コード例 #1
0
 protected virtual void ProcessNewSessionTicket(HandshakeMessage ticket)
 {
     InvalidMessageReceived();
 }
コード例 #2
0
 protected virtual void ProcessServerHelloDone(HandshakeMessage serverHelloDone)
 {
     InvalidMessageReceived();
 }
コード例 #3
0
 protected virtual void ProcessCertificateVerify(HandshakeMessage verify)
 {
     InvalidMessageReceived();
 }
コード例 #4
0
 protected virtual void ProcessFinished(HandshakeMessage finished)
 {
     InvalidMessageReceived();
 }
コード例 #5
0
        public void ProcessMessage(HandshakeMessage message)
        {
            byte[] msgData = message.Encode();
            _handshakeStream.Write(msgData, 0, msgData.Length);

            switch (message.Type) {
            case HandshakeMessageType.HelloRequest:
                ProcessHelloRequest();
                break;
            case HandshakeMessageType.ClientHello:
                ProcessClientHello((HandshakeClientHello) message);
                break;
            case HandshakeMessageType.ServerHello:
                ProcessServerHello((HandshakeServerHello) message);
                break;
            case HandshakeMessageType.NewSessionTicket:
                ProcessNewSessionTicket(message);
                break;
            case HandshakeMessageType.Certificate:
                ProcessCertificate((HandshakeCertificate) message);
                break;
            case HandshakeMessageType.ServerKeyExchange:
                ProcessServerKeyExchange(message);
                break;
            case HandshakeMessageType.CertificateRequest:
                ProcessCertificateRequest((HandshakeCertificateRequest)message);
                break;
            case HandshakeMessageType.ServerHelloDone:
                ProcessServerHelloDone(message);
                break;
            case HandshakeMessageType.CertificateVerify:
                ProcessCertificateVerify(message);
                break;
            case HandshakeMessageType.ClientKeyExchange:
                ProcessClientKeyExchange(message);
                break;
            case HandshakeMessageType.Finished:
                ProcessFinished(message);
                break;
            }
        }
コード例 #6
0
        protected void OutputMessage(HandshakeMessage message)
        {
            byte[] data = message.Encode();
            _handshakeStream.Write(data, 0, data.Length);

            _outputMessages.Add(message);
        }
コード例 #7
0
        public void SendClientKey(Stream stream)
        {
            byte[] clientKeys = _cipherSuite.KeyExchangeAlgorithm.GetClientKeys(VERSION, VERSION, _rsaPublicKey);
            if (VERSION != ProtocolVersion.SSL3_0) {
                byte[] tmpArray = new byte[clientKeys.Length+2];
                tmpArray[0] = (byte) (clientKeys.Length >> 8);
                tmpArray[1] = (byte) (clientKeys.Length);
                Buffer.BlockCopy(clientKeys, 0, tmpArray, 2, clientKeys.Length);
                clientKeys = tmpArray;
            }
            HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, VERSION, clientKeys);

            Record record = new Record(22, VERSION);
            record.Fragment = keyex.Encode();
            _recordHandler.ProcessOutputRecord(record);
            SendRecord(stream, record);
        }
コード例 #8
0
        protected override void ProcessClientHello(HandshakeClientHello clientHello)
        {
            if (_state == HandshakeState.Finished) {
                throw new AlertException(AlertDescription.NoRenegotiation,
                                         "Renegotiation not supported");
            } else if (_state != HandshakeState.Initial) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Client hello received at the wrong time");
            }

            // Find the compressions that match our supported compressions
            List<Byte> matchedCompressions = new List<Byte>();
            foreach (Byte id in _supportedCompressions) {
                if (clientHello.CompressionMethods.Contains(id)) {
                    matchedCompressions.Add(id);
                }
            }
            if (matchedCompressions.Count == 0) {
                throw new AlertException(AlertDescription.HandshakeFailure,
                                         "None of the compression methods offered by client is accepted");
            }

            _clientVersion = clientHello.ClientVersion;
            _cipherSuite = SelectCipherSuite(_pluginManager, _clientVersion, _minVersion, _maxVersion, clientHello.CipherSuites, new List<UInt16>(_supportedCipherSuites), _certificateSelectionCallback, _availableCertificates);
            _version = _cipherSuite.ProtocolVersion;

            // Select the certificate and private key we are going to send
            int certificateIndex = _certificateSelectionCallback(_cipherSuite, _availableCertificates.ToArray());
            if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) {
                _serverCertificates.AddRange(_availableCertificates[certificateIndex]);
                _selectedPrivateKey = _availablePrivateKeys[certificateIndex];
            }

            // TODO: Create the server hello message correctly
            HandshakeServerHello serverHello = new HandshakeServerHello(_version);
            serverHello.CipherSuite = _cipherSuite.CipherSuiteID;
            serverHello.CompressionMethod = matchedCompressions[0];
            OutputMessage(serverHello);

            // Initialize the handshake randoms and cipher suite
            _connectionState.ClientRandom = clientHello.Random.GetBytes();
            _connectionState.ServerRandom = serverHello.Random.GetBytes();

            // TODO: If we resumed our session, set state to SendChangeCipherSpec and return

            // Send certificate if required and valid
            if (!_cipherSuite.IsAnonymous) {
                if (_serverCertificates.Count == 0) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Certificate required but not selected");
                }

                string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm;
                string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm;

                X509Certificate cert = _serverCertificates[0];
                if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm())) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg);
                }
                if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm())) {
                    throw new AlertException(AlertDescription.HandshakeFailure,
                                             "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg);
                }

                HandshakeCertificate certificate = new HandshakeCertificate(_version);
                certificate.CertificateList.AddRange(_serverCertificates);
                OutputMessage(certificate);
            }

            byte[] serverKeys = _cipherSuite.KeyExchangeAlgorithm.GetServerKeys(_maxVersion);
            if (serverKeys != null) {
                // Generate the signature for server keys
                byte[] dataToSign = new byte[_connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length + serverKeys.Length];
                Buffer.BlockCopy(_connectionState.ClientRandom, 0, dataToSign, 0, _connectionState.ClientRandom.Length);
                Buffer.BlockCopy(_connectionState.ServerRandom, 0, dataToSign, _connectionState.ClientRandom.Length, _connectionState.ServerRandom.Length);
                Buffer.BlockCopy(serverKeys, 0, dataToSign, _connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length, serverKeys.Length);
                byte[] signature = GenerateSignature(_selectedPrivateKey, dataToSign);

                // Combine the server keys with the signature
                byte[] signedKeys = new byte[serverKeys.Length + signature.Length];
                Buffer.BlockCopy(serverKeys, 0, signedKeys, 0, serverKeys.Length);
                Buffer.BlockCopy(signature, 0, signedKeys, serverKeys.Length, signature.Length);

                HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, _version, signedKeys);
                OutputMessage(keyex);
            }

            // Send certificate request if needed
            if (!_cipherSuite.IsAnonymous && _certificateRequest != null) {
                OutputMessage(_certificateRequest);
                _certificateRequestSent = true;
            }

            HandshakeMessage serverHelloDone = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, _version);
            OutputMessage(serverHelloDone);

            // Wait for client certificate or client key exchange
            _state = HandshakeState.ReceivedClientHello;
        }
コード例 #9
0
        protected override void ProcessServerHelloDone(HandshakeMessage serverHelloDone)
        {
            if (_state != HandshakeState.ReceivedCertificate &&
                _state != HandshakeState.ReceivedServerKeyExchange &&
                _state != HandshakeState.ReceivedCertificateRequest) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Server hello done received at the wrong time");
            }

            bool clientCertificateSent = false;
            if (_clientCertificateRequested) {
                // Ask for correct certificate from the callback
                int certificateIndex = _certificateSelectionCallback(_availableCertificates.ToArray(), _serverCertificates);
                if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) {
                    _clientCertificates.AddRange(_availableCertificates[certificateIndex]);
                    _selectedPrivateKey = _availablePrivateKeys[certificateIndex];
                }

                // If certificate was selected, send it to server
                if (_clientCertificates.Count > 0) {
                    HandshakeCertificate certificate = new HandshakeCertificate(_version);
                    certificate.CertificateList.AddRange(_clientCertificates);
                    OutputMessage(certificate);

                    clientCertificateSent = true;
                } else {
                    // TODO: In case of SSLv3 we should send warning alert instead?
                    HandshakeCertificate certificate = new HandshakeCertificate(_version);
                    OutputMessage(certificate);
                }
            }

            // Send client key exchange message
            byte[] clientKeys = null;
            if (_serverCertificates.Count > 0) {
                CertificatePublicKey publicKey = new CertificatePublicKey(_serverCertificates[0]);
                clientKeys = _cipherSuite.KeyExchangeAlgorithm.GetClientKeys(_version, _maxVersion, publicKey);
            }
            HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, _version, clientKeys);
            OutputMessage(keyex);

            if (clientCertificateSent) {
                // Get all handshake messages
                byte[] handshakeMessages = _handshakeStream.ToArray();

                // FIXME: Generate the signature of handshakeMessages with client cert signature
                //        this breaks if client certificate signature is different type than negotiated
                byte[] signature = GenerateSignature(_selectedPrivateKey, handshakeMessages);

                // Create CertificateVerify message and send it to server
                HandshakeMessage verify = new HandshakeMessage(HandshakeMessageType.CertificateVerify, _version, signature);
                OutputMessage(verify);
            }

            // Generate the master secret from key exchange
            _connectionState.MasterSecret = GenerateMasterSecret(_version, _cipherSuite, _connectionState);

            // Wait for changecipherspec+finished
            _state = HandshakeState.SendChangeCipherSpec;
        }
コード例 #10
0
        protected override void ProcessServerKeyExchange(HandshakeMessage keyExchange)
        {
            if (_state != HandshakeState.ReceivedServerHello &&
                _state != HandshakeState.ReceivedCertificate) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Server key exchange received at the wrong time");
            }
            if (!_cipherSuite.IsAnonymous && _serverCertificates.Count == 0) {
                throw new AlertException(AlertDescription.HandshakeFailure,
                                         "No certificate received even though cipher suite is not anonymous");
            }

            // Process server keys, also returns us the signature data
            byte[] signature = _cipherSuite.KeyExchangeAlgorithm.ProcessServerKeys(_version, keyExchange.Data);

            // Extract the signed data from the complete payload
            byte[] serverKeys = new byte[keyExchange.Data.Length - signature.Length];
            Buffer.BlockCopy(keyExchange.Data, 0, serverKeys, 0, serverKeys.Length);

            // Verify correctness of the signature
            if (!_cipherSuite.IsAnonymous) {
                CertificatePublicKey publicKey = new CertificatePublicKey(_serverCertificates[0]);

                // Generate the original data signed from server keys
                byte[] signedData = new byte[_connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length + serverKeys.Length];
                Buffer.BlockCopy(_connectionState.ClientRandom, 0, signedData, 0, _connectionState.ClientRandom.Length);
                Buffer.BlockCopy(_connectionState.ServerRandom, 0, signedData, _connectionState.ClientRandom.Length, _connectionState.ServerRandom.Length);
                Buffer.BlockCopy(serverKeys, 0, signedData, _connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length, serverKeys.Length);

                bool signatureOk = VerifySignature(publicKey, signedData, signature);
                if (!signatureOk) {
                    throw new AlertException(AlertDescription.DecodeError,
                                             "Signature from server incorrect");
                }
            }

            // Wait for certificate request or server hello done
            _state = HandshakeState.ReceivedServerKeyExchange;
        }
コード例 #11
0
        protected override void ProcessLocalChangeCipherSpec()
        {
            if (_state != HandshakeState.SendChangeCipherSpec) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Change cipher spec not after server hello done");
            }
            byte[] handshakeMessages = _handshakeStream.ToArray();

            PseudoRandomFunction prf = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm verifyHash = prf.CreateVerifyHashAlgorithm(_connectionState.MasterSecret);
            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] verifyData;
            if (_version == ProtocolVersion.SSL3_0) {
                byte[] senderBytes = Encoding.ASCII.GetBytes("CLNT");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                verifyData = verifyHash.Hash;
            } else {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                verifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_connectionState.MasterSecret, "client finished", hash, length);
            }
            _connectionState.ClientVerifyData = verifyData;

            // Output the handshake message including verify data
            HandshakeMessage finished = new HandshakeMessage(HandshakeMessageType.Finished, _version, verifyData);
            OutputMessage(finished);

            _state = HandshakeState.WaitForChangeCipherSpec;
        }
コード例 #12
0
        protected override void ProcessFinished(HandshakeMessage finished)
        {
            if (_state != HandshakeState.ReceivedChangeCipherSpec) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Finished message received at the wrong time");
            }

            byte[] allMessages = _handshakeStream.ToArray();
            byte[] handshakeMessages = new byte[allMessages.Length - finished.Encode().Length];
            Buffer.BlockCopy(allMessages, 0, handshakeMessages, 0, handshakeMessages.Length);

            PseudoRandomFunction prf = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm verifyHash = prf.CreateVerifyHashAlgorithm(_connectionState.MasterSecret);
            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] ourVerifyData;
            if (_version == ProtocolVersion.SSL3_0) {
                byte[] senderBytes = Encoding.ASCII.GetBytes("SRVR");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                ourVerifyData = verifyHash.Hash;
            } else {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                ourVerifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_connectionState.MasterSecret, "server finished", hash, length);
            }

            // Verify that the received data matches ours
            bool verifyOk = false;
            if (ourVerifyData.Length == finished.Data.Length) {
                verifyOk = true;
                for (int i=0; i<ourVerifyData.Length; i++) {
                    if (ourVerifyData[i] != finished.Data[i]) {
                        verifyOk = false;
                    }
                }
            }

            if (!verifyOk) {
                throw new AlertException(AlertDescription.DecryptError,
                                         "Finished packet contents incorrect");
            }
            _connectionState.ServerVerifyData = ourVerifyData;

            // Cleanup the handshake stream used for verify hashes
            _handshakeStream = new MemoryStream();

            // Everything done and handshake finished
            _state = HandshakeState.Finished;
        }
コード例 #13
0
        protected override void ProcessClientKeyExchange(HandshakeMessage keyExchange)
        {
            if (_state != HandshakeState.ReceivedClientHello &&
                _state != HandshakeState.ReceivedCertificate) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Client key exchange received at the wrong time");
            }
            if (_state == HandshakeState.ReceivedClientHello && _certificateRequestSent) {
                // SSLv3 can use NoCertificate warning alert instead
                if (_version != ProtocolVersion.SSL3_0) {
                    throw new AlertException(AlertDescription.UnexpectedMessage,
                                             "Certificate request was sent, but client didn't send a certificate");
                }
            }

            // Process client keys, they don't contain any signature but might be encrypted
            _cipherSuite.KeyExchangeAlgorithm.ProcessClientKeys(_version, _clientVersion, _selectedPrivateKey, keyExchange.Data);

            // Wait for certificate verify or changecipherspec+finished
            _state = HandshakeState.ReceivedClientKeyExchange;
        }
コード例 #14
0
 protected virtual void ProcessServerKeyExchange(HandshakeMessage keyExchange)
 {
     InvalidMessageReceived();
 }
コード例 #15
0
        public void SendFinished(Stream stream)
        {
            Record record;

            /* change cipher spec */
            record = new Record(20, VERSION);
            record.Fragment = new byte[] { 0x01 };
            _recordHandler.ProcessOutputRecord(record);
            SendRecord(stream, record);

            /* change our own cipher spec */
            _recordHandler.ChangeLocalState();

            ProtocolVersion version = VERSION;
            byte[] handshakeMessages = _handshakeStream.ToArray();
            Console.WriteLine("handshake messages length " + handshakeMessages.Length);

            PseudoRandomFunction prf = _cipherSuite.PseudoRandomFunction;
            HashAlgorithm verifyHash = prf.CreateVerifyHashAlgorithm(_masterSecret);
            verifyHash.TransformBlock(handshakeMessages, 0, handshakeMessages.Length, handshakeMessages, 0);

            byte[] verifyData;
            if (version == ProtocolVersion.SSL3_0) {
                byte[] senderBytes = Encoding.ASCII.GetBytes("CLNT");
                verifyHash.TransformFinalBlock(senderBytes, 0, senderBytes.Length);
                verifyData = verifyHash.Hash;
            } else {
                verifyHash.TransformFinalBlock(new byte[0], 0, 0);
                byte[] hash = verifyHash.Hash;

                int length = _cipherSuite.PseudoRandomFunction.VerifyDataLength;
                verifyData = _cipherSuite.PseudoRandomFunction.GetBytes(_masterSecret, "client finished", hash, length);
            }
            HandshakeMessage finished = new HandshakeMessage(HandshakeMessageType.Finished, VERSION, verifyData);
            PrintBytes("verify data", finished.Data);

            record = new Record(22, VERSION);
            record.Fragment = finished.Encode();
            _recordHandler.ProcessOutputRecord(record);
            SendRecord(stream, record);

            Console.WriteLine("encrypted finished sent");
        }
コード例 #16
0
ファイル: HandshakeMessage.cs プロジェクト: juhovh/AaltoTLS
        public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data)
        {
            HandshakeMessage ret = null;

            switch ((HandshakeMessageType) data[0]) {
            case HandshakeMessageType.HelloRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version);
                break;
            case HandshakeMessageType.ClientHello:
                ret = new HandshakeClientHello();
                break;
            case HandshakeMessageType.ServerHello:
                ret = new HandshakeServerHello();
                break;
            case HandshakeMessageType.HelloVerifyRequest:
                ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version);
                break;
            case HandshakeMessageType.NewSessionTicket:
                ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version);
                break;
            case HandshakeMessageType.Certificate:
                ret = new HandshakeCertificate(version);
                break;
            case HandshakeMessageType.ServerKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version);
                break;
            case HandshakeMessageType.CertificateRequest:
                ret = new HandshakeCertificateRequest(version);
                break;
            case HandshakeMessageType.ServerHelloDone:
                ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version);
                break;
            case HandshakeMessageType.CertificateVerify:
                ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version);
                break;
            case HandshakeMessageType.ClientKeyExchange:
                ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version);
                break;
            case HandshakeMessageType.Finished:
                ret = new HandshakeMessage(HandshakeMessageType.Finished, version);
                break;
            }

            if (ret != null) {
                ret.Decode(data);
                return ret;
            }
            return null;
        }
コード例 #17
0
        protected override void ProcessCertificateVerify(HandshakeMessage verify)
        {
            if (_state != HandshakeState.ReceivedClientKeyExchange) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Certificate verify received at the wrong time");
            }
            if (!_clientCertificateReceived) {
                throw new AlertException(AlertDescription.UnexpectedMessage,
                                         "Certificate verify received even though client certificate not received");
            }

            // Get all handshake messages up to, but not including, this one
            byte[] allMessages = _handshakeStream.ToArray();
            byte[] handshakeMessages = new byte[allMessages.Length - verify.Encode().Length];
            Buffer.BlockCopy(allMessages, 0, handshakeMessages, 0, handshakeMessages.Length);

            // Verify the signature of handshake messages
            CertificatePublicKey publicKey = new CertificatePublicKey(_clientCertificates[0]);
            bool signatureOk = VerifySignature(publicKey, handshakeMessages, verify.Data);
            if (!signatureOk) {
                throw new AlertException(AlertDescription.DecodeError,
                                         "Signature from client incorrect");
            }

            // Wait for changecipherspec+finished
            _state = HandshakeState.ReceivedClientKeyExchange;
        }