private void ProcessFinished(IByteBuffer body)
{
byte[] expectedClientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.server_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
if (body.ReadableBytes != expectedClientVerifyData.Length)
{
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
byte[] serverVerifyData = new byte[body.ReadableBytes];
body.ReadBytes(serverVerifyData);
if (!ArrayUtils.Equals(serverVerifyData, expectedClientVerifyData))
{
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
}
public void PostProcessFinished()
{
if (handshakeState == State.SERVER_HELLO_RECEIVED)
{
byte[] clientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.client_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
IByteBuffer serverVerifyBuffer = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + clientVerifyData.Length);
short currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.FINISHED, serverVerifyBuffer, clientVerifyData.Length);
serverVerifyBuffer.WriteBytes(clientVerifyData);
recordLayer.Send(currSequence, MessageType.FINISHED, serverVerifyBuffer);
}
recordLayer.HandshakeSuccessful();
if (handshakeState == State.SERVER_HELLO_RECEIVED)
{
clientState.ClientContext.ResumableSession = clientState.TlsSession;
}
else
{
if (clientState.TlsSession != null)
{
AsyncDtlsSecurityParameters parameters = (AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters;
clientState.SessionParameters = new SessionParameters.Builder()
.SetCipherSuite(parameters.CipherSuite)
.SetCompressionAlgorithm(parameters.CompressionAlgorithm)
.SetMasterSecret(parameters.MasterSecret)
.SetPeerCertificate(serverCertificate)
.SetPskIdentity(parameters.PskIdentity)
.SetSrpIdentity(parameters.SrpIdentity)
.SetServerExtensions(clientState.ServerExtensions)
.Build();
clientState.TlsSession = new AsyncDtlsSessionImpl(clientState.TlsSession.SessionID, clientState.SessionParameters);
clientState.ClientContext.ResumableSession = clientState.TlsSession;
}
}
clientState.Client.NotifyHandshakeComplete();
}
public void PostProcessServerHelloDone()
{
IList <SupplementalDataEntry> clientSupplementalData = (IList <SupplementalDataEntry>)clientState.Client.GetClientSupplementalData();
if (clientSupplementalData != null)
{
int totalLength = 3 + DtlsHelper.CalculateSupplementalDataLength(clientSupplementalData);
IByteBuffer supplementalDataOutput = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + totalLength);
short sdataSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(sdataSequence, MessageType.SUPPLEMENTAL_DATA, supplementalDataOutput, totalLength);
DtlsHelper.WriteSupplementalData(supplementalDataOutput, clientSupplementalData);
recordLayer.Send(sdataSequence, MessageType.SUPPLEMENTAL_DATA, supplementalDataOutput);
}
if (clientState.CertificateRequest != null)
{
clientState.ClientCredentials = clientState.Authentication.GetClientCredentials(clientState.CertificateRequest);
Certificate clientCertificate = null;
if (clientState.ClientCredentials != null)
{
clientCertificate = clientState.ClientCredentials.Certificate;
}
if (clientCertificate == null)
{
clientCertificate = Certificate.EmptyChain;
}
short certificateSequence = sequence++;
IByteBuffer certificateOutput = DtlsHelper.WriteCertificate(certificateSequence, clientCertificate);
recordLayer.Send(certificateSequence, MessageType.CERTIFICATE, certificateOutput);
}
if (clientState.ClientCredentials != null)
{
clientState.KeyExchange.ProcessClientCredentials(clientState.ClientCredentials);
}
else
{
clientState.KeyExchange.SkipClientCredentials();
}
MemoryStream buf = new MemoryStream();
clientState.KeyExchange.GenerateClientKeyExchange(buf);
byte[] clientKeyExchange = buf.GetBuffer();
Array.Resize(ref clientKeyExchange, clientKeyExchange[0] + 1);
IByteBuffer keyExchangeOutput = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + clientKeyExchange.Length);
short currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.CLIENT_KEY_EXCHANGE, keyExchangeOutput, clientKeyExchange.Length);
keyExchangeOutput.WriteBytes(clientKeyExchange);
recordLayer.Send(currSequence, MessageType.CLIENT_KEY_EXCHANGE, keyExchangeOutput);
TlsHandshakeHash prepareFinishHash = clientState.HandshakeHash;
//clientState.setHandshakeHash(clientState.getHandshakeHash().stopTracking());
((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters).SetSessionHash(DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, prepareFinishHash, null));
DtlsHelper.EstablishMasterSecret((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters, clientState.ClientContext, clientState.KeyExchange);
recordLayer.InitPendingEpoch(clientState.Client.GetCipher());
if (clientState.ClientCredentials != null && clientState.ClientCredentials is TlsSignerCredentials)
{
TlsSignerCredentials signerCredentials = (TlsSignerCredentials)clientState.ClientCredentials;
SignatureAndHashAlgorithm signatureAndHashAlgorithm = DtlsHelper.GetSignatureAndHashAlgorithm(clientState.ClientContext, signerCredentials);
byte[] hash;
if (signatureAndHashAlgorithm == null)
{
hash = ((AsyncDtlsSecurityParameters)clientState.ClientContext.SecurityParameters).SessionHash;
}
else
{
hash = prepareFinishHash.GetFinalHash(signatureAndHashAlgorithm.Hash);
}
byte[] signature = signerCredentials.GenerateCertificateSignature(hash);
int addon = 0;
if (signatureAndHashAlgorithm != null)
{
addon = 2;
}
IByteBuffer certificateVerifyBody = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + addon + 2 + signature.Length);
currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.CERTIFICATE_VERIFY, certificateVerifyBody, addon + 2 + signature.Length);
if (signatureAndHashAlgorithm != null)
{
certificateVerifyBody.WriteByte(signatureAndHashAlgorithm.Hash);
certificateVerifyBody.WriteByte(signatureAndHashAlgorithm.Signature);
}
certificateVerifyBody.WriteShort(signature.Length);
certificateVerifyBody.WriteBytes(signature);
recordLayer.Send(currSequence, MessageType.CERTIFICATE_VERIFY, certificateVerifyBody);
}
byte[] clientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.client_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
IByteBuffer serverVerifyBuffer = Unpooled.Buffer(DtlsHelper.HANDSHAKE_MESSAGE_HEADER_LENGTH + clientVerifyData.Length);
currSequence = sequence++;
DtlsHelper.WriteHandshakeHeader(currSequence, MessageType.FINISHED, serverVerifyBuffer, clientVerifyData.Length);
serverVerifyBuffer.WriteBytes(clientVerifyData);
recordLayer.Send(currSequence, MessageType.FINISHED, serverVerifyBuffer);
clientVerifyData = DtlsHelper.CalculateVerifyData(clientState.ClientContext, ExporterLabel.client_finished, DtlsHelper.GetCurrentPRFHash(clientState.ClientContext, clientState.HandshakeHash, null));
}