public override void ProcessClientKeyExchange(Stream input)
{
if (mDHAgreePublicKey != null)
{
// For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
return;
}
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
public override void ProcessServerKeyExchange(Stream input)
{
if (!RequiresServerKeyExchange)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
// DH_anon is handled here, DHE_* in a subclass
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
public override void ProcessServerKeyExchange(Stream input)
{
this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input);
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
ECDomainParameters ecParams = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);
byte[] point = TlsUtilities.ReadOpaque8(input);
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
mClientECPointFormats, ecParams, point));
}
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer buf = new SignerInputBuffer();
Stream teeIn = new TeeInputStream(input, buf);
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, teeIn);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(teeIn), mDHParameters);
DigitallySigned signed_params = ParseSignature(input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
public override void ProcessClientKeyExchange(Stream input)
{
byte[] psk_identity = TlsUtilities.ReadOpaque16(input);
this.mPsk = mPskIdentityManager.GetPsk(psk_identity);
if (mPsk == null)
{
throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
}
mContext.SecurityParameters.pskIdentity = psk_identity;
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
byte[] point = TlsUtilities.ReadOpaque8(input);
ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters;
this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
mServerECPointFormats, curve_params, point));
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
byte[] encryptedPreMasterSecret;
if (TlsUtilities.IsSsl(mContext))
{
// TODO Do any SSLv3 clients actually include the length?
encryptedPreMasterSecret = Streams.ReadAll(input);
}
else
{
encryptedPreMasterSecret = TlsUtilities.ReadOpaque16(input);
}
this.mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
}
}
