static void SendStartTlsCallback(IAsyncResult result) //7 { if (!result.CompletedSynchronously) { ConnectAndHandshakeAsyncResult thisPtr = (ConnectAndHandshakeAsyncResult)result.AsyncState; try { StartTlsCommand.EndSend(result); TlsStream TlsStream = new TlsStream( thisPtr.connection.pooledStream.ServicePoint.Host, thisPtr.connection.pooledStream.NetworkStream, ServicePointManager.CheckCertificateRevocationList, (SslProtocols)ServicePointManager.SecurityProtocol, thisPtr.connection.ClientCertificates, thisPtr.connection.pooledStream.ServicePoint, thisPtr.connection.client, thisPtr.m_OuterResult.ContextCopy); thisPtr.connection.pooledStream.NetworkStream = TlsStream; thisPtr.connection.responseReader = new SmtpReplyReaderFactory(thisPtr.connection.pooledStream.NetworkStream); thisPtr.SendEHello(); } catch (Exception e) { thisPtr.InvokeCallback(e); } } }
public override void Update() { base.Update(); this.Context.SessionId = this.sessionId; this.Context.ServerRandom = this.random; this.Context.Cipher = this.cipherSuite; this.Context.CompressionMethod = this.compressionMethod; this.Context.ProtocolNegotiated = true; DebugHelper.WriteLine("Selected Cipher Suite {0}", this.cipherSuite.Name); DebugHelper.WriteLine("Client random", this.Context.ClientRandom); DebugHelper.WriteLine("Server random", this.Context.ServerRandom); // Compute ClientRandom + ServerRandom TlsStream random = new TlsStream(); random.Write(this.Context.ClientRandom); random.Write(this.Context.ServerRandom); this.Context.RandomCS = random.ToArray(); // Server Random + Client Random random.Reset(); random.Write(this.Context.ServerRandom); random.Write(this.Context.ClientRandom); this.Context.RandomSC = random.ToArray(); random.Reset(); }
protected override void Encode (TlsStream stream) { // requested client version stream.Write ((short)ClientProtocol); // Random bytes - Unix time + Radom bytes [28] stream.Write (ClientRandom.Buffer); // Session id if (SessionID != null) { stream.Write ((byte)SessionID.Size); stream.Write (SessionID.Buffer); } else { stream.Write ((byte)0); } // Write Supported Cipher suites stream.Write ((short)(ClientCiphers.Length * 2)); for (int i = 0; i < ClientCiphers.Length; i++) stream.Write ((short)ClientCiphers [i]); // Compression methods length stream.Write((byte)1); // Compression methods ( 0 = none ) stream.Write ((byte)0); Extensions.Write (stream); }
private void verifySignature() { MD5SHA1 hash = new MD5SHA1(); // Calculate size of server params int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4; // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(this.ToArray(), 0, size); hash.ComputeHash(stream.ToArray()); stream.Reset(); bool isValidSignature = hash.VerifySignature( this.Context.ServerSettings.CertificateRSA, this.signedParams); if (!isValidSignature) { throw new TlsException( AlertDescription.DecodeError, "Data was not signed with the server certificate."); } }
protected override void ProcessAsTls1() { ProcessAsSsl3(); // If applicable add the "server_name" extension to the hello message // http://www.ietf.org/rfc/rfc3546.txt var host = Context.ClientSettings.TargetHost; // Our TargetHost might be an address (not a host *name*) - see bug #8553 // RFC3546 -> Literal IPv4 and IPv6 addresses are not permitted in "HostName". IPAddress addr; if (IPAddress.TryParse(host, out addr)) { return; } var extensions = new TlsStream(); var server_name = Encoding.UTF8.GetBytes(host); extensions.Write((short)0x0000); // ExtensionType: server_name (0) extensions.Write((short)(server_name.Length + 5)); // ServerNameList (length) extensions.Write((short)(server_name.Length + 3)); // ServerName (length) extensions.Write((byte)0x00); // NameType: host_name (0) extensions.Write((short)server_name.Length); // HostName (length) extensions.Write(server_name); // HostName (UTF8) Write((short)extensions.Length); Write(extensions.ToArray()); }
protected override void Encode(TlsStream stream) { stream.Write((byte)Parameters.CertificateTypes.Count); for (int i = 0; i < Parameters.CertificateTypes.Count; i++) { stream.Write((byte)Parameters.CertificateTypes [i]); } if (Protocol == TlsProtocolCode.Tls12) { var count = Parameters.HasSignatureParameters ? Parameters.SignatureParameters.SignatureAndHashAlgorithms.Count : 0; stream.Write((short)(count * 2)); for (int i = 0; i < count; i++) { SignatureHelper.EncodeSignatureAndHashAlgorithm(Parameters.SignatureParameters.SignatureAndHashAlgorithms [i], stream); } } var startPos = stream.Position; stream.Write((short)0); foreach (var issuer in Parameters.CertificateAuthorities) { var bytes = X501.FromString(issuer).GetBytes(); stream.Write((short)bytes.Length); stream.Write(bytes); } var endPos = stream.Position; stream.Position = startPos; stream.Write((short)(endPos - startPos - 2)); stream.Position = endPos; }
protected override void Encode(TlsStream stream) { // requested client version stream.Write((short)ClientProtocol); // Random bytes - Unix time + Radom bytes [28] stream.Write(ClientRandom.Buffer); // Session id if (SessionID != null) { stream.Write((byte)SessionID.Size); stream.Write(SessionID.Buffer); } else { stream.Write((byte)0); } // Write Supported Cipher suites stream.Write((short)(ClientCiphers.Length * 2)); for (int i = 0; i < ClientCiphers.Length; i++) { stream.Write((short)ClientCiphers [i]); } // Compression methods length stream.Write((byte)1); // Compression methods ( 0 = none ) stream.Write((byte)0); Extensions.Write(stream); }
public override void Update() { base.Update(); TlsStream random = new TlsStream(); // Compute Server Random random.Write(this.unixTime); random.Write(this.random); this.Context.ServerRandom = random.ToArray(); // Compute ClientRandom + ServerRandom random.Reset(); random.Write(this.Context.ClientRandom); random.Write(this.Context.ServerRandom); this.Context.RandomCS = random.ToArray(); // Server Random + Client Random random.Reset(); random.Write(this.Context.ServerRandom); random.Write(this.Context.ClientRandom); this.Context.RandomSC = random.ToArray(); random.Reset(); }
protected virtual void CompleteHandshake() { try { mRecordStream.FinaliseHandshake(); mSplitApplicationDataRecords = !TlsUtilities.IsTlsV11(Context); if (!mAppDataReady) { mAppDataReady = true; if (mBlocking) { mTlsStream = new TlsStream(this); } } if (mTlsSession != null) { if (mSessionParameters == null) { mSessionParameters = new SessionParameters.Builder().SetCipherSuite(mSecurityParameters.CipherSuite).SetCompressionAlgorithm(mSecurityParameters.CompressionAlgorithm).SetMasterSecret(mSecurityParameters.MasterSecret) .SetPeerCertificate(mPeerCertificate) .SetPskIdentity(mSecurityParameters.PskIdentity) .SetSrpIdentity(mSecurityParameters.SrpIdentity) .SetServerExtensions(mServerExtensions) .Build(); mTlsSession = new TlsSessionImpl(mTlsSession.SessionID, mSessionParameters); } ContextAdmin.SetResumableSession(mTlsSession); } Peer.NotifyHandshakeComplete(); } finally { CleanupHandshake(); } }
protected override void ProcessAsTls1() { base.Write(base.Context.Protocol); TlsStream tlsStream = new TlsStream(); tlsStream.Write(base.Context.GetUnixTime()); tlsStream.Write(base.Context.GetSecureRandomBytes(28)); this.random = tlsStream.ToArray(); tlsStream.Reset(); base.Write(this.random); base.Context.SessionId = ClientSessionCache.FromHost(base.Context.ClientSettings.TargetHost); if (base.Context.SessionId != null) { base.Write((byte)base.Context.SessionId.Length); if (base.Context.SessionId.Length > 0) { base.Write(base.Context.SessionId); } } else { base.Write(0); } base.Write((short)(base.Context.SupportedCiphers.Count * 2)); for (int i = 0; i < base.Context.SupportedCiphers.Count; i++) { base.Write(base.Context.SupportedCiphers[i].Code); } base.Write(1); base.Write((byte)base.Context.CompressionMethod); }
protected override void Encode (TlsStream stream) { stream.Write ((byte)Parameters.CertificateTypes.Count); for (int i = 0; i < Parameters.CertificateTypes.Count; i++) stream.Write ((byte)Parameters.CertificateTypes [i]); if (Protocol == TlsProtocolCode.Tls12) { var count = Parameters.HasSignatureParameters ? Parameters.SignatureParameters.SignatureAndHashAlgorithms.Count : 0; stream.Write ((short)(count * 2)); for (int i = 0; i < count; i++) Parameters.SignatureParameters.SignatureAndHashAlgorithms [i].Encode (stream); } var startPos = stream.Position; stream.Write ((short)0); foreach (var issuer in Parameters.CertificateAuthorities) { var bytes = X501.FromString (issuer).GetBytes (); stream.Write ((short)bytes.Length); stream.Write (bytes); } var endPos = stream.Position; stream.Position = startPos; stream.Write ((short)(endPos - startPos - 2)); stream.Position = endPos; }
protected override void ProcessAsTls1() { ServerContext context = (ServerContext)this.Context; int length = context.ServerSettings.CertificateTypes.Length; this.WriteByte(Convert.ToByte(length)); for (int index = 0; index < length; ++index) { this.WriteByte((byte)context.ServerSettings.CertificateTypes[index]); } if (context.ServerSettings.DistinguisedNames.Length > 0) { TlsStream tlsStream = new TlsStream(); foreach (string distinguisedName in context.ServerSettings.DistinguisedNames) { byte[] bytes = X501.FromString(distinguisedName).GetBytes(); tlsStream.Write((short)bytes.Length); tlsStream.Write(bytes); } this.Write((short)tlsStream.Length); this.Write(tlsStream.ToArray()); } else { this.Write((short)0); } }
protected override void ProcessAsSsl3() { // Compute handshake messages hashes HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret); TlsStream data = new TlsStream(); data.Write(this.Context.HandshakeMessages.ToArray()); data.Write((int)0x53525652); hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length); data.Reset(); byte[] serverHash = this.ReadBytes((int)Length); byte[] clientHash = hash.Hash; // Check server prf against client prf if (clientHash.Length != serverHash.Length) { #warning Review that selected alert is correct throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received."); } for (int i = 0; i < serverHash.Length; i++) { if (clientHash[i] != serverHash[i]) { throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received."); } } }
protected override void Encode(TlsStream stream) { stream.Write((byte)Parameters.CertificateTypes.Count); for (int i = 0; i < Parameters.CertificateTypes.Count; i++) { stream.Write((byte)Parameters.CertificateTypes [i]); } stream.Write((short)(Parameters.SignatureAndHashAlgorithms.Count * 2)); for (int i = 0; i < Parameters.SignatureAndHashAlgorithms.Count; i++) { Parameters.SignatureAndHashAlgorithms [i].Encode(stream); } var startPos = stream.Position; stream.Write((short)0); foreach (var issuer in Parameters.CertificateAuthorities) { var bytes = X501.FromString(issuer).GetBytes(); stream.Write((short)bytes.Length); stream.Write(bytes); } var endPos = stream.Position; stream.Position = startPos; stream.Write((short)(endPos - startPos - 2)); stream.Position = endPos; }
protected override void ProcessAsTls1() { ServerContext serverContext = (ServerContext)base.Context; int num = serverContext.ServerSettings.CertificateTypes.Length; WriteByte(Convert.ToByte(num)); for (int i = 0; i < num; i++) { WriteByte((byte)serverContext.ServerSettings.CertificateTypes[i]); } if (serverContext.ServerSettings.DistinguisedNames.Length > 0) { TlsStream tlsStream = new TlsStream(); string[] distinguisedNames = serverContext.ServerSettings.DistinguisedNames; foreach (string rdn in distinguisedNames) { byte[] bytes = X501.FromString(rdn).GetBytes(); tlsStream.Write((short)bytes.Length); tlsStream.Write(bytes); } Write((short)tlsStream.Length); Write(tlsStream.ToArray()); } else { Write((short)0); } }
protected override void ProcessAsTls1() { // Client Version this.Write(this.Context.Protocol); // Random bytes - Unix time + Radom bytes [28] TlsStream clientRandom = new TlsStream(); clientRandom.Write(this.Context.GetUnixTime()); clientRandom.Write(this.Context.GetSecureRandomBytes(28)); this.random = clientRandom.ToArray(); clientRandom.Reset(); this.Write(this.random); // Session id // Check if we have a cache session we could reuse this.Context.SessionId = ClientSessionCache.FromHost(this.Context.ClientSettings.TargetHost); if (this.Context.SessionId != null) { this.Write((byte)this.Context.SessionId.Length); if (this.Context.SessionId.Length > 0) { this.Write(this.Context.SessionId); } } else { this.Write((byte)0); } // Write length of Cipher suites this.Write((short)(this.Context.SupportedCiphers.Count * 2)); // Write Supported Cipher suites for (int i = 0; i < this.Context.SupportedCiphers.Count; i++) { this.Write((short)this.Context.SupportedCiphers[i].Code); } // Compression methods length this.Write((byte)1); // Compression methods ( 0 = none ) this.Write((byte)this.Context.CompressionMethod); // http://www.ietf.org/rfc/rfc3546.txt TlsStream extensions = new TlsStream(); byte[] server_name = System.Text.Encoding.UTF8.GetBytes(Context.ClientSettings.TargetHost); extensions.Write((short)0x0000); // ExtensionType: server_name (0) extensions.Write((short)(server_name.Length + 5)); // ServerNameList (length) extensions.Write((short)(server_name.Length + 3)); // ServerName (length) extensions.Write((byte)0x00); // NameType: host_name (0) extensions.Write((short)server_name.Length); // HostName (length) extensions.Write(server_name); // HostName (UTF8) this.Write((short)extensions.Length); this.Write(extensions.ToArray()); }
protected override void ProcessAsTls1() { // Client Version this.Write(this.Context.Protocol); // Random bytes - Unix time + Radom bytes [28] TlsStream clientRandom = new TlsStream(); clientRandom.Write(this.Context.GetUnixTime()); clientRandom.Write(this.Context.GetSecureRandomBytes(28)); this.random = clientRandom.ToArray(); clientRandom.Reset(); this.Write(this.random); // Session id // Check if we have a cache session we could reuse this.Context.SessionId = ClientSessionCache.FromHost (this.Context.ClientSettings.TargetHost); if (this.Context.SessionId != null) { this.Write((byte)this.Context.SessionId.Length); if (this.Context.SessionId.Length > 0) { this.Write(this.Context.SessionId); } } else { this.Write((byte)0); } // Write length of Cipher suites this.Write((short)(this.Context.SupportedCiphers.Count*2)); // Write Supported Cipher suites for (int i = 0; i < this.Context.SupportedCiphers.Count; i++) { this.Write((short)this.Context.SupportedCiphers[i].Code); } // Compression methods length this.Write((byte)1); // Compression methods ( 0 = none ) this.Write((byte)this.Context.CompressionMethod); // http://www.ietf.org/rfc/rfc3546.txt TlsStream extensions = new TlsStream (); byte[] server_name = System.Text.Encoding.UTF8.GetBytes (Context.ClientSettings.TargetHost); extensions.Write ((short) 0x0000); // ExtensionType: server_name (0) extensions.Write ((short) (server_name.Length + 5)); // ServerNameList (length) extensions.Write ((short) (server_name.Length + 3)); // ServerName (length) extensions.Write ((byte) 0x00); // NameType: host_name (0) extensions.Write ((short) server_name.Length); // HostName (length) extensions.Write (server_name); // HostName (UTF8) this.Write ((short) extensions.Length); this.Write (extensions.ToArray ()); }
public override void WriteServer(TlsStream stream) { stream.Write((byte)curveType); stream.Write((short)namedCurve); stream.Write((byte)publicBytes.Length); stream.Write(publicBytes); Signature.Write(stream); }
public override void WriteServer(TlsStream stream) { stream.Write((short)P.Length); stream.Write(P); stream.Write((short)G.Length); stream.Write(G); stream.Write((short)Y.Length); stream.Write(Y); Signature.Write(stream); }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 mD5SHA = new MD5SHA1(); TlsStream tlsStream = new TlsStream(); tlsStream.Write(base.Context.RandomCS); tlsStream.Write(buffer, 0, buffer.Length); mD5SHA.ComputeHash(tlsStream.ToArray()); tlsStream.Reset(); return(mD5SHA.CreateSignature(rsa)); }
public override void WriteServer(TlsStream stream) { stream.Write((short)P.Length); stream.Write(P); stream.Write((short)G.Length); stream.Write(G); stream.Write((short)Y.Length); stream.Write(Y); SignatureAlgorithm.Encode(stream); stream.Write((short)Signature.Size); stream.Write(Signature.Buffer); }
private void SendCertificates() { TlsStream tlsStream = new TlsStream(); for (X509Certificate x509Certificate = ClientCertificate; x509Certificate != null; x509Certificate = FindParentCertificate(x509Certificate)) { byte[] rawCertData = x509Certificate.GetRawCertData(); tlsStream.WriteInt24(rawCertData.Length); tlsStream.Write(rawCertData); } WriteInt24((int)tlsStream.Length); Write(tlsStream.ToArray()); }
protected override void ProcessAsTls1() { TlsStream tlsStream = new TlsStream(); foreach (X509Certificate x509Certificate in base.Context.ServerSettings.Certificates) { tlsStream.WriteInt24(x509Certificate.RawData.Length); tlsStream.Write(x509Certificate.RawData); } base.WriteInt24(Convert.ToInt32(tlsStream.Length)); base.Write(tlsStream.ToArray()); tlsStream.Close(); }
private void SendCertificates() { TlsStream tlsStream = new TlsStream(); for (X509Certificate cert = this.ClientCertificate; cert != null; cert = this.FindParentCertificate(cert)) { byte[] rawCertData = cert.GetRawCertData(); tlsStream.WriteInt24(rawCertData.Length); tlsStream.Write(rawCertData); } this.WriteInt24((int)tlsStream.Length); this.Write(tlsStream.ToArray()); }
protected override void ProcessAsSsl3() { HashAlgorithm hashAlgorithm = (HashAlgorithm) new SslHandshakeHash(this.Context.MasterSecret); TlsStream tlsStream = new TlsStream(); tlsStream.Write(this.Context.HandshakeMessages.ToArray()); tlsStream.Write(1129074260); hashAlgorithm.TransformFinalBlock(tlsStream.ToArray(), 0, (int)tlsStream.Length); tlsStream.Reset(); if (!HandshakeMessage.Compare(this.ReadBytes((int)this.Length), hashAlgorithm.Hash)) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
private bool SendStartTls() { IAsyncResult result = StartTlsCommand.BeginSend(this.connection, new AsyncCallback(SmtpConnection.ConnectAndHandshakeAsyncResult.SendStartTlsCallback), this); if (result.CompletedSynchronously) { StartTlsCommand.EndSend(result); TlsStream stream = new TlsStream(this.connection.pooledStream.ServicePoint.Host, this.connection.pooledStream.NetworkStream, this.connection.ClientCertificates, this.connection.pooledStream.ServicePoint, this.connection.client, this.m_OuterResult.ContextCopy); this.connection.pooledStream.NetworkStream = stream; this.connection.responseReader = new SmtpReplyReaderFactory(this.connection.pooledStream.NetworkStream); this.SendEHello(); return(true); } return(false); }
protected override void ProcessAsSsl3() { // Compute handshake messages hashes HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret); TlsStream data = new TlsStream(); data.Write(this.Context.HandshakeMessages.ToArray()); data.Write((int)0x53525652); hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length); this.Write(hash.Hash); data.Reset(); }
private void verifySignature() { MD5SHA1 mD5SHA = new MD5SHA1(); int count = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4; TlsStream tlsStream = new TlsStream(); tlsStream.Write(base.Context.RandomCS); tlsStream.Write(ToArray(), 0, count); mD5SHA.ComputeHash(tlsStream.ToArray()); tlsStream.Reset(); if (!mD5SHA.VerifySignature(base.Context.ServerSettings.CertificateRSA, signedParams)) { throw new TlsException(AlertDescription.DecodeError, "Data was not signed with the server certificate."); } }
bool SendStartTls()//6 { IAsyncResult result = StartTlsCommand.BeginSend(connection, SendStartTlsCallback, this); if (result.CompletedSynchronously) { StartTlsCommand.EndSend(result); TlsStream TlsStream = new TlsStream(connection.pooledStream.ServicePoint.Host, connection.pooledStream.NetworkStream, connection.ClientCertificates, connection.pooledStream.ServicePoint, connection.client, m_OuterResult.ContextCopy); connection.pooledStream.NetworkStream = TlsStream; connection.responseReader = new SmtpReplyReaderFactory(connection.pooledStream.NetworkStream); SendEHello(); return(true); } return(false); }
private void SendCertificates() { TlsStream chain = new TlsStream(); X509Certificate currentCert = this.ClientCertificate; while (currentCert != null) { byte[] rawCert = currentCert.GetRawCertData(); chain.WriteInt24(rawCert.Length); chain.Write(rawCert); currentCert = FindParentCertificate(currentCert); } this.WriteInt24((int)chain.Length); this.Write(chain.ToArray()); }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 hash = new MD5SHA1(); // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(buffer, 0, buffer.Length); hash.ComputeHash(stream.ToArray()); stream.Reset(); return(hash.CreateSignature(rsa)); }
private void SendCertificates() { var chain = new TlsStream(); var currentCert = ClientCertificate; while (currentCert != null) { var rawCert = currentCert.GetRawCertData(); chain.WriteInt24(rawCert.Length); chain.Write(rawCert); currentCert = FindParentCertificate(currentCert); } WriteInt24((int)chain.Length); Write(chain.ToArray()); }
protected override void Encode (TlsStream stream) { var startPosition = stream.Position; stream.WriteInt24 (-1); foreach (var certificate in Certificates) { var data = certificate.RawData; stream.WriteInt24 (data.Length); stream.Write (data); } var endPosition = stream.Position; stream.Position = startPosition; stream.WriteInt24 ((int)(endPosition - startPosition - 3)); stream.Position = endPosition; }
protected override void ProcessAsTls1() { // Client Version this.Write(this.Context.Protocol); // Random bytes - Unix time + Radom bytes [28] TlsStream clientRandom = new TlsStream(); clientRandom.Write(this.Context.GetUnixTime()); clientRandom.Write(this.Context.GetSecureRandomBytes(28)); this.random = clientRandom.ToArray(); clientRandom.Reset(); this.Write(this.random); // Session id // Check if we have a cache session we could reuse this.Context.SessionId = ClientSessionCache.FromHost(this.Context.ClientSettings.TargetHost); if (this.Context.SessionId != null) { this.Write((byte)this.Context.SessionId.Length); if (this.Context.SessionId.Length > 0) { this.Write(this.Context.SessionId); } } else { this.Write((byte)0); } // Write length of Cipher suites this.Write((short)(this.Context.SupportedCiphers.Count * 2)); // Write Supported Cipher suites for (int i = 0; i < this.Context.SupportedCiphers.Count; i++) { this.Write((short)this.Context.SupportedCiphers[i].Code); } // Compression methods length this.Write((byte)1); // Compression methods ( 0 = none ) this.Write((byte)this.Context.CompressionMethod); }
protected override void ProcessAsSsl3() { // Client Version Write(Context.Protocol); // Random bytes - Unix time + Radom bytes [28] var clientRandom = new TlsStream(); clientRandom.Write(Context.GetUnixTime()); clientRandom.Write(Context.GetSecureRandomBytes(28)); random = clientRandom.ToArray(); clientRandom.Reset(); Write(random); // Session id // Check if we have a cache session we could reuse Context.SessionId = ClientSessionCache.FromHost(Context.ClientSettings.TargetHost); if (Context.SessionId != null) { Write((byte)Context.SessionId.Length); if (Context.SessionId.Length > 0) { Write(Context.SessionId); } } else { Write((byte)0); } // Write length of Cipher suites Write((short)(Context.SupportedCiphers.Count * 2)); // Write Supported Cipher suites for (var i = 0; i < Context.SupportedCiphers.Count; i++) { Write(((IList <CipherSuite>)Context.SupportedCiphers)[i].Code); } // Compression methods length Write((byte)1); // Compression methods ( 0 = none ) Write((byte)Context.CompressionMethod); }
protected override void ProcessAsTls1() { ProcessAsSsl3(); // http://www.ietf.org/rfc/rfc3546.txt TlsStream extensions = new TlsStream(); byte[] server_name = System.Text.Encoding.UTF8.GetBytes(Context.ClientSettings.TargetHost); extensions.Write((short)0x0000); // ExtensionType: server_name (0) extensions.Write((short)(server_name.Length + 5)); // ServerNameList (length) extensions.Write((short)(server_name.Length + 3)); // ServerName (length) extensions.Write((byte)0x00); // NameType: host_name (0) extensions.Write((short)server_name.Length); // HostName (length) extensions.Write(server_name); // HostName (UTF8) this.Write((short)extensions.Length); this.Write(extensions.ToArray()); }
protected override void ProcessAsTls1() { // Client Version this.Write(this.Context.Protocol); // Random bytes - Unix time + Radom bytes [28] TlsStream clientRandom = new TlsStream(); clientRandom.Write(this.Context.GetUnixTime()); clientRandom.Write(this.Context.GetSecureRandomBytes(28)); this.random = clientRandom.ToArray(); clientRandom.Reset(); this.Write(this.random); // Session id // Check if we have a cache session we could reuse this.Context.SessionId = ClientSessionCache.FromHost (this.Context.ClientSettings.TargetHost); if (this.Context.SessionId != null) { this.Write((byte)this.Context.SessionId.Length); if (this.Context.SessionId.Length > 0) { this.Write(this.Context.SessionId); } } else { this.Write((byte)0); } // Write length of Cipher suites this.Write((short)(this.Context.SupportedCiphers.Count*2)); // Write Supported Cipher suites for (int i = 0; i < this.Context.SupportedCiphers.Count; i++) { this.Write((short)this.Context.SupportedCiphers[i].Code); } // Compression methods length this.Write((byte)1); // Compression methods ( 0 = none ) this.Write((byte)this.Context.CompressionMethod); }
public IBufferOffsetSize EncodeMessage () { var stream = new TlsStream (); stream.Write (0); Encode (stream); var length = stream.Position - 4; stream.Buffer [0] = (byte)Type; // Length as an Int24 in Network Order stream.Buffer[1] = (byte) (length >> 16); stream.Buffer[2] = (byte) (length >> 8); stream.Buffer[3] = (byte) length; stream.Finish (); return stream.GetRemaining (); }
protected override void Encode (TlsStream stream) { stream.Write ((short)ServerProtocol); stream.Write (ServerRandom.Buffer); if (SessionID != null) { stream.Write ((byte)SessionID.Size); stream.Write (SessionID.Buffer); } else { stream.Write ((byte)0); } stream.Write ((short)SelectedCipher); stream.Write ((byte)0); Extensions.Write (stream); }
public override void Update() { base.Update(); TlsStream tlsStream = new TlsStream(); tlsStream.Write(unixTime); tlsStream.Write(random); base.Context.ServerRandom = tlsStream.ToArray(); tlsStream.Reset(); tlsStream.Write(base.Context.ClientRandom); tlsStream.Write(base.Context.ServerRandom); base.Context.RandomCS = tlsStream.ToArray(); tlsStream.Reset(); tlsStream.Write(base.Context.ServerRandom); tlsStream.Write(base.Context.ClientRandom); base.Context.RandomSC = tlsStream.ToArray(); tlsStream.Reset(); }
protected override void ProcessAsTls1() { TlsStream certs = new TlsStream(); foreach (X509Certificate certificate in this.Context.ServerSettings.Certificates) { // Write certificate length certs.WriteInt24(certificate.RawData.Length); // Write certificate data certs.Write(certificate.RawData); } this.WriteInt24(Convert.ToInt32(certs.Length)); this.Write(certs.ToArray()); certs.Close(); }
protected override void ProcessAsTls1() { ServerContext context = (ServerContext)this.Context; int count = context.ServerSettings.CertificateTypes.Length; this.WriteByte(Convert.ToByte(count)); // Write requested certificate types for (int i = 0; i < count; i++) { this.WriteByte((byte)context.ServerSettings.CertificateTypes[i]); } /* * Write requested certificate authorities (Distinguised Names) * * Name ::= SEQUENCE OF RelativeDistinguishedName * * RelativeDistinguishedName ::= SET OF AttributeValueAssertion * * AttributeValueAssertion ::= SEQUENCE { * attributeType OBJECT IDENTIFIER * attributeValue ANY } */ if (context.ServerSettings.DistinguisedNames.Length > 0) { TlsStream list = new TlsStream (); // this is the worst formating ever :-| foreach (string dn in context.ServerSettings.DistinguisedNames) { byte[] name = X501.FromString (dn).GetBytes (); list.Write ((short)name.Length); list.Write (name); } this.Write ((short)list.Length); this.Write (list.ToArray ()); } else { this.Write ((short)0); } }
protected override void ProcessAsSsl3() { bool decryptError = false; // Compute handshake messages hashes HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret); TlsStream data = new TlsStream(); data.Write(this.Context.HandshakeMessages.ToArray()); data.Write((int)0x434C4E54); hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length); data.Reset(); byte[] clientHash = this.ReadBytes((int)Length); byte[] serverHash = hash.Hash; // Check client prf against server prf if (clientHash.Length != serverHash.Length) { decryptError = true; } else { for (int i = 0; i < clientHash.Length; i++) { if (clientHash[i] != serverHash[i]) { decryptError = true; break; } } } if (decryptError) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
protected override void ProcessAsSsl3() { // Compute handshake messages hashes HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret); TlsStream data = new TlsStream(); data.Write(this.Context.HandshakeMessages.ToArray()); data.Write((int)0x434C4E54); hash.TransformFinalBlock(data.ToArray(), 0, (int)data.Length); data.Reset(); byte[] clientHash = this.ReadBytes((int)Length); byte[] serverHash = hash.Hash; // Check client prf against server prf if (!Compare (clientHash, serverHash)) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
static void Main(string[] args) { var server = new TcpListener(IPAddress.Any, 443); server.Start(); TlsExtensionManager.RegisterExtension(new ECExtensionConfiguration()); TlsExtensionManager.RegisterExtension(new GCMExtensionConfiguration()); TlsExtensionManager.RegisterExtension(new ECGCMExtensionConfiguration()); Console.WriteLine("Listening for clients on {0}", server.LocalEndpoint); while (true) { var client = server.AcceptTcpClient(); var clientStream = client.GetStream(); Console.WriteLine("Client connected: " + client.Client.RemoteEndPoint); var tlsStream = new TlsStream(clientStream); tlsStream.Certificates.AddCertificate(File.ReadAllBytes("localhost.cert")); tlsStream.Certificates.AddPrivateKey(File.ReadAllBytes("localhost.key")); Console.WriteLine("Starting TLS connection"); tlsStream.AuthenticateAsServer(); var reader = new StreamReader(tlsStream); var writer = new StreamWriter(tlsStream); // Console.WriteLine(reader.ReadLine()); writer.WriteLine("World"); writer.Flush(); tlsStream.Close(); client.Close(); } }
protected override void Encode (TlsStream stream) { stream.Write (Hash.Buffer); }
protected abstract void Encode (TlsStream stream);
protected override void Encode (TlsStream stream) { }
public override void WriteServer (TlsStream stream) { stream.Write ((short)P.Length); stream.Write (P); stream.Write ((short)G.Length); stream.Write (G); stream.Write ((short)Y.Length); stream.Write (Y); Signature.Write (stream); }
public override void WriteClient (TlsStream stream) { stream.Write ((short)encryptedPreMasterSecret.Length); stream.Write (encryptedPreMasterSecret); }
public override void Write (TlsStream stream) { SignatureAlgorithm.Encode (stream); stream.Write ((short)Signature.Size); stream.Write (Signature.Buffer); }
public override void WriteClient (TlsStream stream) { stream.Write ((short)Y.Length); stream.Write (Y); }
public virtual byte[] EncodeMessage() { byte[] result = null; if (CanWrite) { TlsStream c = new TlsStream(); c.Write((byte)HandshakeType); c.WriteInt24((int)this.Length); c.Write(this.ToArray()); result = c.ToArray(); } return result; }
public override void WriteServer (TlsStream stream) { stream.Write ((byte)curveType); stream.Write ((short)namedCurve); stream.Write ((byte)publicBytes.Length); stream.Write (publicBytes); Signature.Write (stream); }
public override void WriteClient (TlsStream stream) { stream.Write ((byte)clientKey.Length); stream.Write (clientKey); }
public abstract void Write (TlsStream stream);
public override void WriteServer (TlsStream stream) { throw new InvalidOperationException (); }
protected override void Encode (TlsStream stream) { KeyExchange.WriteServer (stream); }