public TlsDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, TlsDHVerifier dhVerifier, DHParameters dhParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.mTlsSigner = null;
break;
case KeyExchangeAlgorithm.DHE_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.DHE_DSS:
this.mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mDHVerifier = dhVerifier;
this.mDHParameters = dhParameters;
}
internal TlsDHKeyExchange(TlsProtocolHandler handler, ICertificateVerifyer verifyer,
TlsKeyExchangeAlgorithm keyExchange)
{
switch (keyExchange)
{
case TlsKeyExchangeAlgorithm.KE_DH_RSA:
case TlsKeyExchangeAlgorithm.KE_DH_DSS:
this.tlsSigner = null;
break;
case TlsKeyExchangeAlgorithm.KE_DHE_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case TlsKeyExchangeAlgorithm.KE_DHE_DSS:
this.tlsSigner = new TlsDssSigner();
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.handler = handler;
this.verifyer = verifyer;
this.keyExchange = keyExchange;
}
public TlsECDHKeyExchange(int keyExchange, global::System.Collections.IList supportedSignatureAlgorithms, int[] namedCurves, byte[] clientECPointFormats, byte[] serverECPointFormats)
: base(keyExchange, supportedSignatureAlgorithms)
{
//IL_004d: Unknown result type (might be due to invalid IL or missing references)
switch (keyExchange)
{
case 19:
mTlsSigner = new TlsRsaSigner();
break;
case 17:
mTlsSigner = new TlsECDsaSigner();
break;
case 16:
case 18:
mTlsSigner = null;
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
mNamedCurves = namedCurves;
mClientECPointFormats = clientECPointFormats;
mServerECPointFormats = serverECPointFormats;
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
DigitallySigned digitallySigned = DigitallySigned.Parse(this.Context, buf);
TlsProtocol.AssertEmpty(buf);
try
{
byte[] hash;
if (TlsUtilities.IsTlsV12(this.Context))
{
hash = this.mPrepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
}
else
{
hash = this.mSecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = this.mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)this.mClientCertificateType);
tlsSigner.Init(this.Context);
if (!tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
public TlsECDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, int[] namedCurves,
byte[] clientECPointFormats, byte[] serverECPointFormats)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.ECDHE_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.ECDHE_ECDSA:
this.mTlsSigner = new TlsECDsaSigner();
break;
case KeyExchangeAlgorithm.ECDH_anon:
case KeyExchangeAlgorithm.ECDH_RSA:
case KeyExchangeAlgorithm.ECDH_ECDSA:
this.mTlsSigner = null;
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mNamedCurves = namedCurves;
this.mClientECPointFormats = clientECPointFormats;
this.mServerECPointFormats = serverECPointFormats;
}
protected virtual void ProcessCertificateVerify(DtlsServerProtocol.ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
MemoryStream memoryStream = new MemoryStream(body, false);
TlsServerContextImpl serverContext = state.serverContext;
DigitallySigned digitallySigned = DigitallySigned.Parse(serverContext, memoryStream);
TlsProtocol.AssertEmpty(memoryStream);
bool flag = false;
try
{
byte[] hash;
if (TlsUtilities.IsTlsV12(serverContext))
{
hash = prepareFinishHash.GetFinalHash(digitallySigned.Algorithm.Hash);
}
else
{
hash = serverContext.SecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(serverContext);
flag = tlsSigner.VerifyRawSignature(digitallySigned.Algorithm, digitallySigned.Signature, publicKey, hash);
}
catch (Exception)
{
}
if (!flag)
{
throw new TlsFatalAlert(51);
}
}
public TlsECDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, int[] namedCurves,
byte[] clientECPointFormats, byte[] serverECPointFormats)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.ECDHE_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.ECDHE_ECDSA:
this.mTlsSigner = new TlsECDsaSigner();
break;
case KeyExchangeAlgorithm.ECDH_anon:
case KeyExchangeAlgorithm.ECDH_RSA:
case KeyExchangeAlgorithm.ECDH_ECDSA:
this.mTlsSigner = null;
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mNamedCurves = namedCurves;
this.mClientECPointFormats = clientECPointFormats;
this.mServerECPointFormats = serverECPointFormats;
}
internal TlsSrpKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
byte[] identity, byte[] password)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.SRP:
this.tlsSigner = null;
break;
case KeyExchangeAlgorithm.SRP_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.SRP_DSS:
this.tlsSigner = new TlsDssSigner();
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.context = context;
this.keyExchange = keyExchange;
this.identity = identity;
this.password = password;
}
protected virtual ISigner InitSigner(TlsSigner tlsSigner, SecurityParameters securityParameters)
{
ISigner signer = tlsSigner.CreateVerifyer(this.serverPublicKey);
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
return signer;
}
protected virtual ISigner InitSigner(TlsSigner tlsSigner, SecurityParameters securityParameters)
{
ISigner signer = tlsSigner.CreateVerifyer(this.serverPublicKey);
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
return(signer);
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, TlsSrpGroupVerifier groupVerifier, byte[] identity, byte[] password) : base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = TlsSrpKeyExchange.CreateSigner(keyExchange);
this.mGroupVerifier = groupVerifier;
this.mIdentity = identity;
this.mPassword = password;
this.mSrpClient = new Srp6Client();
}
protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm,
SecurityParameters securityParameters)
{
ISigner signer = tlsSigner.CreateVerifyer(algorithm, this.mServerPublicKey);
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
return signer;
}
protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)
{
ISigner signer = tlsSigner.CreateVerifyer(algorithm, mServerPublicKey);
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
return(signer);
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity, TlsSrpLoginParameters loginParameters) : base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = TlsSrpKeyExchange.CreateSigner(keyExchange);
this.mIdentity = identity;
this.mSrpServer = new Srp6Server();
this.mSrpGroup = loginParameters.Group;
this.mSrpVerifier = loginParameters.Verifier;
this.mSrpSalt = loginParameters.Salt;
}
public TlsSrpKeyExchange(int keyExchange, global::System.Collections.IList supportedSignatureAlgorithms, TlsSrpGroupVerifier groupVerifier, byte[] identity, byte[] password)
: base(keyExchange, supportedSignatureAlgorithms)
{
mTlsSigner = CreateSigner(keyExchange);
mGroupVerifier = groupVerifier;
mIdentity = identity;
mPassword = password;
mSrpClient = new Srp6Client();
}
public TlsSrpKeyExchange(int keyExchange, global::System.Collections.IList supportedSignatureAlgorithms, byte[] identity, TlsSrpLoginParameters loginParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
mTlsSigner = CreateSigner(keyExchange);
mIdentity = identity;
mSrpServer = new Srp6Server();
mSrpGroup = loginParameters.Group;
mSrpVerifier = loginParameters.Verifier;
mSrpSalt = loginParameters.Salt;
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, TlsSrpGroupVerifier groupVerifier,
byte[] identity, byte[] password)
: base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = CreateSigner(keyExchange);
this.mGroupVerifier = groupVerifier;
this.mIdentity = identity;
this.mPassword = password;
this.mSrpClient = new Srp6Client();
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity,
TlsSrpLoginParameters loginParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = CreateSigner(keyExchange);
this.mIdentity = identity;
this.mSrpServer = new Srp6Server();
this.mSrpGroup = loginParameters.Group;
this.mSrpVerifier = loginParameters.Verifier;
this.mSrpSalt = loginParameters.Salt;
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
//IL_000e: Unknown result type (might be due to invalid IL or missing references)
//IL_0026: Unknown result type (might be due to invalid IL or missing references)
//IL_0034: Unknown result type (might be due to invalid IL or missing references)
//IL_004c: Unknown result type (might be due to invalid IL or missing references)
//IL_0068: Unknown result type (might be due to invalid IL or missing references)
//IL_00c2: Unknown result type (might be due to invalid IL or missing references)
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (certificate.IsEmpty)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (privateKey == null)
{
throw new ArgumentNullException("privateKey");
}
if (!privateKey.IsPrivate)
{
throw new ArgumentException("must be private", "privateKey");
}
if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
{
throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");
}
if (privateKey is RsaKeyParameters)
{
mSigner = new TlsRsaSigner();
}
else if (privateKey is DsaPrivateKeyParameters)
{
mSigner = new TlsDssSigner();
}
else
{
if (!(privateKey is ECPrivateKeyParameters))
{
throw new ArgumentException("type not supported: " + Platform.GetTypeName(privateKey), "privateKey");
}
mSigner = new TlsECDsaSigner();
}
mSigner.Init(context);
mContext = context;
mCertificate = certificate;
mPrivateKey = privateKey;
mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
MemoryStream buf = new MemoryStream(body, false);
TlsServerContextImpl context = state.serverContext;
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(context, buf);
TlsProtocol.AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
hash = prepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
}
else
{
hash = context.SecurityParameters.SessionHash;
}
X509CertificateStructure x509Cert = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(context);
if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (TlsFatalAlert e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey,
SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (certificate.IsEmpty)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (privateKey == null)
{
throw new ArgumentNullException("privateKey");
}
if (!privateKey.IsPrivate)
{
throw new ArgumentException("must be private", "privateKey");
}
if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
{
throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");
}
if (privateKey is RsaKeyParameters)
{
mSigner = new TlsRsaSigner();
}
else if (privateKey is DsaPrivateKeyParameters)
{
mSigner = new TlsDssSigner();
}
else if (privateKey is ECPrivateKeyParameters)
{
mSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: " + Platform.GetTypeName(privateKey), "privateKey");
}
this.mSigner.Init(context);
this.mContext = context;
this.mCertificate = certificate;
this.mPrivateKey = privateKey;
this.mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
public void Signer_Test()
{
//Arrange
var privateKeyPath = "private_key";
var publicKeyPath = "public_key";
var identity = "test";
var appId = "140013494912";
var tlsSigner = new TlsSigner(appId, privateKeyPath, publicKeyPath);
//Act
var signature = tlsSigner.Sign(identity);
var verify = tlsSigner.Verify(identity, signature);
//Assert
verify.ShouldBeTrue();
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);
AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
SignatureAndHashAlgorithm signatureAlgorithm = clientCertificateVerify.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, signatureAlgorithm);
hash = mPrepareFinishHash.GetFinalHash(signatureAlgorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure x509Cert = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(signatureAlgorithm, clientCertificateVerify.Signature, publicKey, hash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (TlsFatalAlert e)
{
throw e;
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
protected virtual void ProcessCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_0010: Unknown result type (might be due to invalid IL or missing references)
//IL_0016: Expected O, but got Unknown
if (state.certificateRequest == null)
{
throw new InvalidOperationException();
}
MemoryStream val = new MemoryStream(body, false);
TlsServerContextImpl serverContext = state.serverContext;
DigitallySigned digitallySigned = DigitallySigned.Parse(serverContext, (Stream)(object)val);
TlsProtocol.AssertEmpty(val);
try
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(serverContext))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(state.certificateRequest.SupportedSignatureAlgorithms, algorithm);
hash = prepareFinishHash.GetFinalHash(algorithm.Hash);
}
else
{
hash = serverContext.SecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = state.clientCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)state.clientCertificateType);
tlsSigner.Init(serverContext);
if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (TlsFatalAlert tlsFatalAlert)
{
throw tlsFatalAlert;
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
DigitallySigned digitallySigned = DigitallySigned.Parse(Context, (Stream)(object)buf);
TlsProtocol.AssertEmpty(buf);
try
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm);
hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (TlsFatalAlert tlsFatalAlert)
{
throw tlsFatalAlert;
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
public DefaultTlsSignerCredentials(TlsClientContext context,
Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is RsaKeyParameters)
{
clientSigner = new TlsRsaSigner();
}
else if (clientPrivateKey is DsaPrivateKeyParameters)
{
clientSigner = new TlsDssSigner();
}
else if (clientPrivateKey is ECPrivateKeyParameters)
{
clientSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.context = context;
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
public DefaultTlsSignerCredentials(TlsClientContext context,
Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is RsaKeyParameters)
{
clientSigner = new TlsRsaSigner();
}
else if (clientPrivateKey is DsaPrivateKeyParameters)
{
clientSigner = new TlsDssSigner();
}
else if (clientPrivateKey is ECPrivateKeyParameters)
{
clientSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.context = context;
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
{
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
DTLSContext context = new DTLSContext(client, version, handshakeInfo);
Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator randomGenerator = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
context.SecureRandom = new Org.BouncyCastle.Security.SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
}
else
{
return(signer.GenerateRawSignature(privateKey, hash));
}
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity, byte[] password)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.SRP:
this.mTlsSigner = null;
break;
case KeyExchangeAlgorithm.SRP_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.SRP_DSS:
this.mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mIdentity = identity;
this.mPassword = password;
}
public TlsDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, DHParameters dhParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.mTlsSigner = null;
break;
case KeyExchangeAlgorithm.DHE_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.DHE_DSS:
this.mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mDHParameters = dhParameters;
}
public TlsDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, DHParameters dhParameters) : base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case 3:
this.mTlsSigner = new TlsDssSigner();
goto IL_5E;
case 5:
this.mTlsSigner = new TlsRsaSigner();
goto IL_5E;
case 7:
case 9:
this.mTlsSigner = null;
goto IL_5E;
}
throw new InvalidOperationException("unsupported key exchange algorithm");
IL_5E:
this.mDHParameters = dhParameters;
}
internal TlsDHKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.tlsSigner = null;
break;
case KeyExchangeAlgorithm.DHE_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.DHE_DSS:
this.tlsSigner = new TlsDssSigner();
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.context = context;
this.keyExchange = keyExchange;
}
internal TlsSrpKeyExchange(TlsProtocolHandler handler, ICertificateVerifyer verifyer,
TlsKeyExchangeAlgorithm keyExchange)
{
switch (keyExchange)
{
case TlsKeyExchangeAlgorithm.KE_SRP:
this.tlsSigner = null;
break;
case TlsKeyExchangeAlgorithm.KE_SRP_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case TlsKeyExchangeAlgorithm.KE_SRP_DSS:
this.tlsSigner = new TlsDssSigner();
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.handler = handler;
this.verifyer = verifyer;
this.keyExchange = keyExchange;
}
public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey,
SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
if (certificate.IsEmpty)
throw new ArgumentException("cannot be empty", "clientCertificate");
if (privateKey == null)
throw new ArgumentNullException("privateKey");
if (!privateKey.IsPrivate)
throw new ArgumentException("must be private", "privateKey");
if (TlsUtilities.IsTlsV12(context) && signatureAndHashAlgorithm == null)
throw new ArgumentException("cannot be null for (D)TLS 1.2+", "signatureAndHashAlgorithm");
if (privateKey is RsaKeyParameters)
{
mSigner = new TlsRsaSigner();
}
else if (privateKey is DsaPrivateKeyParameters)
{
mSigner = new TlsDssSigner();
}
else if (privateKey is ECPrivateKeyParameters)
{
mSigner = new TlsECDsaSigner();
}
else
{
throw new ArgumentException("type not supported: " + privateKey.GetType().FullName, "privateKey");
}
this.mSigner.Init(context);
this.mContext = context;
this.mCertificate = certificate;
this.mPrivateKey = privateKey;
this.mSignatureAndHashAlgorithm = signatureAndHashAlgorithm;
}
internal TlsSrpKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange,
byte[] identity, byte[] password)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.SRP:
this.tlsSigner = null;
break;
case KeyExchangeAlgorithm.SRP_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.SRP_DSS:
this.tlsSigner = new TlsDssSigner();
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.context = context;
this.keyExchange = keyExchange;
this.identity = identity;
this.password = password;
}
public TlsDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, DHParameters dhParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case 7:
case 9:
mTlsSigner = null;
break;
case 5:
mTlsSigner = new TlsRsaSigner();
break;
case 3:
mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
mDHParameters = dhParameters;
}
internal void EnableClientAuthentication(Certificate clientCertificate,
AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.certs.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is RsaKeyParameters)
{
clientSigner = new TlsRsaSigner();
}
else if (clientPrivateKey is DsaPrivateKeyParameters)
{
clientSigner = new TlsDssSigner();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity, byte[] password)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.SRP:
this.mTlsSigner = null;
break;
case KeyExchangeAlgorithm.SRP_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.SRP_DSS:
this.mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mIdentity = identity;
this.mPassword = password;
}
public TlsDHKeyExchange(int keyExchange, global::System.Collections.IList supportedSignatureAlgorithms, DHParameters dhParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
//IL_0058: Unknown result type (might be due to invalid IL or missing references)
switch (keyExchange)
{
case 7:
case 9:
mTlsSigner = null;
break;
case 5:
mTlsSigner = new TlsRsaSigner();
break;
case 3:
mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
mDHParameters = dhParameters;
}
internal TlsECDHKeyExchange(TlsClientContext context, KeyExchangeAlgorithm keyExchange)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.ECDHE_RSA:
this.tlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.ECDHE_ECDSA:
this.tlsSigner = new TlsECDsaSigner();
break;
case KeyExchangeAlgorithm.ECDH_RSA:
case KeyExchangeAlgorithm.ECDH_ECDSA:
this.tlsSigner = null;
break;
default:
throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
}
this.context = context;
this.keyExchange = keyExchange;
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);
AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
byte[] certificateVerifyHash;
if (TlsUtilities.IsTlsV12(Context))
{
certificateVerifyHash = mPrepareFinishHash.GetFinalHash(clientCertificateVerify.Algorithm.Hash);
}
else
{
certificateVerifyHash = TlsProtocol.GetCurrentPrfHash(Context, mPrepareFinishHash, null);
}
X509CertificateStructure x509Cert = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(clientCertificateVerify.Algorithm,
clientCertificateVerify.Signature, publicKey, certificateVerifyHash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
#endif
{
if (privateKey == null && rsaKey == null)
{
throw new ArgumentException("No key or Rsa CSP provided");
}
if (privateKey == null)
{
if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
{
return(SignRsa(rsaKey, hash));
}
throw new ArgumentException("Need private key for non-RSA Algorithms");
}
if (version == null)
{
throw new ArgumentNullException(nameof(version));
}
if (handshakeInfo == null)
{
throw new ArgumentNullException(nameof(handshakeInfo));
}
if (signatureHashAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureHashAlgorithm));
}
if (hash == null)
{
throw new ArgumentNullException(nameof(hash));
}
TlsSigner signer = null;
switch (signatureHashAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
signer = new TlsRsaSigner();
break;
case TSignatureAlgorithm.DSA:
signer = new TlsDssSigner();
break;
case TSignatureAlgorithm.ECDSA:
signer = new TlsECDsaSigner();
break;
default:
break;
}
var context = new DTLSContext(client, version, handshakeInfo);
var randomGenerator = new CryptoApiRandomGenerator();
context.SecureRandom = new SecureRandom(randomGenerator);
signer.Init(context);
if (TlsUtilities.IsTlsV12(context))
{
var signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
}
else
{
return(signer.GenerateRawSignature(privateKey, hash));
}
}
internal void EnableClientAuthentication(Certificate clientCertificate,
AsymmetricKeyParameter clientPrivateKey)
{
if (clientCertificate == null)
{
throw new ArgumentNullException("clientCertificate");
}
if (clientCertificate.certs.Length == 0)
{
throw new ArgumentException("cannot be empty", "clientCertificate");
}
if (clientPrivateKey == null)
{
throw new ArgumentNullException("clientPrivateKey");
}
if (!clientPrivateKey.IsPrivate)
{
throw new ArgumentException("must be private", "clientPrivateKey");
}
if (clientPrivateKey is RsaKeyParameters)
{
clientSigner = new TlsRsaSigner();
}
else if (clientPrivateKey is DsaPrivateKeyParameters)
{
clientSigner = new TlsDssSigner();
}
else
{
throw new ArgumentException("type not supported: "
+ clientPrivateKey.GetType().FullName, "clientPrivateKey");
}
this.clientCert = clientCertificate;
this.clientPrivateKey = clientPrivateKey;
}
