HandshakeType SendCertificateVerify(ref int offset) { #if NET45 || NET451 var key = new X509Certificate2(_clientCertificates[0]).PrivateKey; var keyDsa = key as DSACryptoServiceProvider; var keyRsa = key as RSACryptoServiceProvider; #else var keyRsa = new X509Certificate2(_clientCertificates[0].Export(X509ContentType.Cert)).GetRSAPrivateKey(); #endif byte[] signature = null, hash = null; #if NET45 || NET451 if (keyDsa != null) { if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.DSA))) { SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-dsa signatures"); } hash = _handshakeData.CertificateVerifyHash_SHA1.Final(); signature = keyDsa.SignHash(hash, Utils.HashNameToOID["SHA1"]); // Convert to DER var r = new byte[21]; var s = new byte[21]; Array.Reverse(signature, 0, 20); Array.Reverse(signature, 20, 20); Buffer.BlockCopy(signature, 0, r, 0, 20); Buffer.BlockCopy(signature, 20, s, 0, 20); r = new BigInteger(r).ToByteArray(); s = new BigInteger(s).ToByteArray(); Array.Reverse(r); Array.Reverse(s); signature = new byte[r.Length + s.Length + 6]; signature[0] = 0x30; // SEQUENCE signature[1] = (byte)(signature.Length - 2); signature[2] = 0x02; // INTEGER signature[3] = (byte)r.Length; Buffer.BlockCopy(r, 0, signature, 4, r.Length); signature[4 + r.Length] = 0x02; // INTEGER signature[4 + r.Length + 1] = (byte)s.Length; Buffer.BlockCopy(s, 0, signature, 4 + r.Length + 2, s.Length); if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2) { _buf[offset++] = (byte)TLSHashAlgorithm.SHA1; _buf[offset++] = (byte)SignatureAlgorithm.DSA; } } else #endif if (keyRsa != null) { if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.RSA))) { SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-rsa signatures"); } hash = _handshakeData.CertificateVerifyHash_SHA1.Final(); byte[] md5Hash = null; if (_handshakeData.CertificateVerifyHash_MD5 != null) { md5Hash = _handshakeData.CertificateVerifyHash_MD5.Final(); } // NOTE: It seems problematic to support other hash algorithms than SHA1 since the PrivateKey included in the certificate // often uses an old Crypto Service Provider (Microsoft Base Cryptographic Provider v1.0) instead of Microsoft Enhanced RSA and AES Cryptographic Provider. // The following out-commented code might work to change CSP. //var csp = new RSACryptoServiceProvider().CspKeyContainerInfo; //keyRsa = new RSACryptoServiceProvider(new CspParameters(csp.ProviderType, csp.ProviderName, keyRsa.CspKeyContainerInfo.KeyContainerName)); // TLS 1.0 and 1.1, export private key and calculate md5-sha1 hash and sign manually if (_pendingConnState.TlsVersion != TlsVersion.TLSv1_2) { var fullHash = new byte[36]; Buffer.BlockCopy(md5Hash, 0, fullHash, 0, 16); Buffer.BlockCopy(hash, 0, fullHash, 16, 20); signature = RsaPKCS1.SignRsaPKCS1(keyRsa, fullHash); // BigIntegers have no Dispose/Clear methods, but they contain sensitive data, so force a garbage collection to remove the data. GC.Collect(GC.MaxGeneration, GCCollectionMode.Forced, false); } else { #if NET45 || NET451 signature = keyRsa.SignHash(hash, Utils.HashNameToOID["SHA1"]); #else signature = keyRsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); #endif if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2) { _buf[offset++] = (byte)TLSHashAlgorithm.SHA1; _buf[offset++] = (byte)SignatureAlgorithm.RSA; } } } else { SendAlertFatal(AlertDescription.HandshakeFailure); } _handshakeData.CertificateVerifyHash_SHA1.Dispose(); _handshakeData.CertificateVerifyHash_SHA1 = null; if (_handshakeData.CertificateVerifyHash_MD5 != null) { _handshakeData.CertificateVerifyHash_MD5.Dispose(); _handshakeData.CertificateVerifyHash_MD5 = null; } #if NET45 || NET451 key.Dispose(); #endif offset += Utils.WriteUInt16(_buf, offset, (ushort)signature.Length); Buffer.BlockCopy(signature, 0, _buf, offset, signature.Length); offset += signature.Length; return HandshakeType.CertificateVerify; }