private static bool PumpData(TlsProtocol from, TlsProtocol to, bool fragment) { int byteCount = from.GetAvailableOutputBytes(); if (byteCount == 0) { return false; } if (fragment) { while (from.GetAvailableOutputBytes() > 0) { byte[] buffer = new byte[1]; from.ReadOutput(buffer, 0, 1); to.OfferInput(buffer); } } else { byte[] buffer = new byte[byteCount]; from.ReadOutput(buffer, 0, buffer.Length); to.OfferInput(buffer); } return true; }
internal RecordStream(TlsProtocol handler, Stream input, Stream output) { mHandler = handler; mInput = input; mOutput = output; mReadCompression = new TlsNullCompression(); mWriteCompression = mReadCompression; }
internal RecordStream(TlsProtocol handler, Stream input, Stream output) { this.mHandler = handler; this.mInput = input; this.mOutput = output; this.mReadCompression = new TlsNullCompression(); this.mWriteCompression = this.mReadCompression; }
protected virtual void ProcessClientKeyExchange(ServerHandshakeState state, byte[] body) { MemoryStream buf = new MemoryStream(body, false); state.keyExchange.ProcessClientKeyExchange(buf); TlsProtocol.AssertEmpty(buf); }
protected virtual void ReceiveClientHelloMessage(MemoryStream buf) { ProtocolVersion protocolVersion = TlsUtilities.ReadVersion(buf); mRecordStream.SetWriteVersion(protocolVersion); if (protocolVersion.IsDtls) { throw new TlsFatalAlert(47); } byte[] clientRandom = TlsUtilities.ReadFully(32, buf); byte[] array = TlsUtilities.ReadOpaque8(buf); if (array.Length > 32) { throw new TlsFatalAlert(47); } int num = TlsUtilities.ReadUint16(buf); if (num < 2 || (num & 1) != 0) { throw new TlsFatalAlert(50); } mOfferedCipherSuites = TlsUtilities.ReadUint16Array(num / 2, buf); int num2 = TlsUtilities.ReadUint8(buf); if (num2 < 1) { throw new TlsFatalAlert(47); } mOfferedCompressionMethods = TlsUtilities.ReadUint8Array(num2, buf); mClientExtensions = TlsProtocol.ReadExtensions(buf); mSecurityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(mClientExtensions); ContextAdmin.SetClientVersion(protocolVersion); mTlsServer.NotifyClientVersion(protocolVersion); mTlsServer.NotifyFallback(Arrays.Contains(mOfferedCipherSuites, 22016)); mSecurityParameters.clientRandom = clientRandom; mTlsServer.NotifyOfferedCipherSuites(mOfferedCipherSuites); mTlsServer.NotifyOfferedCompressionMethods(mOfferedCompressionMethods); if (Arrays.Contains(mOfferedCipherSuites, 255)) { mSecureRenegotiation = true; } byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281); if (extensionData != null) { mSecureRenegotiation = true; if (!Arrays.ConstantTimeAreEqual(extensionData, TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) { throw new TlsFatalAlert(40); } } mTlsServer.NotifySecureRenegotiation(mSecureRenegotiation); if (mClientExtensions != null) { mTlsServer.ProcessClientExtensions(mClientExtensions); } }
public IDictionary ReadServerExtensions() { if (mEncodedServerExtensions == null) { return(null); } MemoryStream input = new MemoryStream(mEncodedServerExtensions, writable: false); return(TlsProtocol.ReadExtensions(input)); }
protected virtual void ProcessClientCertificate(ServerHandshakeState state, byte[] body) { MemoryStream buf = new MemoryStream(body, false); Certificate clientCertificate = Certificate.Parse(buf); TlsProtocol.AssertEmpty(buf); NotifyClientCertificate(state, clientCertificate); }
protected virtual void ProcessNewSessionTicket(ClientHandshakeState state, byte[] body) { MemoryStream buf = new MemoryStream(body, false); NewSessionTicket newSessionTicket = NewSessionTicket.Parse(buf); TlsProtocol.AssertEmpty(buf); state.client.NotifyNewSessionTicket(newSessionTicket); }
public virtual DtlsTransport Accept(TlsServer server, DatagramTransport transport) { if (server == null) { throw new ArgumentNullException("server"); } if (transport == null) { throw new ArgumentNullException("transport"); } SecurityParameters securityParameters = new SecurityParameters(); securityParameters.entity = ConnectionEnd.server; ServerHandshakeState state = new ServerHandshakeState(); state.server = server; state.serverContext = new TlsServerContextImpl(mSecureRandom, securityParameters); securityParameters.serverRandom = TlsProtocol.CreateRandomBlock(server.ShouldUseGmtUnixTime(), state.serverContext.NonceRandomGenerator); server.Init(state.serverContext); DtlsRecordLayer recordLayer = new DtlsRecordLayer(transport, state.serverContext, server, ContentType.handshake); server.NotifyCloseHandle(recordLayer); // TODO Need to handle sending of HelloVerifyRequest without entering a full connection try { return(ServerHandshake(state, recordLayer)); } catch (TlsFatalAlert fatalAlert) { AbortServerHandshake(state, recordLayer, fatalAlert.AlertDescription); throw fatalAlert; } catch (IOException e) { AbortServerHandshake(state, recordLayer, AlertDescription.internal_error); throw e; } catch (Exception e) { AbortServerHandshake(state, recordLayer, AlertDescription.internal_error); throw new TlsFatalAlert(AlertDescription.internal_error, e); } finally { securityParameters.Clear(); } }
public IDictionary ReadServerExtensions() { if (mEncodedServerExtensions == null) { return(null); } MemoryStream buf = new MemoryStream(mEncodedServerExtensions, false); return(TlsProtocol.ReadExtensions(buf)); }
protected virtual void ProcessFinished(byte[] body, byte[] expected_verify_data) { MemoryStream memoryStream = new MemoryStream(body, writable: false); byte[] b = TlsUtilities.ReadFully(expected_verify_data.Length, memoryStream); TlsProtocol.AssertEmpty(memoryStream); if (!Arrays.ConstantTimeAreEqual(expected_verify_data, b)) { throw new TlsFatalAlert(40); } }
private static void WriteAndRead(TlsProtocol writer, TlsProtocol reader, byte[] data, bool fragment) { int dataSize = data.Length; writer.OfferOutput(data, 0, dataSize); PumpData(writer, reader, fragment); Assert.AreEqual(dataSize, reader.GetAvailableInputBytes()); byte[] readData = new byte[dataSize]; reader.ReadInput(readData, 0, dataSize); AssertArrayEquals(data, readData); }
public static CertificateStatusRequest ReadStatusRequestExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); CertificateStatusRequest result = CertificateStatusRequest.Parse(memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
public static ServerNameList ReadServerNameExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); ServerNameList result = ServerNameList.Parse(memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
public static HeartbeatExtension ReadHeartbeatExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); HeartbeatExtension result = HeartbeatExtension.Parse(memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
public static byte[] ReadSrpExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); byte[] result = TlsUtilities.ReadOpaque8(memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
protected virtual void ReceiveClientKeyExchangeMessage(MemoryStream buf) { mKeyExchange.ProcessClientKeyExchange(buf); TlsProtocol.AssertEmpty(buf); mPrepareFinishHash = mRecordStream.PrepareToFinish(); mSecurityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(Context, mPrepareFinishHash, null); TlsProtocol.EstablishMasterSecret(Context, mKeyExchange); mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); if (!mExpectSessionTicket) { SendChangeCipherSpecMessage(); } }
internal void WriteToRecordStream(TlsProtocol protocol) { long num = Length - 4; TlsUtilities.CheckUint24(num); Position = 1L; TlsUtilities.WriteUint24((int)num, this); byte[] buffer = GetBuffer(); int len = (int)Length; protocol.WriteHandshakeMessage(buffer, 0, len); Platform.Dispose(this); }
public SimpleSocketTcpSslClient(X509Certificate2 certificate, TlsProtocol tls = TlsProtocol.Tls12, bool acceptInvalidCertificates = true, bool mutualAuth = false) : base() { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } _sslCertificate = certificate; _tlsProtocol = tls; AcceptInvalidCertificates = acceptInvalidCertificates; MutualAuthentication = mutualAuth; }
/// <exception cref="IOException"/> protected virtual void ProcessFinished(byte[] body, byte[] expected_verify_data) { MemoryStream buf = new MemoryStream(body, false); byte[] verify_data = TlsUtilities.ReadFully(expected_verify_data.Length, buf); TlsProtocol.AssertEmpty(buf); if (!Arrays.ConstantTimeAreEqual(expected_verify_data, verify_data)) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } }
protected virtual Certificate ProcessServerCertificate(ClientHandshakeState state, byte[] body) { MemoryStream buf = new MemoryStream(body, false); Certificate serverCertificate = Certificate.Parse(buf); TlsProtocol.AssertEmpty(buf); state.keyExchange.ProcessServerCertificate(serverCertificate); state.authentication = state.client.GetAuthentication(); state.authentication.NotifyServerCertificate(serverCertificate); return(serverCertificate); }
public Builder SetServerExtensions(IDictionary serverExtensions) { if (serverExtensions == null) { mEncodedServerExtensions = null; } else { MemoryStream buf = new MemoryStream(); TlsProtocol.WriteExtensions(buf, serverExtensions); mEncodedServerExtensions = buf.ToArray(); } return(this); }
protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash) { if (state.certificateRequest == null) { throw new InvalidOperationException(); } MemoryStream buf = new MemoryStream(body, false); TlsServerContextImpl context = state.serverContext; DigitallySigned clientCertificateVerify = DigitallySigned.Parse(context, buf); TlsProtocol.AssertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm; byte[] hash; if (TlsUtilities.IsTlsV12(context)) { TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm); hash = prepareFinishHash.GetFinalHash(signatureAlgorithm.Hash); } else { hash = context.SecurityParameters.SessionHash; } X509CertificateStructure x509Cert = state.clientCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo); TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType); tlsSigner.Init(context); if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } } catch (TlsFatalAlert e) { throw e; } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error, e); } }
/// <exception cref="IOException"></exception> public static CertificateStatusRequest ReadStatusRequestExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream buf = new MemoryStream(extensionData, false); CertificateStatusRequest statusRequest = CertificateStatusRequest.Parse(buf); TlsProtocol.AssertEmpty(buf); return(statusRequest); }
/// <exception cref="IOException"></exception> public static ServerNameList ReadServerNameExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream buf = new MemoryStream(extensionData, false); ServerNameList serverNameList = ServerNameList.Parse(buf); TlsProtocol.AssertEmpty(buf); return(serverNameList); }
/// <exception cref="IOException"></exception> public static HeartbeatExtension ReadHeartbeatExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream buf = new MemoryStream(extensionData, false); HeartbeatExtension heartbeatExtension = HeartbeatExtension.Parse(buf); TlsProtocol.AssertEmpty(buf); return(heartbeatExtension); }
public static byte[] ReadSrpExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream buf = new MemoryStream(extensionData, false); byte[] identity = TlsUtilities.ReadOpaque8(buf); TlsProtocol.AssertEmpty(buf); return(identity); }
public static byte[] ReadNegotiatedDheGroupsClientExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); byte b = TlsUtilities.ReadUint8(memoryStream); if (b < 1) { throw new TlsFatalAlert(50); } byte[] result = TlsUtilities.ReadUint8Array(b, memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
public static int[] ReadSupportedEllipticCurvesExtension(byte[] extensionData) { if (extensionData == null) { throw new ArgumentNullException("extensionData"); } MemoryStream memoryStream = new MemoryStream(extensionData, writable: false); int num = TlsUtilities.ReadUint16(memoryStream); if (num < 2 || (num & 1) != 0) { throw new TlsFatalAlert(50); } int[] result = TlsUtilities.ReadUint16Array(num / 2, memoryStream); TlsProtocol.AssertEmpty(memoryStream); return(result); }
protected virtual void ProcessCertificateRequest(ClientHandshakeState state, byte[] body) { if (state.authentication == null) { /* * RFC 2246 7.4.4. It is a fatal handshake_failure alert for an anonymous server to * request client identification. */ throw new TlsFatalAlert(AlertDescription.handshake_failure); } MemoryStream buf = new MemoryStream(body, false); state.certificateRequest = CertificateRequest.Parse(state.clientContext, buf); TlsProtocol.AssertEmpty(buf); state.keyExchange.ValidateCertificateRequest(state.certificateRequest); }
/// <summary> /// Constructor /// </summary> /// <param name="certificate"></param> /// <param name="password"></param> /// <param name="tlsProtocol"></param> /// <param name="acceptInvalidCertificates"></param> public AsyncSocketSslListener(string certificate, string password, TlsProtocol tlsProtocol = TlsProtocol.Tls12, bool acceptInvalidCertificates = true) : base() { if (string.IsNullOrEmpty(certificate)) { throw new ArgumentNullException(nameof(certificate)); } AcceptInvalidCertificates = acceptInvalidCertificates; _tlsProtocol = tlsProtocol; if (string.IsNullOrEmpty(password)) { _serverCertificate = new X509Certificate2(File.ReadAllBytes(Path.GetFullPath(certificate))); } else { _serverCertificate = new X509Certificate2(File.ReadAllBytes(Path.GetFullPath(certificate)), password); } }
private static void CheckClosed(TlsProtocol protocol) { Assert.IsTrue(protocol.IsClosed); try { protocol.OfferInput(new byte[10]); Assert.Fail("Input was accepted after close"); } catch (IOException) { } try { protocol.OfferOutput(new byte[10], 0, 10); Assert.Fail("Output was accepted after close"); } catch (IOException) { } }