Inheritance: HandshakeMessage
        protected override void ProcessCertificate(HandshakeCertificate certificate)
        {
            if (_state != HandshakeState.ReceivedServerHello) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Certificate received at the wrong time");
            }

            if (certificate.CertificateList.Count == 0) {
                throw new AlertException(AlertDescription.BadCertificate,
                                         "Certificate chain has no entries");
            }
            _serverCertificates.AddRange(certificate.CertificateList);

            string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm;
            string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm;

            // Check that certificate is valid
            X509Certificate cert = _serverCertificates[0];
            if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm())) {
                throw new AlertException(AlertDescription.BadCertificate,
                                         "Certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg);
            }
            if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm())) {
                throw new AlertException(AlertDescription.BadCertificate,
                                         "Certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg);
            }

            // Validate certificate chain
            if (!_certificateValidationCallback(certificate.CertificateList)) {
                throw new AlertException(AlertDescription.AccessDenied,
                                         "Server certificate was not accepted");
            }

            // Wait for server key exchange, certificate request or server hello done
            _state = HandshakeState.ReceivedCertificate;
        }
Exemple #2
0
        public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data)
        {
            HandshakeMessage ret = null;

            switch ((HandshakeMessageType) data[0]) {
            case HandshakeMessageType.HelloRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version);
                break;
            case HandshakeMessageType.ClientHello:
                ret = new HandshakeClientHello();
                break;
            case HandshakeMessageType.ServerHello:
                ret = new HandshakeServerHello();
                break;
            case HandshakeMessageType.HelloVerifyRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version);
                break;
            case HandshakeMessageType.NewSessionTicket:
                ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version);
                break;
            case HandshakeMessageType.Certificate:
                ret = new HandshakeCertificate(version);
                break;
            case HandshakeMessageType.ServerKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version);
                break;
            case HandshakeMessageType.CertificateRequest:
                ret = new HandshakeCertificateRequest(version);
                break;
            case HandshakeMessageType.ServerHelloDone:
                ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version);
                break;
            case HandshakeMessageType.CertificateVerify:
                ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version);
                break;
            case HandshakeMessageType.ClientKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version);
                break;
            case HandshakeMessageType.Finished:
                ret = new HandshakeMessage(HandshakeMessageType.Finished, version);
                break;
            }

            if (ret != null) {
                ret.Decode(data);
                return ret;
            }
            return null;
        }
 // Messages received by both
 protected virtual void ProcessCertificate(HandshakeCertificate certificate)
 {
     InvalidMessageReceived();
 }
Exemple #4
0
        public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data)
        {
            HandshakeMessage ret = null;

            switch ((HandshakeMessageType)data[0])
            {
            case HandshakeMessageType.HelloRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version);
                break;

            case HandshakeMessageType.ClientHello:
                ret = new HandshakeClientHello();
                break;

            case HandshakeMessageType.ServerHello:
                ret = new HandshakeServerHello();
                break;

            case HandshakeMessageType.HelloVerifyRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version);
                break;

            case HandshakeMessageType.NewSessionTicket:
                ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version);
                break;

            case HandshakeMessageType.Certificate:
                ret = new HandshakeCertificate(version);
                break;

            case HandshakeMessageType.ServerKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version);
                break;

            case HandshakeMessageType.CertificateRequest:
                ret = new HandshakeCertificateRequest(version);
                break;

            case HandshakeMessageType.ServerHelloDone:
                ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version);
                break;

            case HandshakeMessageType.CertificateVerify:
                ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version);
                break;

            case HandshakeMessageType.ClientKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version);
                break;

            case HandshakeMessageType.Finished:
                ret = new HandshakeMessage(HandshakeMessageType.Finished, version);
                break;
            }

            if (ret != null)
            {
                ret.Decode(data);
                return(ret);
            }
            return(null);
        }
        protected override void ProcessServerHelloDone(HandshakeMessage serverHelloDone)
        {
            if (_state != HandshakeState.ReceivedCertificate &&
                _state != HandshakeState.ReceivedServerKeyExchange &&
                _state != HandshakeState.ReceivedCertificateRequest) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Server hello done received at the wrong time");
            }

            bool clientCertificateSent = false;
            if (_clientCertificateRequested) {
                // Ask for correct certificate from the callback
                int certificateIndex = _certificateSelectionCallback(_availableCertificates.ToArray(), _serverCertificates);
                if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) {
                    _clientCertificates.AddRange(_availableCertificates[certificateIndex]);
                    _selectedPrivateKey = _availablePrivateKeys[certificateIndex];
                }

                // If certificate was selected, send it to server
                if (_clientCertificates.Count > 0) {
                    HandshakeCertificate certificate = new HandshakeCertificate(_version);
                    certificate.CertificateList.AddRange(_clientCertificates);
                    OutputMessage(certificate);

                    clientCertificateSent = true;
                } else {
                    // TODO: In case of SSLv3 we should send warning alert instead?
                    HandshakeCertificate certificate = new HandshakeCertificate(_version);
                    OutputMessage(certificate);
                }
            }

            // Send client key exchange message
            byte[] clientKeys = null;
            if (_serverCertificates.Count > 0) {
                CertificatePublicKey publicKey = new CertificatePublicKey(_serverCertificates[0]);
                clientKeys = _cipherSuite.KeyExchangeAlgorithm.GetClientKeys(_version, _maxVersion, publicKey);
            }
            HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, _version, clientKeys);
            OutputMessage(keyex);

            if (clientCertificateSent) {
                // Get all handshake messages
                byte[] handshakeMessages = _handshakeStream.ToArray();

                // FIXME: Generate the signature of handshakeMessages with client cert signature
                //        this breaks if client certificate signature is different type than negotiated
                byte[] signature = GenerateSignature(_selectedPrivateKey, handshakeMessages);

                // Create CertificateVerify message and send it to server
                HandshakeMessage verify = new HandshakeMessage(HandshakeMessageType.CertificateVerify, _version, signature);
                OutputMessage(verify);
            }

            // Generate the master secret from key exchange
            _connectionState.MasterSecret = GenerateMasterSecret(_version, _cipherSuite, _connectionState);

            // Wait for changecipherspec+finished
            _state = HandshakeState.SendChangeCipherSpec;
        }
        protected override void ProcessCertificate(HandshakeCertificate certificate)
        {
            if (_state != HandshakeState.ReceivedClientHello) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Client certificate received at the wrong time");
            }
            if (!_certificateRequestSent) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Client certificate received even though request was not sent");
            }

            if (certificate.CertificateList.Count > 0) {
                _clientCertificateReceived = true;
            }
            _clientCertificates.AddRange(certificate.CertificateList);

            // Wait for client key exchange
            _state = HandshakeState.ReceivedCertificate;
        }
        protected override void ProcessClientHello(HandshakeClientHello clientHello)
        {
            if (_state == HandshakeState.Finished) {
                throw new AlertException(AlertDescription.NoRenegotiation,
                                         "Renegotiation not supported");
            } else if (_state != HandshakeState.Initial) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Client hello received at the wrong time");
            }

            // Find the compressions that match our supported compressions
            List<Byte> matchedCompressions = new List<Byte>();
            foreach (Byte id in _supportedCompressions) {
                if (clientHello.CompressionMethods.Contains(id)) {
                    matchedCompressions.Add(id);
                }
            }
            if (matchedCompressions.Count == 0) {
                throw new AlertException(AlertDescription.HandshakeFailure,
                                         "None of the compression methods offered by client is accepted");
            }

            _clientVersion = clientHello.ClientVersion;
            _cipherSuite = SelectCipherSuite(_pluginManager, _clientVersion, _minVersion, _maxVersion, clientHello.CipherSuites, new List<UInt16>(_supportedCipherSuites), _certificateSelectionCallback, _availableCertificates);
            _version = _cipherSuite.ProtocolVersion;

            // Select the certificate and private key we are going to send
            int certificateIndex = _certificateSelectionCallback(_cipherSuite, _availableCertificates.ToArray());
            if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) {
                _serverCertificates.AddRange(_availableCertificates[certificateIndex]);
                _selectedPrivateKey = _availablePrivateKeys[certificateIndex];
            }

            // TODO: Create the server hello message correctly
            HandshakeServerHello serverHello = new HandshakeServerHello(_version);
            serverHello.CipherSuite = _cipherSuite.CipherSuiteID;
            serverHello.CompressionMethod = matchedCompressions[0];
            OutputMessage(serverHello);

            // Initialize the handshake randoms and cipher suite
            _connectionState.ClientRandom = clientHello.Random.GetBytes();
            _connectionState.ServerRandom = serverHello.Random.GetBytes();

            // TODO: If we resumed our session, set state to SendChangeCipherSpec and return

            // Send certificate if required and valid
            if (!_cipherSuite.IsAnonymous) {
                if (_serverCertificates.Count == 0) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Certificate required but not selected");
                }

                string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm;
                string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm;

                X509Certificate cert = _serverCertificates[0];
                if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm())) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg);
                }
                if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm())) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg);
                }

                HandshakeCertificate certificate = new HandshakeCertificate(_version);
                certificate.CertificateList.AddRange(_serverCertificates);
                OutputMessage(certificate);
            }

            byte[] serverKeys = _cipherSuite.KeyExchangeAlgorithm.GetServerKeys(_maxVersion);
            if (serverKeys != null) {
                // Generate the signature for server keys
                byte[] dataToSign = new byte[_connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length + serverKeys.Length];
                Buffer.BlockCopy(_connectionState.ClientRandom, 0, dataToSign, 0, _connectionState.ClientRandom.Length);
                Buffer.BlockCopy(_connectionState.ServerRandom, 0, dataToSign, _connectionState.ClientRandom.Length, _connectionState.ServerRandom.Length);
                Buffer.BlockCopy(serverKeys, 0, dataToSign, _connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length, serverKeys.Length);
                byte[] signature = GenerateSignature(_selectedPrivateKey, dataToSign);

                // Combine the server keys with the signature
                byte[] signedKeys = new byte[serverKeys.Length + signature.Length];
                Buffer.BlockCopy(serverKeys, 0, signedKeys, 0, serverKeys.Length);
                Buffer.BlockCopy(signature, 0, signedKeys, serverKeys.Length, signature.Length);

                HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, _version, signedKeys);
                OutputMessage(keyex);
            }

            // Send certificate request if needed
            if (!_cipherSuite.IsAnonymous && _certificateRequest != null) {
                OutputMessage(_certificateRequest);
                _certificateRequestSent = true;
            }

            HandshakeMessage serverHelloDone = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, _version);
            OutputMessage(serverHelloDone);

            // Wait for client certificate or client key exchange
            _state = HandshakeState.ReceivedClientHello;
        }