Exemple #1
0
            public void GetCwtKey(CwtPublicKey rpk)
            {
                try {
                    CWT cwt = CWT.Decode(rpk.EncodedCwt(), CwtTrustKeySet, CwtTrustKeySet);

                    AsymmetricKeyParameter pub = cwt.Cnf.Key.AsPublicKey();
                    SubjectPublicKeyInfo   spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);
                    rpk.SetSubjectPublicKeyInfo(spi);

                    AuthenticationKey = cwt.Cnf.Key;
                    return;
                }
                catch {
                }

                TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate)
                {
                    Certificate = rpk
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;

                if (handler != null)
                {
                    handler(this, ev);
                }

                if (!ev.Processed)
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }

                AuthenticationKey = ev.KeyValue;
            }
Exemple #2
0
        public override byte GetServerCertificateType(byte[] certificateTypes)
        {
            TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertType)
            {
                Bytes = certificateTypes,
                Byte  = (byte)0xff
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(this, e);
            }

            if (e.Byte != 0xff)
            {
                return(e.Byte);
            }

            foreach (byte type in certificateTypes)
            {
                if (type == 2)
                {
                    return(type);            // Assume we only support Raw Public Key
                }
            }
            throw new TlsFatalAlert(AlertDescription.handshake_failure);
        }
Exemple #3
0
            public virtual void NotifyServerCertificate(AbstractCertificate serverCertificate)
            {
                if (serverCertificate is RawPublicKey)
                {
                    GetRpkKey((RawPublicKey)serverCertificate);
                }
#if SUPPORT_TLS_CWT
                else if (serverCertificate is CwtPublicKey)
                {
                    GetCwtKey((CwtPublicKey)serverCertificate);
                }
#endif
                else
                {
                    TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertificate)
                    {
                        Certificate = serverCertificate
                    };

                    EventHandler <TlsEvent> handler = TlsEventHandler;
                    if (handler != null)
                    {
                        handler(this, e);
                    }

                    if (!e.Processed)
                    {
                        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                    }
                }
            }
Exemple #4
0
            public virtual void NotifyServerCertificate(Certificate serverCertificate)
            {
                /*
                 *              X509CertificateStructure[] chain = serverCertificate.GetCertificateList();
                 *              Console.WriteLine("DTLS client received server certificate chain of length " + chain.Length);
                 *              for (int i = 0; i != chain.Length; i++) {
                 *                  X509CertificateStructure entry = chain[i];
                 *                  // TODO Create fingerprint based on certificate signature algorithm digest
                 *                  Console.WriteLine("    fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
                 + entry.Subject + ")");
                 +              }
                 */
                TlsEvent e = new TlsEvent(TlsEvent.EventCode.ServerCertificate)
                {
                    Certificate     = serverCertificate,
                    CertificateType = CertificateType.X509
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;

                if (handler != null)
                {
                    handler(this, e);
                }

                if (!e.Processed)
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }
            }
Exemple #5
0
        public override int[] GetCipherSuites()
        {
            int[] i;

            if (_rawPublicKey != null)
            {
                i = new int[] {
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                    CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
                };
            }
            else
            {
                i = new int[] {
                    CipherSuite.TLS_PSK_WITH_AES_128_CCM_8,
                };
            }

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites)
            {
                IntValues = i
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(this, e);
            }

            return(e.IntValues);
        }
Exemple #6
0
        public override void NotifyClientCertificate(AbstractCertificate clientCertificate)
        {
            if (clientCertificate is RawPublicKey)
            {
                mPskIdentityManager.GetRpkKey((RawPublicKey)clientCertificate);
            }
            else
            {
                TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate)
                {
                    Certificate = clientCertificate
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (!e.Processed)
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }
            }
        }
Exemple #7
0
            public void GetCwtKey(CwtPublicKey rpk)
            {
                Cwt cwt;

                try {
                    cwt = Cwt.Decode(rpk.EncodedCwt(), CwtTrustRoots, CwtTrustRoots);

                    AuthenticationKey = cwt.Cnf.CoseKey;
                }
                catch (Exception e)
                {
                    TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ClientCertificate)
                    {
                        Certificate = rpk
                    };

                    EventHandler <TlsEvent> handler = TlsEventHandler;
                    if (handler != null)
                    {
                        handler(this, ev);
                    }

                    if (!ev.Processed)
                    {
                        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                    }

                    AuthenticationKey = ev.KeyValue;
                }
            }
Exemple #8
0
 static void ClientTlsEvents(Object o, TlsEvent e)
 {
     if (e.Code == ServerCertificate)
     {
         e.Processed = true;
     }
 }
Exemple #9
0
            public void GetRpkKey(RawPublicKey rpk)
            {
                AsymmetricKeyParameter key;

                try {
                    key = PublicKeyFactory.CreateKey(rpk.SubjectPublicKeyInfo());
                }
                catch (Exception e) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
                }

                if (key is ECPublicKeyParameters)
                {
                    ECPublicKeyParameters ecKey = (ECPublicKeyParameters)key;

                    string s      = ecKey.AlgorithmName;
                    OneKey newKey = new OneKey();
                    newKey.Add(CoseKeyKeys.KeyType, GeneralValues.KeyType_EC);
                    if (ecKey.Parameters.Curve.Equals(NistNamedCurves.GetByName("P-256").Curve))
                    {
                        newKey.Add(CoseKeyParameterKeys.EC_Curve, GeneralValues.P256);
                    }

                    newKey.Add(CoseKeyParameterKeys.EC_X, CBORObject.FromObject(ecKey.Q.Normalize().XCoord.ToBigInteger().ToByteArrayUnsigned()));
                    newKey.Add(CoseKeyParameterKeys.EC_Y, CBORObject.FromObject(ecKey.Q.Normalize().YCoord.ToBigInteger().ToByteArrayUnsigned()));

                    if (_serverKeys != null)
                    {
                        foreach (OneKey k in _serverKeys)
                        {
                            if (k.Compare(newKey))
                            {
                                AuthenticationKey = k;
                                return;
                            }
                        }
                    }

                    TlsEvent ev = new TlsEvent(TlsEvent.EventCode.ServerCertificate)
                    {
                        KeyValue = newKey
                    };

                    EventHandler <TlsEvent> handler = TlsEventHandler;
                    if (handler != null)
                    {
                        handler(this, ev);
                    }

                    if (!ev.Processed)
                    {
                        //                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                    }
                }
                else
                {
                    // throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }
            }
        private void OnTlsEvent(Object o, TlsEvent e)
        {
            EventHandler<TlsEvent> handler = TlsEventHandler;
            if (handler != null) {
                handler(o, e);
            }

        }
Exemple #11
0
        public override int[] GetCipherSuites()
        {
            int[] i;

            if (_tlsKeyPair != null)
            {
                if (_tlsKeyPair.X509Certificate != null)
                {
                    i = new int[] {
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
                    };
                }
#if SUPPORT_RPK
                else if (_tlsKeyPair.PublicKey != null)
                {
                    i = new int[] {
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
                    };
                }
#endif
#if SUPPORT_TLS_CWT
                else if (_tlsKeyPair.CertType == CertificateType.CwtPublicKey)
                {
                    i = new int[] {
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
                    };
                }
#endif
                else
                {
                    //  We should never get here
                    i = new int[0];
                }
            }
            else
            {
                //  We should never get here
                i = new int[] {
                    CipherSuite.TLS_PSK_WITH_AES_128_CCM_8
                };
            }

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites)
            {
                IntValues = i
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            return(e.IntValues);
        }
Exemple #12
0
        private void MyTlsEventHandler(object sender, TlsEvent tlsEvent)
        {
            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(sender, tlsEvent);
            }
        }
Exemple #13
0
        protected TlsSignerCredentials GetECDsaSignerCredentials()
        {
#if SUPPORT_RPK
            if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
            {
                OneKey k = _tlsKeyPair.PublicKey;
                if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                    k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                {
                    X9ECParameters         p          = k.GetCurve();
                    ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                    ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                    ECPoint point = k.GetPoint();
                    ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);

                    SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                    return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                }
            }
#endif

#if SUPPORT_TLS_CWT
            if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
            {
                OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key;
                if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                    k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                {
                    X9ECParameters         p          = k.GetCurve();
                    ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                    ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                    return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                }
            }
#endif

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
            {
                CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            if (e.SignerCredentials != null)
            {
                return(e.SignerCredentials);
            }
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }
Exemple #14
0
            public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
            {
                if (certificateRequest.CertificateTypes == null ||
                    !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
                {
                    return(null);
                }

#if SUPPORT_RPK
                if (_rawPublicKey != null)
                {
                    OneKey k = _rawPublicKey;
                    if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
                        k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
                    {
                        X9ECParameters         p          = k.GetCurve();
                        ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                        ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                        ECPoint point = k.GetPoint();
                        ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);

                        SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                        return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                    }
                }

                /*
                 * byte[] certificateTypes = certificateRequest.CertificateTypes;
                 * if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
                 *  return null;
                 *
                 * return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms,
                 *  SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
                 */
#endif
                // If we did not fine appropriate signer credientials - ask for help

                TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
                {
                    CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (e.SignerCredentials != null)
                {
                    return(e.SignerCredentials);
                }
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
Exemple #15
0
            public virtual byte[] GetPsk(byte[] identity)
            {
                foreach (OneKey key in _userKeys)
                {
                    if (!key.HasKeyType((int)GeneralValuesInt.KeyType_Octet))
                    {
                        continue;
                    }

                    if (identity == null)
                    {
                        if (key.HasKid(null))
                        {
                            AuthenticationKey = key;
                            return((byte[])key[CoseKeyParameterKeys.Octet_k].GetByteString().Clone());
                        }
                    }
                    else
                    {
                        if (key.HasKid(identity))
                        {
                            AuthenticationKey = key;
                            return((byte[])key[CoseKeyParameterKeys.Octet_k].GetByteString().Clone());
                        }
                    }
                }


                TlsEvent e = new TlsEvent(TlsEvent.EventCode.UnknownPskName)
                {
                    PskName = identity
                };
                EventHandler <TlsEvent> handler = TlsEventHandler;

                if (handler != null)
                {
                    handler(this, e);
                }

                if (e.KeyValue != null)
                {
                    if (e.KeyValue.HasKeyType((int)GeneralValuesInt.KeyType_Octet))
                    {
                        AuthenticationKey = e.KeyValue;
                        return((byte[])e.KeyValue[CoseKeyParameterKeys.Octet_k].GetByteString().Clone());
                    }
                }

                return(null);
            }
Exemple #16
0
 private static void ServerEventHandler(Object o, TlsEvent e)
 {
     switch (e.Code)
     {
     case TlsEvent.EventCode.UnknownPskName:
         if (e.PskName.SequenceEqual(PskOneName))
         {
             //  We don't recognize this name
         }
         else if (e.PskName.SequenceEqual(PskTwoName))
         {
             e.KeyValue = PskTwo;
         }
         break;
     }
 }
Exemple #17
0
        /// <summary>
        /// Decide which type of client and server certificates are going to be supported.
        /// By default, we assume that only those certificate types which match the clients
        /// certificate are going to be supported for the server.
        /// </summary>
        /// <returns></returns>
        public override IDictionary GetClientExtensions()
        {
            IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());


            // TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
            // TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
            {
                /*
                 * NOTE: If you are copying test code, do not blindly set these extensions in your own client.
                 */
                //   TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
                //    TlsExtensionsUtilities.AddPaddingExtension(clientExtensions, mContext.SecureRandom.Next(16));
                //    TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);

#if SUPPORT_RPK
                if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
                {
                    TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 });
                    TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 2 });
                }
#endif

#if SUPPORT_TLS_CWT
                if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
                {
                    TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 });
                    TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, new byte[] { 254 });
                }
#endif
            }

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetExtensions)
            {
                Dictionary = clientExtensions
            };


            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            return(e.Dictionary);
        }
Exemple #18
0
        public override void NotifyClientCertificate(Certificate clientCertificate)
        {
            TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate)
            {
                Certificate = clientCertificate
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(this, e);
            }

            if (!e.Processed)
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
Exemple #19
0
        public override byte GetClientCertificateType(byte[] certificateTypes)
        {
            TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertType)
            {
                Bytes = certificateTypes,
                Byte  = 0xff
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(this, e);
            }

            if (e.Byte != 0xff)
            {
                return(e.Byte);
            }

            foreach (byte type in certificateTypes)
            {
                if (type == 1)
                {
                    return(type);
                }
#if SUPPORT_RPK
                if (type == 2)
                {
                    return(type);            // Assume we only support Raw Public Key
                }
#endif
#if SUPPORT_TLS_CWT
                if (type == 254)
                {
                    return(type);
                }
#endif
            }


            throw new TlsFatalAlert(AlertDescription.handshake_failure);
        }
Exemple #20
0
        protected override TlsSignerCredentials GetECDsaSignerCredentials()
        {
#if SUPPORT_RPK
            foreach (OneKey k in _serverKeys)
            {
                if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
                    k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
                {
                    X9ECParameters         p          = k.GetCurve();
                    ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                    ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                    ECPoint point = k.GetPoint();
                    ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);

                    SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                    return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                }
            }
#endif

            // If we did not fine appropriate signer credientials - ask for help

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
            {
                CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            if (e.SignerCredentials != null)
            {
                return(e.SignerCredentials);
            }
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }
Exemple #21
0
        public override void NotifyClientCertificate(AbstractCertificate clientCertificate)
        {
            if (clientCertificate is RawPublicKey)
            {
                mPskIdentityManager.GetRpkKey((RawPublicKey)clientCertificate);
            }
#if SUPPORT_TLS_CWT
            else if (clientCertificate is CwtPublicKey)
            {
                mPskIdentityManager.CwtTrustRoots = CwtTrustKeySet;
                mPskIdentityManager.GetCwtKey((CwtPublicKey)clientCertificate);
            }
#endif
            else if (clientCertificate is Certificate)
            {
                TlsEvent e = new TlsEvent(TlsEvent.EventCode.ClientCertificate)
                {
                    Certificate     = clientCertificate,
                    CertificateType = CertificateType.X509
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (!e.Processed)
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }

                AuthenticationCertificate = (Certificate)clientCertificate;
            }
            else
            {
                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
            }
        }
Exemple #22
0
        protected override int[] GetCipherSuites()
        {
            int[] i = new int[] {
                CipherSuite.TLS_PSK_WITH_AES_128_CCM_8,
                CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
            };

            //  Give the outside code a chance to change this.

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.GetCipherSuites)
            {
                IntValues = i
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;

            if (handler != null)
            {
                handler(this, e);
            }

            return(e.IntValues);
        }
Exemple #23
0
            public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
            {
                if (certificateRequest.CertificateTypes == null ||
                    !Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
                {
                    return(null);
                }

                if (TlsKey != null)
                {
                    if (TlsKey.CertType == CertificateType.X509)
                    {
                        return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(),
                                                               new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                    }
#if SUPPORT_RPK
                    else if (TlsKey.CertType == CertificateType.RawPublicKey)
                    {
                        OneKey k = TlsKey.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            X9ECParameters         p          = k.GetCurve();
                            ECDomainParameters     parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
                            ECPrivateKeyParameters privKey    = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);

                            ECPoint point = k.GetPoint();
                            ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);

                            SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                            return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
#endif
#if SUPPORT_TLS_CWT
                    else if (TlsKey.CertType == CertificateType.CwtPublicKey)
                    {
                        OneKey k = TlsKey.PublicCwt.Cnf.Key;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey();

                            return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey,
                                                                   new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
#endif
                }

                // If we did not fine appropriate signer credentials - ask for help

                TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
                {
                    CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
                };

                EventHandler <TlsEvent> handler = TlsEventHandler;
                if (handler != null)
                {
                    handler(this, e);
                }

                if (e.SignerCredentials != null)
                {
                    return(e.SignerCredentials);
                }
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }
Exemple #24
0
        protected override TlsSignerCredentials GetECDsaSignerCredentials()
        {
            byte[] certTypes;

            if (mClientExtensions.Contains(ExtensionType.server_certificate_type))
            {
                certTypes = (byte[])mClientExtensions[ExtensionType.server_certificate_type];
            }
            else
            {
                certTypes = new byte[] { CertificateType.X509 };
            }

            foreach (byte b in certTypes)
            {
                if (b == CertificateType.X509)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            return(new DefaultTlsSignerCredentials(
                                       mContext,
                                       new Certificate(kp.X509Certificate),
                                       kp.PrivateKey.AsPrivateKey(),
                                       new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#if SUPPORT_RPK
                if (b == CertificateType.RawPublicKey)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PublicKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            AsymmetricKeyParameter param = k.AsPublicKey();

                            SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);

                            return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), kp.PrivateKey.AsPrivateKey(),
                                                                   new SignatureAndHashAlgorithm(
                                                                       HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#endif
#if SUPPORT_TLS_CWT
                if (b == CertificateType.CwtPublicKey)
                {
                    foreach (TlsKeyPair kp in _serverKeys)
                    {
                        if (b != kp.CertType)
                        {
                            continue;
                        }

                        OneKey k = kp.PrivateKey;
                        if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
                            k.HasAlgorithm(AlgorithmValues.ECDSA_256))
                        {
                            CwtPublicKey           cwtKey = new CwtPublicKey(kp.PublicCwt.EncodeToBytes());
                            AsymmetricKeyParameter pubKey = kp.PublicCwt.Cnf.CoseKey.AsPublicKey();
                            cwtKey.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey));

                            return(new DefaultTlsSignerCredentials(
                                       mContext, cwtKey, kp.PrivateKey.AsPrivateKey(),
                                       new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
                        }
                    }
                }
#endif
            }

            // If we did not fine appropriate signer credentials - ask for help

            TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
            {
                CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
            };

            EventHandler <TlsEvent> handler = TlsEventHandler;
            if (handler != null)
            {
                handler(this, e);
            }

            if (e.SignerCredentials != null)
            {
                return(e.SignerCredentials);
            }
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }