예제 #1
0
        public static byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey, DHPrivateKeyParameters privateKey)
        {
            DHBasicAgreement agreement = new DHBasicAgreement();

            agreement.Init(privateKey);
            return(BigIntegers.AsUnsignedByteArray(agreement.CalculateAgreement(publicKey)));
        }
예제 #2
0
        /**
         * this test is can take quiet a while
         */
        private void doTestGeneration(
            int size)
        {
            DHParametersGenerator pGen = new DHParametersGenerator();

            pGen.Init(size, 10, new SecureRandom());

            DHParameters dhParams = pGen.GenerateParameters();

            if (dhParams.L != 0)
            {
                Fail("DHParametersGenerator failed to set J to 0 in generated DHParameters");
            }

            DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams);

            DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator();

            kpGen.Init(dhkgParams);

            //
            // generate first pair
            //
            AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu1 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;

            //
            // generate second pair
            //
            dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), pu1.Parameters);

            kpGen.Init(dhkgParams);

            pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu2 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;

            //
            // two way
            //
            DHBasicAgreement e1 = new DHBasicAgreement();
            DHBasicAgreement e2 = new DHBasicAgreement();

            e1.Init(new ParametersWithRandom(pv1, new SecureRandom()));
            e2.Init(new ParametersWithRandom(pv2, new SecureRandom()));

            BigInteger k1 = e1.CalculateAgreement(pu2);
            BigInteger k2 = e2.CalculateAgreement(pu1);

            if (!k1.Equals(k2))
            {
                Fail("basic with " + size + " bit 2-way test failed");
            }
        }
예제 #3
0
        protected virtual byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey,
                                                           DHPrivateKeyParameters privateKey)
        {
            DHBasicAgreement dhAgree = new DHBasicAgreement();

            dhAgree.Init(dhAgreeClientPrivateKey);
            BigInteger agreement = dhAgree.CalculateAgreement(dhAgreeServerPublicKey);

            return(BigIntegers.AsUnsignedByteArray(agreement));
        }
예제 #4
0
        public byte[] GeneratePremasterSecret()
        {
            /*
             * Diffie-Hellman basic key agreement
             */
            DHBasicAgreement dhAgree = new DHBasicAgreement();

            dhAgree.Init(dhAgreeClientKeyPair.Private);
            BigInteger agreement = dhAgree.CalculateAgreement(dhAgreeServerPublicKey);

            return(BigIntegers.AsUnsignedByteArray(agreement));
        }
예제 #5
0
        public static byte[] CalculateDHBasicAgreement(DHPublicKeyParameters publicKey,
                                                       DHPrivateKeyParameters privateKey)
        {
            DHBasicAgreement basicAgreement = new DHBasicAgreement();

            basicAgreement.Init(privateKey);
            BigInteger agreementValue = basicAgreement.CalculateAgreement(publicKey);

            /*
             * RFC 5246 8.1.2. Leading bytes of Z that contain all zero bits are stripped before it is
             * used as the pre_master_secret.
             */
            return(BigIntegers.AsUnsignedByteArray(agreementValue));
        }
예제 #6
0
        private void doTestDHBasic(
            int size,
            int privateValueSize,
            BigInteger g,
            BigInteger p)
        {
            DHBasicKeyPairGenerator kpGen = getDHBasicKeyPairGenerator(g, p, privateValueSize);

            //
            // generate first pair
            //
            AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu1 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;

            checkKeySize(privateValueSize, pv1);
            //
            // generate second pair
            //
            pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu2 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;

            checkKeySize(privateValueSize, pv2);
            //
            // two way
            //
            DHBasicAgreement e1 = new DHBasicAgreement();
            DHBasicAgreement e2 = new DHBasicAgreement();

            e1.Init(pv1);
            e2.Init(pv2);

            BigInteger k1 = e1.CalculateAgreement(pu2);
            BigInteger k2 = e2.CalculateAgreement(pu1);

            if (!k1.Equals(k2))
            {
                Fail("basic " + size + " bit 2-way test failed");
            }
        }
예제 #7
0
        public byte[] CalculateSharedSecret(byte[] remotePublicKey)
        {
            if (!m_bInited)
            {
                Init();
            }
            DHPublicKeyParameters remoteKeyParameters = new DHPublicKeyParameters(new BigInteger(1, remotePublicKey), m_dhParameters);
            DHBasicAgreement      agreement           = new DHBasicAgreement();

            agreement.Init(m_keyPair.Private);
            byte[] resAgreement = agreement.CalculateAgreement(remoteKeyParameters).ToByteArrayUnsigned();

            Sha256Digest digest = new Sha256Digest();

            byte[] resHash = new byte[digest.GetDigestSize()];
            digest.BlockUpdate(resAgreement, 0, resAgreement.Length);
            digest.DoFinal(resHash, 0);

            SharedSecret = resHash;
            return(resHash);
        }
예제 #8
0
        private void doTestSimpleWithRandom(
            DHBasicKeyPairGenerator kpGen)
        {
            //
            // generate first pair
            //
            AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu1 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv1 = (DHPrivateKeyParameters)pair.Private;

            //
            // generate second pair
            //
            pair = kpGen.GenerateKeyPair();

            DHPublicKeyParameters  pu2 = (DHPublicKeyParameters)pair.Public;
            DHPrivateKeyParameters pv2 = (DHPrivateKeyParameters)pair.Private;

            //
            // two way
            //
            DHBasicAgreement e1 = new DHBasicAgreement();
            DHBasicAgreement e2 = new DHBasicAgreement();

            e1.Init(new ParametersWithRandom(pv1, new SecureRandom()));
            e2.Init(new ParametersWithRandom(pv2, new SecureRandom()));

            BigInteger k1 = e1.CalculateAgreement(pu2);
            BigInteger k2 = e2.CalculateAgreement(pu1);

            if (!k1.Equals(k2))
            {
                Fail("basic with random 2-way test failed");
            }
        }
예제 #9
0
        private void processDHEKeyExchange(
            MemoryStream inStr,
            ISigner signer)
        {
            Stream sigIn = inStr;

            if (signer != null)
            {
                signer.Init(false, this.serverPublicKey);
                signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
                signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);

                sigIn = new SignerStream(inStr, signer, null);
            }

            /*
             * Parse the Structure
             */
            int pLength = TlsUtilities.ReadUint16(sigIn);

            byte[] pByte = new byte[pLength];
            TlsUtilities.ReadFully(pByte, sigIn);

            int gLength = TlsUtilities.ReadUint16(sigIn);

            byte[] gByte = new byte[gLength];
            TlsUtilities.ReadFully(gByte, sigIn);

            int YsLength = TlsUtilities.ReadUint16(sigIn);

            byte[] YsByte = new byte[YsLength];
            TlsUtilities.ReadFully(YsByte, sigIn);

            if (signer != null)
            {
                int    sigLength = TlsUtilities.ReadUint16(inStr);
                byte[] sigByte   = new byte[sigLength];
                TlsUtilities.ReadFully(sigByte, inStr);

                /*
                 * Verify the Signature.
                 */
                if (!signer.VerifySignature(sigByte))
                {
                    this.FailWithError(AL_fatal, AP_bad_certificate);
                }
            }

            this.AssertEmpty(inStr);

            /*
             * Do the DH calculation.
             */
            BigInteger p  = new BigInteger(1, pByte);
            BigInteger g  = new BigInteger(1, gByte);
            BigInteger Ys = new BigInteger(1, YsByte);

            /*
             * Check the DH parameter values
             */
            if (!p.IsProbablePrime(10))
            {
                this.FailWithError(AL_fatal, AP_illegal_parameter);
            }
            if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
            {
                this.FailWithError(AL_fatal, AP_illegal_parameter);
            }
            // TODO For static DH public values, see additional checks in RFC 2631 2.1.5
            if (Ys.CompareTo(BigInteger.Two) < 0 || Ys.CompareTo(p.Subtract(BigInteger.One)) > 0)
            {
                this.FailWithError(AL_fatal, AP_illegal_parameter);
            }

            /*
             * Diffie-Hellman basic key agreement
             */
            DHParameters dhParams = new DHParameters(p, g);

            // Generate a keypair
            DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator();

            dhGen.Init(new DHKeyGenerationParameters(random, dhParams));

            AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair();

            // Store the public value to send to server
            this.Yc = ((DHPublicKeyParameters)dhPair.Public).Y;

            // Calculate the shared secret
            DHBasicAgreement dhAgree = new DHBasicAgreement();

            dhAgree.Init(dhPair.Private);

            BigInteger agreement = dhAgree.CalculateAgreement(new DHPublicKeyParameters(Ys, dhParams));

            this.pms = BigIntegers.AsUnsignedByteArray(agreement);
        }
예제 #10
0
        public override void PerformTest()
        {
            doTestDHBasic(512, 0, g512, p512);
            doTestDHBasic(768, 0, g768, p768);
            doTestDHBasic(1024, 0, g1024, p1024);

            doTestDHBasic(512, 64, g512, p512);
            doTestDHBasic(768, 128, g768, p768);
            doTestDHBasic(1024, 256, g1024, p1024);

            doTestDH(512, g512, p512);
            doTestDH(768, g768, p768);
            doTestDH(1024, g1024, p1024);

            //
            // generation test.
            //
            doTestGeneration(256);

            //
            // with random test
            //
            DHBasicKeyPairGenerator kpBasicGen = getDHBasicKeyPairGenerator(g512, p512, 0);

            doTestSimpleWithRandom(kpBasicGen);

            DHKeyPairGenerator kpGen = getDHKeyPairGenerator(g512, p512);

            doTestGPWithRandom(kpGen);

            //
            // parameter tests
            //
            DHAgreement             dh     = new DHAgreement();
            AsymmetricCipherKeyPair dhPair = kpGen.GenerateKeyPair();

            try
            {
                dh.Init(dhPair.Public);
                Fail("DHAgreement key check failed");
            }
            catch (ArgumentException)
            {
                // ignore
            }

            DHKeyPairGenerator kpGen768 = getDHKeyPairGenerator(g768, p768);

            try
            {
                dh.Init(dhPair.Private);

                dh.CalculateAgreement((DHPublicKeyParameters)kpGen768.GenerateKeyPair().Public, BigInteger.ValueOf(100));

                Fail("DHAgreement agreement check failed");
            }
            catch (ArgumentException)
            {
                // ignore
            }

            DHBasicAgreement        dhBasic     = new DHBasicAgreement();
            AsymmetricCipherKeyPair dhBasicPair = kpBasicGen.GenerateKeyPair();

            try
            {
                dhBasic.Init(dhBasicPair.Public);
                Fail("DHBasicAgreement key check failed");
            }
            catch (ArgumentException)
            {
                // expected
            }

            DHBasicKeyPairGenerator kpBasicGen768 = getDHBasicKeyPairGenerator(g768, p768, 0);

            try
            {
                dhBasic.Init(dhPair.Private);

                dhBasic.CalculateAgreement((DHPublicKeyParameters)kpBasicGen768.GenerateKeyPair().Public);

                Fail("DHBasicAgreement agreement check failed");
            }
            catch (ArgumentException)
            {
                // expected
            }
        }