Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24330
Modified Files:
TlsClientFinished.cs TlsClientHello.cs
Log Message:
2004-03-10 Carlos Guzman Alvarez <car...@te...>
* Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs:
* Mono.Security.Protocol.Tls.Handshake.Server/TlsClientFinished.cs:
* Mono.Security.Protocol.Tls/RecordProtocol.cs:
- Implemented some server alerts.
* Mono.Security.Protocol.Tls/Context.cs:
- Added new RecordProtocol property.
Index: TlsClientFinished.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientFinished.cs,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** TlsClientFinished.cs 9 Mar 2004 20:01:41 -0000 1.5
--- TlsClientFinished.cs 10 Mar 2004 15:50:12 -0000 1.6
***************
*** 45,48 ****
--- 45,50 ----
protected override void ProcessAsSsl3()
{
+ bool decryptError = false;
+
// Compute handshake messages hashes
HashAlgorithm hash = new SslHandshakeHash(this.Context.MasterSecret);
***************
*** 62,81 ****
if (clientHash.Length != serverHash.Length)
{
! throw new TlsException("Invalid ServerFinished message received.");
}
!
! for (int i = 0; i < clientHash.Length; i++)
{
! if (clientHash[i] != serverHash[i])
{
! throw new TlsException("Invalid ServerFinished message received.");
}
}
}
protected override void ProcessAsTls1()
{
! byte[] clientPRF = this.ReadBytes((int)this.Length);
! HashAlgorithm hash = new MD5SHA1();
hash.ComputeHash(
--- 64,94 ----
if (clientHash.Length != serverHash.Length)
{
! decryptError = true;
}
! else
{
! for (int i = 0; i < clientHash.Length; i++)
{
! if (clientHash[i] != serverHash[i])
! {
! decryptError = true;
! break;
! }
}
}
+
+ if (decryptError)
+ {
+ this.Context.RecordProtocol.SendAlert(AlertDescription.DecryptError);
+
+ throw new TlsException("Decrypt error.");
+ }
}
protected override void ProcessAsTls1()
{
! byte[] clientPRF = this.ReadBytes((int)this.Length);
! HashAlgorithm hash = new MD5SHA1();
! bool decryptError = false;
hash.ComputeHash(
***************
*** 90,103 ****
if (clientPRF.Length != serverPRF.Length)
{
! throw new TlsException("Invalid ServerFinished message received.");
}
!
! for (int i = 0; i < serverPRF.Length; i++)
{
! if (clientPRF[i] != serverPRF[i])
{
! throw new TlsException("Invalid ServerFinished message received.");
}
}
}
--- 103,125 ----
if (clientPRF.Length != serverPRF.Length)
{
! decryptError = true;
}
! else
{
! for (int i = 0; i < serverPRF.Length; i++)
{
! if (clientPRF[i] != serverPRF[i])
! {
! decryptError = true;
! }
}
}
+
+ if (decryptError)
+ {
+ this.Context.RecordProtocol.SendAlert(AlertDescription.DecryptError);
+
+ throw new TlsException("Decrypt error.");
+ }
}
Index: TlsClientHello.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** TlsClientHello.cs 5 Mar 2004 23:22:57 -0000 1.6
--- TlsClientHello.cs 10 Mar 2004 15:50:12 -0000 1.7
***************
*** 119,123 ****
else
{
! #warning "Send alert"
throw this.Context.CreateException("Incorrect protocol version received from server");
}
--- 119,124 ----
else
{
! this.Context.RecordProtocol.SendAlert(AlertDescription.ProtocolVersion);
!
throw this.Context.CreateException("Incorrect protocol version received from server");
}
***************
*** 127,130 ****
--- 128,132 ----
{
int index = 0;
+
for (int i = 0; i < this.cipherSuites.Length; i++)
{
***************
*** 137,141 ****
if (this.Context.Cipher == null)
{
! #warning "Send an Alert and Throw and exception"
}
}
--- 139,145 ----
if (this.Context.Cipher == null)
{
! this.Context.RecordProtocol.SendAlert(AlertDescription.InsuficientSecurity);
!
! throw this.Context.CreateException("Insuficient Security");
}
}
|
