static void SendStartTlsCallback(IAsyncResult result)     //7
 {
     if (!result.CompletedSynchronously)
     {
         ConnectAndHandshakeAsyncResult thisPtr = (ConnectAndHandshakeAsyncResult)result.AsyncState;
         try
         {
             StartTlsCommand.EndSend(result);
             TlsStream TlsStream = new TlsStream(
                 thisPtr.connection.pooledStream.ServicePoint.Host,
                 thisPtr.connection.pooledStream.NetworkStream,
                 ServicePointManager.CheckCertificateRevocationList,
                 (SslProtocols)ServicePointManager.SecurityProtocol,
                 thisPtr.connection.ClientCertificates,
                 thisPtr.connection.pooledStream.ServicePoint,
                 thisPtr.connection.client, thisPtr.m_OuterResult.ContextCopy);
             thisPtr.connection.pooledStream.NetworkStream = TlsStream;
             thisPtr.connection.responseReader             = new SmtpReplyReaderFactory(thisPtr.connection.pooledStream.NetworkStream);
             thisPtr.SendEHello();
         }
         catch (Exception e)
         {
             thisPtr.InvokeCallback(e);
         }
     }
 }
		public override void Update()
		{
			base.Update();

			this.Context.SessionId			= this.sessionId;
			this.Context.ServerRandom		= this.random;
			this.Context.Cipher				= this.cipherSuite;
			this.Context.CompressionMethod	= this.compressionMethod;
			this.Context.ProtocolNegotiated	= true;

			DebugHelper.WriteLine("Selected Cipher Suite {0}", this.cipherSuite.Name);
			DebugHelper.WriteLine("Client random", this.Context.ClientRandom);
			DebugHelper.WriteLine("Server random", this.Context.ServerRandom);
			
			// Compute ClientRandom + ServerRandom
			TlsStream random = new TlsStream();
			random.Write(this.Context.ClientRandom);
			random.Write(this.Context.ServerRandom);
			this.Context.RandomCS = random.ToArray();
			
			// Server Random + Client Random
			random.Reset();
			random.Write(this.Context.ServerRandom);
			random.Write(this.Context.ClientRandom);

			this.Context.RandomSC = random.ToArray();
			random.Reset();
		}
Beispiel #3
0
		protected override void Encode (TlsStream stream)
		{
			// requested client version
			stream.Write ((short)ClientProtocol);

			// Random bytes - Unix time + Radom bytes [28]
			stream.Write (ClientRandom.Buffer);

			// Session id
			if (SessionID != null) {
				stream.Write ((byte)SessionID.Size);
				stream.Write (SessionID.Buffer);
			} else {
				stream.Write ((byte)0);
			}

			// Write Supported Cipher suites
			stream.Write ((short)(ClientCiphers.Length * 2));
			for (int i = 0; i < ClientCiphers.Length; i++)
				stream.Write ((short)ClientCiphers [i]);

			// Compression methods length
			stream.Write((byte)1);

			// Compression methods ( 0 = none )
			stream.Write ((byte)0);

			Extensions.Write (stream);
		}
Beispiel #4
0
        private void verifySignature()
        {
            MD5SHA1 hash = new MD5SHA1();

            // Calculate size of server params
            int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;

            // Create server params array
            TlsStream stream = new TlsStream();

            stream.Write(this.Context.RandomCS);
            stream.Write(this.ToArray(), 0, size);

            hash.ComputeHash(stream.ToArray());

            stream.Reset();

            bool isValidSignature = hash.VerifySignature(
                this.Context.ServerSettings.CertificateRSA,
                this.signedParams);

            if (!isValidSignature)
            {
                throw new TlsException(
                          AlertDescription.DecodeError,
                          "Data was not signed with the server certificate.");
            }
        }
Beispiel #5
0
        protected override void ProcessAsTls1()
        {
            ProcessAsSsl3();

            // If applicable add the "server_name" extension to the hello message
            // http://www.ietf.org/rfc/rfc3546.txt
            var host = Context.ClientSettings.TargetHost;
            // Our TargetHost might be an address (not a host *name*) - see bug #8553
            // RFC3546 -> Literal IPv4 and IPv6 addresses are not permitted in "HostName".
            IPAddress addr;

            if (IPAddress.TryParse(host, out addr))
            {
                return;
            }

            var extensions  = new TlsStream();
            var server_name = Encoding.UTF8.GetBytes(host);

            extensions.Write((short)0x0000);                   // ExtensionType: server_name (0)
            extensions.Write((short)(server_name.Length + 5)); // ServerNameList (length)
            extensions.Write((short)(server_name.Length + 3)); // ServerName (length)
            extensions.Write((byte)0x00);                      // NameType: host_name (0)
            extensions.Write((short)server_name.Length);       // HostName (length)
            extensions.Write(server_name);                     // HostName (UTF8)
            Write((short)extensions.Length);
            Write(extensions.ToArray());
        }
        protected override void Encode(TlsStream stream)
        {
            stream.Write((byte)Parameters.CertificateTypes.Count);
            for (int i = 0; i < Parameters.CertificateTypes.Count; i++)
            {
                stream.Write((byte)Parameters.CertificateTypes [i]);
            }

            if (Protocol == TlsProtocolCode.Tls12)
            {
                var count = Parameters.HasSignatureParameters ? Parameters.SignatureParameters.SignatureAndHashAlgorithms.Count : 0;
                stream.Write((short)(count * 2));
                for (int i = 0; i < count; i++)
                {
                    SignatureHelper.EncodeSignatureAndHashAlgorithm(Parameters.SignatureParameters.SignatureAndHashAlgorithms [i], stream);
                }
            }

            var startPos = stream.Position;

            stream.Write((short)0);
            foreach (var issuer in Parameters.CertificateAuthorities)
            {
                var bytes = X501.FromString(issuer).GetBytes();
                stream.Write((short)bytes.Length);
                stream.Write(bytes);
            }
            var endPos = stream.Position;

            stream.Position = startPos;
            stream.Write((short)(endPos - startPos - 2));
            stream.Position = endPos;
        }
Beispiel #7
0
        protected override void Encode(TlsStream stream)
        {
            // requested client version
            stream.Write((short)ClientProtocol);

            // Random bytes - Unix time + Radom bytes [28]
            stream.Write(ClientRandom.Buffer);

            // Session id
            if (SessionID != null)
            {
                stream.Write((byte)SessionID.Size);
                stream.Write(SessionID.Buffer);
            }
            else
            {
                stream.Write((byte)0);
            }

            // Write Supported Cipher suites
            stream.Write((short)(ClientCiphers.Length * 2));
            for (int i = 0; i < ClientCiphers.Length; i++)
            {
                stream.Write((short)ClientCiphers [i]);
            }

            // Compression methods length
            stream.Write((byte)1);

            // Compression methods ( 0 = none )
            stream.Write((byte)0);

            Extensions.Write(stream);
        }
        public override void Update()
        {
            base.Update();

            TlsStream random = new TlsStream();

            // Compute Server Random
            random.Write(this.unixTime);
            random.Write(this.random);

            this.Context.ServerRandom = random.ToArray();

            // Compute ClientRandom + ServerRandom
            random.Reset();
            random.Write(this.Context.ClientRandom);
            random.Write(this.Context.ServerRandom);

            this.Context.RandomCS = random.ToArray();

            // Server Random + Client Random
            random.Reset();
            random.Write(this.Context.ServerRandom);
            random.Write(this.Context.ClientRandom);

            this.Context.RandomSC = random.ToArray();

            random.Reset();
        }
Beispiel #9
0
 protected virtual void CompleteHandshake()
 {
     try
     {
         mRecordStream.FinaliseHandshake();
         mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context);
         if (!mAppDataReady)
         {
             mAppDataReady = true;
             if (mBlocking)
             {
                 mTlsStream = new TlsStream(this);
             }
         }
         if (mTlsSession != null)
         {
             if (mSessionParameters == null)
             {
                 mSessionParameters = new SessionParameters.Builder().SetCipherSuite(mSecurityParameters.CipherSuite).SetCompressionAlgorithm(mSecurityParameters.CompressionAlgorithm).SetMasterSecret(mSecurityParameters.MasterSecret)
                                      .SetPeerCertificate(mPeerCertificate)
                                      .SetPskIdentity(mSecurityParameters.PskIdentity)
                                      .SetSrpIdentity(mSecurityParameters.SrpIdentity)
                                      .SetServerExtensions(mServerExtensions)
                                      .Build();
                 mTlsSession = new TlsSessionImpl(mTlsSession.SessionID, mSessionParameters);
             }
             ContextAdmin.SetResumableSession(mTlsSession);
         }
         Peer.NotifyHandshakeComplete();
     }
     finally
     {
         CleanupHandshake();
     }
 }
        protected override void ProcessAsTls1()
        {
            base.Write(base.Context.Protocol);
            TlsStream tlsStream = new TlsStream();

            tlsStream.Write(base.Context.GetUnixTime());
            tlsStream.Write(base.Context.GetSecureRandomBytes(28));
            this.random = tlsStream.ToArray();
            tlsStream.Reset();
            base.Write(this.random);
            base.Context.SessionId = ClientSessionCache.FromHost(base.Context.ClientSettings.TargetHost);
            if (base.Context.SessionId != null)
            {
                base.Write((byte)base.Context.SessionId.Length);
                if (base.Context.SessionId.Length > 0)
                {
                    base.Write(base.Context.SessionId);
                }
            }
            else
            {
                base.Write(0);
            }
            base.Write((short)(base.Context.SupportedCiphers.Count * 2));
            for (int i = 0; i < base.Context.SupportedCiphers.Count; i++)
            {
                base.Write(base.Context.SupportedCiphers[i].Code);
            }
            base.Write(1);
            base.Write((byte)base.Context.CompressionMethod);
        }
		protected override void Encode (TlsStream stream)
		{
			stream.Write ((byte)Parameters.CertificateTypes.Count);
			for (int i = 0; i < Parameters.CertificateTypes.Count; i++)
				stream.Write ((byte)Parameters.CertificateTypes [i]);

			if (Protocol == TlsProtocolCode.Tls12) {
				var count = Parameters.HasSignatureParameters ? Parameters.SignatureParameters.SignatureAndHashAlgorithms.Count : 0;
				stream.Write ((short)(count * 2));
				for (int i = 0; i < count; i++)
					Parameters.SignatureParameters.SignatureAndHashAlgorithms [i].Encode (stream);
			}

			var startPos = stream.Position;
			stream.Write ((short)0);
			foreach (var issuer in Parameters.CertificateAuthorities) {
				var bytes = X501.FromString (issuer).GetBytes ();
				stream.Write ((short)bytes.Length);
				stream.Write (bytes);
			}
			var endPos = stream.Position;
			stream.Position = startPos;
			stream.Write ((short)(endPos - startPos - 2));
			stream.Position = endPos;
		}
Beispiel #12
0
        protected override void ProcessAsTls1()
        {
            ServerContext context = (ServerContext)this.Context;
            int           length  = context.ServerSettings.CertificateTypes.Length;

            this.WriteByte(Convert.ToByte(length));
            for (int index = 0; index < length; ++index)
            {
                this.WriteByte((byte)context.ServerSettings.CertificateTypes[index]);
            }
            if (context.ServerSettings.DistinguisedNames.Length > 0)
            {
                TlsStream tlsStream = new TlsStream();
                foreach (string distinguisedName in context.ServerSettings.DistinguisedNames)
                {
                    byte[] bytes = X501.FromString(distinguisedName).GetBytes();
                    tlsStream.Write((short)bytes.Length);
                    tlsStream.Write(bytes);
                }
                this.Write((short)tlsStream.Length);
                this.Write(tlsStream.ToArray());
            }
            else
            {
                this.Write((short)0);
            }
        }
		protected override void ProcessAsSsl3()
		{
			// Compute handshake messages hashes
			HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);

			TlsStream data = new TlsStream();
			data.Write(this.Context.HandshakeMessages.ToArray());
			data.Write((int)0x53525652);
			
			hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);

			data.Reset();

			byte[] serverHash	= this.ReadBytes((int)Length);			
			byte[] clientHash	= hash.Hash;
			
			// Check server prf against client prf
			if (clientHash.Length != serverHash.Length)
			{
#warning Review that selected alert is correct
				throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received.");
			}
			for (int i = 0; i < serverHash.Length; i++)
			{
				if (clientHash[i] != serverHash[i])
				{
					throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received.");
				}
			}
		}
		public override void Update()
		{
			base.Update();

			TlsStream random = new TlsStream();

			// Compute Server Random
			random.Write(this.unixTime);
			random.Write(this.random);

			this.Context.ServerRandom = random.ToArray();

			// Compute ClientRandom + ServerRandom
			random.Reset();
			random.Write(this.Context.ClientRandom);
			random.Write(this.Context.ServerRandom);

			this.Context.RandomCS = random.ToArray();

			// Server Random + Client Random
			random.Reset();
			random.Write(this.Context.ServerRandom);
			random.Write(this.Context.ClientRandom);

			this.Context.RandomSC = random.ToArray();

			random.Reset();
		}
Beispiel #15
0
        protected override void Encode(TlsStream stream)
        {
            stream.Write((byte)Parameters.CertificateTypes.Count);
            for (int i = 0; i < Parameters.CertificateTypes.Count; i++)
            {
                stream.Write((byte)Parameters.CertificateTypes [i]);
            }
            stream.Write((short)(Parameters.SignatureAndHashAlgorithms.Count * 2));
            for (int i = 0; i < Parameters.SignatureAndHashAlgorithms.Count; i++)
            {
                Parameters.SignatureAndHashAlgorithms [i].Encode(stream);
            }

            var startPos = stream.Position;

            stream.Write((short)0);
            foreach (var issuer in Parameters.CertificateAuthorities)
            {
                var bytes = X501.FromString(issuer).GetBytes();
                stream.Write((short)bytes.Length);
                stream.Write(bytes);
            }
            var endPos = stream.Position;

            stream.Position = startPos;
            stream.Write((short)(endPos - startPos - 2));
            stream.Position = endPos;
        }
        protected override void ProcessAsTls1()
        {
            ServerContext serverContext = (ServerContext)base.Context;
            int           num           = serverContext.ServerSettings.CertificateTypes.Length;

            WriteByte(Convert.ToByte(num));
            for (int i = 0; i < num; i++)
            {
                WriteByte((byte)serverContext.ServerSettings.CertificateTypes[i]);
            }
            if (serverContext.ServerSettings.DistinguisedNames.Length > 0)
            {
                TlsStream tlsStream         = new TlsStream();
                string[]  distinguisedNames = serverContext.ServerSettings.DistinguisedNames;
                foreach (string rdn in distinguisedNames)
                {
                    byte[] bytes = X501.FromString(rdn).GetBytes();
                    tlsStream.Write((short)bytes.Length);
                    tlsStream.Write(bytes);
                }
                Write((short)tlsStream.Length);
                Write(tlsStream.ToArray());
            }
            else
            {
                Write((short)0);
            }
        }
Beispiel #17
0
        protected override void ProcessAsTls1()
        {
            // Client Version
            this.Write(this.Context.Protocol);

            // Random bytes - Unix time + Radom bytes [28]
            TlsStream clientRandom = new TlsStream();

            clientRandom.Write(this.Context.GetUnixTime());
            clientRandom.Write(this.Context.GetSecureRandomBytes(28));
            this.random = clientRandom.ToArray();
            clientRandom.Reset();

            this.Write(this.random);

            // Session id
            // Check if we have a cache session we could reuse
            this.Context.SessionId = ClientSessionCache.FromHost(this.Context.ClientSettings.TargetHost);
            if (this.Context.SessionId != null)
            {
                this.Write((byte)this.Context.SessionId.Length);
                if (this.Context.SessionId.Length > 0)
                {
                    this.Write(this.Context.SessionId);
                }
            }
            else
            {
                this.Write((byte)0);
            }

            // Write length of Cipher suites
            this.Write((short)(this.Context.SupportedCiphers.Count * 2));

            // Write Supported Cipher suites
            for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)
            {
                this.Write((short)this.Context.SupportedCiphers[i].Code);
            }

            // Compression methods length
            this.Write((byte)1);

            // Compression methods ( 0 = none )
            this.Write((byte)this.Context.CompressionMethod);

            // http://www.ietf.org/rfc/rfc3546.txt
            TlsStream extensions = new TlsStream();

            byte[] server_name = System.Text.Encoding.UTF8.GetBytes(Context.ClientSettings.TargetHost);
            extensions.Write((short)0x0000);                                    // ExtensionType: server_name (0)
            extensions.Write((short)(server_name.Length + 5));                  // ServerNameList (length)
            extensions.Write((short)(server_name.Length + 3));                  // ServerName (length)
            extensions.Write((byte)0x00);                                       // NameType: host_name (0)
            extensions.Write((short)server_name.Length);                        // HostName (length)
            extensions.Write(server_name);                                      // HostName (UTF8)
            this.Write((short)extensions.Length);
            this.Write(extensions.ToArray());
        }
		protected override void ProcessAsTls1()
		{
			// Client Version
			this.Write(this.Context.Protocol);
								
			// Random bytes - Unix time + Radom bytes [28]
			TlsStream clientRandom = new TlsStream();
			clientRandom.Write(this.Context.GetUnixTime());
			clientRandom.Write(this.Context.GetSecureRandomBytes(28));
			this.random = clientRandom.ToArray();
			clientRandom.Reset();

			this.Write(this.random);

			// Session id
			// Check if we have a cache session we could reuse
			this.Context.SessionId = ClientSessionCache.FromHost (this.Context.ClientSettings.TargetHost);
			if (this.Context.SessionId != null)
			{
				this.Write((byte)this.Context.SessionId.Length);
				if (this.Context.SessionId.Length > 0)
				{
					this.Write(this.Context.SessionId);
				}
			}
			else
			{
				this.Write((byte)0);
			}
			
			// Write length of Cipher suites			
			this.Write((short)(this.Context.SupportedCiphers.Count*2));

			// Write Supported Cipher suites
			for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)
			{
				this.Write((short)this.Context.SupportedCiphers[i].Code);
			}

			// Compression methods length
			this.Write((byte)1);
			
			// Compression methods ( 0 = none )
			this.Write((byte)this.Context.CompressionMethod);

			// http://www.ietf.org/rfc/rfc3546.txt
			TlsStream extensions = new TlsStream ();
			byte[] server_name = System.Text.Encoding.UTF8.GetBytes (Context.ClientSettings.TargetHost);
			extensions.Write ((short) 0x0000);			// ExtensionType: server_name (0)
			extensions.Write ((short) (server_name.Length + 5));	// ServerNameList (length)
			extensions.Write ((short) (server_name.Length + 3));	// ServerName (length)
			extensions.Write ((byte) 0x00);				// NameType: host_name (0)
			extensions.Write ((short) server_name.Length);		// HostName (length)
			extensions.Write (server_name);				// HostName (UTF8)
			this.Write ((short) extensions.Length);
			this.Write (extensions.ToArray ());
		}
Beispiel #19
0
        public override void WriteServer(TlsStream stream)
        {
            stream.Write((byte)curveType);
            stream.Write((short)namedCurve);

            stream.Write((byte)publicBytes.Length);
            stream.Write(publicBytes);

            Signature.Write(stream);
        }
        public override void WriteServer(TlsStream stream)
        {
            stream.Write((short)P.Length);
            stream.Write(P);
            stream.Write((short)G.Length);
            stream.Write(G);
            stream.Write((short)Y.Length);
            stream.Write(Y);

            Signature.Write(stream);
        }
        private byte[] createSignature(RSA rsa, byte[] buffer)
        {
            MD5SHA1   mD5SHA    = new MD5SHA1();
            TlsStream tlsStream = new TlsStream();

            tlsStream.Write(base.Context.RandomCS);
            tlsStream.Write(buffer, 0, buffer.Length);
            mD5SHA.ComputeHash(tlsStream.ToArray());
            tlsStream.Reset();
            return(mD5SHA.CreateSignature(rsa));
        }
Beispiel #22
0
        public override void WriteServer(TlsStream stream)
        {
            stream.Write((short)P.Length);
            stream.Write(P);
            stream.Write((short)G.Length);
            stream.Write(G);
            stream.Write((short)Y.Length);
            stream.Write(Y);

            SignatureAlgorithm.Encode(stream);
            stream.Write((short)Signature.Size);
            stream.Write(Signature.Buffer);
        }
        private void SendCertificates()
        {
            TlsStream tlsStream = new TlsStream();

            for (X509Certificate x509Certificate = ClientCertificate; x509Certificate != null; x509Certificate = FindParentCertificate(x509Certificate))
            {
                byte[] rawCertData = x509Certificate.GetRawCertData();
                tlsStream.WriteInt24(rawCertData.Length);
                tlsStream.Write(rawCertData);
            }
            WriteInt24((int)tlsStream.Length);
            Write(tlsStream.ToArray());
        }
Beispiel #24
0
        protected override void ProcessAsTls1()
        {
            TlsStream tlsStream = new TlsStream();

            foreach (X509Certificate x509Certificate in base.Context.ServerSettings.Certificates)
            {
                tlsStream.WriteInt24(x509Certificate.RawData.Length);
                tlsStream.Write(x509Certificate.RawData);
            }
            base.WriteInt24(Convert.ToInt32(tlsStream.Length));
            base.Write(tlsStream.ToArray());
            tlsStream.Close();
        }
        private void SendCertificates()
        {
            TlsStream tlsStream = new TlsStream();

            for (X509Certificate cert = this.ClientCertificate; cert != null; cert = this.FindParentCertificate(cert))
            {
                byte[] rawCertData = cert.GetRawCertData();
                tlsStream.WriteInt24(rawCertData.Length);
                tlsStream.Write(rawCertData);
            }
            this.WriteInt24((int)tlsStream.Length);
            this.Write(tlsStream.ToArray());
        }
        protected override void ProcessAsSsl3()
        {
            HashAlgorithm hashAlgorithm = (HashAlgorithm) new SslHandshakeHash(this.Context.MasterSecret);
            TlsStream     tlsStream     = new TlsStream();

            tlsStream.Write(this.Context.HandshakeMessages.ToArray());
            tlsStream.Write(1129074260);
            hashAlgorithm.TransformFinalBlock(tlsStream.ToArray(), 0, (int)tlsStream.Length);
            tlsStream.Reset();
            if (!HandshakeMessage.Compare(this.ReadBytes((int)this.Length), hashAlgorithm.Hash))
            {
                throw new TlsException(AlertDescription.DecryptError, "Decrypt error.");
            }
        }
            private bool SendStartTls()
            {
                IAsyncResult result = StartTlsCommand.BeginSend(this.connection, new AsyncCallback(SmtpConnection.ConnectAndHandshakeAsyncResult.SendStartTlsCallback), this);

                if (result.CompletedSynchronously)
                {
                    StartTlsCommand.EndSend(result);
                    TlsStream stream = new TlsStream(this.connection.pooledStream.ServicePoint.Host, this.connection.pooledStream.NetworkStream, this.connection.ClientCertificates, this.connection.pooledStream.ServicePoint, this.connection.client, this.m_OuterResult.ContextCopy);
                    this.connection.pooledStream.NetworkStream = stream;
                    this.connection.responseReader             = new SmtpReplyReaderFactory(this.connection.pooledStream.NetworkStream);
                    this.SendEHello();
                    return(true);
                }
                return(false);
            }
		protected override void ProcessAsSsl3()
		{
			// Compute handshake messages hashes
			HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);

			TlsStream data = new TlsStream();
			data.Write(this.Context.HandshakeMessages.ToArray());
			data.Write((int)0x53525652);
			
			hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);

			this.Write(hash.Hash);

			data.Reset();
		}
Beispiel #29
0
        private void verifySignature()
        {
            MD5SHA1   mD5SHA    = new MD5SHA1();
            int       count     = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;
            TlsStream tlsStream = new TlsStream();

            tlsStream.Write(base.Context.RandomCS);
            tlsStream.Write(ToArray(), 0, count);
            mD5SHA.ComputeHash(tlsStream.ToArray());
            tlsStream.Reset();
            if (!mD5SHA.VerifySignature(base.Context.ServerSettings.CertificateRSA, signedParams))
            {
                throw new TlsException(AlertDescription.DecodeError, "Data was not signed with the server certificate.");
            }
        }
Beispiel #30
0
            bool SendStartTls()//6
            {
                IAsyncResult result = StartTlsCommand.BeginSend(connection, SendStartTlsCallback, this);

                if (result.CompletedSynchronously)
                {
                    StartTlsCommand.EndSend(result);
                    TlsStream TlsStream = new TlsStream(connection.pooledStream.ServicePoint.Host, connection.pooledStream.NetworkStream, connection.ClientCertificates, connection.pooledStream.ServicePoint, connection.client, m_OuterResult.ContextCopy);
                    connection.pooledStream.NetworkStream = TlsStream;
                    connection.responseReader             = new SmtpReplyReaderFactory(connection.pooledStream.NetworkStream);
                    SendEHello();
                    return(true);
                }
                return(false);
            }
        private void SendCertificates()
        {
            TlsStream chain = new TlsStream();

            X509Certificate currentCert = this.ClientCertificate;

            while (currentCert != null)
            {
                byte[] rawCert = currentCert.GetRawCertData();
                chain.WriteInt24(rawCert.Length);
                chain.Write(rawCert);
                currentCert = FindParentCertificate(currentCert);
            }
            this.WriteInt24((int)chain.Length);
            this.Write(chain.ToArray());
        }
Beispiel #32
0
        private byte[] createSignature(RSA rsa, byte[] buffer)
        {
            MD5SHA1 hash = new MD5SHA1();

            // Create server params array
            TlsStream stream = new TlsStream();

            stream.Write(this.Context.RandomCS);
            stream.Write(buffer, 0, buffer.Length);

            hash.ComputeHash(stream.ToArray());

            stream.Reset();

            return(hash.CreateSignature(rsa));
        }
        private void SendCertificates()
        {
            var chain = new TlsStream();

            var currentCert = ClientCertificate;

            while (currentCert != null)
            {
                var rawCert = currentCert.GetRawCertData();
                chain.WriteInt24(rawCert.Length);
                chain.Write(rawCert);
                currentCert = FindParentCertificate(currentCert);
            }

            WriteInt24((int)chain.Length);
            Write(chain.ToArray());
        }
Beispiel #34
0
		protected override void Encode (TlsStream stream)
		{
			var startPosition = stream.Position;
			stream.WriteInt24 (-1);

			foreach (var certificate in Certificates) {
				var data = certificate.RawData;

				stream.WriteInt24 (data.Length);
				stream.Write (data);
			}

			var endPosition = stream.Position;
			stream.Position = startPosition;
			stream.WriteInt24 ((int)(endPosition - startPosition - 3));
			stream.Position = endPosition;
		}
Beispiel #35
0
        protected override void ProcessAsTls1()
        {
            // Client Version
            this.Write(this.Context.Protocol);

            // Random bytes - Unix time + Radom bytes [28]
            TlsStream clientRandom = new TlsStream();

            clientRandom.Write(this.Context.GetUnixTime());
            clientRandom.Write(this.Context.GetSecureRandomBytes(28));
            this.random = clientRandom.ToArray();
            clientRandom.Reset();

            this.Write(this.random);

            // Session id
            // Check if we have a cache session we could reuse
            this.Context.SessionId = ClientSessionCache.FromHost(this.Context.ClientSettings.TargetHost);
            if (this.Context.SessionId != null)
            {
                this.Write((byte)this.Context.SessionId.Length);
                if (this.Context.SessionId.Length > 0)
                {
                    this.Write(this.Context.SessionId);
                }
            }
            else
            {
                this.Write((byte)0);
            }

            // Write length of Cipher suites
            this.Write((short)(this.Context.SupportedCiphers.Count * 2));

            // Write Supported Cipher suites
            for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)
            {
                this.Write((short)this.Context.SupportedCiphers[i].Code);
            }

            // Compression methods length
            this.Write((byte)1);

            // Compression methods ( 0 = none )
            this.Write((byte)this.Context.CompressionMethod);
        }
Beispiel #36
0
        protected override void ProcessAsSsl3()
        {
            // Client Version
            Write(Context.Protocol);

            // Random bytes - Unix time + Radom bytes [28]
            var clientRandom = new TlsStream();

            clientRandom.Write(Context.GetUnixTime());
            clientRandom.Write(Context.GetSecureRandomBytes(28));
            random = clientRandom.ToArray();
            clientRandom.Reset();

            Write(random);

            // Session id
            // Check if we have a cache session we could reuse
            Context.SessionId = ClientSessionCache.FromHost(Context.ClientSettings.TargetHost);
            if (Context.SessionId != null)
            {
                Write((byte)Context.SessionId.Length);
                if (Context.SessionId.Length > 0)
                {
                    Write(Context.SessionId);
                }
            }
            else
            {
                Write((byte)0);
            }

            // Write length of Cipher suites
            Write((short)(Context.SupportedCiphers.Count * 2));

            // Write Supported Cipher suites
            for (var i = 0; i < Context.SupportedCiphers.Count; i++)
            {
                Write(((IList <CipherSuite>)Context.SupportedCiphers)[i].Code);
            }

            // Compression methods length
            Write((byte)1);

            // Compression methods ( 0 = none )
            Write((byte)Context.CompressionMethod);
        }
Beispiel #37
0
        protected override void ProcessAsTls1()
        {
            ProcessAsSsl3();

            // http://www.ietf.org/rfc/rfc3546.txt
            TlsStream extensions = new TlsStream();

            byte[] server_name = System.Text.Encoding.UTF8.GetBytes(Context.ClientSettings.TargetHost);
            extensions.Write((short)0x0000);                                    // ExtensionType: server_name (0)
            extensions.Write((short)(server_name.Length + 5));                  // ServerNameList (length)
            extensions.Write((short)(server_name.Length + 3));                  // ServerName (length)
            extensions.Write((byte)0x00);                                       // NameType: host_name (0)
            extensions.Write((short)server_name.Length);                        // HostName (length)
            extensions.Write(server_name);                                      // HostName (UTF8)
            this.Write((short)extensions.Length);
            this.Write(extensions.ToArray());
        }
Beispiel #38
0
		protected override void ProcessAsTls1()
		{
			// Client Version
			this.Write(this.Context.Protocol);
								
			// Random bytes - Unix time + Radom bytes [28]
			TlsStream clientRandom = new TlsStream();
			clientRandom.Write(this.Context.GetUnixTime());
			clientRandom.Write(this.Context.GetSecureRandomBytes(28));
			this.random = clientRandom.ToArray();
			clientRandom.Reset();

			this.Write(this.random);

			// Session id
			// Check if we have a cache session we could reuse
			this.Context.SessionId = ClientSessionCache.FromHost (this.Context.ClientSettings.TargetHost);
			if (this.Context.SessionId != null)
			{
				this.Write((byte)this.Context.SessionId.Length);
				if (this.Context.SessionId.Length > 0)
				{
					this.Write(this.Context.SessionId);
				}
			}
			else
			{
				this.Write((byte)0);
			}
			
			// Write length of Cipher suites			
			this.Write((short)(this.Context.SupportedCiphers.Count*2));

			// Write Supported Cipher suites
			for (int i = 0; i < this.Context.SupportedCiphers.Count; i++)
			{
				this.Write((short)this.Context.SupportedCiphers[i].Code);
			}

			// Compression methods length
			this.Write((byte)1);
			
			// Compression methods ( 0 = none )
			this.Write((byte)this.Context.CompressionMethod);
		}
		public IBufferOffsetSize EncodeMessage ()
		{
			var stream = new TlsStream ();
			stream.Write (0);
			Encode (stream);

			var length = stream.Position - 4;

			stream.Buffer [0] = (byte)Type;
			// Length as an Int24 in Network Order
			stream.Buffer[1] = (byte) (length >> 16);
			stream.Buffer[2] = (byte) (length >> 8);
			stream.Buffer[3] = (byte) length;

			stream.Finish ();

			return stream.GetRemaining ();
		}
Beispiel #40
0
		protected override void Encode (TlsStream stream)
		{
			stream.Write ((short)ServerProtocol);
			stream.Write (ServerRandom.Buffer);

			if (SessionID != null) {
				stream.Write ((byte)SessionID.Size);
				stream.Write (SessionID.Buffer);
			} else {
				stream.Write ((byte)0);
			}

			stream.Write ((short)SelectedCipher);

			stream.Write ((byte)0);

			Extensions.Write (stream);
		}
Beispiel #41
0
        public override void Update()
        {
            base.Update();
            TlsStream tlsStream = new TlsStream();

            tlsStream.Write(unixTime);
            tlsStream.Write(random);
            base.Context.ServerRandom = tlsStream.ToArray();
            tlsStream.Reset();
            tlsStream.Write(base.Context.ClientRandom);
            tlsStream.Write(base.Context.ServerRandom);
            base.Context.RandomCS = tlsStream.ToArray();
            tlsStream.Reset();
            tlsStream.Write(base.Context.ServerRandom);
            tlsStream.Write(base.Context.ClientRandom);
            base.Context.RandomSC = tlsStream.ToArray();
            tlsStream.Reset();
        }
		protected override void ProcessAsTls1()
		{
			TlsStream certs = new TlsStream();

			foreach (X509Certificate certificate in this.Context.ServerSettings.Certificates)
			{
				// Write certificate length
				certs.WriteInt24(certificate.RawData.Length);

				// Write certificate data
				certs.Write(certificate.RawData);
			}

			this.WriteInt24(Convert.ToInt32(certs.Length));
			this.Write(certs.ToArray());

			certs.Close();
		}
		protected override void ProcessAsTls1()
		{
			ServerContext context = (ServerContext)this.Context;
			
			int count = context.ServerSettings.CertificateTypes.Length;

			this.WriteByte(Convert.ToByte(count));

			// Write requested certificate types
			for (int i = 0; i < count; i++)
			{
				this.WriteByte((byte)context.ServerSettings.CertificateTypes[i]);
			}

			/*
			 * Write requested certificate authorities (Distinguised Names)
			 * 
			 * Name ::= SEQUENCE OF RelativeDistinguishedName
			 * 
			 * RelativeDistinguishedName ::= SET OF AttributeValueAssertion
			 * 
			 * AttributeValueAssertion ::= SEQUENCE {
			 * attributeType OBJECT IDENTIFIER
			 * attributeValue ANY }
			 */

			if (context.ServerSettings.DistinguisedNames.Length > 0)
			{
				TlsStream list = new TlsStream ();
				// this is the worst formating ever :-|
				foreach (string dn in context.ServerSettings.DistinguisedNames)
				{
					byte[] name = X501.FromString (dn).GetBytes ();
					list.Write ((short)name.Length);
					list.Write (name);
				}
				this.Write ((short)list.Length);
				this.Write (list.ToArray ());
			}
			else
			{
				this.Write ((short)0);
			}
		}
		protected override void ProcessAsSsl3()
		{
			bool decryptError = false;

			// Compute handshake messages hashes
			HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);

			TlsStream data = new TlsStream();
			data.Write(this.Context.HandshakeMessages.ToArray());
			data.Write((int)0x434C4E54);
			
			hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);

			data.Reset();

			byte[] clientHash	= this.ReadBytes((int)Length);			
			byte[] serverHash	= hash.Hash;
			
			// Check client prf against server prf
			if (clientHash.Length != serverHash.Length)
			{
				decryptError = true;
			}
			else
			{
				for (int i = 0; i < clientHash.Length; i++)
				{
					if (clientHash[i] != serverHash[i])
					{
						decryptError = true;
						break;
					}
				}
			}

			if (decryptError)
			{
				throw new TlsException(AlertDescription.DecryptError, "Decrypt error.");
			}
		}
		protected override void ProcessAsSsl3()
		{
			// Compute handshake messages hashes
			HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);

			TlsStream data = new TlsStream();
			data.Write(this.Context.HandshakeMessages.ToArray());
			data.Write((int)0x434C4E54);
			
			hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length);

			data.Reset();

			byte[] clientHash	= this.ReadBytes((int)Length);			
			byte[] serverHash	= hash.Hash;
			
			// Check client prf against server prf
			if (!Compare (clientHash, serverHash))
			{
				throw new TlsException(AlertDescription.DecryptError, "Decrypt error.");
			}
		}
Beispiel #46
0
        static void Main(string[] args)
        {
            var server = new TcpListener(IPAddress.Any, 443);
            server.Start();
            
            TlsExtensionManager.RegisterExtension(new ECExtensionConfiguration());
            TlsExtensionManager.RegisterExtension(new GCMExtensionConfiguration());
            TlsExtensionManager.RegisterExtension(new ECGCMExtensionConfiguration());
            
            Console.WriteLine("Listening for clients on {0}", server.LocalEndpoint);

            while (true)
            {
                var client = server.AcceptTcpClient();
                var clientStream = client.GetStream();

                Console.WriteLine("Client connected: " + client.Client.RemoteEndPoint);

                var tlsStream = new TlsStream(clientStream);

                tlsStream.Certificates.AddCertificate(File.ReadAllBytes("localhost.cert"));
                tlsStream.Certificates.AddPrivateKey(File.ReadAllBytes("localhost.key"));

                Console.WriteLine("Starting TLS connection");
                tlsStream.AuthenticateAsServer();

                var reader = new StreamReader(tlsStream);
                var writer = new StreamWriter(tlsStream);

                // Console.WriteLine(reader.ReadLine());
                writer.WriteLine("World");
                writer.Flush();

                tlsStream.Close();
                client.Close();
            }
        }
Beispiel #47
0
		protected override void Encode (TlsStream stream)
		{
			stream.Write (Hash.Buffer);
		}
		protected abstract void Encode (TlsStream stream);
		protected override void Encode (TlsStream stream)
		{
		}
		public override void WriteServer (TlsStream stream)
		{
			stream.Write ((short)P.Length);
			stream.Write (P);
			stream.Write ((short)G.Length);
			stream.Write (G);
			stream.Write ((short)Y.Length);
			stream.Write (Y);

			Signature.Write (stream);
		}
Beispiel #51
0
		public override void WriteClient (TlsStream stream)
		{
			stream.Write ((short)encryptedPreMasterSecret.Length);
			stream.Write (encryptedPreMasterSecret);
		}
Beispiel #52
0
		public override void Write (TlsStream stream)
		{
			SignatureAlgorithm.Encode (stream);
			stream.Write ((short)Signature.Size);
			stream.Write (Signature.Buffer);
		}
		public override void WriteClient (TlsStream stream)
		{
			stream.Write ((short)Y.Length);
			stream.Write (Y);
		}
		public virtual byte[] EncodeMessage()
		{
			byte[] result = null;

			if (CanWrite)
			{
				TlsStream c = new TlsStream();

				c.Write((byte)HandshakeType);
				c.WriteInt24((int)this.Length);
				c.Write(this.ToArray());

				result = c.ToArray();
			}

			return result;
		}
		public override void WriteServer (TlsStream stream)
		{
			stream.Write ((byte)curveType);
			stream.Write ((short)namedCurve);

			stream.Write ((byte)publicBytes.Length);
			stream.Write (publicBytes);

			Signature.Write (stream);
		}
		private void verifySignature()
		{
			MD5SHA1 hash = new MD5SHA1();

			// Calculate size of server params
			int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;

			// Create server params array
			TlsStream stream = new TlsStream();

			stream.Write(this.Context.RandomCS);
			stream.Write(this.ToArray(), 0, size);

			hash.ComputeHash(stream.ToArray());

			stream.Reset();
			
			bool isValidSignature = hash.VerifySignature(
				this.Context.ServerSettings.CertificateRSA,
				this.signedParams);

			if (!isValidSignature)
			{
				throw new TlsException(
					AlertDescription.DecodeError,
					"Data was not signed with the server certificate.");
			}
		}
		public override void WriteClient (TlsStream stream)
		{
			stream.Write ((byte)clientKey.Length);
			stream.Write (clientKey);
		}
Beispiel #58
0
		public abstract void Write (TlsStream stream);
Beispiel #59
0
		public override void WriteServer (TlsStream stream)
		{
			throw new InvalidOperationException ();
		}
		protected override void Encode (TlsStream stream)
		{
			KeyExchange.WriteServer (stream);
		}