示例#1
0
        /**
         * Sets support for a particular feature.
         */
        private void SetSupportsFeature(byte feature, bool support)
        {
            if (feature == 0)
            {
                throw new ArgumentException("cannot be 0", "feature");
            }

            int i = Array.IndexOf(data, feature);

            if ((i >= 0) == support)
            {
                return;
            }

            if (support)
            {
                data = Arrays.Append(data, feature);
            }
            else
            {
                byte[] temp = new byte[data.Length - 1];
                Array.Copy(data, 0, temp, 0, i);
                Array.Copy(data, i + 1, temp, i, temp.Length - i);
                data = temp;
            }
        }
示例#2
0
        private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context)
        {
            Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator();

            kpg.Init(new Ed448KeyGenerationParameters(Random));

            AsymmetricCipherKeyPair   kp         = kpg.GenerateKeyPair();
            Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private;
            Ed448PublicKeyParameters  publicKey  = (Ed448PublicKeyParameters)kp.Public;

            byte[] msg = new byte[Random.NextInt() & 255];
            Random.NextBytes(msg);

            ISigner signer = CreateSigner(algorithm, context);

            signer.Init(true, privateKey);
            signer.BlockUpdate(msg, 0, msg.Length);
            byte[] signature = signer.GenerateSignature();

            ISigner verifier = CreateSigner(algorithm, context);

            {
                verifier.Init(false, publicKey);
                verifier.BlockUpdate(msg, 0, msg.Length);
                bool shouldVerify = verifier.VerifySignature(signature);

                if (!shouldVerify)
                {
                    Fail("Ed448(" + algorithm + ") signature failed to verify");
                }
            }

            {
                byte[] wrongLengthSignature = Arrays.Append(signature, 0x00);

                verifier.Init(false, publicKey);
                verifier.BlockUpdate(msg, 0, msg.Length);
                bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature);

                if (shouldNotVerify)
                {
                    Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified");
                }
            }

            {
                byte[] badSignature = Arrays.Clone(signature);
                badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));

                verifier.Init(false, publicKey);
                verifier.BlockUpdate(msg, 0, msg.Length);
                bool shouldNotVerify = verifier.VerifySignature(badSignature);

                if (shouldNotVerify)
                {
                    Fail("Ed448(" + algorithm + ") bad signature incorrectly verified");
                }
            }
        }
示例#3
0
 public static byte[] CreateSupportedPointFormatsExtension(byte[] ecPointFormats)
 {
     if (ecPointFormats == null || !Arrays.Contains(ecPointFormats, 0))
     {
         ecPointFormats = Arrays.Append(ecPointFormats, 0);
     }
     return(TlsUtilities.EncodeUint8ArrayWithUint8Length(ecPointFormats));
 }
示例#4
0
 private static byte[] CheckNameType(byte[] nameTypesSeen, byte nameType)
 {
     if (NameType.IsValid(nameType) && !Arrays.Contains(nameTypesSeen, nameType))
     {
         return(Arrays.Append(nameTypesSeen, nameType));
     }
     return(null);
 }
示例#5
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            //IL_0000: Unknown result type (might be due to invalid IL or missing references)
            //IL_0006: Expected O, but got Unknown
            MemoryStream    val           = new MemoryStream();
            ProtocolVersion clientVersion = client.ClientVersion;

            if (!clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            TlsClientContextImpl clientContext = state.clientContext;

            clientContext.SetClientVersion(clientVersion);
            TlsUtilities.WriteVersion(clientVersion, (Stream)(object)val);
            SecurityParameters securityParameters = clientContext.SecurityParameters;

            ((Stream)val).Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            byte[] array = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                array = state.tlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(array, (Stream)(object)val);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, (Stream)(object)val);
            bool isFallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();
            state.clientExtensions    = client.GetClientExtensions();
            byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(state.offeredCipherSuites, 255);

            if (flag && flag2)
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, (Stream)(object)val);
            byte[] array2 = (state.offeredCompressionMethods = new byte[1]);
            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, (Stream)(object)val);
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions((Stream)(object)val, state.clientExtensions);
            }
            return(val.ToArray());
        }
示例#6
0
        protected virtual byte[] GenerateClientHello(DtlsClientProtocol.ClientHandshakeState state, TlsClient client)
        {
            MemoryStream    memoryStream  = new MemoryStream();
            ProtocolVersion clientVersion = client.ClientVersion;

            if (!clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            TlsClientContextImpl clientContext = state.clientContext;

            clientContext.SetClientVersion(clientVersion);
            TlsUtilities.WriteVersion(clientVersion, memoryStream);
            SecurityParameters securityParameters = clientContext.SecurityParameters;

            memoryStream.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            byte[] array = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                array = state.tlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(array, memoryStream);
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, memoryStream);
            bool isFallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();
            state.clientExtensions    = client.GetClientExtensions();
            byte[] extensionData = TlsUtilities.GetExtensionData(state.clientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(state.offeredCipherSuites, 255);

            if (flag && flag2)
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(state.offeredCipherSuites, 22016))
            {
                state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, memoryStream);
            byte[] offeredCompressionMethods = new byte[1];
            state.offeredCompressionMethods = offeredCompressionMethods;
            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, memoryStream);
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions(memoryStream, state.clientExtensions);
            }
            return(memoryStream.ToArray());
        }
示例#7
0
        protected virtual void SendClientHelloMessage()
        {
            mRecordStream.SetWriteVersion(mTlsClient.ClientHelloRecordLayerVersion);
            ProtocolVersion clientVersion = mTlsClient.ClientVersion;

            if (clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            ContextAdmin.SetClientVersion(clientVersion);
            byte[] array = TlsUtilities.EmptyBytes;
            if (mTlsSession != null)
            {
                array = mTlsSession.SessionID;
                if (array == null || array.Length > 32)
                {
                    array = TlsUtilities.EmptyBytes;
                }
            }
            bool isFallback = mTlsClient.IsFallback;

            mOfferedCipherSuites       = mTlsClient.GetCipherSuites();
            mOfferedCompressionMethods = mTlsClient.GetCompressionMethods();
            if (array.Length > 0 && mSessionParameters != null && (!Arrays.Contains(mOfferedCipherSuites, mSessionParameters.CipherSuite) || !Arrays.Contains(mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm)))
            {
                array = TlsUtilities.EmptyBytes;
            }
            mClientExtensions = mTlsClient.GetClientExtensions();
            HandshakeMessage handshakeMessage = new HandshakeMessage(1);

            TlsUtilities.WriteVersion(clientVersion, (Stream)(object)handshakeMessage);
            handshakeMessage.Write(mSecurityParameters.ClientRandom);
            TlsUtilities.WriteOpaque8(array, (Stream)(object)handshakeMessage);
            byte[] extensionData = TlsUtilities.GetExtensionData(mClientExtensions, 65281);
            bool   flag          = null == extensionData;
            bool   flag2         = !Arrays.Contains(mOfferedCipherSuites, 255);

            if (flag && flag2)
            {
                mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 255);
            }
            if (isFallback && !Arrays.Contains(mOfferedCipherSuites, 22016))
            {
                mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, 22016);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, (Stream)(object)handshakeMessage);
            TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, (Stream)(object)handshakeMessage);
            if (mClientExtensions != null)
            {
                TlsProtocol.WriteExtensions((Stream)(object)handshakeMessage, mClientExtensions);
            }
            handshakeMessage.WriteToRecordStream(this);
        }
示例#8
0
        protected virtual void SendClientHelloMessage()
        {
            base.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion);
            ProtocolVersion clientVersion = this.mTlsClient.ClientVersion;

            if (clientVersion.IsDtls)
            {
                throw new TlsFatalAlert(80);
            }
            this.ContextAdmin.SetClientVersion(clientVersion);
            byte[] emptyBytes = TlsUtilities.EmptyBytes;
            if (base.mTlsSession != null)
            {
                emptyBytes = base.mTlsSession.SessionID;
                if ((emptyBytes == null) || (emptyBytes.Length > 0x20))
                {
                    emptyBytes = TlsUtilities.EmptyBytes;
                }
            }
            bool isFallback = this.mTlsClient.IsFallback;

            base.mOfferedCipherSuites       = this.mTlsClient.GetCipherSuites();
            base.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods();
            if (((emptyBytes.Length > 0) && (base.mSessionParameters != null)) && (!Arrays.Contains(base.mOfferedCipherSuites, base.mSessionParameters.CipherSuite) || !Arrays.Contains(base.mOfferedCompressionMethods, base.mSessionParameters.CompressionAlgorithm)))
            {
                emptyBytes = TlsUtilities.EmptyBytes;
            }
            base.mClientExtensions = this.mTlsClient.GetClientExtensions();
            TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(1);
            TlsUtilities.WriteVersion(clientVersion, output);
            output.Write(base.mSecurityParameters.ClientRandom);
            TlsUtilities.WriteOpaque8(emptyBytes, output);
            byte[] extensionData = TlsUtilities.GetExtensionData(base.mClientExtensions, 0xff01);
            bool   flag2         = null == extensionData;
            bool   flag3         = !Arrays.Contains(base.mOfferedCipherSuites, 0xff);

            if (flag2 && flag3)
            {
                base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0xff);
            }
            if (isFallback && !Arrays.Contains(base.mOfferedCipherSuites, 0x5600))
            {
                base.mOfferedCipherSuites = Arrays.Append(base.mOfferedCipherSuites, 0x5600);
            }
            TlsUtilities.WriteUint16ArrayWithUint16Length(base.mOfferedCipherSuites, output);
            TlsUtilities.WriteUint8ArrayWithUint8Length(base.mOfferedCompressionMethods, output);
            if (base.mClientExtensions != null)
            {
                TlsProtocol.WriteExtensions(output, base.mClientExtensions);
            }
            output.WriteToRecordStream(this);
        }
示例#9
0
        private static byte[] CheckNameType(byte[] nameTypesSeen, byte nameType)
        {
            /*
             * RFC 6066 3. The ServerNameList MUST NOT contain more than one name of the same
             * name_type.
             */
            if (!NameType.IsValid(nameType) || Arrays.Contains(nameTypesSeen, nameType))
            {
                return(null);
            }

            return(Arrays.Append(nameTypesSeen, nameType));
        }
示例#10
0
        public static byte[] CreateSupportedPointFormatsExtension(byte[] ecPointFormats)
        {
            if (ecPointFormats == null || !Arrays.Contains(ecPointFormats, ECPointFormat.uncompressed))
            {
                /*
                 * RFC 4492 5.1. If the Supported Point Formats Extension is indeed sent, it MUST
                 * contain the value 0 (uncompressed) as one of the items in the list of point formats.
                 */

                // NOTE: We add it at the end (lowest preference)
                ecPointFormats = Arrays.Append(ecPointFormats, ECPointFormat.uncompressed);
            }

            return(TlsUtilities.EncodeUint8ArrayWithUint8Length(ecPointFormats));
        }
示例#11
0
    private void SetSupportsFeature(byte feature, bool support)
    {
        if (feature == 0)
        {
            throw new ArgumentException("cannot be 0", "feature");
        }
        int num = Array.IndexOf((Array)data, (object)feature);

        if (num >= 0 != support)
        {
            if (support)
            {
                data = Arrays.Append(data, feature);
                return;
            }
            byte[] array = new byte[data.Length - 1];
            Array.Copy(data, 0, array, 0, num);
            Array.Copy(data, num + 1, array, num, array.Length - num);
            data = array;
        }
    }
示例#12
0
        private void SetSupportsFeature(byte feature, bool support)
        {
            //IL_000d: Unknown result type (might be due to invalid IL or missing references)
            if (feature == 0)
            {
                throw new ArgumentException("cannot be 0", "feature");
            }
            int num = global::System.Array.IndexOf((global::System.Array)data, (object)feature);

            if (num >= 0 != support)
            {
                if (support)
                {
                    data = Arrays.Append(data, feature);
                    return;
                }
                byte[] array = new byte[data.Length - 1];
                global::System.Array.Copy((global::System.Array)data, 0, (global::System.Array)array, 0, num);
                global::System.Array.Copy((global::System.Array)data, num + 1, (global::System.Array)array, num, array.Length - num);
                data = array;
            }
        }
示例#13
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            MemoryStream buf = new MemoryStream();

            ProtocolVersion client_version = client.ClientVersion;

            if (!client_version.IsDtls)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            TlsClientContextImpl context = state.clientContext;

            context.SetClientVersion(client_version);
            TlsUtilities.WriteVersion(client_version, buf);

            SecurityParameters securityParameters = context.SecurityParameters;

            buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);

            // Session ID
            byte[] session_id = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                session_id = state.tlsSession.SessionID;
                if (session_id == null || session_id.Length > 32)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }
            TlsUtilities.WriteOpaque8(session_id, buf);

            // Cookie
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);

            bool fallback = client.IsFallback;

            /*
             * Cipher suites
             */
            state.offeredCipherSuites = client.GetCipherSuites();

            // Integer -> byte[]
            state.clientExtensions = client.GetClientExtensions();

            securityParameters.extendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension(state.clientExtensions);

            // Cipher Suites (and SCSV)
            {
                /*
                 * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
                 * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
                 * ClientHello. Including both is NOT RECOMMENDED.
                 */
                byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);

                if (noRenegExt && noRenegSCSV)
                {
                    // TODO Consider whether to default to a client extension instead
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                }

                /*
                 * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
                 * containing a lower value than the latest (highest-valued) version supported by the
                 * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
                 * ClientHello.cipher_suites.
                 */
                if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
                {
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
                }

                TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
            }

            // TODO Add support for compression
            // Compression methods
            // state.offeredCompressionMethods = client.getCompressionMethods();
            state.offeredCompressionMethods = new byte[] { CompressionMethod.cls_null };

            TlsUtilities.WriteUint8ArrayWithUint8Length(state.offeredCompressionMethods, buf);

            // Extensions
            if (state.clientExtensions != null)
            {
                TlsProtocol.WriteExtensions(buf, state.clientExtensions);
            }

            return(buf.ToArray());
        }
示例#14
0
        protected virtual byte[] GenerateClientHello(ClientHandshakeState state, TlsClient client)
        {
            ProtocolVersion client_version = client.ClientVersion;

            if (!client_version.IsDtls)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            TlsClientContextImpl context = state.clientContext;

            context.SetClientVersion(client_version);

            SecurityParameters securityParameters = context.SecurityParameters;

            // Session ID
            byte[] session_id = TlsUtilities.EmptyBytes;
            if (state.tlsSession != null)
            {
                session_id = state.tlsSession.SessionID;
                if (session_id == null || session_id.Length > 32)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            bool fallback = client.IsFallback;

            state.offeredCipherSuites = client.GetCipherSuites();

            if (session_id.Length > 0 && state.sessionParameters != null)
            {
                if (!state.sessionParameters.IsExtendedMasterSecret ||
                    !Arrays.Contains(state.offeredCipherSuites, state.sessionParameters.CipherSuite) ||
                    CompressionMethod.cls_null != state.sessionParameters.CompressionAlgorithm)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions());

            TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions);

            MemoryStream buf = new MemoryStream();

            TlsUtilities.WriteVersion(client_version, buf);

            buf.Write(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);

            TlsUtilities.WriteOpaque8(session_id, buf);

            // Cookie
            TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, buf);

            // Cipher Suites (and SCSV)
            {
                /*
                 * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
                 * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
                 * ClientHello. Including both is NOT RECOMMENDED.
                 */
                byte[] renegExtData = TlsUtilities.GetExtensionData(state.clientExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                bool noRenegSCSV = !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);

                if (noRenegExt && noRenegSCSV)
                {
                    // TODO Consider whether to default to a client extension instead
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                }

                /*
                 * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value
                 * than the latest (highest-valued) version supported by the client, it SHOULD include
                 * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The
                 * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends
                 * to negotiate.)
                 */
                if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
                {
                    state.offeredCipherSuites = Arrays.Append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
                }

                TlsUtilities.WriteUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
            }

            TlsUtilities.WriteUint8ArrayWithUint8Length(new byte[] { CompressionMethod.cls_null }, buf);

            TlsProtocol.WriteExtensions(buf, state.clientExtensions);

            return(buf.ToArray());
        }
示例#15
0
        protected virtual void SendClientHelloMessage()
        {
            this.mRecordStream.SetWriteVersion(this.mTlsClient.ClientHelloRecordLayerVersion);

            ProtocolVersion client_version = this.mTlsClient.ClientVersion;

            if (client_version.IsDtls)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            ContextAdmin.SetClientVersion(client_version);

            /*
             * TODO RFC 5077 3.4. When presenting a ticket, the client MAY generate and include a
             * Session ID in the TLS ClientHello.
             */
            byte[] session_id = TlsUtilities.EmptyBytes;
            if (this.mTlsSession != null)
            {
                session_id = this.mTlsSession.SessionID;
                if (session_id == null || session_id.Length > 32)
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            bool fallback = this.mTlsClient.IsFallback;

            this.mOfferedCipherSuites = this.mTlsClient.GetCipherSuites();

            this.mOfferedCompressionMethods = this.mTlsClient.GetCompressionMethods();

            if (session_id.Length > 0 && this.mSessionParameters != null)
            {
                if (!Arrays.Contains(this.mOfferedCipherSuites, mSessionParameters.CipherSuite) ||
                    !Arrays.Contains(this.mOfferedCompressionMethods, mSessionParameters.CompressionAlgorithm))
                {
                    session_id = TlsUtilities.EmptyBytes;
                }
            }

            this.mClientExtensions = this.mTlsClient.GetClientExtensions();

            HandshakeMessage message = new HandshakeMessage(HandshakeType.client_hello);

            TlsUtilities.WriteVersion(client_version, message);

            message.Write(this.mSecurityParameters.ClientRandom);

            TlsUtilities.WriteOpaque8(session_id, message);

            // Cipher Suites (and SCSV)
            {
                /*
                 * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension,
                 * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
                 * ClientHello. Including both is NOT RECOMMENDED.
                 */
                byte[] renegExtData = TlsUtilities.GetExtensionData(mClientExtensions, ExtensionType.renegotiation_info);
                bool   noRenegExt   = (null == renegExtData);

                bool noRenegScsv = !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);

                if (noRenegExt && noRenegScsv)
                {
                    // TODO Consider whether to default to a client extension instead
                    //                this.mClientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(this.mClientExtensions);
                    //                this.mClientExtensions[ExtensionType.renegotiation_info] = CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
                    this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                }

                /*
                 * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
                 * containing a lower value than the latest (highest-valued) version supported by the
                 * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
                 * ClientHello.cipher_suites.
                 */
                if (fallback && !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
                {
                    this.mOfferedCipherSuites = Arrays.Append(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
                }

                TlsUtilities.WriteUint16ArrayWithUint16Length(mOfferedCipherSuites, message);
            }

            TlsUtilities.WriteUint8ArrayWithUint8Length(mOfferedCompressionMethods, message);

            if (mClientExtensions != null)
            {
                WriteExtensions(message, mClientExtensions);
            }

            message.WriteToRecordStream(this);
        }
示例#16
0
 /**
  * Converts a character password to bytes incorporating the required trailing zero byte.
  *
  * @param password the password to be encoded.
  * @return a byte representation of the password in UTF8 + trailing zero.
  */
 public static byte[] PasswordToByteArray(char[] password)
 {
     return(Arrays.Append(Strings.ToUtf8ByteArray(password), 0));
 }