public static IsSupportedNamedCurve ( int namedCurve ) : bool | ||
namedCurve | int | |
return | bool |
protected virtual bool SupportsClientEccCapabilities(int[] namedCurves, byte[] ecPointFormats) { // NOTE: BC supports all the current set of point formats so we don't check them here if (namedCurves == null) { /* * RFC 4492 4. A client that proposes ECC cipher suites may choose not to include these * extensions. In this case, the server is free to choose any one of the elliptic curves * or point formats [...]. */ return(TlsEccUtilities.HasAnySupportedNamedCurves()); } for (int i = 0; i < namedCurves.Length; ++i) { int namedCurve = namedCurves[i]; if (NamedCurve.IsValid(namedCurve) && (!NamedCurve.RefersToASpecificNamedCurve(namedCurve) || TlsEccUtilities.IsSupportedNamedCurve(namedCurve))) { return(true); } } return(false); }
public static string GetNameOfNamedCurve(int namedCurve) { if (!TlsEccUtilities.IsSupportedNamedCurve(namedCurve)) { return(null); } return(TlsEccUtilities.CurveNames[namedCurve - 1]); }
internal static ECPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, int[] namedCurves, byte[] ecPointFormats, Stream output) { int num = -1; if (namedCurves == null) { num = 23; } else { for (int i = 0; i < namedCurves.Length; i++) { int num2 = namedCurves[i]; if (NamedCurve.IsValid(num2) && TlsEccUtilities.IsSupportedNamedCurve(num2)) { num = num2; break; } } } ECDomainParameters eCDomainParameters = null; if (num >= 0) { eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(num); } else if (Arrays.Contains(namedCurves, 65281)) { eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(23); } else if (Arrays.Contains(namedCurves, 65282)) { eCDomainParameters = TlsEccUtilities.GetParametersForNamedCurve(10); } if (eCDomainParameters == null) { throw new TlsFatalAlert(80); } if (num < 0) { TlsEccUtilities.WriteExplicitECParameters(ecPointFormats, eCDomainParameters, output); } else { TlsEccUtilities.WriteNamedECParameters(num, output); } return(TlsEccUtilities.GenerateEphemeralClientKeyExchange(random, ecPointFormats, eCDomainParameters, output)); }
protected virtual bool SupportsClientEccCapabilities(int[] namedCurves, byte[] ecPointFormats) { if (namedCurves == null) { return(TlsEccUtilities.HasAnySupportedNamedCurves()); } for (int i = 0; i < namedCurves.Length; i++) { int namedCurve = namedCurves[i]; if (NamedCurve.IsValid(namedCurve) && (!NamedCurve.RefersToASpecificNamedCurve(namedCurve) || TlsEccUtilities.IsSupportedNamedCurve(namedCurve))) { return(true); } } return(false); }
public override byte[] GenerateServerKeyExchange() { /* * First we try to find a supported named curve from the client's list. */ int namedCurve = -1; if (mNamedCurves == null) { // TODO Let the peer choose the default named curve namedCurve = NamedCurve.secp256r1; } else { for (int i = 0; i < mNamedCurves.Length; ++i) { int entry = mNamedCurves[i]; if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry)) { namedCurve = entry; break; } } } ECDomainParameters curve_params = null; if (namedCurve >= 0) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(namedCurve); } else { /* * If no named curves are suitable, check if the client supports explicit curves. */ if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_prime_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1); } else if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_char2_curves)) { curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1); } } if (curve_params == null) { /* * NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find * a suitable curve. */ throw new TlsFatalAlert(AlertDescription.internal_error); } AsymmetricCipherKeyPair kp = TlsEccUtilities.GenerateECKeyPair(context.SecureRandom, curve_params); this.mECAgreePrivateKey = (ECPrivateKeyParameters)kp.Private; DigestInputBuffer buf = new DigestInputBuffer(); if (namedCurve < 0) { TlsEccUtilities.WriteExplicitECParameters(mClientECPointFormats, curve_params, buf); } else { TlsEccUtilities.WriteNamedECParameters(namedCurve, buf); } ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)kp.Public; TlsEccUtilities.WriteECPoint(mClientECPointFormats, ecPublicKey.Q, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm; IDigest d; if (TlsUtilities.IsTlsV12(context)) { signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm; if (signatureAndHashAlgorithm == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash); } else { signatureAndHashAlgorithm = null; d = new CombinedHash(); } SecurityParameters securityParameters = context.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }