| protected static WriteExtensions ( Stream output, IDictionary extensions ) : void | ||
| output | Stream | |
| extensions | IDictionary | |
| return | void | |
protected virtual byte[] GenerateServerHello(DtlsServerProtocol.ServerHandshakeState state)
{
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
MemoryStream memoryStream = new MemoryStream();
ProtocolVersion serverVersion = state.server.GetServerVersion();
if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
{
throw new TlsFatalAlert(80);
}
state.serverContext.SetServerVersion(serverVersion);
TlsUtilities.WriteVersion(state.serverContext.ServerVersion, memoryStream);
memoryStream.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream);
int selectedCipherSuite = state.server.GetSelectedCipherSuite();
if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
{
throw new TlsFatalAlert(80);
}
DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80);
securityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();
if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(80);
}
securityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, memoryStream);
TlsUtilities.WriteUint8(selectedCompressionMethod, memoryStream);
state.serverExtensions = state.server.GetServerExtensions();
if (state.secure_renegotiation)
{
byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281);
bool flag = null == extensionData;
if (flag)
{
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
state.serverExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
}
}
if (securityParameters.extendedMasterSecret)
{
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
}
if (state.serverExtensions != null)
{
securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);
securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80);
securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);
state.allowCertificateStatus = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80));
state.expectSessionTicket = (!state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80));
TlsProtocol.WriteExtensions(memoryStream, state.serverExtensions);
}
securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite);
securityParameters.verifyDataLength = 12;
return(memoryStream.ToArray());
}
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
{
//IL_0000: Unknown result type (might be due to invalid IL or missing references)
//IL_0006: Expected O, but got Unknown
MemoryStream val = new MemoryStream();
ProtocolVersion clientVersion = client.ClientVersion;
if (!clientVersion.IsDtls)
{
throw new TlsFatalAlert(80);
}
TlsClientContextImpl clientContext = state.clientContext;
clientContext.SetClientVersion(clientVersion);
TlsUtilities.WriteVersion(clientVersion, (Stream)(object)val);
SecurityParameters securityParameters = clientContext.SecurityParameters;
((Stream)val).Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
byte[] array = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
array = state.tlsSession.SessionID;
if (array == null || array.Length > 32)
{
array = TlsUtilities.EmptyBytes;
}
}
TlsUtilities.WriteOpaque8(array, (Stream)(object)val);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val);
bool isFallback = client.IsFallback;
state.offeredCipherSuites = client.GetCipherSuites();
state.clientExtensions = client.GetClientExtensions();
byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
bool flag = null == extensionData;
bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255);
if (flag && flag2)
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
}
if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, (Stream)(object)val);
byte[] array2 = (state.offeredCompressionMethods = new byte[1]);
TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, (Stream)(object)val);
if (state.clientExtensions != null)
{
TlsProtocol.WriteExtensions((Stream)(object)val, state.clientExtensions);
}
return(val.ToArray());
}
protected virtual byte[] GenerateClientHello(DtlsClientProtocol.ClientHandshakeState state, TlsClient client)
{
MemoryStream memoryStream = new MemoryStream();
ProtocolVersion clientVersion = client.ClientVersion;
if (!clientVersion.IsDtls)
{
throw new TlsFatalAlert(80);
}
TlsClientContextImpl clientContext = state.clientContext;
clientContext.SetClientVersion(clientVersion);
TlsUtilities.WriteVersion(clientVersion, memoryStream);
SecurityParameters securityParameters = clientContext.SecurityParameters;
memoryStream.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
byte[] array = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
array = state.tlsSession.SessionID;
if (array == null || array.Length > 32)
{
array = TlsUtilities.EmptyBytes;
}
}
TlsUtilities.WriteOpaque8(array, memoryStream);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream);
bool isFallback = client.IsFallback;
state.offeredCipherSuites = client.GetCipherSuites();
state.clientExtensions = client.GetClientExtensions();
byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
bool flag = null == extensionData;
bool flag2 = !Arrays.Contains(state.offeredCipherSuites, 255);
if (flag && flag2)
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
}
if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, memoryStream);
byte[] offeredCompressionMethods = new byte[1];
state.offeredCompressionMethods = offeredCompressionMethods;
TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, memoryStream);
if (state.clientExtensions != null)
{
TlsProtocol.WriteExtensions(memoryStream, state.clientExtensions);
}
return(memoryStream.ToArray());
}
protected virtual void SendClientHelloMessage()
{
mRecordStream.SetWriteVersion(mTlsClient.ClientHelloRecordLayerVersion);
ProtocolVersion clientVersion = mTlsClient.ClientVersion;
if (clientVersion.IsDtls)
{
throw new TlsFatalAlert(80);
}
ContextAdmin.SetClientVersion(clientVersion);
byte[] array = TlsUtilities.EmptyBytes;
if (mTlsSession != null)
{
array = mTlsSession.SessionID;
if (array == null || array.Length > 32)
{
array = TlsUtilities.EmptyBytes;
}
}
bool isFallback = mTlsClient.IsFallback;
mOfferedCipherSuites = mTlsClient.GetCipherSuites();
mOfferedCompressionMethods = mTlsClient.GetCompressionMethods();
if (array.Length > 0 && mSessionParameters != null && (!Arrays.Contains(mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm)))
{
array = TlsUtilities.EmptyBytes;
}
mClientExtensions = mTlsClient.GetClientExtensions();
HandshakeMessage handshakeMessage = new HandshakeMessage(1);
TlsUtilities.WriteVersion(clientVersion, (Stream)(object)handshakeMessage);
handshakeMessage.Write(mSecurityParameters.ClientRandom);
TlsUtilities.WriteOpaque8(array, (Stream)(object)handshakeMessage);
byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281);
bool flag = null == extensionData;
bool flag2 = !Arrays.Contains(mOfferedCipherSuites, 255);
if (flag && flag2)
{
mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 255);
}
if (isFallback && !Arrays.Contains(mOfferedCipherSuites, 22016))
{
mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 22016);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, (Stream)(object)handshakeMessage);
TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, (Stream)(object)handshakeMessage);
if (mClientExtensions != null)
{
TlsProtocol.WriteExtensions((Stream)(object)handshakeMessage, mClientExtensions);
}
handshakeMessage.WriteToRecordStream(this);
}
protected virtual void SendClientHelloMessage()
{
base.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion);
ProtocolVersion clientVersion = this.mTlsClient.ClientVersion;
if (clientVersion.IsDtls)
{
throw new TlsFatalAlert(80);
}
this.ContextAdmin.SetClientVersion(clientVersion);
byte[] emptyBytes = TlsUtilities.EmptyBytes;
if (base.mTlsSession != null)
{
emptyBytes = base.mTlsSession.SessionID;
if ((emptyBytes == null) || (emptyBytes.Length > 0x20))
{
emptyBytes = TlsUtilities.EmptyBytes;
}
}
bool isFallback = this.mTlsClient.IsFallback;
base.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites();
base.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods();
if (((emptyBytes.Length > 0) && (base.mSessionParameters != null)) && (!Arrays.Contains(base.mOfferedCipherSuites, base.mSessionParameters.CipherSuite) || !Arrays.Contains(base.mOfferedCompressionMethods, base.mSessionParameters.CompressionAlgorithm)))
{
emptyBytes = TlsUtilities.EmptyBytes;
}
base.mClientExtensions = this.mTlsClient.GetClientExtensions();
TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(1);
TlsUtilities.WriteVersion(clientVersion, output);
output.Write(base.mSecurityParameters.ClientRandom);
TlsUtilities.WriteOpaque8(emptyBytes, output);
byte[] extensionData = TlsUtilities.GetExtensionData(base.mClientExtensions, 0xff01);
bool flag2 = null == extensionData;
bool flag3 = !Arrays.Contains(base.mOfferedCipherSuites, 0xff);
if (flag2 && flag3)
{
base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0xff);
}
if (isFallback && !Arrays.Contains(base.mOfferedCipherSuites, 0x5600))
{
base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0x5600);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(base.mOfferedCipherSuites, output);
TlsUtilities.WriteUint8ArrayWithUint8Length(base.mOfferedCompressionMethods, output);
if (base.mClientExtensions != null)
{
TlsProtocol.WriteExtensions(output, base.mClientExtensions);
}
output.WriteToRecordStream(this);
}
public Builder SetServerExtensions(IDictionary serverExtensions)
{
if (serverExtensions == null)
{
mEncodedServerExtensions = null;
}
else
{
MemoryStream buf = new MemoryStream();
TlsProtocol.WriteExtensions(buf, serverExtensions);
mEncodedServerExtensions = buf.ToArray();
}
return(this);
}
public SessionParameters.Builder SetServerExtensions(IDictionary serverExtensions)
{
if (serverExtensions == null)
{
this.mEncodedServerExtensions = null;
}
else
{
MemoryStream output = new MemoryStream();
TlsProtocol.WriteExtensions(output, serverExtensions);
this.mEncodedServerExtensions = output.ToArray();
}
return(this);
}
public Builder SetServerExtensions(IDictionary serverExtensions)
{
//IL_000c: Unknown result type (might be due to invalid IL or missing references)
//IL_0012: Expected O, but got Unknown
if (serverExtensions == null)
{
mEncodedServerExtensions = null;
}
else
{
MemoryStream val = new MemoryStream();
TlsProtocol.WriteExtensions((Stream)(object)val, serverExtensions);
mEncodedServerExtensions = val.ToArray();
}
return(this);
}
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
{
MemoryStream buf = new MemoryStream();
ProtocolVersion client_version = client.ClientVersion;
if (!client_version.IsDtls)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
TlsClientContextImpl context = state.clientContext;
context.SetClientVersion(client_version);
TlsUtilities.WriteVersion(client_version, buf);
SecurityParameters securityParameters = context.SecurityParameters;
buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
// Session ID
byte[] session_id = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
session_id = state.tlsSession.SessionID;
if (session_id == null || session_id.Length > 32)
{
session_id = TlsUtilities.EmptyBytes;
}
}
TlsUtilities.WriteOpaque8(session_id, buf);
// Cookie
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);
bool fallback = client.IsFallback;
/*
* Cipher suites
*/
state.offeredCipherSuites = client.GetCipherSuites();
// Integer -> byte[]
state.clientExtensions = client.GetClientExtensions();
securityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(state.clientExtensions);
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
* or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
* ClientHello. Including both is NOT RECOMMENDED.
*/
byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (noRenegExt && noRenegSCSV)
{
// TODO Consider whether to default to a client extension instead
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
}
/*
* draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
* containing a lower value than the latest (highest-valued) version supported by the
* client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
* ClientHello.cipher_suites.
*/
if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
}
// TODO Add support for compression
// Compression methods
// state.offeredCompressionMethods = client.getCompressionMethods();
state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null };
TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf);
// Extensions
if (state.clientExtensions != null)
{
TlsProtocol.WriteExtensions(buf, state.clientExtensions);
}
return(buf.ToArray());
}
protected virtual byte[] GenerateServerHello(ServerHandshakeState state)
{
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
MemoryStream buf = new MemoryStream();
{
ProtocolVersion server_version = state.server.GetServerVersion();
if (!server_version.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
// TODO Read RFCs for guidance on the expected record layer version number
// recordStream.setReadVersion(server_version);
// recordStream.setWriteVersion(server_version);
// recordStream.setRestrictReadVersion(true);
state.serverContext.SetServerVersion(server_version);
TlsUtilities.WriteVersion(state.serverContext.ServerVersion, buf);
}
buf.Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
/*
* The server may return an empty session_id to indicate that the session will not be cached
* and therefore cannot be resumed.
*/
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);
int selectedCipherSuite = state.server.GetSelectedCipherSuite();
if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) ||
selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL ||
CipherSuite.IsScsv(selectedCipherSuite) ||
!TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ValidateSelectedCipherSuite(selectedCipherSuite, AlertDescription.internal_error);
securityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();
if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
securityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, buf);
TlsUtilities.WriteUint8(selectedCompressionMethod, buf);
state.serverExtensions = state.server.GetServerExtensions();
/*
* RFC 5746 3.6. Server Behavior: Initial Handshake
*/
if (state.secure_renegotiation)
{
byte[] renegExtData = TlsUtilities.GetExtensionData(state.serverExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
if (noRenegExt)
{
/*
* Note that sending a "renegotiation_info" extension in response to a ClientHello
* containing only the SCSV is an explicit exception to the prohibition in RFC 5246,
* Section 7.4.1.4, on the server sending unsolicited extensions and is only allowed
* because the client is signaling its willingness to receive the extension via the
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV.
*/
/*
* If the secure_renegotiation flag is set to TRUE, the server MUST include an empty
* "renegotiation_info" extension in the ServerHello message.
*/
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
state.serverExtensions[ExtensionType.renegotiation_info] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
}
}
if (securityParameters.extendedMasterSecret)
{
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
}
/*
* TODO RFC 3546 2.3 If [...] the older session is resumed, then the server MUST ignore
* extensions appearing in the client hello, and send a server hello containing no
* extensions.
*/
if (state.serverExtensions != null)
{
securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);
securityParameters.maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession,
state.clientExtensions, state.serverExtensions, AlertDescription.internal_error);
securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);
/*
* TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
* a session resumption handshake.
*/
state.allowCertificateStatus = !state.resumedSession &&
TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.status_request,
AlertDescription.internal_error);
state.expectSessionTicket = !state.resumedSession &&
TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.session_ticket,
AlertDescription.internal_error);
TlsProtocol.WriteExtensions(buf, state.serverExtensions);
}
securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext,
securityParameters.CipherSuite);
/*
* RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length
* has a verify_data_length equal to 12. This includes all existing cipher suites.
*/
securityParameters.verifyDataLength = 12;
return(buf.ToArray());
}
protected virtual void SendServerHelloMessage()
{
TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(2);
ProtocolVersion serverVersion = this.mTlsServer.GetServerVersion();
if (!serverVersion.IsEqualOrEarlierVersionOf(this.Context.ClientVersion))
{
throw new TlsFatalAlert(80);
}
this.mRecordStream.ReadVersion = serverVersion;
this.mRecordStream.SetWriteVersion(serverVersion);
this.mRecordStream.SetRestrictReadVersion(true);
this.ContextAdmin.SetServerVersion(serverVersion);
TlsUtilities.WriteVersion(serverVersion, handshakeMessage);
handshakeMessage.Write(this.mSecurityParameters.serverRandom);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage);
int selectedCipherSuite = this.mTlsServer.GetSelectedCipherSuite();
if (!Arrays.Contains(this.mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, this.Context.ServerVersion))
{
throw new TlsFatalAlert(80);
}
this.mSecurityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = this.mTlsServer.GetSelectedCompressionMethod();
if (!Arrays.Contains(this.mOfferedCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(80);
}
this.mSecurityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage);
TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage);
this.mServerExtensions = this.mTlsServer.GetServerExtensions();
if (this.mSecureRenegotiation)
{
byte[] extensionData = TlsUtilities.GetExtensionData(this.mServerExtensions, 65281);
bool flag = null == extensionData;
if (flag)
{
this.mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions);
this.mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
}
}
if (this.mSecurityParameters.extendedMasterSecret)
{
this.mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mServerExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(this.mServerExtensions);
}
if (this.mServerExtensions != null)
{
this.mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(this.mServerExtensions);
this.mSecurityParameters.maxFragmentLength = this.ProcessMaxFragmentLengthExtension(this.mClientExtensions, this.mServerExtensions, 80);
this.mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(this.mServerExtensions);
this.mAllowCertificateStatus = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 5, 80));
this.mExpectSessionTicket = (!this.mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(this.mServerExtensions, 35, 80));
TlsProtocol.WriteExtensions(handshakeMessage, this.mServerExtensions);
}
this.mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(this.Context, this.mSecurityParameters.CipherSuite);
this.mSecurityParameters.verifyDataLength = 12;
this.ApplyMaxFragmentLengthExtension();
handshakeMessage.WriteToRecordStream(this);
}
protected virtual byte[] GenerateServerHello(ServerHandshakeState state)
{
//IL_000c: Unknown result type (might be due to invalid IL or missing references)
//IL_0012: Expected O, but got Unknown
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
MemoryStream val = new MemoryStream();
ProtocolVersion serverVersion = state.server.GetServerVersion();
if (!serverVersion.IsEqualOrEarlierVersionOf(state.serverContext.ClientVersion))
{
throw new TlsFatalAlert(80);
}
state.serverContext.SetServerVersion(serverVersion);
TlsUtilities.WriteVersion(state.serverContext.ServerVersion, (Stream)(object)val);
((Stream)val).Write(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val);
int selectedCipherSuite = state.server.GetSelectedCipherSuite();
if (!Arrays.Contains(state.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, state.serverContext.ServerVersion))
{
throw new TlsFatalAlert(80);
}
DtlsProtocol.ValidateSelectedCipherSuite(selectedCipherSuite, 80);
securityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = state.server.GetSelectedCompressionMethod();
if (!Arrays.Contains(state.offeredCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(80);
}
securityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, (Stream)(object)val);
TlsUtilities.WriteUint8(selectedCompressionMethod, (Stream)(object)val);
state.serverExtensions = state.server.GetServerExtensions();
if (state.secure_renegotiation)
{
byte[] extensionData = TlsUtilities.GetExtensionData(state.serverExtensions, 65281);
if (null == extensionData)
{
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
state.serverExtensions.set_Item((object)65281, (object)TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes));
}
}
if (securityParameters.extendedMasterSecret)
{
state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(state.serverExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions);
}
if (state.serverExtensions != null)
{
securityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(state.serverExtensions);
securityParameters.maxFragmentLength = DtlsProtocol.EvaluateMaxFragmentLengthExtension(state.resumedSession, state.clientExtensions, state.serverExtensions, 80);
securityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(state.serverExtensions);
state.allowCertificateStatus = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 5, 80);
state.expectSessionTicket = !state.resumedSession && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, 35, 80);
TlsProtocol.WriteExtensions((Stream)(object)val, state.serverExtensions);
}
securityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(state.serverContext, securityParameters.CipherSuite);
securityParameters.verifyDataLength = 12;
return(val.ToArray());
}
protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
{
ProtocolVersion client_version = client.ClientVersion;
if (!client_version.IsDtls)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
TlsClientContextImpl context = state.clientContext;
context.SetClientVersion(client_version);
SecurityParameters securityParameters = context.SecurityParameters;
// Session ID
byte[] session_id = TlsUtilities.EmptyBytes;
if (state.tlsSession != null)
{
session_id = state.tlsSession.SessionID;
if (session_id == null || session_id.Length > 32)
{
session_id = TlsUtilities.EmptyBytes;
}
}
bool fallback = client.IsFallback;
state.offeredCipherSuites = client.GetCipherSuites();
if (session_id.Length > 0 && state.sessionParameters != null)
{
if (!state.sessionParameters.IsExtendedMasterSecret ||
!Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) ||
CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm)
{
session_id = TlsUtilities.EmptyBytes;
}
}
state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions());
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions);
MemoryStream buf = new MemoryStream();
TlsUtilities.WriteVersion(client_version, buf);
buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
TlsUtilities.WriteOpaque8(session_id, buf);
// Cookie
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);
// Cipher Suites (and SCSV)
{
/*
* RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
* or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
* ClientHello. Including both is NOT RECOMMENDED.
*/
byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
bool noRenegExt = (null == renegExtData);
bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (noRenegExt && noRenegSCSV)
{
// TODO Consider whether to default to a client extension instead
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
}
/*
* RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value
* than the latest (highest-valued) version supported by the client, it SHOULD include
* the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The
* client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends
* to negotiate.)
*/
if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
{
state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
}
TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf);
TlsProtocol.WriteExtensions(buf, state.clientExtensions);
return(buf.ToArray());
}
