-/* Transport Security Layer (TLS)
- * Copyright (c) 2003 Carlos Guzmán Álvarez
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without restriction,
- * including without limitation the rights to use, copy, modify, merge,
- * publish, distribute, sublicense, and/or sell copies of the Software,
- * and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included
- * in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
using System;
namespace Mono.Security.Protocol.Tls.Handshake.Client
{
- internal class TlsServerHello : TlsHandshakeMessage
+ internal class TlsServerHello : HandshakeMessage
{
- #region FIELDS
+ #region Fields
- private TlsProtocol protocol;
- private TlsCompressionMethod compressionMethod;
+ private SecurityCompressionType compressionMethod;
private byte[] random;
private byte[] sessionId;
private CipherSuite cipherSuite;
#endregion
- #region CONSTRUCTORS
+ #region Constructors
- public TlsServerHello(TlsSession session, byte[] buffer)
- : base(session, TlsHandshakeType.ServerHello, buffer)
+ public TlsServerHello(Context context, byte[] buffer)
+ : base(context, HandshakeType.ServerHello, buffer)
{
}
#endregion
- #region METHODS
+ #region Methods
- public override void UpdateSession()
+ public override void Update()
{
- base.UpdateSession();
+ base.Update();
- this.Session.SetSessionId(this.sessionId);
- this.Session.Context.ServerRandom = this.random;
- this.Session.Context.Cipher = this.cipherSuite;
- this.Session.Context.CompressionMethod = this.compressionMethod;
- this.Session.Context.Cipher.Context = this.Session.Context;
+ this.Context.SessionId = this.sessionId;
+ this.Context.ServerRandom = this.random;
+ this.Context.Negotiating.Cipher = this.cipherSuite;
+ this.Context.CompressionMethod = this.compressionMethod;
+ this.Context.ProtocolNegotiated = true;
+ DebugHelper.WriteLine("Selected Cipher Suite {0}", this.cipherSuite.Name);
+ DebugHelper.WriteLine("Client random", this.Context.ClientRandom);
+ DebugHelper.WriteLine("Server random", this.Context.ServerRandom);
+
// Compute ClientRandom + ServerRandom
- TlsStream random = new TlsStream();
- random.Write(this.Session.Context.ClientRandom);
- random.Write(this.Session.Context.ServerRandom);
- this.Session.Context.RandomCS = random.ToArray();
-
+ int clen = this.Context.ClientRandom.Length;
+ int slen = this.Context.ServerRandom.Length;
+ int rlen = clen + slen;
+ byte[] cs = new byte[rlen];
+ Buffer.BlockCopy (this.Context.ClientRandom, 0, cs, 0, clen);
+ Buffer.BlockCopy (this.Context.ServerRandom, 0, cs, clen, slen);
+ this.Context.RandomCS = cs;
+
// Server Random + Client Random
- random.Reset();
- random.Write(this.Session.Context.ServerRandom);
- random.Write(this.Session.Context.ClientRandom);
-
- this.Session.Context.RandomSC = random.ToArray();
- random.Reset();
+ byte[] sc = new byte[rlen];
+ Buffer.BlockCopy (this.Context.ServerRandom, 0, sc, 0, slen);
+ Buffer.BlockCopy (this.Context.ClientRandom, 0, sc, slen, clen);
+ this.Context.RandomSC = sc;
}
#endregion
- #region PROTECTED_METHODS
+ #region Protected Methods
protected override void ProcessAsSsl3()
{
- #warning "Check that the protocol sent by the server is supported"
+ this.ProcessAsTls1();
+ }
+
+ protected override void ProcessAsTls1()
+ {
// Read protocol version
- this.protocol = (TlsProtocol)this.ReadInt16();
+ this.processProtocol(this.ReadInt16());
// Read random - Unix time + Random bytes
- this.random = this.ReadBytes(32);
-
+ this.random = this.ReadBytes(32);
+
// Read Session id
- int length = (int)ReadByte();
+ int length = (int) ReadByte ();
if (length > 0)
{
this.sessionId = this.ReadBytes(length);
+ ClientSessionCache.Add (this.Context.ClientSettings.TargetHost, this.sessionId);
+ this.Context.AbbreviatedHandshake = Compare (this.sessionId, this.Context.SessionId);
+ }
+ else
+ {
+ this.Context.AbbreviatedHandshake = false;
}
// Read cipher suite
short cipherCode = this.ReadInt16();
- if (this.Session.Context.SupportedCiphers.IndexOf(cipherCode) == -1)
+ if (this.Context.SupportedCiphers.IndexOf(cipherCode) == -1)
{
// The server has sent an invalid ciphersuite
- throw new TlsException("Invalid cipher suite received from server");
+ throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid cipher suite received from server");
}
- this.cipherSuite = this.Session.Context.SupportedCiphers[cipherCode];
+ this.cipherSuite = this.Context.SupportedCiphers[cipherCode];
// Read compression methods ( always 0 )
- this.compressionMethod = (TlsCompressionMethod)this.ReadByte();
+ this.compressionMethod = (SecurityCompressionType)this.ReadByte();
}
- protected override void ProcessAsTls1()
+ #endregion
+
+ #region Private Methods
+
+ private void processProtocol(short protocol)
{
- // Read protocol version
- this.protocol = (TlsProtocol)this.ReadInt16();
-
- // Read random - Unix time + Random bytes
- this.random = this.ReadBytes(32);
-
- // Read Session id
- int length = (int)ReadByte();
- if (length > 0)
+ SecurityProtocolType serverProtocol = this.Context.DecodeProtocolCode(protocol);
+
+ if ((serverProtocol & this.Context.SecurityProtocolFlags) == serverProtocol ||
+ (this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
{
- this.sessionId = this.ReadBytes(length);
- }
+ this.Context.SecurityProtocol = serverProtocol;
+ this.Context.SupportedCiphers.Clear();
+ this.Context.SupportedCiphers = null;
+ this.Context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(serverProtocol);
- // Read cipher suite
- short cipherCode = this.ReadInt16();
- if (this.Session.Context.SupportedCiphers.IndexOf(cipherCode) == -1)
+ DebugHelper.WriteLine("Selected protocol {0}", serverProtocol);
+ }
+ else
{
- // The server has sent an invalid ciphersuite
- throw new TlsException("Invalid cipher suite received from server");
+ throw new TlsException(
+ AlertDescription.ProtocolVersion,
+ "Incorrect protocol version received from server");
}
- this.cipherSuite = this.Session.Context.SupportedCiphers[cipherCode];
-
- // Read compression methods ( always 0 )
- this.compressionMethod = (TlsCompressionMethod)this.ReadByte();
}
#endregion
}
-}
\ No newline at end of file
+}