private void AddFinished(OutgoingMessageBag outgoingMessages) { m_localHash.TransformFinalBlock(EmptyArray <byte> .Instance, 0, 0); byte[] seed = m_localHash.Hash; m_localHash.Dispose(); m_localHash = null; var label = SecurityParameters.Entity == ConnectionEnd.Server ? ServerFinishedLabel : ClientFinshedLabel; var finishedMessage = new FinishedMessage { VerifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength) }; NetMQMessage outgoingMessage = finishedMessage.ToNetMQMessage(); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Finished; if (SecurityParameters.Entity == ConnectionEnd.Client) { HashRemote(outgoingMessage); } }
private void OnHelloRequest(OutgoingMessageBag outgoingMessages) { //客户端根据配置决定握手层版本号 SubProtocolVersion = GetSubProtocol(); var clientHelloMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3) ? new V0_2.HandshakeMessages.ClientHelloMessage() : new ClientHelloMessage(); clientHelloMessage.RandomNumber = new byte[RandomNumberLength]; clientHelloMessage.SessionID = SessionID; m_rng.GetBytes(clientHelloMessage.RandomNumber); ////TODO: 测试 //string random = "5e c2 54 f6 fa cc f1 40 be ec 3b 43 44 1c 72 c3 25 ed 43 7a 5d cf a2 17 33 26 94 48 f7 cb 34 f9"; //clientHelloMessage.RandomNumber = random.ConvertHexToByteArray(); SecurityParameters.ClientRandom = clientHelloMessage.RandomNumber; clientHelloMessage.CipherSuites = AllowedCipherSuites; NetMQMessage outgoingMessage = clientHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); //第一个record的seqnum从0开始 outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientHello; }
private void AddServerHelloMessage(OutgoingMessageBag outgoingMessages, CipherSuite[] cipherSuites) { var serverHelloMessage = new ServerHelloMessage { RandomNumber = new byte[RandomNumberLength] }; m_rng.GetBytes(serverHelloMessage.RandomNumber); SecurityParameters.ServerRandom = serverHelloMessage.RandomNumber; // in case there is no match the server will return this default serverHelloMessage.CipherSuite = CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA; foreach (var cipherSuite in cipherSuites) { if (AllowedCipherSuites.Contains(cipherSuite)) { serverHelloMessage.CipherSuite = cipherSuite; SetCipherSuite(cipherSuite); break; } } NetMQMessage outgoingMessage = serverHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHello; }
private void AddFinished(OutgoingMessageBag outgoingMessages) { m_localHash.TransformFinalBlock(EmptyArray <byte> .Instance, 0, 0); byte[] seed = m_localHash.Hash; #if NET40 m_localHash.Dispose(); #endif m_localHash = null; var label = SecurityParameters.Entity == ConnectionEnd.Server ? ServerFinishedLabel : ClientFinshedLabel; var finishedMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)? new V0_2.HandshakeMessages.FinishedMessage(): new FinishedMessage(); finishedMessage.VerifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength); #if DEBUG Debug.WriteLine("[verify_data]:" + BitConverter.ToString(finishedMessage.VerifyData)); #endif NetMQMessage outgoingMessage = finishedMessage.ToNetMQMessage(); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Finished; if (SecurityParameters.Entity == ConnectionEnd.Client) { HashRemote(outgoingMessage); } }
private void AddFinished(OutgoingMessageBag outgoingMessages) { m_localHash.TransformFinalBlock(new byte[0], 0, 0); byte[] seed = m_localHash.Hash; m_localHash.Dispose(); m_localHash = null; string label; if (SecurityParameters.Entity == ConnectionEnd.Server) { label = ServerFinishedLabel; } else { label = ClientFinshedLabel; } FinishedMessage finishedMessage = new FinishedMessage(); finishedMessage.VerifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength); NetMQMessage outgoingMessage = finishedMessage.ToNetMQMessage(); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Finished; if (SecurityParameters.Entity == ConnectionEnd.Client) { HashRemote(outgoingMessage); } }
private void AddServerHelloDone(OutgoingMessageBag outgoingMessages) { var serverHelloDoneMessage = new ServerHelloDoneMessage(); NetMQMessage outgoingMessage = serverHelloDoneMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHelloDone; }
private void AddServerHelloDone(OutgoingMessageBag outgoingMessages) { var serverHelloDoneMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)? new V0_2.HandshakeMessages.ServerHelloDoneMessage(): new ServerHelloDoneMessage(); NetMQMessage outgoingMessage = serverHelloDoneMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHelloDone; }
private void AddCertificateMessage(OutgoingMessageBag outgoingMessages) { var certificateMessage = new CertificateMessage { Certificate = LocalCertificate }; NetMQMessage outgoingMessage = certificateMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Certificate; }
private void AddCertificateMessage(OutgoingMessageBag outgoingMessages) { var certificateMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)? new V0_2.HandshakeMessages.CertificateMessage(): new CertificateMessage(); certificateMessage.Certificate = LocalCertificate; NetMQMessage outgoingMessage = certificateMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Certificate; }
private void AddServerHelloMessage(OutgoingMessageBag outgoingMessages, CipherSuite[] cipherSuites) { var serverHelloMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)? new V0_2.HandshakeMessages.ServerHelloMessage(): new ServerHelloMessage(); serverHelloMessage.RandomNumber = new byte[RandomNumberLength]; m_rng.GetBytes(serverHelloMessage.RandomNumber); ////TODO: 测试 //string random = "ae f1 ba 12 3a 54 3c 51 7b 3d 49 87 05 80 6e 67 45 c5 76 77 74 26 01 d9 b9 da 69 79 e2 84 1d 37"; //serverHelloMessage.RandomNumber = random.ConvertHexToByteArray(); SecurityParameters.ServerRandom = serverHelloMessage.RandomNumber; //客户端没有传sessionid则生成一个新的sessionid if (this.SessionID.Length == 0) { this.SessionID = Encoding.ASCII.GetBytes(Guid.NewGuid().ToString("N")); } ////TODO: 测试 //this.SessionID = "37 61 36 36 35 64 37 38 36 62 61 36 34 32 62 64 38 36 61 62 32 61 63 39 36 31 35 34 37 34 33 61".ConvertHexToByteArray(); serverHelloMessage.SessionID = this.SessionID; // in case there is no match the server will return this default serverHelloMessage.CipherSuite = CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA; foreach (var cipherSuite in cipherSuites) { if (AllowedCipherSuites.Contains(cipherSuite)) { serverHelloMessage.CipherSuite = cipherSuite; SetCipherSuite(cipherSuite); break; } } NetMQMessage outgoingMessage = serverHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHello; }
private void AddClientKeyExchange(OutgoingMessageBag outgoingMessages) { var clientKeyExchangeMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3) ? new V0_2.HandshakeMessages.ClientKeyExchangeMessage() : new ClientKeyExchangeMessage(); //struct { // ProtocolVersion client_version; // opaque random[46]; //}PreMasterSecret; var premasterSecret = new byte[ClientKeyExchangeMessage.PreMasterSecretLength]; // The version number in the PreMasterSecret is the version // offered by the client in the ClientHello.client_version, not the // version negotiated for the connection. This feature is designed to // prevent rollback attacks.Unfortunately, some old implementations // use the negotiated version instead, and therefore checking the // version number may lead to failure to interoperate with such // incorrect client implementations. // Client implementations MUST always send the correct version number in // PreMasterSecret.If ClientHello.client_version is TLS 1.1 or higher, // server implementations MUST check the version number as described in // the note below.If the version number is TLS 1.0 or earlier, server // implementations SHOULD check the version number, but MAY have a // configuration option to disable the check. premasterSecret[0] = 3; premasterSecret[1] = 3; byte[] random = new byte[46]; m_rng.GetBytes(random); Buffer.BlockCopy(random, 0, premasterSecret, 2, random.Length); ////TODO :测试 //premasterSecret = "03-03-11-41-D4-8F-8C-62-6F-31-12-40-D8-1D-F3-1C-8C-E3-6D-2F-0E-87-C6-DA-D1-17-96-CF-91-CD-EC-DB-F9-B5-52-FB-66-B6-E6-EB-65-71-1F-7A-05-25-0B-03".ConvertHexToByteArray('-'); var rsa = RemoteCertificate.PublicKey.Key as RSACryptoServiceProvider; clientKeyExchangeMessage.EncryptedPreMasterSecret = rsa.Encrypt(premasterSecret, false); GenerateMasterSecret(premasterSecret); NetMQMessage outgoingMessage = clientKeyExchangeMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientKeyExchange; }
private void OnHelloRequest(OutgoingMessageBag outgoingMessages) { ClientHelloMessage clientHelloMessage = new ClientHelloMessage(); clientHelloMessage.RandomNumber = new byte[RandomNumberLength]; m_rng.GetBytes(clientHelloMessage.RandomNumber); SecurityParameters.ClientRandom = clientHelloMessage.RandomNumber; clientHelloMessage.CipherSuites = AllowedCipherSuites; NetMQMessage outgoingMessage = clientHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientHello; }
private void AddClientKeyExchange(OutgoingMessageBag outgoingMessages) { ClientKeyExchangeMessage clientKeyExchangeMessage = new ClientKeyExchangeMessage(); byte[] premasterSecret = new byte[ClientKeyExchangeMessage.PreMasterSecretLength]; m_rng.GetBytes(premasterSecret); RSACryptoServiceProvider rsa = RemoteCertificate.PublicKey.Key as RSACryptoServiceProvider; clientKeyExchangeMessage.EncryptedPreMasterSecret = rsa.Encrypt(premasterSecret, false); GenerateMasterSecret(premasterSecret); NetMQMessage outgoingMessage = clientKeyExchangeMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientKeyExchange; }
private void AddClientKeyExchange(OutgoingMessageBag outgoingMessages) { var clientKeyExchangeMessage = new ClientKeyExchangeMessage(); var premasterSecret = new byte[ClientKeyExchangeMessage.PreMasterSecretLength]; m_rng.GetBytes(premasterSecret); using (var rsa = RemoteCertificate.GetRSAPublicKey()) // .PublicKey.Key as RSA; //RSACryptoServiceProvider; { clientKeyExchangeMessage.EncryptedPreMasterSecret = rsa.Encrypt(premasterSecret, RSAEncryptionPadding.Pkcs1); // false); } GenerateMasterSecret(premasterSecret); NetMQMessage outgoingMessage = clientKeyExchangeMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientKeyExchange; }
private void OnHelloRequest(OutgoingMessageBag outgoingMessages) { ClientHelloMessage clientHelloMessage = new ClientHelloMessage(); clientHelloMessage.RandomNumber = new byte[RandomNumberLength]; m_rng.GetBytes(clientHelloMessage.RandomNumber); SecurityParameters.ClientRandom = clientHelloMessage.RandomNumber; clientHelloMessage.CipherSuites = AllowedCipherSuites; NetMQMessage outgoingMessage = clientHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientHello; }
private void AddServerHelloMessage(OutgoingMessageBag outgoingMessages, CipherSuite[] cipherSuites) { ServerHelloMessage serverHelloMessage = new ServerHelloMessage(); serverHelloMessage.RandomNumber = new byte[RandomNumberLength]; m_rng.GetBytes(serverHelloMessage.RandomNumber); SecurityParameters.ServerRandom = serverHelloMessage.RandomNumber; // in case their is no much the server will return this defaul serverHelloMessage.CipherSuite = CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA; foreach (CipherSuite cipherSuite in cipherSuites) { if (AllowedCipherSuites.Contains(cipherSuite)) { serverHelloMessage.CipherSuite = cipherSuite; SetCipherSuite(cipherSuite); break; } } NetMQMessage outgoingMessage = serverHelloMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHello; }
private void AddServerHelloDone(OutgoingMessageBag outgoingMessages) { ServerHelloDoneMessage serverHelloDoneMessage = new ServerHelloDoneMessage(); NetMQMessage outgoingMessage = serverHelloDoneMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ServerHelloDone; }
private void AddFinished(OutgoingMessageBag outgoingMessages) { m_localHash.TransformFinalBlock(new byte[0], 0, 0); byte[] seed = m_localHash.Hash; m_localHash.Dispose(); m_localHash = null; string label; if (SecurityParameters.Entity == ConnectionEnd.Server) { label = ServerFinishedLabel; } else { label = ClientFinshedLabel; } FinishedMessage finishedMessage = new FinishedMessage(); finishedMessage.VerifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength); NetMQMessage outgoingMessage = finishedMessage.ToNetMQMessage(); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Finished; if (SecurityParameters.Entity == ConnectionEnd.Client) { HashRemote(outgoingMessage); } }
private void AddFinished(OutgoingMessageBag outgoingMessages) { m_localHash.TransformFinalBlock(EmptyArray<byte>.Instance, 0, 0); byte[] seed = m_localHash.Hash; m_localHash.Dispose(); m_localHash = null; var label = SecurityParameters.Entity == ConnectionEnd.Server ? ServerFinishedLabel : ClientFinshedLabel; var finishedMessage = new FinishedMessage { VerifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength) }; NetMQMessage outgoingMessage = finishedMessage.ToNetMQMessage(); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Finished; if (SecurityParameters.Entity == ConnectionEnd.Client) { HashRemote(outgoingMessage); } }
private void AddCertificateMessage(OutgoingMessageBag outgoingMessages) { CertificateMessage certificateMessage = new CertificateMessage(); certificateMessage.Certificate = LocalCertificate; NetMQMessage outgoingMessage = certificateMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.Certificate; }
private void AddClientKeyExchange(OutgoingMessageBag outgoingMessages) { ClientKeyExchangeMessage clientKeyExchangeMessage = new ClientKeyExchangeMessage(); byte[] premasterSecret = new byte[ClientKeyExchangeMessage.PreMasterSecretLength]; m_rng.GetBytes(premasterSecret); RSACryptoServiceProvider rsa = RemoteCertificate.PublicKey.Key as RSACryptoServiceProvider; clientKeyExchangeMessage.EncryptedPreMasterSecret = rsa.Encrypt(premasterSecret, false); GenerateMasterSecret(premasterSecret); NetMQMessage outgoingMessage = clientKeyExchangeMessage.ToNetMQMessage(); HashLocalAndRemote(outgoingMessage); outgoingMessages.AddHandshakeMessage(outgoingMessage); m_lastSentMessage = HandshakeType.ClientKeyExchange; }