Beispiel #1
0
        void Read(TlsBuffer incoming)
        {
            if (incoming.Remaining == 0)
            {
                return;
            }

            var length = incoming.ReadInt16();

            if (incoming.Remaining != length)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            while (incoming.Remaining > 0)
            {
                var extensionType = (ExtensionType)incoming.ReadInt16();
                length = incoming.ReadInt16();
                var extensionBuffer = incoming.ReadBuffer(length);

                var extension = CreateExtension(extensionType, extensionBuffer);
                if (extension != null)
                {
                    Add(extension);
                }
            }
        }
Beispiel #2
0
		protected override void Read (TlsBuffer incoming)
		{
			ClientRandom = new SecureBuffer (incoming.ReadBytes (32));

			var length = (short)incoming.ReadByte ();
			SessionID = new SecureBuffer (incoming.ReadBytes (length));

			length = incoming.ReadInt16 ();
			if ((length % 2) != 0)
				throw new TlsException (AlertDescription.DecodeError);

			bool seenSCSV = false;
			ClientCiphers = new CipherSuiteCode [length >> 1];
			for (int i = 0; i < ClientCiphers.Length; i++) {
				ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 ();
				if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
					seenSCSV = true;
			}

			// Compression methods
			length = incoming.ReadByte ();
			incoming.Position += length;

			Extensions = new TlsExtensionCollection (incoming);

			if (seenSCSV)
				Extensions.AddRenegotiationExtension ();
		}
Beispiel #3
0
        public ServerNameExtension(TlsBuffer incoming)
        {
            if (incoming.Remaining == 0)
            {
                return;
            }
            var length = incoming.ReadInt16();

            if (length != incoming.Remaining)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }
            var type = incoming.ReadByte();

            if (type != 0x00)
            {
                throw new TlsException(AlertDescription.IlegalParameter, "Unknown NameType in ServerName extension");
            }
            var nameLength = incoming.ReadInt16();

            if (nameLength + 3 != length)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }
            ServerName = Encoding.ASCII.GetString(incoming.ReadBytes(nameLength));
        }
Beispiel #4
0
        public override void ReadServer(TlsBuffer incoming)
        {
            P = incoming.ReadBytes(incoming.ReadInt16());
            G = incoming.ReadBytes(incoming.ReadInt16());
            Y = incoming.ReadBytes(incoming.ReadInt16());

            Signature = Signature.Read(protocol, incoming);
        }
Beispiel #5
0
		public override void ReadServer (TlsBuffer incoming)
		{
			P = incoming.ReadBytes (incoming.ReadInt16 ());
			G = incoming.ReadBytes (incoming.ReadInt16 ());
			Y = incoming.ReadBytes (incoming.ReadInt16 ());

			Signature = Signature.Read (protocol, incoming);
		}
Beispiel #6
0
        public override void ReadServer(TlsBuffer incoming)
        {
            P = incoming.ReadBytes(incoming.ReadInt16());
            G = incoming.ReadBytes(incoming.ReadInt16());
            Y = incoming.ReadBytes(incoming.ReadInt16());

            SignatureAlgorithm = new SignatureAndHashAlgorithm(incoming);
            Signature          = incoming.ReadSecureBuffer(incoming.ReadInt16());
        }
Beispiel #7
0
        protected override void Read(TlsBuffer incoming)
        {
            var length = incoming.ReadByte();

            for (int i = 0; i < length; i++)
            {
                Parameters.CertificateTypes.Add((ClientCertificateType)incoming.ReadByte());
            }

            if (Protocol == TlsProtocolCode.Tls12)
            {
                var length2 = incoming.ReadInt16();
                if ((length2 % 2) != 0)
                {
                    throw new TlsException(AlertDescription.IlegalParameter);
                }
                var signatureTypes = new SignatureAndHashAlgorithm [length2 >> 1];
                for (int i = 0; i < signatureTypes.Length; i++)
                {
                    Parameters.SignatureParameters.SignatureAndHashAlgorithms.Add(SignatureHelper.DecodeSignatureAndHashAlgorithm(incoming));
                }
            }

            var length3 = incoming.ReadInt16();

            if (incoming.Remaining != length3)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            /*
             * Read requested certificate authorities (Distinguised Names)
             *
             * Name ::= SEQUENCE OF RelativeDistinguishedName
             *
             * RelativeDistinguishedName ::= SET OF AttributeValueAssertion
             *
             * AttributeValueAssertion ::= SEQUENCE {
             *     attributeType OBJECT IDENTIFIER
             *     attributeValue ANY
             * }
             *
             */

            while (incoming.Remaining > 0)
            {
                var rdn = new ASN1(incoming.ReadBytes(incoming.ReadInt16()));
                Parameters.CertificateAuthorities.Add(X501.ToString(rdn));
            }
        }
Beispiel #8
0
		public ServerNameExtension (TlsBuffer incoming)
		{
			if (incoming.Remaining == 0)
				return;
			var length = incoming.ReadInt16 ();
			if (length != incoming.Remaining)
				throw new TlsException (AlertDescription.DecodeError);
			var type = incoming.ReadByte ();
			if (type != 0x00)
				throw new TlsException (AlertDescription.IlegalParameter, "Unknown NameType in ServerName extension");
			var nameLength = incoming.ReadInt16 ();
			if (nameLength + 3 != length)
				throw new TlsException (AlertDescription.DecodeError);
			ServerName = Encoding.ASCII.GetString (incoming.ReadBytes (nameLength));
		}
Beispiel #9
0
		public TlsClientHello (TlsContext context, TlsBuffer incoming)
			: base (HandshakeType.ClientHello)
		{
			ClientProtocol = (TlsProtocolCode)incoming.ReadInt16 ();

			Read (incoming);
		}
Beispiel #10
0
        public TlsServerHello(TlsContext context, TlsBuffer incoming)
            : base(HandshakeType.ServerHello)
        {
            ServerProtocol = (TlsProtocolCode)incoming.ReadInt16();

            Read(incoming);
        }
Beispiel #11
0
		public TlsServerHello (TlsContext context, TlsBuffer incoming)
			: base (HandshakeType.ServerHello)
		{
			ServerProtocol = (TlsProtocolCode)incoming.ReadInt16 ();

			Read (incoming);
		}
Beispiel #12
0
        public TlsClientHello(TlsContext context, TlsBuffer incoming)
            : base(HandshakeType.ClientHello)
        {
            ClientProtocol = (TlsProtocolCode)incoming.ReadInt16();

            Read(incoming);
        }
Beispiel #13
0
        protected override void Read(TlsBuffer incoming)
        {
            // Server random
            ServerRandom = new SecureBuffer(incoming.ReadBytes(32));

            // Session ID
            var sessionIdLength = (int)incoming.ReadByte();

            if (sessionIdLength > 0)
            {
                SessionID = new SecureBuffer(incoming.ReadBytes(sessionIdLength));
            }

            // Cipher suite
            SelectedCipher = (CipherSuiteCode)incoming.ReadInt16();

            var compressionMethod = incoming.ReadByte();

            if (compressionMethod != 0)
            {
                throw new TlsException(AlertDescription.IlegalParameter, "Invalid compression method received from server");
            }

            Extensions = new TlsExtensionCollection(incoming);
        }
Beispiel #14
0
        public override void ReadServer(TlsBuffer incoming)
        {
            curveType = (ECCurveType)incoming.ReadByte();

            //  Currently, we only support named curves
            if (curveType == ECCurveType.named_curve)
            {
                namedCurve = (NamedCurve)incoming.ReadInt16();

                // TODO Check namedCurve is one we offered?
                domainParameters = NamedCurveHelper.GetECParameters(namedCurve);
            }
            else
            {
                // TODO Add support for explicit curve parameters
                throw new TlsException(AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
            }

            var publicLength = incoming.ReadByte();

            publicBytes = incoming.ReadBytes(publicLength);

            // TODO Check RFC 4492 for validation
            serverQ = domainParameters.Curve.DecodePoint(publicBytes);

            Signature = Signature.Read(TlsProtocolCode.Tls12, incoming);
        }
Beispiel #15
0
        public TlsClientHello(TlsContext context, TlsBuffer incoming)
            : base(HandshakeType.ClientHello)
        {
            // FIXME: Fallback
            ClientProtocol = (TlsProtocolCode)incoming.ReadInt16();
            context.VerifyServerProtocol(ClientProtocol);

            Read(incoming);
        }
Beispiel #16
0
        public TlsServerHello(TlsContext context, TlsBuffer incoming)
            : base(HandshakeType.ServerHello)
        {
            // Read and verify protocol version
            ServerProtocol = (TlsProtocolCode)incoming.ReadInt16();
            context.VerifyServerProtocol(ServerProtocol);

            Read(incoming);
        }
Beispiel #17
0
		public SignatureAlgorithmsExtension (TlsBuffer incoming)
		{
			var length = incoming.ReadInt16 ();
			if ((length % 2) != 0)
				throw new TlsException (AlertDescription.DecodeError);

			SignatureParameters = new SignatureParameters ();

			var count = length >> 1;
			for (int i = 0; i < count; i++) {
				SignatureParameters.SignatureAndHashAlgorithms.Add (new SignatureAndHashAlgorithm (incoming));
			}
 		}
Beispiel #18
0
		protected override void Read (TlsBuffer incoming)
		{
			var length = incoming.ReadByte ();
			for (int i = 0; i < length; i++)
				Parameters.CertificateTypes.Add ((ClientCertificateType)incoming.ReadByte ());

			if (Protocol == TlsProtocolCode.Tls12) {
				var length2 = incoming.ReadInt16 ();
				if ((length2 % 2) != 0)
					throw new TlsException (AlertDescription.IlegalParameter);
				var signatureTypes = new SignatureAndHashAlgorithm [length2 >> 1];
				for (int i = 0; i < signatureTypes.Length; i++)
					Parameters.SignatureParameters.SignatureAndHashAlgorithms.Add (new SignatureAndHashAlgorithm (incoming));
			}

			var length3 = incoming.ReadInt16 ();
			if (incoming.Remaining != length3)
				throw new TlsException (AlertDescription.DecodeError);

			/*
			 * Read requested certificate authorities (Distinguised Names)
			 *
			 * Name ::= SEQUENCE OF RelativeDistinguishedName
			 *
			 * RelativeDistinguishedName ::= SET OF AttributeValueAssertion
			 *
			 * AttributeValueAssertion ::= SEQUENCE {
			 *     attributeType OBJECT IDENTIFIER
			 *     attributeValue ANY
			 * }
			 *
			 */

			while (incoming.Remaining > 0) {
				var rdn = new ASN1 (incoming.ReadBytes (incoming.ReadInt16 ()));
				Parameters.CertificateAuthorities.Add (X501.ToString (rdn));
			}
		}
Beispiel #19
0
        protected override void Read(TlsBuffer incoming)
        {
            ClientRandom = new SecureBuffer(incoming.ReadBytes(32));

            var length = (short)incoming.ReadByte();

            SessionID = new SecureBuffer(incoming.ReadBytes(length));

            length = incoming.ReadInt16();
            if ((length % 2) != 0)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            bool seenSCSV = false;

            ClientCiphers = new CipherSuiteCode [length >> 1];
            for (int i = 0; i < ClientCiphers.Length; i++)
            {
                ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16();
                if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
                {
                    seenSCSV = true;
                }
            }

            // Compression methods
            length             = incoming.ReadByte();
            incoming.Position += length;

            Extensions = new TlsExtensionCollection(incoming);

            if (seenSCSV)
            {
                Extensions.AddRenegotiationExtension();
            }
        }
Beispiel #20
0
        public SignatureAlgorithmsExtension(TlsBuffer incoming)
        {
            var length = incoming.ReadInt16();

            if ((length % 2) != 0)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            SignatureParameters = new SignatureParameters();

            var count = length >> 1;

            for (int i = 0; i < count; i++)
            {
                SignatureParameters.SignatureAndHashAlgorithms.Add(SignatureHelper.DecodeSignatureAndHashAlgorithm(incoming));
            }
        }
Beispiel #21
0
        public SignatureAlgorithmsExtension(TlsBuffer incoming)
        {
            var length = incoming.ReadInt16();

            if ((length % 2) != 0)
            {
                throw new TlsException(AlertDescription.DecodeError);
            }

            var count      = length >> 1;
            var algorithms = new List <SignatureAndHashAlgorithm> (count);

            for (int i = 0; i < count; i++)
            {
                algorithms.Add(new SignatureAndHashAlgorithm(incoming));
            }

            Algorithms = algorithms;
        }
Beispiel #22
0
		protected override void Read (TlsBuffer incoming)
		{
			// Server random
			ServerRandom = new SecureBuffer (incoming.ReadBytes (32));

			// Session ID
			var sessionIdLength = (int)incoming.ReadByte ();
			if (sessionIdLength > 0) {
				SessionID = new SecureBuffer (incoming.ReadBytes (sessionIdLength));
			}

			// Cipher suite
			SelectedCipher = (CipherSuiteCode)incoming.ReadInt16 ();

			var compressionMethod = incoming.ReadByte ();
			if (compressionMethod != 0)
				throw new TlsException (AlertDescription.IlegalParameter, "Invalid compression method received from server");

			Extensions = new TlsExtensionCollection (incoming);
		}
Beispiel #23
0
		public SignatureTls10 (TlsBuffer incoming)
		{
			Signature = Add (incoming.ReadSecureBuffer (incoming.ReadInt16 ()));
		}
Beispiel #24
0
 public override void ReadClient(TlsBuffer incoming)
 {
     encryptedPreMasterSecret = incoming.ReadBytes(incoming.ReadInt16());
 }
Beispiel #25
0
 public SignatureTls12(TlsBuffer incoming)
 {
     SignatureAlgorithm = SignatureHelper.DecodeSignatureAndHashAlgorithm(incoming);
     Signature          = Add(incoming.ReadSecureBuffer(incoming.ReadInt16()));
 }
Beispiel #26
0
 protected override void Read(TlsBuffer incoming)
 {
     Algorithm = new SignatureAndHashAlgorithm(incoming);
     Signature = incoming.ReadSecureBuffer(incoming.ReadInt16());
 }
Beispiel #27
0
 public override void ReadClient(TlsBuffer incoming)
 {
     Y = incoming.ReadBytes(incoming.ReadInt16());
 }
Beispiel #28
0
		public override void ReadServer (TlsBuffer incoming)
		{
			curveType = (ECCurveType)incoming.ReadByte ();

			//  Currently, we only support named curves
			if (curveType == ECCurveType.named_curve) {
				namedCurve = (NamedCurve)incoming.ReadInt16 ();

				// TODO Check namedCurve is one we offered?
				domainParameters = NamedCurveHelper.GetECParameters (namedCurve);
			} else {
				// TODO Add support for explicit curve parameters
				throw new TlsException (AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
			}

			var publicLength = incoming.ReadByte ();
			publicBytes = incoming.ReadBytes (publicLength);

			// TODO Check RFC 4492 for validation
			serverQ = domainParameters.Curve.DecodePoint (publicBytes);

			Signature = Signature.Read (TlsProtocolCode.Tls12, incoming);
		}
Beispiel #29
0
		public SignatureTls12 (TlsBuffer incoming)
		{
			SignatureAlgorithm = new SignatureAndHashAlgorithm (incoming);
			Signature = Add (incoming.ReadSecureBuffer (incoming.ReadInt16 ()));
		}
Beispiel #30
0
		public override void ReadClient (TlsBuffer incoming)
		{
			Y = incoming.ReadBytes (incoming.ReadInt16 ());
		}
Beispiel #31
0
 public SignatureTls10(TlsBuffer incoming)
 {
     Signature = Add(incoming.ReadSecureBuffer(incoming.ReadInt16()));
 }
Beispiel #32
0
		bool ReadStandardBuffer (ContentType contentType, ref TlsBuffer buffer)
		{
			if (buffer.Remaining < 4)
				throw new TlsException (
					AlertDescription.DecodeError, "buffer underrun");

			short protocolCode = buffer.ReadInt16 ();
			short length = buffer.ReadInt16 ();

			#if DEBUG_FULL
			if (EnableDebugging) {
				DebugHelper.WriteLine ("ReadStandardBuffer: {0:x} {1:x}", protocolCode, length);
				DebugHelper.WriteRemaining ("  Buffer", buffer);
			}
			#endif

			if (HasNegotiatedProtocol) {
				var protocol = (TlsProtocolCode)protocolCode;
				if (protocol != NegotiatedProtocol)
					throw new TlsException (AlertDescription.ProtocolVersion);
			} else {
				if ((protocolCode >> 8 != 3) || ((protocolCode & 0x00ff) < 1))
					throw new TlsException (AlertDescription.ProtocolVersion);
			}

			if (length != buffer.Remaining)
				throw new TlsException (
					AlertDescription.DecodeError, "Invalid buffer size");

			return DecryptRecordFragment (contentType, ref buffer);
		}
Beispiel #33
0
		public override void ReadClient (TlsBuffer incoming)
		{
			encryptedPreMasterSecret = incoming.ReadBytes (incoming.ReadInt16 ());
		}