protected override byte[] GetClientHello() { if (m_State != HandshakeType.Nothing && m_State != HandshakeType.Finished) { throw new SslException(AlertDescription.UnexpectedMessage, "ClientHello message must be the first message or must be preceded by a Finished message."); } m_IsNegotiating = true; m_State = HandshakeType.ClientHello; byte[] ciphers = CipherSuites.GetCipherAlgorithmBytes(m_Options.AllowedAlgorithms); byte[] compr = CompressionAlgorithm.GetCompressionAlgorithmBytes(m_Options.AllowedAlgorithms); HandshakeMessage temp = new HandshakeMessage(HandshakeType.ClientHello, new byte[38 + ciphers.Length + compr.Length]); m_ClientTime = GetUnixTime(); m_ClientRandom = new byte[28]; m_RNG.GetBytes(m_ClientRandom); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); temp.fragment[0] = pv.major; temp.fragment[1] = pv.minor; Array.Copy(m_ClientTime, 0, temp.fragment, 2, 4); Array.Copy(m_ClientRandom, 0, temp.fragment, 6, 28); temp.fragment[34] = 0; // do not resume a session, and do not let the other side cache it temp.fragment[35] = (byte)(ciphers.Length / 256); temp.fragment[36] = (byte)(ciphers.Length % 256); Array.Copy(ciphers, 0, temp.fragment, 37, ciphers.Length); temp.fragment[37 + ciphers.Length] = (byte)compr.Length; Array.Copy(compr, 0, temp.fragment, 38 + ciphers.Length, compr.Length); byte[] ret = temp.ToBytes(); UpdateHashes(ret, HashUpdate.All); // client hello message return(m_RecordLayer.EncryptBytes(ret, 0, ret.Length, ContentType.Handshake)); }
protected override byte[] GetRenegotiateBytes() { if (IsNegotiating()) { return(null); } HandshakeMessage hm = new HandshakeMessage(HandshakeType.HelloRequest, new byte[0]); return(m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, 4, ContentType.Handshake)); }
protected override byte[] GetFinishedMessage() { byte[] temp, hash = new byte[36]; m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0); m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0); Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16); Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20); PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "server finished", hash); HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, prf.GetBytes(12)); temp = hm.ToBytes(); prf.Dispose(); return temp; }
protected override byte[] GetFinishedMessage() { HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, null); byte[] hash = new byte[36]; m_LocalMD5Hash.TransformFinalBlock(new byte[0], 0, 0); m_LocalSHA1Hash.TransformFinalBlock(new byte[0], 0, 0); Array.Copy(m_LocalMD5Hash.Hash, 0, hash, 0, 16); Array.Copy(m_LocalSHA1Hash.Hash, 0, hash, 16, 20); PseudoRandomDeriveBytes prf = new PseudoRandomDeriveBytes(m_MasterSecret, "client finished", hash); hm.fragment = prf.GetBytes(12); prf.Dispose(); return hm.ToBytes(); }
protected override byte[] GetFinishedMessage() { HandshakeMessage hm = new HandshakeMessage(HandshakeType.Finished, new byte[36]); Ssl3HandshakeMac md5 = new Ssl3HandshakeMac(HashType.MD5, m_LocalMD5Hash, m_MasterSecret); Ssl3HandshakeMac sha1 = new Ssl3HandshakeMac(HashType.SHA1, m_LocalSHA1Hash, m_MasterSecret); md5.TransformFinalBlock(new byte[]{0x53, 0x52, 0x56, 0x52}, 0, 4); sha1.TransformFinalBlock(new byte[]{0x53, 0x52, 0x56, 0x52}, 0, 4); Array.Copy(md5.Hash, 0, hm.fragment, 0, 16); Array.Copy(sha1.Hash, 0, hm.fragment, 16, 20); md5.Clear(); sha1.Clear(); return hm.ToBytes(); }
protected override byte[] GetClientHello() { if (m_State != HandshakeType.Nothing && m_State != HandshakeType.Finished) { throw new SslException(AlertDescription.UnexpectedMessage, "ClientHello message must be the first message or must be preceded by a Finished message."); } m_IsNegotiating = true; m_State = HandshakeType.ClientHello; byte[] ciphers = CipherSuites.GetCipherAlgorithmBytes(m_Options.AllowedAlgorithms); byte[] compr = CompressionAlgorithm.GetCompressionAlgorithmBytes(m_Options.AllowedAlgorithms); MemoryStream clientHello = new MemoryStream(); m_ClientTime = GetUnixTime(); m_ClientRandom = new byte[28]; m_RNG.GetBytes(m_ClientRandom); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); clientHello.WriteByte(pv.major); clientHello.WriteByte(pv.minor); clientHello.Write(m_ClientTime, 0, m_ClientTime.Length); clientHello.Write(m_ClientRandom, 0, m_ClientRandom.Length); clientHello.WriteByte(0); clientHello.WriteByte((byte)(ciphers.Length / 256)); clientHello.WriteByte((byte)(ciphers.Length % 256)); clientHello.Write(ciphers, 0, ciphers.Length); clientHello.WriteByte((byte)compr.Length); clientHello.Write(compr, 0, compr.Length); if (this.clientHelloExts != null) { this.clientHelloExts.WriteExtensions(clientHello, ConnectionEnd.Client); } HandshakeMessage hm = new HandshakeMessage(HandshakeType.ClientHello, clientHello.ToArray()); byte[] ret = hm.ToBytes(); UpdateHashes(ret, HashUpdate.All); // client hello message return(m_RecordLayer.EncryptBytes(ret, 0, ret.Length, ContentType.Handshake)); }
protected SslHandshakeStatus ProcessServerHelloDone(HandshakeMessage message) { if (m_State != HandshakeType.Certificate && m_State != HandshakeType.ServerKeyExchange && m_State != HandshakeType.CertificateRequest) throw new SslException(AlertDescription.UnexpectedMessage, "ServerHello message must be preceded by a ClientHello message."); if (message.fragment.Length != 0) throw new SslException(AlertDescription.IllegalParameter, "The ServerHelloDone message is invalid."); UpdateHashes(message, HashUpdate.All); // input message MemoryStream ms = new MemoryStream(); HandshakeMessage hm = new HandshakeMessage(HandshakeType.ClientKeyExchange, null); byte[] buffer; // send Certificate [optional] if (m_MutualAuthentication) { hm.type = HandshakeType.Certificate; hm.fragment = GetCertificateBytes(m_Options.Certificate); buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.All); // output message } // send ClientKeyExchange if (m_KeyCipher == null) m_KeyCipher = (RSACryptoServiceProvider)m_RemoteCertificate.PublicKey; RSAKeyTransform kf = new RSAKeyTransform(m_KeyCipher); byte[] preMasterSecret = new byte[48]; m_RNG.GetBytes(preMasterSecret); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); preMasterSecret[0] = pv.major; preMasterSecret[1] = pv.minor; buffer = kf.CreateKeyExchange(preMasterSecret); // public-key-encrypt the preMasterSecret hm.type = HandshakeType.ClientKeyExchange; if (GetProtocol() == SecureProtocol.Ssl3) { // SSL hm.fragment = buffer; } else { // TLS hm.fragment = new byte[buffer.Length + 2]; Buffer.BlockCopy(buffer, 0, hm.fragment, 2, buffer.Length); hm.fragment[0] = (byte)(buffer.Length / 256); // prepend the length of the preMasterSecret hm.fragment[1] = (byte)(buffer.Length % 256); } GenerateCiphers(preMasterSecret); // generate the local ciphers buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.All); // output message m_KeyCipher.Clear(); m_KeyCipher = null; // send CertificateVerify [optional] if (m_MutualAuthentication && m_Options.Certificate != null) { m_CertSignHash.MasterKey = this.m_MasterSecret; m_CertSignHash.TransformFinalBlock(buffer, 0, 0); // finalize hash buffer = m_CertSignHash.CreateSignature(m_Options.Certificate); hm.type = HandshakeType.CertificateVerify; hm.fragment = new byte[buffer.Length + 2]; hm.fragment[0] = (byte)(buffer.Length / 256); hm.fragment[1] = (byte)(buffer.Length % 256); Buffer.BlockCopy(buffer, 0, hm.fragment, 2, buffer.Length); buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.LocalRemote); // output message } // send ChangeCipherSpec buffer = m_RecordLayer.EncryptBytes(new byte[]{1}, 0, 1, ContentType.ChangeCipherSpec); ms.Write(buffer, 0, buffer.Length); m_RecordLayer.ChangeLocalState(null, m_CipherSuite.Encryptor, m_CipherSuite.LocalHasher); //ExtAnswers if (this.serverHelloExts != null) { foreach (var extension in this.serverHelloExts) { var responseMessage = extension.GetExtensionResponseMessage(); if (responseMessage != null) { buffer = m_RecordLayer.EncryptBytes(responseMessage.ToBytes(), 0, responseMessage.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(responseMessage, HashUpdate.LocalRemote); // output message } } } // send Finished buffer = GetFinishedMessage(); UpdateHashes(buffer, HashUpdate.Remote); // output message buffer = m_RecordLayer.EncryptBytes(buffer, 0, buffer.Length, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); // send empty record [http://www.openssl.org/~bodo/tls-cbc.txt] if (this.m_CipherSuite.Encryptor.OutputBlockSize != 1) { // is bulk cipher? if (((int)m_Options.Flags & (int)SecurityFlags.DontSendEmptyRecord) == 0) { byte[] empty = m_RecordLayer.EncryptBytes(new byte[0], 0, 0, ContentType.ApplicationData); ms.Write(empty, 0, empty.Length); } } // finalize buffer = ms.ToArray(); ms.Close(); return new SslHandshakeStatus(SslStatus.ContinueNeeded, buffer); }
protected override byte[] GetClientHello() { if (m_State != HandshakeType.Nothing && m_State != HandshakeType.Finished) throw new SslException(AlertDescription.UnexpectedMessage, "ClientHello message must be the first message or must be preceded by a Finished message."); m_IsNegotiating = true; m_State = HandshakeType.ClientHello; byte[] ciphers = CipherSuites.GetCipherAlgorithmBytes(m_Options.AllowedAlgorithms); byte[] compr = CompressionAlgorithm.GetCompressionAlgorithmBytes(m_Options.AllowedAlgorithms); MemoryStream clientHello = new MemoryStream(); m_ClientTime = GetUnixTime(); m_ClientRandom = new byte[28]; m_RNG.GetBytes(m_ClientRandom); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); clientHello.WriteByte(pv.major); clientHello.WriteByte(pv.minor); clientHello.Write(m_ClientTime, 0, m_ClientTime.Length); clientHello.Write(m_ClientRandom, 0, m_ClientRandom.Length); clientHello.WriteByte(0); clientHello.WriteByte((byte)(ciphers.Length / 256)); clientHello.WriteByte((byte)(ciphers.Length % 256)); clientHello.Write(ciphers, 0, ciphers.Length); clientHello.WriteByte((byte)compr.Length); clientHello.Write(compr, 0, compr.Length); if (this.clientHelloExts != null) this.clientHelloExts.WriteExtensions(clientHello, ConnectionEnd.Client); HandshakeMessage hm = new HandshakeMessage(HandshakeType.ClientHello, clientHello.ToArray()); byte[] ret = hm.ToBytes(); UpdateHashes(ret, HashUpdate.All); // client hello message return m_RecordLayer.EncryptBytes(ret, 0, ret.Length, ContentType.Handshake); }
protected SslHandshakeStatus ProcessServerHelloDone(HandshakeMessage message) { if (m_State != HandshakeType.Certificate && m_State != HandshakeType.ServerKeyExchange && m_State != HandshakeType.CertificateRequest) { throw new SslException(AlertDescription.UnexpectedMessage, "ServerHello message must be preceded by a ClientHello message."); } if (message.fragment.Length != 0) { throw new SslException(AlertDescription.IllegalParameter, "The ServerHelloDone message is invalid."); } UpdateHashes(message, HashUpdate.All); // input message MemoryStream ms = new MemoryStream(); HandshakeMessage hm = new HandshakeMessage(HandshakeType.ClientKeyExchange, null); byte[] buffer; // send Certificate [optional] if (m_MutualAuthentication) { hm.type = HandshakeType.Certificate; hm.fragment = GetCertificateBytes(m_Options.Certificate); buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.All); // output message } // send ClientKeyExchange if (m_KeyCipher == null) { m_KeyCipher = (RSACryptoServiceProvider)m_RemoteCertificate.PublicKey; } RSAKeyTransform kf = new RSAKeyTransform(m_KeyCipher); byte[] preMasterSecret = new byte[48]; m_RNG.GetBytes(preMasterSecret); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); preMasterSecret[0] = pv.major; preMasterSecret[1] = pv.minor; buffer = kf.CreateKeyExchange(preMasterSecret); // public-key-encrypt the preMasterSecret hm.type = HandshakeType.ClientKeyExchange; if (GetProtocol() == SecureProtocol.Ssl3) // SSL { hm.fragment = buffer; } else // TLS { hm.fragment = new byte[buffer.Length + 2]; Buffer.BlockCopy(buffer, 0, hm.fragment, 2, buffer.Length); hm.fragment[0] = (byte)(buffer.Length / 256); // prepend the length of the preMasterSecret hm.fragment[1] = (byte)(buffer.Length % 256); } GenerateCiphers(preMasterSecret); // generate the local ciphers buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.All); // output message m_KeyCipher.Clear(); m_KeyCipher = null; // send CertificateVerify [optional] if (m_MutualAuthentication && m_Options.Certificate != null) { m_CertSignHash.MasterKey = this.m_MasterSecret; m_CertSignHash.TransformFinalBlock(buffer, 0, 0); // finalize hash buffer = m_CertSignHash.CreateSignature(m_Options.Certificate); hm.type = HandshakeType.CertificateVerify; hm.fragment = new byte[buffer.Length + 2]; hm.fragment[0] = (byte)(buffer.Length / 256); hm.fragment[1] = (byte)(buffer.Length % 256); Buffer.BlockCopy(buffer, 0, hm.fragment, 2, buffer.Length); buffer = m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, hm.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(hm, HashUpdate.LocalRemote); // output message } // send ChangeCipherSpec buffer = m_RecordLayer.EncryptBytes(new byte[] { 1 }, 0, 1, ContentType.ChangeCipherSpec); ms.Write(buffer, 0, buffer.Length); m_RecordLayer.ChangeLocalState(null, m_CipherSuite.Encryptor, m_CipherSuite.LocalHasher); //ExtAnswers if (this.serverHelloExts != null) { foreach (var extension in this.serverHelloExts) { var responseMessage = extension.GetExtensionResponseMessage(); if (responseMessage != null) { buffer = m_RecordLayer.EncryptBytes(responseMessage.ToBytes(), 0, responseMessage.fragment.Length + 4, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); UpdateHashes(responseMessage, HashUpdate.LocalRemote); // output message } } } // send Finished buffer = GetFinishedMessage(); UpdateHashes(buffer, HashUpdate.Remote); // output message buffer = m_RecordLayer.EncryptBytes(buffer, 0, buffer.Length, ContentType.Handshake); ms.Write(buffer, 0, buffer.Length); // send empty record [http://www.openssl.org/~bodo/tls-cbc.txt] if (this.m_CipherSuite.Encryptor.OutputBlockSize != 1) // is bulk cipher? { if (((int)m_Options.Flags & (int)SecurityFlags.DontSendEmptyRecord) == 0) { byte[] empty = m_RecordLayer.EncryptBytes(new byte[0], 0, 0, ContentType.ApplicationData); ms.Write(empty, 0, empty.Length); } } // finalize buffer = ms.ToArray(); ms.Close(); return(new SslHandshakeStatus(SslStatus.ContinueNeeded, buffer)); }
protected override byte[] GetRenegotiateBytes() { if (IsNegotiating()) return null; HandshakeMessage hm = new HandshakeMessage(HandshakeType.HelloRequest, new byte[0]); return m_RecordLayer.EncryptBytes(hm.ToBytes(), 0, 4, ContentType.Handshake); }
protected SslHandshakeStatus GetClientHelloResult() { MemoryStream retMessage = new MemoryStream(); SslHandshakeStatus ret = new SslHandshakeStatus(); HandshakeMessage temp; byte[] bytes; // ServerHello message temp = new HandshakeMessage(HandshakeType.ServerHello, new byte[38]); m_ServerTime = GetUnixTime(); m_ServerRandom = new byte[28]; m_RNG.GetBytes(m_ServerRandom); temp.fragment[0] = GetVersion().major; temp.fragment[1] = GetVersion().minor; Array.Copy(m_ServerTime, 0, temp.fragment, 2, 4); Array.Copy(m_ServerRandom, 0, temp.fragment, 6, 28); temp.fragment[34] = 0; // do not resume a session, and do not let the other side cache it Array.Copy(CipherSuites.GetCipherAlgorithmBytes(m_EncryptionScheme), 0, temp.fragment, 35, 2); temp.fragment[37] = CompressionAlgorithm.GetAlgorithmByte(m_CompressionMethod); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // Certificate message byte[] certs = GetCertificateList(m_Options.Certificate); temp.type = HandshakeType.Certificate; temp.fragment = certs; bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // ServerKeyExchange message [optional] => only with RSA_EXPORT and public key > 512 bits if (m_Options.Certificate.GetPublicKeyLength() > 512 && CipherSuites.GetCipherDefinition(m_EncryptionScheme).Exportable) { MemoryStream kes = new MemoryStream(); MD5SHA1CryptoServiceProvider mscsp = new MD5SHA1CryptoServiceProvider(); // hash the client and server random values mscsp.TransformBlock(m_ClientTime, 0, 4, m_ClientTime, 0); mscsp.TransformBlock(m_ClientRandom, 0, 28, m_ClientRandom, 0); mscsp.TransformBlock(m_ServerTime, 0, 4, m_ServerTime, 0); mscsp.TransformBlock(m_ServerRandom, 0, 28, m_ServerRandom, 0); // create a new 512 bit RSA key m_KeyCipher = new RSACryptoServiceProvider(512); RSAParameters p = m_KeyCipher.ExportParameters(false); // write the key parameters to the output stream bytes = new byte[]{(byte)(p.Modulus.Length / 256), (byte)(p.Modulus.Length % 256)}; kes.Write(bytes, 0, 2); kes.Write(p.Modulus, 0, p.Modulus.Length); mscsp.TransformBlock(bytes, 0, 2, bytes, 0); mscsp.TransformBlock(p.Modulus, 0, p.Modulus.Length, p.Modulus, 0); bytes = new byte[]{(byte)(p.Exponent.Length / 256), (byte)(p.Exponent.Length % 256)}; kes.Write(bytes, 0, 2); kes.Write(p.Exponent, 0, p.Exponent.Length); mscsp.TransformBlock(bytes, 0, 2, bytes, 0); mscsp.TransformFinalBlock(p.Exponent, 0, p.Exponent.Length); // create signature bytes = mscsp.CreateSignature(m_Options.Certificate); kes.Write(new byte[]{(byte)(bytes.Length / 256), (byte)(bytes.Length % 256)}, 0, 2); kes.Write(bytes, 0, bytes.Length); // write to output temp.type = HandshakeType.ServerKeyExchange; temp.fragment = kes.ToArray(); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); kes.Close(); } else { m_KeyCipher = (RSACryptoServiceProvider)m_Options.Certificate.PrivateKey; } // CertificateRequest message [optional] if (m_MutualAuthentication) { bytes = GetDistinguishedNames(); if (bytes.Length != 0) { // make sure at least one certificate is returned temp.type = HandshakeType.CertificateRequest; temp.fragment = new byte[bytes.Length + 4]; temp.fragment[0] = 1; // one certificate type supported temp.fragment[1] = 1; // cert type RSA temp.fragment[2] = (byte)(bytes.Length / 256); temp.fragment[3] = (byte)(bytes.Length % 256); Array.Copy(bytes, 0, temp.fragment, 4, bytes.Length); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); } } // ServerHelloDone message temp.type = HandshakeType.ServerHelloDone; temp.fragment = new byte[0]; bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // final adjustments ret.Status = SslStatus.ContinueNeeded; ret.Message = retMessage.ToArray(); retMessage.Close(); UpdateHashes(ret.Message, HashUpdate.All); // output message ret.Message = m_RecordLayer.EncryptBytes(ret.Message, 0, ret.Message.Length, ContentType.Handshake); return ret; }
protected override byte[] GetClientHello() { if (m_State != HandshakeType.Nothing && m_State != HandshakeType.Finished) throw new SslException(AlertDescription.UnexpectedMessage, "ClientHello message must be the first message or must be preceded by a Finished message."); m_IsNegotiating = true; m_State = HandshakeType.ClientHello; byte[] ciphers = CipherSuites.GetCipherAlgorithmBytes(m_Options.AllowedAlgorithms); byte[] compr = CompressionAlgorithm.GetCompressionAlgorithmBytes(m_Options.AllowedAlgorithms); HandshakeMessage temp = new HandshakeMessage(HandshakeType.ClientHello, new byte[38 + ciphers.Length + compr.Length]); m_ClientTime = GetUnixTime(); m_ClientRandom = new byte[28]; m_RNG.GetBytes(m_ClientRandom); ProtocolVersion pv = CompatibilityLayer.GetMaxProtocol(m_Options.Protocol); temp.fragment[0] = pv.major; temp.fragment[1] = pv.minor; Array.Copy(m_ClientTime, 0, temp.fragment, 2, 4); Array.Copy(m_ClientRandom, 0, temp.fragment, 6, 28); temp.fragment[34] = 0; // do not resume a session, and do not let the other side cache it temp.fragment[35] = (byte)(ciphers.Length / 256); temp.fragment[36] = (byte)(ciphers.Length % 256); Array.Copy(ciphers, 0, temp.fragment, 37, ciphers.Length); temp.fragment[37 + ciphers.Length] = (byte)compr.Length; Array.Copy(compr, 0, temp.fragment, 38 + ciphers.Length, compr.Length); byte[] ret = temp.ToBytes(); UpdateHashes(ret, HashUpdate.All); // client hello message return m_RecordLayer.EncryptBytes(ret, 0, ret.Length, ContentType.Handshake); }
protected SslHandshakeStatus GetClientHelloResult() { MemoryStream retMessage = new MemoryStream(); SslHandshakeStatus ret = new SslHandshakeStatus(); HandshakeMessage temp; byte[] bytes; // ServerHello message temp = new HandshakeMessage(HandshakeType.ServerHello, new byte[38]); m_ServerTime = GetUnixTime(); m_ServerRandom = new byte[28]; m_RNG.GetBytes(m_ServerRandom); temp.fragment[0] = GetVersion().major; temp.fragment[1] = GetVersion().minor; Array.Copy(m_ServerTime, 0, temp.fragment, 2, 4); Array.Copy(m_ServerRandom, 0, temp.fragment, 6, 28); temp.fragment[34] = 0; // do not resume a session, and do not let the other side cache it Array.Copy(CipherSuites.GetCipherAlgorithmBytes(m_EncryptionScheme), 0, temp.fragment, 35, 2); temp.fragment[37] = CompressionAlgorithm.GetAlgorithmByte(m_CompressionMethod); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // Certificate message byte[] certs = GetCertificateList(m_Options.Certificate); temp.type = HandshakeType.Certificate; temp.fragment = certs; bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // ServerKeyExchange message [optional] => only with RSA_EXPORT and public key > 512 bits if (m_Options.Certificate.GetPublicKeyLength() > 512 && CipherSuites.GetCipherDefinition(m_EncryptionScheme).Exportable) { MemoryStream kes = new MemoryStream(); MD5SHA1CryptoServiceProvider mscsp = new MD5SHA1CryptoServiceProvider(); // hash the client and server random values mscsp.TransformBlock(m_ClientTime, 0, 4, m_ClientTime, 0); mscsp.TransformBlock(m_ClientRandom, 0, 28, m_ClientRandom, 0); mscsp.TransformBlock(m_ServerTime, 0, 4, m_ServerTime, 0); mscsp.TransformBlock(m_ServerRandom, 0, 28, m_ServerRandom, 0); // create a new 512 bit RSA key m_KeyCipher = new RSACryptoServiceProvider(512); RSAParameters p = m_KeyCipher.ExportParameters(false); // write the key parameters to the output stream bytes = new byte[] { (byte)(p.Modulus.Length / 256), (byte)(p.Modulus.Length % 256) }; kes.Write(bytes, 0, 2); kes.Write(p.Modulus, 0, p.Modulus.Length); mscsp.TransformBlock(bytes, 0, 2, bytes, 0); mscsp.TransformBlock(p.Modulus, 0, p.Modulus.Length, p.Modulus, 0); bytes = new byte[] { (byte)(p.Exponent.Length / 256), (byte)(p.Exponent.Length % 256) }; kes.Write(bytes, 0, 2); kes.Write(p.Exponent, 0, p.Exponent.Length); mscsp.TransformBlock(bytes, 0, 2, bytes, 0); mscsp.TransformFinalBlock(p.Exponent, 0, p.Exponent.Length); // create signature bytes = mscsp.CreateSignature(m_Options.Certificate); kes.Write(new byte[] { (byte)(bytes.Length / 256), (byte)(bytes.Length % 256) }, 0, 2); kes.Write(bytes, 0, bytes.Length); // write to output temp.type = HandshakeType.ServerKeyExchange; temp.fragment = kes.ToArray(); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); kes.Close(); } else { m_KeyCipher = (RSACryptoServiceProvider)m_Options.Certificate.PrivateKey; } // CertificateRequest message [optional] if (m_MutualAuthentication) { bytes = GetDistinguishedNames(); if (bytes.Length != 0) // make sure at least one certificate is returned { temp.type = HandshakeType.CertificateRequest; temp.fragment = new byte[bytes.Length + 4]; temp.fragment[0] = 1; // one certificate type supported temp.fragment[1] = 1; // cert type RSA temp.fragment[2] = (byte)(bytes.Length / 256); temp.fragment[3] = (byte)(bytes.Length % 256); Array.Copy(bytes, 0, temp.fragment, 4, bytes.Length); bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); } } // ServerHelloDone message temp.type = HandshakeType.ServerHelloDone; temp.fragment = new byte[0]; bytes = temp.ToBytes(); retMessage.Write(bytes, 0, bytes.Length); // final adjustments ret.Status = SslStatus.ContinueNeeded; ret.Message = retMessage.ToArray(); retMessage.Close(); UpdateHashes(ret.Message, HashUpdate.All); // output message ret.Message = m_RecordLayer.EncryptBytes(ret.Message, 0, ret.Message.Length, ContentType.Handshake); return(ret); }