protected virtual void HandleFinished (TlsFinished message)
{
var digest = HandshakeParameters.HandshakeMessages.GetHash (Session.Write.Cipher.HandshakeHashType);
var hash = Session.Write.Cipher.PRF.ComputeServerHash (Session.Write.MasterSecret, digest);
// Check server prf against client prf
if (!TlsBuffer.Compare (message.Hash, hash))
throw new TlsException (AlertDescription.HandshakeFailure);
Session.ServerVerifyData = hash;
FinishHandshake ();
}
protected virtual void HandleFinished(TlsFinished message)
{
var digest = HandshakeParameters.HandshakeMessages.GetHash(Session.Read.Cipher.HandshakeHashType);
var hash = Session.Read.Cipher.PRF.ComputeClientHash(Session.Read.MasterSecret, digest);
// Check server prf against client prf
if (!TlsBuffer.Compare(message.Hash, hash))
{
throw new TlsException(AlertDescription.HandshakeFailure);
}
Session.ClientVerifyData = hash;
}
private void _read()
{
_contentType = ((TlsContentType)m_io.ReadU1());
_version = new TlsVersion(m_io, this, m_root);
_length = m_io.ReadU2be();
switch (ContentType)
{
case TlsContentType.Handshake: {
__raw_fragment = m_io.ReadBytes(Length);
var io___raw_fragment = new KaitaiStream(__raw_fragment);
_fragment = new TlsHandshake(io___raw_fragment, this, m_root);
break;
}
case TlsContentType.ApplicationData: {
__raw_fragment = m_io.ReadBytes(Length);
var io___raw_fragment = new KaitaiStream(__raw_fragment);
_fragment = new TlsApplicationData(io___raw_fragment, this, m_root);
break;
}
case TlsContentType.ChangeCipherSpec: {
__raw_fragment = m_io.ReadBytes(Length);
var io___raw_fragment = new KaitaiStream(__raw_fragment);
_fragment = new TlsChangeCipherSpec(io___raw_fragment, this, m_root);
break;
}
case TlsContentType.Alert: {
__raw_fragment = m_io.ReadBytes(Length);
var io___raw_fragment = new KaitaiStream(__raw_fragment);
_fragment = new TlsEncryptedMessage(io___raw_fragment, this, m_root);
break;
}
default: {
__raw_fragment = m_io.ReadBytes(Length);
var io___raw_fragment = new KaitaiStream(__raw_fragment);
_fragment = new TlsEncryptedMessage(io___raw_fragment, this, m_root);
break;
}
}
if (ContentType == TlsContentType.ChangeCipherSpec)
{
_finished = new TlsFinished(m_io, this, m_root);
}
}
protected override MessageStatus HandleMessage (Message message)
{
switch (message.Type) {
case HandshakeType.ChanceCipherSpec:
changeCipher = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec (changeCipher);
return MessageStatus.ContinueNeeded;
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished (finished);
return MessageStatus.Finished;
default:
throw new InvalidOperationException ();
}
}
protected override MessageStatus HandleMessage(Message message)
{
switch (message.Type)
{
case HandshakeType.Certificate:
if (!Session.AskedForCertificate)
{
throw new TlsException(AlertDescription.UnexpectedMessage);
}
certificate = (TlsCertificate)message;
HandleCertificate(certificate);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ClientKeyExchange:
if (Settings.RequireClientCertificate && certificate == null)
{
throw new TlsException(AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate.");
}
keyExchange = (TlsClientKeyExchange)message;
HandleClientKeyExchange(keyExchange);
return(MessageStatus.ContinueNeeded);
case HandshakeType.ChanceCipherSpec:
if (Settings.RequireClientCertificate && certificateVerify == null)
{
throw new TlsException(AlertDescription.UnexpectedMessage, "Missing CertificateVerify message.");
}
cipherSpec = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec(cipherSpec);
return(MessageStatus.ContinueNeeded);
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished(finished);
return(MessageStatus.Finished);
case HandshakeType.CertificateVerify:
certificateVerify = (TlsCertificateVerify)message;
HandleCertificateVerify(certificateVerify);
return(MessageStatus.ContinueNeeded);
default:
throw new InvalidOperationException();
}
}
protected override MessageStatus HandleMessage(Message message)
{
switch (message.Type)
{
case HandshakeType.ChanceCipherSpec:
changeCipher = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec(changeCipher);
return(MessageStatus.ContinueNeeded);
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished(finished);
return(MessageStatus.Finished);
default:
throw new InvalidOperationException();
}
}
protected override MessageStatus HandleMessage (Message message)
{
switch (message.Type) {
case HandshakeType.Certificate:
if (!Session.AskedForCertificate)
throw new TlsException (AlertDescription.UnexpectedMessage);
certificate = (TlsCertificate)message;
HandleCertificate (certificate);
return MessageStatus.ContinueNeeded;
case HandshakeType.ClientKeyExchange:
if (Settings.RequireClientCertificate && certificate == null)
throw new TlsException (AlertDescription.UnexpectedMessage, "Peer did not respond with a certificate.");
keyExchange = (TlsClientKeyExchange)message;
HandleClientKeyExchange (keyExchange);
return MessageStatus.ContinueNeeded;
case HandshakeType.ChanceCipherSpec:
if (Settings.RequireClientCertificate && certificateVerify == null)
throw new TlsException (AlertDescription.UnexpectedMessage, "Missing CertificateVerify message.");
cipherSpec = (TlsChangeCipherSpec)message;
HandleChangeCipherSpec (cipherSpec);
return MessageStatus.ContinueNeeded;
case HandshakeType.Finished:
finished = (TlsFinished)message;
HandleFinished (finished);
return MessageStatus.Finished;
case HandshakeType.CertificateVerify:
certificateVerify = (TlsCertificateVerify)message;
HandleCertificateVerify (certificateVerify);
return MessageStatus.ContinueNeeded;
default:
throw new InvalidOperationException ();
}
}
private void _parse()
{
_handshakeType = ((TlsRecord.TlsHandshakeType)m_io.ReadU1());
_bodyLength = new TlsLength(m_io, this, m_root);
switch (HandshakeType)
{
case TlsRecord.TlsHandshakeType.HelloRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEmpty(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Certificate: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificate(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateVerify: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateVerify(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.Finished: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsFinished(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ClientKeyExchange: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsClientKeyExchange(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHello: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHello(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.CertificateRequest: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsCertificateRequest(io___raw_body, this, m_root);
break;
}
case TlsRecord.TlsHandshakeType.ServerHelloDone: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsServerHelloDone(io___raw_body, this, m_root);
break;
}
default: {
__raw_body = m_io.ReadBytes((M_Parent.Length - 4));
var io___raw_body = new KaitaiStream(__raw_body);
_body = new TlsEncryptedMessage(io___raw_body, this, m_root);
break;
}
}
}