public static byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey, DHPrivateKeyParameters privateKey)
{
DHBasicAgreement agreement = new DHBasicAgreement();
agreement.Init(privateKey);
return(BigIntegers.AsUnsignedByteArray(agreement.CalculateAgreement(publicKey)));
}
public override void ProcessClientKeyExchange(Stream input)
{
byte[] array = TlsUtilities.ReadOpaque16(input);
mPsk = mPskIdentityManager.GetPsk(array);
if (mPsk == null)
{
throw new TlsFatalAlert(115);
}
mContext.SecurityParameters.pskIdentity = array;
if (mKeyExchange == 14)
{
BigInteger y = TlsDHUtilities.ReadDHParameter(input);
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, mDHParameters));
}
else if (mKeyExchange == 24)
{
byte[] encoding = TlsUtilities.ReadOpaque8(input);
ECDomainParameters parameters = mECAgreePrivateKey.Parameters;
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding));
}
else if (mKeyExchange == 15)
{
byte[] encryptedPreMasterSecret = ((!TlsUtilities.IsSsl(mContext)) ? TlsUtilities.ReadOpaque16(input) : Streams.ReadAll(input));
mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
}
}
/**
* given a short term public key from a given party calculate the next
* message in the agreement sequence.
*/
public virtual BigInteger CalculateAgreement(
ICipherParameters pubKey)
{
if (this.key == null)
{
throw new InvalidOperationException("Agreement algorithm not initialised");
}
DHPublicKeyParameters pub = (DHPublicKeyParameters)pubKey;
if (!pub.Parameters.Equals(dhParams))
{
throw new ArgumentException("Diffie-Hellman public key has wrong parameters.");
}
BigInteger p = dhParams.P;
BigInteger peerY = pub.Y;
if (peerY == null || peerY.CompareTo(BigInteger.One) <= 0 || peerY.CompareTo(p.Subtract(BigInteger.One)) >= 0)
{
throw new ArgumentException("Diffie-Hellman public key is weak");
}
BigInteger result = peerY.ModPow(key.X, p);
if (result.Equals(BigInteger.One))
{
throw new InvalidOperationException("Shared key can't be 1");
}
return(result);
}
protected bool Equals(DHPublicKeyParameters other)
{
if (y.Equals(other.y))
{
return(Equals((DHKeyParameters)other));
}
return(false);
}
public static DHPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair pair = GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters @public = (DHPublicKeyParameters)pair.Public;
new ServerDHParams(@public).Encode(output);
return((DHPrivateKeyParameters)pair.Private);
}
public static DHPrivateKeyParameters GenerateEphemeralClientKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair pair = GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters @public = (DHPublicKeyParameters)pair.Public;
WriteDHParameter(@public.Y, output);
return((DHPrivateKeyParameters)pair.Private);
}
public override void ProcessClientKeyExchange(Stream input)
{
if (mDHAgreePublicKey == null)
{
BigInteger y = TlsDHUtilities.ReadDHParameter(input);
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, mDHParameters));
}
}
public ServerDHParams(DHPublicKeyParameters publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException("publicKey");
}
this.mPublicKey = publicKey;
}
public static DHPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair asymmetricCipherKeyPair = TlsDHUtilities.GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters publicKey = (DHPublicKeyParameters)asymmetricCipherKeyPair.Public;
new ServerDHParams(publicKey).Encode(output);
return((DHPrivateKeyParameters)asymmetricCipherKeyPair.Private);
}
public static DHPrivateKeyParameters GenerateEphemeralClientKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair asymmetricCipherKeyPair = TlsDHUtilities.GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters)asymmetricCipherKeyPair.Public;
TlsDHUtilities.WriteDHParameter(dHPublicKeyParameters.Y, output);
return((DHPrivateKeyParameters)asymmetricCipherKeyPair.Private);
}
public string ComputeSharedSecret(string publicKey)
{
DHParameters param = Parameters;
var importedKey = new DHPublicKeyParameters(new BigInteger(publicKey, 16), param);
var internalKeyAgree = AgreementUtilities.GetBasicAgreement("DH");
internalKeyAgree.Init(PrivateKeyParameter);
return(internalKeyAgree.CalculateAgreement(importedKey).ToString(16));
}
/**
* this test is can take quiet a while
*/
private void doTestGeneration(
int size)
{
DHParametersGenerator pGen = new DHParametersGenerator();
pGen.Init(size, 10, new SecureRandom());
DHParameters dhParams = pGen.GenerateParameters();
if (dhParams.L != 0)
{
Fail("DHParametersGenerator failed to set J to 0 in generated DHParameters");
}
DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator();
kpGen.Init(dhkgParams);
//
// generate first pair
//
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;
//
// generate second pair
//
dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), pu1.Parameters);
kpGen.Init(dhkgParams);
pair = kpGen.GenerateKeyPair();
DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public;
DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;
//
// two way
//
DHBasicAgreement e1 = new DHBasicAgreement();
DHBasicAgreement e2 = new DHBasicAgreement();
e1.Init(new ParametersWithRandom(pv1, new SecureRandom()));
e2.Init(new ParametersWithRandom(pv2, new SecureRandom()));
BigInteger k1 = e1.CalculateAgreement(pu2);
BigInteger k2 = e2.CalculateAgreement(pu1);
if (!k1.Equals(k2))
{
Fail("basic with " + size + " bit 2-way test failed");
}
}
public ServerDHParams(DHPublicKeyParameters publicKey)
{
//IL_000e: Unknown result type (might be due to invalid IL or missing references)
if (publicKey == null)
{
throw new ArgumentNullException("publicKey");
}
mPublicKey = publicKey;
}
public override void ProcessClientKeyExchange(Stream input)
{
if (mDHAgreePublicKey != null)
{
// For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
return;
}
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
protected virtual byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey,
DHPrivateKeyParameters privateKey)
{
DHBasicAgreement dhAgree = new DHBasicAgreement();
dhAgree.Init(dhAgreeClientPrivateKey);
BigInteger agreement = dhAgree.CalculateAgreement(dhAgreeServerPublicKey);
return(BigIntegers.AsUnsignedByteArray(agreement));
}
/**
* given a message from a given party and the coresponding public key
* calculate the next message in the agreement sequence. In this case
* this will represent the shared secret.
*/
public BigInteger calculateAgreement(
DHPublicKeyParameters pub,
BigInteger message)
{
if (!pub.getParameters().Equals(dhParams))
{
throw new ArgumentException("Diffie-Hellman public key has wrong parameters.");
}
return(message.modPow(key.getX(), dhParams.getP()).multiply(pub.getY().modPow(privateValue, dhParams.getP())).mod(dhParams.getP()));
}
public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
{
DHParameters parameters = ValidateDHParameters(key.Parameters);
BigInteger y = key.Y;
if ((y.CompareTo(Two) < 0) || (y.CompareTo(parameters.P.Subtract(Two)) > 0))
{
throw new TlsFatalAlert(0x2f);
}
return(key);
}
public override void ProcessServerKeyExchange(Stream input)
{
if (!RequiresServerKeyExchange)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
// DH_anon is handled here, DHE_* in a subclass
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
public static DHPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random,
DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair kp = GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters dhPublic = (DHPublicKeyParameters)kp.Public;
WriteDHParameters(dhParams, output);
WriteDHParameter(dhPublic.Y, output);
return((DHPrivateKeyParameters)kp.Private);
}
/**
* given a short term public key from a given party calculate the next
* message in the agreement sequence.
*/
public BigInteger calculateAgreement(
CipherParameters pubKey)
{
DHPublicKeyParameters pub = (DHPublicKeyParameters)pubKey;
if (!pub.getParameters().Equals(dhParams))
{
throw new ArgumentException("Diffie-Hellman public key has wrong parameters.");
}
return(pub.getY().modPow(key.getX(), dhParams.getP()));
}
private string GeneratePassword()
{
DHPublicKeyParameters publicKey = new DHPublicKeyParameters(
((DHPublicKeyParameters)PublicKeyFactory.CreateKey(encodedPublicKey)).Y, sharedParameters);
IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("DH");
agreement.Init(keyPair.Private);
BigInteger agreementValue = agreement.CalculateAgreement(publicKey);
return(agreementValue.ToString(16));
}
public static byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey,
DHPrivateKeyParameters privateKey)
{
DHBasicAgreement basicAgreement = new DHBasicAgreement();
basicAgreement.Init(privateKey);
BigInteger agreementValue = basicAgreement.CalculateAgreement(publicKey);
/*
* RFC 5246 8.1.2. Leading bytes of Z that contain all zero bits are stripped before it is
* used as the pre_master_secret.
*/
return(BigIntegers.AsUnsignedByteArray(agreementValue));
}
public override bool Equals(object obj)
{
if (obj == this)
{
return(true);
}
DHPublicKeyParameters dHPublicKeyParameters = obj as DHPublicKeyParameters;
if (dHPublicKeyParameters == null)
{
return(false);
}
return(Equals(dHPublicKeyParameters));
}
public override void ProcessServerKeyExchange(Stream input)
{
if (!RequiresServerKeyExchange)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
// DH_anon is handled here, DHE_* in a subclass
ServerDHParams dhParams = ServerDHParams.Parse(input);
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
}
public virtual BigInteger CalculateAgreement(ICipherParameters pubKey)
{
if (this.key == null)
{
throw new InvalidOperationException("Agreement algorithm not initialised");
}
DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters)pubKey;
if (!dHPublicKeyParameters.Parameters.Equals(this.dhParams))
{
throw new ArgumentException("Diffie-Hellman public key has wrong parameters.");
}
return(dHPublicKeyParameters.Y.ModPow(this.key.X, this.dhParams.P));
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mDHAgreePublicKey = (DHPublicKeyParameters)this.mServerPublicKey;
this.mDHParameters = mDHAgreePublicKey.Parameters;
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerKeyExchange(Stream input)
{
this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input);
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
ServerDHParams serverDHParams = ServerDHParams.Parse(input);
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
// TODO[RFC 5489]
}
}
public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
{
DHParameters parameters = ValidateDHParameters(key.Parameters);
BigInteger Y = key.Y;
if (Y.CompareTo(Two) < 0 || Y.CompareTo(parameters.P.Subtract(Two)) > 0)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
// TODO See RFC 2631 for more discussion of Diffie-Hellman validation
return(key);
}
public virtual BigInteger CalculateAgreement(ICipherParameters pubKey)
{
//IL_000d: Unknown result type (might be due to invalid IL or missing references)
//IL_0032: Unknown result type (might be due to invalid IL or missing references)
if (key == null)
{
throw new InvalidOperationException("Agreement algorithm not initialised");
}
DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters)pubKey;
if (!dHPublicKeyParameters.Parameters.Equals(dhParams))
{
throw new ArgumentException("Diffie-Hellman public key has wrong parameters.");
}
return(dHPublicKeyParameters.Y.ModPow(key.X, dhParams.P));
}
public override void ProcessServerKeyExchange(Stream input)
{
mPskIdentityHint = TlsUtilities.ReadOpaque16(input);
if (mKeyExchange == 14)
{
ServerDHParams serverDHParams = ServerDHParams.Parse(input);
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey);
mDHParameters = mDHAgreePublicKey.Parameters;
}
else if (mKeyExchange == 24)
{
ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);
byte[] encoding = TlsUtilities.ReadOpaque8(input);
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding));
}
}
