protected override MessageStatus HandleMessage(Message message) { if (message.Type != HandshakeType.ClientHello) { throw new TlsException(AlertDescription.UnexpectedMessage); } if (Renegotiating) { var flags = Config.RenegotiationFlags; if ((flags & RenegotiationFlags.DisallowRenegotiation) != 0) { throw new TlsException(AlertDescription.HandshakeFailure, "Renegotiation not allowed."); } if (!Session.SecureRenegotiation) { throw new TlsException(AlertDescription.HandshakeFailure, "Renegotiation not allowed."); } } if (!Config.HasCredentials) { if (!Renegotiating && !askedForCertificate) { askedForCertificate = true; return(MessageStatus.CredentialsNeeded); } throw new TlsException(AlertDescription.InternalError, "No server certificate or private key."); } hello = (TlsClientHello)message; HandleClientHello(hello); return(Renegotiating ? MessageStatus.Renegotiate : MessageStatus.GenerateOutput); }
protected override MessageStatus HandleMessage (Message message) { if (message.Type != HandshakeType.ClientHello) throw new TlsException (AlertDescription.UnexpectedMessage); if (Renegotiating) { var flags = Config.RenegotiationFlags; if ((flags & RenegotiationFlags.DisallowRenegotiation) != 0) throw new TlsException (AlertDescription.HandshakeFailure, "Renegotiation not allowed."); if (!Session.SecureRenegotiation) throw new TlsException (AlertDescription.HandshakeFailure, "Renegotiation not allowed."); } if (!Config.HasCredentials) { if (!Renegotiating && !askedForCertificate) { askedForCertificate = true; return MessageStatus.CredentialsNeeded; } throw new TlsException (AlertDescription.InternalError, "No server certificate or private key."); } hello = (TlsClientHello)message; HandleClientHello (hello); return Renegotiating ? MessageStatus.Renegotiate : MessageStatus.GenerateOutput; }
protected virtual void ProcessExtensions(TlsClientHello message) { foreach (var extension in message.Extensions) { ProcessExtension(extension); } }
protected virtual void HandleClientHello(TlsClientHello message) { Context.VerifyServerProtocol(message.ClientProtocol); HandshakeParameters.ClientRandom = message.ClientRandom; SelectCipher(message); ProcessExtensions(message); }
protected virtual void SelectCipher(TlsClientHello message) { var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null; CipherSuiteCollection supportedCiphers; if (userCiphers != null) { supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers); } else { supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = supportedCiphers; CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); }
private void _read() { _msgType = ((TlsPacket.TlsHandshakeType)m_io.ReadU1()); _length = new TlsLength(m_io, this, m_root); switch (MsgType) { case TlsPacket.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsHelloRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { _body = m_io.ReadBytes(Length.Value); break; } } }
protected virtual void HandleClientHello (TlsClientHello message) { Context.VerifyClientProtocol (message.ClientProtocol); HandshakeParameters.ClientRandom = message.ClientRandom; SelectCipher (message); ProcessExtensions (message); }
protected virtual void ProcessExtensions (TlsClientHello message) { foreach (var extension in message.Extensions) ProcessExtension (extension); }
protected virtual void SelectCipher (TlsClientHello message) { var certificate = Config.Certificate; if (certificate == null) throw new TlsException (AlertDescription.HandshakeFailure, "Missing server certificate"); CipherSuiteCollection requestedCiphers; if (Settings.RequestedCiphers != null) requestedCiphers = new CipherSuiteCollection (Context.NegotiatedProtocol, Settings.RequestedCiphers); else requestedCiphers = CipherSuiteFactory.GetDefaultCiphers (Context.NegotiatedProtocol); HandshakeParameters.SupportedCiphers = requestedCiphers.Filter (cipher => { #if INSTRUMENTATION if (Context.HasInstrument (HandshakeInstrumentType.OverrideServerCertificateSelection)) return true; #endif var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType (Context.NegotiatedProtocol, cipher); return CertificateManager.VerifyServerCertificate (Context, certificate, exchangeAlgorithm); }); CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf (code); if (idx < 0) continue; var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite (Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) throw new TlsException (AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); #if DEBUG_FULL if (Context.EnableDebugging) selectedCipher.EnableDebugging = true; #endif #if DEBUG_FULL if (Context.EnableDebugging) DebugHelper.WriteLine ("Selected Cipher: {0}", selectedCipher); #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize (true, Context.NegotiatedProtocol); Session.PendingCrypto.ServerCertificates = new X509CertificateCollection (); Session.PendingCrypto.ServerCertificates.Add (certificate); }
protected virtual void SelectCipher (TlsClientHello message) { CipherSuiteCollection supportedCiphers; if (Settings.RequestedCiphers != null) supportedCiphers = new CipherSuiteCollection (Context.NegotiatedProtocol, Settings.RequestedCiphers); else supportedCiphers = CipherSuiteFactory.GetDefaultCiphers (Context.NegotiatedProtocol); HandshakeParameters.SupportedCiphers = supportedCiphers; CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf (code); if (idx < 0) continue; var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite (Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) throw new TlsException (AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); #if DEBUG_FULL if (Context.EnableDebugging) selectedCipher.EnableDebugging = true; #endif #if DEBUG_FULL if (Context.EnableDebugging) DebugHelper.WriteLine ("Selected Cipher: {0}", selectedCipher); #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize (true, Context.NegotiatedProtocol); }
protected virtual void SelectCipher(TlsClientHello message) { var certificate = Config.Certificate; if (certificate == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate"); } CipherSuiteCollection requestedCiphers; if (Settings.RequestedCiphers != null) { requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers); } else { requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol); } HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => { #if INSTRUMENTATION if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection)) { return(true); } #endif var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher); return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm)); }); CipherSuite selectedCipher = null; foreach (var code in message.ClientCiphers) { var idx = HandshakeParameters.SupportedCiphers.IndexOf(code); if (idx < 0) { continue; } var cipher = HandshakeParameters.SupportedCiphers [idx]; selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher); break; } if (selectedCipher == null) { throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client"); } #if DEBUG_FULL if (Context.EnableDebugging) { selectedCipher.EnableDebugging = true; } #endif #if DEBUG_FULL if (Context.EnableDebugging) { DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher); } #endif // FIXME: Select best one. Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol); Session.PendingCrypto.ServerCertificates = new X509CertificateCollection(); Session.PendingCrypto.ServerCertificates.Add(certificate); }
private void _parse() { _handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1()); _bodyLength = new TlsLength(m_io, this, m_root); switch (HandshakeType) { case TlsRecord.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEmpty(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Finished: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsFinished(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEncryptedMessage(io___raw_body, this, m_root); break; } } }