private void verifySignature() { MD5SHA1 hash = new MD5SHA1(); // Calculate size of server params int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4; // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(this.ToArray(), 0, size); hash.ComputeHash(stream.ToArray()); stream.Reset(); bool isValidSignature = hash.VerifySignature( this.Context.ServerSettings.CertificateRSA, this.signedParams); if (!isValidSignature) { throw new TlsException( AlertDescription.DecodeError, "Data was not signed with the server certificate."); } }
protected override void ProcessAsTls1() { AsymmetricAlgorithm asymmetricAlgorithm = null; ClientContext clientContext = (ClientContext)base.Context; asymmetricAlgorithm = clientContext.SslStream.RaisePrivateKeySelection(clientContext.ClientSettings.ClientCertificate, clientContext.ClientSettings.TargetHost); if (asymmetricAlgorithm == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } MD5SHA1 md5SHA = new MD5SHA1(); md5SHA.ComputeHash(clientContext.HandshakeMessages.ToArray(), 0, (int)clientContext.HandshakeMessages.Length); byte[] array = null; if (!(asymmetricAlgorithm is RSACryptoServiceProvider)) { try { array = md5SHA.CreateSignature((RSA)asymmetricAlgorithm); } catch (NotImplementedException) { } } if (array == null) { RSA clientCertRSA = this.getClientCertRSA((RSA)asymmetricAlgorithm); array = md5SHA.CreateSignature(clientCertRSA); } base.Write((short)array.Length); this.Write(array, 0, array.Length); }
protected override void ProcessAsTls1() { HashAlgorithm hashAlgorithm = new MD5SHA1(); byte[] array = base.Context.HandshakeMessages.ToArray(); byte[] data = hashAlgorithm.ComputeHash(array, 0, array.Length); Write(base.Context.Write.Cipher.PRF(base.Context.MasterSecret, "client finished", data, 12)); }
public HandshakeHash() { hashes = new IRunningHash [5]; hashes [0] = new MD5SHA1(); hashes [1] = new SHA1CryptoServiceProvider(); hashes [2] = new SHA256Managed(); hashes [3] = new SHA384Managed(); hashes [4] = new SHA512Managed(); }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 mD5SHA = new MD5SHA1(); TlsStream tlsStream = new TlsStream(); tlsStream.Write(base.Context.RandomCS); tlsStream.Write(buffer, 0, buffer.Length); mD5SHA.ComputeHash(tlsStream.ToArray()); tlsStream.Reset(); return(mD5SHA.CreateSignature(rsa)); }
protected override void ProcessAsTls1() { // Compute handshake messages hash HashAlgorithm hash = new MD5SHA1(); var data = Context.HandshakeMessages.ToArray(); var digest = hash.ComputeHash(data, 0, data.Length); // Write message Write(Context.Current.Cipher.PRF( Context.MasterSecret, "server finished", digest, 12)); }
protected override void ProcessAsTls1() { byte[] buffer = base.ReadBytes((int)this.Length); HashAlgorithm hashAlgorithm = new MD5SHA1(); byte[] array = base.Context.HandshakeMessages.ToArray(); byte[] data = hashAlgorithm.ComputeHash(array, 0, array.Length); byte[] buffer2 = base.Context.Current.Cipher.PRF(base.Context.MasterSecret, "client finished", data, 12); if (!HandshakeMessage.Compare(buffer, buffer2)) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
protected override void ProcessAsTls1() { AsymmetricAlgorithm privKey = null; ClientContext context = (ClientContext)this.Context; privKey = context.SslStream.RaisePrivateKeySelection( context.ClientSettings.ClientCertificate, context.ClientSettings.TargetHost); if (privKey == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } else { // Compute handshake messages hash MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); // CreateSignature uses ((RSA)privKey).DecryptValue which is not implemented // in RSACryptoServiceProvider. Other implementations likely implement DecryptValue // so we will try the CreateSignature method. byte[] signature = null; #if !MOONLIGHT if (!(privKey is RSACryptoServiceProvider)) #endif { try { signature = hash.CreateSignature((RSA)privKey); } catch (NotImplementedException) { } } // If DecryptValue is not implemented, then try to export the private // key and let the RSAManaged class do the DecryptValue if (signature == null) { // RSAManaged of the selected ClientCertificate // (at this moment the first one) RSA rsa = this.getClientCertRSA((RSA)privKey); // Write message signature = hash.CreateSignature(rsa); } this.Write((short)signature.Length); this.Write(signature, 0, signature.Length); } }
protected override void ProcessAsTls1() { ServerContext context = (ServerContext)this.Context; byte[] rgbSignature = this.ReadBytes((int)this.ReadInt16()); MD5SHA1 md5ShA1 = new MD5SHA1(); md5ShA1.ComputeHash(context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); if (!md5ShA1.VerifySignature((RSA)context.ClientSettings.CertificateRSA, rgbSignature)) { throw new TlsException(AlertDescription.HandshakeFailiure, "Handshake Failure."); } }
protected override void ProcessAsTls1() { byte[] buffer = ReadBytes((int)Length); HashAlgorithm hashAlgorithm = new MD5SHA1(); byte[] array = base.Context.HandshakeMessages.ToArray(); byte[] data = hashAlgorithm.ComputeHash(array, 0, array.Length); byte[] buffer2 = base.Context.Current.Cipher.PRF(base.Context.MasterSecret, "server finished", data, 12); if (!HandshakeMessage.Compare(buffer2, buffer)) { throw new TlsException("Invalid ServerFinished message received."); } }
protected override void ProcessAsTls1() { // Compute handshake messages hash HashAlgorithm hash = new MD5SHA1(); // note: we could call HashAlgorithm.ComputeHash(Stream) but that would allocate (on Mono) // a 4096 bytes buffer to process the hash - which is bigger than HandshakeMessages var data = Context.HandshakeMessages.ToArray(); var digest = hash.ComputeHash(data, 0, data.Length); // Write message Write(Context.Write.Cipher.PRF(Context.MasterSecret, "client finished", digest, 12)); }
protected override void ProcessAsTls1() { ServerContext serverContext = (ServerContext)base.Context; int count = ReadInt16(); byte[] rgbSignature = ReadBytes(count); MD5SHA1 mD5SHA = new MD5SHA1(); mD5SHA.ComputeHash(serverContext.HandshakeMessages.ToArray(), 0, (int)serverContext.HandshakeMessages.Length); if (!mD5SHA.VerifySignature(serverContext.ClientSettings.CertificateRSA, rgbSignature)) { throw new TlsException(AlertDescription.HandshakeFailiure, "Handshake Failure."); } }
private void verifySignature() { MD5SHA1 mD5SHA = new MD5SHA1(); int count = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4; TlsStream tlsStream = new TlsStream(); tlsStream.Write(base.Context.RandomCS); tlsStream.Write(ToArray(), 0, count); mD5SHA.ComputeHash(tlsStream.ToArray()); tlsStream.Reset(); if (!mD5SHA.VerifySignature(base.Context.ServerSettings.CertificateRSA, signedParams)) { throw new TlsException(AlertDescription.DecodeError, "Data was not signed with the server certificate."); } }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 hash = new MD5SHA1(); // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(buffer, 0, buffer.Length); hash.ComputeHash(stream.ToArray()); stream.Reset(); return(hash.CreateSignature(rsa)); }
protected override void ProcessAsTls1() { byte[] clientPRF = this.ReadBytes((int)this.Length); HashAlgorithm hash = new MD5SHA1(); byte[] data = this.Context.HandshakeMessages.ToArray(); byte[] digest = hash.ComputeHash(data, 0, data.Length); byte[] serverPRF = this.Context.Current.Cipher.PRF( this.Context.MasterSecret, "client finished", digest, 12); // Check client prf against server prf if (!Compare(clientPRF, serverPRF)) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
protected override void ProcessAsTls1() { var serverPRF = ReadBytes((int)Length); HashAlgorithm hash = new MD5SHA1(); // note: we could call HashAlgorithm.ComputeHash(Stream) but that would allocate (on Mono) // a 4096 bytes buffer to process the hash - which is bigger than HandshakeMessages var data = Context.HandshakeMessages.ToArray(); var digest = hash.ComputeHash(data, 0, data.Length); var clientPRF = Context.Current.Cipher.PRF(Context.MasterSecret, "server finished", digest, 12); // Check server prf against client prf if (!Compare(clientPRF, serverPRF)) { throw new TlsException("Invalid ServerFinished message received."); } }
protected override void ProcessAsTls1() { var context = (ServerContext)Context; int length = ReadInt16(); var signature = ReadBytes(length); // Verify signature var hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); if (!hash.VerifySignature(context.ClientSettings.CertificateRSA, signature)) { throw new TlsException(AlertDescription.HandshakeFailiure, "Handshake Failure."); } }
public void PKCS15_SignAndVerify_UnknownHash () { // this hash algorithm isn't known from CryptoConfig so no OID is available MD5SHA1 hash = new MD5SHA1 (); byte[] value = GetValue (hash.HashSize >> 3); byte[] unknown = PKCS1.Sign_v15 (rsa, hash, value); Assert.IsTrue (PKCS1.Verify_v15 (rsa, hash, value, unknown), "Verify"); }