public override void ReadServer(TlsBuffer incoming)
{
curveType = (ECCurveType)incoming.ReadByte();
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve)
{
namedCurve = (NamedCurve)incoming.ReadInt16();
// TODO Check namedCurve is one we offered?
domainParameters = NamedCurveHelper.GetECParameters(namedCurve);
}
else
{
// TODO Add support for explicit curve parameters
throw new TlsException(AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
}
var publicLength = incoming.ReadByte();
publicBytes = incoming.ReadBytes(publicLength);
// TODO Check RFC 4492 for validation
serverQ = domainParameters.Curve.DecodePoint(publicBytes);
Signature = Signature.Read(TlsProtocolCode.Tls12, incoming);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
ISigner signer = InitSigner(tlsSigner, securityParameters);
Stream sigIn = new SignerStream(input, signer, null);
ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn);
ECDomainParameters curve_params;
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve)
{
NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn);
// TODO Check namedCurve is one we offered?
curve_params = NamedCurveHelper.GetECParameters(namedCurve);
}
else
{
// TODO Add support for explicit curve parameters (read from sigIn)
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
// TODO Check curve_params not null
ECPoint Q = curve_params.Curve.DecodePoint(publicBytes);
this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params));
}
public ServerKeyExchangeParser(ReadableBuffer reader)
{
var originalSpan = reader.ToSpan();
var span = new BigEndianAdvancingSpan(originalSpan);
span.Read <HandshakeHeader>();
_curveType = span.Read <ECCurveType>();
if (_curveType != ECCurveType.named_curve)
{
Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.handshake_failure, "We only support named curves");
}
_namedGroup = span.Read <NamedGroup>();
_key = span;
span.ReadVector <byte>();
var dataLength = originalSpan.Length - span.Length;
_data = originalSpan.Slice(4, dataLength - 4);
_signatureScheme = span.Read <SignatureScheme>();
_signature = span.ReadVector <ushort>().ToSpan();
Debug.Assert(span.Length == 0);
}
public override void ReadServer (TlsBuffer incoming)
{
curveType = (ECCurveType)incoming.ReadByte ();
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve) {
namedCurve = (NamedCurve)incoming.ReadInt16 ();
// TODO Check namedCurve is one we offered?
domainParameters = NamedCurveHelper.GetECParameters (namedCurve);
} else {
// TODO Add support for explicit curve parameters
throw new TlsException (AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
}
var publicLength = incoming.ReadByte ();
publicBytes = incoming.ReadBytes (publicLength);
// TODO Check RFC 4492 for validation
serverQ = domainParameters.Curve.DecodePoint (publicBytes);
Signature = Signature.Read (TlsProtocolCode.Tls12, incoming);
}
