|
public ImportParameters ( |
||
| parameters | ||
| return | void | |
public override void GenerateClient (TlsContext ctx)
{
// Compute pre master secret
using (var preMasterSecret = ctx.Session.GetSecureRandomBytes (48)) {
preMasterSecret.Buffer [0] = (byte)((short)ctx.Configuration.RequestedProtocol >> 8);
preMasterSecret.Buffer [1] = (byte)ctx.Configuration.RequestedProtocol;
RSA rsa = null;
// Create a new RSA key
var serverCertificates = ctx.Session.PendingCrypto.ServerCertificates;
if (serverCertificates == null || serverCertificates.Count == 0) {
// FIXME: Should have received ServerKeyExchange message.
throw new TlsException (AlertDescription.IlegalParameter);
} else {
rsa = new RSAManaged (serverCertificates [0].RSA.KeySize);
rsa.ImportParameters (serverCertificates [0].RSA.ExportParameters (false));
}
ComputeMasterSecret (ctx, preMasterSecret);
// Encrypt premaster_sercret
var formatter = new RSAPKCS1KeyExchangeFormatter (rsa);
encryptedPreMasterSecret = formatter.CreateKeyExchange (preMasterSecret.Buffer);
rsa.Clear ();
}
}
protected override void ProcessAsSsl3()
{
// Compute pre master secret
byte[] preMasterSecret = this.Context.Cipher.CreatePremasterSecret();
// Create a new RSA key
RSA rsa = null;
if (this.Context.ServerSettings.ServerKeyExchange)
{
// this is the case for "exportable" ciphers
rsa = new RSAManaged ();
rsa.ImportParameters (this.Context.ServerSettings.RsaParameters);
}
else
{
rsa = this.Context.ServerSettings.CertificateRSA;
}
// Encrypt premaster_sercret
RSAPKCS1KeyExchangeFormatter formatter = new RSAPKCS1KeyExchangeFormatter(rsa);
// Write the preMasterSecret encrypted
byte[] buffer = formatter.CreateKeyExchange(preMasterSecret);
this.Write(buffer);
// Create master secret
this.Context.Cipher.ComputeMasterSecret(preMasterSecret);
// Create keys
this.Context.Cipher.ComputeKeys();
// Clear resources
rsa.Clear();
}
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
// SEQUENCE {
// INTEGER 1
if (cs.Version != 1)
return false;
// SEQUENCE {
// SEQUENCE {
string contentType = null;
ASN1 messageDigest = null;
for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) {
// SEQUENCE {
// OBJECT IDENTIFIER
ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid) {
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.2.840.113549.1.9.5":
// SEQUENCE {
// OBJECT IDENTIFIER
// signingTime (1 2 840 113549 1 9 5)
// SET {
// UTCTime '030124013651Z'
// }
// }
timestamp = ASN1Convert.ToDateTime (attr[1][0]);
break;
default:
break;
}
}
if (contentType != PKCS7.Oid.data)
return false;
// verify message digest
if (messageDigest == null)
return false;
// TODO: must be read from the ASN.1 structure
string hashName = null;
switch (messageDigest.Length) {
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm ha = HashAlgorithm.Create (hashName);
if (!messageDigest.CompareValue (ha.ComputeHash (signature)))
return false;
// verify signature
byte[] counterSignature = cs.Signature;
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in cs.AuthenticatedAttributes)
aa.Add (a);
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
// we need to try all certificates
string issuer = cs.IssuerName;
byte[] serial = cs.SerialNumber;
foreach (X509Certificate x509 in coll) {
if (CompareIssuerSerial (issuer, serial, x509)) {
if (x509.PublicKey.Length > counterSignature.Length) {
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
// we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service
// and this means copying stuff into our own RSAManaged to get the required flexibility
RSAManaged rsam = new RSAManaged ();
rsam.ImportParameters (rsa.ExportParameters (false));
if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) {
timestampChain.LoadCertificates (coll);
return (timestampChain.Build (x509));
}
}
}
}
// no certificate can verify this signature!
return false;
}
private RSA getClientCertRSA(RSA privKey)
{
RSAParameters rsaParams = new RSAParameters();
RSAParameters privateParams = privKey.ExportParameters(true);
// for RSA m_publickey contains 2 ASN.1 integers
// the modulus and the public exponent
ASN1 pubkey = new ASN1 (this.Context.ClientSettings.Certificates[0].GetPublicKey());
ASN1 modulus = pubkey [0];
if ((modulus == null) || (modulus.Tag != 0x02))
{
return null;
}
ASN1 exponent = pubkey [1];
if (exponent.Tag != 0x02)
{
return null;
}
rsaParams.Modulus = this.getUnsignedBigInteger(modulus.Value);
rsaParams.Exponent = exponent.Value;
// Set private key parameters
rsaParams.D = privateParams.D;
rsaParams.DP = privateParams.DP;
rsaParams.DQ = privateParams.DQ;
rsaParams.InverseQ = privateParams.InverseQ;
rsaParams.P = privateParams.P;
rsaParams.Q = privateParams.Q;
// BUG: MS BCL 1.0 can't import a key which
// isn't the same size as the one present in
// the container.
int keySize = (rsaParams.Modulus.Length << 3);
RSAManaged rsa = new RSAManaged(keySize);
rsa.ImportParameters (rsaParams);
return (RSA)rsa;
}
public void Bug18482 ()
{
RSAManaged privateRsa = new RSAManaged ();
privateRsa.FromXmlString (MonoXml384);
var rsaParameters = privateRsa.ExportParameters (false);
RSAManaged publicRsa = new RSAManaged ();
//Generates a key pair with private key values
publicRsa.ExportParameters (false);
//Sets public key values and should reset private key values
publicRsa.ImportParameters (rsaParameters);
//Should export valid parameters without throwing an exception.
publicRsa.ExportParameters (false);
}
private void EncryptDecrypt (string msg, RSAManaged rsa)
{
RSAParameters param = rsa.ExportParameters (false);
byte[] data = { 0xFF, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 };
// we don't need the private key to encrypt
RSAManaged pubkey = new RSAManaged ();
pubkey.ImportParameters (param);
byte[] enc = pubkey.EncryptValue (data);
byte[] dec = rsa.DecryptValue (enc);
// note: the decrypted value is now right padded with zeros
Assert.IsTrue (BitConverter.ToString (dec).EndsWith (BitConverter.ToString (data)), msg);
}
private void EncryptDecrypt (string msg, RSAManaged rsa)
{
RSAParameters param = rsa.ExportParameters (false);
byte[] data = { 0xFF, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 };
// we don't need the private key to encrypt
RSAManaged pubkey = new RSAManaged ();
pubkey.ImportParameters (param);
byte[] enc = pubkey.EncryptValue (data);
byte[] dec = rsa.DecryptValue (enc);
Assert.AreEqual (BitConverter.ToString (data), BitConverter.ToString (dec), msg);
}
