public override string ToString() { return(ClientHello.ToString() + Environment.NewLine + ServerHello.ToString() + Environment.NewLine + ClientKeyExchange.ToString() + Environment.NewLine + Finished.ToString()); }
private void SendClientKeyExchange() { var preMasterSecret = TLS12.GetPreMasterSecret(); _session.MasterSecret = TLS12.GetMasterSecret(preMasterSecret, _session.ClientRandom, _session.ServerRandom); var clientKeyExchange = new ClientKeyExchange { SessionId = _session.Id, PreMasterSecret = preMasterSecret }; var serverRsa = Rsa.CreateFromPublicPEM(_session.RSAPublicPem); var request = new SecurityLayerMessage { Type = SecurityMessageType.ClientKeyExchange, Data = serverRsa.Encrypt(_serializer.Serialize <ClientKeyExchange>(clientKeyExchange)) }; var requestBytes = _serializer.Serialize <SecurityLayerMessage>(request); Send(requestBytes); var responseBytes = Receive(); var message = _serializer.Deserialize <SecurityLayerMessage>(responseBytes); var serverFinished = _serializer.Deserialize <ServerFinished>(message.Data); _session.Id = serverFinished.SessionId; var keys = TLS12.GetKeys(_session.MasterSecret, _session.ClientRandom, _session.ServerRandom); _session.ClientWriteMACKey = TLS12.GetClientWriteMACKey(keys); _session.ServerWriteMACKey = TLS12.GetServerWriteMACKey(keys); _session.ClientWriteKey = TLS12.GetClientWriteKey(keys); _session.ServerWriteKey = TLS12.GetServerWriteKey(keys); _session.IsAuthenticated = true; }
void ProcessHandshake() { ClientHello clientHello = _recordLayer.Read() as ClientHello; if (clientHello == null) { throw new Exception(); } Console.WriteLine("[TLSServer] Receive ClientHello Version: {0}", clientHello.Version); Console.WriteLine("[TLSServer] CipherSuites"); for (int i = 0; i < clientHello.CipherSuites.Length; i++) { Console.WriteLine(" {0}", clientHello.CipherSuites[i]); } CipherSuite selected = _selector.Select(clientHello.CipherSuites); Console.WriteLine("[TLSServer] CipherSuite Selected. {0}", selected); if (selected == CipherSuite.NONE) { // Alertを送るべき? throw new Exception(); } CipherSuiteInfo selectedInfo = SupportedCipherSuites.GetSuiteInfo(selected); _sparams.SetVersion(clientHello.Version); _sparams.SetCipherSuite(selected, _signAlgo); _sparams.ClientRandom = clientHello.Random; _recordLayer.ProtocolVersion = clientHello.Version; byte[] serverRandom = new byte[RandomData.Size]; Extension[] serverExtensions = null; if (selectedInfo.IsECC) { serverExtensions = new Extension[] { new Extension(ExtensionType.EcPointFormats, new byte[] { 1, 0 }) } } ; RandomData.CreateRandomData(serverRandom, 0); _sparams.ServerRandom = serverRandom; ServerHello serverHello = new ServerHello(clientHello.Version, serverRandom, Utility.EmptyByteArray, selected, CompressionMethod.Null, serverExtensions); _recordLayer.Write(serverHello); Certificate serverCert = new Certificate(_certs); _recordLayer.Write(serverCert); if (Utility.IsNeedServerKeyExchangeMessage(_states.SecurityParameters.KeyExchangeAlgorithm)) { ServerKeyExchange serverExchange = new ServerKeyExchange(_sparams); _recordLayer.Write(serverExchange); } _recordLayer.Write(new ServerHelloDone()); TLSMessage msg = _recordLayer.Read(); ClientKeyExchange clientExchange = (ClientKeyExchange)msg; clientExchange.ComputeServerMasterSecret(_sparams); Console.WriteLine("MasterSecret"); Utility.Dump(_sparams.MasterSecret); _sparams.ComputeKeyBlock(); ChangeCipherSpec changeCipherSpec = (ChangeCipherSpec)_recordLayer.Read(); _recordLayer.EnableReceiveCipher(_sparams.CreateServerDecryptor(), _sparams.CreateClientWriteHMAC()); Finished finished = (Finished)_recordLayer.Read(); Console.WriteLine("VerifyData"); Utility.Dump(finished.VerifyData); Console.WriteLine("Computed VerifyData"); byte[] verifyData = _sparams.ComputeFinishedVerifyData(false); Utility.Dump(verifyData); if (!Utility.Equals(finished.VerifyData, 0, verifyData, 0, verifyData.Length)) { throw new Exception(); } _recordLayer.Write(ChangeCipherSpec.Instance); _recordLayer.EnableSendCipher(_sparams.CreateServerEncryptor(), _sparams.CreateServerWriteHMAC()); _recordLayer.ComputeHandshakeHash(true); verifyData = _sparams.ComputeFinishedVerifyData(true); Console.WriteLine("Finished VerifyData"); Utility.Dump(verifyData); finished = new Finished(_recordLayer.ProtocolVersion, verifyData); _recordLayer.Write(finished); }
static void Main() { LibTLSClient cSSL; Common cf; Encryption e; Cipher c; ClientHello clientHello; ClientKeyExchange cke; int debug = 0; String request = ""; string[] args = Environment.GetCommandLineArgs(); try { debug = (int)UInt32.Parse(args[4]); if (debug == 1) { Console.WriteLine("Server: {0} Port: {1} Cipher: {2} Debug: {3}", args[1], args[2], args[3], args[4]); } request = args[5]; cf = new Common(debug); e = new Encryption(); cSSL = new LibTLSClient(cf, e); cSSL.cipher = UInt32.Parse(args[3], System.Globalization.NumberStyles.HexNumber); c = new Cipher((ushort)cSSL.cipher); cSSL.cipherObj = c; cSSL.serverIP = args[1]; } catch (Exception ex) { Console.WriteLine("<prog> <ip/fqdn> <port> <cipher hex> <debug [0/1/2]> <a GET request>"); Console.WriteLine("Example: TLSClient.exe 10.209.113.104 443 002f 2 \"GET / HTTP/1.1\""); return; } if (c.Supported() == false) { Console.WriteLine("Cipher Suite not supported currently"); Console.WriteLine("Please try 002f/0035/003c/003d/009c/009d"); return; } cSSL.CreateTCPConn(args[1], Convert.ToInt32(args[2])); cf.HandleResult(cSSL.errorCode, "TCP Connection"); cf.ExitOnError(cSSL.errorCode); cSSL.InitBufs(); List <UInt32> cipher_suites = new List <UInt32>(); cipher_suites.Add(cSSL.cipher); String clientIP = cSSL.GetIPAddress(); String serverIP = cSSL.serverIP; clientHello = new ClientHello(clientIP, serverIP, 3, 3, false, cipher_suites); List <byte> chello_hs = clientHello.Get(); List <byte> crandom = clientHello.GetRandom(); cSSL.StoreClientHelloParams(crandom); cSSL.SendHandshakeMessage(chello_hs, 0x1); cf.ExitOnError(cSSL.errorCode); cSSL.ReceiveHandshakeMessage(); cf.ExitOnError(cSSL.errorCode); cSSL.ParseServerHandshakeMessages(); cf.ExitOnError(cSSL.errorCode); if (cSSL.HasServerKeyExchange()) { cke = new ClientKeyExchange(cf, cSSL.sCert_hs, 3, 3, cSSL.sKeyExch_hs, (String)"ECDHE"); } else { cke = new ClientKeyExchange(cf, cSSL.sCert_hs, 3, 3, null, (String)"RSA"); } List <byte> cke_hs = cke.CreateCKE(); cSSL.StoreCKEParams(cke_hs, cke.GetPremasterSecret(), cke.ecdhCngClient, cke.server_pub_key, cke.client_pub_key); cSSL.SendHandshakeMessage(cke_hs, 0x10); cf.ExitOnError(cSSL.errorCode); cSSL.PrintHandshakeMessages(); cSSL.SendChangeCipherSpec(); cSSL.ComputeMasterSecret(); cSSL.ComputeVerifyData(); cSSL.ComputeKeys(); cSSL.SendClientFinished(); cSSL.ReadServerFinished(); cf.debugPrint(cSSL.ErrorCodeToString(cSSL.errorCode)); if (cSSL.errorCode != 0) { return; } cSSL.SendHTTPSData(request); cSSL.ReadHTTPSData(); cf.debugPrint(cSSL.ErrorCodeToString(cSSL.errorCode)); cSSL.ParseHTTPSData(); byte[] dec = cSSL.DecryptResp(); String dec_s = Encoding.ASCII.GetString(dec, 0, dec.Length); if ((dec_s.IndexOf("HTTP") == 0) && (debug == 0)) { Console.WriteLine("{0} Successful", cSSL.cipherObj.cipher_name); } if ((debug == 2) || (debug == 1)) { Console.WriteLine(dec_s); } }