-/* Transport Security Layer (TLS)\r
- * Copyright (c) 2003 Carlos Guzmán Álvarez\r
- * \r
- * Permission is hereby granted, free of charge, to any person \r
- * obtaining a copy of this software and associated documentation \r
- * files (the "Software"), to deal in the Software without restriction, \r
- * including without limitation the rights to use, copy, modify, merge, \r
- * publish, distribute, sublicense, and/or sell copies of the Software, \r
- * and to permit persons to whom the Software is furnished to do so, \r
- * subject to the following conditions:\r
- * \r
- * The above copyright notice and this permission notice shall be included \r
- * in all copies or substantial portions of the Software.\r
- * \r
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, \r
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES \r
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND \r
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT \r
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, \r
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \r
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r
- * DEALINGS IN THE SOFTWARE.\r
- */\r
-\r
-using System;\r
-using System.Security.Cryptography;\r
-\r
-using Mono.Security.Cryptography;\r
-using Mono.Security.X509;\r
-\r
-namespace Mono.Security.Protocol.Tls.Handshake.Client\r
-{\r
- internal class TlsServerKeyExchange : TlsHandshakeMessage\r
- {\r
- #region FIELDS\r
-\r
- private RSAParameters rsaParams;\r
- private byte[] signedParams;\r
-\r
- #endregion\r
-\r
- #region CONSTRUCTORS\r
-\r
- public TlsServerKeyExchange(TlsSession session, byte[] buffer)\r
- : base(session, TlsHandshakeType.ServerKeyExchange, buffer)\r
- {\r
- this.verifySignature();\r
- }\r
-\r
- #endregion\r
-\r
- #region METHODS\r
-\r
- public override void UpdateSession()\r
- {\r
- base.UpdateSession();\r
-\r
- this.Session.Context.ServerSettings.ServerKeyExchange = true;\r
- this.Session.Context.ServerSettings.RsaParameters = this.rsaParams;\r
- this.Session.Context.ServerSettings.SignedParams = this.signedParams;\r
- }\r
-\r
- #endregion\r
-\r
- #region PROTECTED_METHODS\r
-\r
- protected override void ProcessAsSsl3()\r
- {\r
- this.ProcessAsTls1();\r
- }\r
-\r
- protected override void ProcessAsTls1()\r
- {\r
- this.rsaParams = new RSAParameters();\r
- \r
- // Read modulus\r
- rsaParams.Modulus = this.ReadBytes(this.ReadInt16());\r
-\r
- // Read exponent\r
- rsaParams.Exponent = this.ReadBytes(this.ReadInt16());\r
-\r
- // Read signed params\r
- signedParams = this.ReadBytes(this.ReadInt16());\r
- }\r
-\r
- #endregion\r
-\r
- #region PRIVATE_METHODS\r
-\r
- private void verifySignature()\r
- {\r
- MD5SHA1CryptoServiceProvider hash = new MD5SHA1CryptoServiceProvider();\r
-\r
- // Create server params array\r
- TlsStream stream = new TlsStream();\r
-\r
- stream.Write(this.Session.Context.RandomCS);\r
- stream.Write(rsaParams.Modulus.Length);\r
- stream.Write(rsaParams.Modulus);\r
- stream.Write(rsaParams.Exponent.Length);\r
- stream.Write(rsaParams.Exponent);\r
-\r
- hash.ComputeHash(stream.ToArray());\r
-\r
- stream.Reset();\r
-\r
- // Verify Signature\r
- X509Certificate certificate = this.Session.Context.ServerSettings.ServerCertificates[0];\r
-\r
- RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);\r
- rsa.ImportParameters(rsaParams);\r
-\r
- byte[] sign = hash.CreateSignature(rsa);\r
- hash.VerifySignature(rsa, this.signedParams);\r
- }\r
-\r
- #endregion\r
- }\r
-}\r
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Security.Cryptography;
+
+using Mono.Security.Cryptography;
+using Mono.Security.X509;
+
+namespace Mono.Security.Protocol.Tls.Handshake.Client
+{
+ internal class TlsServerKeyExchange : HandshakeMessage
+ {
+ #region Fields
+
+ private RSAParameters rsaParams;
+ private byte[] signedParams;
+
+ #endregion
+
+ #region Constructors
+
+ public TlsServerKeyExchange(Context context, byte[] buffer)
+ : base(context, HandshakeType.ServerKeyExchange, buffer)
+ {
+ this.verifySignature();
+ }
+
+ #endregion
+
+ #region Methods
+
+ public override void Update()
+ {
+ base.Update();
+
+ this.Context.ServerSettings.ServerKeyExchange = true;
+ this.Context.ServerSettings.RsaParameters = this.rsaParams;
+ this.Context.ServerSettings.SignedParams = this.signedParams;
+ }
+
+ #endregion
+
+ #region Protected Methods
+
+ protected override void ProcessAsSsl3()
+ {
+ this.ProcessAsTls1();
+ }
+
+ protected override void ProcessAsTls1()
+ {
+ this.rsaParams = new RSAParameters();
+
+ // Read modulus
+ this.rsaParams.Modulus = this.ReadBytes(this.ReadInt16());
+
+ // Read exponent
+ this.rsaParams.Exponent = this.ReadBytes(this.ReadInt16());
+
+ // Read signed params
+ this.signedParams = this.ReadBytes(this.ReadInt16());
+ }
+
+ #endregion
+
+ #region Private Methods
+
+ private void verifySignature()
+ {
+ MD5SHA1 hash = new MD5SHA1();
+
+ // Calculate size of server params
+ int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;
+
+ // Create server params array
+ TlsStream stream = new TlsStream();
+
+ stream.Write(this.Context.RandomCS);
+ stream.Write(this.ToArray(), 0, size);
+
+ hash.ComputeHash(stream.ToArray());
+
+ stream.Reset();
+
+ bool isValidSignature = hash.VerifySignature(
+ this.Context.ServerSettings.CertificateRSA,
+ this.signedParams);
+
+ if (!isValidSignature)
+ {
+ throw new TlsException(
+ AlertDescription.DecodeError,
+ "Data was not signed with the server certificate.");
+ }
+ }
+
+ #endregion
+ }
+}
projects / mono.git / blobdiff