protected TlsSignerCredentials GetECDsaSignerCredentials()
{
#if SUPPORT_RPK
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
{
OneKey k = _tlsKeyPair.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
{
OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
#if SUPPORT_RPK
if (_rawPublicKey != null)
{
OneKey k = _rawPublicKey;
if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
/*
* byte[] certificateTypes = certificateRequest.CertificateTypes;
* if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
* return null;
*
* return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms,
* SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
*/
#endif
// If we did not fine appropriate signer credientials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public void AddRecipient(byte[] recipientId, OneKey signKey)
{
if (!signKey.HasAlgorithm(Sender.SigningAlgorithm))
{
throw new ArgumentException("signature algorithm not correct");
}
EntityContext x = DeriveEntityContext(_masterSecret, GroupId, recipientId, _salt, Sender.Algorithm);
x.SigningKey = signKey;
Recipients.Add(recipientId, x);
}
/// <summary>
/// Given the set of inputs, perform the crptographic operations that are needed
/// to build a security context for a single sender and recipient.
/// </summary>
/// <param name="masterSecret">pre-shared key</param>
/// <param name="groupId">identifier for the group</param>
/// <param name="senderId">name assigned to sender</param>
/// <param name="algSignature">What is the signature algorithm</param>
/// <param name="senderSignKey">what is the signing key for the signer</param>
/// <param name="recipientIds">names assigned to recipients</param>
/// <param name="recipientSignKeys">keys for any assigned recipients</param>
/// <param name="masterSalt">salt value</param>
/// <param name="algAEAD">encryption algorithm</param>
/// <param name="algKeyAgree">key agreement algorithm</param>
/// <returns></returns>
public static SecurityContext DeriveGroupContext(byte[] masterSecret, byte[] groupId, byte[] senderId, CBORObject algSignature, OneKey senderSignKey,
byte[][] recipientIds, OneKey[] recipientSignKeys,
byte[] masterSalt = null, CBORObject algAEAD = null, CBORObject algKeyAgree = null)
{
SecurityContext ctx = new SecurityContext();
ctx.Recipients = new Dictionary <byte[], EntityContext>(new ByteArrayComparer());
ctx._masterSecret = masterSecret;
ctx._salt = masterSalt;
if ((recipientIds != null && recipientSignKeys != null) && (recipientIds.Length != recipientSignKeys.Length))
{
throw new ArgumentException("recipientsIds and recipientSignKey must be the same length");
}
if (!senderSignKey.HasAlgorithm(algSignature))
{
throw new ArgumentException("Wrong algorithm for sender sign key");
}
ctx.Sender = DeriveEntityContext(masterSecret, groupId, senderId, masterSalt, algAEAD, algKeyAgree);
ctx.Sender.SigningAlgorithm = algSignature;
ctx.Sender.SigningKey = senderSignKey;
if (recipientIds != null)
{
if (recipientSignKeys == null)
{
throw new ArgumentException("recipientSignKeys is null when recipientIds is not null");
}
ctx.Recipients = new Dictionary <byte[], EntityContext>(new ByteArrayComparer());
for (int i = 0; i < recipientIds.Length; i++)
{
if (!recipientSignKeys[i].HasAlgorithm(algSignature))
{
throw new ArgumentException("Wrong algorithm for recipient sign key");
}
EntityContext et = DeriveEntityContext(masterSecret, groupId, recipientIds[i], masterSalt, algAEAD, algKeyAgree);
et.SigningKey = recipientSignKeys[i];
ctx.Recipients.Add(recipientIds[i], et);
}
}
else if (recipientSignKeys != null)
{
throw new ArgumentException("recipientIds is null when recipientSignKeys is not null");
}
ctx.GroupId = groupId;
return(ctx);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
if (TlsKey != null)
{
if (TlsKey.CertType == CertificateType.X509)
{
return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
#if SUPPORT_RPK
else if (TlsKey.CertType == CertificateType.RawPublicKey)
{
OneKey k = TlsKey.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
else if (TlsKey.CertType == CertificateType.CwtPublicKey)
{
OneKey k = TlsKey.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey();
return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey,
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
protected override TlsSignerCredentials GetECDsaSignerCredentials()
{
byte[] certTypes;
if (mClientExtensions.Contains(ExtensionType.server_certificate_type))
{
certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type];
}
else
{
certTypes = new byte[] { CertificateType.X509 };
}
foreach (byte b in certTypes)
{
if (b == CertificateType.X509)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
return(new DefaultTlsSignerCredentials(
mContext,
new Certificate(kp.X509Certificate),
kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#if SUPPORT_RPK
if (b == CertificateType.RawPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter param = k.AsPublicKey();
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(
HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
#if SUPPORT_TLS_CWT
if (b == CertificateType.CwtPublicKey)
{
foreach (TlsKeyPair kp in _serverKeys)
{
if (b != kp.CertType)
{
continue;
}
OneKey k = kp.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
CwtPublicKey cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes());
AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey();
cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey));
return(new DefaultTlsSignerCredentials(
mContext, cwtKey, kp.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}