WriteExtensions() protected static method

protected static WriteExtensions ( Stream output, IDictionary extensions ) : void
output Stream
extensions IDictionary
return void
Ejemplo n.º 1
0
        protected virtual byte[] GenerateServerHello(DtlsServerProtocol.ServerHandshakeState state)
        {
            SecurityParameters securityParameters = state.serverContext.SecurityParameters;
            MemoryStream       memoryStream       = new MemoryStream();
            ProtocolVersion    serverVersion      = state.server.GetServerVersion();

            if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
            {
                throw new TlsFatalAlert(80);
            }
            state.serverContext.SetServerVersion(serverVersion);
            TlsUtilities.WriteVersion(state.serverContext.ServerVersion, memoryStream);
            memoryStream.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream);
            int selectedCipherSuite = state.server.GetSelectedCipherSuite();

            if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
            {
                throw new TlsFatalAlert(80);
            }
            DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80);
            securityParameters.cipherSuite = selectedCipherSuite;
            byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();

            if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
            {
                throw new TlsFatalAlert(80);
            }
            securityParameters.compressionAlgorithm = selectedCompressionMethod;
            TlsUtilities.WriteUint16(selectedCipherSuite, memoryStream);
            TlsUtilities.WriteUint8(selectedCompressionMethod, memoryStream);
            state.serverExtensions = state.server.GetServerExtensions();
            if (state.secure_renegotiation)
            {
                byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281);
                bool   flag          = null == extensionData;
                if (flag)
                {
                    state.serverExtensions        = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                    state.serverExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
                }
            }
            if (securityParameters.extendedMasterSecret)
            {
                state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
            }
            if (state.serverExtensions != null)
            {
                securityParameters.encryptThenMac    = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);
                securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80);
                securityParameters.truncatedHMac     = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);
                state.allowCertificateStatus         = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80));
                state.expectSessionTicket            = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80));
                TlsProtocol.WriteExtensions(memoryStream, state.serverExtensions);
            }
            securityParameters.prfAlgorithm     = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite);
            securityParameters.verifyDataLength = 12;
            return(memoryStream.ToArray());
        }
Ejemplo n.º 2
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            //IL_0000: Unknown result type (might be due to invalid IL or missing references)
            //IL_0006: Expected O, but got Unknown
            MemoryStream    val           = new MemoryStream();
            ProtocolVersion clientVersion = client.ClientVersion;

            if (!clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            TlsClientContextImpl clientContext = state.clientContext;

            clientContext.SetClientVersion(clientVersion);
            TlsUtilities.WriteVersion(clientVersion, (Stream)(object)val);
            SecurityParameters securityParameters = clientContext.SecurityParameters;

            ((Stream)val).Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            byte[] array = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                array = state.tlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(array, (Stream)(object)val);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val);
            bool isFallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();
            state.clientExtensions    = client.GetClientExtensions();
            byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(state.offeredCipherSuites, 255);

            if (flag && flag2)
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, (Stream)(object)val);
            byte[] array2 = (state.offeredCompressionMethods = new byte[1]);
            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, (Stream)(object)val);
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions((Stream)(object)val, state.clientExtensions);
            }
            return(val.ToArray());
        }
Ejemplo n.º 3
0
        protected virtual byte[] GenerateClientHello(DtlsClientProtocol.ClientHandshakeState state, TlsClient client)
        {
            MemoryStream    memoryStream  = new MemoryStream();
            ProtocolVersion clientVersion = client.ClientVersion;

            if (!clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            TlsClientContextImpl clientContext = state.clientContext;

            clientContext.SetClientVersion(clientVersion);
            TlsUtilities.WriteVersion(clientVersion, memoryStream);
            SecurityParameters securityParameters = clientContext.SecurityParameters;

            memoryStream.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            byte[] array = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                array = state.tlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(array, memoryStream);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream);
            bool isFallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();
            state.clientExtensions    = client.GetClientExtensions();
            byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(state.offeredCipherSuites, 255);

            if (flag && flag2)
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, memoryStream);
            byte[] offeredCompressionMethods = new byte[1];
            state.offeredCompressionMethods = offeredCompressionMethods;
            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, memoryStream);
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions(memoryStream, state.clientExtensions);
            }
            return(memoryStream.ToArray());
        }
Ejemplo n.º 4
0
        protected virtual void SendClientHelloMessage()
        {
            mRecordStream.SetWriteVersion(mTlsClient.ClientHelloRecordLayerVersion);
            ProtocolVersion clientVersion = mTlsClient.ClientVersion;

            if (clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            ContextAdmin.SetClientVersion(clientVersion);
            byte[] array = TlsUtilities.EmptyBytes;
            if (mTlsSession != null)
            {
                array = mTlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            bool isFallback = mTlsClient.IsFallback;

            mOfferedCipherSuites       = mTlsClient.GetCipherSuites();
            mOfferedCompressionMethods = mTlsClient.GetCompressionMethods();
            if (array.Length > 0 && mSessionParameters != null && (!Arrays.Contains(mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm)))
            {
                array = TlsUtilities.EmptyBytes;
            }
            mClientExtensions = mTlsClient.GetClientExtensions();
            HandshakeMessage handshakeMessage = new HandshakeMessage(1);

            TlsUtilities.WriteVersion(clientVersion, (Stream)(object)handshakeMessage);
            handshakeMessage.Write(mSecurityParameters.ClientRandom);
            TlsUtilities.WriteOpaque8(array, (Stream)(object)handshakeMessage);
            byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(mOfferedCipherSuites, 255);

            if (flag && flag2)
            {
                mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(mOfferedCipherSuites, 22016))
            {
                mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, (Stream)(object)handshakeMessage);
            TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, (Stream)(object)handshakeMessage);
            if (mClientExtensions != null)
            {
                TlsProtocol.WriteExtensions((Stream)(object)handshakeMessage, mClientExtensions);
            }
            handshakeMessage.WriteToRecordStream(this);
        }
Ejemplo n.º 5
0
        protected virtual void SendClientHelloMessage()
        {
            base.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion);
            ProtocolVersion clientVersion = this.mTlsClient.ClientVersion;

            if (clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            this.ContextAdmin.SetClientVersion(clientVersion);
            byte[] emptyBytes = TlsUtilities.EmptyBytes;
            if (base.mTlsSession != null)
            {
                emptyBytes = base.mTlsSession.SessionID;
                if ((emptyBytes == null) || (emptyBytes.Length > 0x20))
                {
                    emptyBytes = TlsUtilities.EmptyBytes;
                }
            }
            bool isFallback = this.mTlsClient.IsFallback;

            base.mOfferedCipherSuites       = this.mTlsClient.GetCipherSuites();
            base.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods();
            if (((emptyBytes.Length > 0) && (base.mSessionParameters != null)) && (!Arrays.Contains(base.mOfferedCipherSuites, base.mSessionParameters.CipherSuite) || !Arrays.Contains(base.mOfferedCompressionMethods, base.mSessionParameters.CompressionAlgorithm)))
            {
                emptyBytes = TlsUtilities.EmptyBytes;
            }
            base.mClientExtensions = this.mTlsClient.GetClientExtensions();
            TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(1);
            TlsUtilities.WriteVersion(clientVersion, output);
            output.Write(base.mSecurityParameters.ClientRandom);
            TlsUtilities.WriteOpaque8(emptyBytes, output);
            byte[] extensionData = TlsUtilities.GetExtensionData(base.mClientExtensions, 0xff01);
            bool   flag2         = null == extensionData;
            bool   flag3         = !Arrays.Contains(base.mOfferedCipherSuites, 0xff);

            if (flag2 && flag3)
            {
                base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0xff);
            }
            if (isFallback && !Arrays.Contains(base.mOfferedCipherSuites, 0x5600))
            {
                base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0x5600);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(base.mOfferedCipherSuites, output);
            TlsUtilities.WriteUint8ArrayWithUint8Length(base.mOfferedCompressionMethods, output);
            if (base.mClientExtensions != null)
            {
                TlsProtocol.WriteExtensions(output, base.mClientExtensions);
            }
            output.WriteToRecordStream(this);
        }
Ejemplo n.º 6
0
 public Builder SetServerExtensions(IDictionary serverExtensions)
 {
     if (serverExtensions == null)
     {
         mEncodedServerExtensions = null;
     }
     else
     {
         MemoryStream buf = new MemoryStream();
         TlsProtocol.WriteExtensions(buf, serverExtensions);
         mEncodedServerExtensions = buf.ToArray();
     }
     return(this);
 }
Ejemplo n.º 7
0
 public SessionParameters.Builder SetServerExtensions(IDictionary serverExtensions)
 {
     if (serverExtensions == null)
     {
         this.mEncodedServerExtensions = null;
     }
     else
     {
         MemoryStream output = new MemoryStream();
         TlsProtocol.WriteExtensions(output, serverExtensions);
         this.mEncodedServerExtensions = output.ToArray();
     }
     return(this);
 }
Ejemplo n.º 8
0
 public Builder SetServerExtensions(IDictionary serverExtensions)
 {
     //IL_000c: Unknown result type (might be due to invalid IL or missing references)
     //IL_0012: Expected O, but got Unknown
     if (serverExtensions == null)
     {
         mEncodedServerExtensions = null;
     }
     else
     {
         MemoryStream val = new MemoryStream();
         TlsProtocol.WriteExtensions((Stream)(object)val, serverExtensions);
         mEncodedServerExtensions = val.ToArray();
     }
     return(this);
 }
Ejemplo n.º 9
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            MemoryStream buf = new MemoryStream();

            ProtocolVersion client_version = client.ClientVersion;

            if (!client_version.IsDtls)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            TlsClientContextImpl context = state.clientContext;

            context.SetClientVersion(client_version);
            TlsUtilities.WriteVersion(client_version, buf);

            SecurityParameters securityParameters = context.SecurityParameters;

            buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);

            // Session ID
            byte[] session_id = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                session_id = state.tlsSession.SessionID;
                if (session_id == null || session_id.Length > 32)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(session_id, buf);

            // Cookie
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);

            bool fallback = client.IsFallback;

            /*
             * Cipher suites
             */
            state.offeredCipherSuites = client.GetCipherSuites();

            // Integer -> byte[]
            state.clientExtensions = client.GetClientExtensions();

            securityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(state.clientExtensions);

            // Cipher Suites (and SCSV)
            {
                /*
                 * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
                 * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
                 * ClientHello. Including both is NOT RECOMMENDED.
                 */
                byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);

                if (noRenegExt && noRenegSCSV)
                {
                    // TODO Consider whether to default to a client extension instead
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                }

                /*
                 * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
                 * containing a lower value than the latest (highest-valued) version supported by the
                 * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
                 * ClientHello.cipher_suites.
                 */
                if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
                {
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
                }

                TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
            }

            // TODO Add support for compression
            // Compression methods
            // state.offeredCompressionMethods = client.getCompressionMethods();
            state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null };

            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf);

            // Extensions
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions(buf, state.clientExtensions);
            }

            return(buf.ToArray());
        }
Ejemplo n.º 10
0
        protected virtual byte[] GenerateServerHello(ServerHandshakeState state)
        {
            SecurityParameters securityParameters = state.serverContext.SecurityParameters;

            MemoryStream buf = new MemoryStream();

            {
                ProtocolVersion server_version = state.server.GetServerVersion();
                if (!server_version.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
                {
                    throw new TlsFatalAlert(AlertDescription.internal_error);
                }

                // TODO Read RFCs for guidance on the expected record layer version number
                // recordStream.setReadVersion(server_version);
                // recordStream.setWriteVersion(server_version);
                // recordStream.setRestrictReadVersion(true);
                state.serverContext.SetServerVersion(server_version);

                TlsUtilities.WriteVersion(state.serverContext.ServerVersion, buf);
            }

            buf.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);

            /*
             * The server may return an empty session_id to indicate that the session will not be cached
             * and therefore cannot be resumed.
             */
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);

            int selectedCipherSuite = state.server.GetSelectedCipherSuite();

            if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) ||
                selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL ||
                CipherSuite.IsScsv(selectedCipherSuite) ||
                !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
            ValidateSelectedCipherSuite(selectedCipherSuite, AlertDescription.internal_error);
            securityParameters.cipherSuite = selectedCipherSuite;

            byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();

            if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
            securityParameters.compressionAlgorithm = selectedCompressionMethod;

            TlsUtilities.WriteUint16(selectedCipherSuite, buf);
            TlsUtilities.WriteUint8(selectedCompressionMethod, buf);

            state.serverExtensions = state.server.GetServerExtensions();

            /*
             * RFC 5746 3.6. Server Behavior: Initial Handshake
             */
            if (state.secure_renegotiation)
            {
                byte[] renegExtData = TlsUtilities.GetExtensionData(state.serverExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                if (noRenegExt)
                {
                    /*
                     * Note that sending a "renegotiation_info" extension in response to a ClientHello
                     * containing only the SCSV is an explicit exception to the prohibition in RFC 5246,
                     * Section 7.4.1.4, on the server sending unsolicited extensions and is only allowed
                     * because the client is signaling its willingness to receive the extension via the
                     * TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV.
                     */

                    /*
                     * If the secure_renegotiation flag is set to TRUE, the server MUST include an empty
                     * "renegotiation_info" extension in the ServerHello message.
                     */
                    state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                    state.serverExtensions[ExtensionType.renegotiation_info] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
                }
            }

            if (securityParameters.extendedMasterSecret)
            {
                state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
            }

            /*
             * TODO RFC 3546 2.3 If [...] the older session is resumed, then the server MUST ignore
             * extensions appearing in the client hello, and send a server hello containing no
             * extensions.
             */

            if (state.serverExtensions != null)
            {
                securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);

                securityParameters.maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession,
                                                                                          state.clientExtensions, state.serverExtensions, AlertDescription.internal_error);

                securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);

                /*
                 * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
                 * a session resumption handshake.
                 */
                state.allowCertificateStatus = !state.resumedSession &&
                                               TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.status_request,
                                                                                          AlertDescription.internal_error);

                state.expectSessionTicket = !state.resumedSession &&
                                            TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.session_ticket,
                                                                                       AlertDescription.internal_error);

                TlsProtocol.WriteExtensions(buf, state.serverExtensions);
            }

            securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext,
                                                                          securityParameters.CipherSuite);

            /*
             * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length
             * has a verify_data_length equal to 12. This includes all existing cipher suites.
             */
            securityParameters.verifyDataLength = 12;

            return(buf.ToArray());
        }
Ejemplo n.º 11
0
        protected virtual void SendServerHelloMessage()
        {
            TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(2);
            ProtocolVersion serverVersion = this.mTlsServer.GetServerVersion();

            if (!serverVersion.IsEqualOrEarlierVersionOf(this.Context.ClientVersion))
            {
                throw new TlsFatalAlert(80);
            }
            this.mRecordStream.ReadVersion = serverVersion;
            this.mRecordStream.SetWriteVersion(serverVersion);
            this.mRecordStream.SetRestrictReadVersion(true);
            this.ContextAdmin.SetServerVersion(serverVersion);
            TlsUtilities.WriteVersion(serverVersion, handshakeMessage);
            handshakeMessage.Write(this.mSecurityParameters.serverRandom);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage);
            int selectedCipherSuite = this.mTlsServer.GetSelectedCipherSuite();

            if (!Arrays.Contains(this.mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, this.Context.ServerVersion))
            {
                throw new TlsFatalAlert(80);
            }
            this.mSecurityParameters.cipherSuite = selectedCipherSuite;
            byte selectedCompressionMethod = this.mTlsServer.GetSelectedCompressionMethod();

            if (!Arrays.Contains(this.mOfferedCompressionMethods, selectedCompressionMethod))
            {
                throw new TlsFatalAlert(80);
            }
            this.mSecurityParameters.compressionAlgorithm = selectedCompressionMethod;
            TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage);
            TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage);
            this.mServerExtensions = this.mTlsServer.GetServerExtensions();
            if (this.mSecureRenegotiation)
            {
                byte[] extensionData = TlsUtilities.GetExtensionData(this.mServerExtensions, 65281);
                bool   flag          = null == extensionData;
                if (flag)
                {
                    this.mServerExtensions        = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions);
                    this.mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
                }
            }
            if (this.mSecurityParameters.extendedMasterSecret)
            {
                this.mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions);
                TlsExtensionsUtilities.AddExtendedMasterSecretExtension(this.mServerExtensions);
            }
            if (this.mServerExtensions != null)
            {
                this.mSecurityParameters.encryptThenMac    = TlsExtensionsUtilities.HasEncryptThenMacExtension(this.mServerExtensions);
                this.mSecurityParameters.maxFragmentLength = this.ProcessMaxFragmentLengthExtension(this.mClientExtensions, this.mServerExtensions, 80);
                this.mSecurityParameters.truncatedHMac     = TlsExtensionsUtilities.HasTruncatedHMacExtension(this.mServerExtensions);
                this.mAllowCertificateStatus = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 5, 80));
                this.mExpectSessionTicket    = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 35, 80));
                TlsProtocol.WriteExtensions(handshakeMessage, this.mServerExtensions);
            }
            this.mSecurityParameters.prfAlgorithm     = TlsProtocol.GetPrfAlgorithm(this.Context, this.mSecurityParameters.CipherSuite);
            this.mSecurityParameters.verifyDataLength = 12;
            this.ApplyMaxFragmentLengthExtension();
            handshakeMessage.WriteToRecordStream(this);
        }
Ejemplo n.º 12
0
        protected virtual byte[] GenerateServerHello(ServerHandshakeState state)
        {
            //IL_000c: Unknown result type (might be due to invalid IL or missing references)
            //IL_0012: Expected O, but got Unknown
            SecurityParameters securityParameters = state.serverContext.SecurityParameters;
            MemoryStream       val           = new MemoryStream();
            ProtocolVersion    serverVersion = state.server.GetServerVersion();

            if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
            {
                throw new TlsFatalAlert(80);
            }
            state.serverContext.SetServerVersion(serverVersion);
            TlsUtilities.WriteVersion(state.serverContext.ServerVersion, (Stream)(object)val);
            ((Stream)val).Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val);
            int selectedCipherSuite = state.server.GetSelectedCipherSuite();

            if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
            {
                throw new TlsFatalAlert(80);
            }
            DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80);
            securityParameters.cipherSuite = selectedCipherSuite;
            byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();

            if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
            {
                throw new TlsFatalAlert(80);
            }
            securityParameters.compressionAlgorithm = selectedCompressionMethod;
            TlsUtilities.WriteUint16(selectedCipherSuite, (Stream)(object)val);
            TlsUtilities.WriteUint8(selectedCompressionMethod, (Stream)(object)val);
            state.serverExtensions = state.server.GetServerExtensions();
            if (state.secure_renegotiation)
            {
                byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281);
                if (null == extensionData)
                {
                    state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                    state.serverExtensions.set_Item((object)65281, (object)TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes));
                }
            }
            if (securityParameters.extendedMasterSecret)
            {
                state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
                TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
            }
            if (state.serverExtensions != null)
            {
                securityParameters.encryptThenMac    = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);
                securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80);
                securityParameters.truncatedHMac     = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);
                state.allowCertificateStatus         = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80);
                state.expectSessionTicket            = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80);
                TlsProtocol.WriteExtensions((Stream)(object)val, state.serverExtensions);
            }
            securityParameters.prfAlgorithm     = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite);
            securityParameters.verifyDataLength = 12;
            return(val.ToArray());
        }
Ejemplo n.º 13
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            ProtocolVersion client_version = client.ClientVersion;

            if (!client_version.IsDtls)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            TlsClientContextImpl context = state.clientContext;

            context.SetClientVersion(client_version);

            SecurityParameters securityParameters = context.SecurityParameters;

            // Session ID
            byte[] session_id = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                session_id = state.tlsSession.SessionID;
                if (session_id == null || session_id.Length > 32)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            bool fallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();

            if (session_id.Length > 0 && state.sessionParameters != null)
            {
                if (!state.sessionParameters.IsExtendedMasterSecret ||
                    !Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) ||
                    CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions());

            TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions);

            MemoryStream buf = new MemoryStream();

            TlsUtilities.WriteVersion(client_version, buf);

            buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);

            TlsUtilities.WriteOpaque8(session_id, buf);

            // Cookie
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);

            // Cipher Suites (and SCSV)
            {
                /*
                 * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
                 * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
                 * ClientHello. Including both is NOT RECOMMENDED.
                 */
                byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);

                if (noRenegExt && noRenegSCSV)
                {
                    // TODO Consider whether to default to a client extension instead
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                }

                /*
                 * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value
                 * than the latest (highest-valued) version supported by the client, it SHOULD include
                 * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The
                 * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends
                 * to negotiate.)
                 */
                if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
                {
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
                }

                TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
            }

            TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf);

            TlsProtocol.WriteExtensions(buf, state.clientExtensions);

            return(buf.ToArray());
        }