[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Sec
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client TlsClientCertificate.cs,1.5,1.6 TlsClientCertificateVerify.cs,1.4,1.5 TlsClientFinished.cs,1.8,1.9 TlsServerKeyExchange.cs,1.8,1.9
|
From: <car...@us...> - 2003-11-03 10:33:53
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client
In directory sc8-pr-cvs1:/tmp/cvs-serv4215
Modified Files:
TlsClientCertificate.cs TlsClientCertificateVerify.cs
TlsClientFinished.cs TlsServerKeyExchange.cs
Log Message:
* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
- Added initial implementation (not finished).
* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:
- Minor change to message processing.
- Changed verify method name to verifySignature.
Index: TlsClientCertificate.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** TlsClientCertificate.cs 22 Oct 2003 11:48:08 -0000 1.5
--- TlsClientCertificate.cs 3 Nov 2003 10:33:50 -0000 1.6
***************
*** 54,64 ****
protected override void ProcessAsSsl3()
{
! throw new NotSupportedException();
}
protected override void ProcessAsTls1()
{
! #warning "Check which type of certificates has been requested by the server"
!
// Write client certificates information to a stream
TlsStream stream = new TlsStream();
--- 54,64 ----
protected override void ProcessAsSsl3()
{
! this.ProcessAsTls1();
}
protected override void ProcessAsTls1()
{
! #region "Send only the appropiate type of certificate"
!
// Write client certificates information to a stream
TlsStream stream = new TlsStream();
Index: TlsClientCertificateVerify.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** TlsClientCertificateVerify.cs 3 Nov 2003 08:53:20 -0000 1.4
--- TlsClientCertificateVerify.cs 3 Nov 2003 10:33:50 -0000 1.5
***************
*** 26,29 ****
--- 26,33 ----
using System.Security.Cryptography.X509Certificates;
+ using System.Security.Cryptography;
+ using Mono.Security.Cryptography;
+ using Mono.Security.Cryptography.X509Certificates as X509;
+
namespace Mono.Security.Protocol.Tls.Handshake.Client
{
***************
*** 58,62 ****
protected override void ProcessAsTls1()
{
! throw new NotSupportedException();
}
--- 62,89 ----
protected override void ProcessAsTls1()
{
! foreach (X509Certificate cert in Session.Settings.Certificates)
! {
! HashAlgorithm hash = new MD5SHa1CryptoServiceProvider();
! X509.X509Certificate c = new X509.X509Certificate(cert.GetRawCertData);
! RSA rsa = c.RSA;
! RSAParameters p = rsa.ExportParameters(false);
! TlsStream data = new TlsStream();
!
! data.Write(this.Session.Context.RandomCS);
! data.Write((short)p.Modulus.Length);
! data.Write(p.Modulus);
! data.Write((short)p.Exponent.Length);
! data.Write(p.Exponent);
!
! hash.ComputeHash(data.ToArray(), 0, data.Length);
!
! data.Reset();
!
! // Write the signature
! RSAPKCS1SignatureFormatter sf = RSAPKCS1SignatureFormatter(rsa);
! sf.SetHashAlgorithm(c.SignatureAlgorithm);
!
! Write(sf.CreateSignature(hash.Hash));
! }
}
Index: TlsClientFinished.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientFinished.cs,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** TlsClientFinished.cs 3 Nov 2003 08:53:20 -0000 1.8
--- TlsClientFinished.cs 3 Nov 2003 10:33:50 -0000 1.9
***************
*** 53,56 ****
--- 53,79 ----
#region PROTECTED_METHODS
+ protected override void ProcessAsSsl3()
+ {
+ this.Write(computeSslHash("MD5", Session.Context.HandshakeHashes.ToArray(), 0x434C4E54));
+ this.Write(computeSslHash("SHA1", Session.Context.HandshakeHashes.ToArray(), 0x434C4E54));
+ }
+
+ protected override void ProcessAsTls1()
+ {
+ // Compute handshake messages hash
+ HashAlgorithm hash = new MD5SHA1CryptoServiceProvider();
+ hash.ComputeHash(
+ Session.Context.HandshakeHashes.ToArray(),
+ 0,
+ (int)Session.Context.HandshakeHashes.Length);
+
+ // Write message
+ Write(Session.Context.Cipher.PRF(Session.Context.MasterSecret, "client finished", hash.Hash, 12));
+ }
+
+ #endregion
+
+ #region PRIVATE_METHODS
+
private byte[] computeSslHash(string hashName, byte[] hashes, int sender)
{
***************
*** 81,102 ****
return blockHash;
- }
-
- protected override void ProcessAsSsl3()
- {
- this.Write(computeSslHash("MD5", Session.Context.HandshakeHashes.ToArray(), 0x434C4E54));
- this.Write(computeSslHash("SHA1", Session.Context.HandshakeHashes.ToArray(), 0x434C4E54));
- }
-
- protected override void ProcessAsTls1()
- {
- HashAlgorithm hash = new MD5SHA1CryptoServiceProvider();
- hash.ComputeHash(
- Session.Context.HandshakeHashes.ToArray(),
- 0,
- (int)Session.Context.HandshakeHashes.Length);
-
- // Write message contents
- Write(Session.Context.Cipher.PRF(Session.Context.MasterSecret, "client finished", hash.Hash, 12));
}
--- 104,107 ----
Index: TlsServerKeyExchange.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** TlsServerKeyExchange.cs 3 Nov 2003 08:53:20 -0000 1.8
--- TlsServerKeyExchange.cs 3 Nov 2003 10:33:50 -0000 1.9
***************
*** 45,49 ****
: base(session, TlsHandshakeType.ServerKeyExchange, buffer)
{
! verify();
}
--- 45,49 ----
: base(session, TlsHandshakeType.ServerKeyExchange, buffer)
{
! this.verifySignature();
}
***************
*** 67,71 ****
protected override void ProcessAsSsl3()
{
! throw new NotSupportedException();
}
--- 67,71 ----
protected override void ProcessAsSsl3()
{
! this.ProcessAsTls1();
}
***************
*** 75,88 ****
// Read modulus
! short length = this.ReadInt16();
! rsaParams.Modulus = this.ReadBytes(length);
// Read exponent
! length = this.ReadInt16();
! rsaParams.Exponent = this.ReadBytes(length);
// Read signed params
! length = this.ReadInt16();
! signedParams = this.ReadBytes(length);
}
--- 75,85 ----
// Read modulus
! rsaParams.Modulus = this.ReadBytes(this.ReadInt16());
// Read exponent
! rsaParams.Exponent = this.ReadBytes(this.ReadInt16());
// Read signed params
! signedParams = this.ReadBytes(this.ReadInt16());
}
***************
*** 91,95 ****
#region PRIVATE_METHODS
! private void verify()
{
HashAlgorithm hash = new MD5SHA1CryptoServiceProvider();
--- 88,92 ----
#region PRIVATE_METHODS
! private void verifySignature()
{
HashAlgorithm hash = new MD5SHA1CryptoServiceProvider();
***************
*** 108,116 ****
stream.Reset();
! // Calculate signature
RSA rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);
rsa.ImportParameters(rsaParams);
!
! // Verify Signature
X509Certificate certificate = this.Session.Context.ServerSettings.ServerCertificates[0];
certificate.CheckSignature(hash.Hash, "SHA1", this.signedParams);
--- 105,112 ----
stream.Reset();
! // Verify Signature
RSA rsa = new RSACryptoServiceProvider(rsaParams.Modulus.Length << 3);
rsa.ImportParameters(rsaParams);
!
X509Certificate certificate = this.Session.Context.ServerSettings.ServerCertificates[0];
certificate.CheckSignature(hash.Hash, "SHA1", this.signedParams);
|
