Beispiel #1
0
 public ECDHEPSKServerKeyExchange(ECDHEKeyExchange keyExchange)
 {
     _EllipticCurveType = TEllipticCurveType.NamedCurve;
     _EllipticCurve     = keyExchange.Curve;
     System.IO.MemoryStream stream = new System.IO.MemoryStream();
     stream.WriteByte((byte)_EllipticCurveType);
     NetworkByteOrderConverter.WriteUInt16(stream, (ushort)_EllipticCurve);
     byte[] pointEncoded = keyExchange.PublicKey.Q.GetEncoded(false);
     stream.WriteByte((byte)pointEncoded.Length);
     stream.Write(pointEncoded, 0, pointEncoded.Length);
     _ServerParams = stream.ToArray();
 }
 public ECDHEPSKServerKeyExchange(ECDHEKeyExchange keyExchange)
 {
     _EllipticCurveType = TEllipticCurveType.NamedCurve;
     _EllipticCurve = keyExchange.Curve;
     System.IO.MemoryStream stream = new System.IO.MemoryStream();
     stream.WriteByte((byte)_EllipticCurveType);
     NetworkByteOrderConverter.WriteUInt16(stream, (ushort)_EllipticCurve);
     byte[] pointEncoded = keyExchange.PublicKey.Q.GetEncoded(false);
     stream.WriteByte((byte)pointEncoded.Length);
     stream.Write(pointEncoded, 0, pointEncoded.Length);
     _ServerParams = stream.ToArray();
 }
        public ECDHEServerKeyExchange(ECDHEKeyExchange keyExchange, THashAlgorithm hashAlgorithm, TSignatureAlgorithm signatureAlgorithm, AsymmetricKeyParameter serverPrivateKey)
        {
            _EllipticCurveType  = TEllipticCurveType.NamedCurve;
            _EllipticCurve      = keyExchange.Curve;
            _HashAlgorithm      = hashAlgorithm;
            _SignatureAlgorithm = signatureAlgorithm;

            System.IO.MemoryStream stream = new System.IO.MemoryStream();
            stream.WriteByte((byte)_EllipticCurveType);
            NetworkByteOrderConverter.WriteUInt16(stream, (ushort)_EllipticCurve);
            byte[] pointEncoded = keyExchange.PublicKey.Q.GetEncoded(false);
            stream.WriteByte((byte)pointEncoded.Length);
            stream.Write(pointEncoded, 0, pointEncoded.Length);
            _ServerParams = stream.ToArray();


            //IDigest hashMD5 = GetDigest(THashAlgorithm.MD5);
            //IDigest hashSHA = GetDigest(THashAlgorithm.SHA1);
            //int size = hashMD5.GetDigestSize();
            //byte[] hash = new byte[size + hashSHA.GetDigestSize()];
            //hashMD5.BlockUpdate(clientRandom.RandomBytes, 0, clientRandom.RandomBytes.Length);
            //hashMD5.BlockUpdate(serverRandom.RandomBytes, 0, serverRandom.RandomBytes.Length);
            //hashMD5.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
            //hashMD5.DoFinal(hash, 0);
            //hashSHA.BlockUpdate(clientRandom.RandomBytes, 0, clientRandom.RandomBytes.Length);
            //hashSHA.BlockUpdate(serverRandom.RandomBytes, 0, serverRandom.RandomBytes.Length);
            //hashSHA.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
            //hashSHA.DoFinal(hash, size);

            //ISigner signer = GetSigner(signatureAlgorithm, THashAlgorithm.None, serverPrivateKey);
            //signer.BlockUpdate(hash, 0, hash.Length);
            //_Signature = signer.GenerateSignature();

            ISigner signer = GetSigner(signatureAlgorithm, hashAlgorithm, serverPrivateKey);

            byte[] clientRandomBytes = keyExchange.ClientRandom.Serialise();
            byte[] serverRandomBytes = keyExchange.ServerRandom.Serialise();
            signer.BlockUpdate(clientRandomBytes, 0, clientRandomBytes.Length);
            signer.BlockUpdate(serverRandomBytes, 0, serverRandomBytes.Length);
            signer.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
            _Signature = signer.GenerateSignature();
        }
Beispiel #4
0
        private void ProcessHandshake(DTLSRecord record)
        {
            byte[] data;
            if (_EncyptedServerEpoch.HasValue && (_EncyptedServerEpoch.Value == record.Epoch))
            {
                int count = 0;
                while ((_Cipher == null) && (count < 500))
                {
                    System.Threading.Thread.Sleep(10);
                    count++;
                }

                if (_Cipher == null)
                {
                    throw new Exception();
                }


                if (_Cipher != null)
                {
                    long sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                    data = _Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
                }
                else
                {
                    data = record.Fragment;
                }
            }
            else
            {
                data = record.Fragment;
            }

            using (MemoryStream stream = new MemoryStream(data))
            {
                HandshakeRecord handshakeRecord = HandshakeRecord.Deserialise(stream);
                if (handshakeRecord != null)
                {
#if DEBUG
                    Console.WriteLine(handshakeRecord.MessageType.ToString());
#endif
                    switch (handshakeRecord.MessageType)
                    {
                    case THandshakeType.HelloRequest:
                        break;

                    case THandshakeType.ClientHello:
                        break;

                    case THandshakeType.ServerHello:
                        ServerHello serverHello = ServerHello.Deserialise(stream);
                        if (serverHello != null)
                        {
                            _ServerEpoch = record.Epoch;
                            _HandshakeInfo.UpdateHandshakeHash(data);
                            _HandshakeInfo.CipherSuite  = (TCipherSuite)serverHello.CipherSuite;
                            _HandshakeInfo.ServerRandom = serverHello.Random;
                            Version version = SupportedVersion;
                            if (serverHello.ServerVersion < version)
                            {
                                version = serverHello.ServerVersion;
                            }
                            _Version = version;
                        }
                        break;

                    case THandshakeType.HelloVerifyRequest:
                        HelloVerifyRequest helloVerifyRequest = HelloVerifyRequest.Deserialise(stream);
                        if (helloVerifyRequest != null)
                        {
                            _Version = helloVerifyRequest.ServerVersion;
                            SendHello(helloVerifyRequest.Cookie);
                        }
                        break;

                    case THandshakeType.Certificate:
                        _HandshakeInfo.UpdateHandshakeHash(data);
                        break;

                    case THandshakeType.ServerKeyExchange:
                        _HandshakeInfo.UpdateHandshakeHash(data);
                        TKeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(_HandshakeInfo.CipherSuite);
                        byte[]       preMasterSecret = null;
                        IKeyExchange keyExchange     = null;
                        if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                        {
                            ECDHEServerKeyExchange serverKeyExchange = ECDHEServerKeyExchange.Deserialise(stream, _Version);
                            ECDHEKeyExchange       keyExchangeECDHE  = new ECDHEKeyExchange
                            {
                                CipherSuite          = _HandshakeInfo.CipherSuite,
                                Curve                = serverKeyExchange.EllipticCurve,
                                KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                ClientRandom         = _HandshakeInfo.ClientRandom,
                                ServerRandom         = _HandshakeInfo.ServerRandom
                            };
                            keyExchangeECDHE.GenerateEphemeralKey();
                            ECDHEClientKeyExchange clientKeyExchange = new ECDHEClientKeyExchange(keyExchangeECDHE.PublicKey);
                            _ClientKeyExchange = clientKeyExchange;
                            preMasterSecret    = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                            keyExchange        = keyExchangeECDHE;
                        }
                        else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                        {
                            ECDHEPSKServerKeyExchange serverKeyExchange = ECDHEPSKServerKeyExchange.Deserialise(stream, _Version);
                            ECDHEKeyExchange          keyExchangeECDHE  = new ECDHEKeyExchange
                            {
                                CipherSuite          = _HandshakeInfo.CipherSuite,
                                Curve                = serverKeyExchange.EllipticCurve,
                                KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                ClientRandom         = _HandshakeInfo.ClientRandom,
                                ServerRandom         = _HandshakeInfo.ServerRandom
                            };
                            keyExchangeECDHE.GenerateEphemeralKey();
                            ECDHEPSKClientKeyExchange clientKeyExchange = new ECDHEPSKClientKeyExchange(keyExchangeECDHE.PublicKey);
                            if (serverKeyExchange.PSKIdentityHint != null)
                            {
                                byte[] key = _PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                                if (key != null)
                                {
                                    _PSKIdentity = new PSKIdentity()
                                    {
                                        Identity = serverKeyExchange.PSKIdentityHint, Key = key
                                    }
                                }
                                ;
                            }
                            if (_PSKIdentity == null)
                            {
                                _PSKIdentity = _PSKIdentities.GetRandom();
                            }
                            clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                            _ClientKeyExchange            = clientKeyExchange;
                            byte[] otherSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                            preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                            keyExchange     = keyExchangeECDHE;
                        }
                        else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                        {
                            PSKServerKeyExchange serverKeyExchange = PSKServerKeyExchange.Deserialise(stream, _Version);
                            PSKClientKeyExchange clientKeyExchange = new PSKClientKeyExchange();
                            if (serverKeyExchange.PSKIdentityHint != null)
                            {
                                byte[] key = _PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                                if (key != null)
                                {
                                    _PSKIdentity = new PSKIdentity()
                                    {
                                        Identity = serverKeyExchange.PSKIdentityHint, Key = key
                                    }
                                }
                                ;
                            }
                            if (_PSKIdentity == null)
                            {
                                _PSKIdentity = _PSKIdentities.GetRandom();
                            }
                            byte[] otherSecret = new byte[_PSKIdentity.Key.Length];
                            clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                            _ClientKeyExchange            = clientKeyExchange;
                            preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                        }
                        _Cipher = TLSUtils.AssignCipher(preMasterSecret, true, _Version, _HandshakeInfo);

                        break;

                    case THandshakeType.CertificateRequest:
                        _HandshakeInfo.UpdateHandshakeHash(data);
                        _SendCertificate = true;
                        break;

                    case THandshakeType.ServerHelloDone:
                        _HandshakeInfo.UpdateHandshakeHash(data);
                        if (_Cipher == null)
                        {
                            keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(_HandshakeInfo.CipherSuite);
                            if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                            {
                                PSKClientKeyExchange clientKeyExchange = new PSKClientKeyExchange();
                                _PSKIdentity = _PSKIdentities.GetRandom();
                                byte[] otherSecret = new byte[_PSKIdentity.Key.Length];
                                clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                                _ClientKeyExchange            = clientKeyExchange;
                                preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                                _Cipher         = TLSUtils.AssignCipher(preMasterSecret, true, _Version, _HandshakeInfo);
                            }
                        }

                        if (_SendCertificate)
                        {
                            SendHandshakeMessage(_Certificate, false);
                        }
                        SendHandshakeMessage(_ClientKeyExchange, false);
                        if (_SendCertificate)
                        {
                            CertificateVerify certificateVerify = new CertificateVerify();
                            byte[]            signatureHash     = _HandshakeInfo.GetHash();
                            certificateVerify.SignatureHashAlgorithm = new SignatureHashAlgorithm()
                            {
                                Signature = TSignatureAlgorithm.ECDSA, Hash = THashAlgorithm.SHA256
                            };
                            certificateVerify.Signature = TLSUtils.Sign(_PrivateKey, true, _Version, _HandshakeInfo, certificateVerify.SignatureHashAlgorithm, signatureHash);
                            SendHandshakeMessage(certificateVerify, false);
                        }
                        SendChangeCipherSpec();
                        byte[]   handshakeHash = _HandshakeInfo.GetHash();
                        Finished finished      = new Finished
                        {
                            VerifyData = TLSUtils.GetVerifyData(_Version, _HandshakeInfo, true, true, handshakeHash)
                        };
                        SendHandshakeMessage(finished, true);
#if DEBUG
                        Console.Write($"Handshake Hash: {TLSUtils.WriteToString(handshakeHash)}");
                        Console.Write($"Sent Verify: {TLSUtils.WriteToString(finished.VerifyData)}");
#endif
                        break;

                    case THandshakeType.CertificateVerify:
                        break;

                    case THandshakeType.ClientKeyExchange:
                        break;

                    case THandshakeType.Finished:
                        Finished serverFinished = Finished.Deserialise(stream);
                        handshakeHash = _HandshakeInfo.GetHash();
                        byte[] calculatedVerifyData = TLSUtils.GetVerifyData(_Version, _HandshakeInfo, true, false, handshakeHash);
#if DEBUG
                        Console.Write("$Recieved Verify: {TLSUtils.WriteToString(serverFinished.VerifyData)}");
                        Console.Write($"Calc Verify: {TLSUtils.WriteToString(calculatedVerifyData)}");
#endif
                        if (TLSUtils.ByteArrayCompare(serverFinished.VerifyData, calculatedVerifyData))
                        {
#if DEBUG
                            Console.WriteLine("Handshake Complete");
#endif
                            _Connected.Set();
                        }
                        break;

                    default:
                        break;
                    }
                }
            }
        }
Beispiel #5
0
        private async Task _ProcessHandshakeAsync(DTLSRecord record)
        {
            if (record == null)
            {
                throw new ArgumentNullException(nameof(record));
            }

            var data = record.Fragment;

            if (this._EncyptedServerEpoch == record.Epoch)
            {
                var count = 0;
                while ((this._Cipher == null) && (count < 500))
                {
                    await Task.Delay(10).ConfigureAwait(false);

                    count++;
                }

                if (this._Cipher == null)
                {
                    throw new Exception("Need Cipher for Encrypted Session");
                }

                var sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                data = this._Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
            }

            using (var tempStream = new MemoryStream(data))
            {
                var handshakeRec = HandshakeRecord.Deserialise(tempStream);
                if (handshakeRec.Length > (handshakeRec.FragmentLength + handshakeRec.FragmentOffset))
                {
                    this._IsFragment = true;
                    this._FragmentedRecordList.Add(data);
                    return;
                }
                else if (this._IsFragment)
                {
                    this._FragmentedRecordList.Add(data);
                    data = new byte[0];
                    foreach (var rec in this._FragmentedRecordList)
                    {
                        data = data.Concat(rec.Skip(HandshakeRecord.RECORD_OVERHEAD)).ToArray();
                    }

                    var tempHandshakeRec = new HandshakeRecord()
                    {
                        Length         = handshakeRec.Length,
                        MessageSeq     = handshakeRec.MessageSeq,
                        MessageType    = handshakeRec.MessageType,
                        FragmentLength = handshakeRec.Length,
                        FragmentOffset = 0
                    };

                    var tempHandshakeBytes = new byte[HandshakeRecord.RECORD_OVERHEAD];
                    using (var updateStream = new MemoryStream(tempHandshakeBytes))
                    {
                        tempHandshakeRec.Serialise(updateStream);
                    }

                    data = tempHandshakeBytes.Concat(data).ToArray();
                }
            }

            using (var stream = new MemoryStream(data))
            {
                var handshakeRecord = HandshakeRecord.Deserialise(stream);
                switch (handshakeRecord.MessageType)
                {
                case THandshakeType.HelloRequest:
                {
                    break;
                }

                case THandshakeType.ClientHello:
                {
                    break;
                }

                case THandshakeType.ServerHello:
                {
                    var serverHello = ServerHello.Deserialise(stream);
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    this._ServerEpoch = record.Epoch;
                    this._HandshakeInfo.CipherSuite  = (TCipherSuite)serverHello.CipherSuite;
                    this._HandshakeInfo.ServerRandom = serverHello.Random;
                    this._Version = serverHello.ServerVersion <= this._Version ? serverHello.ServerVersion : _SupportedVersion;
                    break;
                }

                case THandshakeType.HelloVerifyRequest:
                {
                    var helloVerifyRequest = HelloVerifyRequest.Deserialise(stream);
                    this._Version = helloVerifyRequest.ServerVersion;
                    await this._SendHelloAsync(helloVerifyRequest.Cookie).ConfigureAwait(false);

                    break;
                }

                case THandshakeType.Certificate:
                {
                    var cert = Certificate.Deserialise(stream, TCertificateType.X509);
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    this.ServerCertificate = cert.Cert;
                    break;
                }

                case THandshakeType.ServerKeyExchange:
                {
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    var          keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(this._HandshakeInfo.CipherSuite);
                    byte[]       preMasterSecret      = null;
                    IKeyExchange keyExchange          = null;
                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                    {
                        var serverKeyExchange = ECDHEServerKeyExchange.Deserialise(stream, this._Version);
                        var keyExchangeECDHE  = new ECDHEKeyExchange
                        {
                            CipherSuite          = this._HandshakeInfo.CipherSuite,
                            Curve                = serverKeyExchange.EllipticCurve,
                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                            ClientRandom         = this._HandshakeInfo.ClientRandom,
                            ServerRandom         = this._HandshakeInfo.ServerRandom
                        };
                        keyExchangeECDHE.GenerateEphemeralKey();
                        var clientKeyExchange = new ECDHEClientKeyExchange(keyExchangeECDHE.PublicKey);
                        this._ClientKeyExchange = clientKeyExchange;
                        preMasterSecret         = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                        keyExchange             = keyExchangeECDHE;
                    }
                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                    {
                        var serverKeyExchange = ECDHEPSKServerKeyExchange.Deserialise(stream);
                        var keyExchangeECDHE  = new ECDHEKeyExchange
                        {
                            CipherSuite          = this._HandshakeInfo.CipherSuite,
                            Curve                = serverKeyExchange.EllipticCurve,
                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                            ClientRandom         = this._HandshakeInfo.ClientRandom,
                            ServerRandom         = this._HandshakeInfo.ServerRandom
                        };
                        keyExchangeECDHE.GenerateEphemeralKey();
                        var clientKeyExchange = new ECDHEPSKClientKeyExchange(keyExchangeECDHE.PublicKey);
                        if (serverKeyExchange.PSKIdentityHint != null)
                        {
                            var key = this.PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                            if (key != null)
                            {
                                this._PSKIdentity = new PSKIdentity()
                                {
                                    Identity = serverKeyExchange.PSKIdentityHint, Key = key
                                };
                            }
                        }
                        if (this._PSKIdentity == null)
                        {
                            this._PSKIdentity = this.PSKIdentities.GetRandom();
                        }

                        clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity;
                        this._ClientKeyExchange       = clientKeyExchange;
                        var otherSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key);
                        keyExchange     = keyExchangeECDHE;
                    }
                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                    {
                        var serverKeyExchange = PSKServerKeyExchange.Deserialise(stream);
                        var clientKeyExchange = new PSKClientKeyExchange();
                        if (serverKeyExchange.PSKIdentityHint != null)
                        {
                            var key = this.PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                            if (key != null)
                            {
                                this._PSKIdentity = new PSKIdentity()
                                {
                                    Identity = serverKeyExchange.PSKIdentityHint, Key = key
                                };
                            }
                        }
                        if (this._PSKIdentity == null)
                        {
                            this._PSKIdentity = this.PSKIdentities.GetRandom();
                        }

                        var otherSecret = new byte[this._PSKIdentity.Key.Length];
                        clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity;
                        this._ClientKeyExchange       = clientKeyExchange;
                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key);
                    }
                    this._Cipher = TLSUtils.AssignCipher(preMasterSecret, true, this._Version, this._HandshakeInfo);
                    break;
                }

                case THandshakeType.CertificateRequest:
                {
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    this._SendCertificate = true;
                    break;
                }

                case THandshakeType.ServerHelloDone:
                {
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    var keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(this._HandshakeInfo.CipherSuite);
                    if (this._Cipher == null)
                    {
                        if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                        {
                            var clientKeyExchange = new PSKClientKeyExchange();
                            this._PSKIdentity = this.PSKIdentities.GetRandom();
                            var otherSecret = new byte[this._PSKIdentity.Key.Length];
                            clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity;
                            this._ClientKeyExchange       = clientKeyExchange;
                            var preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key);
                            this._Cipher = TLSUtils.AssignCipher(preMasterSecret, true, this._Version, this._HandshakeInfo);
                        }
                        else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.RSA)
                        {
                            var clientKeyExchange = new RSAClientKeyExchange();
                            this._ClientKeyExchange = clientKeyExchange;
                            var PreMasterSecret = TLSUtils.GetRsaPreMasterSecret(this._Version);
                            clientKeyExchange.PremasterSecret = TLSUtils.GetEncryptedRsaPreMasterSecret(this.ServerCertificate, PreMasterSecret);
                            this._Cipher = TLSUtils.AssignCipher(PreMasterSecret, true, this._Version, this._HandshakeInfo);
                        }
                        else
                        {
                            throw new NotImplementedException($"Key Exchange Algorithm {keyExchangeAlgorithm} Not Implemented");
                        }
                    }

                    if (this._SendCertificate)
                    {
                        await this._SendHandshakeMessageAsync(this._Certificate, false).ConfigureAwait(false);
                    }

                    await this._SendHandshakeMessageAsync(this._ClientKeyExchange, false).ConfigureAwait(false);

                    if (this._SendCertificate)
                    {
                        var signatureHashAlgorithm = new SignatureHashAlgorithm()
                        {
                            Signature = TSignatureAlgorithm.ECDSA, Hash = THashAlgorithm.SHA256
                        };
                        if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.RSA)
                        {
                            signatureHashAlgorithm = new SignatureHashAlgorithm()
                            {
                                Signature = TSignatureAlgorithm.RSA, Hash = THashAlgorithm.SHA1
                            };
                        }

                        var certVerify = new CertificateVerify
                        {
                            SignatureHashAlgorithm = signatureHashAlgorithm,
                            Signature = TLSUtils.Sign(this._PrivateKey, this._PrivateKeyRsa, true, this._Version, this._HandshakeInfo, signatureHashAlgorithm, this._HandshakeInfo.GetHash(this._Version))
                        };

                        await this._SendHandshakeMessageAsync(certVerify, false).ConfigureAwait(false);
                    }

                    await this._SendChangeCipherSpecAsync().ConfigureAwait(false);

                    var handshakeHash = this._HandshakeInfo.GetHash(this._Version);
                    var finished      = new Finished
                    {
                        VerifyData = TLSUtils.GetVerifyData(this._Version, this._HandshakeInfo, true, true, handshakeHash)
                    };

                    await this._SendHandshakeMessageAsync(finished, true).ConfigureAwait(false);

                    break;
                }

                case THandshakeType.NewSessionTicket:
                {
                    this._HandshakeInfo.UpdateHandshakeHash(data);
                    break;
                }

                case THandshakeType.CertificateVerify:
                {
                    break;
                }

                case THandshakeType.ClientKeyExchange:
                {
                    break;
                }

                case THandshakeType.Finished:
                {
                    var serverFinished       = Finished.Deserialise(stream);
                    var handshakeHash        = this._HandshakeInfo.GetHash(this._Version);
                    var calculatedVerifyData = TLSUtils.GetVerifyData(this._Version, this._HandshakeInfo, true, false, handshakeHash);
                    if (serverFinished.VerifyData.SequenceEqual(calculatedVerifyData))
                    {
                        this._ConnectionComplete = true;
                    }
                    break;
                }

                default:
                {
                    break;
                }
                }
            }

            this._IsFragment = false;
            this._FragmentedRecordList.RemoveAll(x => true);
        }
Beispiel #6
0
        public void ProcessHandshake(DTLSRecord record)
        {
            SocketAddress address = record.RemoteEndPoint.Serialize();
            Session session = Sessions.GetSession(address);
            byte[] data;
            if ((session != null) && session.IsEncypted(record))
            {
                int count = 0;
                while ((session.Cipher == null) && (count < 50))
                {
                    System.Threading.Thread.Sleep(10);
                    count++;
                }

                if (session.Cipher == null)
                {                    
                    throw new Exception();
                }

                if (session.Cipher != null)
                {
                    long sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                    data = session.Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
                }
                else
                    data = record.Fragment;
            }
            else
                data = record.Fragment;
            using (MemoryStream stream = new MemoryStream(data))
            {
                HandshakeRecord handshakeRecord = HandshakeRecord.Deserialise(stream);
                if (handshakeRecord != null)
                {
#if DEBUG
                    Console.WriteLine(handshakeRecord.MessageType.ToString());
#endif
                    switch (handshakeRecord.MessageType)
                    {
                        case THandshakeType.HelloRequest:
                            //HelloReq
                            break;
                        case THandshakeType.ClientHello:
                            ClientHello clientHello = ClientHello.Deserialise(stream);
                            if (clientHello != null)
                            {

                                byte[] cookie = clientHello.CalculateCookie(record.RemoteEndPoint, _HelloSecret);

                                if (clientHello.Cookie == null)
                                {
                                    Version version = clientHello.ClientVersion;
                                    if (ServerVersion < version)
                                        version = ServerVersion;
                                    if (session == null)
                                    {
                                        session = new Session();
                                        session.SessionID = Guid.NewGuid();
                                        session.RemoteEndPoint = record.RemoteEndPoint;
                                        session.Version = version;
                                        Sessions.AddSession(address, session);
                                    }
                                    else
                                    {
                                        session.Reset();
                                        session.Version = version;
                                    }
                                    session.ClientEpoch = record.Epoch;
                                    session.ClientSequenceNumber = record.SequenceNumber;
                                    //session.Handshake.UpdateHandshakeHash(data);
                                    HelloVerifyRequest helloVerifyRequest = new HelloVerifyRequest();
                                    helloVerifyRequest.Cookie = cookie;
                                    helloVerifyRequest.ServerVersion = ServerVersion;
                                    SendResponse(session, (IHandshakeMessage)helloVerifyRequest, 0);

                                }
                                else
                                {

                                    if (session != null && session.Cipher != null && !session.IsEncypted(record))
                                    {
                                        session.Reset();
                                    }

                                    if (TLSUtils.ByteArrayCompare(clientHello.Cookie, cookie))
                                    {
                                        Version version = clientHello.ClientVersion;
                                        if (ServerVersion < version)
                                            version = ServerVersion;
                                        if (clientHello.SessionID == null)
                                        {
                                            if (session == null)
                                            {
                                                session = new Session();
                                                session.NextSequenceNumber();
                                                session.SessionID = Guid.NewGuid();
                                                session.RemoteEndPoint = record.RemoteEndPoint;
                                                Sessions.AddSession(address, session);
                                            }
                                        }
                                        else
                                        {
                                            Guid sessionID = Guid.Empty;
                                            if (clientHello.SessionID.Length >= 16)
                                            {
                                                byte[] receivedSessionID = new byte[16];
                                                Buffer.BlockCopy(clientHello.SessionID, 0, receivedSessionID, 0, 16);
                                                sessionID = new Guid(receivedSessionID);
                                            }
                                            if (sessionID != Guid.Empty)
                                                session = Sessions.GetSession(sessionID);
                                            if (session == null)
                                            {
                                                //need to Find Session
                                                session = new Session();
                                                session.SessionID = Guid.NewGuid();
                                                session.NextSequenceNumber();
                                                session.RemoteEndPoint = record.RemoteEndPoint;
                                                Sessions.AddSession(address, session);
                                                //session.Version = clientHello.ClientVersion;
                                            }
                                        }
                                        session.Version = version;
                                        session.Handshake.InitaliseHandshakeHash(version < DTLSRecord.Version1_2);
                                        session.Handshake.UpdateHandshakeHash(data);
                                        TCipherSuite cipherSuite = TCipherSuite.TLS_NULL_WITH_NULL_NULL;
                                        foreach (TCipherSuite item in clientHello.CipherSuites)
                                        {
                                            if (_SupportedCipherSuites.ContainsKey(item) && CipherSuites.SupportedVersion(item, session.Version) && CipherSuites.SuiteUsable(item, PrivateKey, _PSKIdentities, _ValidatePSK != null))
                                            {
                                                cipherSuite = item;
                                                break;
                                            }
                                        }

                                        TKeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(cipherSuite);

                                        ServerHello serverHello = new ServerHello();
                                        byte[] clientSessionID = new byte[32];
                                        byte[] temp = session.SessionID.ToByteArray();
                                        Buffer.BlockCopy(temp, 0, clientSessionID, 0, 16);
                                        Buffer.BlockCopy(temp, 0, clientSessionID, 16, 16);

                                        serverHello.SessionID = clientSessionID;// session.SessionID.ToByteArray();
                                        serverHello.Random = new RandomData();
                                        serverHello.Random.Generate();
                                        serverHello.CipherSuite = (ushort)cipherSuite;
                                        serverHello.ServerVersion = session.Version;

                                        THashAlgorithm hash = THashAlgorithm.SHA256;
                                        TEllipticCurve curve = TEllipticCurve.secp521r1;
                                        if (clientHello.Extensions != null)
                                        {
                                            foreach (Extension extension in clientHello.Extensions)
                                            {
                                                if (extension.SpecifcExtension is ClientCertificateTypeExtension)
                                                {
                                                    ClientCertificateTypeExtension clientCertificateType = extension.SpecifcExtension as ClientCertificateTypeExtension;
                                                    //TCertificateType certificateType = TCertificateType.Unknown;
                                                    //foreach (TCertificateType item in clientCertificateType.CertificateTypes)
                                                    //{

                                                    //}
                                                    //serverHello.AddExtension(new ClientCertificateTypeExtension(certificateType));
                                                }
                                                else if (extension.SpecifcExtension is EllipticCurvesExtension)
                                                {
                                                    EllipticCurvesExtension ellipticCurves = extension.SpecifcExtension as EllipticCurvesExtension;
                                                    foreach (TEllipticCurve item in ellipticCurves.SupportedCurves)
                                                    {
                                                        if (EllipticCurveFactory.SupportedCurve(item))
                                                        {
                                                            curve = item;
                                                            break;
                                                        }
                                                    }
                                                }
                                                else if (extension.SpecifcExtension is ServerCertificateTypeExtension)
                                                {
                                                    //serverHello.AddExtension();
                                                }
                                                else if (extension.SpecifcExtension is SignatureAlgorithmsExtension)
                                                {
                                                    SignatureAlgorithmsExtension signatureAlgorithms = extension.SpecifcExtension as SignatureAlgorithmsExtension;
                                                    foreach (SignatureHashAlgorithm item in signatureAlgorithms.SupportedAlgorithms)
                                                    {
                                                        if (item.Signature == TSignatureAlgorithm.ECDSA)
                                                        {
                                                            hash = item.Hash;
                                                            break;
                                                        }
                                                    }
                                                }
                                            }

                                        }

                                        session.Handshake.CipherSuite = cipherSuite;
                                        session.Handshake.ClientRandom = clientHello.Random;
                                        session.Handshake.ServerRandom = serverHello.Random;


                                        if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                        {
                                            EllipticCurvePointFormatsExtension pointFormatsExtension = new EllipticCurvePointFormatsExtension();
                                            pointFormatsExtension.SupportedPointFormats.Add(TEllipticCurvePointFormat.Uncompressed);
                                            serverHello.AddExtension(pointFormatsExtension);
                                        }
                                        session.Handshake.MessageSequence = 1;
                                        SendResponse(session, serverHello, session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;

                                        if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                        {
                                            if (Certificate != null)
                                            {
                                                SendResponse(session, Certificate, session.Handshake.MessageSequence);
                                                session.Handshake.MessageSequence++;
                                            }
                                            ECDHEKeyExchange keyExchange = new ECDHEKeyExchange();
                                            keyExchange.Curve = curve;
                                            keyExchange.KeyExchangeAlgorithm = keyExchangeAlgorithm;
                                            keyExchange.ClientRandom = clientHello.Random;
                                            keyExchange.ServerRandom = serverHello.Random;
                                            keyExchange.GenerateEphemeralKey();
                                            session.Handshake.KeyExchange = keyExchange;
                                            if (session.Version == DTLSRecord.DefaultVersion)
                                                hash = THashAlgorithm.SHA1;
                                            ECDHEServerKeyExchange serverKeyExchange = new ECDHEServerKeyExchange(keyExchange, hash, TSignatureAlgorithm.ECDSA, PrivateKey);
                                            SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;
                                            if (_RequireClientCertificate)
                                            {
                                                CertificateRequest certificateRequest = new CertificateRequest();
                                                certificateRequest.CertificateTypes.Add(TClientCertificateType.ECDSASign);
                                                certificateRequest.SupportedAlgorithms.Add(new SignatureHashAlgorithm() { Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA });
                                                SendResponse(session, certificateRequest, session.Handshake.MessageSequence);
                                                session.Handshake.MessageSequence++;
                                            }
                                        }
                                        else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                                        {
                                            ECDHEKeyExchange keyExchange = new ECDHEKeyExchange();
                                            keyExchange.Curve = curve;
                                            keyExchange.KeyExchangeAlgorithm = keyExchangeAlgorithm;
                                            keyExchange.ClientRandom = clientHello.Random;
                                            keyExchange.ServerRandom = serverHello.Random;
                                            keyExchange.GenerateEphemeralKey();
                                            session.Handshake.KeyExchange = keyExchange;
                                            ECDHEPSKServerKeyExchange serverKeyExchange = new ECDHEPSKServerKeyExchange(keyExchange);
                                            SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;

                                        }
                                        else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                                        {
                                            PSKKeyExchange keyExchange = new PSKKeyExchange();
                                            keyExchange.KeyExchangeAlgorithm = keyExchangeAlgorithm;
                                            keyExchange.ClientRandom = clientHello.Random;
                                            keyExchange.ServerRandom = serverHello.Random;
                                            session.Handshake.KeyExchange = keyExchange;
                                            //Need to be able to hint identity?? for PSK if not hinting don't really need key exchange message
                                            //PSKServerKeyExchange serverKeyExchange = new PSKServerKeyExchange();
                                            //SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                            //session.Handshake.MessageSequence++;
                                        }
                                        SendResponse(session, new ServerHelloDone(), session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;
                                    }
                                }
                            }
                            break;
                        case THandshakeType.ServerHello:
                            break;
                        case THandshakeType.HelloVerifyRequest:
                            break;
                        case THandshakeType.Certificate:
                            Certificate clientCertificate = Certificate.Deserialise(stream, TCertificateType.X509);
                            if (clientCertificate.CertChain.Count > 0)
                            {
                                session.CertificateInfo = Certificates.GetCertificateInfo(clientCertificate.CertChain[0], TCertificateFormat.CER);                                
                            }
                            session.Handshake.UpdateHandshakeHash(data);
                            break;
                        case THandshakeType.ServerKeyExchange:
                            break;
                        case THandshakeType.CertificateRequest:
                            break;
                        case THandshakeType.ServerHelloDone:
                            break;
                        case THandshakeType.CertificateVerify:
                            CertificateVerify certificateVerify = CertificateVerify.Deserialise(stream, session.Version);
                            session.Handshake.UpdateHandshakeHash(data);
                            break;
                        case THandshakeType.ClientKeyExchange:
                            if ((session == null) || (session.Handshake.KeyExchange == null))
                            {

                            }
                            else
                            {
                                session.Handshake.UpdateHandshakeHash(data);
                                byte[] preMasterSecret = null;
                                if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                {
                                    ECDHEClientKeyExchange clientKeyExchange = ECDHEClientKeyExchange.Deserialise(stream);
                                    if (clientKeyExchange != null)
                                    {
                                        ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                        preMasterSecret = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                    }
                                }
                                else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                                {
                                    ECDHEPSKClientKeyExchange clientKeyExchange = ECDHEPSKClientKeyExchange.Deserialise(stream);
                                    if (clientKeyExchange != null)
                                    {
                                        session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                        byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                        if (psk == null)
                                        {
                                            psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                            if (psk != null)
                                            {
                                                _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                            }
                                        }

                                        if (psk != null)
                                        {
                                            ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                            byte[] otherSecret = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                            preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);

                                        }
                                    }
                                }
                                else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                                {
                                    PSKClientKeyExchange clientKeyExchange = PSKClientKeyExchange.Deserialise(stream);
                                    if (clientKeyExchange != null)
                                    {
                                        session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                        byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                        if (psk == null)
                                        {
                                            psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                            if (psk != null)
                                            {
                                                _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                            }
                                        }

                                        if (psk != null)
                                        {
                                            ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                            byte[] otherSecret = new byte[psk.Length];
                                            preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                                        }
                                    }
                                }

                                if (preMasterSecret != null)
                                {
                                    //session.MasterSecret = TLSUtils.CalculateMasterSecret(preMasterSecret, session.KeyExchange);
                                    //TLSUtils.AssignCipher(session);

                                    session.Cipher = TLSUtils.AssignCipher(preMasterSecret, false, session.Version, session.Handshake);
                                }
                            }
                            break;
                        case THandshakeType.Finished:
                            Finished finished = Finished.Deserialise(stream);
                            if (session != null)
                            {
                                byte[] handshakeHash = session.Handshake.GetHash();
                                byte[] calculatedVerifyData = TLSUtils.GetVerifyData(session.Version,session.Handshake,false, true, handshakeHash);
#if DEBUG
                                Console.Write("Handshake Hash:");
                                TLSUtils.WriteToConsole(handshakeHash);
                                Console.Write("Sent Verify:");
                                TLSUtils.WriteToConsole(finished.VerifyData);
                                Console.Write("Calc Verify:");
                                TLSUtils.WriteToConsole(calculatedVerifyData);
#endif
                                if (TLSUtils.ByteArrayCompare(finished.VerifyData, calculatedVerifyData))
                                {

                                    SendChangeCipherSpec(session);
                                    session.Handshake.UpdateHandshakeHash(data);
                                    handshakeHash = session.Handshake.GetHash();
                                    Finished serverFinished = new Finished();
                                    serverFinished.VerifyData = TLSUtils.GetVerifyData(session.Version,session.Handshake,false, false, handshakeHash);
                                    SendResponse(session, serverFinished, session.Handshake.MessageSequence);
                                    session.Handshake.MessageSequence++;
                                }
                                else
                                {
                                    throw new Exception();
                                }
                            }
                            break;
                        default:
                            break;
                    }
                }
            }
        }
        public void ProcessHandshake(DTLSRecord record)
        {
#if DEBUG
            Console.WriteLine($"> ProcessHandshake got {record}");
#endif
            SocketAddress address = record.RemoteEndPoint.Serialize();
            Session       session = Sessions.GetSession(address);
            byte[]        data;
            if ((session != null) && session.IsEncypted(record))
            {
                int count = 0;
                while ((session.Cipher == null) && (count < (HandshakeTimeout / HANDSHAKE_DWELL_TIME)))
                {
                    System.Threading.Thread.Sleep(HANDSHAKE_DWELL_TIME);
                    count++;
                }

                if (session.Cipher == null)
                {
                    throw new Exception($"HandshakeTimeout: >{HandshakeTimeout}");
                }

                if (session.Cipher != null)
                {
                    long sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                    data = session.Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
                }
                else
                {
                    data = record.Fragment;
                }
            }
            else
            {
                data = record.Fragment;
            }
            using (MemoryStream stream = new MemoryStream(data))
            {
                HandshakeRecord handshakeRecord = HandshakeRecord.Deserialise(stream);
                if (handshakeRecord != null)
                {
#if DEBUG
                    Console.WriteLine(handshakeRecord.MessageType.ToString());
#endif
                    switch (handshakeRecord.MessageType)
                    {
                    case THandshakeType.HelloRequest:
                        //HelloReq
                        break;

                    case THandshakeType.ClientHello:
                        ClientHello clientHello = ClientHello.Deserialise(stream);
                        if (clientHello != null)
                        {
                            byte[] cookie = clientHello.CalculateCookie(record.RemoteEndPoint, _HelloSecret);

                            if (clientHello.Cookie == null)
                            {
                                Version version = clientHello.ClientVersion;
                                if (ServerVersion < version)
                                {
                                    version = ServerVersion;
                                }
                                if (session == null)
                                {
                                    session = new Session
                                    {
                                        SessionID      = Guid.NewGuid(),
                                        RemoteEndPoint = record.RemoteEndPoint,
                                        Version        = version
                                    };
                                    Sessions.AddSession(address, session);
                                }
                                else
                                {
                                    session.Reset();
                                    session.Version = version;
                                }
                                session.ClientEpoch          = record.Epoch;
                                session.ClientSequenceNumber = record.SequenceNumber;
                                //session.Handshake.UpdateHandshakeHash(data);
                                HelloVerifyRequest helloVerifyRequest = new HelloVerifyRequest
                                {
                                    Cookie        = cookie,
                                    ServerVersion = ServerVersion
                                };
                                SendResponse(session, (IHandshakeMessage)helloVerifyRequest, 0);
                            }
                            else
                            {
                                if (session != null && session.Cipher != null && !session.IsEncypted(record))
                                {
                                    session.Reset();
                                }

                                if (TLSUtils.ByteArrayCompare(clientHello.Cookie, cookie))
                                {
                                    Version version = clientHello.ClientVersion;
                                    if (ServerVersion < version)
                                    {
                                        version = ServerVersion;
                                    }
                                    if (clientHello.SessionID == null)
                                    {
                                        if (session == null)
                                        {
                                            session = new Session();
                                            session.NextSequenceNumber();
                                            session.SessionID      = Guid.NewGuid();
                                            session.RemoteEndPoint = record.RemoteEndPoint;
                                            Sessions.AddSession(address, session);
                                        }
                                    }
                                    else
                                    {
                                        Guid sessionID = Guid.Empty;
                                        if (clientHello.SessionID.Length >= 16)
                                        {
                                            byte[] receivedSessionID = new byte[16];
                                            Buffer.BlockCopy(clientHello.SessionID, 0, receivedSessionID, 0, 16);
                                            sessionID = new Guid(receivedSessionID);
                                        }
                                        if (sessionID != Guid.Empty)
                                        {
                                            session = Sessions.GetSession(sessionID);
                                        }
                                        if (session == null)
                                        {
                                            //need to Find Session
                                            session = new Session
                                            {
                                                SessionID = Guid.NewGuid()
                                            };
                                            session.NextSequenceNumber();
                                            session.RemoteEndPoint = record.RemoteEndPoint;
                                            Sessions.AddSession(address, session);
                                            //session.Version = clientHello.ClientVersion;
                                        }
                                    }
                                    session.Version = version;
                                    session.Handshake.InitaliseHandshakeHash(version < DTLSRecord.Version1_2);
                                    session.Handshake.UpdateHandshakeHash(data);
                                    TCipherSuite cipherSuite = TCipherSuite.TLS_NULL_WITH_NULL_NULL;
                                    foreach (TCipherSuite item in clientHello.CipherSuites)
                                    {
                                        if (_SupportedCipherSuites.ContainsKey(item) && CipherSuites.SupportedVersion(item, session.Version) && CipherSuites.SuiteUsable(item, PrivateKey, _PSKIdentities, _ValidatePSK != null))
                                        {
                                            cipherSuite = item;
                                            break;
                                        }
                                    }

                                    TKeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(cipherSuite);

                                    ServerHello serverHello     = new ServerHello();
                                    byte[]      clientSessionID = new byte[32];
                                    byte[]      temp            = session.SessionID.ToByteArray();
                                    Buffer.BlockCopy(temp, 0, clientSessionID, 0, 16);
                                    Buffer.BlockCopy(temp, 0, clientSessionID, 16, 16);

                                    serverHello.SessionID = clientSessionID;    // session.SessionID.ToByteArray();
                                    serverHello.Random    = new RandomData();
                                    serverHello.Random.Generate();
                                    serverHello.CipherSuite   = (ushort)cipherSuite;
                                    serverHello.ServerVersion = session.Version;

                                    THashAlgorithm hash  = THashAlgorithm.SHA256;
                                    TEllipticCurve curve = TEllipticCurve.secp521r1;
                                    if (clientHello.Extensions != null)
                                    {
                                        foreach (Extension extension in clientHello.Extensions)
                                        {
                                            if (extension.SpecifcExtension is ClientCertificateTypeExtension)
                                            {
                                                ClientCertificateTypeExtension clientCertificateType = extension.SpecifcExtension as ClientCertificateTypeExtension;
                                                //TCertificateType certificateType = TCertificateType.Unknown;
                                                //foreach (TCertificateType item in clientCertificateType.CertificateTypes)
                                                //{

                                                //}
                                                //serverHello.AddExtension(new ClientCertificateTypeExtension(certificateType));
                                            }
                                            else if (extension.SpecifcExtension is EllipticCurvesExtension)
                                            {
                                                EllipticCurvesExtension ellipticCurves = extension.SpecifcExtension as EllipticCurvesExtension;
                                                foreach (TEllipticCurve item in ellipticCurves.SupportedCurves)
                                                {
                                                    if (EllipticCurveFactory.SupportedCurve(item))
                                                    {
                                                        curve = item;
                                                        break;
                                                    }
                                                }
                                            }
                                            else if (extension.SpecifcExtension is ServerCertificateTypeExtension)
                                            {
                                                //serverHello.AddExtension();
                                            }
                                            else if (extension.SpecifcExtension is SignatureAlgorithmsExtension)
                                            {
                                                SignatureAlgorithmsExtension signatureAlgorithms = extension.SpecifcExtension as SignatureAlgorithmsExtension;
                                                foreach (SignatureHashAlgorithm item in signatureAlgorithms.SupportedAlgorithms)
                                                {
                                                    if (item.Signature == TSignatureAlgorithm.ECDSA)
                                                    {
                                                        hash = item.Hash;
                                                        break;
                                                    }
                                                }
                                            }
                                        }
                                    }

                                    session.Handshake.CipherSuite  = cipherSuite;
                                    session.Handshake.ClientRandom = clientHello.Random;
                                    session.Handshake.ServerRandom = serverHello.Random;


                                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                    {
                                        EllipticCurvePointFormatsExtension pointFormatsExtension = new EllipticCurvePointFormatsExtension();
                                        pointFormatsExtension.SupportedPointFormats.Add(TEllipticCurvePointFormat.Uncompressed);
                                        serverHello.AddExtension(pointFormatsExtension);
                                    }
                                    session.Handshake.MessageSequence = 1;
                                    SendResponse(session, serverHello, session.Handshake.MessageSequence);
                                    session.Handshake.MessageSequence++;

                                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                                    {
                                        if (Certificate != null)
                                        {
                                            SendResponse(session, Certificate, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;
                                        }
                                        ECDHEKeyExchange keyExchange = new ECDHEKeyExchange
                                        {
                                            Curve = curve,
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        keyExchange.GenerateEphemeralKey();
                                        session.Handshake.KeyExchange = keyExchange;
                                        if (session.Version == DTLSRecord.DefaultVersion)
                                        {
                                            hash = THashAlgorithm.SHA1;
                                        }
                                        ECDHEServerKeyExchange serverKeyExchange = new ECDHEServerKeyExchange(keyExchange, hash, TSignatureAlgorithm.ECDSA, PrivateKey);
                                        SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;
                                        if (_RequireClientCertificate)
                                        {
                                            CertificateRequest certificateRequest = new CertificateRequest();
                                            certificateRequest.CertificateTypes.Add(TClientCertificateType.ECDSASign);
                                            certificateRequest.SupportedAlgorithms.Add(new SignatureHashAlgorithm()
                                            {
                                                Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA
                                            });
                                            SendResponse(session, certificateRequest, session.Handshake.MessageSequence);
                                            session.Handshake.MessageSequence++;
                                        }
                                    }
                                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                                    {
                                        ECDHEKeyExchange keyExchange = new ECDHEKeyExchange
                                        {
                                            Curve = curve,
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        keyExchange.GenerateEphemeralKey();
                                        session.Handshake.KeyExchange = keyExchange;
                                        ECDHEPSKServerKeyExchange serverKeyExchange = new ECDHEPSKServerKeyExchange(keyExchange);
                                        SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        session.Handshake.MessageSequence++;
                                    }
                                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                                    {
                                        PSKKeyExchange keyExchange = new PSKKeyExchange
                                        {
                                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                                            ClientRandom         = clientHello.Random,
                                            ServerRandom         = serverHello.Random
                                        };
                                        session.Handshake.KeyExchange = keyExchange;
                                        //Need to be able to hint identity?? for PSK if not hinting don't really need key exchange message
                                        //PSKServerKeyExchange serverKeyExchange = new PSKServerKeyExchange();
                                        //SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                                        //session.Handshake.MessageSequence++;
                                    }
                                    SendResponse(session, new ServerHelloDone(), session.Handshake.MessageSequence);
                                    session.Handshake.MessageSequence++;
                                }
                            }
                        }
                        break;

                    case THandshakeType.ServerHello:
                        break;

                    case THandshakeType.HelloVerifyRequest:
                        break;

                    case THandshakeType.Certificate:
                        Certificate clientCertificate = Certificate.Deserialise(stream, TCertificateType.X509);
                        if (clientCertificate.CertChain.Count > 0)
                        {
                            session.CertificateInfo = Certificates.GetCertificateInfo(clientCertificate.CertChain[0], TCertificateFormat.CER);
                        }
                        session.Handshake.UpdateHandshakeHash(data);
                        break;

                    case THandshakeType.ServerKeyExchange:
                        break;

                    case THandshakeType.CertificateRequest:
                        break;

                    case THandshakeType.ServerHelloDone:
                        break;

                    case THandshakeType.CertificateVerify:
                        CertificateVerify certificateVerify = CertificateVerify.Deserialise(stream, session.Version);
                        session.Handshake.UpdateHandshakeHash(data);
                        break;

                    case THandshakeType.ClientKeyExchange:
                        if ((session == null) || (session.Handshake.KeyExchange == null))
                        {
                        }
                        else
                        {
                            session.Handshake.UpdateHandshakeHash(data);
                            byte[] preMasterSecret = null;
                            if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                            {
                                ECDHEClientKeyExchange clientKeyExchange = ECDHEClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                    preMasterSecret = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                }
                            }
                            else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                            {
                                ECDHEPSKClientKeyExchange clientKeyExchange = ECDHEPSKClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                    byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                    if (psk == null)
                                    {
                                        psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                        if (psk != null)
                                        {
                                            _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                        }
                                    }

                                    if (psk != null)
                                    {
                                        ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                        byte[]           otherSecret   = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                                    }
                                }
                            }
                            else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                            {
                                PSKClientKeyExchange clientKeyExchange = PSKClientKeyExchange.Deserialise(stream);
                                if (clientKeyExchange != null)
                                {
                                    session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                                    byte[] psk = _PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                                    if (psk == null)
                                    {
                                        psk = _ValidatePSK(clientKeyExchange.PSKIdentity);
                                        if (psk != null)
                                        {
                                            _PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                        }
                                    }

                                    if (psk != null)
                                    {
                                        ECDHEKeyExchange ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                        byte[]           otherSecret   = new byte[psk.Length];
                                        preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                                    }
                                }
                            }

                            if (preMasterSecret != null)
                            {
                                //session.MasterSecret = TLSUtils.CalculateMasterSecret(preMasterSecret, session.KeyExchange);
                                //TLSUtils.AssignCipher(session);

                                session.Cipher = TLSUtils.AssignCipher(preMasterSecret, false, session.Version, session.Handshake);
                            }
                            else
                            {
                                Console.WriteLine($"preMasterSecret is null!");
                            }
                        }
                        break;

                    case THandshakeType.Finished:
                        Finished finished = Finished.Deserialise(stream);
                        if (session != null)
                        {
                            byte[] handshakeHash        = session.Handshake.GetHash();
                            byte[] calculatedVerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, true, handshakeHash);
#if DEBUG
                            Console.Write($"Handshake Hash: {TLSUtils.WriteToString(handshakeHash)}");
                            Console.Write($"Sent Verify: {TLSUtils.WriteToString(finished.VerifyData)}");
                            Console.Write($"Calc Verify: {TLSUtils.WriteToString(calculatedVerifyData)}");
#endif
                            if (TLSUtils.ByteArrayCompare(finished.VerifyData, calculatedVerifyData))
                            {
                                SendChangeCipherSpec(session);
                                session.Handshake.UpdateHandshakeHash(data);
                                handshakeHash = session.Handshake.GetHash();
                                Finished serverFinished = new Finished
                                {
                                    VerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, false, handshakeHash)
                                };
                                SendResponse(session, serverFinished, session.Handshake.MessageSequence);
                                session.Handshake.MessageSequence++;
                            }
                            else
                            {
                                throw new Exception();
                            }
                        }
                        break;

                    default:
                        break;
                    }
                }
            }
        }
Beispiel #8
0
        private void ProcessHandshake(DTLSRecord record)
        {
            byte[] data;
            if (_EncyptedServerEpoch.HasValue && (_EncyptedServerEpoch.Value == record.Epoch))
            {

                int count = 0;
                while ((_Cipher == null) && (count < 500))
                {
                    System.Threading.Thread.Sleep(10);
                    count++;
                }

                if (_Cipher == null)
                    throw new Exception();


                if (_Cipher != null)
                {
                    long sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                    data = _Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
                }
                else
                    data = record.Fragment;
            }
            else
                data = record.Fragment;

            using (MemoryStream stream = new MemoryStream(data))
            {
                HandshakeRecord handshakeRecord = HandshakeRecord.Deserialise(stream);
                if (handshakeRecord != null)
                {
#if DEBUG
                    Console.WriteLine(handshakeRecord.MessageType.ToString());
#endif
                    switch (handshakeRecord.MessageType)
                    {
                        case THandshakeType.HelloRequest:
                            break;
                        case THandshakeType.ClientHello:
                            break;
                        case THandshakeType.ServerHello:
                            ServerHello serverHello = ServerHello.Deserialise(stream);
                            if (serverHello != null)
                            {
                                _ServerEpoch = record.Epoch;
                                _HandshakeInfo.UpdateHandshakeHash(data);
                                _HandshakeInfo.CipherSuite = (TCipherSuite)serverHello.CipherSuite;
                                _HandshakeInfo.ServerRandom = serverHello.Random;
                                Version version = SupportedVersion;
                                if (serverHello.ServerVersion < version)
                                    version = serverHello.ServerVersion;
                                _Version = version;
                            }
                            break;
                        case THandshakeType.HelloVerifyRequest:
                            HelloVerifyRequest helloVerifyRequest = HelloVerifyRequest.Deserialise(stream);
                            if (helloVerifyRequest != null)
                            {
                                _Version = helloVerifyRequest.ServerVersion;
                                SendHello(helloVerifyRequest.Cookie);
                            }
                            break;
                        case THandshakeType.Certificate:
                            _HandshakeInfo.UpdateHandshakeHash(data);
                            break;
                        case THandshakeType.ServerKeyExchange:
                            _HandshakeInfo.UpdateHandshakeHash(data);
                            TKeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(_HandshakeInfo.CipherSuite);
                            byte[] preMasterSecret = null;
                            IKeyExchange keyExchange = null;
                            if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                            {
                                ECDHEServerKeyExchange serverKeyExchange = ECDHEServerKeyExchange.Deserialise(stream, _Version);
                                ECDHEKeyExchange keyExchangeECDHE = new ECDHEKeyExchange();
                                keyExchangeECDHE.CipherSuite = _HandshakeInfo.CipherSuite;
                                keyExchangeECDHE.Curve = serverKeyExchange.EllipticCurve;
                                keyExchangeECDHE.KeyExchangeAlgorithm = keyExchangeAlgorithm;
                                keyExchangeECDHE.ClientRandom = _HandshakeInfo.ClientRandom;
                                keyExchangeECDHE.ServerRandom = _HandshakeInfo.ServerRandom;
                                keyExchangeECDHE.GenerateEphemeralKey();
                                ECDHEClientKeyExchange clientKeyExchange = new ECDHEClientKeyExchange(keyExchangeECDHE.PublicKey);
                                _ClientKeyExchange = clientKeyExchange;
                                preMasterSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                                keyExchange = keyExchangeECDHE;
                            }
                            else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                            {
                                ECDHEPSKServerKeyExchange serverKeyExchange = ECDHEPSKServerKeyExchange.Deserialise(stream, _Version);
                                ECDHEKeyExchange keyExchangeECDHE = new ECDHEKeyExchange();
                                keyExchangeECDHE.CipherSuite = _HandshakeInfo.CipherSuite;
                                keyExchangeECDHE.Curve = serverKeyExchange.EllipticCurve;
                                keyExchangeECDHE.KeyExchangeAlgorithm = keyExchangeAlgorithm;
                                keyExchangeECDHE.ClientRandom = _HandshakeInfo.ClientRandom;
                                keyExchangeECDHE.ServerRandom = _HandshakeInfo.ServerRandom;
                                keyExchangeECDHE.GenerateEphemeralKey();
                                ECDHEPSKClientKeyExchange clientKeyExchange = new ECDHEPSKClientKeyExchange(keyExchangeECDHE.PublicKey);
                                if (serverKeyExchange.PSKIdentityHint != null)
                                {
                                    byte[] key = _PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                                    if (key != null)
                                        _PSKIdentity = new PSKIdentity() { Identity = serverKeyExchange.PSKIdentityHint, Key = key };
                                }
                                if (_PSKIdentity == null)
                                    _PSKIdentity = _PSKIdentities.GetRandom();
                                clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                                _ClientKeyExchange = clientKeyExchange;
                                byte[] otherSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes);
                                preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                                keyExchange = keyExchangeECDHE;
                            }
                            else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                            {
                                PSKServerKeyExchange serverKeyExchange = PSKServerKeyExchange.Deserialise(stream, _Version);
                                PSKClientKeyExchange clientKeyExchange = new PSKClientKeyExchange();
                                if (serverKeyExchange.PSKIdentityHint != null)
                                {
                                    byte[] key = _PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint);
                                    if (key != null)
                                        _PSKIdentity = new PSKIdentity() { Identity = serverKeyExchange.PSKIdentityHint, Key = key };
                                }
                                if (_PSKIdentity == null)
                                    _PSKIdentity = _PSKIdentities.GetRandom();
                                byte[] otherSecret = new byte[_PSKIdentity.Key.Length];
                                clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                                _ClientKeyExchange = clientKeyExchange;
                                preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                            }
                            _Cipher = TLSUtils.AssignCipher(preMasterSecret, true, _Version, _HandshakeInfo);

                            break;
                        case THandshakeType.CertificateRequest:
                            _HandshakeInfo.UpdateHandshakeHash(data);
                            _SendCertificate = true;
                            break;
                        case THandshakeType.ServerHelloDone:
                            _HandshakeInfo.UpdateHandshakeHash(data);
                            if (_Cipher == null)
                            {
                                keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(_HandshakeInfo.CipherSuite);
                                if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                                {
                                    PSKClientKeyExchange clientKeyExchange = new PSKClientKeyExchange();
                                    _PSKIdentity = _PSKIdentities.GetRandom();
                                    byte[] otherSecret = new byte[_PSKIdentity.Key.Length];
                                    clientKeyExchange.PSKIdentity = _PSKIdentity.Identity;
                                    _ClientKeyExchange = clientKeyExchange;
                                    preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, _PSKIdentity.Key);
                                    _Cipher = TLSUtils.AssignCipher(preMasterSecret, true, _Version, _HandshakeInfo);
                                }
                            }

                            if (_SendCertificate)
                            {
                                SendHandshakeMessage(_Certificate, false);
                            }
                            SendHandshakeMessage(_ClientKeyExchange, false);
                            if (_SendCertificate)
                            {
                                CertificateVerify certificateVerify = new CertificateVerify();
                                byte[] signatureHash = _HandshakeInfo.GetHash();
                                certificateVerify.SignatureHashAlgorithm = new SignatureHashAlgorithm() { Signature = TSignatureAlgorithm.ECDSA, Hash = THashAlgorithm.SHA256 };
                                certificateVerify.Signature = TLSUtils.Sign(_PrivateKey, true, _Version, _HandshakeInfo, certificateVerify.SignatureHashAlgorithm, signatureHash);
                                SendHandshakeMessage(certificateVerify, false);
                            }
                            SendChangeCipherSpec();
                            byte[] handshakeHash = _HandshakeInfo.GetHash();
                            Finished finished = new Finished();
                            finished.VerifyData = TLSUtils.GetVerifyData(_Version,_HandshakeInfo,true, true, handshakeHash);
                            SendHandshakeMessage(finished, true);
#if DEBUG
                            Console.Write("Handshake Hash:");
                            TLSUtils.WriteToConsole(handshakeHash);
                            Console.Write("Sent Verify:");
                            TLSUtils.WriteToConsole(finished.VerifyData);
#endif
                            break;
                        case THandshakeType.CertificateVerify:
                            break;
                        case THandshakeType.ClientKeyExchange:
                            break;
                        case THandshakeType.Finished:
                            Finished serverFinished = Finished.Deserialise(stream);
                            handshakeHash = _HandshakeInfo.GetHash();
                            byte[] calculatedVerifyData = TLSUtils.GetVerifyData(_Version,_HandshakeInfo, true, false, handshakeHash);
#if DEBUG
                            Console.Write("Recieved Verify:");
                            TLSUtils.WriteToConsole(serverFinished.VerifyData);
                            Console.Write("Calc Verify:");
                            TLSUtils.WriteToConsole(calculatedVerifyData);
#endif
                            if (TLSUtils.ByteArrayCompare(serverFinished.VerifyData, calculatedVerifyData))
                            {
#if DEBUG
                                Console.WriteLine("Handshake Complete");
#endif
                                _Connected.Set();
                            }
                            break;
                        default:
                            break;
                    }
                }
            }
        }
		public ECDHEServerKeyExchange(ECDHEKeyExchange keyExchange, THashAlgorithm hashAlgorithm, TSignatureAlgorithm signatureAlgorithm, AsymmetricKeyParameter serverPrivateKey)
		{
			_EllipticCurveType = TEllipticCurveType.NamedCurve;
			_EllipticCurve = keyExchange.Curve;
			_HashAlgorithm = hashAlgorithm;
			_SignatureAlgorithm = signatureAlgorithm;

			System.IO.MemoryStream stream = new System.IO.MemoryStream();
			stream.WriteByte((byte)_EllipticCurveType);
			NetworkByteOrderConverter.WriteUInt16(stream, (ushort)_EllipticCurve);
			byte[] pointEncoded = keyExchange.PublicKey.Q.GetEncoded(false);
			stream.WriteByte((byte)pointEncoded.Length);
			stream.Write(pointEncoded, 0, pointEncoded.Length);
			_ServerParams = stream.ToArray();


			//IDigest hashMD5 = GetDigest(THashAlgorithm.MD5);
			//IDigest hashSHA = GetDigest(THashAlgorithm.SHA1);
			//int size = hashMD5.GetDigestSize();
			//byte[] hash = new byte[size + hashSHA.GetDigestSize()];
			//hashMD5.BlockUpdate(clientRandom.RandomBytes, 0, clientRandom.RandomBytes.Length);
			//hashMD5.BlockUpdate(serverRandom.RandomBytes, 0, serverRandom.RandomBytes.Length);
			//hashMD5.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
			//hashMD5.DoFinal(hash, 0);
			//hashSHA.BlockUpdate(clientRandom.RandomBytes, 0, clientRandom.RandomBytes.Length);
			//hashSHA.BlockUpdate(serverRandom.RandomBytes, 0, serverRandom.RandomBytes.Length);
			//hashSHA.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
			//hashSHA.DoFinal(hash, size);

			//ISigner signer = GetSigner(signatureAlgorithm, THashAlgorithm.None, serverPrivateKey);
			//signer.BlockUpdate(hash, 0, hash.Length);
			//_Signature = signer.GenerateSignature();

			ISigner signer = GetSigner(signatureAlgorithm, hashAlgorithm, serverPrivateKey);
			byte[] clientRandomBytes = keyExchange.ClientRandom.Serialise();
			byte[] serverRandomBytes = keyExchange.ServerRandom.Serialise();
			signer.BlockUpdate(clientRandomBytes, 0, clientRandomBytes.Length);
			signer.BlockUpdate(serverRandomBytes, 0, serverRandomBytes.Length);
			signer.BlockUpdate(_ServerParams, 0, _ServerParams.Length);
			_Signature = signer.GenerateSignature();

		}
Beispiel #10
0
        public void ProcessHandshake(DTLSRecord record)
        {
            if (record == null)
            {
                throw new ArgumentNullException(nameof(record));
            }

            var address = record.RemoteEndPoint.Serialize();
            var session = this.Sessions.GetSession(address);
            var data    = record.Fragment;

            if ((session != null) && session.IsEncypted(record))
            {
                var count = 0;
                while ((session.Cipher == null) && (count < 50))
                {
                    System.Threading.Thread.Sleep(10);
                    count++;
                }

                if (session.Cipher == null)
                {
                    throw new Exception("Need Cipher for Encrypted Session");
                }

                var sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber;
                data = session.Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length);
            }

            using (var stream = new MemoryStream(data))
            {
                var handshakeRecord = HandshakeRecord.Deserialise(stream);
                switch (handshakeRecord.MessageType)
                {
                case THandshakeType.HelloRequest:
                {
                    //HelloReq
                    break;
                }

                case THandshakeType.ClientHello:
                {
                    var clientHello = ClientHello.Deserialise(stream);
                    var cookie      = clientHello.CalculateCookie(record.RemoteEndPoint, this._HelloSecret);

                    if (clientHello.Cookie == null)
                    {
                        var vers = clientHello.ClientVersion;
                        if (this.ServerVersion < vers)
                        {
                            vers = this.ServerVersion;
                        }

                        if (session == null)
                        {
                            session = new Session
                            {
                                SessionID      = Guid.NewGuid(),
                                RemoteEndPoint = record.RemoteEndPoint,
                                Version        = vers
                            };
                            this.Sessions.AddSession(address, session);
                        }
                        else
                        {
                            session.Reset();
                            session.Version = vers;
                        }

                        session.ClientEpoch          = record.Epoch;
                        session.ClientSequenceNumber = record.SequenceNumber;

                        var helloVerifyRequest = new HelloVerifyRequest
                        {
                            Cookie        = cookie,
                            ServerVersion = ServerVersion
                        };

                        this.SendResponse(session, helloVerifyRequest, 0);
                        break;
                    }

                    if (session != null && session.Cipher != null && !session.IsEncypted(record))
                    {
                        session.Reset();
                    }

                    if (!clientHello.Cookie.SequenceEqual(cookie))
                    {
                        break;
                    }

                    var version = clientHello.ClientVersion;
                    if (this.ServerVersion < version)
                    {
                        version = this.ServerVersion;
                    }

                    if (clientHello.SessionID == null)
                    {
                        if (session == null)
                        {
                            session = new Session();
                            session.NextSequenceNumber();
                            session.SessionID      = Guid.NewGuid();
                            session.RemoteEndPoint = record.RemoteEndPoint;
                            this.Sessions.AddSession(address, session);
                        }
                    }
                    else
                    {
                        if (clientHello.SessionID.Length >= 16)
                        {
                            session = this.Sessions.GetSession(new Guid(clientHello.SessionID.Take(16).ToArray()));
                        }

                        if (session == null)
                        {
                            //need to Find Session
                            session = new Session
                            {
                                SessionID = Guid.NewGuid()
                            };
                            session.NextSequenceNumber();
                            session.RemoteEndPoint = record.RemoteEndPoint;
                            this.Sessions.AddSession(address, session);
                        }
                    }

                    session.Version = version;
                    var cipherSuite = TCipherSuite.TLS_NULL_WITH_NULL_NULL;
                    foreach (TCipherSuite item in clientHello.CipherSuites)
                    {
                        if (this._SupportedCipherSuites.ContainsKey(item) && CipherSuites.SupportedVersion(item, session.Version) && CipherSuites.SuiteUsable(item, this.PrivateKey, this._PSKIdentities, this._ValidatePSK != null))
                        {
                            cipherSuite = item;
                            break;
                        }
                    }

                    var clientSessionID = new byte[32];
                    var temp            = session.SessionID.ToByteArray();
                    Buffer.BlockCopy(temp, 0, clientSessionID, 0, 16);
                    Buffer.BlockCopy(temp, 0, clientSessionID, 16, 16);

                    var serverHello = new ServerHello
                    {
                        SessionID     = clientSessionID,    // session.SessionID.ToByteArray();
                        Random        = new RandomData(),
                        CipherSuite   = (ushort)cipherSuite,
                        ServerVersion = session.Version
                    };
                    serverHello.Random.Generate();

                    session.Handshake.UpdateHandshakeHash(data);
                    session.Handshake.CipherSuite  = cipherSuite;
                    session.Handshake.ClientRandom = clientHello.Random;
                    session.Handshake.ServerRandom = serverHello.Random;

                    var hash  = THashAlgorithm.SHA256;
                    var curve = TEllipticCurve.secp521r1;
                    if (clientHello.Extensions != null)
                    {
                        foreach (var extension in clientHello.Extensions)
                        {
                            if (extension.SpecificExtension is ClientCertificateTypeExtension)
                            {
                                var clientCertificateType = extension.SpecificExtension as ClientCertificateTypeExtension;
                                //TCertificateType certificateType = TCertificateType.Unknown;
                                //foreach (TCertificateType item in clientCertificateType.CertificateTypes)
                                //{

                                //}
                                //serverHello.AddExtension(new ClientCertificateTypeExtension(certificateType));
                            }
                            else if (extension.SpecificExtension is EllipticCurvesExtension)
                            {
                                var ellipticCurves = extension.SpecificExtension as EllipticCurvesExtension;
                                foreach (var item in ellipticCurves.SupportedCurves)
                                {
                                    if (EllipticCurveFactory.SupportedCurve(item))
                                    {
                                        curve = item;
                                        break;
                                    }
                                }
                            }
                            else if (extension.SpecificExtension is ServerCertificateTypeExtension)
                            {
                                //serverHello.AddExtension();
                            }
                            else if (extension.SpecificExtension is SignatureAlgorithmsExtension)
                            {
                                var signatureAlgorithms = extension.SpecificExtension as SignatureAlgorithmsExtension;
                                foreach (var item in signatureAlgorithms.SupportedAlgorithms)
                                {
                                    if (item.Signature == TSignatureAlgorithm.ECDSA)
                                    {
                                        hash = item.Hash;
                                        break;
                                    }
                                }
                            }
                        }
                    }

                    var keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(cipherSuite);
                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                    {
                        var pointFormatsExtension = new EllipticCurvePointFormatsExtension();
                        pointFormatsExtension.SupportedPointFormats.Add(TEllipticCurvePointFormat.Uncompressed);
                        serverHello.AddExtension(pointFormatsExtension);
                    }

                    session.Handshake.MessageSequence = 1;
                    this.SendResponse(session, serverHello, session.Handshake.MessageSequence);
                    session.Handshake.MessageSequence++;

                    if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                    {
                        if (this.Certificate != null)
                        {
                            this.SendResponse(session, this.Certificate, session.Handshake.MessageSequence);
                            session.Handshake.MessageSequence++;
                        }

                        var keyExchange = new ECDHEKeyExchange
                        {
                            Curve = curve,
                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                            ClientRandom         = clientHello.Random,
                            ServerRandom         = serverHello.Random
                        };

                        keyExchange.GenerateEphemeralKey();
                        session.Handshake.KeyExchange = keyExchange;
                        if (session.Version == DTLSRecord.DefaultVersion)
                        {
                            hash = THashAlgorithm.SHA1;
                        }

                        var serverKeyExchange = new ECDHEServerKeyExchange(keyExchange, hash, TSignatureAlgorithm.ECDSA, this.PrivateKey);
                        this.SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);

                        session.Handshake.MessageSequence++;
                        if (this._RequireClientCertificate)
                        {
                            var certificateRequest = new CertificateRequest();
                            certificateRequest.CertificateTypes.Add(TClientCertificateType.ECDSASign);
                            certificateRequest.SupportedAlgorithms.Add(new SignatureHashAlgorithm()
                                {
                                    Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA
                                });
                            this.SendResponse(session, certificateRequest, session.Handshake.MessageSequence);
                            session.Handshake.MessageSequence++;
                        }
                    }
                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                    {
                        var keyExchange = new ECDHEKeyExchange
                        {
                            Curve = curve,
                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                            ClientRandom         = clientHello.Random,
                            ServerRandom         = serverHello.Random
                        };

                        keyExchange.GenerateEphemeralKey();
                        session.Handshake.KeyExchange = keyExchange;
                        var serverKeyExchange = new ECDHEPSKServerKeyExchange(keyExchange);
                        this.SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                        session.Handshake.MessageSequence++;
                    }
                    else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                    {
                        var keyExchange = new PSKKeyExchange
                        {
                            KeyExchangeAlgorithm = keyExchangeAlgorithm,
                            ClientRandom         = clientHello.Random,
                            ServerRandom         = serverHello.Random
                        };
                        session.Handshake.KeyExchange = keyExchange;
                        //Need to be able to hint identity?? for PSK if not hinting don't really need key exchange message
                        //PSKServerKeyExchange serverKeyExchange = new PSKServerKeyExchange();
                        //SendResponse(session, serverKeyExchange, session.Handshake.MessageSequence);
                        //session.Handshake.MessageSequence++;
                    }
                    this.SendResponse(session, new ServerHelloDone(), session.Handshake.MessageSequence);
                    session.Handshake.MessageSequence++;
                    break;
                }

                case THandshakeType.ServerHello:
                {
                    break;
                }

                case THandshakeType.HelloVerifyRequest:
                {
                    break;
                }

                case THandshakeType.Certificate:
                {
                    var clientCertificate = Certificate.Deserialise(stream, TCertificateType.X509);
                    if (clientCertificate.CertChain.Count > 0)
                    {
                        session.CertificateInfo = Certificates.GetCertificateInfo(clientCertificate.CertChain[0], TCertificateFormat.CER);
                    }
                    session.Handshake.UpdateHandshakeHash(data);
                    break;
                }

                case THandshakeType.ServerKeyExchange:
                {
                    break;
                }

                case THandshakeType.CertificateRequest:
                {
                    break;
                }

                case THandshakeType.ServerHelloDone:
                {
                    break;
                }

                case THandshakeType.CertificateVerify:
                {
                    var certificateVerify = CertificateVerify.Deserialise(stream, session.Version);
                    session.Handshake.UpdateHandshakeHash(data);
                }
                break;

                case THandshakeType.ClientKeyExchange:
                {
                    if ((session == null) || (session.Handshake.KeyExchange == null))
                    {
                        break;
                    }

                    session.Handshake.UpdateHandshakeHash(data);
                    byte[] preMasterSecret = null;
                    if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA)
                    {
                        var clientKeyExchange = ECDHEClientKeyExchange.Deserialise(stream);
                        if (clientKeyExchange != null)
                        {
                            var ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                            preMasterSecret = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                        }
                    }
                    else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK)
                    {
                        var clientKeyExchange = ECDHEPSKClientKeyExchange.Deserialise(stream);
                        if (clientKeyExchange != null)
                        {
                            session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                            var psk = this._PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                            if (psk == null)
                            {
                                psk = this._ValidatePSK(clientKeyExchange.PSKIdentity);
                                if (psk != null)
                                {
                                    this._PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                }
                            }

                            if (psk != null)
                            {
                                var ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                var otherSecret   = ecKeyExchange.GetPreMasterSecret(clientKeyExchange.PublicKeyBytes);
                                preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                            }
                        }
                    }
                    else if (session.Handshake.KeyExchange.KeyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK)
                    {
                        var clientKeyExchange = PSKClientKeyExchange.Deserialise(stream);
                        if (clientKeyExchange != null)
                        {
                            session.PSKIdentity = Encoding.UTF8.GetString(clientKeyExchange.PSKIdentity);
                            var psk = this._PSKIdentities.GetKey(clientKeyExchange.PSKIdentity);

                            if (psk == null)
                            {
                                psk = this._ValidatePSK(clientKeyExchange.PSKIdentity);
                                if (psk != null)
                                {
                                    this._PSKIdentities.AddIdentity(clientKeyExchange.PSKIdentity, psk);
                                }
                            }

                            if (psk != null)
                            {
                                var ecKeyExchange = session.Handshake.KeyExchange as ECDHEKeyExchange;
                                var otherSecret   = new byte[psk.Length];
                                preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, psk);
                            }
                        }
                    }

                    if (preMasterSecret != null)
                    {
                        //session.MasterSecret = TLSUtils.CalculateMasterSecret(preMasterSecret, session.KeyExchange);
                        //TLSUtils.AssignCipher(session);

                        session.Cipher = TLSUtils.AssignCipher(preMasterSecret, false, session.Version, session.Handshake);
                    }
                    break;
                }

                case THandshakeType.Finished:
                {
                    var finished = Finished.Deserialise(stream);
                    if (session == null)
                    {
                        break;
                    }

                    var handshakeHash        = session.Handshake.GetHash(session.Version);
                    var calculatedVerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, true, handshakeHash);
                    if (!finished.VerifyData.SequenceEqual(calculatedVerifyData))
                    {
                        throw new Exception();
                    }

                    this.SendChangeCipherSpec(session);
                    session.Handshake.UpdateHandshakeHash(data);
                    handshakeHash = session.Handshake.GetHash(session.Version);
                    var serverFinished = new Finished
                    {
                        VerifyData = TLSUtils.GetVerifyData(session.Version, session.Handshake, false, false, handshakeHash)
                    };
                    this.SendResponse(session, serverFinished, session.Handshake.MessageSequence);
                    session.Handshake.MessageSequence++;
                    break;
                }

                default:
                    break;
                }
            }
        }