protected override void ProcessAsTls1() { AsymmetricAlgorithm privKey = null; ClientContext context = (ClientContext)this.Context; privKey = context.SslStream.RaisePrivateKeySelection( context.ClientSettings.ClientCertificate, context.ClientSettings.TargetHost); if (privKey == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } else { // Compute handshake messages hash MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); // RSAManaged of the selected ClientCertificate // (at this moment the first one) RSA rsa = this.getClientCertRSA((RSA)privKey); // Write message byte[] signature = hash.CreateSignature(rsa); this.Write((short)signature.Length); this.Write(signature, 0, signature.Length); } }
protected override void ProcessAsTls1() { AsymmetricAlgorithm privKey = null; ClientContext context = (ClientContext)this.Context; privKey = context.SslStream.RaisePrivateKeySelection( context.ClientSettings.ClientCertificate, context.ClientSettings.TargetHost); if (privKey == null) { throw new TlsException(AlertDescription.UserCancelled, "Client certificate Private Key unavailable."); } else { // Compute handshake messages hash MD5SHA1 hash = new MD5SHA1(); hash.ComputeHash( context.HandshakeMessages.ToArray(), 0, (int)context.HandshakeMessages.Length); // CreateSignature uses ((RSA)privKey).DecryptValue which is not implemented // in RSACryptoServiceProvider. Other implementations likely implement DecryptValue // so we will try the CreateSignature method. byte[] signature = null; #if !MOONLIGHT if (!(privKey is RSACryptoServiceProvider)) #endif { try { signature = hash.CreateSignature((RSA)privKey); } catch (NotImplementedException) { } } // If DecryptValue is not implemented, then try to export the private // key and let the RSAManaged class do the DecryptValue if (signature == null) { // RSAManaged of the selected ClientCertificate // (at this moment the first one) RSA rsa = this.getClientCertRSA((RSA)privKey); // Write message signature = hash.CreateSignature(rsa); } this.Write((short)signature.Length); this.Write(signature, 0, signature.Length); } }
private byte[] createSignature(RSA rsa, byte[] buffer) { MD5SHA1 hash = new MD5SHA1(); // Create server params array TlsStream stream = new TlsStream(); stream.Write(this.Context.RandomCS); stream.Write(buffer, 0, buffer.Length); hash.ComputeHash(stream.ToArray()); stream.Reset(); return hash.CreateSignature(rsa); }