public override string ToString()
{
return(ClientHello.ToString() + Environment.NewLine +
ServerHello.ToString() + Environment.NewLine +
ClientKeyExchange.ToString() + Environment.NewLine +
Finished.ToString());
}
private void SendClientKeyExchange()
{
var preMasterSecret = TLS12.GetPreMasterSecret();
_session.MasterSecret = TLS12.GetMasterSecret(preMasterSecret, _session.ClientRandom, _session.ServerRandom);
var clientKeyExchange = new ClientKeyExchange
{
SessionId = _session.Id,
PreMasterSecret = preMasterSecret
};
var serverRsa = Rsa.CreateFromPublicPEM(_session.RSAPublicPem);
var request = new SecurityLayerMessage
{
Type = SecurityMessageType.ClientKeyExchange,
Data = serverRsa.Encrypt(_serializer.Serialize <ClientKeyExchange>(clientKeyExchange))
};
var requestBytes = _serializer.Serialize <SecurityLayerMessage>(request);
Send(requestBytes);
var responseBytes = Receive();
var message = _serializer.Deserialize <SecurityLayerMessage>(responseBytes);
var serverFinished = _serializer.Deserialize <ServerFinished>(message.Data);
_session.Id = serverFinished.SessionId;
var keys = TLS12.GetKeys(_session.MasterSecret, _session.ClientRandom, _session.ServerRandom);
_session.ClientWriteMACKey = TLS12.GetClientWriteMACKey(keys);
_session.ServerWriteMACKey = TLS12.GetServerWriteMACKey(keys);
_session.ClientWriteKey = TLS12.GetClientWriteKey(keys);
_session.ServerWriteKey = TLS12.GetServerWriteKey(keys);
_session.IsAuthenticated = true;
}
void ProcessHandshake()
{
ClientHello clientHello = _recordLayer.Read() as ClientHello;
if (clientHello == null)
{
throw new Exception();
}
Console.WriteLine("[TLSServer] Receive ClientHello Version: {0}", clientHello.Version);
Console.WriteLine("[TLSServer] CipherSuites");
for (int i = 0; i < clientHello.CipherSuites.Length; i++)
{
Console.WriteLine(" {0}", clientHello.CipherSuites[i]);
}
CipherSuite selected = _selector.Select(clientHello.CipherSuites);
Console.WriteLine("[TLSServer] CipherSuite Selected. {0}", selected);
if (selected == CipherSuite.NONE)
{
// Alertを送るべき?
throw new Exception();
}
CipherSuiteInfo selectedInfo = SupportedCipherSuites.GetSuiteInfo(selected);
_sparams.SetVersion(clientHello.Version);
_sparams.SetCipherSuite(selected, _signAlgo);
_sparams.ClientRandom = clientHello.Random;
_recordLayer.ProtocolVersion = clientHello.Version;
byte[] serverRandom = new byte[RandomData.Size];
Extension[] serverExtensions = null;
if (selectedInfo.IsECC)
{
serverExtensions = new Extension[] { new Extension(ExtensionType.EcPointFormats, new byte[] { 1, 0 }) }
}
;
RandomData.CreateRandomData(serverRandom, 0);
_sparams.ServerRandom = serverRandom;
ServerHello serverHello = new ServerHello(clientHello.Version, serverRandom, Utility.EmptyByteArray, selected, CompressionMethod.Null, serverExtensions);
_recordLayer.Write(serverHello);
Certificate serverCert = new Certificate(_certs);
_recordLayer.Write(serverCert);
if (Utility.IsNeedServerKeyExchangeMessage(_states.SecurityParameters.KeyExchangeAlgorithm))
{
ServerKeyExchange serverExchange = new ServerKeyExchange(_sparams);
_recordLayer.Write(serverExchange);
}
_recordLayer.Write(new ServerHelloDone());
TLSMessage msg = _recordLayer.Read();
ClientKeyExchange clientExchange = (ClientKeyExchange)msg;
clientExchange.ComputeServerMasterSecret(_sparams);
Console.WriteLine("MasterSecret");
Utility.Dump(_sparams.MasterSecret);
_sparams.ComputeKeyBlock();
ChangeCipherSpec changeCipherSpec = (ChangeCipherSpec)_recordLayer.Read();
_recordLayer.EnableReceiveCipher(_sparams.CreateServerDecryptor(), _sparams.CreateClientWriteHMAC());
Finished finished = (Finished)_recordLayer.Read();
Console.WriteLine("VerifyData");
Utility.Dump(finished.VerifyData);
Console.WriteLine("Computed VerifyData");
byte[] verifyData = _sparams.ComputeFinishedVerifyData(false);
Utility.Dump(verifyData);
if (!Utility.Equals(finished.VerifyData, 0, verifyData, 0, verifyData.Length))
{
throw new Exception();
}
_recordLayer.Write(ChangeCipherSpec.Instance);
_recordLayer.EnableSendCipher(_sparams.CreateServerEncryptor(), _sparams.CreateServerWriteHMAC());
_recordLayer.ComputeHandshakeHash(true);
verifyData = _sparams.ComputeFinishedVerifyData(true);
Console.WriteLine("Finished VerifyData");
Utility.Dump(verifyData);
finished = new Finished(_recordLayer.ProtocolVersion, verifyData);
_recordLayer.Write(finished);
}
static void Main()
{
LibTLSClient cSSL;
Common cf;
Encryption e;
Cipher c;
ClientHello clientHello;
ClientKeyExchange cke;
int debug = 0;
String request = "";
string[] args = Environment.GetCommandLineArgs();
try
{
debug = (int)UInt32.Parse(args[4]);
if (debug == 1)
{
Console.WriteLine("Server: {0} Port: {1} Cipher: {2} Debug: {3}", args[1], args[2], args[3], args[4]);
}
request = args[5];
cf = new Common(debug);
e = new Encryption();
cSSL = new LibTLSClient(cf, e);
cSSL.cipher = UInt32.Parse(args[3], System.Globalization.NumberStyles.HexNumber);
c = new Cipher((ushort)cSSL.cipher);
cSSL.cipherObj = c;
cSSL.serverIP = args[1];
}
catch (Exception ex)
{
Console.WriteLine("<prog> <ip/fqdn> <port> <cipher hex> <debug [0/1/2]> <a GET request>");
Console.WriteLine("Example: TLSClient.exe 10.209.113.104 443 002f 2 \"GET / HTTP/1.1\"");
return;
}
if (c.Supported() == false)
{
Console.WriteLine("Cipher Suite not supported currently");
Console.WriteLine("Please try 002f/0035/003c/003d/009c/009d");
return;
}
cSSL.CreateTCPConn(args[1], Convert.ToInt32(args[2]));
cf.HandleResult(cSSL.errorCode, "TCP Connection");
cf.ExitOnError(cSSL.errorCode);
cSSL.InitBufs();
List <UInt32> cipher_suites = new List <UInt32>();
cipher_suites.Add(cSSL.cipher);
String clientIP = cSSL.GetIPAddress();
String serverIP = cSSL.serverIP;
clientHello = new ClientHello(clientIP, serverIP, 3, 3, false, cipher_suites);
List <byte> chello_hs = clientHello.Get();
List <byte> crandom = clientHello.GetRandom();
cSSL.StoreClientHelloParams(crandom);
cSSL.SendHandshakeMessage(chello_hs, 0x1);
cf.ExitOnError(cSSL.errorCode);
cSSL.ReceiveHandshakeMessage();
cf.ExitOnError(cSSL.errorCode);
cSSL.ParseServerHandshakeMessages();
cf.ExitOnError(cSSL.errorCode);
if (cSSL.HasServerKeyExchange())
{
cke = new ClientKeyExchange(cf, cSSL.sCert_hs, 3, 3, cSSL.sKeyExch_hs, (String)"ECDHE");
}
else
{
cke = new ClientKeyExchange(cf, cSSL.sCert_hs, 3, 3, null, (String)"RSA");
}
List <byte> cke_hs = cke.CreateCKE();
cSSL.StoreCKEParams(cke_hs, cke.GetPremasterSecret(), cke.ecdhCngClient, cke.server_pub_key, cke.client_pub_key);
cSSL.SendHandshakeMessage(cke_hs, 0x10);
cf.ExitOnError(cSSL.errorCode);
cSSL.PrintHandshakeMessages();
cSSL.SendChangeCipherSpec();
cSSL.ComputeMasterSecret();
cSSL.ComputeVerifyData();
cSSL.ComputeKeys();
cSSL.SendClientFinished();
cSSL.ReadServerFinished();
cf.debugPrint(cSSL.ErrorCodeToString(cSSL.errorCode));
if (cSSL.errorCode != 0)
{
return;
}
cSSL.SendHTTPSData(request);
cSSL.ReadHTTPSData();
cf.debugPrint(cSSL.ErrorCodeToString(cSSL.errorCode));
cSSL.ParseHTTPSData();
byte[] dec = cSSL.DecryptResp();
String dec_s = Encoding.ASCII.GetString(dec, 0, dec.Length);
if ((dec_s.IndexOf("HTTP") == 0) && (debug == 0))
{
Console.WriteLine("{0} Successful", cSSL.cipherObj.cipher_name);
}
if ((debug == 2) || (debug == 1))
{
Console.WriteLine(dec_s);
}
}
