public SecureChannelHandshakeAuthentication(SecureChannelHandshakeKeyExchange keyExchange, SecureChannelHandshakeHello serverHello, SecureChannelHandshakeHello clientHello, BinaryNumber userId, byte[] privateKey)
            : base(SecureChannelCode.None)
        {
            _userId = userId;

            switch (serverHello.SupportedCiphers)
            {
            case SecureChannelCipherSuite.DHE2048_RSA2048_WITH_AES256_CBC_HMAC_SHA256:
            case SecureChannelCipherSuite.ECDHE256_RSA2048_WITH_AES256_CBC_HMAC_SHA256:
                using (RSA rsa = RSA.Create())
                {
                    RSAParameters rsaPrivateKey = DEREncoding.DecodeRSAPrivateKey(privateKey);
                    rsa.ImportParameters(rsaPrivateKey);

                    if (rsa.KeySize != 2048)
                    {
                        throw new SecureChannelException(SecureChannelCode.PeerAuthenticationFailed, null, _userId, "RSA key size is not valid for selected crypto option: " + serverHello.SupportedCiphers.ToString());
                    }

                    _publicKey = DEREncoding.EncodeRSAPublicKey(rsaPrivateKey);

                    if (!SecureChannelStream.IsUserIdValid(_publicKey, _userId))
                    {
                        throw new SecureChannelException(SecureChannelCode.PeerAuthenticationFailed, null, _userId, "UserId does not match with public key.");
                    }

                    using (MemoryStream mS = new MemoryStream())
                    {
                        mS.Write(keyExchange.EphemeralPublicKey);
                        mS.Write(serverHello.Nonce.Value);
                        mS.Write(clientHello.Nonce.Value);
                        mS.Position = 0;

                        _signature = rsa.SignData(mS, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                    }
                }
                break;

            default:
                throw new SecureChannelException(SecureChannelCode.NoMatchingCipherAvailable, null, null);
            }
        }
Exemplo n.º 2
0
 public static byte[] GetPublicKeyFromPrivateKey(byte[] privateKey)
 {
     return(DEREncoding.EncodeRSAPublicKey(DEREncoding.DecodeRSAPrivateKey(privateKey)));
 }