protected override void Read(TlsBuffer incoming)
{
// Server random
ServerRandom = new SecureBuffer(incoming.ReadBytes(32));
// Session ID
var sessionIdLength = (int)incoming.ReadByte();
if (sessionIdLength > 0)
{
SessionID = new SecureBuffer(incoming.ReadBytes(sessionIdLength));
}
// Cipher suite
SelectedCipher = (CipherSuiteCode)incoming.ReadInt16();
var compressionMethod = incoming.ReadByte();
if (compressionMethod != 0)
{
throw new TlsException(AlertDescription.IlegalParameter, "Invalid compression method received from server");
}
Extensions = new TlsExtensionCollection(incoming);
}
protected override void Read (TlsBuffer incoming)
{
ClientRandom = new SecureBuffer (incoming.ReadBytes (32));
var length = (short)incoming.ReadByte ();
SessionID = new SecureBuffer (incoming.ReadBytes (length));
length = incoming.ReadInt16 ();
if ((length % 2) != 0)
throw new TlsException (AlertDescription.DecodeError);
bool seenSCSV = false;
ClientCiphers = new CipherSuiteCode [length >> 1];
for (int i = 0; i < ClientCiphers.Length; i++) {
ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16 ();
if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
seenSCSV = true;
}
// Compression methods
length = incoming.ReadByte ();
incoming.Position += length;
Extensions = new TlsExtensionCollection (incoming);
if (seenSCSV)
Extensions.AddRenegotiationExtension ();
}
public override void ReadServer(TlsBuffer incoming)
{
curveType = (ECCurveType)incoming.ReadByte();
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve)
{
namedCurve = (NamedCurve)incoming.ReadInt16();
// TODO Check namedCurve is one we offered?
domainParameters = NamedCurveHelper.GetECParameters(namedCurve);
}
else
{
// TODO Add support for explicit curve parameters
throw new TlsException(AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
}
var publicLength = incoming.ReadByte();
publicBytes = incoming.ReadBytes(publicLength);
// TODO Check RFC 4492 for validation
serverQ = domainParameters.Curve.DecodePoint(publicBytes);
Signature = Signature.Read(TlsProtocolCode.Tls12, incoming);
}
public static SignatureAndHashAlgorithm DecodeSignatureAndHashAlgorithm(TlsBuffer buffer)
{
var hash = (HashAlgorithmType)buffer.ReadByte();
var signature = (SignatureAlgorithmType)buffer.ReadByte();
return(new SignatureAndHashAlgorithm(hash, signature));
}
protected override void Read(TlsBuffer incoming)
{
var length = incoming.ReadByte();
for (int i = 0; i < length; i++)
{
Parameters.CertificateTypes.Add((ClientCertificateType)incoming.ReadByte());
}
if (Protocol == TlsProtocolCode.Tls12)
{
var length2 = incoming.ReadInt16();
if ((length2 % 2) != 0)
{
throw new TlsException(AlertDescription.IlegalParameter);
}
var signatureTypes = new SignatureAndHashAlgorithm [length2 >> 1];
for (int i = 0; i < signatureTypes.Length; i++)
{
Parameters.SignatureParameters.SignatureAndHashAlgorithms.Add(SignatureHelper.DecodeSignatureAndHashAlgorithm(incoming));
}
}
var length3 = incoming.ReadInt16();
if (incoming.Remaining != length3)
{
throw new TlsException(AlertDescription.DecodeError);
}
/*
* Read requested certificate authorities (Distinguised Names)
*
* Name ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeValueAssertion
*
* AttributeValueAssertion ::= SEQUENCE {
* attributeType OBJECT IDENTIFIER
* attributeValue ANY
* }
*
*/
while (incoming.Remaining > 0)
{
var rdn = new ASN1(incoming.ReadBytes(incoming.ReadInt16()));
Parameters.CertificateAuthorities.Add(X501.ToString(rdn));
}
}
public ServerNameExtension(TlsBuffer incoming)
{
if (incoming.Remaining == 0)
{
return;
}
var length = incoming.ReadInt16();
if (length != incoming.Remaining)
{
throw new TlsException(AlertDescription.DecodeError);
}
var type = incoming.ReadByte();
if (type != 0x00)
{
throw new TlsException(AlertDescription.IlegalParameter, "Unknown NameType in ServerName extension");
}
var nameLength = incoming.ReadInt16();
if (nameLength + 3 != length)
{
throw new TlsException(AlertDescription.DecodeError);
}
ServerName = Encoding.ASCII.GetString(incoming.ReadBytes(nameLength));
}
protected override void Read(TlsBuffer incoming)
{
var message = incoming.ReadByte();
if (message != 1 || incoming.Remaining != 0)
{
throw new TlsException(AlertDescription.DecodeError, "Received invalid ChangeCipherSpec message");
}
}
protected override void Read (TlsBuffer incoming)
{
// Server random
ServerRandom = new SecureBuffer (incoming.ReadBytes (32));
// Session ID
var sessionIdLength = (int)incoming.ReadByte ();
if (sessionIdLength > 0) {
SessionID = new SecureBuffer (incoming.ReadBytes (sessionIdLength));
}
// Cipher suite
SelectedCipher = (CipherSuiteCode)incoming.ReadInt16 ();
var compressionMethod = incoming.ReadByte ();
if (compressionMethod != 0)
throw new TlsException (AlertDescription.IlegalParameter, "Invalid compression method received from server");
Extensions = new TlsExtensionCollection (incoming);
}
protected override void Read (TlsBuffer incoming)
{
var length = incoming.ReadByte ();
for (int i = 0; i < length; i++)
Parameters.CertificateTypes.Add ((ClientCertificateType)incoming.ReadByte ());
if (Protocol == TlsProtocolCode.Tls12) {
var length2 = incoming.ReadInt16 ();
if ((length2 % 2) != 0)
throw new TlsException (AlertDescription.IlegalParameter);
var signatureTypes = new SignatureAndHashAlgorithm [length2 >> 1];
for (int i = 0; i < signatureTypes.Length; i++)
Parameters.SignatureParameters.SignatureAndHashAlgorithms.Add (new SignatureAndHashAlgorithm (incoming));
}
var length3 = incoming.ReadInt16 ();
if (incoming.Remaining != length3)
throw new TlsException (AlertDescription.DecodeError);
/*
* Read requested certificate authorities (Distinguised Names)
*
* Name ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeValueAssertion
*
* AttributeValueAssertion ::= SEQUENCE {
* attributeType OBJECT IDENTIFIER
* attributeValue ANY
* }
*
*/
while (incoming.Remaining > 0) {
var rdn = new ASN1 (incoming.ReadBytes (incoming.ReadInt16 ()));
Parameters.CertificateAuthorities.Add (X501.ToString (rdn));
}
}
protected override void Read(TlsBuffer incoming)
{
ClientRandom = new SecureBuffer(incoming.ReadBytes(32));
var length = (short)incoming.ReadByte();
SessionID = new SecureBuffer(incoming.ReadBytes(length));
length = incoming.ReadInt16();
if ((length % 2) != 0)
{
throw new TlsException(AlertDescription.DecodeError);
}
bool seenSCSV = false;
ClientCiphers = new CipherSuiteCode [length >> 1];
for (int i = 0; i < ClientCiphers.Length; i++)
{
ClientCiphers [i] = (CipherSuiteCode)incoming.ReadInt16();
if (ClientCiphers [i] == CipherSuiteCode.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
{
seenSCSV = true;
}
}
// Compression methods
length = incoming.ReadByte();
incoming.Position += length;
Extensions = new TlsExtensionCollection(incoming);
if (seenSCSV)
{
Extensions.AddRenegotiationExtension();
}
}
public ServerNameExtension (TlsBuffer incoming)
{
if (incoming.Remaining == 0)
return;
var length = incoming.ReadInt16 ();
if (length != incoming.Remaining)
throw new TlsException (AlertDescription.DecodeError);
var type = incoming.ReadByte ();
if (type != 0x00)
throw new TlsException (AlertDescription.IlegalParameter, "Unknown NameType in ServerName extension");
var nameLength = incoming.ReadInt16 ();
if (nameLength + 3 != length)
throw new TlsException (AlertDescription.DecodeError);
ServerName = Encoding.ASCII.GetString (incoming.ReadBytes (nameLength));
}
SecurityStatus ProcessAlert (TlsBuffer buffer)
{
bool decrypted = false;
if ((session.Read != null && session.Read.Cipher != null) || (buffer.Remaining != 2))
decrypted = ReadStandardBuffer (ContentType.Alert, ref buffer);
if (buffer.Remaining != 2)
throw new TlsException (AlertDescription.IlegalParameter, "Invalid Alert message size");
var level = (AlertLevel)buffer.ReadByte ();
var description = (AlertDescription)buffer.ReadByte ();
if (decrypted)
buffer.Dispose ();
if (level == AlertLevel.Warning) {
if (description == AlertDescription.CloseNotify) {
ReceivedCloseNotify = true;
if (eventSink != null)
eventSink.ReceivedCloseNotify ();
return SecurityStatus.ContextExpired;
}
DebugHelper.WriteLine ("Received alert: {0}", description);
return SecurityStatus.ContinueNeeded;
} else {
throw new TlsException (description);
}
}
SecurityStatus _GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing)
{
#if DEBUG_FULL
if (EnableDebugging) {
DebugHelper.WriteLine ("GenerateNextToken: {0}", negotiationHandler);
if (incoming != null)
DebugHelper.WriteRemaining (" incoming", incoming);
}
#endif
if (incoming == null) {
negotiationHandler = negotiationHandler.GenerateReply (outgoing);
return SecurityStatus.ContinueNeeded;
}
var contentType = (ContentType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging)
DebugHelper.WriteLine (" received message type {0}", contentType);
#endif
if (skipToOffset >= 0 && contentType != ContentType.Handshake)
throw new TlsException (AlertDescription.InternalError);
if (contentType == ContentType.Alert)
return ProcessAlert (incoming);
bool decrypted = false;
if (cachedFragment != null) {
if (contentType != ContentType.Handshake)
throw new TlsException (AlertDescription.DecodeError);
decrypted = ReadStandardBuffer (ContentType.Handshake, ref incoming);
cachedFragment.Write (incoming.Buffer, incoming.Position, incoming.Remaining);
if (cachedFragment.Remaining > 0)
return SecurityStatus.ContinueNeeded;
incoming.Dispose ();
incoming = cachedFragment;
cachedFragment = null;
incoming.Position = 0;
} else {
decrypted = ReadStandardBuffer (contentType, ref incoming);
}
if (Session.Read != null && Session.Read.Cipher != null && !decrypted)
throw new TlsException (AlertDescription.DecryptError, "Expected encrypted message.");
try {
if (contentType == ContentType.ChangeCipherSpec)
return negotiationHandler.ProcessMessage (new TlsChangeCipherSpec ());
else if (contentType == ContentType.ApplicationData) {
if (session.Read == null || session.Read.Cipher == null || !session.SecureRenegotiation)
throw new TlsException (AlertDescription.DecodeError);
// FIXME
throw new NotImplementedException ();
} else if (contentType != ContentType.Handshake) {
throw new TlsException (AlertDescription.UnexpectedMessage);
}
if (skipToOffset >= 0) {
incoming.Position = skipToOffset;
skipToOffset = -1;
}
SecurityStatus result;
bool finished;
while (true) {
var startOffset = incoming.Position;
finished = ProcessHandshakeMessage (incoming, out result);
if (result == SecurityStatus.CredentialsNeeded) {
// Caller will call us again with the same input.
skipToOffset = startOffset;
if (decrypted)
Session.Read.ReadSequenceNumber--;
return result;
}
if (incoming.Remaining == 0)
break;
if (finished || result != SecurityStatus.ContinueNeeded)
throw new TlsException (AlertDescription.UnexpectedMessage);
}
if (finished)
negotiationHandler = negotiationHandler.GenerateReply (outgoing);
return result;
} finally {
if (decrypted)
incoming.Dispose ();
}
}
internal SignatureAndHashAlgorithm (TlsBuffer buffer)
{
Hash = (HashAlgorithmType)buffer.ReadByte ();
Signature = (SignatureAlgorithmType)buffer.ReadByte ();
}
protected override void Read (TlsBuffer incoming)
{
var message = incoming.ReadByte ();
if (message != 1 || incoming.Remaining != 0)
throw new TlsException (AlertDescription.DecodeError, "Received invalid ChangeCipherSpec message");
}
internal RenegotiationExtension (TlsBuffer incoming)
{
Data = new SecureBuffer (incoming.ReadBytes (incoming.ReadByte ()));
}
public override void ReadClient (TlsBuffer incoming)
{
clientKey = incoming.ReadBytes (incoming.ReadByte ());
}
public override void ReadServer (TlsBuffer incoming)
{
curveType = (ECCurveType)incoming.ReadByte ();
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve) {
namedCurve = (NamedCurve)incoming.ReadInt16 ();
// TODO Check namedCurve is one we offered?
domainParameters = NamedCurveHelper.GetECParameters (namedCurve);
} else {
// TODO Add support for explicit curve parameters
throw new TlsException (AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
}
var publicLength = incoming.ReadByte ();
publicBytes = incoming.ReadBytes (publicLength);
// TODO Check RFC 4492 for validation
serverQ = domainParameters.Curve.DecodePoint (publicBytes);
Signature = Signature.Read (TlsProtocolCode.Tls12, incoming);
}
SecurityStatus _DecryptMessage (ref TlsBuffer incoming)
{
// Try to read the Record Content Type
var contentType = (ContentType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging)
DebugHelper.WriteLine ("DecryptMessage({0}): {1}", IsServer ? "server" : "client", contentType);
#endif
if (contentType == ContentType.Handshake) {
#if INSTRUMENTATION
if (HasInstrumentationEventSink)
InstrumentationEventSink.StartRenegotiation (this);
#endif
incoming.Position--;
return SecurityStatus.Renegotiate;
}
ReadStandardBuffer (contentType, ref incoming);
if (contentType == ContentType.Alert) {
var level = (AlertLevel)incoming.ReadByte ();
var description = (AlertDescription)incoming.ReadByte ();
if (level == AlertLevel.Warning && description == AlertDescription.CloseNotify) {
ReceivedCloseNotify = true;
if (eventSink != null)
eventSink.ReceivedCloseNotify ();
return SecurityStatus.ContextExpired;
}
DebugHelper.WriteLine ("ALERT: {0} {1}", level, description);
throw new TlsException (level, description);
} else if (contentType == ContentType.ApplicationData) {
return SecurityStatus.OK;
}
throw new TlsException (AlertDescription.UnexpectedMessage, "Unknown content type {0}", contentType);
}
internal SignatureAndHashAlgorithm(TlsBuffer buffer)
{
Hash = (HashAlgorithmType)buffer.ReadByte();
Signature = (SignatureAlgorithmType)buffer.ReadByte();
}
bool ProcessHandshakeMessage (TlsBuffer incoming, out SecurityStatus status)
{
var handshakeType = (HandshakeType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging) {
DebugHelper.WriteLine (">>>> Processing Handshake record ({0})", handshakeType);
DebugHelper.WriteRemaining ("HANDSHAKE", incoming);
}
#endif
// Read message length
int length = incoming.ReadInt24 ();
if (incoming.Remaining < length) {
cachedFragment = new TlsBuffer (length + 4);
cachedFragment.Position = incoming.Remaining + 4;
Buffer.BlockCopy (incoming.Buffer, incoming.Position - 4, cachedFragment.Buffer, 0, cachedFragment.Position);
incoming.Position += incoming.Remaining;
status = SecurityStatus.ContinueNeeded;
return false;
}
var buffer = incoming.ReadBuffer (length);
return negotiationHandler.ProcessHandshakeMessage (handshakeType, buffer, out status);
}
public override void ReadClient(TlsBuffer incoming)
{
clientKey = incoming.ReadBytes(incoming.ReadByte());
}
SecurityStatus _DecryptMessage (ref TlsBuffer incoming)
{
// Try to read the Record Content Type
var contentType = (ContentType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging)
DebugHelper.WriteLine ("DecryptMessage: {0}", contentType);
#endif
ReadStandardBuffer (contentType, ref incoming);
if (contentType == ContentType.Alert) {
var level = (AlertLevel)incoming.ReadByte ();
var description = (AlertDescription)incoming.ReadByte ();
if (level == AlertLevel.Warning && description == AlertDescription.CloseNotify) {
ReceivedCloseNotify = true;
if (eventSink != null)
eventSink.ReceivedCloseNotify ();
return SecurityStatus.ContextExpired;
}
DebugHelper.WriteLine ("ALERT: {0} {1}", level, description);
throw new TlsException (level, description);
} else if (contentType == ContentType.ApplicationData)
return SecurityStatus.OK;
else if (contentType != ContentType.Handshake)
throw new TlsException (AlertDescription.UnexpectedMessage, "Unknown content type {0}", contentType);
try {
SecurityStatus status;
var finished = ProcessHandshakeMessage (incoming, out status);
DebugHelper.WriteLine ("RENEGOTIATION REQUEST: {0} {1}", finished, status);
return status;
} finally {
incoming.Dispose ();
incoming = null;
}
}
internal RenegotiationExtension(TlsBuffer incoming)
{
Data = new SecureBuffer(incoming.ReadBytes(incoming.ReadByte()));
}
