public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data) { HandshakeMessage ret = null; switch ((HandshakeMessageType) data[0]) { case HandshakeMessageType.HelloRequest: ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version); break; case HandshakeMessageType.ClientHello: ret = new HandshakeClientHello(); break; case HandshakeMessageType.ServerHello: ret = new HandshakeServerHello(); break; case HandshakeMessageType.HelloVerifyRequest: ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version); break; case HandshakeMessageType.NewSessionTicket: ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version); break; case HandshakeMessageType.Certificate: ret = new HandshakeCertificate(version); break; case HandshakeMessageType.ServerKeyExchange: ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version); break; case HandshakeMessageType.CertificateRequest: ret = new HandshakeCertificateRequest(version); break; case HandshakeMessageType.ServerHelloDone: ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version); break; case HandshakeMessageType.CertificateVerify: ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version); break; case HandshakeMessageType.ClientKeyExchange: ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version); break; case HandshakeMessageType.Finished: ret = new HandshakeMessage(HandshakeMessageType.Finished, version); break; } if (ret != null) { ret.Decode(data); return ret; } return null; }
// Messages received by both protected virtual void ProcessCertificate(HandshakeCertificate certificate) { InvalidMessageReceived(); }
protected override void ProcessCertificate(HandshakeCertificate certificate) { if (_state != HandshakeState.ReceivedClientHello) { throw new AlertException(AlertDescription.UnexpectedMessage, "Client certificate received at the wrong time"); } if (!_certificateRequestSent) { throw new AlertException(AlertDescription.UnexpectedMessage, "Client certificate received even though request was not sent"); } if (certificate.CertificateList.Count > 0) { _clientCertificateReceived = true; } _clientCertificates.AddRange(certificate.CertificateList); // Validate certificate chain if (_certificateValidationCallback != null && !_certificateValidationCallback(certificate.CertificateList)) { throw new AlertException(AlertDescription.AccessDenied, "Client certificate was not accepted"); } // Wait for client key exchange _state = HandshakeState.ReceivedCertificate; }
protected override void ProcessClientHello(HandshakeClientHello clientHello) { if (_state == HandshakeState.Finished) { throw new AlertException(AlertDescription.NoRenegotiation, "Renegotiation not supported"); } else if (_state != HandshakeState.Initial) { throw new AlertException(AlertDescription.UnexpectedMessage, "Client hello received at the wrong time"); } // Find the compressions that match our supported compressions List<Byte> matchedCompressions = new List<Byte>(); foreach (Byte id in _supportedCompressions) { if (clientHello.CompressionMethods.Contains(id)) { matchedCompressions.Add(id); } } if (matchedCompressions.Count == 0) { throw new AlertException(AlertDescription.HandshakeFailure, "None of the compression methods offered by client is accepted"); } _clientVersion = clientHello.ClientVersion; _cipherSuite = SelectCipherSuite(_pluginManager, _clientVersion, _minVersion, _maxVersion, clientHello.CipherSuites, new List<CipherSuiteId>(_supportedCipherSuites), _certificateSelectionCallback, _availableCertificates); _version = _cipherSuite.ProtocolVersion; // Select the certificate and private key we are going to send int certificateIndex = _certificateSelectionCallback(_cipherSuite, _availableCertificates.ToArray()); if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) { _serverCertificates.AddRange(_availableCertificates[certificateIndex]); _selectedPrivateKey = _availablePrivateKeys[certificateIndex]; } // TODO: Create the server hello message correctly HandshakeServerHello serverHello = new HandshakeServerHello(_version); serverHello.CipherSuite = (CipherSuiteId)_cipherSuite.CipherSuiteID; serverHello.CompressionMethod = matchedCompressions[0]; OutputMessage(serverHello); // Initialize the handshake randoms and cipher suite _connectionState.ClientRandom = clientHello.Random.GetBytes(); _connectionState.ServerRandom = serverHello.Random.GetBytes(); // TODO: If we resumed our session, set state to SendChangeCipherSpec and return // Send certificate if required and valid if (!_cipherSuite.IsAnonymous) { if (_serverCertificates.Count == 0) { throw new AlertException(AlertDescription.HandshakeFailure, "Certificate required but not selected"); } string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm; string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm; X509Certificate cert = _serverCertificates[0]; if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm())) { throw new AlertException(AlertDescription.HandshakeFailure, "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg); } if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm())) { throw new AlertException(AlertDescription.HandshakeFailure, "Selected certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg); } HandshakeCertificate certificate = new HandshakeCertificate(_version); certificate.CertificateList.AddRange(_serverCertificates); OutputMessage(certificate); } byte[] serverKeys = _cipherSuite.KeyExchangeAlgorithm.GetServerKeys(_maxVersion, _selectedPrivateKey); if (serverKeys != null) { // Generate the signature for server keys byte[] dataToSign = new byte[_connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length + serverKeys.Length]; Buffer.BlockCopy(_connectionState.ClientRandom, 0, dataToSign, 0, _connectionState.ClientRandom.Length); Buffer.BlockCopy(_connectionState.ServerRandom, 0, dataToSign, _connectionState.ClientRandom.Length, _connectionState.ServerRandom.Length); Buffer.BlockCopy(serverKeys, 0, dataToSign, _connectionState.ClientRandom.Length + _connectionState.ServerRandom.Length, serverKeys.Length); byte[] signature = GenerateSignature(_selectedPrivateKey, dataToSign); Log.Debug("Server Signature: " + BitConverter.ToString(signature)); // Combine the server keys with the signature byte[] signedKeys = new byte[serverKeys.Length + signature.Length]; Buffer.BlockCopy(serverKeys, 0, signedKeys, 0, serverKeys.Length); Buffer.BlockCopy(signature, 0, signedKeys, serverKeys.Length, signature.Length); HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, _version, signedKeys); OutputMessage(keyex); } // Send certificate request if needed if (!_cipherSuite.IsAnonymous && _certificateRequest != null) { OutputMessage(_certificateRequest); _certificateRequestSent = true; } HandshakeMessage serverHelloDone = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, _version); OutputMessage(serverHelloDone); // Wait for client certificate or client key exchange _state = HandshakeState.ReceivedClientHello; }
protected override void ProcessServerHelloDone(HandshakeMessage serverHelloDone) { if (_state != HandshakeState.ReceivedCertificate && _state != HandshakeState.ReceivedServerKeyExchange && _state != HandshakeState.ReceivedCertificateRequest) { throw new AlertException(AlertDescription.UnexpectedMessage, "Server hello done received at the wrong time"); } bool clientCertificateSent = false; if (_clientCertificateRequested) { // Ask for correct certificate from the callback int certificateIndex = _certificateSelectionCallback(_availableCertificates.ToArray(), _serverCertificates); if (certificateIndex >= 0 && certificateIndex < _availableCertificates.Count) { _clientCertificates.AddRange(_availableCertificates[certificateIndex]); _selectedPrivateKey = _availablePrivateKeys[certificateIndex]; } // If certificate was selected, send it to server if (_clientCertificates.Count > 0) { HandshakeCertificate certificate = new HandshakeCertificate(_version); certificate.CertificateList.AddRange(_clientCertificates); OutputMessage(certificate); clientCertificateSent = true; } else { // TODO: In case of SSLv3 we should send warning alert instead? HandshakeCertificate certificate = new HandshakeCertificate(_version); OutputMessage(certificate); } } // Send client key exchange message byte[] clientKeys = null; if (_serverCertificates.Count > 0) { var cert = _serverCertificates[0]; CertificatePublicKey publicKey = new CertificatePublicKey(cert); this.logger?.Trace($"OID (lookup with http://www.oid-info.com/get/[oid]) of key from server certificate: {publicKey.Oid}"); var data = Asn1Object.FromByteArray(cert.GetKeyAlgorithmParameters()); this.logger?.Trace($" OID of key parameters from server certificate: {data}"); clientKeys = _cipherSuite.KeyExchangeAlgorithm.GetClientKeys(_version, _maxVersion, publicKey); } HandshakeMessage keyex = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, _version, clientKeys); OutputMessage(keyex); if (clientCertificateSent) { // Get all handshake messages byte[] handshakeMessages = _handshakeStream.ToArray(); // FIXME: Generate the signature of handshakeMessages with client cert signature // this breaks if client certificate signature is different type than negotiated byte[] signature = GenerateSignature(_selectedPrivateKey, handshakeMessages); // Create CertificateVerify message and send it to server HandshakeMessage verify = new HandshakeMessage(HandshakeMessageType.CertificateVerify, _version, signature); OutputMessage(verify); } // Generate the master secret from key exchange _connectionState.MasterSecret = GenerateMasterSecret(_version, _cipherSuite, _connectionState); // Wait for changecipherspec+finished _state = HandshakeState.SendChangeCipherSpec; }
protected override void ProcessCertificate(HandshakeCertificate certificate) { if (_state != HandshakeState.ReceivedServerHello) { throw new AlertException(AlertDescription.UnexpectedMessage, "Certificate received at the wrong time"); } if (certificate.CertificateList.Count == 0) { throw new AlertException(AlertDescription.BadCertificate, "Certificate chain has no entries"); } _serverCertificates.AddRange(certificate.CertificateList); string keyexAlg = _cipherSuite.KeyExchangeAlgorithm.CertificateKeyAlgorithm; string signAlg = _cipherSuite.SignatureAlgorithm.CertificateKeyAlgorithm; // Check that certificate is valid X509Certificate cert = _serverCertificates[0]; if (keyexAlg != null && !keyexAlg.Equals(cert.GetKeyAlgorithm())) { throw new AlertException(AlertDescription.BadCertificate, "Certificate type " + cert.GetKeyAlgorithm() + " doesn't match key exchange type " + keyexAlg); } if (signAlg != null && !signAlg.Equals(cert.GetKeyAlgorithm())) { throw new AlertException(AlertDescription.BadCertificate, "Certificate type " + cert.GetKeyAlgorithm() + " doesn't match signature type " + signAlg); } // Validate certificate chain if (!_certificateValidationCallback(certificate.CertificateList)) { throw new AlertException(AlertDescription.AccessDenied, "Server certificate was not accepted"); } // Wait for server key exchange, certificate request or server hello done _state = HandshakeState.ReceivedCertificate; }
public static HandshakeMessage GetInstance(ProtocolVersion version, byte[] data) { HandshakeMessage ret = null; switch ((HandshakeMessageType)data[0]) { case HandshakeMessageType.HelloRequest: ret = new HandshakeMessage(HandshakeMessageType.HelloRequest, version); break; case HandshakeMessageType.ClientHello: ret = new HandshakeClientHello(); break; case HandshakeMessageType.ServerHello: ret = new HandshakeServerHello(); break; case HandshakeMessageType.HelloVerifyRequest: ret = new HandshakeMessage(HandshakeMessageType.HelloVerifyRequest, version); break; case HandshakeMessageType.NewSessionTicket: ret = new HandshakeMessage(HandshakeMessageType.NewSessionTicket, version); break; case HandshakeMessageType.Certificate: ret = new HandshakeCertificate(version); break; case HandshakeMessageType.ServerKeyExchange: ret = new HandshakeMessage(HandshakeMessageType.ServerKeyExchange, version); break; case HandshakeMessageType.CertificateRequest: ret = new HandshakeCertificateRequest(version); break; case HandshakeMessageType.ServerHelloDone: ret = new HandshakeMessage(HandshakeMessageType.ServerHelloDone, version); break; case HandshakeMessageType.CertificateVerify: ret = new HandshakeMessage(HandshakeMessageType.CertificateVerify, version); break; case HandshakeMessageType.ClientKeyExchange: ret = new HandshakeMessage(HandshakeMessageType.ClientKeyExchange, version); break; case HandshakeMessageType.Finished: ret = new HandshakeMessage(HandshakeMessageType.Finished, version); break; } if (ret != null) { ret.Decode(data); return(ret); } return(null); }