public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
ISigner signer = InitSigner(tlsSigner, securityParameters);
Stream sigIn = new SignerStream(input, signer, null);
ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn);
ECDomainParameters curve_params;
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve)
{
NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn);
// TODO Check namedCurve is one we offered?
curve_params = NamedCurveHelper.GetECParameters(namedCurve);
}
else
{
// TODO Add support for explicit curve parameters (read from sigIn)
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
// TODO Check curve_params not null
ECPoint Q = curve_params.Curve.DecodePoint(publicBytes);
this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params));
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
ISigner signer = InitSigner(tlsSigner, securityParameters);
Stream sigIn = new SignerStream(input, signer, null);
byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
BigInteger p = new BigInteger(1, pBytes);
BigInteger g = new BigInteger(1, gBytes);
BigInteger Ys = new BigInteger(1, YsBytes);
this.dhAgreeServerPublicKey = ValidateDHPublicKey(
new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
}
public virtual void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
Stream sigIn = input;
ISigner signer = null;
if (tlsSigner != null)
{
signer = InitSigner(tlsSigner, securityParameters);
sigIn = new SignerStream(input, signer, null);
}
byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
}
BigInteger N = new BigInteger(1, NBytes);
BigInteger g = new BigInteger(1, gBytes);
// TODO Validate group parameters (see RFC 5054)
//throw new TlsFatalAlert(AlertDescription.insufficient_security);
this.s = sBytes;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
* alert if B % N = 0.
*/
try
{
this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
}
catch (CryptoException)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
this.srpClient.Init(N, g, new Sha1Digest(), context.SecureRandom);
}
