public virtual void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = context.SecurityParameters; Stream sigIn = input; ISigner signer = null; if (tlsSigner != null) { signer = InitSigner(tlsSigner, securityParameters); sigIn = new SignerStream(input, signer, null); } byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn); byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn); if (signer != null) { byte[] sigByte = TlsUtilities.ReadOpaque16(input); if (!signer.VerifySignature(sigByte)) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } } BigInteger N = new BigInteger(1, NBytes); BigInteger g = new BigInteger(1, gBytes); // TODO Validate group parameters (see RFC 5054) //throw new TlsFatalAlert(AlertDescription.insufficient_security); this.s = sBytes; /* * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" * alert if B % N = 0. */ try { this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes)); } catch (CryptoException) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } this.srpClient.Init(N, g, new Sha1Digest(), context.SecureRandom); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = context.SecurityParameters; ISigner signer = InitSigner(tlsSigner, securityParameters); Stream sigIn = new SignerStream(input, signer, null); ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn); ECDomainParameters curve_params; // Currently, we only support named curves if (curveType == ECCurveType.named_curve) { NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn); // TODO Check namedCurve is one we offered? curve_params = NamedCurveHelper.GetECParameters(namedCurve); } else { // TODO Add support for explicit curve parameters (read from sigIn) throw new TlsFatalAlert(AlertDescription.handshake_failure); } byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn); byte[] sigByte = TlsUtilities.ReadOpaque16(input); if (!signer.VerifySignature(sigByte)) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } // TODO Check curve_params not null ECPoint Q = curve_params.Curve.DecodePoint(publicBytes); this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params)); }
public void ProcessServerKeyExchange(Stream input, SecurityParameters securityParameters) { if (tlsSigner == null) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unexpected_message); } Stream sigIn = input; ISigner signer = null; if (tlsSigner != null) { signer = InitSigner(tlsSigner, securityParameters); sigIn = new SignerStream(input, signer, null); } byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn); if (signer != null) { byte[] sigByte = TlsUtilities.ReadOpaque16(input); if (!signer.VerifySignature(sigByte)) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate); } } BigInteger p = new BigInteger(1, pBytes); BigInteger g = new BigInteger(1, gBytes); BigInteger Ys = new BigInteger(1, YsBytes); this.dhAgreeServerPublicKey = ValidateDHPublicKey( new DHPublicKeyParameters(Ys, new DHParameters(p, g))); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = context.SecurityParameters; ISigner signer = InitSigner(tlsSigner, securityParameters); Stream sigIn = new SignerStream(input, signer, null); byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn); byte[] sigByte = TlsUtilities.ReadOpaque16(input); if (!signer.VerifySignature(sigByte)) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } BigInteger p = new BigInteger(1, pBytes); BigInteger g = new BigInteger(1, gBytes); BigInteger Ys = new BigInteger(1, YsBytes); this.dhAgreeServerPublicKey = ValidateDHPublicKey( new DHPublicKeyParameters(Ys, new DHParameters(p, g))); }
private void processDHEKeyExchange( MemoryStream inStr, ISigner signer) { Stream sigIn = inStr; if (signer != null) { signer.Init(false, this.serverPublicKey); signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length); signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length); sigIn = new SignerStream(inStr, signer, null); } /* * Parse the Structure */ int pLength = TlsUtilities.ReadUint16(sigIn); byte[] pByte = new byte[pLength]; TlsUtilities.ReadFully(pByte, sigIn); int gLength = TlsUtilities.ReadUint16(sigIn); byte[] gByte = new byte[gLength]; TlsUtilities.ReadFully(gByte, sigIn); int YsLength = TlsUtilities.ReadUint16(sigIn); byte[] YsByte = new byte[YsLength]; TlsUtilities.ReadFully(YsByte, sigIn); if (signer != null) { int sigLength = TlsUtilities.ReadUint16(inStr); byte[] sigByte = new byte[sigLength]; TlsUtilities.ReadFully(sigByte, inStr); /* * Verify the Signature. */ if (!signer.VerifySignature(sigByte)) { this.FailWithError(AL_fatal, AP_bad_certificate); } } this.AssertEmpty(inStr); /* * Do the DH calculation. */ BigInteger p = new BigInteger(1, pByte); BigInteger g = new BigInteger(1, gByte); BigInteger Ys = new BigInteger(1, YsByte); /* * Check the DH parameter values */ if (!p.IsProbablePrime(10)) { this.FailWithError(AL_fatal, AP_illegal_parameter); } if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0) { this.FailWithError(AL_fatal, AP_illegal_parameter); } // TODO For static DH public values, see additional checks in RFC 2631 2.1.5 if (Ys.CompareTo(BigInteger.Two) < 0 || Ys.CompareTo(p.Subtract(BigInteger.One)) > 0) { this.FailWithError(AL_fatal, AP_illegal_parameter); } /* * Diffie-Hellman basic key agreement */ DHParameters dhParams = new DHParameters(p, g); // Generate a keypair DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(random, dhParams)); AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair(); // Store the public value to send to server this.Yc = ((DHPublicKeyParameters)dhPair.Public).Y; // Calculate the shared secret DHBasicAgreement dhAgree = new DHBasicAgreement(); dhAgree.Init(dhPair.Private); BigInteger agreement = dhAgree.CalculateAgreement(new DHPublicKeyParameters(Ys, dhParams)); this.pms = BigIntegers.AsUnsignedByteArray(agreement); }