|
public static GetParametersForNamedCurve ( int namedCurve ) : |
||
| namedCurve | int | |
| return | ||
internal static ECPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, int[] namedCurves, byte[] ecPointFormats, Stream output)
{
int num = -1;
if (namedCurves == null)
{
num = 23;
}
else
{
for (int i = 0; i < namedCurves.Length; i++)
{
int num2 = namedCurves[i];
if (NamedCurve.IsValid(num2) && TlsEccUtilities.IsSupportedNamedCurve(num2))
{
num = num2;
break;
}
}
}
ECDomainParameters eCDomainParameters = null;
if (num >= 0)
{
eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(num);
}
else if (Arrays.Contains(namedCurves, 65281))
{
eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(23);
}
else if (Arrays.Contains(namedCurves, 65282))
{
eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(10);
}
if (eCDomainParameters == null)
{
throw new TlsFatalAlert(80);
}
if (num < 0)
{
TlsEccUtilities.WriteExplicitECParameters(ecPointFormats, eCDomainParameters, output);
}
else
{
TlsEccUtilities.WriteNamedECParameters(num, output);
}
return(TlsEccUtilities.GenerateEphemeralClientKeyExchange(random, ecPointFormats, eCDomainParameters, output));
}
public static ECDomainParameters ReadECParameters(int[] namedCurves, byte[] ecPointFormats, Stream input)
{
ECDomainParameters result;
try
{
switch (TlsUtilities.ReadUint8(input))
{
case 1:
{
TlsEccUtilities.CheckNamedCurve(namedCurves, 65281);
BigInteger bigInteger = TlsEccUtilities.ReadECParameter(input);
BigInteger a = TlsEccUtilities.ReadECFieldElement(bigInteger.BitLength, input);
BigInteger b = TlsEccUtilities.ReadECFieldElement(bigInteger.BitLength, input);
byte[] encoding = TlsUtilities.ReadOpaque8(input);
BigInteger bigInteger2 = TlsEccUtilities.ReadECParameter(input);
BigInteger bigInteger3 = TlsEccUtilities.ReadECParameter(input);
ECCurve curve = new FpCurve(bigInteger, a, b, bigInteger2, bigInteger3);
ECPoint g = TlsEccUtilities.DeserializeECPoint(ecPointFormats, curve, encoding);
result = new ECDomainParameters(curve, g, bigInteger2, bigInteger3);
break;
}
case 2:
{
TlsEccUtilities.CheckNamedCurve(namedCurves, 65282);
int num = TlsUtilities.ReadUint16(input);
byte b2 = TlsUtilities.ReadUint8(input);
if (!ECBasisType.IsValid(b2))
{
throw new TlsFatalAlert(47);
}
int num2 = TlsEccUtilities.ReadECExponent(num, input);
int k = -1;
int k2 = -1;
if (b2 == 2)
{
k = TlsEccUtilities.ReadECExponent(num, input);
k2 = TlsEccUtilities.ReadECExponent(num, input);
}
BigInteger a2 = TlsEccUtilities.ReadECFieldElement(num, input);
BigInteger b3 = TlsEccUtilities.ReadECFieldElement(num, input);
byte[] encoding2 = TlsUtilities.ReadOpaque8(input);
BigInteger bigInteger4 = TlsEccUtilities.ReadECParameter(input);
BigInteger bigInteger5 = TlsEccUtilities.ReadECParameter(input);
ECCurve curve2 = (b2 == 2) ? new F2mCurve(num, num2, k, k2, a2, b3, bigInteger4, bigInteger5) : new F2mCurve(num, num2, a2, b3, bigInteger4, bigInteger5);
ECPoint g2 = TlsEccUtilities.DeserializeECPoint(ecPointFormats, curve2, encoding2);
result = new ECDomainParameters(curve2, g2, bigInteger4, bigInteger5);
break;
}
case 3:
{
int namedCurve = TlsUtilities.ReadUint16(input);
if (!NamedCurve.RefersToASpecificNamedCurve(namedCurve))
{
throw new TlsFatalAlert(47);
}
TlsEccUtilities.CheckNamedCurve(namedCurves, namedCurve);
result = TlsEccUtilities.GetParametersForNamedCurve(namedCurve);
break;
}
default:
throw new TlsFatalAlert(47);
}
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(47, alertCause);
}
return(result);
}
public override byte[] GenerateServerKeyExchange()
{
/*
* First we try to find a supported named curve from the client's list.
*/
int namedCurve = -1;
if (mNamedCurves == null)
{
// TODO Let the peer choose the default named curve
namedCurve = NamedCurve.secp256r1;
}
else
{
for (int i = 0; i < mNamedCurves.Length; ++i)
{
int entry = mNamedCurves[i];
if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry))
{
namedCurve = entry;
break;
}
}
}
ECDomainParameters curve_params = null;
if (namedCurve >= 0)
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(namedCurve);
}
else
{
/*
* If no named curves are suitable, check if the client supports explicit curves.
*/
if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_prime_curves))
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1);
}
else if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_char2_curves))
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1);
}
}
if (curve_params == null)
{
/*
* NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
* a suitable curve.
*/
throw new TlsFatalAlert(AlertDescription.internal_error);
}
AsymmetricCipherKeyPair kp = TlsEccUtilities.GenerateECKeyPair(context.SecureRandom, curve_params);
this.mECAgreePrivateKey = (ECPrivateKeyParameters)kp.Private;
DigestInputBuffer buf = new DigestInputBuffer();
if (namedCurve < 0)
{
TlsEccUtilities.WriteExplicitECParameters(mClientECPointFormats, curve_params, buf);
}
else
{
TlsEccUtilities.WriteNamedECParameters(namedCurve, buf);
}
ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)kp.Public;
TlsEccUtilities.WriteECPoint(mClientECPointFormats, ecPublicKey.Q, buf);
/*
* RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
*/
SignatureAndHashAlgorithm signatureAndHashAlgorithm;
IDigest d;
if (TlsUtilities.IsTlsV12(context))
{
signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm;
if (signatureAndHashAlgorithm == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash);
}
else
{
signatureAndHashAlgorithm = null;
d = new CombinedHash();
}
SecurityParameters securityParameters = context.SecurityParameters;
d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
buf.UpdateDigest(d);
byte[] hash = DigestUtilities.DoFinal(d);
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
signed_params.Encode(buf);
return(buf.ToArray());
}