protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
DigitallySigned digitallySigned = DigitallySigned.Parse(this.Context, buf);
TlsProtocol.AssertEmpty(buf);
try
{
byte[] hash;
if (TlsUtilities.IsTlsV12(this.Context))
{
hash = this.mPrepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
}
else
{
hash = this.mSecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = this.mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)this.mClientCertificateType);
tlsSigner.Init(this.Context);
if (!tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
protected virtual void ProcessCertificateVerify(DtlsServerProtocol.ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
MemoryStream memoryStream = new MemoryStream(body, false);
TlsServerContextImpl serverContext = state.serverContext;
DigitallySigned digitallySigned = DigitallySigned.Parse(serverContext, memoryStream);
TlsProtocol.AssertEmpty(memoryStream);
bool flag = false;
try
{
byte[] hash;
if (TlsUtilities.IsTlsV12(serverContext))
{
hash = prepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
}
else
{
hash = serverContext.SecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(serverContext);
flag = tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash);
}
catch (Exception)
{
}
if (!flag)
{
throw new TlsFatalAlert(51);
}
}
protected virtual DigitallySigned ParseSignature(Stream input)
{
DigitallySigned signature = DigitallySigned.Parse(mContext, input);
SignatureAndHashAlgorithm signatureAlgorithm = signature.Algorithm;
if (signatureAlgorithm != null)
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mSupportedSignatureAlgorithms, signatureAlgorithm);
}
return(signature);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
SignerInputBuffer buf = null;
Stream teeIn = input;
if (mTlsSigner != null)
{
buf = new SignerInputBuffer();
teeIn = new TeeInputStream(input, buf);
}
byte[] NBytes = TlsUtilities.ReadOpaque16(teeIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(teeIn);
byte[] sBytes = TlsUtilities.ReadOpaque8(teeIn);
byte[] BBytes = TlsUtilities.ReadOpaque16(teeIn);
if (buf != null)
{
DigitallySigned signed_params = DigitallySigned.Parse(context, input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
BigInteger N = new BigInteger(1, NBytes);
BigInteger g = new BigInteger(1, gBytes);
// TODO Validate group parameters (see RFC 5054)
// throw new TlsFatalAlert(AlertDescription.insufficient_security);
this.mS = sBytes;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
* B % N = 0.
*/
try
{
this.mB = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
this.mSrpClient.Init(N, g, TlsUtilities.CreateHash(HashAlgorithm.sha1), context.SecureRandom);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer buf = null;
Stream teeIn = input;
if (mTlsSigner != null)
{
buf = new SignerInputBuffer();
teeIn = new TeeInputStream(input, buf);
}
ServerSrpParams srpParams = ServerSrpParams.Parse(teeIn);
if (buf != null)
{
DigitallySigned signed_params = DigitallySigned.Parse(mContext, input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
this.mSrpGroup = new Srp6GroupParameters(srpParams.N, srpParams.G);
if (!mGroupVerifier.Accept(mSrpGroup))
{
throw new TlsFatalAlert(AlertDescription.insufficient_security);
}
this.mSrpSalt = srpParams.S;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
* B % N = 0.
*/
try
{
this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, srpParams.B);
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
this.mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
}
protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
MemoryStream buf = new MemoryStream(body, false);
TlsServerContextImpl context = state.serverContext;
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(context, buf);
TlsProtocol.AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
hash = prepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
}
else
{
hash = context.SecurityParameters.SessionHash;
}
X509CertificateStructure x509Cert = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(context);
if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (TlsFatalAlert e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);
AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
hash = mPrepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure x509Cert = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (TlsFatalAlert e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_0010: Unknown result type (might be due to invalid IL or missing references)
//IL_0016: Expected O, but got Unknown
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
MemoryStream val = new MemoryStream(body, false);
TlsServerContextImpl serverContext = state.serverContext;
DigitallySigned digitallySigned = DigitallySigned.Parse(serverContext, (Stream)(object)val);
TlsProtocol.AssertEmpty(val);
try
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(serverContext))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, algorithm);
hash = prepareFinishHash.GetFinalHash(algorithm.Hash);
}
else
{
hash = serverContext.SecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(serverContext);
if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (TlsFatalAlert tlsFatalAlert)
{
throw tlsFatalAlert;
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
Stream input2 = new TeeInputStream(input, signerInputBuffer);
ServerDHParams serverDHParams = ServerDHParams.Parse(input2);
DigitallySigned digitallySigned = DigitallySigned.Parse(mContext, input);
ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
signerInputBuffer.UpdateSigner(signer);
if (!signer.VerifySignature(digitallySigned.Signature))
{
throw new TlsFatalAlert(51);
}
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey);
mDHParameters = mDHAgreePublicKey.Parameters;
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = this.mContext.SecurityParameters;
SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
Stream input2 = new TeeInputStream(input, signerInputBuffer);
ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(this.mNamedCurves, this.mClientECPointFormats, input2);
byte[] encoding = TlsUtilities.ReadOpaque8(input2);
DigitallySigned digitallySigned = DigitallySigned.Parse(this.mContext, input);
ISigner signer = this.InitVerifyer(this.mTlsSigner, digitallySigned.Algorithm, securityParameters);
signerInputBuffer.UpdateSigner(signer);
if (!signer.VerifySignature(digitallySigned.Signature))
{
throw new TlsFatalAlert(51);
}
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(this.mClientECPointFormats, curve_params, encoding));
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
DigitallySigned digitallySigned = DigitallySigned.Parse(Context, (Stream)(object)buf);
TlsProtocol.AssertEmpty(buf);
try
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm);
hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (TlsFatalAlert tlsFatalAlert)
{
throw tlsFatalAlert;
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
SignerInputBuffer buf = new SignerInputBuffer();
Stream teeIn = new TeeInputStream(input, buf);
ServerDHParams dhParams = ServerDHParams.Parse(teeIn);
DigitallySigned signed_params = DigitallySigned.Parse(context, input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
this.mDHAgreeServerPublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = this.mContext.SecurityParameters;
SignerInputBuffer signerInputBuffer = null;
Stream input2 = input;
if (this.mTlsSigner != null)
{
signerInputBuffer = new SignerInputBuffer();
input2 = new TeeInputStream(input, signerInputBuffer);
}
ServerSrpParams serverSrpParams = ServerSrpParams.Parse(input2);
if (signerInputBuffer != null)
{
DigitallySigned digitallySigned = DigitallySigned.Parse(this.mContext, input);
ISigner signer = this.InitVerifyer(this.mTlsSigner, digitallySigned.Algorithm, securityParameters);
signerInputBuffer.UpdateSigner(signer);
if (!signer.VerifySignature(digitallySigned.Signature))
{
throw new TlsFatalAlert(51);
}
}
this.mSrpGroup = new Srp6GroupParameters(serverSrpParams.N, serverSrpParams.G);
if (!this.mGroupVerifier.Accept(this.mSrpGroup))
{
throw new TlsFatalAlert(71);
}
this.mSrpSalt = serverSrpParams.S;
try
{
this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(this.mSrpGroup.N, serverSrpParams.B);
}
catch (CryptoException alertCause)
{
throw new TlsFatalAlert(47, alertCause);
}
this.mSrpClient.Init(this.mSrpGroup, TlsUtilities.CreateHash(2), this.mContext.SecureRandom);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer buf = new SignerInputBuffer();
Stream teeIn = new TeeInputStream(input, buf);
ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, teeIn);
byte[] point = TlsUtilities.ReadOpaque8(teeIn);
DigitallySigned signed_params = DigitallySigned.Parse(mContext, input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
mClientECPointFormats, curve_params, point));
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);
AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
byte[] certificateVerifyHash;
if (TlsUtilities.IsTlsV12(Context))
{
certificateVerifyHash = mPrepareFinishHash.GetFinalHash(clientCertificateVerify.Algorithm.Hash);
}
else
{
certificateVerifyHash = TlsProtocol.GetCurrentPrfHash(Context, mPrepareFinishHash, null);
}
X509CertificateStructure x509Cert = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(clientCertificateVerify.Algorithm,
clientCertificateVerify.Signature, publicKey, certificateVerifyHash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
