public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
ISigner signer = InitSigner(tlsSigner, securityParameters);
Stream sigIn = new SignerStream(input, signer, null);
ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn);
ECDomainParameters curve_params;
// Currently, we only support named curves
if (curveType == ECCurveType.named_curve)
{
NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn);
// TODO Check namedCurve is one we offered?
curve_params = NamedCurveHelper.GetECParameters(namedCurve);
}
else
{
// TODO Add support for explicit curve parameters (read from sigIn)
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
// TODO Check curve_params not null
ECPoint Q = curve_params.Curve.DecodePoint(publicBytes);
this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params));
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
ISigner signer = InitSigner(tlsSigner, securityParameters);
Stream sigIn = new SignerStream(input, signer, null);
byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
IBigInteger p = new BigInteger(1, pBytes);
IBigInteger g = new BigInteger(1, gBytes);
IBigInteger Ys = new BigInteger(1, YsBytes);
this.dhAgreeServerPublicKey = ValidateDHPublicKey(
new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
}
public virtual void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = context.SecurityParameters;
Stream sigIn = input;
ISigner signer = null;
if (tlsSigner != null)
{
signer = InitSigner(tlsSigner, securityParameters);
sigIn = new SignerStream(input, signer, null);
}
byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
BigInteger N = new BigInteger(1, NBytes);
BigInteger g = new BigInteger(1, gBytes);
// TODO Validate group parameters (see RFC 5054)
//throw new TlsFatalAlert(AlertDescription.insufficient_security);
this.s = sBytes;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
* alert if B % N = 0.
*/
try
{
this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
}
catch (CryptoException)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
this.srpClient.Init(N, g, new Sha1Digest(), context.SecureRandom);
}
public void ProcessServerKeyExchange(Stream input, SecurityParameters securityParameters)
{
Stream sigIn = input;
ISigner signer = null;
if (tlsSigner != null)
{
signer = InitSigner(tlsSigner, securityParameters);
sigIn = new SignerStream(input, signer, null);
}
byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn);
byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate);
}
}
BigInteger N = new BigInteger(1, NBytes);
BigInteger g = new BigInteger(1, gBytes);
// TODO Validate group parameters (see RFC 5054)
//handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_insufficient_security);
this.s = sBytes;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
* alert if B % N = 0.
*/
try
{
this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
}
catch (CryptoException)
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
}
this.srpClient.Init(N, g, new Sha1Digest(), handler.Random);
}
private void processSRPKeyExchange(
MemoryStream inStr,
ISigner signer)
{
Stream sigIn = inStr;
if (signer != null)
{
signer.Init(false, this.serverPublicKey);
signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);
sigIn = new SignerStream(inStr, signer, null);
}
/*
* Parse the Structure
*/
byte[] NByte = TlsUtilities.ReadOpaque16(sigIn);
byte[] gByte = TlsUtilities.ReadOpaque16(sigIn);
byte[] sByte = TlsUtilities.ReadOpaque8(sigIn);
byte[] BByte = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(sigIn);
/*
* Verify the Signature.
*/
if (!signer.VerifySignature(sigByte))
{
this.FailWithError(AL_fatal, AP_bad_certificate);
}
}
this.AssertEmpty(inStr);
BigInteger N = new BigInteger(1, NByte);
BigInteger g = new BigInteger(1, gByte);
byte[] s = sByte;
BigInteger B = new BigInteger(1, BByte);
Srp6Client srpClient = new Srp6Client();
srpClient.Init(N, g, new Sha1Digest(), random);
this.SRP_A = srpClient.GenerateClientCredentials(s, this.SRP_identity,
this.SRP_password);
try
{
BigInteger S = srpClient.CalculateSecret(B);
this.pms = BigIntegers.AsUnsignedByteArray(S);
}
catch (CryptoException)
{
this.FailWithError(AL_fatal, AP_illegal_parameter);
}
}
private void processDHEKeyExchange(
MemoryStream inStr,
ISigner signer)
{
Stream sigIn = inStr;
if (signer != null)
{
signer.Init(false, this.serverPublicKey);
signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);
sigIn = new SignerStream(inStr, signer, null);
}
/*
* Parse the Structure
*/
byte[] pByte = TlsUtilities.ReadOpaque16(sigIn);
byte[] gByte = TlsUtilities.ReadOpaque16(sigIn);
byte[] YsByte = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(sigIn);
/*
* Verify the Signature.
*/
if (!signer.VerifySignature(sigByte))
{
this.FailWithError(AL_fatal, AP_bad_certificate);
}
}
this.AssertEmpty(inStr);
/*
* Do the DH calculation.
*/
BigInteger p = new BigInteger(1, pByte);
BigInteger g = new BigInteger(1, gByte);
BigInteger Ys = new BigInteger(1, YsByte);
/*
* Check the DH parameter values
*/
if (!p.IsProbablePrime(10))
{
this.FailWithError(AL_fatal, AP_illegal_parameter);
}
if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
{
this.FailWithError(AL_fatal, AP_illegal_parameter);
}
// TODO For static DH public values, see additional checks in RFC 2631 2.1.5
if (Ys.CompareTo(BigInteger.Two) < 0 || Ys.CompareTo(p.Subtract(BigInteger.One)) > 0)
{
this.FailWithError(AL_fatal, AP_illegal_parameter);
}
/*
* Diffie-Hellman basic key agreement
*/
DHParameters dhParams = new DHParameters(p, g);
// Generate a keypair
DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator();
dhGen.Init(new DHKeyGenerationParameters(random, dhParams));
AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair();
// Store the public value to send to server
this.Yc = ((DHPublicKeyParameters)dhPair.Public).Y;
// Calculate the shared secret
DHBasicAgreement dhAgree = new DHBasicAgreement();
dhAgree.Init(dhPair.Private);
BigInteger agreement = dhAgree.CalculateAgreement(new DHPublicKeyParameters(Ys, dhParams));
this.pms = BigIntegers.AsUnsignedByteArray(agreement);
}
public void ProcessServerKeyExchange(Stream input, SecurityParameters securityParameters)
{
if (tlsSigner == null)
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unexpected_message);
}
Stream sigIn = input;
ISigner signer = null;
if (tlsSigner != null)
{
signer = InitSigner(tlsSigner, securityParameters);
sigIn = new SignerStream(input, signer, null);
}
byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn);
if (signer != null)
{
byte[] sigByte = TlsUtilities.ReadOpaque16(input);
if (!signer.VerifySignature(sigByte))
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate);
}
}
BigInteger p = new BigInteger(1, pBytes);
BigInteger g = new BigInteger(1, gBytes);
BigInteger Ys = new BigInteger(1, YsBytes);
this.dhAgreeServerPublicKey = ValidateDHPublicKey(
new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
}
