITH_3DES_EDE_CBC_SHA;
+ case "DHRSAWITH3DESEDECBCSHA":
+ return DH_RSA_WITH_3DES_EDE_CBC_SHA;
+ case "DHEDSSWITH3DESEDECBCSHA":
+ return DHE_DSS_WITH_3DES_EDE_CBC_SHA;
+ case "DHERSAWITH3DESEDECBCSHA":
+ return DHE_RSA_WITH_3DES_EDE_CBC_SHA;
+ case "DHDSSWITHAES128CBCSHA":
+ return DH_DSS_WITH_AES_128_CBC_SHA;
+ case "DHRSAWITHAES128CBCSHA":
+ return DH_RSA_WITH_AES_128_CBC_SHA;
+ case "DHEDSSWITHAES128CBCSHA":
+ return DHE_DSS_WITH_AES_128_CBC_SHA;
+ case "DHERSAWITHAES128CBCSHA":
+ return DHE_RSA_WITH_AES_128_CBC_SHA;
+ case "DHDSSWITHAES256CBCSHA":
+ return DH_DSS_WITH_AES_256_CBC_SHA;
+ case "DHRSAWITHAES256CBCSHA":
+ return DH_RSA_WITH_AES_256_CBC_SHA;
+ case "DHEDSSWITHAES256CBCSHA":
+ return DHE_DSS_WITH_AES_256_CBC_SHA;
+ case "DHERSAWITHAES256CBCSHA":
+ return DHE_RSA_WITH_AES_256_CBC_SHA;
+ case "DHDSSWITHAES128CBCSHA256":
+ return DH_DSS_WITH_AES_128_CBC_SHA256;
+ case "DHRSAWITHAES128CBCSHA256":
+ return DH_RSA_WITH_AES_128_CBC_SHA256;
+ case "DHEDSSWITHAES128CBCSHA256":
+ return DHE_DSS_WITH_AES_128_CBC_SHA256;
+ case "DHERSAWITHAES128CBCSHA256":
+ return DHE_RSA_WITH_AES_128_CBC_SHA256;
+ case "DHDSSWITHAES256CBCSHA256":
+ return DH_DSS_WITH_AES_256_CBC_SHA256;
+ case "DHRSAWITHAES256CBCSHA256":
+ return DH_RSA_WITH_AES_256_CBC_SHA256;
+ case "DHEDSSWITHAES256CBCSHA256":
+ return DHE_DSS_WITH_AES_256_CBC_SHA256;
+ case "DHERSAWITHAES256CBCSHA256":
+ return DHE_RSA_WITH_AES_256_CBC_SHA256;
+ case "DHANONWITHRC4128MD5":
+ return DH_anon_WITH_RC4_128_MD5;
+ case "DHANONWITH3DESEDECBCSHA":
+ return DH_anon_WITH_3DES_EDE_CBC_SHA;
+ case "DHANONWITHAES128CBCSHA":
+ return DH_anon_WITH_AES_128_CBC_SHA;
+ case "DHANONWITHAES256CBCSHA":
+ return DH_anon_WITH_AES_256_CBC_SHA;
+ case "DHANONWITHAES128CBCSHA256":
+ return DH_anon_WITH_AES_128_CBC_SHA256;
+ case "DHANONWITHAES256CBCSHA256":
+ return DH_anon_WITH_AES_256_CBC_SHA256;
+ case "ECDHECDSAWITHNULLSHA":
+ return ECDH_ECDSA_WITH_NULL_SHA;
+ case "ECDHECDSAWITHRC4128SHA":
+ return ECDH_ECDSA_WITH_RC4_128_SHA;
+ case "ECDHECDSAWITH3DESEDECBCSHA":
+ return ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
+ case "ECDHECDSAWITHAES128CBCSHA":
+ return ECDH_ECDSA_WITH_AES_128_CBC_SHA;
+ case "ECDHECDSAWITHAES256CBCSHA":
+ return ECDH_ECDSA_WITH_AES_256_CBC_SHA;
+ case "ECDHEECDSAWITHNULLSHA":
+ return ECDHE_ECDSA_WITH_NULL_SHA;
+ case "ECDHEECDSAWITHRC4128SHA":
+ return ECDHE_ECDSA_WITH_RC4_128_SHA;
+ case "ECDHEECDSAWITH3DESEDECBCSHA":
+ return ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
+ case "ECDHEECDSAWITHAES128CBCSHA":
+ return ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
+ case "ECDHEECDSAWITHAES256CBCSHA":
+ return ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
+ case "ECDHRSAWITHNULLSHA":
+ return ECDH_RSA_WITH_NULL_SHA;
+ case "ECDHRSAWITHRC4128SHA":
+ return ECDH_RSA_WITH_RC4_128_SHA;
+ case "ECDHRSAWITH3DESEDECBCSHA":
+ return ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
+ case "ECDHRSAWITHAES128CBCSHA":
+ return ECDH_RSA_WITH_AES_128_CBC_SHA;
+ case "ECDHRSAWITHAES256CBCSHA":
+ return ECDH_RSA_WITH_AES_256_CBC_SHA;
+ case "ECDHERSAWITHNULLSHA":
+ return ECDHE_RSA_WITH_NULL_SHA;
+ case "ECDHERSAWITHRC4128SHA":
+ return ECDHE_RSA_WITH_RC4_128_SHA;
+ case "ECDHERSAWITH3DESEDECBCSHA":
+ return ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
+ case "ECDHERSAWITHAES128CBCSHA":
+ return ECDHE_RSA_WITH_AES_128_CBC_SHA;
+ case "ECDHERSAWITHAES256CBCSHA":
+ return ECDHE_RSA_WITH_AES_256_CBC_SHA;
+ case "ECDHANONWITHNULLSHA":
+ return ECDH_anon_WITH_NULL_SHA;
+ case "ECDHANONWITHRC4128SHA":
+ return ECDH_anon_WITH_RC4_128_SHA;
+ case "ECDHANONWITH3DESEDECBCSHA":
+ return ECDH_anon_WITH_3DES_EDE_CBC_SHA;
+ case "ECDHANONWITHAES128CBCSHA":
+ return ECDH_anon_WITH_AES_128_CBC_SHA;
+ case "ECDHANONWITHAES256CBCSHA":
+ return ECDH_anon_WITH_AES_256_CBC_SHA;
+ case "RSAWITHAES128GCMSHA256":
+ return RSA_WITH_AES_128_GCM_SHA256;
+ case "RSAWITHAES256GCMSHA384":
+ return RSA_WITH_AES_256_GCM_SHA384;
+ case "DHERSAWITHAES128GCMSHA256":
+ return DHE_RSA_WITH_AES_128_GCM_SHA256;
+ case "DHERSAWITHAES256GCMSHA384":
+ return DHE_RSA_WITH_AES_256_GCM_SHA384;
+ case "DHRSAWITHAES128GCMSHA256":
+ return DH_RSA_WITH_AES_128_GCM_SHA256;
+ case "DHRSAWITHAES256GCMSHA384":
+ return DH_RSA_WITH_AES_256_GCM_SHA384;
+ case "DHEDSSWITHAES128GCMSHA256":
+ return DHE_DSS_WITH_AES_128_GCM_SHA256;
+ case "DHEDSSWITHAES256GCMSHA384":
+ return DHE_DSS_WITH_AES_256_GCM_SHA384;
+ case "DHDSSWITHAES128GCMSHA256":
+ return DH_DSS_WITH_AES_128_GCM_SHA256;
+ case "DHDSSWITHAES256GCMSHA384":
+ return DH_DSS_WITH_AES_256_GCM_SHA384;
+ case "DHANONWITHAES128GCMSHA256":
+ return DH_anon_WITH_AES_128_GCM_SHA256;
+ case "DHANONWITHAES256GCMSHA384":
+ return DH_anon_WITH_AES_256_GCM_SHA384;
+ case "ECDHEECDSAWITHAES128CBCSHA256":
+ return ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
+ case "ECDHEECDSAWITHAES256CBCSHA384":
+ return ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
+ case "ECDHECDSAWITHAES128CBCSHA256":
+ return ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
+ case "ECDHECDSAWITHAES256CBCSHA384":
+ return ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
+ case "ECDHERSAWITHAES128CBCSHA256":
+ return ECDHE_RSA_WITH_AES_128_CBC_SHA256;
+ case "ECDHERSAWITHAES256CBCSHA384":
+ return ECDHE_RSA_WITH_AES_256_CBC_SHA384;
+ case "ECDHRSAWITHAES128CBCSHA256":
+ return ECDH_RSA_WITH_AES_128_CBC_SHA256;
+ case "ECDHRSAWITHAES256CBCSHA384":
+ return ECDH_RSA_WITH_AES_256_CBC_SHA384;
+ case "ECDHEECDSAWITHAES128GCMSHA256":
+ return ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
+ case "ECDHEECDSAWITHAES256GCMSHA384":
+ return ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
+ case "ECDHECDSAWITHAES128GCMSHA256":
+ return ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
+ case "ECDHECDSAWITHAES256GCMSHA384":
+ return ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
+ case "ECDHERSAWITHAES128GCMSHA256":
+ return ECDHE_RSA_WITH_AES_128_GCM_SHA256;
+ case "ECDHERSAWITHAES256GCMSHA384":
+ return ECDHE_RSA_WITH_AES_256_GCM_SHA384;
+ case "ECDHRSAWITHAES128GCMSHA256":
+ return ECDH_RSA_WITH_AES_128_GCM_SHA256;
+ case "ECDHRSAWITHAES256GCMSHA384":
+ return ECDH_RSA_WITH_AES_256_GCM_SHA384;
+ case "ECDHERSAWITHCHACHA20POLY1305SHA256":
+ return ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
+ case "ECDHEECDSAWITHCHACHA20POLY1305SHA256":
+ return ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
+ case "DHERSAWITHCHACHA20POLY1305SHA256":
+ return DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
+ case "PSKWITHCHACHA20POLY1305SHA256":
+ return PSK_WITH_CHACHA20_POLY1305_SHA256;
+ case "ECDHEPSKWITHCHACHA20POLY1305SHA256":
+ return ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
+ case "DHEPSKWITHCHACHA20POLY1305SHA256":
+ return DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
+ case "RSAPSKWITHCHACHA20POLY1305SHA256":
+ return RSA_PSK_WITH_CHACHA20_POLY1305_SHA256;
+
+ default:
+ throw new Exception(string.Format(
+ "Unknown cipher suite: '{0}'", s));
+ }
+ }
+
/*
* Get a human-readable name for a hash-and-sign algorithm.
*/
}
}
+ /*
+ * Parse a hash-and-sign name.
+ */
+ public static int GetHashAndSignByName(string s)
+ {
+ string t = s.Trim().Replace(" ", "").Replace("_", "")
+ .Replace("-", "").Replace("/", "")
+ .ToUpperInvariant();
+ switch (t) {
+ case "RSAMD5": return RSA_MD5;
+ case "RSASHA1": return RSA_SHA1;
+ case "RSASHA224": return RSA_SHA224;
+ case "RSASHA256": return RSA_SHA256;
+ case "RSASHA384": return RSA_SHA384;
+ case "RSASHA512": return RSA_SHA512;
+ case "ECDSAMD5": return ECDSA_MD5;
+ case "ECDSASHA1": return ECDSA_SHA1;
+ case "ECDSASHA224": return ECDSA_SHA224;
+ case "ECDSASHA256": return ECDSA_SHA256;
+ case "ECDSASHA384": return ECDSA_SHA384;
+ case "ECDSASHA512": return ECDSA_SHA512;
+ default:
+ throw new Exception(string.Format(
+ "Unknown hash-and-sign: '{0}'", s));
+ }
+ }
+
/*
* Get a human-readable name for a curve.
*/
}
}
+ /*
+ * Get a curve by name.
+ */
+ public static int GetCurveByName(string s)
+ {
+ string t = s.Trim().Replace(" ", "").Replace("_", "")
+ .Replace("-", "").ToLowerInvariant();
+ switch (t) {
+ case "c25519":
+ case "curve25519":
+ return Curve25519;
+ case "secp256r1":
+ case "p256":
+ case "nistp256":
+ case "prime256":
+ case "prime256v1":
+ return NIST_P256;
+ case "secp384r1":
+ case "p384":
+ case "nistp384":
+ return NIST_P384;
+ case "secp521r1":
+ case "p521":
+ case "nistp521":
+ return NIST_P521;
+ default:
+ throw new Exception(string.Format(
+ "Unknown curve: '{0}'", s));
+ }
+ }
+
/*
* Extract the public key from an encoded X.509 certificate.
* This does NOT make any attempt at validating the certificate.
projects / BoarSSL / commitdiff