protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { ClientCertificate = GenerateClientCertificate(); if (ClientCertificate != null) { outgoing.Add(Context.EncodeHandshakeRecord(ClientCertificate)); } // Send Client Key Exchange ClientKeyExchange = GenerateClientKeyExchange(); outgoing.Add(Context.EncodeHandshakeRecord(ClientKeyExchange)); CertificateVerify = GenerateCertificateVerify(); if (CertificateVerify != null) { outgoing.Add(Context.EncodeHandshakeRecord(CertificateVerify)); } // Now initialize session cipher with the generated keys Session.PendingCrypto.InitializeCipher(); SendChangeCipherSpec(outgoing); outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished())); return(Context.CreateNegotiationHandler(NegotiationState.ServerFinished)); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { outgoing.Add(Context.EncodeHandshakeRecord(GenerateServerHello())); ServerCertificate = GenerateServerCertificate(); if (ServerCertificate != null) { outgoing.Add(Context.EncodeHandshakeRecord(ServerCertificate)); } ServerKeyExchange = GenerateServerKeyExchange(); if (ServerKeyExchange != null) { outgoing.Add(Context.EncodeHandshakeRecord(ServerKeyExchange)); } CertificateRequest = GenerateCertificateRequest(); if (CertificateRequest != null) { outgoing.Add(Context.EncodeHandshakeRecord(CertificateRequest)); } outgoing.Add(Context.EncodeHandshakeRecord(new TlsServerHelloDone())); return(Context.CreateNegotiationHandler(NegotiationState.ClientKeyExchange)); }
protected void SendChangeCipherSpec(TlsMultiBuffer messages) { // send the chnage cipher spec. messages.Add(Context.EncodeRecord(ContentType.ChangeCipherSpec, new BufferOffsetSize(new byte[] { 1 }))); Session.PendingCrypto.WriteSequenceNumber = 0; Session.PendingWrite = true; }
public NegotiationHandler GenerateReply(TlsMultiBuffer outgoing) { if (!HasPendingOutput) { throw new TlsException(AlertDescription.InternalError); } hasPendingOutput = false; return(GenerateOutput(outgoing)); }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { #if INSTRUMENTATION if (Context.HasInstrument (HandshakeInstrumentType.SendBlobAfterReceivingFinish)) { var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobAfterReceivingFinish); outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob)); } #endif return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingClientConnection); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { #if INSTRUMENTATION if (Context.HasInstrument(HandshakeInstrumentType.SendBlobAfterReceivingFinish)) { var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobAfterReceivingFinish); outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob)); } #endif return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingClientConnection)); }
public int GenerateNextToken(MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing) { var input = incoming != null ? new TlsBuffer(BOSWrapper.Wrap(incoming)) : null; TlsMultiBuffer output = new TlsMultiBuffer(); var retval = Context.GenerateNextToken(input, output); if (output.IsEmpty) { outgoing = null; } outgoing = BOSWrapper.Wrap(output.StealBuffer()); return((int)retval); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { SendChangeCipherSpec(outgoing); SwitchToNewCipher(); outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished())); FinishHandshake(); if (UserSettings.MartinHack_TriggerRenegotiationOnFinish) { // FIXME: HACK to force renegotiation! Config.UserSettings.MartinHack_TriggerRenegotiationOnFinish = false; outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest())); } return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingServerConnection)); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { StartHandshake(); Resolve(); #if INSTRUMENTATION if (Renegotiating && Context.HasInstrument(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello)) { var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello); outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob)); } #endif outgoing.Add(Context.EncodeHandshakeRecord(GenerateClientHello())); canSendAlert = true; return(Context.CreateNegotiationHandler(NegotiationState.ServerHello)); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { SendChangeCipherSpec(outgoing); SwitchToNewCipher(); outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished())); FinishHandshake(); #if INSTRUMENTATION if (Session.IsRenegotiated && Context.HasInstrumentationEventSink) { Context.InstrumentationEventSink.RenegotiationCompleted(Context); } else if (!Session.IsRenegotiated && Context.HasInstrument(HandshakeInstrumentType.RequestServerRenegotiation)) { Session.IsRenegotiated = true; if (Context.HasInstrument(HandshakeInstrumentType.SendBlobBeforeHelloRequest)) { var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobBeforeHelloRequest); outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob)); } outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest())); if (Context.HasInstrument(HandshakeInstrumentType.SendBlobAfterHelloRequest)) { var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobAfterHelloRequest); outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob)); } if (Context.HasInstrument(HandshakeInstrumentType.SendDuplicateHelloRequest)) { outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest())); } } #endif return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingServerConnection)); }
SecurityStatus EncodeHandshakeRecord (HandshakeMessage message, TlsMultiBuffer output) { var bytes = EncodeHandshakeRecord (message); output.Add (bytes); return message.Type == HandshakeType.Finished ? SecurityStatus.OK : SecurityStatus.ContinueNeeded; }
SecurityStatus _GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing) { #if DEBUG_FULL if (EnableDebugging) { DebugHelper.WriteLine ("GenerateNextToken: {0}", negotiationHandler); if (incoming != null) DebugHelper.WriteRemaining (" incoming", incoming); } #endif if (incoming == null) { negotiationHandler = negotiationHandler.GenerateReply (outgoing); return SecurityStatus.ContinueNeeded; } var contentType = (ContentType)incoming.ReadByte (); #if DEBUG_FULL if (EnableDebugging) DebugHelper.WriteLine (" received message type {0}", contentType); #endif if (skipToOffset >= 0 && contentType != ContentType.Handshake) throw new TlsException (AlertDescription.InternalError); if (contentType == ContentType.Alert) return ProcessAlert (incoming); bool decrypted = false; if (cachedFragment != null) { if (contentType != ContentType.Handshake) throw new TlsException (AlertDescription.DecodeError); decrypted = ReadStandardBuffer (ContentType.Handshake, ref incoming); cachedFragment.Write (incoming.Buffer, incoming.Position, incoming.Remaining); if (cachedFragment.Remaining > 0) return SecurityStatus.ContinueNeeded; incoming.Dispose (); incoming = cachedFragment; cachedFragment = null; incoming.Position = 0; } else { decrypted = ReadStandardBuffer (contentType, ref incoming); } if (Session.Read != null && Session.Read.Cipher != null && !decrypted) throw new TlsException (AlertDescription.DecryptError, "Expected encrypted message."); try { if (contentType == ContentType.ChangeCipherSpec) return negotiationHandler.ProcessMessage (new TlsChangeCipherSpec ()); else if (contentType == ContentType.ApplicationData) { if (session.Read == null || session.Read.Cipher == null || !session.SecureRenegotiation) throw new TlsException (AlertDescription.DecodeError); // FIXME throw new NotImplementedException (); } else if (contentType != ContentType.Handshake) { throw new TlsException (AlertDescription.UnexpectedMessage); } if (skipToOffset >= 0) { incoming.Position = skipToOffset; skipToOffset = -1; } SecurityStatus result; bool finished; while (true) { var startOffset = incoming.Position; finished = ProcessHandshakeMessage (incoming, out result); if (result == SecurityStatus.CredentialsNeeded) { // Caller will call us again with the same input. skipToOffset = startOffset; if (decrypted) Session.Read.ReadSequenceNumber--; return result; } if (incoming.Remaining == 0) break; if (finished || result != SecurityStatus.ContinueNeeded) throw new TlsException (AlertDescription.UnexpectedMessage); } if (finished) negotiationHandler = negotiationHandler.GenerateReply (outgoing); return result; } finally { if (decrypted) incoming.Dispose (); } }
public SecurityStatus GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing) { try { CheckValid (); return _GenerateNextToken (incoming, outgoing); } catch (TlsException ex) { OnError (ex); if (negotiationHandler != null && negotiationHandler.CanSendAlert) { var alert = CreateAlert (ex.Alert); outgoing.Add (alert); } Clear (); return SecurityStatus.ContextExpired; } catch { Clear (); throw; } }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { ClientCertificate = GenerateClientCertificate (); if (ClientCertificate != null) outgoing.Add (Context.EncodeHandshakeRecord (ClientCertificate)); // Send Client Key Exchange ClientKeyExchange = GenerateClientKeyExchange (); outgoing.Add (Context.EncodeHandshakeRecord (ClientKeyExchange)); CertificateVerify = GenerateCertificateVerify (); if (CertificateVerify != null) outgoing.Add (Context.EncodeHandshakeRecord (CertificateVerify)); // Now initialize session cipher with the generated keys Session.PendingCrypto.InitializeCipher (); SendChangeCipherSpec (outgoing); outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ())); return Context.CreateNegotiationHandler (NegotiationState.ServerFinished); }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { StartHandshake (); Resolve (); outgoing.Add (Context.EncodeHandshakeRecord (GenerateClientHello ())); canSendAlert = true; return Context.CreateNegotiationHandler (NegotiationState.ServerHello); }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { StartHandshake (); Resolve (); #if INSTRUMENTATION if (Renegotiating && Context.HasInstrument (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello)) { var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello); outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob)); } #endif outgoing.Add (Context.EncodeHandshakeRecord (GenerateClientHello ())); canSendAlert = true; return Context.CreateNegotiationHandler (NegotiationState.ServerHello); }
public int GenerateNextToken (MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing) { var input = incoming != null ? new TlsBuffer (BOSWrapper.Wrap (incoming)) : null; TlsMultiBuffer output = new TlsMultiBuffer (); var retval = Context.GenerateNextToken (input, output); if (output.IsEmpty) outgoing = null; outgoing = BOSWrapper.Wrap (output.StealBuffer ()); return (int)retval; }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { StartHandshake(); outgoing.Add(Context.EncodeHandshakeRecord(GenerateClientHello())); return(Context.CreateNegotiationHandler(NegotiationState.ServerHello)); }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { SendChangeCipherSpec (outgoing); SwitchToNewCipher (); outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ())); FinishHandshake (); #if INSTRUMENTATION if (Session.IsRenegotiated && Context.HasInstrumentationEventSink) { Context.InstrumentationEventSink.RenegotiationCompleted (Context); } else if (!Session.IsRenegotiated && Context.HasInstrument (HandshakeInstrumentType.RequestServerRenegotiation)) { Session.IsRenegotiated = true; if (Context.HasInstrument (HandshakeInstrumentType.SendBlobBeforeHelloRequest)) { var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobBeforeHelloRequest); outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob)); } outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ())); if (Context.HasInstrument (HandshakeInstrumentType.SendBlobAfterHelloRequest)) { var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobAfterHelloRequest); outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob)); } if (Context.HasInstrument (HandshakeInstrumentType.SendDuplicateHelloRequest)) outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ())); } #endif return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingServerConnection); }
protected void SendChangeCipherSpec (TlsMultiBuffer messages) { // send the chnage cipher spec. messages.Add (Context.EncodeRecord (ContentType.ChangeCipherSpec, new BufferOffsetSize (new byte[] { 1 }))); Session.PendingCrypto.WriteSequenceNumber = 0; Session.PendingWrite = true; }
public NegotiationHandler GenerateReply (TlsMultiBuffer outgoing) { if (!HasPendingOutput) throw new TlsException (AlertDescription.InternalError); hasPendingOutput = false; return GenerateOutput (outgoing); }
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { Resolve (); outgoing.Add (Context.EncodeHandshakeRecord (GenerateServerHello ())); ServerCertificate = GenerateServerCertificate (); if (ServerCertificate != null) outgoing.Add (Context.EncodeHandshakeRecord (ServerCertificate)); ServerKeyExchange = GenerateServerKeyExchange (); if (ServerKeyExchange != null) outgoing.Add (Context.EncodeHandshakeRecord (ServerKeyExchange)); CertificateRequest = GenerateCertificateRequest (); if (CertificateRequest != null) outgoing.Add (Context.EncodeHandshakeRecord (CertificateRequest)); outgoing.Add (Context.EncodeHandshakeRecord (new TlsServerHelloDone ())); return Context.CreateNegotiationHandler (NegotiationState.ClientKeyExchange); }
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing) { return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingClientConnection)); }
protected abstract NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing);
public SecurityStatus GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing) { try { CheckValid (); return _GenerateNextToken (incoming, outgoing); } catch (TlsException ex) { var alert = OnError (ex); if (alert != null) outgoing.Add (alert); Clear (); return SecurityStatus.ContextExpired; } catch { Clear (); throw; } }
protected abstract NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing);
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing) { SendChangeCipherSpec (outgoing); SwitchToNewCipher (); outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ())); FinishHandshake (); #if INSTRUMENTATION if (!Session.IsRenegotiated && (Settings.RequestRenegotiation ?? false)) { // FIXME: HACK to force renegotiation! Session.IsRenegotiated = true; outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ())); } #endif return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingServerConnection); }