protected virtual void HandleServerHello(TlsServerHello message) { Context.VerifyServerProtocol(message.ServerProtocol); // Server random HandshakeParameters.ServerRandom = message.ServerRandom; // Session ID HandshakeParameters.SessionId = message.SessionID; HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(Context.NegotiatedProtocol); // Cipher suite if (!HandshakeParameters.SupportedCiphers.Contains(message.SelectedCipher)) { // The server has sent an invalid ciphersuite throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server"); } var cipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, message.SelectedCipher); #if DEBUG_FULL if (Context.EnableDebugging) { cipher.EnableDebugging = true; } #endif Session.PendingCrypto = cipher.Initialize(false, Context.NegotiatedProtocol); }
protected virtual void HandleExtensions(TlsServerHello message) { foreach (var extension in message.Extensions) { if (!HandshakeParameters.RequestedExtensions.HasExtension(extension)) { throw new TlsException(AlertDescription.UnsupportedExtension); } if (HandshakeParameters.ActiveExtensions.HasExtension(extension)) { throw new TlsException(AlertDescription.UnsupportedExtension); } HandleExtension(extension); } }
protected override MessageStatus HandleMessage(Message message) { switch (message.Type) { case HandshakeType.ServerHello: hello = (TlsServerHello)message; HandleExtensions(hello); CheckSecureRenegotiation(); HandleServerHello(hello); return(MessageStatus.ContinueNeeded); case HandshakeType.Certificate: certificate = (TlsCertificate)message; HandleCertificate(certificate); return(MessageStatus.ContinueNeeded); case HandshakeType.ServerKeyExchange: serverKeyExchange = (TlsServerKeyExchange)message; HandleServerKeyExchange(serverKeyExchange); return(MessageStatus.ContinueNeeded); case HandshakeType.CertificateRequest: if (!Config.HasCredentials) { if (!askedForCertificate) { askedForCertificate = true; return(MessageStatus.CredentialsNeeded); } } certificateRequest = (TlsCertificateRequest)message; HandleCertificateRequest(certificateRequest); return(MessageStatus.ContinueNeeded); case HandshakeType.ServerHelloDone: done = (TlsServerHelloDone)message; HandleServerHelloDone(done); return(MessageStatus.GenerateOutput); default: throw new InvalidOperationException(); } }
protected override MessageStatus HandleMessage (Message message) { switch (message.Type) { case HandshakeType.ServerHello: hello = (TlsServerHello)message; HandleExtensions (hello); CheckSecureRenegotiation (); HandleServerHello (hello); return MessageStatus.ContinueNeeded; case HandshakeType.Certificate: certificate = (TlsCertificate)message; HandleCertificate (certificate); return MessageStatus.ContinueNeeded; case HandshakeType.ServerKeyExchange: serverKeyExchange = (TlsServerKeyExchange)message; HandleServerKeyExchange (serverKeyExchange); return MessageStatus.ContinueNeeded; case HandshakeType.CertificateRequest: if (!Config.HasCredentials) { if (!askedForCertificate) { askedForCertificate = true; return MessageStatus.CredentialsNeeded; } } certificateRequest = (TlsCertificateRequest)message; HandleCertificateRequest (certificateRequest); return MessageStatus.ContinueNeeded; case HandshakeType.ServerHelloDone: done = (TlsServerHelloDone)message; HandleServerHelloDone (done); return MessageStatus.GenerateOutput; default: throw new InvalidOperationException (); } }
protected virtual void HandleExtensions (TlsServerHello message) { foreach (var extension in message.Extensions) { if (!HandshakeParameters.RequestedExtensions.HasExtension (extension)) throw new TlsException (AlertDescription.UnsupportedExtension); if (HandshakeParameters.ActiveExtensions.HasExtension (extension)) throw new TlsException (AlertDescription.UnsupportedExtension); HandleExtension (extension); } }
protected virtual void HandleServerHello (TlsServerHello message) { Context.VerifyServerProtocol (message.ServerProtocol); // Server random HandshakeParameters.ServerRandom = message.ServerRandom; // Session ID HandshakeParameters.SessionId = message.SessionID; HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers (Context.NegotiatedProtocol); // Cipher suite if (!HandshakeParameters.SupportedCiphers.Contains (message.SelectedCipher)) { // The server has sent an invalid ciphersuite throw new TlsException (AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server"); } var cipher = CipherSuiteFactory.CreateCipherSuite (Context.NegotiatedProtocol, message.SelectedCipher); #if DEBUG_FULL if (Context.EnableDebugging) cipher.EnableDebugging = true; #endif Session.PendingCrypto = cipher.Initialize (false, Context.NegotiatedProtocol); }
private void _read() { _msgType = ((TlsPacket.TlsHandshakeType)m_io.ReadU1()); _length = new TlsLength(m_io, this, m_root); switch (MsgType) { case TlsPacket.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsHelloRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { _body = m_io.ReadBytes(Length.Value); break; } } }
private void _parse() { _handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1()); _bodyLength = new TlsLength(m_io, this, m_root); switch (HandshakeType) { case TlsRecord.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEmpty(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Finished: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsFinished(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEncryptedMessage(io___raw_body, this, m_root); break; } } }