public override byte[] GenerateServerKeyExchange() { this.mPskIdentityHint = this.mPskIdentityManager.GetHint(); if (this.mPskIdentityHint == null && !this.RequiresServerKeyExchange) { return(null); } MemoryStream memoryStream = new MemoryStream(); if (this.mPskIdentityHint == null) { TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, memoryStream); } else { TlsUtilities.WriteOpaque16(this.mPskIdentityHint, memoryStream); } if (this.mKeyExchange == 14) { if (this.mDHParameters == null) { throw new TlsFatalAlert(80); } this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(this.mContext.SecureRandom, this.mDHParameters, memoryStream); } else if (this.mKeyExchange == 24) { this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(this.mContext.SecureRandom, this.mNamedCurves, this.mClientECPointFormats, memoryStream); } return(memoryStream.ToArray()); }
protected virtual byte[] GenerateOtherSecret(int pskLength) { if (this.mKeyExchange == 14) { if (this.mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(this.mDHAgreePublicKey, this.mDHAgreePrivateKey)); } throw new TlsFatalAlert(80); } else if (this.mKeyExchange == 24) { if (this.mECAgreePrivateKey != null) { return(TlsEccUtilities.CalculateECDHBasicAgreement(this.mECAgreePublicKey, this.mECAgreePrivateKey)); } throw new TlsFatalAlert(80); } else { if (this.mKeyExchange == 15) { return(this.mPremasterSecret); } return(new byte[pskLength]); } }
protected virtual bool AllowUnexpectedServerExtension(int extensionType, byte[] extensionData) { switch (extensionType) { case ExtensionType.supported_groups: /* * Exception added based on field reports that some servers do send this, although the * Supported Elliptic Curves Extension is clearly intended to be client-only. If * present, we still require that it is a valid EllipticCurveList. */ TlsEccUtilities.ReadSupportedEllipticCurvesExtension(extensionData); return(true); case ExtensionType.ec_point_formats: /* * Exception added based on field reports that some servers send this even when they * didn't negotiate an ECC cipher suite. If present, we still require that it is a valid * ECPointFormatList. */ TlsEccUtilities.ReadSupportedPointFormatsExtension(extensionData); return(true); default: return(false); } }
public override void GenerateClientKeyExchange(Stream output) { if (mAgreementCredentials == null) { mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mServerECPointFormats, mECAgreePublicKey.Parameters, output); } }
public virtual int GetSelectedCipherSuite() { /* * TODO RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate * cipher suites against the "signature_algorithms" extension before selecting them. This is * somewhat inelegant but is a compromise designed to minimize changes to the original * cipher suite design. */ /* * RFC 4429 5.1. A server that receives a ClientHello containing one or both of these * extensions MUST use the client's enumerated capabilities to guide its selection of an * appropriate cipher suite. One of the proposed ECC cipher suites must be negotiated only * if the server can successfully complete the handshake while using the curves and point * formats supported by the client [...]. */ bool eccCipherSuitesEnabled = SupportsClientEccCapabilities(this.mNamedCurves, this.mClientECPointFormats); int[] cipherSuites = GetCipherSuites(); for (int i = 0; i < cipherSuites.Length; ++i) { int cipherSuite = cipherSuites[i]; if (Arrays.Contains(this.mOfferedCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsEccUtilities.IsEccCipherSuite(cipherSuite)) && TlsUtilities.IsValidCipherSuiteForVersion(cipherSuite, mServerVersion)) { return(this.mSelectedCipherSuite = cipherSuite); } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
public virtual IDictionary GetClientExtensions() { IDictionary val = null; ProtocolVersion clientVersion = mContext.ClientVersion; if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion)) { mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); val = TlsExtensionsUtilities.EnsureExtensionsInitialised(val); TlsUtilities.AddSignatureAlgorithmsExtension(val, mSupportedSignatureAlgorithms); } if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites())) { mNamedCurves = new int[2] { 23, 24 }; mClientECPointFormats = new byte[3] { 0, 1, 2 }; val = TlsExtensionsUtilities.EnsureExtensionsInitialised(val); TlsEccUtilities.AddSupportedEllipticCurvesExtension(val, mNamedCurves); TlsEccUtilities.AddSupportedPointFormatsExtension(val, mClientECPointFormats); } return(val); }
public override void ProcessClientKeyExchange(Stream input) { byte[] array = TlsUtilities.ReadOpaque16(input); mPsk = mPskIdentityManager.GetPsk(array); if (mPsk == null) { throw new TlsFatalAlert(115); } mContext.SecurityParameters.pskIdentity = array; if (mKeyExchange == 14) { BigInteger y = TlsDHUtilities.ReadDHParameter(input); mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, mDHParameters)); } else if (mKeyExchange == 24) { byte[] encoding = TlsUtilities.ReadOpaque8(input); ECDomainParameters parameters = mECAgreePrivateKey.Parameters; mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding)); } else if (mKeyExchange == 15) { byte[] encryptedPreMasterSecret = ((!TlsUtilities.IsSsl(mContext)) ? TlsUtilities.ReadOpaque16(input) : Streams.ReadAll(input)); mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret); } }
public override byte[] GenerateServerKeyExchange() { //IL_0023: Unknown result type (might be due to invalid IL or missing references) //IL_0029: Expected O, but got Unknown mPskIdentityHint = mPskIdentityManager.GetHint(); if (mPskIdentityHint == null && !RequiresServerKeyExchange) { return(null); } MemoryStream val = new MemoryStream(); if (mPskIdentityHint == null) { TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, (Stream)(object)val); } else { TlsUtilities.WriteOpaque16(mPskIdentityHint, (Stream)(object)val); } if (mKeyExchange == 14) { if (mDHParameters == null) { throw new TlsFatalAlert(80); } mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mDHParameters, (Stream)(object)val); } else if (mKeyExchange == 24) { mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, (Stream)(object)val); } return(val.ToArray()); }
public override void GenerateClientKeyExchange(Stream output) { if (mPskIdentityHint == null) { mPskIdentity.SkipIdentityHint(); } else { mPskIdentity.NotifyIdentityHint(mPskIdentityHint); } byte[] pskIdentity = mPskIdentity.GetPskIdentity(); if (pskIdentity == null) { throw new TlsFatalAlert(80); } mPsk = mPskIdentity.GetPsk(); if (mPsk == null) { throw new TlsFatalAlert(80); } TlsUtilities.WriteOpaque16(pskIdentity, output); mContext.SecurityParameters.pskIdentity = pskIdentity; if (mKeyExchange == 14) { mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output); } else if (mKeyExchange == 24) { mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mServerECPointFormats, mECAgreePublicKey.Parameters, output); } else if (mKeyExchange == 15) { mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext, mRsaServerPublicKey, output); } }
public override byte[] GenerateServerKeyExchange() { DigestInputBuffer buf = new DigestInputBuffer(); this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }
public virtual void ProcessServerExtensions(IDictionary serverExtensions) { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.signature_algorithms); CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.elliptic_curves); if (TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite)) { this.mServerECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(serverExtensions); } else { CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.ec_point_formats); } } }
public virtual IDictionary GetServerExtensions() { if (mEncryptThenMacOffered && AllowEncryptThenMac && TlsUtilities.IsBlockCipherSuite(mSelectedCipherSuite)) { TlsExtensionsUtilities.AddEncryptThenMacExtension(CheckServerExtensions()); } if (mMaxFragmentLengthOffered >= 0 && TlsUtilities.IsValidUint8(mMaxFragmentLengthOffered) && MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered)) { TlsExtensionsUtilities.AddMaxFragmentLengthExtension(CheckServerExtensions(), (byte)mMaxFragmentLengthOffered); } if (mTruncatedHMacOffered && AllowTruncatedHMac) { TlsExtensionsUtilities.AddTruncatedHMacExtension(CheckServerExtensions()); } if (mClientECPointFormats != null && TlsEccUtilities.IsEccCipherSuite(mSelectedCipherSuite)) { mServerECPointFormats = new byte[3] { 0, 1, 2 }; TlsEccUtilities.AddSupportedPointFormatsExtension(CheckServerExtensions(), mServerECPointFormats); } return(mServerExtensions); }
public virtual void ProcessServerExtensions(IDictionary serverExtensions) { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ if (serverExtensions.Contains(ExtensionType.signature_algorithms)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } int[] namedCurves = TlsEccUtilities.GetSupportedEllipticCurvesExtension(serverExtensions); if (namedCurves != null) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } this.mServerECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(serverExtensions); if (this.mServerECPointFormats != null && !TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } }
public virtual void ProcessClientExtensions(IDictionary clientExtensions) { mClientExtensions = clientExtensions; if (clientExtensions != null) { mEncryptThenMacOffered = TlsExtensionsUtilities.HasEncryptThenMacExtension(clientExtensions); mMaxFragmentLengthOffered = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions); if (mMaxFragmentLengthOffered >= 0 && !MaxFragmentLength.IsValid((byte)mMaxFragmentLengthOffered)) { throw new TlsFatalAlert(47); } mTruncatedHMacOffered = TlsExtensionsUtilities.HasTruncatedHMacExtension(clientExtensions); mSupportedSignatureAlgorithms = TlsUtilities.GetSignatureAlgorithmsExtension(clientExtensions); if (mSupportedSignatureAlgorithms != null && !TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mClientVersion)) { throw new TlsFatalAlert(47); } mNamedCurves = TlsEccUtilities.GetSupportedEllipticCurvesExtension(clientExtensions); mClientECPointFormats = TlsEccUtilities.GetSupportedPointFormatsExtension(clientExtensions); } if (!mEccCipherSuitesOffered && (mNamedCurves != null || mClientECPointFormats != null)) { throw new TlsFatalAlert(47); } }
protected virtual byte[] GenerateOtherSecret(int pskLength) { if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { if (mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { if (mECAgreePrivateKey != null) { return(TlsEccUtilities.CalculateECDHBasicAgreement(mECAgreePublicKey, mECAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { return(this.mPremasterSecret); } return(new byte[pskLength]); }
protected virtual bool SupportsClientEccCapabilities(int[] namedCurves, byte[] ecPointFormats) { // NOTE: BC supports all the current set of point formats so we don't check them here if (namedCurves == null) { /* * RFC 4492 4. A client that proposes ECC cipher suites may choose not to include these * extensions. In this case, the server is free to choose any one of the elliptic curves * or point formats [...]. */ return(TlsEccUtilities.HasAnySupportedNamedCurves()); } for (int i = 0; i < namedCurves.Length; ++i) { int namedCurve = namedCurves[i]; if (NamedCurve.IsValid(namedCurve) && (!NamedCurve.RefersToASpecificNamedCurve(namedCurve) || TlsEccUtilities.IsSupportedNamedCurve(namedCurve))) { return(true); } } return(false); }
public static string GetNameOfNamedCurve(int namedCurve) { if (!TlsEccUtilities.IsSupportedNamedCurve(namedCurve)) { return(null); } return(TlsEccUtilities.CurveNames[namedCurve - 1]); }
public static ECPrivateKeyParameters GenerateEphemeralClientKeyExchange(SecureRandom random, byte[] ecPointFormats, ECDomainParameters ecParams, Stream output) { AsymmetricCipherKeyPair asymmetricCipherKeyPair = TlsEccUtilities.GenerateECKeyPair(random, ecParams); ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters)asymmetricCipherKeyPair.Public; TlsEccUtilities.WriteECPoint(ecPointFormats, eCPublicKeyParameters.Q, output); return((ECPrivateKeyParameters)asymmetricCipherKeyPair.Private); }
public override void ProcessClientKeyExchange(Stream input) { if (mECAgreePublicKey == null) { byte[] encoding = TlsUtilities.ReadOpaque8(input); ECDomainParameters parameters = mECAgreePrivateKey.Parameters; mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding)); } }
public static byte[] GetSupportedPointFormatsExtension(IDictionary extensions) { byte[] extensionData = TlsUtilities.GetExtensionData(extensions, 11); if (extensionData != null) { return(TlsEccUtilities.ReadSupportedPointFormatsExtension(extensionData)); } return(null); }
public static int[] GetSupportedEllipticCurvesExtension(IDictionary extensions) { byte[] extensionData = TlsUtilities.GetExtensionData(extensions, 10); if (extensionData != null) { return(TlsEccUtilities.ReadSupportedEllipticCurvesExtension(extensionData)); } return(null); }
public virtual IDictionary GetClientExtensions() { IDictionary clientExtensions = null; ProtocolVersion clientVersion = mContext.ClientVersion; /* * RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2. * Clients MUST NOT offer it if they are offering prior versions. */ if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion)) { // TODO Provide a way for the user to specify the acceptable hash/signature algorithms. this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms(); clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions); TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms); } if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites())) { /* * RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message * appends these extensions (along with any others), enumerating the curves it supports * and the point formats it can parse. Clients SHOULD send both the Supported Elliptic * Curves Extension and the Supported Point Formats Extension. */ /* * TODO Could just add all the curves since we support them all, but users may not want * to use unnecessarily large fields. Need configuration options. */ this.mNamedCurves = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 }; this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed, ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, }; clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions); TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves); TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats); } if (this.HostNames != null && this.HostNames.Count > 0) { var list = new System.Collections.Generic.List <ServerName>(this.HostNames.Count); for (int i = 0; i < this.HostNames.Count; ++i) { list.Add(new ServerName(Tls.NameType.host_name, this.HostNames[i])); } TlsExtensionsUtilities.AddServerNameExtension(clientExtensions, new ServerNameList(list)); } return(clientExtensions); }
protected virtual bool AllowUnexpectedServerExtension(int extensionType, byte[] extensionData) { if (extensionType == 10) { TlsEccUtilities.ReadSupportedEllipticCurvesExtension(extensionData); return(true); } return(false); }
public override void ProcessServerKeyExchange(Stream input) { if (!this.RequiresServerKeyExchange) { throw new TlsFatalAlert(10); } ECDomainParameters parameters = TlsEccUtilities.ReadECParameters(this.mNamedCurves, this.mClientECPointFormats, input); byte[] encoding = TlsUtilities.ReadOpaque8(input); this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(this.mClientECPointFormats, parameters, encoding)); }
public static bool ContainsEccCipherSuites(int[] cipherSuites) { for (int i = 0; i < cipherSuites.Length; i++) { if (TlsEccUtilities.IsEccCipherSuite(cipherSuites[i])) { return(true); } } return(false); }
public override byte[] GenerateServerKeyExchange() { if (!this.RequiresServerKeyExchange) { return(null); } MemoryStream output = new MemoryStream(); this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(base.mContext.SecureRandom, this.mNamedCurves, this.mClientECPointFormats, output); return(output.ToArray()); }
public override byte[] GeneratePremasterSecret() { if (mAgreementCredentials != null) { return(mAgreementCredentials.GenerateAgreement(mECAgreePublicKey)); } if (mECAgreePrivateKey != null) { return(TlsEccUtilities.CalculateECDHBasicAgreement(mECAgreePublicKey, mECAgreePrivateKey)); } throw new TlsFatalAlert(80); }
public virtual int GetSelectedCipherSuite() { bool flag = this.SupportsClientEccCapabilities(this.mNamedCurves, this.mClientECPointFormats); foreach (int num2 in this.GetCipherSuites()) { if ((Arrays.Contains(this.mOfferedCipherSuites, num2) && (flag || !TlsEccUtilities.IsEccCipherSuite(num2))) && TlsUtilities.IsValidCipherSuiteForVersion(num2, this.mServerVersion)) { return(this.mSelectedCipherSuite = num2); } } throw new TlsFatalAlert(40); }
public static int ReadECExponent(int fieldSize, Stream input) { BigInteger bigInteger = TlsEccUtilities.ReadECParameter(input); if (bigInteger.BitLength < 32) { int intValue = bigInteger.IntValue; if (intValue > 0 && intValue < fieldSize) { return(intValue); } } throw new TlsFatalAlert(47); }
public virtual int GetSelectedCipherSuite() { bool flag = SupportsClientEccCapabilities(mNamedCurves, mClientECPointFormats); int[] cipherSuites = GetCipherSuites(); foreach (int num in cipherSuites) { if (Arrays.Contains(mOfferedCipherSuites, num) && (flag || !TlsEccUtilities.IsEccCipherSuite(num)) && TlsUtilities.IsValidCipherSuiteForVersion(num, mServerVersion)) { return(mSelectedCipherSuite = num); } } throw new TlsFatalAlert(40); }