1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
/* Transport Security Layer (TLS)
* Copyright (c) 2003 Carlos Guzmán Álvarez
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
using System;
using System.Security.Cryptography;
using Mono.Security.Cryptography;
using Mono.Security.X509;
namespace Mono.Security.Protocol.Tls.Handshake.Client
{
internal class TlsServerKeyExchange : TlsHandshakeMessage
{
#region FIELDS
private RSAParameters rsaParams;
private byte[] signedParams;
#endregion
#region CONSTRUCTORS
public TlsServerKeyExchange(TlsSession session, byte[] buffer)
: base(session, TlsHandshakeType.ServerKeyExchange, buffer)
{
this.verifySignature();
}
#endregion
#region METHODS
public override void UpdateSession()
{
base.UpdateSession();
this.Session.Context.ServerSettings.ServerKeyExchange = true;
this.Session.Context.ServerSettings.RsaParameters = this.rsaParams;
this.Session.Context.ServerSettings.SignedParams = this.signedParams;
}
#endregion
#region PROTECTED_METHODS
protected override void ProcessAsSsl3()
{
this.ProcessAsTls1();
}
protected override void ProcessAsTls1()
{
this.rsaParams = new RSAParameters();
// Read modulus
rsaParams.Modulus = this.ReadBytes(this.ReadInt16());
// Read exponent
rsaParams.Exponent = this.ReadBytes(this.ReadInt16());
// Read signed params
signedParams = this.ReadBytes(this.ReadInt16());
}
#endregion
#region PRIVATE_METHODS
private void verifySignature()
{
MD5SHA1CryptoServiceProvider hash = new MD5SHA1CryptoServiceProvider();
// Create server params array
TlsStream stream = new TlsStream();
stream.Write(this.Session.Context.RandomCS);
stream.Write(rsaParams.Modulus.Length);
stream.Write(rsaParams.Modulus);
stream.Write(rsaParams.Exponent.Length);
stream.Write(rsaParams.Exponent);
hash.ComputeHash(stream.ToArray());
stream.Reset();
// Verify Signature
X509Certificate certificate = this.Session.Context.ServerSettings.ServerCertificates[0];
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);
rsa.ImportParameters(rsaParams);
byte[] sign = hash.CreateSignature(rsa);
hash.VerifySignature(rsa, this.signedParams);
}
#endregion
}
}
|