protected virtual void HandleServerHello(TlsServerHello message)
{
Context.VerifyServerProtocol(message.ServerProtocol);
// Server random
HandshakeParameters.ServerRandom = message.ServerRandom;
// Session ID
HandshakeParameters.SessionId = message.SessionID;
HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(Context.NegotiatedProtocol);
// Cipher suite
if (!HandshakeParameters.SupportedCiphers.Contains(message.SelectedCipher))
{
// The server has sent an invalid ciphersuite
throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server");
}
var cipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, message.SelectedCipher);
#if DEBUG_FULL
if (Context.EnableDebugging)
{
cipher.EnableDebugging = true;
}
#endif
Session.PendingCrypto = cipher.Initialize(false, Context.NegotiatedProtocol);
}
protected virtual void HandleExtensions(TlsServerHello message)
{
foreach (var extension in message.Extensions)
{
if (!HandshakeParameters.RequestedExtensions.HasExtension(extension))
{
throw new TlsException(AlertDescription.UnsupportedExtension);
}
if (HandshakeParameters.ActiveExtensions.HasExtension(extension))
{
throw new TlsException(AlertDescription.UnsupportedExtension);
}
HandleExtension(extension);
}
}
protected override MessageStatus HandleMessage(Message message)
{
switch (message.Type)
{
case HandshakeType.ServerHello:
hello = (TlsServerHello)message;
HandleExtensions(hello);
CheckSecureRenegotiation();
HandleServerHello(hello);
return(MessageStatus.ContinueNeeded);
case HandshakeType.Certificate:
certificate = (TlsCertificate)message;
HandleCertificate(certificate);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ServerKeyExchange:
serverKeyExchange = (TlsServerKeyExchange)message;
HandleServerKeyExchange(serverKeyExchange);
return(MessageStatus.ContinueNeeded);
case HandshakeType.CertificateRequest:
if (!Config.HasCredentials)
{
if (!askedForCertificate)
{
askedForCertificate = true;
return(MessageStatus.CredentialsNeeded);
}
}
certificateRequest = (TlsCertificateRequest)message;
HandleCertificateRequest(certificateRequest);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ServerHelloDone:
done = (TlsServerHelloDone)message;
HandleServerHelloDone(done);
return(MessageStatus.GenerateOutput);
default:
throw new InvalidOperationException();
}
}
protected override MessageStatus HandleMessage (Message message)
{
switch (message.Type) {
case HandshakeType.ServerHello:
hello = (TlsServerHello)message;
HandleExtensions (hello);
CheckSecureRenegotiation ();
HandleServerHello (hello);
return MessageStatus.ContinueNeeded;
case HandshakeType.Certificate:
certificate = (TlsCertificate)message;
HandleCertificate (certificate);
return MessageStatus.ContinueNeeded;
case HandshakeType.ServerKeyExchange:
serverKeyExchange = (TlsServerKeyExchange)message;
HandleServerKeyExchange (serverKeyExchange);
return MessageStatus.ContinueNeeded;
case HandshakeType.CertificateRequest:
if (!Config.HasCredentials) {
if (!askedForCertificate) {
askedForCertificate = true;
return MessageStatus.CredentialsNeeded;
}
}
certificateRequest = (TlsCertificateRequest)message;
HandleCertificateRequest (certificateRequest);
return MessageStatus.ContinueNeeded;
case HandshakeType.ServerHelloDone:
done = (TlsServerHelloDone)message;
HandleServerHelloDone (done);
return MessageStatus.GenerateOutput;
default:
throw new InvalidOperationException ();
}
}
protected virtual void HandleExtensions (TlsServerHello message)
{
foreach (var extension in message.Extensions) {
if (!HandshakeParameters.RequestedExtensions.HasExtension (extension))
throw new TlsException (AlertDescription.UnsupportedExtension);
if (HandshakeParameters.ActiveExtensions.HasExtension (extension))
throw new TlsException (AlertDescription.UnsupportedExtension);
HandleExtension (extension);
}
}
protected virtual void HandleServerHello (TlsServerHello message)
{
Context.VerifyServerProtocol (message.ServerProtocol);
// Server random
HandshakeParameters.ServerRandom = message.ServerRandom;
// Session ID
HandshakeParameters.SessionId = message.SessionID;
HandshakeParameters.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers (Context.NegotiatedProtocol);
// Cipher suite
if (!HandshakeParameters.SupportedCiphers.Contains (message.SelectedCipher)) {
// The server has sent an invalid ciphersuite
throw new TlsException (AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server");
}
var cipher = CipherSuiteFactory.CreateCipherSuite (Context.NegotiatedProtocol, message.SelectedCipher);
#if DEBUG_FULL
if (Context.EnableDebugging)
cipher.EnableDebugging = true;
#endif
Session.PendingCrypto = cipher.Initialize (false, Context.NegotiatedProtocol);
}
private void _read()
{
_msgType = ((TlsPacket.TlsHandshakeType)m_io.ReadU1());
_length = new TlsLength(m_io, this, m_root);
switch (MsgType)
{
case TlsPacket.TlsHandshakeType.HelloRequest: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsHelloRequest(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.Certificate: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificate(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.CertificateVerify: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateVerify(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerKeyExchange: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ClientHello: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientHello(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ClientKeyExchange: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerHello: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHello(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.CertificateRequest: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateRequest(io___raw_body, this, m_root);
break;
}
case TlsPacket.TlsHandshakeType.ServerHelloDone: {
__raw_body = m_io.ReadBytes(Length.Value);
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHelloDone(io___raw_body, this, m_root);
break;
}
default: {
_body = m_io.ReadBytes(Length.Value);
break;
}
}
}
private void _parse()
{
_handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1());
_bodyLength = new TlsLength(m_io, this, m_root);
switch (HandshakeType)
{
case TlsRecord.TlsHandshakeType.HelloRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEmpty(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Certificate: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificate(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateVerify: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateVerify(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Finished: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsFinished(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateRequest(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHelloDone: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHelloDone(io___raw_body, this, m_root);
break;
}
default: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEncryptedMessage(io___raw_body, this, m_root);
break;
}
}
}
