protected TlsSignerCredentials GetECDsaSignerCredentials()
{
#if SUPPORT_RPK
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.RawPublicKey)
{
OneKey k = _tlsKeyPair.PublicKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
if (_tlsKeyPair != null && _tlsKeyPair.CertType == CertificateType.CwtPublicKey)
{
OneKey k = _tlsKeyPair.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
return(new DefaultTlsSignerCredentials(mContext, new CwtPublicKey(_tlsKeyPair.PublicCwt.EncodeToBytes()), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDH_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
#if SUPPORT_RPK
if (_rawPublicKey != null)
{
OneKey k = _rawPublicKey;
if (k.HasKeyType((int)COSE.GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(COSE.AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
/*
* byte[] certificateTypes = certificateRequest.CertificateTypes;
* if (certificateTypes == null || !Arrays.Contains(certificateTypes, ClientCertificateType.rsa_sign))
* return null;
*
* return TlsTestUtilities.LoadSignerCredentials(mContext, certificateRequest.SupportedSignatureAlgorithms,
* SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
*/
#endif
// If we did not fine appropriate signer credientials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
{
if (certificateRequest.CertificateTypes == null ||
!Arrays.Contains(certificateRequest.CertificateTypes, ClientCertificateType.ecdsa_sign))
{
return(null);
}
if (TlsKey != null)
{
if (TlsKey.CertType == CertificateType.X509)
{
return(new DefaultTlsSignerCredentials(_mContext, new Certificate(TlsKey.X509Certificate), TlsKey.PrivateKey.AsPrivateKey(),
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
#if SUPPORT_RPK
else if (TlsKey.CertType == CertificateType.RawPublicKey)
{
OneKey k = TlsKey.PrivateKey;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
X9ECParameters p = k.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(k[CoseKeyParameterKeys.EC_D]), parameters);
ECPoint point = k.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters("ECDSA", point, /*parameters*/ SecObjectIdentifiers.SecP256r1);
SubjectPublicKeyInfo spi = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(param);
return(new DefaultTlsSignerCredentials(_mContext, new RawPublicKey(spi), privKey, new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
#if SUPPORT_TLS_CWT
else if (TlsKey.CertType == CertificateType.CwtPublicKey)
{
OneKey k = TlsKey.PublicCwt.Cnf.Key;
if (k.HasKeyType((int)GeneralValuesInt.KeyType_EC2) &&
k.HasAlgorithm(AlgorithmValues.ECDSA_256))
{
AsymmetricKeyParameter privKey = TlsKey.PrivateKey.AsPrivateKey();
return(new DefaultTlsSignerCredentials(_mContext, new CwtPublicKey(TlsKey.PublicCwt.EncodeToBytes()), privKey,
new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa)));
}
}
#endif
}
// If we did not fine appropriate signer credentials - ask for help
TlsEvent e = new TlsEvent(TlsEvent.EventCode.SignCredentials)
{
CipherSuite = KeyExchangeAlgorithm.ECDHE_ECDSA
};
EventHandler <TlsEvent> handler = TlsEventHandler;
if (handler != null)
{
handler(this, e);
}
if (e.SignerCredentials != null)
{
return(e.SignerCredentials);
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
protected static byte[] ECDH_GenerateSecret(OneKey[] keys)
{
if (keys[0][CoseKeyKeys.KeyType].Type != CBORType.Number)
{
throw new CoseException("Not an EC Key");
}
if (keys[1][CoseKeyKeys.KeyType].Type != CBORType.Number)
{
throw new CoseException("Not an EC Key");
}
OneKey epkPub = keys[1];
OneKey epkPriv = keys[0];
byte[] temp;
switch ((GeneralValuesInt)epkPub[CoseKeyKeys.KeyType].AsInt32())
{
case GeneralValuesInt.KeyType_OKP:
if (epkPub[CoseKeyParameterKeys.OKP_Curve].AsInt32() != epkPriv[CoseKeyParameterKeys.OKP_Curve].AsInt32())
{
throw new CoseException("Not a match of curves");
}
switch ((GeneralValuesInt)epkPriv[CoseKeyParameterKeys.OKP_Curve].AsInt32())
{
case GeneralValuesInt.X25519:
temp = X25519.CalculateAgreement(epkPub.AsBytes(CoseKeyParameterKeys.OKP_X), epkPriv.AsBytes(CoseKeyParameterKeys.OKP_D));
break;
default:
throw new CoseException("Not a supported Curve");
}
return(temp);
case GeneralValuesInt.KeyType_EC2:
if (epkPub[CoseKeyParameterKeys.EC_Curve].AsInt32() != epkPriv[CoseKeyParameterKeys.EC_Curve].AsInt32())
{
throw new CoseException("not a match of curves");
}
// Get the curve
X9ECParameters p = epkPub.GetCurve();
ECPoint pubPoint = epkPub.GetPoint();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPublicKeyParameters pub = new ECPublicKeyParameters(pubPoint, parameters);
ECPrivateKeyParameters priv = new ECPrivateKeyParameters(epkPriv.AsBigInteger(CoseKeyParameterKeys.EC_D), parameters);
IBasicAgreement e1 = new ECDHBasicAgreement();
e1.Init(priv);
BigInteger k1 = e1.CalculateAgreement(pub);
return(PadBytes(k1.ToByteArrayUnsigned(), p.Curve.FieldSize));
default:
throw new CoseException("Not an EC Key");
}
}