protected virtual void ReceiveNewSessionTicketMessage(MemoryStream buf)
{
NewSessionTicket newSessionTicket = NewSessionTicket.Parse((Stream)(object)buf);
TlsProtocol.AssertEmpty(buf);
mTlsClient.NotifyNewSessionTicket(newSessionTicket);
}
protected virtual void ProcessNewSessionTicket(DtlsClientProtocol.ClientHandshakeState state, byte[] body)
{
MemoryStream memoryStream = new MemoryStream(body, false);
NewSessionTicket newSessionTicket = NewSessionTicket.Parse(memoryStream);
TlsProtocol.AssertEmpty(memoryStream);
state.client.NotifyNewSessionTicket(newSessionTicket);
}
protected virtual void SendNewSessionTicketMessage(NewSessionTicket newSessionTicket)
{
if (newSessionTicket == null)
{
throw new TlsFatalAlert(80);
}
TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(4);
newSessionTicket.Encode(handshakeMessage);
handshakeMessage.WriteToRecordStream(this);
}
protected virtual void ProcessNewSessionTicket(ClientHandshakeState state, byte[] body)
{
//IL_0002: Unknown result type (might be due to invalid IL or missing references)
//IL_0008: Expected O, but got Unknown
MemoryStream val = new MemoryStream(body, false);
NewSessionTicket newSessionTicket = NewSessionTicket.Parse((Stream)(object)val);
TlsProtocol.AssertEmpty(val);
state.client.NotifyNewSessionTicket(newSessionTicket);
}
protected virtual void SendNewSessionTicketMessage(NewSessionTicket newSessionTicket)
{
if (newSessionTicket == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
HandshakeMessage message = new HandshakeMessage(HandshakeType.session_ticket);
newSessionTicket.Encode(message);
message.WriteToRecordStream(this);
}
public virtual void NotifyNewSessionTicket(NewSessionTicket newSessionTicket)
{
}
protected virtual byte[] GenerateNewSessionTicket(DtlsServerProtocol.ServerHandshakeState state, NewSessionTicket newSessionTicket)
{
MemoryStream memoryStream = new MemoryStream();
newSessionTicket.Encode(memoryStream);
return(memoryStream.ToArray());
}
internal virtual DtlsTransport ServerHandshake(DtlsServerProtocol.ServerHandshakeState state, DtlsRecordLayer recordLayer)
{
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
DtlsReliableHandshake dtlsReliableHandshake = new DtlsReliableHandshake(state.serverContext, recordLayer);
DtlsReliableHandshake.Message message = dtlsReliableHandshake.ReceiveMessage();
ProtocolVersion discoveredPeerVersion = recordLayer.DiscoveredPeerVersion;
state.serverContext.SetClientVersion(discoveredPeerVersion);
if (message.Type != 1)
{
throw new TlsFatalAlert(10);
}
this.ProcessClientHello(state, message.Body);
byte[] body = this.GenerateServerHello(state);
DtlsProtocol.ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.maxFragmentLength);
dtlsReliableHandshake.SendMessage(2, body);
dtlsReliableHandshake.NotifyHelloComplete();
IList serverSupplementalData = state.server.GetServerSupplementalData();
if (serverSupplementalData != null)
{
byte[] body2 = DtlsProtocol.GenerateSupplementalData(serverSupplementalData);
dtlsReliableHandshake.SendMessage(23, body2);
}
state.keyExchange = state.server.GetKeyExchange();
state.keyExchange.Init(state.serverContext);
state.serverCredentials = state.server.GetCredentials();
Certificate certificate = null;
if (state.serverCredentials == null)
{
state.keyExchange.SkipServerCredentials();
}
else
{
state.keyExchange.ProcessServerCredentials(state.serverCredentials);
certificate = state.serverCredentials.Certificate;
byte[] body3 = DtlsProtocol.GenerateCertificate(certificate);
dtlsReliableHandshake.SendMessage(11, body3);
}
if (certificate == null || certificate.IsEmpty)
{
state.allowCertificateStatus = false;
}
if (state.allowCertificateStatus)
{
CertificateStatus certificateStatus = state.server.GetCertificateStatus();
if (certificateStatus != null)
{
byte[] body4 = this.GenerateCertificateStatus(state, certificateStatus);
dtlsReliableHandshake.SendMessage(22, body4);
}
}
byte[] array = state.keyExchange.GenerateServerKeyExchange();
if (array != null)
{
dtlsReliableHandshake.SendMessage(12, array);
}
if (state.serverCredentials != null)
{
state.certificateRequest = state.server.GetCertificateRequest();
if (state.certificateRequest != null)
{
state.keyExchange.ValidateCertificateRequest(state.certificateRequest);
byte[] body5 = this.GenerateCertificateRequest(state, state.certificateRequest);
dtlsReliableHandshake.SendMessage(13, body5);
TlsUtilities.TrackHashAlgorithms(dtlsReliableHandshake.HandshakeHash, state.certificateRequest.SupportedSignatureAlgorithms);
}
}
dtlsReliableHandshake.SendMessage(14, TlsUtilities.EmptyBytes);
dtlsReliableHandshake.HandshakeHash.SealHashAlgorithms();
message = dtlsReliableHandshake.ReceiveMessage();
if (message.Type == 23)
{
this.ProcessClientSupplementalData(state, message.Body);
message = dtlsReliableHandshake.ReceiveMessage();
}
else
{
state.server.ProcessClientSupplementalData(null);
}
if (state.certificateRequest == null)
{
state.keyExchange.SkipClientCredentials();
}
else if (message.Type == 11)
{
this.ProcessClientCertificate(state, message.Body);
message = dtlsReliableHandshake.ReceiveMessage();
}
else
{
if (TlsUtilities.IsTlsV12(state.serverContext))
{
throw new TlsFatalAlert(10);
}
this.NotifyClientCertificate(state, Certificate.EmptyChain);
}
if (message.Type == 16)
{
this.ProcessClientKeyExchange(state, message.Body);
TlsHandshakeHash tlsHandshakeHash = dtlsReliableHandshake.PrepareToFinish();
securityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(state.serverContext, tlsHandshakeHash, null);
TlsProtocol.EstablishMasterSecret(state.serverContext, state.keyExchange);
recordLayer.InitPendingEpoch(state.server.GetCipher());
if (this.ExpectCertificateVerifyMessage(state))
{
byte[] body6 = dtlsReliableHandshake.ReceiveMessageBody(15);
this.ProcessCertificateVerify(state, body6, tlsHandshakeHash);
}
byte[] expected_verify_data = TlsUtilities.CalculateVerifyData(state.serverContext, "client finished", TlsProtocol.GetCurrentPrfHash(state.serverContext, dtlsReliableHandshake.HandshakeHash, null));
this.ProcessFinished(dtlsReliableHandshake.ReceiveMessageBody(20), expected_verify_data);
if (state.expectSessionTicket)
{
NewSessionTicket newSessionTicket = state.server.GetNewSessionTicket();
byte[] body7 = this.GenerateNewSessionTicket(state, newSessionTicket);
dtlsReliableHandshake.SendMessage(4, body7);
}
byte[] body8 = TlsUtilities.CalculateVerifyData(state.serverContext, "server finished", TlsProtocol.GetCurrentPrfHash(state.serverContext, dtlsReliableHandshake.HandshakeHash, null));
dtlsReliableHandshake.SendMessage(20, body8);
dtlsReliableHandshake.Finish();
state.server.NotifyHandshakeComplete();
return(new DtlsTransport(recordLayer));
}
throw new TlsFatalAlert(10);
}
protected virtual byte[] GenerateNewSessionTicket(ServerHandshakeState state, NewSessionTicket newSessionTicket)
{
MemoryStream buf = new MemoryStream();
newSessionTicket.Encode(buf);
return buf.ToArray();
}
internal virtual DtlsTransport ServerHandshake(ServerHandshakeState state, DtlsRecordLayer recordLayer)
{
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.serverContext, recordLayer);
DtlsReliableHandshake.Message clientMessage = handshake.ReceiveMessage();
// NOTE: DTLSRecordLayer requires any DTLS version, we don't otherwise constrain this
//ProtocolVersion recordLayerVersion = recordLayer.ReadVersion;
if (clientMessage.Type == HandshakeType.client_hello)
{
ProcessClientHello(state, clientMessage.Body);
}
else
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
{
byte[] serverHelloBody = GenerateServerHello(state);
ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.maxFragmentLength);
ProtocolVersion recordLayerVersion = state.serverContext.ServerVersion;
recordLayer.ReadVersion = recordLayerVersion;
recordLayer.SetWriteVersion(recordLayerVersion);
handshake.SendMessage(HandshakeType.server_hello, serverHelloBody);
}
handshake.NotifyHelloComplete();
IList serverSupplementalData = state.server.GetServerSupplementalData();
if (serverSupplementalData != null)
{
byte[] supplementalDataBody = GenerateSupplementalData(serverSupplementalData);
handshake.SendMessage(HandshakeType.supplemental_data, supplementalDataBody);
}
state.keyExchange = state.server.GetKeyExchange();
state.keyExchange.Init(state.serverContext);
state.serverCredentials = state.server.GetCredentials();
Certificate serverCertificate = null;
if (state.serverCredentials == null)
{
state.keyExchange.SkipServerCredentials();
}
else
{
state.keyExchange.ProcessServerCredentials(state.serverCredentials);
serverCertificate = state.serverCredentials.Certificate;
byte[] certificateBody = GenerateCertificate(serverCertificate);
handshake.SendMessage(HandshakeType.certificate, certificateBody);
}
// TODO[RFC 3546] Check whether empty certificates is possible, allowed, or excludes CertificateStatus
if (serverCertificate == null || serverCertificate.IsEmpty)
{
state.allowCertificateStatus = false;
}
if (state.allowCertificateStatus)
{
CertificateStatus certificateStatus = state.server.GetCertificateStatus();
if (certificateStatus != null)
{
byte[] certificateStatusBody = GenerateCertificateStatus(state, certificateStatus);
handshake.SendMessage(HandshakeType.certificate_status, certificateStatusBody);
}
}
byte[] serverKeyExchange = state.keyExchange.GenerateServerKeyExchange();
if (serverKeyExchange != null)
{
handshake.SendMessage(HandshakeType.server_key_exchange, serverKeyExchange);
}
if (state.serverCredentials != null)
{
state.certificateRequest = state.server.GetCertificateRequest();
if (state.certificateRequest != null)
{
if (TlsUtilities.IsTlsV12(state.serverContext) != (state.certificateRequest.SupportedSignatureAlgorithms != null))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
state.keyExchange.ValidateCertificateRequest(state.certificateRequest);
byte[] certificateRequestBody = GenerateCertificateRequest(state, state.certificateRequest);
handshake.SendMessage(HandshakeType.certificate_request, certificateRequestBody);
TlsUtilities.TrackHashAlgorithms(handshake.HandshakeHash,
state.certificateRequest.SupportedSignatureAlgorithms);
}
}
handshake.SendMessage(HandshakeType.server_hello_done, TlsUtilities.EmptyBytes);
handshake.HandshakeHash.SealHashAlgorithms();
clientMessage = handshake.ReceiveMessage();
if (clientMessage.Type == HandshakeType.supplemental_data)
{
ProcessClientSupplementalData(state, clientMessage.Body);
clientMessage = handshake.ReceiveMessage();
}
else
{
state.server.ProcessClientSupplementalData(null);
}
if (state.certificateRequest == null)
{
state.keyExchange.SkipClientCredentials();
}
else
{
if (clientMessage.Type == HandshakeType.certificate)
{
ProcessClientCertificate(state, clientMessage.Body);
clientMessage = handshake.ReceiveMessage();
}
else
{
if (TlsUtilities.IsTlsV12(state.serverContext))
{
/*
* RFC 5246 If no suitable certificate is available, the client MUST send a
* certificate message containing no certificates.
*
* NOTE: In previous RFCs, this was SHOULD instead of MUST.
*/
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
NotifyClientCertificate(state, Certificate.EmptyChain);
}
}
if (clientMessage.Type == HandshakeType.client_key_exchange)
{
ProcessClientKeyExchange(state, clientMessage.Body);
}
else
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
TlsHandshakeHash prepareFinishHash = handshake.PrepareToFinish();
securityParameters.sessionHash = TlsProtocol.GetCurrentPrfHash(state.serverContext, prepareFinishHash, null);
TlsProtocol.EstablishMasterSecret(state.serverContext, state.keyExchange);
recordLayer.InitPendingEpoch(state.server.GetCipher());
/*
* RFC 5246 7.4.8 This message is only sent following a client certificate that has signing
* capability (i.e., all certificates except those containing fixed Diffie-Hellman
* parameters).
*/
if (ExpectCertificateVerifyMessage(state))
{
byte[] certificateVerifyBody = handshake.ReceiveMessageBody(HandshakeType.certificate_verify);
ProcessCertificateVerify(state, certificateVerifyBody, prepareFinishHash);
}
// NOTE: Calculated exclusive of the actual Finished message from the client
byte[] expectedClientVerifyData = TlsUtilities.CalculateVerifyData(state.serverContext, ExporterLabel.client_finished,
TlsProtocol.GetCurrentPrfHash(state.serverContext, handshake.HandshakeHash, null));
ProcessFinished(handshake.ReceiveMessageBody(HandshakeType.finished), expectedClientVerifyData);
if (state.expectSessionTicket)
{
NewSessionTicket newSessionTicket = state.server.GetNewSessionTicket();
byte[] newSessionTicketBody = GenerateNewSessionTicket(state, newSessionTicket);
handshake.SendMessage(HandshakeType.session_ticket, newSessionTicketBody);
}
// NOTE: Calculated exclusive of the Finished message itself
byte[] serverVerifyData = TlsUtilities.CalculateVerifyData(state.serverContext, ExporterLabel.server_finished,
TlsProtocol.GetCurrentPrfHash(state.serverContext, handshake.HandshakeHash, null));
handshake.SendMessage(HandshakeType.finished, serverVerifyData);
handshake.Finish();
state.server.NotifyHandshakeComplete();
return(new DtlsTransport(recordLayer));
}
protected virtual byte[] GenerateNewSessionTicket(ServerHandshakeState state, NewSessionTicket newSessionTicket)
{
MemoryStream buf = new MemoryStream();
newSessionTicket.Encode(buf);
return(buf.ToArray());
}
public virtual void NotifyNewSessionTicket(NewSessionTicket newSessionTicket)
{
}
protected virtual void SendNewSessionTicketMessage(NewSessionTicket newSessionTicket)
{
if (newSessionTicket == null)
throw new TlsFatalAlert(AlertDescription.internal_error);
HandshakeMessage message = new HandshakeMessage(HandshakeType.session_ticket);
newSessionTicket.Encode(message);
message.WriteToRecordStream(this);
}
protected virtual byte[] GenerateNewSessionTicket(ServerHandshakeState state, NewSessionTicket newSessionTicket)
{
//IL_0000: Unknown result type (might be due to invalid IL or missing references)
//IL_0006: Expected O, but got Unknown
MemoryStream val = new MemoryStream();
newSessionTicket.Encode((Stream)(object)val);
return(val.ToArray());
}
