private void ProcessHelloVerifyRequest(IByteBuffer body) { ProtocolVersion recordLayerVersion = recordLayer.GetReadVersion(); ProtocolVersion client_version = clientState.ClientContext.ClientVersion; if (!recordLayerVersion.IsEqualOrEarlierVersionOf(client_version)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } recordLayer.SetReadVersion(null); ProtocolVersion server_version = ProtocolVersion.Get(body.ReadByte() & 0xFF, body.ReadByte() & 0xFF); byte[] cookie = new byte[body.ReadByte()]; body.ReadBytes(cookie); if (!server_version.IsEqualOrEarlierVersionOf(clientState.ClientContext.ClientVersion)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (!ProtocolVersion.DTLSv12.IsEqualOrEarlierVersionOf(server_version) && cookie.Length > 32) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } ((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters).SetCookie(cookie); }
public virtual ProtocolVersion GetServerVersion() { if (MinimumVersion.IsEqualOrEarlierVersionOf(mClientVersion)) { ProtocolVersion maximumVersion = MaximumVersion; if (mClientVersion.IsEqualOrEarlierVersionOf(maximumVersion)) { return(mServerVersion = mClientVersion); } if (mClientVersion.IsLaterVersionOf(maximumVersion)) { return(mServerVersion = maximumVersion); } } throw new TlsFatalAlert(70); }
protected virtual void SendServerHelloMessage() { HandshakeMessage handshakeMessage = new HandshakeMessage(2); ProtocolVersion serverVersion = mTlsServer.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(Context.ClientVersion)) { throw new TlsFatalAlert(80); } mRecordStream.ReadVersion = serverVersion; mRecordStream.SetWriteVersion(serverVersion); mRecordStream.SetRestrictReadVersion(enabled: true); ContextAdmin.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(serverVersion, handshakeMessage); handshakeMessage.Write(mSecurityParameters.serverRandom); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage); int selectedCipherSuite = mTlsServer.GetSelectedCipherSuite(); if (!Arrays.Contains(mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, Context.ServerVersion)) { throw new TlsFatalAlert(80); } mSecurityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = mTlsServer.GetSelectedCompressionMethod(); if (!Arrays.Contains(mOfferedCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } mSecurityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage); TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage); mServerExtensions = mTlsServer.GetServerExtensions(); if (mSecureRenegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(mServerExtensions, 65281); if (null == extensionData) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (mSecurityParameters.extendedMasterSecret) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(mServerExtensions); } if (mServerExtensions != null) { mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(mServerExtensions); mSecurityParameters.maxFragmentLength = ProcessMaxFragmentLengthExtension(mClientExtensions, mServerExtensions, 80); mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(mServerExtensions); mAllowCertificateStatus = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 5, 80)); mExpectSessionTicket = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 35, 80)); TlsProtocol.WriteExtensions(handshakeMessage, mServerExtensions); } mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite); mSecurityParameters.verifyDataLength = 12; ApplyMaxFragmentLengthExtension(); handshakeMessage.WriteToRecordStream(this); }