protected override void ProcessCertificate(HandshakeCertificate certificate)
{
if (_state != HandshakeState.ReceivedClientHello)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Client certificate received at the wrong time");
}
if (!_certificateRequestSent)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Client certificate received even though request was not sent");
}
if (certificate.CertificateList.Count > 0)
{
_clientCertificateReceived = true;
}
_clientCertificates.AddRange(certificate.CertificateList);
// Validate certificate chain
if (_certificateValidationCallback != null && !_certificateValidationCallback(certificate.CertificateList))
{
throw new AlertException(AlertDescription.AccessDenied,
"Client certificate was not accepted");
}
// Wait for client key exchange
_state = HandshakeState.ReceivedCertificate;
}
protected override void ProcessCertificate(HandshakeCertificate certificate)
{
if (_state != HandshakeState.ReceivedServerHello)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Certificate received at the wrong time");
}
if (certificate.CertificateList.Count == 0)
{
throw new AlertException(AlertDescription.BadCertificate,
"Certificate chain has no entries");
}
_serverCertificates.AddRange(certificate.CertificateList);
string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm;
string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm;
// Check that certificate is valid
X509Certificate cert = _serverCertificates[0];
if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm()))
{
throw new AlertException(AlertDescription.BadCertificate,
"Certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg);
}
if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm()))
{
throw new AlertException(AlertDescription.BadCertificate,
"Certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg);
}
// Validate certificate chain
if (!_certificateValidationCallback(certificate.CertificateList))
{
throw new AlertException(AlertDescription.AccessDenied,
"Server certificate was not accepted");
}
// Wait for server key exchange, certificate request or server hello done
_state = HandshakeState.ReceivedCertificate;
}
// Messages received by both
protected virtual void ProcessCertificate(HandshakeCertificate certificate)
{
InvalidMessageReceived();
}
protected override void ProcessClientHello(HandshakeClientHello clientHello)
{
if (_state == HandshakeState.Finished)
{
throw new AlertException(AlertDescription.NoRenegotiation,
"Renegotiation not supported");
}
else if (_state != HandshakeState.Initial)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Client hello received at the wrong time");
}
// Find the compressions that match our supported compressions
List <Byte> matchedCompressions = new List <Byte>();
foreach (Byte id in _supportedCompressions)
{
if (clientHello.CompressionMethods.Contains(id))
{
matchedCompressions.Add(id);
}
}
if (matchedCompressions.Count == 0)
{
throw new AlertException(AlertDescription.HandshakeFailure,
"None of the compression methods offered by client is accepted");
}
_clientVersion = clientHello.ClientVersion;
_cipherSuite = SelectCipherSuite(_pluginManager, _clientVersion, _minVersion, _maxVersion, clientHello.CipherSuites, new List <UInt16>(_supportedCipherSuites), _certificateSelectionCallback, _availableCertificates);
_version = _cipherSuite.ProtocolVersion;
// Select the certificate and private key we are going to send
int certificateIndex = _certificateSelectionCallback(_cipherSuite, _availableCertificates.ToArray());
if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count)
{
_serverCertificates.AddRange(_availableCertificates[certificateIndex]);
_selectedPrivateKey = _availablePrivateKeys[certificateIndex];
}
// TODO: Create the server hello message correctly
HandshakeServerHello serverHello = new HandshakeServerHello(_version);
serverHello.CipherSuite = _cipherSuite.CipherSuiteID;
serverHello.CompressionMethod = matchedCompressions[0];
OutputMessage(serverHello);
// Initialize the handshake randoms and cipher suite
_connectionState.ClientRandom = clientHello.Random.GetBytes();
_connectionState.ServerRandom = serverHello.Random.GetBytes();
// TODO: If we resumed our session, set state to SendChangeCipherSpec and return
// Send certificate if required and valid
if (!_cipherSuite.IsAnonymous)
{
if (_serverCertificates.Count == 0)
{
throw new AlertException(AlertDescription.HandshakeFailure,
"Certificate required but not selected");
}
string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm;
string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm;
X509Certificate cert = _serverCertificates[0];
if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm()))
{
throw new AlertException(AlertDescription.HandshakeFailure,
"Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg);
}
if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm()))
{
throw new AlertException(AlertDescription.HandshakeFailure,
"Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg);
}
HandshakeCertificate certificate = new HandshakeCertificate(_version);
certificate.CertificateList.AddRange(_serverCertificates);
OutputMessage(certificate);
}
byte[] serverKeys = _cipherSuite.KeyExchangeAlgorithm.GetServerKeys(_maxVersion);
if (serverKeys != null)
{
// Generate the signature for server keys
byte[] dataToSign = new byte[_connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length + serverKeys.Length];
Buffer.BlockCopy(_connectionState.ClientRandom, 0, dataToSign, 0, _connectionState.ClientRandom.Length);
Buffer.BlockCopy(_connectionState.ServerRandom, 0, dataToSign, _connectionState.ClientRandom.Length, _connectionState.ServerRandom.Length);
Buffer.BlockCopy(serverKeys, 0, dataToSign, _connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length, serverKeys.Length);
byte[] signature = GenerateSignature(_selectedPrivateKey, dataToSign);
// Combine the server keys with the signature
byte[] signedKeys = new byte[serverKeys.Length + signature.Length];
Buffer.BlockCopy(serverKeys, 0, signedKeys, 0, serverKeys.Length);
Buffer.BlockCopy(signature, 0, signedKeys, serverKeys.Length, signature.Length);
HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, _version, signedKeys);
OutputMessage(keyex);
}
// Send certificate request if needed
if (!_cipherSuite.IsAnonymous && _certificateRequest != null)
{
OutputMessage(_certificateRequest);
_certificateRequestSent = true;
}
HandshakeMessage serverHelloDone = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, _version);
OutputMessage(serverHelloDone);
// Wait for client certificate or client key exchange
_state = HandshakeState.ReceivedClientHello;
}
public bool ReadPacket(Stream stream)
{
byte[] header = new byte[5];
int readBytes = 0;
while (readBytes < header.Length)
{
readBytes += stream.Read(header, readBytes, header.Length - readBytes);
}
Record record = new Record(header);
readBytes = 0;
while (readBytes < record.Fragment.Length)
{
readBytes += stream.Read(record.Fragment, readBytes, record.Fragment.Length - readBytes);
}
_recordHandler.ProcessInputRecord(record);
if (record.Type == 22)
{
HandshakeMessage hs = HandshakeMessage.GetInstance(VERSION, record.Fragment);
if (hs == null)
{
Console.WriteLine("Skipped handling packet");
return(true);
}
Console.WriteLine("adding bytes to hash " + record.Fragment.Length);
_handshakeStream.Write(record.Fragment, 0, record.Fragment.Length);
if (hs.Type == HandshakeMessageType.ServerHello)
{
HandshakeServerHello sh = (HandshakeServerHello)hs;
_serverRandom = sh.Random.GetBytes();
if (sh.ServerVersion != VERSION)
{
throw new Exception("Version doesn't match");
}
}
else if (hs.Type == HandshakeMessageType.Certificate)
{
Console.WriteLine("Found certificate");
HandshakeCertificate cert = (HandshakeCertificate)hs;
_rsaPublicKey = null;
foreach (X509Certificate c in cert.CertificateList)
{
Console.WriteLine(c.ToString(true));
if (_rsaPublicKey == null)
{
X509Certificate c2 = new X509Certificate(c);
_rsaPublicKey = new CertificatePublicKey(c2);
}
}
}
else if (hs.Type == HandshakeMessageType.ServerHelloDone)
{
SendClientKey(stream);
byte[] seed = new byte[64];
Array.Copy(_clientRandom, 0, seed, 0, 32);
Array.Copy(_serverRandom, 0, seed, 32, 32);
PrintBytes("hash seed", seed);
_masterSecret = _cipherSuite.KeyExchangeAlgorithm.GetMasterSecret(_cipherSuite.PseudoRandomFunction, seed);
PrintBytes("master secret", _masterSecret);
seed = new byte[64];
Array.Copy(_serverRandom, 0, seed, 0, 32);
Array.Copy(_clientRandom, 0, seed, 32, 32);
ConnectionState connectionState = new ConnectionState(_clientRandom, _serverRandom, _masterSecret);
_recordHandler.SetCipherSuite(_cipherSuite, connectionState);
SendFinished(stream);
}
else if (hs.Type == HandshakeMessageType.Finished)
{
Console.WriteLine("Got Finished message!!!");
SendHttpGet(stream);
}
}
else if (record.Type == 20)
{
Console.WriteLine("Got change cipher spec from server");
_recordHandler.ChangeRemoteState();
}
else if (record.Type == 21)
{
// This is an alert
if (record.Fragment.Length >= 2 && record.Fragment[1] == 0)
{
// Close notify
Console.WriteLine("Close notify received");
return(false);
}
}
else if (record.Type == 23)
{
Console.WriteLine("Got data: " + Encoding.UTF8.GetString(record.Fragment));
}
return(true);
}
protected override void ProcessServerHelloDone(HandshakeMessage serverHelloDone)
{
if (_state != HandshakeState.ReceivedCertificate &&
_state != HandshakeState.ReceivedServerKeyExchange &&
_state != HandshakeState.ReceivedCertificateRequest)
{
throw new AlertException(AlertDescription.UnexpectedMessage,
"Server hello done received at the wrong time");
}
bool clientCertificateSent = false;
if (_clientCertificateRequested)
{
// Ask for correct certificate from the callback
int certificateIndex = _certificateSelectionCallback(_availableCertificates.ToArray(), _serverCertificates);
if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count)
{
_clientCertificates.AddRange(_availableCertificates[certificateIndex]);
_selectedPrivateKey = _availablePrivateKeys[certificateIndex];
}
// If certificate was selected, send it to server
if (_clientCertificates.Count > 0)
{
HandshakeCertificate certificate = new HandshakeCertificate(_version);
certificate.CertificateList.AddRange(_clientCertificates);
OutputMessage(certificate);
clientCertificateSent = true;
}
else
{
// TODO: In case of SSLv3 we should send warning alert instead?
HandshakeCertificate certificate = new HandshakeCertificate(_version);
OutputMessage(certificate);
}
}
// Send client key exchange message
byte[] clientKeys = null;
if (_serverCertificates.Count > 0)
{
var cert = _serverCertificates[0];
CertificatePublicKey publicKey = new CertificatePublicKey(cert);
this.logger?.Trace($"OID (lookup with http://www.oid-info.com/get/[oid]) of key from server certificate: {publicKey.Oid}");
var data = Asn1Object.FromByteArray(cert.GetKeyAlgorithmParameters());
this.logger?.Trace($" OID of key parameters from server certificate: {data}");
clientKeys = _cipherSuite.KeyExchangeAlgorithm.GetClientKeys(_version, _maxVersion, publicKey);
}
HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, _version, clientKeys);
OutputMessage(keyex);
if (clientCertificateSent)
{
// Get all handshake messages
byte[] handshakeMessages = _handshakeStream.ToArray();
// FIXME: Generate the signature of handshakeMessages with client cert signature
// this breaks if client certificate signature is different type than negotiated
byte[] signature = GenerateSignature(_selectedPrivateKey, handshakeMessages);
// Create CertificateVerify message and send it to server
HandshakeMessage verify = new HandshakeMessage(HandshakeMessageType.CertificateVerify, _version, signature);
OutputMessage(verify);
}
// Generate the master secret from key exchange
_connectionState.MasterSecret = GenerateMasterSecret(_version, _cipherSuite, _connectionState);
// Wait for changecipherspec+finished
_state = HandshakeState.SendChangeCipherSpec;
}
