public override byte[] GenerateServerKeyExchange() { if (this.mDHParameters == null) throw new TlsFatalAlert(AlertDescription.internal_error); DigestInputBuffer buf = new DigestInputBuffer(); this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return buf.ToArray(); }
public override byte[] GenerateServerKeyExchange() { DigestInputBuffer buf = new DigestInputBuffer(); this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return buf.ToArray(); }
protected virtual void SendCertificateVerifyMessage(DigitallySigned certificateVerify) { HandshakeMessage handshakeMessage = new HandshakeMessage(15); certificateVerify.Encode((Stream)(object)handshakeMessage); handshakeMessage.WriteToRecordStream(this); }
public override byte[] GenerateServerKeyExchange() { DigestInputBuffer buf = new DigestInputBuffer(); this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }
protected virtual byte[] GenerateCertificateVerify(DtlsClientProtocol.ClientHandshakeState state, DigitallySigned certificateVerify) { MemoryStream memoryStream = new MemoryStream(); certificateVerify.Encode(memoryStream); return(memoryStream.ToArray()); }
protected virtual byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify) { MemoryStream buf = new MemoryStream(); certificateVerify.Encode(buf); return(buf.ToArray()); }
protected virtual void SendCertificateVerifyMessage(DigitallySigned certificateVerify) { HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate_verify); certificateVerify.Encode(message); message.WriteToRecordStream(this); }
protected virtual byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify) { //IL_0000: Unknown result type (might be due to invalid IL or missing references) //IL_0006: Expected O, but got Unknown MemoryStream val = new MemoryStream(); certificateVerify.Encode((Stream)(object)val); return(val.ToArray()); }
public override byte[] GenerateServerKeyExchange() { if (this.mDHParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } DigestInputBuffer buf = new DigestInputBuffer(); this.mDHAgreeServerPrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(context.SecureRandom, this.mDHParameters, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm; IDigest d; if (TlsUtilities.IsTlsV12(context)) { signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm; if (signatureAndHashAlgorithm == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash); } else { signatureAndHashAlgorithm = null; d = new CombinedHash(); } SecurityParameters securityParameters = context.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }
public override byte[] GenerateServerKeyExchange() { DigestInputBuffer digestInputBuffer = new DigestInputBuffer(); mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, (Stream)(object)digestInputBuffer); SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials); IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); digestInputBuffer.UpdateDigest(digest); byte[] hash = DigestUtilities.DoFinal(digest); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature); digitallySigned.Encode((Stream)(object)digestInputBuffer); return(((MemoryStream)digestInputBuffer).ToArray()); }
public override byte[] GenerateServerKeyExchange() { if (mDHParameters == null) { throw new TlsFatalAlert(80); } DigestInputBuffer digestInputBuffer = new DigestInputBuffer(); mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mDHParameters, digestInputBuffer); SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials); IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); digestInputBuffer.UpdateDigest(digest); byte[] hash = DigestUtilities.DoFinal(digest); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature); digitallySigned.Encode(digestInputBuffer); return(digestInputBuffer.ToArray()); }
public override byte[] GenerateServerKeyExchange() { mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom); BigInteger B = mSrpServer.GenerateServerCredentials(); ServerSrpParams srpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, B); DigestInputBuffer buf = new DigestInputBuffer(); srpParams.Encode(buf); if (mServerCredentials != null) { /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = new byte[d.GetDigestSize()]; d.DoFinal(hash, 0); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); } return(buf.ToArray()); }
public override byte[] GenerateServerKeyExchange() { mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(2), mContext.SecureRandom); BigInteger b = mSrpServer.GenerateServerCredentials(); ServerSrpParams serverSrpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, b); DigestInputBuffer digestInputBuffer = new DigestInputBuffer(); serverSrpParams.Encode((Stream)(object)digestInputBuffer); if (mServerCredentials != null) { SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials); IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); digestInputBuffer.UpdateDigest(digest); byte[] array = new byte[digest.GetDigestSize()]; digest.DoFinal(array, 0); byte[] signature = mServerCredentials.GenerateCertificateSignature(array); DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature); digitallySigned.Encode((Stream)(object)digestInputBuffer); } return(((MemoryStream)digestInputBuffer).ToArray()); }
protected virtual byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify) { MemoryStream buf = new MemoryStream(); certificateVerify.Encode(buf); return buf.ToArray(); }
public override byte[] GenerateServerKeyExchange() { /* * First we try to find a supported named curve from the client's list. */ int namedCurve = -1; if (mNamedCurves == null) { // TODO Let the peer choose the default named curve namedCurve = NamedCurve.secp256r1; } else { for (int i = 0; i < mNamedCurves.Length; ++i) { int entry = mNamedCurves[i]; if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry)) { namedCurve = entry; break; } } } ECDomainParameters curve_params = null; if (namedCurve >= 0) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(namedCurve); } else { /* * If no named curves are suitable, check if the client supports explicit curves. */ if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_prime_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1); } else if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_char2_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1); } } if (curve_params == null) { /* * NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find * a suitable curve. */ throw new TlsFatalAlert(AlertDescription.internal_error); } AsymmetricCipherKeyPair kp = TlsEccUtilities.GenerateECKeyPair(context.SecureRandom, curve_params); this.mECAgreePrivateKey = (ECPrivateKeyParameters)kp.Private; DigestInputBuffer buf = new DigestInputBuffer(); if (namedCurve < 0) { TlsEccUtilities.WriteExplicitECParameters(mClientECPointFormats, curve_params, buf); } else { TlsEccUtilities.WriteNamedECParameters(namedCurve, buf); } ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)kp.Public; TlsEccUtilities.WriteECPoint(mClientECPointFormats, ecPublicKey.Q, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm; IDigest d; if (TlsUtilities.IsTlsV12(context)) { signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm; if (signatureAndHashAlgorithm == null) throw new TlsFatalAlert(AlertDescription.internal_error); d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash); } else { signatureAndHashAlgorithm = null; d = new CombinedHash(); } SecurityParameters securityParameters = context.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return buf.ToArray(); }
public override byte[] GenerateServerKeyExchange() { /* * First we try to find a supported named curve from the client's list. */ int namedCurve = -1; if (mNamedCurves == null) { // TODO Let the peer choose the default named curve namedCurve = NamedCurve.secp256r1; } else { for (int i = 0; i < mNamedCurves.Length; ++i) { int entry = mNamedCurves[i]; if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry)) { namedCurve = entry; break; } } } ECDomainParameters curve_params = null; if (namedCurve >= 0) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(namedCurve); } else { /* * If no named curves are suitable, check if the client supports explicit curves. */ if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_prime_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1); } else if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_char2_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1); } } if (curve_params == null) { /* * NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find * a suitable curve. */ throw new TlsFatalAlert(AlertDescription.internal_error); } AsymmetricCipherKeyPair kp = TlsEccUtilities.GenerateECKeyPair(context.SecureRandom, curve_params); this.mECAgreePrivateKey = (ECPrivateKeyParameters)kp.Private; DigestInputBuffer buf = new DigestInputBuffer(); if (namedCurve < 0) { TlsEccUtilities.WriteExplicitECParameters(mClientECPointFormats, curve_params, buf); } else { TlsEccUtilities.WriteNamedECParameters(namedCurve, buf); } ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)kp.Public; TlsEccUtilities.WriteECPoint(mClientECPointFormats, ecPublicKey.Q, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm; IDigest d; if (TlsUtilities.IsTlsV12(context)) { signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm; if (signatureAndHashAlgorithm == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash); } else { signatureAndHashAlgorithm = null; d = new CombinedHash(); } SecurityParameters securityParameters = context.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }
public override byte[] GenerateServerKeyExchange() { mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom); BigInteger B = mSrpServer.GenerateServerCredentials(); ServerSrpParams srpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, B); DigestInputBuffer buf = new DigestInputBuffer(); srpParams.Encode(buf); if (mServerCredentials != null) { /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = new byte[d.GetDigestSize()]; d.DoFinal(hash, 0); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); } return buf.ToArray(); }
protected virtual void SendCertificateVerifyMessage(DigitallySigned certificateVerify) { TlsProtocol.HandshakeMessage output = new TlsProtocol.HandshakeMessage(15); certificateVerify.Encode(output); output.WriteToRecordStream(this); }