コード例 #1
0
        public override byte[] SignData(byte[] buffer, HashAlgorithm hashAlgorithm, CertificatePrivateKey privateKey)
        {
            if (!(privateKey.Algorithm is ECDsaCng)) {
                throw new Exception("ECDSA signature requires ECDSA private key");
            }

            ECDsaCng ecdsaKey = (ECDsaCng) privateKey.Algorithm;
            ecdsaKey.HashAlgorithm = GetCngAlgorithm(hashAlgorithm);

            byte[] signature = ecdsaKey.SignData(buffer);
            signature = DEREncodeSignature(signature);
            return signature;
        }
コード例 #2
0
        public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data)
        {
            if (data[0] != data.Length-1) {
                throw new Exception("Incorrect ECPoint length");
            }

            // Exctract the ECPoint
            byte[] ecPoint = new byte[data.Length-1];
            Buffer.BlockCopy(data, 1, ecPoint, 0, ecPoint.Length);

            // Create key blob and public key
            byte[] keyBlob = Point2Blob(ecPoint);
            _publicKey = ECDiffieHellmanCngPublicKey.FromByteArray(keyBlob, CngKeyBlobFormat.EccPublicBlob);
        }
コード例 #3
0
        public override byte[] SignData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePrivateKey privateKey)
        {
            if (hashAlgorithm != null && !(hashAlgorithm is SHA1)) {
                throw new Exception("DSA signature requires SHA1 hash algorithm");
            }
            if (!(privateKey.Algorithm is DSACryptoServiceProvider)) {
                throw new Exception("DSA signature requires DSA private key");
            }

            DSACryptoServiceProvider dsaKey = (DSACryptoServiceProvider) privateKey.Algorithm;
            if (dsaKey.PublicOnly) {
                throw new Exception("DSA private key required for signing");
            }

            return DEREncodeSignature(dsaKey.SignData(data));
        }
コード例 #4
0
 public CertificatePrivateKey GetPrivateKey(byte[] keyData)
 {
     foreach (CipherSuitePlugin plugin in _plugins)
     {
         string[] signatureIDs = plugin.SupportedSignatureAlgorithms;
         foreach (string id in signatureIDs)
         {
             SignatureAlgorithm    signatureAlgorithm = plugin.GetSignatureAlgorithm(id);
             CertificatePrivateKey privateKey         = signatureAlgorithm.ImportPrivateKey(keyData);
             if (privateKey != null)
             {
                 return(privateKey);
             }
         }
     }
     return(null);
 }
コード例 #5
0
 public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data)
 {
     throw new Exception("Client keys received in null key exchange");
 }
コード例 #6
0
 public override byte[] SignData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePrivateKey privateKey)
 {
     return(new byte[0]);
 }
コード例 #7
0
 public abstract void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data);
コード例 #8
0
        protected byte[] GenerateSignature(CertificatePrivateKey privateKey, byte[] data)
        {
            // This array contains our results
            byte[] signedParams = new byte[0];
            byte[] temp;

            // Get the corresponding signer for private key
            SignatureAlgorithm sigAlg = _pluginManager.GetSignatureAlgorithmByOid(privateKey.Oid);
            if (sigAlg == null) {
                throw new AlertException(AlertDescription.IllegalParameter,
                                         "Signer for given private key not found");
            }

            // Select hash algorithm, null means SSLv3/TLSv1 hash
            HashAlgorithm hashAlgorithm = null;
            if (_version.HasSelectableSighash) {
                // FIXME: Not checked to be same as negotiated, but SHA-1 should be safe
                byte hashAlgorithmType = 2; // SHA-1
                byte signAlgorithmType = sigAlg.SignatureAlgorithmType;
                hashAlgorithm = GetSignatureHashAlgorithm(sigAlg, hashAlgorithmType);

                // Update signed parameters
                temp = new byte[signedParams.Length + 2];
                Buffer.BlockCopy(signedParams, 0, temp, 0, signedParams.Length);
                temp[signedParams.Length]   = hashAlgorithmType;
                temp[signedParams.Length+1] = signAlgorithmType;
                signedParams = temp;
            }

            // Sign the actual data
            byte[] signature = sigAlg.SignData(_version, data, hashAlgorithm, privateKey);

            // Add signature to the end of the signedParams
            temp = new byte[signedParams.Length + 2 + signature.Length];
            Buffer.BlockCopy(signedParams, 0, temp, 0, signedParams.Length);
            temp[signedParams.Length]   = (byte) (signature.Length >> 8);
            temp[signedParams.Length+1] = (byte) (signature.Length);
            Buffer.BlockCopy(signature, 0, temp, signedParams.Length+2, signature.Length);
            signedParams = temp;

            return signedParams;
        }
コード例 #9
0
        public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data)
        {
            if (!(privateKey.Algorithm is RSACryptoServiceProvider)) {
                throw new CryptographicException("RSA key exchange requires RSA private key");
            }
            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)privateKey.Algorithm;

            try {
                // TLS 1.0 and later require a useless vector length
                if (version != ProtocolVersion.SSL3_0) {
                    if (((data[0] << 8) | data[1]) != data.Length-2) {
                        throw new Exception("Client key exchange vector length incorrect");
                    }

                    // Remove vector length from the data bytes
                    byte[] tmpArray = new byte[data.Length-2];
                    Buffer.BlockCopy(data, 2, tmpArray, 0, tmpArray.Length);
                    data = tmpArray;
                }

                data = rsa.Decrypt(data, false);
                if (data.Length != 48) {
                    throw new Exception("Invalid premaster secret length");
                }
                if (data[0] != clientVersion.Major || data[1] != clientVersion.Minor) {
                    throw new Exception("RSA client key version mismatch");
                }
                _preMasterSecret = data;
            } catch (Exception) {
                // Randomize the pre-master secret in case of an error
                RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
                _preMasterSecret = new byte[48];
                rngCsp.GetBytes(_preMasterSecret);
            }
        }
コード例 #10
0
 public override void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data)
 {
     throw new Exception("Client keys received in null key exchange");
 }
コード例 #11
0
 // WARNING: these are called with null hash algorithm for SSL 3.0, TLS 1.0 and TLS 1.1
 public abstract byte[] SignData(ProtocolVersion version, byte[] data, HashAlgorithm hashAlgorithm, CertificatePrivateKey privateKey);
コード例 #12
0
 public abstract void ProcessClientKeys(ProtocolVersion version, ProtocolVersion clientVersion, CertificatePrivateKey privateKey, byte[] data);