internal static ECDomainParameters GetECParameters(NamedCurve namedCurve)
{
if (!Enum.IsDefined(typeof(NamedCurve), namedCurve))
return null;
string curveName = namedCurve.ToString();
// Lazily created the first time a particular curve is accessed
X9ECParameters ecP = SecNamedCurves.GetByName(curveName);
if (ecP == null)
return null;
// It's a bit inefficient to do this conversion every time
return new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
}
public static ECDomainParameters ReadECParameters(int[] namedCurves, byte[] ecPointFormats, Stream input)
{
try
{
byte curveType = TlsUtilities.ReadUint8(input);
switch (curveType)
{
case ECCurveType.explicit_prime:
{
CheckNamedCurve(namedCurves, NamedCurve.arbitrary_explicit_prime_curves);
BigInteger prime_p = ReadECParameter(input);
BigInteger a = ReadECFieldElement(prime_p.BitLength, input);
BigInteger b = ReadECFieldElement(prime_p.BitLength, input);
byte[] baseEncoding = TlsUtilities.ReadOpaque8(input);
BigInteger order = ReadECParameter(input);
BigInteger cofactor = ReadECParameter(input);
ECCurve curve = new FpCurve(prime_p, a, b, order, cofactor);
ECPoint basePoint = DeserializeECPoint(ecPointFormats, curve, baseEncoding);
return(new ECDomainParameters(curve, basePoint, order, cofactor));
}
case ECCurveType.explicit_char2:
{
CheckNamedCurve(namedCurves, NamedCurve.arbitrary_explicit_char2_curves);
int m = TlsUtilities.ReadUint16(input);
byte basis = TlsUtilities.ReadUint8(input);
if (!ECBasisType.IsValid(basis))
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
int k1 = ReadECExponent(m, input), k2 = -1, k3 = -1;
if (basis == ECBasisType.ec_basis_pentanomial)
{
k2 = ReadECExponent(m, input);
k3 = ReadECExponent(m, input);
}
BigInteger a = ReadECFieldElement(m, input);
BigInteger b = ReadECFieldElement(m, input);
byte[] baseEncoding = TlsUtilities.ReadOpaque8(input);
BigInteger order = ReadECParameter(input);
BigInteger cofactor = ReadECParameter(input);
ECCurve curve = (basis == ECBasisType.ec_basis_pentanomial)
? new F2mCurve(m, k1, k2, k3, a, b, order, cofactor)
: new F2mCurve(m, k1, a, b, order, cofactor);
ECPoint basePoint = DeserializeECPoint(ecPointFormats, curve, baseEncoding);
return(new ECDomainParameters(curve, basePoint, order, cofactor));
}
case ECCurveType.named_curve:
{
int namedCurve = TlsUtilities.ReadUint16(input);
if (!NamedCurve.RefersToASpecificNamedCurve(namedCurve))
{
/*
* RFC 4492 5.4. All those values of NamedCurve are allowed that refer to a
* specific curve. Values of NamedCurve that indicate support for a class of
* explicitly defined curves are not allowed here [...].
*/
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
CheckNamedCurve(namedCurves, namedCurve);
return(GetParametersForNamedCurve(namedCurve));
}
default:
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
}
public static ECDomainParameters ReadECParameters(int[] namedCurves, byte[] ecPointFormats, Stream input)
{
ECDomainParameters result;
try
{
switch (TlsUtilities.ReadUint8(input))
{
case 1:
{
TlsEccUtilities.CheckNamedCurve(namedCurves, 65281);
BigInteger bigInteger = TlsEccUtilities.ReadECParameter(input);
BigInteger a = TlsEccUtilities.ReadECFieldElement(bigInteger.BitLength, input);
BigInteger b = TlsEccUtilities.ReadECFieldElement(bigInteger.BitLength, input);
byte[] encoding = TlsUtilities.ReadOpaque8(input);
BigInteger bigInteger2 = TlsEccUtilities.ReadECParameter(input);
BigInteger bigInteger3 = TlsEccUtilities.ReadECParameter(input);
ECCurve curve = new FpCurve(bigInteger, a, b, bigInteger2, bigInteger3);
ECPoint g = TlsEccUtilities.DeserializeECPoint(ecPointFormats, curve, encoding);
result = new ECDomainParameters(curve, g, bigInteger2, bigInteger3);
break;
}
case 2:
{
TlsEccUtilities.CheckNamedCurve(namedCurves, 65282);
int num = TlsUtilities.ReadUint16(input);
byte b2 = TlsUtilities.ReadUint8(input);
if (!ECBasisType.IsValid(b2))
{
throw new TlsFatalAlert(47);
}
int num2 = TlsEccUtilities.ReadECExponent(num, input);
int k = -1;
int k2 = -1;
if (b2 == 2)
{
k = TlsEccUtilities.ReadECExponent(num, input);
k2 = TlsEccUtilities.ReadECExponent(num, input);
}
BigInteger a2 = TlsEccUtilities.ReadECFieldElement(num, input);
BigInteger b3 = TlsEccUtilities.ReadECFieldElement(num, input);
byte[] encoding2 = TlsUtilities.ReadOpaque8(input);
BigInteger bigInteger4 = TlsEccUtilities.ReadECParameter(input);
BigInteger bigInteger5 = TlsEccUtilities.ReadECParameter(input);
ECCurve curve2 = (b2 == 2) ? new F2mCurve(num, num2, k, k2, a2, b3, bigInteger4, bigInteger5) : new F2mCurve(num, num2, a2, b3, bigInteger4, bigInteger5);
ECPoint g2 = TlsEccUtilities.DeserializeECPoint(ecPointFormats, curve2, encoding2);
result = new ECDomainParameters(curve2, g2, bigInteger4, bigInteger5);
break;
}
case 3:
{
int namedCurve = TlsUtilities.ReadUint16(input);
if (!NamedCurve.RefersToASpecificNamedCurve(namedCurve))
{
throw new TlsFatalAlert(47);
}
TlsEccUtilities.CheckNamedCurve(namedCurves, namedCurve);
result = TlsEccUtilities.GetParametersForNamedCurve(namedCurve);
break;
}
default:
throw new TlsFatalAlert(47);
}
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(47, alertCause);
}
return(result);
}
// TODO Refactor around ServerECDHParams before making this public
internal static ECPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, int[] namedCurves,
byte[] ecPointFormats, Stream output)
{
/* First we try to find a supported named curve from the client's list. */
int namedCurve = -1;
if (namedCurves == null)
{
// TODO Let the peer choose the default named curve
namedCurve = NamedCurve.secp256r1;
}
else
{
for (int i = 0; i < namedCurves.Length; ++i)
{
int entry = namedCurves[i];
if (NamedCurve.IsValid(entry) && IsSupportedNamedCurve(entry))
{
namedCurve = entry;
break;
}
}
}
ECDomainParameters ecParams = null;
if (namedCurve >= 0)
{
ecParams = GetParametersForNamedCurve(namedCurve);
}
else
{
/* If no named curves are suitable, check if the client supports explicit curves. */
if (Arrays.Contains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves))
{
ecParams = GetParametersForNamedCurve(NamedCurve.secp256r1);
}
else if (Arrays.Contains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves))
{
ecParams = GetParametersForNamedCurve(NamedCurve.sect283r1);
}
}
if (ecParams == null)
{
/*
* NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
* a suitable curve.
*/
throw new TlsFatalAlert(AlertDescription.internal_error);
}
if (namedCurve < 0)
{
WriteExplicitECParameters(ecPointFormats, ecParams, output);
}
else
{
WriteNamedECParameters(namedCurve, output);
}
return(GenerateEphemeralClientKeyExchange(random, ecPointFormats, ecParams, output));
}
public override byte[] GenerateServerKeyExchange()
{
/*
* First we try to find a supported named curve from the client's list.
*/
int namedCurve = -1;
if (mNamedCurves == null)
{
// TODO Let the peer choose the default named curve
namedCurve = NamedCurve.secp256r1;
}
else
{
for (int i = 0; i < mNamedCurves.Length; ++i)
{
int entry = mNamedCurves[i];
if (NamedCurve.IsValid(entry) && TlsEccUtilities.IsSupportedNamedCurve(entry))
{
namedCurve = entry;
break;
}
}
}
ECDomainParameters curve_params = null;
if (namedCurve >= 0)
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(namedCurve);
}
else
{
/*
* If no named curves are suitable, check if the client supports explicit curves.
*/
if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_prime_curves))
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.secp256r1);
}
else if (Arrays.Contains(mNamedCurves, NamedCurve.arbitrary_explicit_char2_curves))
{
curve_params = TlsEccUtilities.GetParametersForNamedCurve(NamedCurve.sect283r1);
}
}
if (curve_params == null)
{
/*
* NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
* a suitable curve.
*/
throw new TlsFatalAlert(AlertDescription.internal_error);
}
AsymmetricCipherKeyPair kp = TlsEccUtilities.GenerateECKeyPair(context.SecureRandom, curve_params);
this.mECAgreePrivateKey = (ECPrivateKeyParameters)kp.Private;
DigestInputBuffer buf = new DigestInputBuffer();
if (namedCurve < 0)
{
TlsEccUtilities.WriteExplicitECParameters(mClientECPointFormats, curve_params, buf);
}
else
{
TlsEccUtilities.WriteNamedECParameters(namedCurve, buf);
}
ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)kp.Public;
TlsEccUtilities.WriteECPoint(mClientECPointFormats, ecPublicKey.Q, buf);
/*
* RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
*/
SignatureAndHashAlgorithm signatureAndHashAlgorithm;
IDigest d;
if (TlsUtilities.IsTlsV12(context))
{
signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm;
if (signatureAndHashAlgorithm == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash);
}
else
{
signatureAndHashAlgorithm = null;
d = new CombinedHash();
}
SecurityParameters securityParameters = context.SecurityParameters;
d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
buf.UpdateDigest(d);
byte[] hash = DigestUtilities.DoFinal(d);
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
signed_params.Encode(buf);
return(buf.ToArray());
}