private DHBasicKeyPairGenerator getDHBasicKeyPairGenerator( BigInteger g, BigInteger p, int privateValueSize) { DHParameters dhParams = new DHParameters(p, g, null, privateValueSize); DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams); DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator(); kpGen.Init(dhkgParams); return kpGen; }
/** * this test is can take quiet a while */ private void doTestGeneration( int size) { DHParametersGenerator pGen = new DHParametersGenerator(); pGen.Init(size, 10, new SecureRandom()); DHParameters dhParams = pGen.GenerateParameters(); if (dhParams.L != 0) { Fail("DHParametersGenerator failed to set J to 0 in generated DHParameters"); } DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams); DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator(); kpGen.Init(dhkgParams); // // generate first pair // AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair(); DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public; DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private; // // generate second pair // dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), pu1.Parameters); kpGen.Init(dhkgParams); pair = kpGen.GenerateKeyPair(); DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public; DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private; // // two way // DHBasicAgreement e1 = new DHBasicAgreement(); DHBasicAgreement e2 = new DHBasicAgreement(); e1.Init(new ParametersWithRandom(pv1, new SecureRandom())); e2.Init(new ParametersWithRandom(pv2, new SecureRandom())); BigInteger k1 = e1.CalculateAgreement(pu2); BigInteger k2 = e2.CalculateAgreement(pu1); if (!k1.Equals(k2)) { Fail("basic with " + size + " bit 2-way test failed"); } }
private void doTestSimpleWithRandom( DHBasicKeyPairGenerator kpGen) { // // generate first pair // AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair(); DHPublicKeyParameters pu1 = (DHPublicKeyParameters)pair.Public; DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private; // // generate second pair // pair = kpGen.GenerateKeyPair(); DHPublicKeyParameters pu2 = (DHPublicKeyParameters)pair.Public; DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private; // // two way // DHBasicAgreement e1 = new DHBasicAgreement(); DHBasicAgreement e2 = new DHBasicAgreement(); e1.Init(new ParametersWithRandom(pv1, new SecureRandom())); e2.Init(new ParametersWithRandom(pv2, new SecureRandom())); BigInteger k1 = e1.CalculateAgreement(pu2); BigInteger k2 = e2.CalculateAgreement(pu1); if (!k1.Equals(k2)) { Fail("basic with random 2-way test failed"); } }
protected virtual AsymmetricCipherKeyPair GenerateDHKeyPair(DHParameters dhParams) { DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(context.SecureRandom, dhParams)); return dhGen.GenerateKeyPair(); }
public static AsymmetricCipherKeyPair GenerateDHKeyPair(SecureRandom random, DHParameters dhParams) { DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(random, dhParams)); return dhGen.GenerateKeyPair(); }
private void processDHEKeyExchange( MemoryStream inStr, ISigner signer) { Stream sigIn = inStr; if (signer != null) { signer.Init(false, this.serverPublicKey); signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length); signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length); sigIn = new SignerStream(inStr, signer, null); } /* * Parse the Structure */ byte[] pByte = TlsUtilities.ReadOpaque16(sigIn); byte[] gByte = TlsUtilities.ReadOpaque16(sigIn); byte[] YsByte = TlsUtilities.ReadOpaque16(sigIn); if (signer != null) { byte[] sigByte = TlsUtilities.ReadOpaque16(sigIn); /* * Verify the Signature. */ if (!signer.VerifySignature(sigByte)) { this.FailWithError(AL_fatal, AP_bad_certificate); } } this.AssertEmpty(inStr); /* * Do the DH calculation. */ BigInteger p = new BigInteger(1, pByte); BigInteger g = new BigInteger(1, gByte); BigInteger Ys = new BigInteger(1, YsByte); /* * Check the DH parameter values */ if (!p.IsProbablePrime(10)) { this.FailWithError(AL_fatal, AP_illegal_parameter); } if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0) { this.FailWithError(AL_fatal, AP_illegal_parameter); } // TODO For static DH public values, see additional checks in RFC 2631 2.1.5 if (Ys.CompareTo(BigInteger.Two) < 0 || Ys.CompareTo(p.Subtract(BigInteger.One)) > 0) { this.FailWithError(AL_fatal, AP_illegal_parameter); } /* * Diffie-Hellman basic key agreement */ DHParameters dhParams = new DHParameters(p, g); // Generate a keypair DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(random, dhParams)); AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair(); // Store the public value to send to server this.Yc = ((DHPublicKeyParameters)dhPair.Public).Y; // Calculate the shared secret DHBasicAgreement dhAgree = new DHBasicAgreement(); dhAgree.Init(dhPair.Private); BigInteger agreement = dhAgree.CalculateAgreement(new DHPublicKeyParameters(Ys, dhParams)); this.pms = BigIntegers.AsUnsignedByteArray(agreement); }
public byte[] GenerateClientKeyExchange() { // TODO RFC 2246 7.4.72 /* * If the client certificate already contains a suitable Diffie-Hellman key, then * Yc is implicit and does not need to be sent again. In this case, the Client Key * Exchange message will be sent, but will be empty. */ //return new byte[0]; /* * Generate a keypair (using parameters from server key) and send the public value * to the server. */ DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(handler.Random, dhAgreeServerPublicKey.Parameters)); this.dhAgreeClientKeyPair = dhGen.GenerateKeyPair(); BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.Public).Y; return BigIntegers.AsUnsignedByteArray(Yc); }