protected virtual void HandleCertificateVerify(TlsCertificateVerify message) { PendingCrypto.CertificateSignatureType = message.Algorithm; PendingCrypto.CertificateSignature = message.Signature; var certificate = PendingCrypto.ClientCertificates [0]; if (!HandshakeParameters.HandshakeMessages.VerifySignature(PendingCrypto.CertificateSignatureType, certificate.RSA, PendingCrypto.CertificateSignature)) { throw new TlsException(AlertDescription.HandshakeFailure); } }
protected override MessageStatus HandleMessage(Message message) { switch (message.Type) { case HandshakeType.Certificate: if (!Session.AskedForCertificate) { throw new TlsException(AlertDescription.UnexpectedMessage); } certificate = (TlsCertificate)message; HandleCertificate(certificate); return(MessageStatus.ContinueNeeded); case HandshakeType.ClientKeyExchange: if (Settings.RequireClientCertificate && certificate == null) { throw new TlsException(AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate."); } keyExchange = (TlsClientKeyExchange)message; HandleClientKeyExchange(keyExchange); return(MessageStatus.ContinueNeeded); case HandshakeType.ChanceCipherSpec: if (Settings.RequireClientCertificate && certificateVerify == null) { throw new TlsException(AlertDescription.UnexpectedMessage, "Missing CertificateVerify message."); } cipherSpec = (TlsChangeCipherSpec)message; HandleChangeCipherSpec(cipherSpec); return(MessageStatus.ContinueNeeded); case HandshakeType.Finished: finished = (TlsFinished)message; HandleFinished(finished); return(MessageStatus.Finished); case HandshakeType.CertificateVerify: certificateVerify = (TlsCertificateVerify)message; HandleCertificateVerify(certificateVerify); return(MessageStatus.ContinueNeeded); default: throw new InvalidOperationException(); } }
protected virtual void HandleCertificateVerify(TlsCertificateVerify message) { Context.SignatureProvider.AssertProtocol(Context, message.Signature.Protocol); if (Context.NegotiatedProtocol == TlsProtocolCode.Tls12) { var signature12 = (SignatureTls12)message.Signature; Context.SignatureProvider.AssertCertificateVerifySignatureAlgorithm(Context, signature12.SignatureAlgorithm); } PendingCrypto.CertificateSignature = message.Signature; var certificate = PendingCrypto.ClientCertificates [0]; if (!HandshakeParameters.HandshakeMessages.VerifySignature(PendingCrypto.CertificateSignature, certificate.RSA)) { throw new TlsException(AlertDescription.HandshakeFailure); } }
protected override MessageStatus HandleMessage (Message message) { switch (message.Type) { case HandshakeType.Certificate: if (!Session.AskedForCertificate) throw new TlsException (AlertDescription.UnexpectedMessage); certificate = (TlsCertificate)message; HandleCertificate (certificate); return MessageStatus.ContinueNeeded; case HandshakeType.ClientKeyExchange: if (Settings.RequireClientCertificate && certificate == null) throw new TlsException (AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate."); keyExchange = (TlsClientKeyExchange)message; HandleClientKeyExchange (keyExchange); return MessageStatus.ContinueNeeded; case HandshakeType.ChanceCipherSpec: if (Settings.RequireClientCertificate && certificateVerify == null) throw new TlsException (AlertDescription.UnexpectedMessage, "Missing CertificateVerify message."); cipherSpec = (TlsChangeCipherSpec)message; HandleChangeCipherSpec (cipherSpec); return MessageStatus.ContinueNeeded; case HandshakeType.Finished: finished = (TlsFinished)message; HandleFinished (finished); return MessageStatus.Finished; case HandshakeType.CertificateVerify: certificateVerify = (TlsCertificateVerify)message; HandleCertificateVerify (certificateVerify); return MessageStatus.ContinueNeeded; default: throw new InvalidOperationException (); } }
private void _read() { _msgType = ((TlsPacket.TlsHandshakeType)m_io.ReadU1()); _length = new TlsLength(m_io, this, m_root); switch (MsgType) { case TlsPacket.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsHelloRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsPacket.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes(Length.Value); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { _body = m_io.ReadBytes(Length.Value); break; } } }
protected virtual void HandleCertificateVerify (TlsCertificateVerify message) { Context.SignatureProvider.AssertProtocol (Context, message.Signature.Protocol); if (Context.NegotiatedProtocol == TlsProtocolCode.Tls12) { var signature12 = (SignatureTls12)message.Signature; Context.SignatureProvider.AssertCertificateVerifySignatureAlgorithm (Context, signature12.SignatureAlgorithm); } PendingCrypto.CertificateSignature = message.Signature; var certificate = PendingCrypto.ClientCertificates [0]; if (!HandshakeParameters.HandshakeMessages.VerifySignature (PendingCrypto.CertificateSignature, certificate.RSA)) throw new TlsException (AlertDescription.HandshakeFailure); }
private void _parse() { _handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1()); _bodyLength = new TlsLength(m_io, this, m_root); switch (HandshakeType) { case TlsRecord.TlsHandshakeType.HelloRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEmpty(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Certificate: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificate(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateVerify: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateVerify(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.Finished: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsFinished(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ClientKeyExchange: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsClientKeyExchange(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHello: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHello(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.CertificateRequest: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsCertificateRequest(io___raw_body, this, m_root); break; } case TlsRecord.TlsHandshakeType.ServerHelloDone: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsServerHelloDone(io___raw_body, this, m_root); break; } default: { __raw_body = m_io.ReadBytes((M_Parent.Length - 4)); var io___raw_body = new KaitaiStream(__raw_body); _body = new TlsEncryptedMessage(io___raw_body, this, m_root); break; } } }