Ejemplo n.º 1
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = mContext.SecurityParameters;

            SignerInputBuffer buf   = null;
            Stream            teeIn = input;

            if (mTlsSigner != null)
            {
                buf   = new SignerInputBuffer();
                teeIn = new TeeInputStream(input, buf);
            }

            ServerSrpParams srpParams = ServerSrpParams.Parse(teeIn);

            if (buf != null)
            {
                DigitallySigned signed_params = DigitallySigned.Parse(mContext, input);

                ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
                buf.UpdateSigner(signer);
                if (!signer.VerifySignature(signed_params.Signature))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }

            this.mSrpGroup = new Srp6GroupParameters(srpParams.N, srpParams.G);

            if (!mGroupVerifier.Accept(mSrpGroup))
            {
                throw new TlsFatalAlert(AlertDescription.insufficient_security);
            }

            this.mSrpSalt = srpParams.S;

            /*
             * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
             * B % N = 0.
             */
            try
            {
                this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, srpParams.B);
            }
            catch (CryptoException e)
            {
                throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
            }

            this.mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
        }
Ejemplo n.º 2
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = mContext.SecurityParameters;
            SignerInputBuffer  signerInputBuffer  = null;
            Stream             input2             = input;

            if (mTlsSigner != null)
            {
                signerInputBuffer = new SignerInputBuffer();
                input2            = (Stream)(object)new TeeInputStream(input, (Stream)(object)signerInputBuffer);
            }
            ServerSrpParams serverSrpParams = ServerSrpParams.Parse(input2);

            if (signerInputBuffer != null)
            {
                DigitallySigned digitallySigned = ParseSignature(input);
                ISigner         signer          = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
                signerInputBuffer.UpdateSigner(signer);
                if (!signer.VerifySignature(digitallySigned.Signature))
                {
                    throw new TlsFatalAlert(51);
                }
            }
            mSrpGroup = new Srp6GroupParameters(serverSrpParams.N, serverSrpParams.G);
            if (!mGroupVerifier.Accept(mSrpGroup))
            {
                throw new TlsFatalAlert(71);
            }
            mSrpSalt = serverSrpParams.S;
            try
            {
                mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, serverSrpParams.B);
            }
            catch (CryptoException alertCause)
            {
                throw new TlsFatalAlert(47, alertCause);
            }
            mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(2), mContext.SecureRandom);
        }