protected void Setup(PeerSecAssociation sa1, PeerSecAssociation sa2)
{
sa1.Reset();
sa2.Reset();
sa1.RDHE.Value = sa2.LDHE;
sa2.RDHE.Value = sa1.LDHE;
Random rand = new Random();
byte[] b = new byte[128];
rand.NextBytes(b);
MemBlock mb = MemBlock.Reference(b);
sa1.DHEWithCertificateAndCAsOutHash.Value = mb;
sa1.VerifyResponse(mb);
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sa2.DHEWithCertificateHash.Value = mb;
sa2.VerifyRequest(mb);
sa1.Enable();
sa2.Enable();
// This is just for kicks
sa1.Enable();
}
/// <summary>3b) Receive a Confirm, verify the entire stack and send a Confirm
/// 4a)Receive a Confirm, verify the entire stack and all set to go</summary>
/// <param name="sa">A security association that we wish to perform the
/// specified control operation on.</param>
/// <param name="scm">The received SecurityControlMessage.</param>
/// <param name="scm_reply">A prepared reply message (with headers and such.</param>
/// <param name="return_path">Where to send the result.</param>
/// <param name="low_level_sender">We expect the return_path to not be an edge or
/// some other type of "low level" sender, so this contains the parsed out value.</param>
protected void HandleControlConfirm(PeerSecAssociation sa,
SecurityControlMessage scm, SecurityControlMessage scm_reply,
ISender return_path, ISender low_level_sender)
{
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received Confirm from: " + low_level_sender);
if (sa == null)
{
throw new Exception("No valid SA!");
}
HashAlgorithm sha1 = new SHA1CryptoServiceProvider();
scm.Verify((RSACryptoServiceProvider)sa.RemoteCertificate.RSA, sha1);
if (return_path == low_level_sender)
{
sa.VerifyResponse(scm.Hash);
}
else
{
sa.VerifyRequest(scm.Hash);
scm_reply.LocalCookie = scm.RemoteCookie;
scm_reply.RemoteCookie = scm.LocalCookie;
scm_reply.Hash = sa.DHEWithCertificateAndCAsInHash.Value;
scm_reply.Type = SecurityControlMessage.MessageType.Confirm;
lock (_private_key_lock) {
scm_reply.Sign(_private_key, sha1);
}
ICopyable to_send = new CopyList(SecureControl, scm_reply.Packet);
return_path.Send(to_send);
}
sa.Enable();
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful Confirm from: " + low_level_sender);
}
/// <summary>3b) Receive a Confirm, verify the entire stack and send a Confirm
/// 4a)Receive a Confirm, verify the entire stack and all set to go</summary>
/// <param name="sa">A security association that we wish to perform the
/// specified control operation on.</param>
/// <param name="scm">The received SecurityControlMessage.</param>
/// <param name="scm_reply">A prepared reply message (with headers and such.</param>
/// <param name="return_path">Where to send the result.</param>
/// <param name="low_level_sender">We expect the return_path to not be an edge or
/// some other type of "low level" sender, so this contains the parsed out value.</param>
protected void HandleControlConfirm(PeerSecAssociation sa,
SecurityControlMessage scm, SecurityControlMessage scm_reply,
ISender return_path, ISender low_level_sender)
{
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Received Confirm from: " + low_level_sender);
if(sa == null) {
throw new Exception("No valid SA!");
}
HashAlgorithm sha1 = new SHA1CryptoServiceProvider();
scm.Verify((RSACryptoServiceProvider) sa.RemoteCertificate.RSA, sha1);
if(return_path == low_level_sender) {
sa.VerifyResponse(scm.Hash);
} else {
sa.VerifyRequest(scm.Hash);
scm_reply.LocalCookie = scm.RemoteCookie;
scm_reply.RemoteCookie = scm.LocalCookie;
scm_reply.Hash = sa.DHEWithCertificateAndCAsInHash.Value;
scm_reply.Type = SecurityControlMessage.MessageType.Confirm;
lock(_private_key_lock) {
scm_reply.Sign(_private_key, sha1);
}
ICopyable to_send = new CopyList(SecureControl, scm_reply.Packet);
return_path.Send(to_send);
}
sa.Enable();
ProtocolLog.WriteIf(ProtocolLog.Security, GetHashCode() + " Successful Confirm from: " + low_level_sender);
}
protected void Setup(PeerSecAssociation sa1, PeerSecAssociation sa2) {
sa1.Reset();
sa2.Reset();
sa1.RDHE.Value = sa2.LDHE;
sa2.RDHE.Value = sa1.LDHE;
Random rand = new Random();
byte[] b = new byte[128];
rand.NextBytes(b);
MemBlock mb = MemBlock.Reference(b);
sa1.DHEWithCertificateAndCAsOutHash.Value = mb;
sa1.VerifyResponse(mb);
b = new byte[128];
rand.NextBytes(b);
mb = MemBlock.Reference(b);
sa2.DHEWithCertificateHash.Value = mb;
sa2.VerifyRequest(mb);
sa1.Enable();
sa2.Enable();
// This is just for kicks
sa1.Enable();
}
