public byte [] ProcessClientKeyExchange()
{
stream.SetLength(0);
if (mutual)
{
Protocol.SendRecord(HandshakeType.Certificate);
}
Protocol.SendRecord(HandshakeType.ClientKeyExchange);
Context.Negotiating.Cipher.ComputeKeys();
Context.Negotiating.Cipher.InitializeCipher();
Protocol.SendChangeCipherSpec();
Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(SecurityProtocolType.Tls);
Protocol.SendRecord(HandshakeType.Finished);
stream.Flush();
return(stream.ToArray());
}
protected virtual TlsClientHello GenerateClientHello()
{
var clientUnixTime = HandshakeParameters.GetUnixTime();
HandshakeParameters.ClientRandom = Context.Session.GetSecureRandomBytes(32);
TlsBuffer.WriteInt32(HandshakeParameters.ClientRandom.Buffer, 0, clientUnixTime);
var requestedUserCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
CipherSuiteCollection requestedCiphers;
if (requestedUserCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Config.RequestedProtocol, requestedUserCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Config.RequestedProtocol);
}
if (requestedCiphers.Protocol != Config.RequestedProtocol)
{
throw new TlsException(AlertDescription.ProtocolVersion);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Clone();
if (Config.EnableSecureRenegotiation && !Session.SecureRenegotiation && ((Config.RenegotiationFlags & RenegotiationFlags.SendCipherSpecCode) != 0))
{
HandshakeParameters.SupportedCiphers.AddSCSV();
}
if (ServerNameExtension.IsLegalHostName(Config.TargetHost))
{
HandshakeParameters.RequestedExtensions.Add(new ServerNameExtension(Config.TargetHost));
}
if (Config.EnableSecureRenegotiation && (Session.SecureRenegotiation || ((Config.RenegotiationFlags & RenegotiationFlags.SendClientHelloExtension) != 0)))
{
HandshakeParameters.RequestedExtensions.Add(RenegotiationExtension.CreateClient(Context));
}
if (UserSettings.HasClientCertificateParameters)
{
HandshakeParameters.RequestedExtensions.Add(new SignatureAlgorithmsExtension(UserSettings.ClientCertificateParameters.SignatureAndHashAlgorithms));
}
return(new TlsClientHello(
Config.RequestedProtocol, HandshakeParameters.ClientRandom, HandshakeParameters.SessionId,
HandshakeParameters.SupportedCiphers.ToArray(), HandshakeParameters.RequestedExtensions));
}
private void processProtocol(short protocol)
{
SecurityProtocolType clientProtocol = this.Context.DecodeProtocolCode(protocol);
if ((clientProtocol & this.Context.SecurityProtocolFlags) == clientProtocol ||
(this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
{
this.Context.SecurityProtocol = clientProtocol;
this.Context.SupportedCiphers.Clear();
this.Context.SupportedCiphers = null;
this.Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(clientProtocol);
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion, "Incorrect protocol version received from server");
}
}
private void processProtocol(short protocol)
{
// a server MUST reply with the hight version supported (`true` for fallback)
// so a TLS 1.2 client (like Google Chrome) will be returned that the server uses TLS 1.0
// instead of an alert about the protocol
SecurityProtocolType clientProtocol = Context.DecodeProtocolCode(protocol, true);
if ((clientProtocol & this.Context.SecurityProtocolFlags) == clientProtocol ||
(this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
{
this.Context.SecurityProtocol = clientProtocol;
this.Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(true, clientProtocol);
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion, "Incorrect protocol version received from server");
}
}
private void processProtocol(short protocol)
{
var serverProtocol = Context.DecodeProtocolCode(protocol);
if ((serverProtocol & Context.SecurityProtocolFlags) == serverProtocol ||
(Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
{
Context.SecurityProtocol = serverProtocol;
Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(false, serverProtocol);
DebugHelper.WriteLine("Selected protocol {0}", serverProtocol);
}
else
{
throw new TlsException(
AlertDescription.ProtocolVersion,
"Incorrect protocol version received from server");
}
}
protected virtual void SelectCipher(TlsClientHello message)
{
var certificate = Config.Certificate;
if (certificate == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
}
CipherSuiteCollection requestedCiphers;
if (Settings.RequestedCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
#if INSTRUMENTATION
if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
{
return(true);
}
#endif
var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
});
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
Session.PendingCrypto.ServerCertificates.Add(certificate);
}
