public HandshakeHash() { hashes = new IHashAlgorithm [6]; hashes [0] = new MSC.MD5SHA1(); hashes [1] = new MSC.SHA1CryptoServiceProvider(); hashes [2] = new MSC.SHA224Managed(); hashes [3] = new MSC.SHA256Managed(); hashes [4] = new MSC.SHA384Managed(); hashes [5] = new MSC.SHA512Managed(); }
public HandshakeHash () { hashes = new IHashAlgorithm [6]; hashes [0] = new MSC.MD5SHA1 (); hashes [1] = new MSC.SHA1CryptoServiceProvider (); hashes [2] = new MSC.SHA224Managed (); hashes [3] = new MSC.SHA256Managed (); hashes [4] = new MSC.SHA384Managed (); hashes [5] = new MSC.SHA512Managed (); }
protected override void ProcessAsTls1() { // Compute handshake messages hash HashAlgorithm hash = new MD5SHA1(); byte[] data = this.Context.HandshakeMessages.ToArray (); byte[] digest = hash.ComputeHash (data, 0, data.Length); // Write message this.Write(this.Context.Current.Cipher.PRF( this.Context.MasterSecret, "server finished", digest, 12)); }
protected override void ProcessAsTls1() { // Compute handshake messages hash HashAlgorithm hash = new MD5SHA1(); hash.ComputeHash( this.Context.HandshakeMessages.ToArray(), 0, (int)this.Context.HandshakeMessages.Length); // Write message Write(this.Context.Cipher.PRF(this.Context.MasterSecret, "client finished", hash.Hash, 12)); }
protected override void ProcessAsTls1() { // Compute handshake messages hash HashAlgorithm hash = new MD5SHA1(); // note: we could call HashAlgorithm.ComputeHash(Stream) but that would allocate (on Mono) // a 4096 bytes buffer to process the hash - which is bigger than HandshakeMessages byte[] data = this.Context.HandshakeMessages.ToArray (); byte[] digest = hash.ComputeHash (data, 0, data.Length); // Write message Write(this.Context.Write.Cipher.PRF(this.Context.MasterSecret, "client finished", digest, 12)); }
protected override void ProcessAsTls1() { byte[] clientPRF = this.ReadBytes((int)this.Length); HashAlgorithm hash = new MD5SHA1(); byte[] data = this.Context.HandshakeMessages.ToArray (); byte[] digest = hash.ComputeHash (data, 0, data.Length); byte[] serverPRF = this.Context.Current.Cipher.PRF( this.Context.MasterSecret, "client finished", digest, 12); // Check client prf against server prf if (!Compare (clientPRF, serverPRF)) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
protected override void ProcessAsTls1() { ServerContext context = (ServerContext)this.Context; int length = this.ReadInt16 (); byte[] signature = this.ReadBytes (length); // Verify signature MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); if (!hash.VerifySignature(context.ClientSettings.CertificateRSA, signature)) { throw new TlsException (AlertDescription.HandshakeFailiure, "Handshake Failure."); } }
protected override void ProcessAsTls1() { byte[] serverPRF = this.ReadBytes((int)Length); HashAlgorithm hash = new MD5SHA1(); // note: we could call HashAlgorithm.ComputeHash(Stream) but that would allocate (on Mono) // a 4096 bytes buffer to process the hash - which is bigger than HandshakeMessages byte[] data = this.Context.HandshakeMessages.ToArray (); byte[] digest = hash.ComputeHash (data, 0, data.Length); byte[] clientPRF = this.Context.Current.Cipher.PRF(this.Context.MasterSecret, "server finished", digest, 12); // Check server prf against client prf if (!Compare (clientPRF, serverPRF)) { throw new TlsException("Invalid ServerFinished message received."); } }
protected override void ProcessAsTls1() { byte[] clientPRF = this.ReadBytes((int)this.Length); HashAlgorithm hash = new MD5SHA1(); bool decryptError = false; hash.ComputeHash( this.Context.HandshakeMessages.ToArray(), 0, (int)this.Context.HandshakeMessages.Length); byte[] serverPRF = this.Context.Cipher.PRF( this.Context.MasterSecret, "client finished", hash.Hash, 12); // Check client prf against server prf if (clientPRF.Length != serverPRF.Length) { decryptError = true; } else { for (int i = 0; i < serverPRF.Length; i++) { if (clientPRF[i] != serverPRF[i]) { decryptError = true; break; } } } if (decryptError) { throw new TlsException(AlertDescription.DecryptError, "Decrypt error."); } }
protected override void ProcessAsTls1() { AsymmetricAlgorithm privKey = null; ClientContext context = (ClientContext)this.Context; privKey = context.SslStream.RaisePrivateKeySelection( context.ClientSettings.ClientCertificate, context.ClientSettings.TargetHost); if (privKey == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } else { // Compute handshake messages hash MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); // CreateSignature uses ((RSA)privKey).DecryptValue which is not implemented // in RSACryptoServiceProvider. Other implementations likely implement DecryptValue // so we will try the CreateSignature method. byte[] signature = null; #if !MOONLIGHT if (!(privKey is RSACryptoServiceProvider)) #endif { try { signature = hash.CreateSignature((RSA)privKey); } catch (NotImplementedException) { } } // If DecryptValue is not implemented, then try to export the private // key and let the RSAManaged class do the DecryptValue if (signature == null) { // RSAManaged of the selected ClientCertificate // (at this moment the first one) RSA rsa = this.getClientCertRSA((RSA)privKey); // Write message signature = hash.CreateSignature(rsa); } this.Write((short)signature.Length); this.Write(signature, 0, signature.Length); } }
private void verifySignature() { MD5SHA1 hash = new MD5SHA1(); // Calculate size of server params int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4; // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(this.ToArray(), 0, size); hash.ComputeHash(stream.ToArray()); stream.Reset(); bool isValidSignature = hash.VerifySignature( this.Context.ServerSettings.CertificateRSA, this.signedParams); if (!isValidSignature) { throw new TlsException( AlertDescription.DecodeError, "Data was not signed with the server certificate."); } }
protected override void ProcessAsTls1() { AsymmetricAlgorithm privKey = null; ClientContext context = (ClientContext)this.Context; privKey = context.SslStream.RaisePrivateKeySelection( context.ClientSettings.ClientCertificate, context.ClientSettings.TargetHost); if (privKey == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } else { // Compute handshake messages hash MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); // RSAManaged of the selected ClientCertificate // (at this moment the first one) RSA rsa = this.getClientCertRSA((RSA)privKey); // Write message byte[] signature = hash.CreateSignature(rsa); this.Write((short)signature.Length); this.Write(signature, 0, signature.Length); } }
protected override void ProcessAsTls1() { byte[] serverPRF = this.ReadBytes((int)Length); HashAlgorithm hash = new MD5SHA1(); hash.ComputeHash( this.Context.HandshakeMessages.ToArray(), 0, (int)this.Context.HandshakeMessages.Length); byte[] clientPRF = this.Context.Cipher.PRF(this.Context.MasterSecret, "server finished", hash.Hash, 12); // Check server prf against client prf if (clientPRF.Length != serverPRF.Length) { throw new TlsException("Invalid ServerFinished message received."); } for (int i = 0; i < serverPRF.Length; i++) { if (clientPRF[i] != serverPRF[i]) { throw new TlsException(AlertDescription.InsuficientSecurity, "Invalid ServerFinished message received."); } } }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 hash = new MD5SHA1(); // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(buffer, 0, buffer.Length); hash.ComputeHash(stream.ToArray()); stream.Reset(); return hash.CreateSignature(rsa); }