public TlsKeyExchange CreateKeyExchange()
{
switch (selectedCipherSuite)
{
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_RSA_WITH_AES_128_CBC_SHA:
case TLS_RSA_WITH_AES_256_CBC_SHA:
return(CreateRsaKeyExchange());
case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
return(CreateDHKeyExchange(TlsKeyExchangeAlgorithm.KE_DH_DSS));
case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
return(CreateDHKeyExchange(TlsKeyExchangeAlgorithm.KE_DH_RSA));
case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
return(CreateDHKeyExchange(TlsKeyExchangeAlgorithm.KE_DHE_DSS));
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return(CreateDHKeyExchange(TlsKeyExchangeAlgorithm.KE_DHE_RSA));
case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
case TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
case TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
return(CreateSrpExchange(TlsKeyExchangeAlgorithm.KE_SRP));
case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
return(CreateSrpExchange(TlsKeyExchangeAlgorithm.KE_SRP_RSA));
case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
return(CreateSrpExchange(TlsKeyExchangeAlgorithm.KE_SRP_DSS));
default:
/*
* Note: internal error here; the TlsProtocolHandler verifies that the
* server-selected cipher suite was in the list of client-offered cipher
* suites, so if we now can't produce an implementation, we shouldn't have
* offered it!
*/
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error);
return(null); // Unreachable!
}
}