protected static WriteExtensions ( Stream output, IDictionary extensions ) : void | ||
output | Stream | |
extensions | IDictionary | |
return | void |
protected virtual byte[] GenerateServerHello(DtlsServerProtocol.ServerHandshakeState state) { SecurityParameters securityParameters = state.serverContext.SecurityParameters; MemoryStream memoryStream = new MemoryStream(); ProtocolVersion serverVersion = state.server.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion)) { throw new TlsFatalAlert(80); } state.serverContext.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(state.serverContext.ServerVersion, memoryStream); memoryStream.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream); int selectedCipherSuite = state.server.GetSelectedCipherSuite(); if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion)) { throw new TlsFatalAlert(80); } DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80); securityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod(); if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } securityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, memoryStream); TlsUtilities.WriteUint8(selectedCompressionMethod, memoryStream); state.serverExtensions = state.server.GetServerExtensions(); if (state.secure_renegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281); bool flag = null == extensionData; if (flag) { state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); state.serverExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (securityParameters.extendedMasterSecret) { state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions); } if (state.serverExtensions != null) { securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions); securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80); securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions); state.allowCertificateStatus = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80)); state.expectSessionTicket = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80)); TlsProtocol.WriteExtensions(memoryStream, state.serverExtensions); } securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite); securityParameters.verifyDataLength = 12; return(memoryStream.ToArray()); }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { //IL_0000: Unknown result type (might be due to invalid IL or missing references) //IL_0006: Expected O, but got Unknown MemoryStream val = new MemoryStream(); ProtocolVersion clientVersion = client.ClientVersion; if (!clientVersion.IsDtls) { throw new TlsFatalAlert(80); } TlsClientContextImpl clientContext = state.clientContext; clientContext.SetClientVersion(clientVersion); TlsUtilities.WriteVersion(clientVersion, (Stream)(object)val); SecurityParameters securityParameters = clientContext.SecurityParameters; ((Stream)val).Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); byte[] array = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { array = state.tlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(array, (Stream)(object)val); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val); bool isFallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); state.clientExtensions = client.GetClientExtensions(); byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255); if (flag && flag2) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255); } if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, (Stream)(object)val); byte[] array2 = (state.offeredCompressionMethods = new byte[1]); TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, (Stream)(object)val); if (state.clientExtensions != null) { TlsProtocol.WriteExtensions((Stream)(object)val, state.clientExtensions); } return(val.ToArray()); }
protected virtual byte[] GenerateClientHello(DtlsClientProtocol.ClientHandshakeState state, TlsClient client) { MemoryStream memoryStream = new MemoryStream(); ProtocolVersion clientVersion = client.ClientVersion; if (!clientVersion.IsDtls) { throw new TlsFatalAlert(80); } TlsClientContextImpl clientContext = state.clientContext; clientContext.SetClientVersion(clientVersion); TlsUtilities.WriteVersion(clientVersion, memoryStream); SecurityParameters securityParameters = clientContext.SecurityParameters; memoryStream.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); byte[] array = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { array = state.tlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(array, memoryStream); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream); bool isFallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); state.clientExtensions = client.GetClientExtensions(); byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255); if (flag && flag2) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255); } if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, memoryStream); byte[] offeredCompressionMethods = new byte[1]; state.offeredCompressionMethods = offeredCompressionMethods; TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, memoryStream); if (state.clientExtensions != null) { TlsProtocol.WriteExtensions(memoryStream, state.clientExtensions); } return(memoryStream.ToArray()); }
protected virtual void SendClientHelloMessage() { mRecordStream.SetWriteVersion(mTlsClient.ClientHelloRecordLayerVersion); ProtocolVersion clientVersion = mTlsClient.ClientVersion; if (clientVersion.IsDtls) { throw new TlsFatalAlert(80); } ContextAdmin.SetClientVersion(clientVersion); byte[] array = TlsUtilities.EmptyBytes; if (mTlsSession != null) { array = mTlsSession.SessionID; if (array == null || array.Length > 32) { array = TlsUtilities.EmptyBytes; } } bool isFallback = mTlsClient.IsFallback; mOfferedCipherSuites = mTlsClient.GetCipherSuites(); mOfferedCompressionMethods = mTlsClient.GetCompressionMethods(); if (array.Length > 0 && mSessionParameters != null && (!Arrays.Contains(mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm))) { array = TlsUtilities.EmptyBytes; } mClientExtensions = mTlsClient.GetClientExtensions(); HandshakeMessage handshakeMessage = new HandshakeMessage(1); TlsUtilities.WriteVersion(clientVersion, (Stream)(object)handshakeMessage); handshakeMessage.Write(mSecurityParameters.ClientRandom); TlsUtilities.WriteOpaque8(array, (Stream)(object)handshakeMessage); byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281); bool flag = null == extensionData; bool flag2 = !Arrays.Contains(mOfferedCipherSuites, 255); if (flag && flag2) { mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 255); } if (isFallback && !Arrays.Contains(mOfferedCipherSuites, 22016)) { mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 22016); } TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, (Stream)(object)handshakeMessage); TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, (Stream)(object)handshakeMessage); if (mClientExtensions != null) { TlsProtocol.WriteExtensions((Stream)(object)handshakeMessage, mClientExtensions); } handshakeMessage.WriteToRecordStream(this); }
protected virtual void SendClientHelloMessage() { base.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion); ProtocolVersion clientVersion = this.mTlsClient.ClientVersion; if (clientVersion.IsDtls) { throw new TlsFatalAlert(80); } this.ContextAdmin.SetClientVersion(clientVersion); byte[] emptyBytes = TlsUtilities.EmptyBytes; if (base.mTlsSession != null) { emptyBytes = base.mTlsSession.SessionID; if ((emptyBytes == null) || (emptyBytes.Length > 0x20)) { emptyBytes = TlsUtilities.EmptyBytes; } } bool isFallback = this.mTlsClient.IsFallback; base.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites(); base.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods(); if (((emptyBytes.Length > 0) && (base.mSessionParameters != null)) && (!Arrays.Contains(base.mOfferedCipherSuites, base.mSessionParameters.CipherSuite) || !Arrays.Contains(base.mOfferedCompressionMethods, base.mSessionParameters.CompressionAlgorithm))) { emptyBytes = TlsUtilities.EmptyBytes; } base.mClientExtensions = this.mTlsClient.GetClientExtensions(); TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(1); TlsUtilities.WriteVersion(clientVersion, output); output.Write(base.mSecurityParameters.ClientRandom); TlsUtilities.WriteOpaque8(emptyBytes, output); byte[] extensionData = TlsUtilities.GetExtensionData(base.mClientExtensions, 0xff01); bool flag2 = null == extensionData; bool flag3 = !Arrays.Contains(base.mOfferedCipherSuites, 0xff); if (flag2 && flag3) { base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0xff); } if (isFallback && !Arrays.Contains(base.mOfferedCipherSuites, 0x5600)) { base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0x5600); } TlsUtilities.WriteUint16ArrayWithUint16Length(base.mOfferedCipherSuites, output); TlsUtilities.WriteUint8ArrayWithUint8Length(base.mOfferedCompressionMethods, output); if (base.mClientExtensions != null) { TlsProtocol.WriteExtensions(output, base.mClientExtensions); } output.WriteToRecordStream(this); }
public Builder SetServerExtensions(IDictionary serverExtensions) { if (serverExtensions == null) { mEncodedServerExtensions = null; } else { MemoryStream buf = new MemoryStream(); TlsProtocol.WriteExtensions(buf, serverExtensions); mEncodedServerExtensions = buf.ToArray(); } return(this); }
public SessionParameters.Builder SetServerExtensions(IDictionary serverExtensions) { if (serverExtensions == null) { this.mEncodedServerExtensions = null; } else { MemoryStream output = new MemoryStream(); TlsProtocol.WriteExtensions(output, serverExtensions); this.mEncodedServerExtensions = output.ToArray(); } return(this); }
public Builder SetServerExtensions(IDictionary serverExtensions) { //IL_000c: Unknown result type (might be due to invalid IL or missing references) //IL_0012: Expected O, but got Unknown if (serverExtensions == null) { mEncodedServerExtensions = null; } else { MemoryStream val = new MemoryStream(); TlsProtocol.WriteExtensions((Stream)(object)val, serverExtensions); mEncodedServerExtensions = val.ToArray(); } return(this); }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { MemoryStream buf = new MemoryStream(); ProtocolVersion client_version = client.ClientVersion; if (!client_version.IsDtls) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsClientContextImpl context = state.clientContext; context.SetClientVersion(client_version); TlsUtilities.WriteVersion(client_version, buf); SecurityParameters securityParameters = context.SecurityParameters; buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); // Session ID byte[] session_id = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { session_id = state.tlsSession.SessionID; if (session_id == null || session_id.Length > 32) { session_id = TlsUtilities.EmptyBytes; } } TlsUtilities.WriteOpaque8(session_id, buf); // Cookie TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf); bool fallback = client.IsFallback; /* * Cipher suites */ state.offeredCipherSuites = client.GetCipherSuites(); // Integer -> byte[] state.clientExtensions = client.GetClientExtensions(); securityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(state.clientExtensions); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noRenegSCSV) { // TODO Consider whether to default to a client extension instead state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } /* * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version * containing a lower value than the latest (highest-valued) version supported by the * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in * ClientHello.cipher_suites. */ if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf); } // TODO Add support for compression // Compression methods // state.offeredCompressionMethods = client.getCompressionMethods(); state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null }; TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf); // Extensions if (state.clientExtensions != null) { TlsProtocol.WriteExtensions(buf, state.clientExtensions); } return(buf.ToArray()); }
protected virtual byte[] GenerateServerHello(ServerHandshakeState state) { SecurityParameters securityParameters = state.serverContext.SecurityParameters; MemoryStream buf = new MemoryStream(); { ProtocolVersion server_version = state.server.GetServerVersion(); if (!server_version.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion)) { throw new TlsFatalAlert(AlertDescription.internal_error); } // TODO Read RFCs for guidance on the expected record layer version number // recordStream.setReadVersion(server_version); // recordStream.setWriteVersion(server_version); // recordStream.setRestrictReadVersion(true); state.serverContext.SetServerVersion(server_version); TlsUtilities.WriteVersion(state.serverContext.ServerVersion, buf); } buf.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length); /* * The server may return an empty session_id to indicate that the session will not be cached * and therefore cannot be resumed. */ TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf); int selectedCipherSuite = state.server.GetSelectedCipherSuite(); if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion)) { throw new TlsFatalAlert(AlertDescription.internal_error); } ValidateSelectedCipherSuite(selectedCipherSuite, AlertDescription.internal_error); securityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod(); if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(AlertDescription.internal_error); } securityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, buf); TlsUtilities.WriteUint8(selectedCompressionMethod, buf); state.serverExtensions = state.server.GetServerExtensions(); /* * RFC 5746 3.6. Server Behavior: Initial Handshake */ if (state.secure_renegotiation) { byte[] renegExtData = TlsUtilities.GetExtensionData(state.serverExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); if (noRenegExt) { /* * Note that sending a "renegotiation_info" extension in response to a ClientHello * containing only the SCSV is an explicit exception to the prohibition in RFC 5246, * Section 7.4.1.4, on the server sending unsolicited extensions and is only allowed * because the client is signaling its willingness to receive the extension via the * TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. */ /* * If the secure_renegotiation flag is set to TRUE, the server MUST include an empty * "renegotiation_info" extension in the ServerHello message. */ state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); state.serverExtensions[ExtensionType.renegotiation_info] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (securityParameters.extendedMasterSecret) { state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions); } /* * TODO RFC 3546 2.3 If [...] the older session is resumed, then the server MUST ignore * extensions appearing in the client hello, and send a server hello containing no * extensions. */ if (state.serverExtensions != null) { securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions); securityParameters.maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, AlertDescription.internal_error); securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions); /* * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in * a session resumption handshake. */ state.allowCertificateStatus = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.status_request, AlertDescription.internal_error); state.expectSessionTicket = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.session_ticket, AlertDescription.internal_error); TlsProtocol.WriteExtensions(buf, state.serverExtensions); } securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite); /* * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length * has a verify_data_length equal to 12. This includes all existing cipher suites. */ securityParameters.verifyDataLength = 12; return(buf.ToArray()); }
protected virtual void SendServerHelloMessage() { TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(2); ProtocolVersion serverVersion = this.mTlsServer.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(this.Context.ClientVersion)) { throw new TlsFatalAlert(80); } this.mRecordStream.ReadVersion = serverVersion; this.mRecordStream.SetWriteVersion(serverVersion); this.mRecordStream.SetRestrictReadVersion(true); this.ContextAdmin.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(serverVersion, handshakeMessage); handshakeMessage.Write(this.mSecurityParameters.serverRandom); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage); int selectedCipherSuite = this.mTlsServer.GetSelectedCipherSuite(); if (!Arrays.Contains(this.mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, this.Context.ServerVersion)) { throw new TlsFatalAlert(80); } this.mSecurityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = this.mTlsServer.GetSelectedCompressionMethod(); if (!Arrays.Contains(this.mOfferedCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } this.mSecurityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage); TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage); this.mServerExtensions = this.mTlsServer.GetServerExtensions(); if (this.mSecureRenegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(this.mServerExtensions, 65281); bool flag = null == extensionData; if (flag) { this.mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions); this.mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (this.mSecurityParameters.extendedMasterSecret) { this.mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(this.mServerExtensions); } if (this.mServerExtensions != null) { this.mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(this.mServerExtensions); this.mSecurityParameters.maxFragmentLength = this.ProcessMaxFragmentLengthExtension(this.mClientExtensions, this.mServerExtensions, 80); this.mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(this.mServerExtensions); this.mAllowCertificateStatus = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 5, 80)); this.mExpectSessionTicket = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 35, 80)); TlsProtocol.WriteExtensions(handshakeMessage, this.mServerExtensions); } this.mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(this.Context, this.mSecurityParameters.CipherSuite); this.mSecurityParameters.verifyDataLength = 12; this.ApplyMaxFragmentLengthExtension(); handshakeMessage.WriteToRecordStream(this); }
protected virtual byte[] GenerateServerHello(ServerHandshakeState state) { //IL_000c: Unknown result type (might be due to invalid IL or missing references) //IL_0012: Expected O, but got Unknown SecurityParameters securityParameters = state.serverContext.SecurityParameters; MemoryStream val = new MemoryStream(); ProtocolVersion serverVersion = state.server.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion)) { throw new TlsFatalAlert(80); } state.serverContext.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(state.serverContext.ServerVersion, (Stream)(object)val); ((Stream)val).Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val); int selectedCipherSuite = state.server.GetSelectedCipherSuite(); if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion)) { throw new TlsFatalAlert(80); } DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80); securityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod(); if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } securityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, (Stream)(object)val); TlsUtilities.WriteUint8(selectedCompressionMethod, (Stream)(object)val); state.serverExtensions = state.server.GetServerExtensions(); if (state.secure_renegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281); if (null == extensionData) { state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); state.serverExtensions.set_Item((object)65281, (object)TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes)); } } if (securityParameters.extendedMasterSecret) { state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions); } if (state.serverExtensions != null) { securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions); securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80); securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions); state.allowCertificateStatus = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80); state.expectSessionTicket = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80); TlsProtocol.WriteExtensions((Stream)(object)val, state.serverExtensions); } securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite); securityParameters.verifyDataLength = 12; return(val.ToArray()); }
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client) { ProtocolVersion client_version = client.ClientVersion; if (!client_version.IsDtls) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsClientContextImpl context = state.clientContext; context.SetClientVersion(client_version); SecurityParameters securityParameters = context.SecurityParameters; // Session ID byte[] session_id = TlsUtilities.EmptyBytes; if (state.tlsSession != null) { session_id = state.tlsSession.SessionID; if (session_id == null || session_id.Length > 32) { session_id = TlsUtilities.EmptyBytes; } } bool fallback = client.IsFallback; state.offeredCipherSuites = client.GetCipherSuites(); if (session_id.Length > 0 && state.sessionParameters != null) { if (!state.sessionParameters.IsExtendedMasterSecret || !Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) || CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm) { session_id = TlsUtilities.EmptyBytes; } } state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions()); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions); MemoryStream buf = new MemoryStream(); TlsUtilities.WriteVersion(client_version, buf); buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length); TlsUtilities.WriteOpaque8(session_id, buf); // Cookie TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf); // Cipher Suites (and SCSV) { /* * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info); bool noRenegExt = (null == renegExtData); bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noRenegSCSV) { // TODO Consider whether to default to a client extension instead state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } /* * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value * than the latest (highest-valued) version supported by the client, it SHOULD include * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends * to negotiate.) */ if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV); } TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf); } TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf); TlsProtocol.WriteExtensions(buf, state.clientExtensions); return(buf.ToArray()); }