protected override void SendCertificateVerifyMessage(DigitallySigned certificateVerify) { if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null) { certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature); } base.SendCertificateVerifyMessage(certificateVerify); }
protected override byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify) { if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null) { certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature); } return base.GenerateCertificateVerify(state, certificateVerify); }
protected override byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify) { if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null) { certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature); } return(base.GenerateCertificateVerify(state, certificateVerify)); }
protected virtual DigitallySigned ParseSignature(Stream input) { DigitallySigned digitallySigned = DigitallySigned.Parse(mContext, input); SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm; if (algorithm != null) { TlsUtilities.VerifySupportedSignatureAlgorithm(mSupportedSignatureAlgorithms, algorithm); } return(digitallySigned); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer signerInputBuffer = new SignerInputBuffer(); Stream input2 = new TeeInputStream(input, signerInputBuffer); ServerDHParams serverDHParams = ServerDHParams.Parse(input2); DigitallySigned digitallySigned = ParseSignature(input); ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters); signerInputBuffer.UpdateSigner(signer); if (!signer.VerifySignature(digitallySigned.Signature)) { throw new TlsFatalAlert(51); } mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey); mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer signerInputBuffer = new SignerInputBuffer(); Stream input2 = new TeeInputStream(input, signerInputBuffer); ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input2); byte[] encoding = TlsUtilities.ReadOpaque8(input2); DigitallySigned digitallySigned = ParseSignature(input); ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters); signerInputBuffer.UpdateSigner(signer); if (!signer.VerifySignature(digitallySigned.Signature)) { throw new TlsFatalAlert(51); } mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding)); }
public override byte[] GenerateServerKeyExchange() { DigestInputBuffer digestInputBuffer = new DigestInputBuffer(); mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, digestInputBuffer); SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials); IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); digestInputBuffer.UpdateDigest(digest); byte[] hash = DigestUtilities.DoFinal(digest); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature); digitallySigned.Encode(digestInputBuffer); return(digestInputBuffer.ToArray()); }
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf) { if (mCertificateRequest == null) { throw new InvalidOperationException(); } DigitallySigned digitallySigned = DigitallySigned.Parse(Context, buf); TlsProtocol.AssertEmpty(buf); try { SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm; byte[] hash; if (TlsUtilities.IsTlsV12(Context)) { TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm); hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash); } else { hash = mSecurityParameters.SessionHash; } X509CertificateStructure certificateAt = mPeerCertificate.GetCertificateAt(0); SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo; AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo); TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType); tlsSigner.Init(Context); if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash)) { throw new TlsFatalAlert(51); } } catch (TlsFatalAlert tlsFatalAlert) { throw tlsFatalAlert; } catch (Exception alertCause) { throw new TlsFatalAlert(51, alertCause); } }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer signerInputBuffer = null; Stream input2 = input; if (mTlsSigner != null) { signerInputBuffer = new SignerInputBuffer(); input2 = new TeeInputStream(input, signerInputBuffer); } ServerSrpParams serverSrpParams = ServerSrpParams.Parse(input2); if (signerInputBuffer != null) { DigitallySigned digitallySigned = ParseSignature(input); ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters); signerInputBuffer.UpdateSigner(signer); if (!signer.VerifySignature(digitallySigned.Signature)) { throw new TlsFatalAlert(51); } } mSrpGroup = new Srp6GroupParameters(serverSrpParams.N, serverSrpParams.G); if (!mGroupVerifier.Accept(mSrpGroup)) { throw new TlsFatalAlert(71); } mSrpSalt = serverSrpParams.S; try { mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, serverSrpParams.B); } catch (CryptoException alertCause) { throw new TlsFatalAlert(47, alertCause); } mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(2), mContext.SecureRandom); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer buf = new SignerInputBuffer(); Stream teeIn = new TeeInputStream(input, buf); ServerDHParams dhParams = ServerDHParams.Parse(teeIn); DigitallySigned signed_params = ParseSignature(input); mSignatureAndHashAlgorithm = signed_params.Algorithm; ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters); buf.UpdateSigner(signer); if (!signer.VerifySignature(signed_params.Signature)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey); this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); }
public override byte[] GenerateServerKeyExchange() { mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(2), mContext.SecureRandom); BigInteger b = mSrpServer.GenerateServerCredentials(); ServerSrpParams serverSrpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, b); DigestInputBuffer digestInputBuffer = new DigestInputBuffer(); serverSrpParams.Encode(digestInputBuffer); if (mServerCredentials != null) { SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials); IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); digestInputBuffer.UpdateDigest(digest); byte[] array = new byte[digest.GetDigestSize()]; digest.DoFinal(array, 0); byte[] signature = mServerCredentials.GenerateCertificateSignature(array); DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature); digitallySigned.Encode(digestInputBuffer); } return(digestInputBuffer.ToArray()); }