public byte[] GenerateServerKeyExchange()
        {
            if (this.mDHParameters == null)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            DigestInputBuffer buf = new DigestInputBuffer();

            this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf);

            /*
             * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
             */
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
                mContext, mServerCredentials);

            IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);

            SecurityParameters securityParameters = mContext.SecurityParameters;

            d.BlockUpdate(securityParameters.ClientRandom, 0, securityParameters.ClientRandom.Length);
            d.BlockUpdate(securityParameters.ServerRandom, 0, securityParameters.ServerRandom.Length);
            buf.UpdateDigest(d);

            byte[] hash = DigestUtilities.DoFinal(d);

            byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);

            DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);

            signed_params.Encode(buf);

            return(buf.ToArray());
        }
    public override byte[] GenerateServerKeyExchange()
    {
        mPskIdentityHint = mPskIdentityManager.GetHint();
        if (mPskIdentityHint == null && !RequiresServerKeyExchange)
        {
            return(null);
        }
        MemoryStream memoryStream = new MemoryStream();

        if (mPskIdentityHint == null)
        {
            TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, memoryStream);
        }
        else
        {
            TlsUtilities.WriteOpaque16(mPskIdentityHint, memoryStream);
        }
        if (mKeyExchange == 14)
        {
            if (mDHParameters == null)
            {
                throw new TlsFatalAlert(80);
            }
            mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mDHParameters, memoryStream);
        }
        else if (mKeyExchange == 24)
        {
            mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, memoryStream);
        }
        return(memoryStream.ToArray());
    }
Esempio n. 3
0
    public override byte[] GenerateServerKeyExchange()
    {
        if (mDHParameters == null)
        {
            throw new TlsFatalAlert(80);
        }
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();

        mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mDHParameters, digestInputBuffer);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
        IDigest            digest             = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
        SecurityParameters securityParameters = mContext.SecurityParameters;

        digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
        digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
        digestInputBuffer.UpdateDigest(digest);
        byte[]          hash            = DigestUtilities.DoFinal(digest);
        byte[]          signature       = mServerCredentials.GenerateCertificateSignature(hash);
        DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);

        digitallySigned.Encode(digestInputBuffer);
        return(digestInputBuffer.ToArray());
    }