public virtual void ProcessClientExtensions(IDictionary clientExtensions) { mClientExtensions = clientExtensions; if (clientExtensions != null) { mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions); mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions); if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered)) { throw new TlsFatalAlert(47); } mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions); mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions); if (mSupportedSignatureAlgorithms != null && !TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion)) { throw new TlsFatalAlert(47); } mNamedCurves = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions); mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions); } }
protected virtual void SendServerHelloMessage() { HandshakeMessage handshakeMessage = new HandshakeMessage(2); ProtocolVersion serverVersion = mTlsServer.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(Context.ClientVersion)) { throw new TlsFatalAlert(80); } mRecordStream.ReadVersion = serverVersion; mRecordStream.SetWriteVersion(serverVersion); mRecordStream.SetRestrictReadVersion(enabled: true); ContextAdmin.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(serverVersion, handshakeMessage); handshakeMessage.Write(mSecurityParameters.serverRandom); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage); int selectedCipherSuite = mTlsServer.GetSelectedCipherSuite(); if (!Arrays.Contains(mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, Context.ServerVersion)) { throw new TlsFatalAlert(80); } mSecurityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = mTlsServer.GetSelectedCompressionMethod(); if (!Arrays.Contains(mOfferedCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } mSecurityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage); TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage); mServerExtensions = mTlsServer.GetServerExtensions(); if (mSecureRenegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(mServerExtensions, 65281); if (null == extensionData) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (mSecurityParameters.extendedMasterSecret) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(mServerExtensions); } if (mServerExtensions != null) { mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(mServerExtensions); mSecurityParameters.maxFragmentLength = ProcessMaxFragmentLengthExtension(mClientExtensions, mServerExtensions, 80); mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(mServerExtensions); mAllowCertificateStatus = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 5, 80)); mExpectSessionTicket = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 35, 80)); TlsProtocol.WriteExtensions(handshakeMessage, mServerExtensions); } mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite); mSecurityParameters.verifyDataLength = 12; ApplyMaxFragmentLengthExtension(); handshakeMessage.WriteToRecordStream(this); }