public SecureChannelHandshakeAuthentication(SecureChannelHandshakeKeyExchange keyExchange, SecureChannelHandshakeHello serverHello, SecureChannelHandshakeHello clientHello, BinaryNumber userId, byte[] privateKey)
: base(SecureChannelCode.None)
{
_userId = userId;
switch (serverHello.SupportedCiphers)
{
case SecureChannelCipherSuite.DHE2048_RSA2048_WITH_AES256_CBC_HMAC_SHA256:
case SecureChannelCipherSuite.ECDHE256_RSA2048_WITH_AES256_CBC_HMAC_SHA256:
using (RSA rsa = RSA.Create())
{
RSAParameters rsaPrivateKey = DEREncoding.DecodeRSAPrivateKey(privateKey);
rsa.ImportParameters(rsaPrivateKey);
if (rsa.KeySize != 2048)
{
throw new SecureChannelException(SecureChannelCode.PeerAuthenticationFailed, null, _userId, "RSA key size is not valid for selected crypto option: " + serverHello.SupportedCiphers.ToString());
}
_publicKey = DEREncoding.EncodeRSAPublicKey(rsaPrivateKey);
if (!SecureChannelStream.IsUserIdValid(_publicKey, _userId))
{
throw new SecureChannelException(SecureChannelCode.PeerAuthenticationFailed, null, _userId, "UserId does not match with public key.");
}
using (MemoryStream mS = new MemoryStream())
{
mS.Write(keyExchange.EphemeralPublicKey);
mS.Write(serverHello.Nonce.Value);
mS.Write(clientHello.Nonce.Value);
mS.Position = 0;
_signature = rsa.SignData(mS, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
}
break;
default:
throw new SecureChannelException(SecureChannelCode.NoMatchingCipherAvailable, null, null);
}
}
public static byte[] GetPublicKeyFromPrivateKey(byte[] privateKey)
{
return(DEREncoding.EncodeRSAPublicKey(DEREncoding.DecodeRSAPrivateKey(privateKey)));
}