mcs/class/System.ServiceModel/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientKeyExchange.cs

   1 // Transport Security Layer (TLS)
   2 // Copyright (c) 2003-2004 Carlos Guzman Alvarez
   3 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
   4 //
   5 // Permission is hereby granted, free of charge, to any person obtaining
   6 // a copy of this software and associated documentation files (the
   7 // "Software"), to deal in the Software without restriction, including
   8 // without limitation the rights to use, copy, modify, merge, publish,
   9 // distribute, sublicense, and/or sell copies of the Software, and to
  10 // permit persons to whom the Software is furnished to do so, subject to
  11 // the following conditions:
  12 //
  13 // The above copyright notice and this permission notice shall be
  14 // included in all copies or substantial portions of the Software.
  15 //
  16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  18 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  23 //
  24
  25 using System;
  26 using System.IO;
  27 using System.Security.Cryptography;
  28 using System.Security.Cryptography.X509Certificates;
  29
  30 namespace Mono.Security.Protocol.Tls.Handshake.Server
  31 {
  32     internal class TlsClientKeyExchange : HandshakeMessage
  33     {
  34         #region Constructors
  35
  36         public TlsClientKeyExchange(Context context, byte[] buffer) :
  37                         base(context,
  38                                 HandshakeType.ClientKeyExchange,
  39                                 buffer)
  40         {
  41         }
  42
  43         #endregion
  44
  45         #region Protected Methods
  46
  47         protected override void ProcessAsSsl3()
  48         {
  49             AsymmetricAlgorithm privKey = null;
  50             ServerContext context = (ServerContext)this.Context;
  51
  52             // Select the private key information
  53             privKey = context.SslStream.RaisePrivateKeySelection(
  54                 new X509Certificate(context.ServerSettings.Certificates[0].RawData),
  55                 null);
  56
  57             if (privKey == null)
  58             {
  59                 throw new TlsException(AlertDescription.UserCancelled, "Server certificate Private Key unavailable.");
  60             }
  61
  62             // Read client premaster secret
  63             byte[] clientSecret = this.ReadBytes((int)this.Length);
  64
  65             // Decrypt premaster secret
  66             RSAPKCS1KeyExchangeDeformatter deformatter = new RSAPKCS1KeyExchangeDeformatter(privKey);
  67
  68             byte[] preMasterSecret = deformatter.DecryptKeyExchange(clientSecret);
  69
  70             // Create master secret
  71             this.Context.Negotiating.Cipher.ComputeMasterSecret(preMasterSecret);
  72
  73             // Create keys
  74             this.Context.Negotiating.Cipher.ComputeKeys ();
  75
  76             // Initialize Cipher Suite
  77             this.Context.Negotiating.Cipher.InitializeCipher ();
  78         }
  79
  80         protected override void ProcessAsTls1()
  81         {
  82             AsymmetricAlgorithm privKey = null;
  83             ServerContext context = (ServerContext)this.Context;
  84
  85             // Select the private key information
  86             // Select the private key information
  87             privKey = context.SslStream.RaisePrivateKeySelection(
  88                 new X509Certificate(context.ServerSettings.Certificates[0].RawData),
  89                 null);
  90
  91             if (privKey == null)
  92             {
  93                 throw new TlsException(AlertDescription.UserCancelled, "Server certificate Private Key unavailable.");
  94             }
  95
  96             // Read client premaster secret
  97             byte[] clientSecret = this.ReadBytes(this.ReadInt16());
  98
  99             // Decrypt premaster secret
 100             RSAPKCS1KeyExchangeDeformatter deformatter = new RSAPKCS1KeyExchangeDeformatter(privKey);
 101
 102             byte[] preMasterSecret = deformatter.DecryptKeyExchange(clientSecret);
 103
 104             // Create master secret
 105             this.Context.Negotiating.Cipher.ComputeMasterSecret(preMasterSecret);
 106
 107             // Create keys
 108             this.Context.Negotiating.Cipher.ComputeKeys();
 109
 110             // Initialize Cipher Suite
 111             this.Context.Negotiating.Cipher.InitializeCipher();
 112         }
 113
 114         #endregion
 115     }
 116 }