protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
ClientCertificate = GenerateClientCertificate();
if (ClientCertificate != null)
{
outgoing.Add(Context.EncodeHandshakeRecord(ClientCertificate));
}
// Send Client Key Exchange
ClientKeyExchange = GenerateClientKeyExchange();
outgoing.Add(Context.EncodeHandshakeRecord(ClientKeyExchange));
CertificateVerify = GenerateCertificateVerify();
if (CertificateVerify != null)
{
outgoing.Add(Context.EncodeHandshakeRecord(CertificateVerify));
}
// Now initialize session cipher with the generated keys
Session.PendingCrypto.InitializeCipher();
SendChangeCipherSpec(outgoing);
outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished()));
return(Context.CreateNegotiationHandler(NegotiationState.ServerFinished));
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
outgoing.Add(Context.EncodeHandshakeRecord(GenerateServerHello()));
ServerCertificate = GenerateServerCertificate();
if (ServerCertificate != null)
{
outgoing.Add(Context.EncodeHandshakeRecord(ServerCertificate));
}
ServerKeyExchange = GenerateServerKeyExchange();
if (ServerKeyExchange != null)
{
outgoing.Add(Context.EncodeHandshakeRecord(ServerKeyExchange));
}
CertificateRequest = GenerateCertificateRequest();
if (CertificateRequest != null)
{
outgoing.Add(Context.EncodeHandshakeRecord(CertificateRequest));
}
outgoing.Add(Context.EncodeHandshakeRecord(new TlsServerHelloDone()));
return(Context.CreateNegotiationHandler(NegotiationState.ClientKeyExchange));
}
protected void SendChangeCipherSpec(TlsMultiBuffer messages)
{
// send the chnage cipher spec.
messages.Add(Context.EncodeRecord(ContentType.ChangeCipherSpec, new BufferOffsetSize(new byte[] { 1 })));
Session.PendingCrypto.WriteSequenceNumber = 0;
Session.PendingWrite = true;
}
public NegotiationHandler GenerateReply(TlsMultiBuffer outgoing)
{
if (!HasPendingOutput)
{
throw new TlsException(AlertDescription.InternalError);
}
hasPendingOutput = false;
return(GenerateOutput(outgoing));
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
#if INSTRUMENTATION
if (Context.HasInstrument (HandshakeInstrumentType.SendBlobAfterReceivingFinish)) {
var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobAfterReceivingFinish);
outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob));
}
#endif
return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingClientConnection);
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
#if INSTRUMENTATION
if (Context.HasInstrument(HandshakeInstrumentType.SendBlobAfterReceivingFinish))
{
var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobAfterReceivingFinish);
outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob));
}
#endif
return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingClientConnection));
}
public int GenerateNextToken(MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing)
{
var input = incoming != null ? new TlsBuffer(BOSWrapper.Wrap(incoming)) : null;
TlsMultiBuffer output = new TlsMultiBuffer();
var retval = Context.GenerateNextToken(input, output);
if (output.IsEmpty)
{
outgoing = null;
}
outgoing = BOSWrapper.Wrap(output.StealBuffer());
return((int)retval);
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
SendChangeCipherSpec(outgoing);
SwitchToNewCipher();
outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished()));
FinishHandshake();
if (UserSettings.MartinHack_TriggerRenegotiationOnFinish)
{
// FIXME: HACK to force renegotiation!
Config.UserSettings.MartinHack_TriggerRenegotiationOnFinish = false;
outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest()));
}
return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingServerConnection));
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
StartHandshake();
Resolve();
#if INSTRUMENTATION
if (Renegotiating && Context.HasInstrument(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello))
{
var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob));
}
#endif
outgoing.Add(Context.EncodeHandshakeRecord(GenerateClientHello()));
canSendAlert = true;
return(Context.CreateNegotiationHandler(NegotiationState.ServerHello));
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
SendChangeCipherSpec(outgoing);
SwitchToNewCipher();
outgoing.Add(Context.EncodeHandshakeRecord(GenerateFinished()));
FinishHandshake();
#if INSTRUMENTATION
if (Session.IsRenegotiated && Context.HasInstrumentationEventSink)
{
Context.InstrumentationEventSink.RenegotiationCompleted(Context);
}
else if (!Session.IsRenegotiated && Context.HasInstrument(HandshakeInstrumentType.RequestServerRenegotiation))
{
Session.IsRenegotiated = true;
if (Context.HasInstrument(HandshakeInstrumentType.SendBlobBeforeHelloRequest))
{
var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobBeforeHelloRequest);
outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob));
}
outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest()));
if (Context.HasInstrument(HandshakeInstrumentType.SendBlobAfterHelloRequest))
{
var blob = Instrumentation.GetTextBuffer(HandshakeInstrumentType.SendBlobAfterHelloRequest);
outgoing.Add(Context.EncodeRecord(ContentType.ApplicationData, blob));
}
if (Context.HasInstrument(HandshakeInstrumentType.SendDuplicateHelloRequest))
{
outgoing.Add(Context.EncodeHandshakeRecord(new TlsHelloRequest()));
}
}
#endif
return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingServerConnection));
}
SecurityStatus EncodeHandshakeRecord (HandshakeMessage message, TlsMultiBuffer output)
{
var bytes = EncodeHandshakeRecord (message);
output.Add (bytes);
return message.Type == HandshakeType.Finished ? SecurityStatus.OK : SecurityStatus.ContinueNeeded;
}
SecurityStatus _GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing)
{
#if DEBUG_FULL
if (EnableDebugging) {
DebugHelper.WriteLine ("GenerateNextToken: {0}", negotiationHandler);
if (incoming != null)
DebugHelper.WriteRemaining (" incoming", incoming);
}
#endif
if (incoming == null) {
negotiationHandler = negotiationHandler.GenerateReply (outgoing);
return SecurityStatus.ContinueNeeded;
}
var contentType = (ContentType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging)
DebugHelper.WriteLine (" received message type {0}", contentType);
#endif
if (skipToOffset >= 0 && contentType != ContentType.Handshake)
throw new TlsException (AlertDescription.InternalError);
if (contentType == ContentType.Alert)
return ProcessAlert (incoming);
bool decrypted = false;
if (cachedFragment != null) {
if (contentType != ContentType.Handshake)
throw new TlsException (AlertDescription.DecodeError);
decrypted = ReadStandardBuffer (ContentType.Handshake, ref incoming);
cachedFragment.Write (incoming.Buffer, incoming.Position, incoming.Remaining);
if (cachedFragment.Remaining > 0)
return SecurityStatus.ContinueNeeded;
incoming.Dispose ();
incoming = cachedFragment;
cachedFragment = null;
incoming.Position = 0;
} else {
decrypted = ReadStandardBuffer (contentType, ref incoming);
}
if (Session.Read != null && Session.Read.Cipher != null && !decrypted)
throw new TlsException (AlertDescription.DecryptError, "Expected encrypted message.");
try {
if (contentType == ContentType.ChangeCipherSpec)
return negotiationHandler.ProcessMessage (new TlsChangeCipherSpec ());
else if (contentType == ContentType.ApplicationData) {
if (session.Read == null || session.Read.Cipher == null || !session.SecureRenegotiation)
throw new TlsException (AlertDescription.DecodeError);
// FIXME
throw new NotImplementedException ();
} else if (contentType != ContentType.Handshake) {
throw new TlsException (AlertDescription.UnexpectedMessage);
}
if (skipToOffset >= 0) {
incoming.Position = skipToOffset;
skipToOffset = -1;
}
SecurityStatus result;
bool finished;
while (true) {
var startOffset = incoming.Position;
finished = ProcessHandshakeMessage (incoming, out result);
if (result == SecurityStatus.CredentialsNeeded) {
// Caller will call us again with the same input.
skipToOffset = startOffset;
if (decrypted)
Session.Read.ReadSequenceNumber--;
return result;
}
if (incoming.Remaining == 0)
break;
if (finished || result != SecurityStatus.ContinueNeeded)
throw new TlsException (AlertDescription.UnexpectedMessage);
}
if (finished)
negotiationHandler = negotiationHandler.GenerateReply (outgoing);
return result;
} finally {
if (decrypted)
incoming.Dispose ();
}
}
public SecurityStatus GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing)
{
try {
CheckValid ();
return _GenerateNextToken (incoming, outgoing);
} catch (TlsException ex) {
OnError (ex);
if (negotiationHandler != null && negotiationHandler.CanSendAlert) {
var alert = CreateAlert (ex.Alert);
outgoing.Add (alert);
}
Clear ();
return SecurityStatus.ContextExpired;
} catch {
Clear ();
throw;
}
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
ClientCertificate = GenerateClientCertificate ();
if (ClientCertificate != null)
outgoing.Add (Context.EncodeHandshakeRecord (ClientCertificate));
// Send Client Key Exchange
ClientKeyExchange = GenerateClientKeyExchange ();
outgoing.Add (Context.EncodeHandshakeRecord (ClientKeyExchange));
CertificateVerify = GenerateCertificateVerify ();
if (CertificateVerify != null)
outgoing.Add (Context.EncodeHandshakeRecord (CertificateVerify));
// Now initialize session cipher with the generated keys
Session.PendingCrypto.InitializeCipher ();
SendChangeCipherSpec (outgoing);
outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ()));
return Context.CreateNegotiationHandler (NegotiationState.ServerFinished);
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
StartHandshake ();
Resolve ();
outgoing.Add (Context.EncodeHandshakeRecord (GenerateClientHello ()));
canSendAlert = true;
return Context.CreateNegotiationHandler (NegotiationState.ServerHello);
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
StartHandshake ();
Resolve ();
#if INSTRUMENTATION
if (Renegotiating && Context.HasInstrument (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello)) {
var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobBeforeRenegotiatingHello);
outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob));
}
#endif
outgoing.Add (Context.EncodeHandshakeRecord (GenerateClientHello ()));
canSendAlert = true;
return Context.CreateNegotiationHandler (NegotiationState.ServerHello);
}
public int GenerateNextToken (MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing)
{
var input = incoming != null ? new TlsBuffer (BOSWrapper.Wrap (incoming)) : null;
TlsMultiBuffer output = new TlsMultiBuffer ();
var retval = Context.GenerateNextToken (input, output);
if (output.IsEmpty)
outgoing = null;
outgoing = BOSWrapper.Wrap (output.StealBuffer ());
return (int)retval;
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
StartHandshake();
outgoing.Add(Context.EncodeHandshakeRecord(GenerateClientHello()));
return(Context.CreateNegotiationHandler(NegotiationState.ServerHello));
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
SendChangeCipherSpec (outgoing);
SwitchToNewCipher ();
outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ()));
FinishHandshake ();
#if INSTRUMENTATION
if (Session.IsRenegotiated && Context.HasInstrumentationEventSink) {
Context.InstrumentationEventSink.RenegotiationCompleted (Context);
} else if (!Session.IsRenegotiated && Context.HasInstrument (HandshakeInstrumentType.RequestServerRenegotiation)) {
Session.IsRenegotiated = true;
if (Context.HasInstrument (HandshakeInstrumentType.SendBlobBeforeHelloRequest)) {
var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobBeforeHelloRequest);
outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob));
}
outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ()));
if (Context.HasInstrument (HandshakeInstrumentType.SendBlobAfterHelloRequest)) {
var blob = Instrumentation.GetTextBuffer (HandshakeInstrumentType.SendBlobAfterHelloRequest);
outgoing.Add (Context.EncodeRecord (ContentType.ApplicationData, blob));
}
if (Context.HasInstrument (HandshakeInstrumentType.SendDuplicateHelloRequest))
outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ()));
}
#endif
return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingServerConnection);
}
protected void SendChangeCipherSpec (TlsMultiBuffer messages)
{
// send the chnage cipher spec.
messages.Add (Context.EncodeRecord (ContentType.ChangeCipherSpec, new BufferOffsetSize (new byte[] { 1 })));
Session.PendingCrypto.WriteSequenceNumber = 0;
Session.PendingWrite = true;
}
public NegotiationHandler GenerateReply (TlsMultiBuffer outgoing)
{
if (!HasPendingOutput)
throw new TlsException (AlertDescription.InternalError);
hasPendingOutput = false;
return GenerateOutput (outgoing);
}
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
Resolve ();
outgoing.Add (Context.EncodeHandshakeRecord (GenerateServerHello ()));
ServerCertificate = GenerateServerCertificate ();
if (ServerCertificate != null)
outgoing.Add (Context.EncodeHandshakeRecord (ServerCertificate));
ServerKeyExchange = GenerateServerKeyExchange ();
if (ServerKeyExchange != null)
outgoing.Add (Context.EncodeHandshakeRecord (ServerKeyExchange));
CertificateRequest = GenerateCertificateRequest ();
if (CertificateRequest != null)
outgoing.Add (Context.EncodeHandshakeRecord (CertificateRequest));
outgoing.Add (Context.EncodeHandshakeRecord (new TlsServerHelloDone ()));
return Context.CreateNegotiationHandler (NegotiationState.ClientKeyExchange);
}
protected override NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing)
{
return(Context.CreateNegotiationHandler(NegotiationState.RenegotiatingClientConnection));
}
protected abstract NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing);
public SecurityStatus GenerateNextToken (TlsBuffer incoming, TlsMultiBuffer outgoing)
{
try {
CheckValid ();
return _GenerateNextToken (incoming, outgoing);
} catch (TlsException ex) {
var alert = OnError (ex);
if (alert != null)
outgoing.Add (alert);
Clear ();
return SecurityStatus.ContextExpired;
} catch {
Clear ();
throw;
}
}
protected abstract NegotiationHandler GenerateOutput(TlsMultiBuffer outgoing);
protected override NegotiationHandler GenerateOutput (TlsMultiBuffer outgoing)
{
SendChangeCipherSpec (outgoing);
SwitchToNewCipher ();
outgoing.Add (Context.EncodeHandshakeRecord (GenerateFinished ()));
FinishHandshake ();
#if INSTRUMENTATION
if (!Session.IsRenegotiated && (Settings.RequestRenegotiation ?? false)) {
// FIXME: HACK to force renegotiation!
Session.IsRenegotiated = true;
outgoing.Add (Context.EncodeHandshakeRecord (new TlsHelloRequest ()));
}
#endif
return Context.CreateNegotiationHandler (NegotiationState.RenegotiatingServerConnection);
}
