mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerFinished.cs

   1 // Transport Security Layer (TLS)
   2 // Copyright (c) 2003-2004 Carlos Guzman Alvarez
   3 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
   4 //
   5 // Permission is hereby granted, free of charge, to any person obtaining
   6 // a copy of this software and associated documentation files (the
   7 // "Software"), to deal in the Software without restriction, including
   8 // without limitation the rights to use, copy, modify, merge, publish,
   9 // distribute, sublicense, and/or sell copies of the Software, and to
  10 // permit persons to whom the Software is furnished to do so, subject to
  11 // the following conditions:
  12 //
  13 // The above copyright notice and this permission notice shall be
  14 // included in all copies or substantial portions of the Software.
  15 //
  16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  18 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  23 //
  24
  25 using System;
  26 using System.Security.Cryptography;
  27
  28 using Mono.Security.Cryptography;
  29
  30 namespace Mono.Security.Protocol.Tls.Handshake.Client
  31 {
  32         internal class TlsServerFinished : HandshakeMessage
  33         {
  34                 #region Constructors
  35
  36                 public TlsServerFinished(Context context, byte[] buffer)
  37                         : base(context, HandshakeType.Finished, buffer)
  38                 {
  39                 }
  40
  41                 #endregion
  42
  43                 #region Methods
  44
  45                 public override void Update()
  46                 {
  47                         base.Update();
  48
  49                         // Hahdshake is finished
  50                         this.Context.HandshakeState = HandshakeState.Finished;
  51                 }
  52
  53                 #endregion
  54
  55                 #region Protected Methods
  56
  57                 static private byte[] Ssl3Marker = new byte [4] { 0x53, 0x52, 0x56, 0x52 };
  58
  59                 protected override void ProcessAsSsl3()
  60                 {
  61                         // Compute handshake messages hashes
  62                         HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);
  63
  64                         byte[] data = this.Context.HandshakeMessages.ToArray ();
  65                         hash.TransformBlock (data, 0, data.Length, data, 0);
  66                         hash.TransformBlock (Ssl3Marker, 0, Ssl3Marker.Length, Ssl3Marker, 0);
  67                         // hack to avoid memory allocation
  68                         hash.TransformFinalBlock (CipherSuite.EmptyArray, 0, 0);
  69
  70                         byte[] serverHash       = this.ReadBytes((int)Length);
  71                         byte[] clientHash       = hash.Hash;
  72
  73                         // Check server prf against client prf
  74                         if (!Compare (clientHash, serverHash))
  75                         {
  76 #warning Review that selected alert is correct
  77                                 throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received.");
  78                         }
  79                 }
  80
  81                 protected override void ProcessAsTls1()
  82                 {
  83                         byte[]                  serverPRF       = this.ReadBytes((int)Length);
  84                         HashAlgorithm   hash            = new MD5SHA1();
  85
  86                         // note: we could call HashAlgorithm.ComputeHash(Stream) but that would allocate (on Mono)
  87                         // a 4096 bytes buffer to process the hash - which is bigger than HandshakeMessages
  88                         byte[] data = this.Context.HandshakeMessages.ToArray ();
  89                         byte[] digest = hash.ComputeHash (data, 0, data.Length);
  90
  91                         byte[] clientPRF = this.Context.Current.Cipher.PRF(this.Context.MasterSecret, "server finished", digest, 12);
  92
  93                         // Check server prf against client prf
  94                         if (!Compare (clientPRF, serverPRF))
  95                         {
  96                                 throw new TlsException("Invalid ServerFinished message received.");
  97                         }
  98                 }
  99
 100                 #endregion
 101         }
 102 }