protected virtual byte[] GenerateOtherSecret(int pskLength) { if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { if (mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { if (mECAgreePrivateKey != null) { return(TlsEccUtilities.CalculateECDHBasicAgreement(mECAgreePublicKey, mECAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { return(this.mPremasterSecret); } return(new byte[pskLength]); }
/** * Parse a {@link ServerDHParams} from a {@link Stream}. * * @param input * the {@link Stream} to parse from. * @return a {@link ServerDHParams} object. * @throws IOException */ public static ServerDHParams Parse(Stream input) { BigInteger p = TlsDHUtilities.ReadDHParameter(input); BigInteger g = TlsDHUtilities.ReadDHParameter(input); BigInteger Ys = TlsDHUtilities.ReadDHParameter(input); return(new ServerDHParams( TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g))))); }
/** * Encode this {@link ServerDHParams} to a {@link Stream}. * * @param output * the {@link Stream} to encode to. * @throws IOException */ public virtual void Encode(Stream output) { DHParameters dhParameters = mPublicKey.Parameters; BigInteger Ys = mPublicKey.Y; TlsDHUtilities.WriteDHParameter(dhParameters.P, output); TlsDHUtilities.WriteDHParameter(dhParameters.G, output); TlsDHUtilities.WriteDHParameter(Ys, output); }
protected virtual DHParameters ValidateDHParameters(DHParameters parameters) { if (parameters.P.BitLength < MinimumPrimeBits) { throw new TlsFatalAlert(AlertDescription.insufficient_security); } return(TlsDHUtilities.ValidateDHParameters(parameters)); }
public override void ProcessClientKeyExchange(Stream input) { if (mDHAgreePublicKey != null) { // For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate return; } BigInteger Yc = TlsDHUtilities.ReadDHParameter(input); this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(Yc, mDHParameters)); }
public override void GenerateClientKeyExchange(Stream output) { /* * RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman * key, then Yc is implicit and does not need to be sent again. In this case, the Client Key * Exchange message will be sent, but will be empty. */ if (mAgreementCredentials == null) { this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output); } }
public override void ProcessServerCertificate(Certificate serverCertificate) { if (mKeyExchange == KeyExchangeAlgorithm.DH_anon) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.IsEmpty) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (mTlsSigner == null) { try { this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey); this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); } catch (InvalidCastException e) { throw new TlsFatalAlert(AlertDescription.certificate_unknown, e); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement); } else { if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); } base.ProcessServerCertificate(serverCertificate); }
public override byte[] GeneratePremasterSecret() { if (mAgreementCredentials != null) { return(mAgreementCredentials.GenerateAgreement(mDHAgreePublicKey)); } if (mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public override void ProcessServerKeyExchange(Stream input) { if (!RequiresServerKeyExchange) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } // DH_anon is handled here, DHE_* in a subclass ServerDHParams dhParams = ServerDHParams.Parse(input); this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey); this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); }
public override byte[] GenerateServerKeyExchange() { if (!RequiresServerKeyExchange) { return(null); } // DH_anon is handled here, DHE_* in a subclass MemoryStream buf = new MemoryStream(); this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); return(buf.ToArray()); }
public override void ProcessClientKeyExchange(Stream input) { byte[] psk_identity = TlsUtilities.ReadOpaque16(input); this.mPsk = mPskIdentityManager.GetPsk(psk_identity); if (mPsk == null) { throw new TlsFatalAlert(AlertDescription.unknown_psk_identity); } mContext.SecurityParameters.pskIdentity = psk_identity; if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { BigInteger Yc = TlsDHUtilities.ReadDHParameter(input); this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(Yc, mDHParameters)); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { byte[] point = TlsUtilities.ReadOpaque8(input); ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters; this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey( mServerECPointFormats, curve_params, point)); } else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { byte[] encryptedPreMasterSecret; if (TlsUtilities.IsSsl(mContext)) { // TODO Do any SSLv3 clients actually include the length? encryptedPreMasterSecret = Streams.ReadAll(input); } else { encryptedPreMasterSecret = TlsUtilities.ReadOpaque16(input); } this.mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret); } }
public override void GenerateClientKeyExchange(Stream output) { if (mPskIdentityHint == null) { mPskIdentity.SkipIdentityHint(); } else { mPskIdentity.NotifyIdentityHint(mPskIdentityHint); } byte[] psk_identity = mPskIdentity.GetPskIdentity(); if (psk_identity == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mPsk = mPskIdentity.GetPsk(); if (mPsk == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsUtilities.WriteOpaque16(psk_identity, output); mContext.SecurityParameters.pskIdentity = psk_identity; if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mServerECPointFormats, mECAgreePublicKey.Parameters, output); } else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { this.mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext, this.mRsaServerPublicKey, output); } }
public override void ProcessServerKeyExchange(Stream input) { this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input); if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { ServerDHParams serverDHParams = ServerDHParams.Parse(input); this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey); this.mDHParameters = mDHAgreePublicKey.Parameters; } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { ECDomainParameters ecParams = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input); byte[] point = TlsUtilities.ReadOpaque8(input); this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey( mClientECPointFormats, ecParams, point)); } }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer buf = new SignerInputBuffer(); Stream teeIn = new TeeInputStream(input, buf); ServerDHParams dhParams = ServerDHParams.Parse(teeIn); DigitallySigned signed_params = ParseSignature(input); ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters); buf.UpdateSigner(signer); if (!signer.VerifySignature(signed_params.Signature)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey); this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); }
public override byte[] GenerateServerKeyExchange() { this.mPskIdentityHint = mPskIdentityManager.GetHint(); if (this.mPskIdentityHint == null && !RequiresServerKeyExchange) { return(null); } MemoryStream buf = new MemoryStream(); if (this.mPskIdentityHint == null) { TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, buf); } else { TlsUtilities.WriteOpaque16(this.mPskIdentityHint, buf); } if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { if (this.mDHParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, buf); } return(buf.ToArray()); }
public override byte[] GenerateServerKeyExchange() { if (this.mDHParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } DigestInputBuffer buf = new DigestInputBuffer(); this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }