public override void ReadServer(TlsBuffer incoming) { curveType = (ECCurveType)incoming.ReadByte(); // Currently, we only support named curves if (curveType == ECCurveType.named_curve) { namedCurve = (NamedCurve)incoming.ReadInt16(); // TODO Check namedCurve is one we offered? domainParameters = NamedCurveHelper.GetECParameters(namedCurve); } else { // TODO Add support for explicit curve parameters throw new TlsException(AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType); } var publicLength = incoming.ReadByte(); publicBytes = incoming.ReadBytes(publicLength); // TODO Check RFC 4492 for validation serverQ = domainParameters.Curve.DecodePoint(publicBytes); Signature = Signature.Read(TlsProtocolCode.Tls12, incoming); }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = context.SecurityParameters; ISigner signer = InitSigner(tlsSigner, securityParameters); Stream sigIn = new SignerStream(input, signer, null); ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn); ECDomainParameters curve_params; // Currently, we only support named curves if (curveType == ECCurveType.named_curve) { NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn); // TODO Check namedCurve is one we offered? curve_params = NamedCurveHelper.GetECParameters(namedCurve); } else { // TODO Add support for explicit curve parameters (read from sigIn) throw new TlsFatalAlert(AlertDescription.handshake_failure); } byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn); byte[] sigByte = TlsUtilities.ReadOpaque16(input); if (!signer.VerifySignature(sigByte)) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } // TODO Check curve_params not null ECPoint Q = curve_params.Curve.DecodePoint(publicBytes); this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params)); }
public ServerKeyExchangeParser(ReadableBuffer reader) { var originalSpan = reader.ToSpan(); var span = new BigEndianAdvancingSpan(originalSpan); span.Read <HandshakeHeader>(); _curveType = span.Read <ECCurveType>(); if (_curveType != ECCurveType.named_curve) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.handshake_failure, "We only support named curves"); } _namedGroup = span.Read <NamedGroup>(); _key = span; span.ReadVector <byte>(); var dataLength = originalSpan.Length - span.Length; _data = originalSpan.Slice(4, dataLength - 4); _signatureScheme = span.Read <SignatureScheme>(); _signature = span.ReadVector <ushort>().ToSpan(); Debug.Assert(span.Length == 0); }
public override void ReadServer (TlsBuffer incoming) { curveType = (ECCurveType)incoming.ReadByte (); // Currently, we only support named curves if (curveType == ECCurveType.named_curve) { namedCurve = (NamedCurve)incoming.ReadInt16 (); // TODO Check namedCurve is one we offered? domainParameters = NamedCurveHelper.GetECParameters (namedCurve); } else { // TODO Add support for explicit curve parameters throw new TlsException (AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType); } var publicLength = incoming.ReadByte (); publicBytes = incoming.ReadBytes (publicLength); // TODO Check RFC 4492 for validation serverQ = domainParameters.Curve.DecodePoint (publicBytes); Signature = Signature.Read (TlsProtocolCode.Tls12, incoming); }