Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client
In directory sc8-pr-cvs1:/tmp/cvs-serv7974
Modified Files:
TlsClientCertificate.cs TlsServerKeyExchange.cs
Log Message:
2003-12-21 Carlos Guzmán Álvarez <car...@te...>
* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs:
- Send always the first certificate.
* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:
- Added changes for correct verification of the signed data sent
by the server.
Index: TlsClientCertificate.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificate.cs,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** TlsClientCertificate.cs 14 Dec 2003 15:01:54 -0000 1.12
--- TlsClientCertificate.cs 21 Dec 2003 14:56:06 -0000 1.13
***************
*** 24,30 ****
using System;
- using Mono.Security.Protocol.Tls;
using System.Security.Cryptography.X509Certificates;
namespace Mono.Security.Protocol.Tls.Handshake.Client
{
--- 24,31 ----
using System;
using System.Security.Cryptography.X509Certificates;
+ using Mono.Security.Protocol.Tls;
+
namespace Mono.Security.Protocol.Tls.Handshake.Client
{
***************
*** 65,75 ****
}
// Write client certificates information to a stream
TlsStream stream = new TlsStream();
! foreach (X509Certificate cert in this.Context.ClientSettings.Certificates)
! {
! stream.WriteInt24(cert.GetRawCertData().Length);
! stream.Write(cert.GetRawCertData());
! }
// Compose the message
--- 66,86 ----
}
+ // Select a valid certificate
+ X509Certificate clientCert = this.Context.ClientSettings.Certificates[0];
+
+ /*
+ clientCert = this.Context.SslStream.RaiseClientCertificateSelection(
+ this.Context.ClientSettings.Certificates,
+ this.Context.ServerSettings.Certificates[0],
+ this.Context.ClientSettings.TargetHost,
+ null);
+ */
+
+
// Write client certificates information to a stream
TlsStream stream = new TlsStream();
!
! stream.WriteInt24(clientCert.GetRawCertData().Length);
! stream.Write(clientCert.GetRawCertData());
// Compose the message
Index: TlsServerKeyExchange.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls/Mono.Security.Protocol.Tls.Handshake/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** TlsServerKeyExchange.cs 14 Dec 2003 15:01:54 -0000 1.15
--- TlsServerKeyExchange.cs 21 Dec 2003 14:56:06 -0000 1.16
***************
*** 37,40 ****
--- 37,41 ----
private RSAParameters rsaParams;
private byte[] signedParams;
+ private byte[] content;
#endregion
***************
*** 92,103 ****
MD5SHA1 hash = new MD5SHA1();
// Create server params array
TlsStream stream = new TlsStream();
stream.Write(this.Context.RandomCS);
! stream.Write(rsaParams.Modulus.Length);
! stream.Write(rsaParams.Modulus);
! stream.Write(rsaParams.Exponent.Length);
! stream.Write(rsaParams.Exponent);
hash.ComputeHash(stream.ToArray());
--- 93,104 ----
MD5SHA1 hash = new MD5SHA1();
+ // Calculate size of server params
+ int size = rsaParams.Modulus.Length + rsaParams.Exponent.Length + 4;
+
// Create server params array
TlsStream stream = new TlsStream();
stream.Write(this.Context.RandomCS);
! stream.Write(this.ToArray(), 0, size);
hash.ComputeHash(stream.ToArray());
***************
*** 105,111 ****
stream.Reset();
! hash.VerifySignature(
this.Context.Cipher.CertificateRSA(),
this.signedParams);
}
--- 106,117 ----
stream.Reset();
! bool isValidSignature = hash.VerifySignature(
this.Context.Cipher.CertificateRSA(),
this.signedParams);
+
+ if (!isValidSignature)
+ {
+ throw this.Context.CreateException("Data was not signed with the server certificate.");
+ }
}
|
