public static RSAClientKeyExchange Deserialise(Stream stream) { if (stream == null) { throw new ArgumentNullException(nameof(stream)); } RSAClientKeyExchange result = null; var rsaPremasterLength = NetworkByteOrderConverter.ToUInt16(stream); if (rsaPremasterLength > 0) { result = new RSAClientKeyExchange { PremasterSecret = new byte[rsaPremasterLength] }; stream.Read(result.PremasterSecret, 0, rsaPremasterLength); } return(result); }
private async Task _ProcessHandshakeAsync(DTLSRecord record) { if (record == null) { throw new ArgumentNullException(nameof(record)); } var data = record.Fragment; if (this._EncyptedServerEpoch == record.Epoch) { var count = 0; while ((this._Cipher == null) && (count < 500)) { await Task.Delay(10).ConfigureAwait(false); count++; } if (this._Cipher == null) { throw new Exception("Need Cipher for Encrypted Session"); } var sequenceNumber = ((long)record.Epoch << 48) + record.SequenceNumber; data = this._Cipher.DecodeCiphertext(sequenceNumber, (byte)TRecordType.Handshake, record.Fragment, 0, record.Fragment.Length); } using (var tempStream = new MemoryStream(data)) { var handshakeRec = HandshakeRecord.Deserialise(tempStream); if (handshakeRec.Length > (handshakeRec.FragmentLength + handshakeRec.FragmentOffset)) { this._IsFragment = true; this._FragmentedRecordList.Add(data); return; } else if (this._IsFragment) { this._FragmentedRecordList.Add(data); data = new byte[0]; foreach (var rec in this._FragmentedRecordList) { data = data.Concat(rec.Skip(HandshakeRecord.RECORD_OVERHEAD)).ToArray(); } var tempHandshakeRec = new HandshakeRecord() { Length = handshakeRec.Length, MessageSeq = handshakeRec.MessageSeq, MessageType = handshakeRec.MessageType, FragmentLength = handshakeRec.Length, FragmentOffset = 0 }; var tempHandshakeBytes = new byte[HandshakeRecord.RECORD_OVERHEAD]; using (var updateStream = new MemoryStream(tempHandshakeBytes)) { tempHandshakeRec.Serialise(updateStream); } data = tempHandshakeBytes.Concat(data).ToArray(); } } using (var stream = new MemoryStream(data)) { var handshakeRecord = HandshakeRecord.Deserialise(stream); switch (handshakeRecord.MessageType) { case THandshakeType.HelloRequest: { break; } case THandshakeType.ClientHello: { break; } case THandshakeType.ServerHello: { var serverHello = ServerHello.Deserialise(stream); this._HandshakeInfo.UpdateHandshakeHash(data); this._ServerEpoch = record.Epoch; this._HandshakeInfo.CipherSuite = (TCipherSuite)serverHello.CipherSuite; this._HandshakeInfo.ServerRandom = serverHello.Random; this._Version = serverHello.ServerVersion <= this._Version ? serverHello.ServerVersion : _SupportedVersion; break; } case THandshakeType.HelloVerifyRequest: { var helloVerifyRequest = HelloVerifyRequest.Deserialise(stream); this._Version = helloVerifyRequest.ServerVersion; await this._SendHelloAsync(helloVerifyRequest.Cookie).ConfigureAwait(false); break; } case THandshakeType.Certificate: { var cert = Certificate.Deserialise(stream, TCertificateType.X509); this._HandshakeInfo.UpdateHandshakeHash(data); this.ServerCertificate = cert.Cert; break; } case THandshakeType.ServerKeyExchange: { this._HandshakeInfo.UpdateHandshakeHash(data); var keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(this._HandshakeInfo.CipherSuite); byte[] preMasterSecret = null; IKeyExchange keyExchange = null; if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_ECDSA) { var serverKeyExchange = ECDHEServerKeyExchange.Deserialise(stream, this._Version); var keyExchangeECDHE = new ECDHEKeyExchange { CipherSuite = this._HandshakeInfo.CipherSuite, Curve = serverKeyExchange.EllipticCurve, KeyExchangeAlgorithm = keyExchangeAlgorithm, ClientRandom = this._HandshakeInfo.ClientRandom, ServerRandom = this._HandshakeInfo.ServerRandom }; keyExchangeECDHE.GenerateEphemeralKey(); var clientKeyExchange = new ECDHEClientKeyExchange(keyExchangeECDHE.PublicKey); this._ClientKeyExchange = clientKeyExchange; preMasterSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes); keyExchange = keyExchangeECDHE; } else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.ECDHE_PSK) { var serverKeyExchange = ECDHEPSKServerKeyExchange.Deserialise(stream); var keyExchangeECDHE = new ECDHEKeyExchange { CipherSuite = this._HandshakeInfo.CipherSuite, Curve = serverKeyExchange.EllipticCurve, KeyExchangeAlgorithm = keyExchangeAlgorithm, ClientRandom = this._HandshakeInfo.ClientRandom, ServerRandom = this._HandshakeInfo.ServerRandom }; keyExchangeECDHE.GenerateEphemeralKey(); var clientKeyExchange = new ECDHEPSKClientKeyExchange(keyExchangeECDHE.PublicKey); if (serverKeyExchange.PSKIdentityHint != null) { var key = this.PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint); if (key != null) { this._PSKIdentity = new PSKIdentity() { Identity = serverKeyExchange.PSKIdentityHint, Key = key }; } } if (this._PSKIdentity == null) { this._PSKIdentity = this.PSKIdentities.GetRandom(); } clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity; this._ClientKeyExchange = clientKeyExchange; var otherSecret = keyExchangeECDHE.GetPreMasterSecret(serverKeyExchange.PublicKeyBytes); preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key); keyExchange = keyExchangeECDHE; } else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK) { var serverKeyExchange = PSKServerKeyExchange.Deserialise(stream); var clientKeyExchange = new PSKClientKeyExchange(); if (serverKeyExchange.PSKIdentityHint != null) { var key = this.PSKIdentities.GetKey(serverKeyExchange.PSKIdentityHint); if (key != null) { this._PSKIdentity = new PSKIdentity() { Identity = serverKeyExchange.PSKIdentityHint, Key = key }; } } if (this._PSKIdentity == null) { this._PSKIdentity = this.PSKIdentities.GetRandom(); } var otherSecret = new byte[this._PSKIdentity.Key.Length]; clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity; this._ClientKeyExchange = clientKeyExchange; preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key); } this._Cipher = TLSUtils.AssignCipher(preMasterSecret, true, this._Version, this._HandshakeInfo); break; } case THandshakeType.CertificateRequest: { this._HandshakeInfo.UpdateHandshakeHash(data); this._SendCertificate = true; break; } case THandshakeType.ServerHelloDone: { this._HandshakeInfo.UpdateHandshakeHash(data); var keyExchangeAlgorithm = CipherSuites.GetKeyExchangeAlgorithm(this._HandshakeInfo.CipherSuite); if (this._Cipher == null) { if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.PSK) { var clientKeyExchange = new PSKClientKeyExchange(); this._PSKIdentity = this.PSKIdentities.GetRandom(); var otherSecret = new byte[this._PSKIdentity.Key.Length]; clientKeyExchange.PSKIdentity = this._PSKIdentity.Identity; this._ClientKeyExchange = clientKeyExchange; var preMasterSecret = TLSUtils.GetPSKPreMasterSecret(otherSecret, this._PSKIdentity.Key); this._Cipher = TLSUtils.AssignCipher(preMasterSecret, true, this._Version, this._HandshakeInfo); } else if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.RSA) { var clientKeyExchange = new RSAClientKeyExchange(); this._ClientKeyExchange = clientKeyExchange; var PreMasterSecret = TLSUtils.GetRsaPreMasterSecret(this._Version); clientKeyExchange.PremasterSecret = TLSUtils.GetEncryptedRsaPreMasterSecret(this.ServerCertificate, PreMasterSecret); this._Cipher = TLSUtils.AssignCipher(PreMasterSecret, true, this._Version, this._HandshakeInfo); } else { throw new NotImplementedException($"Key Exchange Algorithm {keyExchangeAlgorithm} Not Implemented"); } } if (this._SendCertificate) { await this._SendHandshakeMessageAsync(this._Certificate, false).ConfigureAwait(false); } await this._SendHandshakeMessageAsync(this._ClientKeyExchange, false).ConfigureAwait(false); if (this._SendCertificate) { var signatureHashAlgorithm = new SignatureHashAlgorithm() { Signature = TSignatureAlgorithm.ECDSA, Hash = THashAlgorithm.SHA256 }; if (keyExchangeAlgorithm == TKeyExchangeAlgorithm.RSA) { signatureHashAlgorithm = new SignatureHashAlgorithm() { Signature = TSignatureAlgorithm.RSA, Hash = THashAlgorithm.SHA1 }; } var certVerify = new CertificateVerify { SignatureHashAlgorithm = signatureHashAlgorithm, Signature = TLSUtils.Sign(this._PrivateKey, this._PrivateKeyRsa, true, this._Version, this._HandshakeInfo, signatureHashAlgorithm, this._HandshakeInfo.GetHash(this._Version)) }; await this._SendHandshakeMessageAsync(certVerify, false).ConfigureAwait(false); } await this._SendChangeCipherSpecAsync().ConfigureAwait(false); var handshakeHash = this._HandshakeInfo.GetHash(this._Version); var finished = new Finished { VerifyData = TLSUtils.GetVerifyData(this._Version, this._HandshakeInfo, true, true, handshakeHash) }; await this._SendHandshakeMessageAsync(finished, true).ConfigureAwait(false); break; } case THandshakeType.NewSessionTicket: { this._HandshakeInfo.UpdateHandshakeHash(data); break; } case THandshakeType.CertificateVerify: { break; } case THandshakeType.ClientKeyExchange: { break; } case THandshakeType.Finished: { var serverFinished = Finished.Deserialise(stream); var handshakeHash = this._HandshakeInfo.GetHash(this._Version); var calculatedVerifyData = TLSUtils.GetVerifyData(this._Version, this._HandshakeInfo, true, false, handshakeHash); if (serverFinished.VerifyData.SequenceEqual(calculatedVerifyData)) { this._ConnectionComplete = true; } break; } default: { break; } } } this._IsFragment = false; this._FragmentedRecordList.RemoveAll(x => true); }