internal static ECDomainParameters GetECParameters (NamedCurve namedCurve)
{
if (!Enum.IsDefined (typeof(NamedCurve), namedCurve))
return null;
string curveName = namedCurve.ToString ();
// Lazily created the first time a particular curve is accessed
X9ECParameters ecP = SecNamedCurves.GetByName (curveName);
if (ecP == null)
return null;
// It's a bit inefficient to do this conversion every time
return new ECDomainParameters (ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed ());
}
public override void ReadServer (TlsBuffer incoming)
{
curveType = (ECCurveType)incoming.ReadByte ();
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve) {
namedCurve = (NamedCurve)incoming.ReadInt16 ();
// TODO Check namedCurve is one we offered?
domainParameters = NamedCurveHelper.GetECParameters (namedCurve);
} else {
// TODO Add support for explicit curve parameters
throw new TlsException (AlertDescription.HandshakeFailure, "Unsupported elliptic curve type `{0}'.", curveType);
}
var publicLength = incoming.ReadByte ();
publicBytes = incoming.ReadBytes (publicLength);
// TODO Check RFC 4492 for validation
serverQ = domainParameters.Curve.DecodePoint (publicBytes);
Signature = Signature.Read (TlsProtocolCode.Tls12, incoming);
}
private ECPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, int[] namedCurves, byte[] ecPointFormats, Stream output)
{
/* First we try to find a supported named curve from the client's list. */
int namedCurve = -1;
if (namedCurves == null)
{
// TODO Let the peer choose the default named curve
namedCurve = NamedCurve.secp256r1;
}
else
{
for (int i = 0; i < namedCurves.Length; ++i)
{
int entry = namedCurves[i];
if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry))
{
namedCurve = entry;
break;
}
}
}
ECDomainParameters ecParams = null;
if (namedCurve >= 0)
{
ecParams = TlsEccUtilities.GetParametersForNamedCurve(namedCurve);
}
else
{
/* If no named curves are suitable, check if the client supports explicit curves. */
if (Arrays.Contains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves))
{
ecParams = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1);
}
else if (Arrays.Contains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves))
{
ecParams = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1);
}
}
if (ecParams == null)
{
/*
* NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
* a suitable curve.
*/
throw new TlsFatalAlert(AlertDescription.internal_error);
}
if (namedCurve < 0)
{
TlsEccUtilities.WriteExplicitECParameters(ecPointFormats, ecParams, output);
}
else
{
TlsEccUtilities.WriteNamedECParameters(namedCurve, output);
}
return(TlsEccUtilities.GenerateEphemeralClientKeyExchange(random, ecPointFormats, ecParams, output));
}
public extern static bool VerifyWithECDsa(ByteString message, Cryptography.ECC.ECPoint pubkey, ByteString signature, NamedCurve curve);
public Named(NamedCurve curve)
{
Curve = curve;
}
public void Register(NamedCurve id, ASN1ObjectIdentifier oid, DomainParameters parameters)
{
Register(id, parameters);
Register(oid, parameters);
}
public bool IsSupported(NamedCurve key)
{
return(_curvesByEnum.TryGetValue(key, out var _));
}
public DomainParameters Resolve(NamedCurve key)
{
return(_curvesByEnum[key]);
}
public void Register(NamedCurve key, DomainParameters parameters)
{
_curvesByEnum.Add(key, parameters);
}