public static ServerDHParams Parse(Stream input)
{
BigInteger p = TlsDHUtilities.ReadDHParameter(input);
BigInteger g = TlsDHUtilities.ReadDHParameter(input);
return(new ServerDHParams(TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), new DHParameters(p, g)))));
}
public virtual void GenerateClientKeyExchange(Stream output)
{
if (psk_identity_hint == null || psk_identity_hint.Length == 0)
{
pskIdentity.SkipIdentityHint();
}
else
{
pskIdentity.NotifyIdentityHint(psk_identity_hint);
}
byte[] psk_identity = pskIdentity.GetPskIdentity();
TlsUtilities.WriteOpaque16(psk_identity, output);
if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
this.premasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(
context.SecureRandom, this.rsaServerPublicKey, output);
}
else if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.dhAgreeClientPrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(
context.SecureRandom, this.dhAgreeServerPublicKey.Parameters, output);
}
}
private static DHParameters FromSafeP(string hexP)
{
BigInteger bigInteger = TlsDHUtilities.FromHex(hexP);
BigInteger q = bigInteger.ShiftRight(1);
return(new DHParameters(bigInteger, TlsDHUtilities.Two, q));
}
public override void GenerateClientKeyExchange(Stream output)
{
if (this.mAgreementCredentials == null)
{
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(base.mContext.SecureRandom, this.mDHParameters, output);
}
}
public override void ProcessClientKeyExchange(Stream input)
{
byte[] array = TlsUtilities.ReadOpaque16(input);
mPsk = mPskIdentityManager.GetPsk(array);
if (mPsk == null)
{
throw new TlsFatalAlert(115);
}
mContext.SecurityParameters.pskIdentity = array;
if (mKeyExchange == 14)
{
BigInteger y = TlsDHUtilities.ReadDHParameter(input);
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, mDHParameters));
}
else if (mKeyExchange == 24)
{
byte[] encoding = TlsUtilities.ReadOpaque8(input);
ECDomainParameters parameters = mECAgreePrivateKey.Parameters;
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding));
}
else if (mKeyExchange == 15)
{
byte[] encryptedPreMasterSecret = ((!TlsUtilities.IsSsl(mContext)) ? TlsUtilities.ReadOpaque16(input) : Streams.ReadAll(input));
mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
}
}
public override byte[] GenerateServerKeyExchange()
{
//IL_0023: Unknown result type (might be due to invalid IL or missing references)
//IL_0029: Expected O, but got Unknown
mPskIdentityHint = mPskIdentityManager.GetHint();
if (mPskIdentityHint == null && !RequiresServerKeyExchange)
{
return(null);
}
MemoryStream val = new MemoryStream();
if (mPskIdentityHint == null)
{
TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, (Stream)(object)val);
}
else
{
TlsUtilities.WriteOpaque16(mPskIdentityHint, (Stream)(object)val);
}
if (mKeyExchange == 14)
{
if (mDHParameters == null)
{
throw new TlsFatalAlert(80);
}
mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mDHParameters, (Stream)(object)val);
}
else if (mKeyExchange == 24)
{
mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, (Stream)(object)val);
}
return(val.ToArray());
}
public override void GenerateClientKeyExchange(Stream output)
{
if (mPskIdentityHint == null)
{
mPskIdentity.SkipIdentityHint();
}
else
{
mPskIdentity.NotifyIdentityHint(mPskIdentityHint);
}
byte[] pskIdentity = mPskIdentity.GetPskIdentity();
if (pskIdentity == null)
{
throw new TlsFatalAlert(80);
}
mPsk = mPskIdentity.GetPsk();
if (mPsk == null)
{
throw new TlsFatalAlert(80);
}
TlsUtilities.WriteOpaque16(pskIdentity, output);
mContext.SecurityParameters.pskIdentity = pskIdentity;
if (mKeyExchange == 14)
{
mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output);
}
else if (mKeyExchange == 24)
{
mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mServerECPointFormats, mECAgreePublicKey.Parameters, output);
}
else if (mKeyExchange == 15)
{
mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext, mRsaServerPublicKey, output);
}
}
protected virtual byte[] GenerateOtherSecret(int pskLength)
{
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
if (mDHAgreePrivateKey != null)
{
return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey));
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
if (mECAgreePrivateKey != null)
{
return(TlsEccUtilities.CalculateECDHBasicAgreement(mECAgreePublicKey, mECAgreePrivateKey));
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
return(this.mPremasterSecret);
}
return(new byte[pskLength]);
}
public override void GenerateClientKeyExchange(Stream output)
{
if (mPskIdentityHint == null)
{
mPskIdentity.SkipIdentityHint();
}
else
{
mPskIdentity.NotifyIdentityHint(mPskIdentityHint);
}
byte[] psk_identity = mPskIdentity.GetPskIdentity();
TlsUtilities.WriteOpaque16(psk_identity, output);
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(context.SecureRandom,
mDHAgreePublicKey.Parameters, output);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
// TODO[RFC 5489]
throw new TlsFatalAlert(AlertDescription.internal_error);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
this.mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(context,
this.mRsaServerPublicKey, output);
}
}
public override byte[] GenerateServerKeyExchange()
{
this.mPskIdentityHint = this.mPskIdentityManager.GetHint();
if (this.mPskIdentityHint == null && !this.RequiresServerKeyExchange)
{
return(null);
}
MemoryStream memoryStream = new MemoryStream();
if (this.mPskIdentityHint == null)
{
TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, memoryStream);
}
else
{
TlsUtilities.WriteOpaque16(this.mPskIdentityHint, memoryStream);
}
if (this.mKeyExchange == 14)
{
if (this.mDHParameters == null)
{
throw new TlsFatalAlert(80);
}
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(this.mContext.SecureRandom, this.mDHParameters, memoryStream);
}
else if (this.mKeyExchange == 24)
{
this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(this.mContext.SecureRandom, this.mNamedCurves, this.mClientECPointFormats, memoryStream);
}
return(memoryStream.ToArray());
}
protected virtual byte[] GenerateOtherSecret(int pskLength)
{
if (this.mKeyExchange == 14)
{
if (this.mDHAgreePrivateKey != null)
{
return(TlsDHUtilities.CalculateDHBasicAgreement(this.mDHAgreePublicKey, this.mDHAgreePrivateKey));
}
throw new TlsFatalAlert(80);
}
else if (this.mKeyExchange == 24)
{
if (this.mECAgreePrivateKey != null)
{
return(TlsEccUtilities.CalculateECDHBasicAgreement(this.mECAgreePublicKey, this.mECAgreePrivateKey));
}
throw new TlsFatalAlert(80);
}
else
{
if (this.mKeyExchange == 15)
{
return(this.mPremasterSecret);
}
return(new byte[pskLength]);
}
}
protected virtual DHParameters ValidateDHParameters(DHParameters parameters)
{
if (parameters.P.BitLength < this.MinimumPrimeBits)
{
throw new TlsFatalAlert(0x47);
}
return(TlsDHUtilities.ValidateDHParameters(parameters));
}
public override void ProcessClientKeyExchange(Stream input)
{
if (this.mDHAgreePublicKey == null)
{
BigInteger y = TlsDHUtilities.ReadDHParameter(input);
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, this.mDHParameters));
}
}
public static DHPrivateKeyParameters GenerateEphemeralServerKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair asymmetricCipherKeyPair = TlsDHUtilities.GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters publicKey = (DHPublicKeyParameters)asymmetricCipherKeyPair.Public;
new ServerDHParams(publicKey).Encode(output);
return((DHPrivateKeyParameters)asymmetricCipherKeyPair.Private);
}
public static DHPrivateKeyParameters GenerateEphemeralClientKeyExchange(SecureRandom random, DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair asymmetricCipherKeyPair = TlsDHUtilities.GenerateDHKeyPair(random, dhParams);
DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters)asymmetricCipherKeyPair.Public;
TlsDHUtilities.WriteDHParameter(dHPublicKeyParameters.Y, output);
return((DHPrivateKeyParameters)asymmetricCipherKeyPair.Private);
}
public static short GetNegotiatedDheGroupsServerExtension(IDictionary extensions)
{
byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.negotiated_ff_dhe_groups);
if (extensionData != null)
{
return((short)TlsDHUtilities.ReadNegotiatedDheGroupsServerExtension(extensionData));
}
return(-1);
}
public static byte[] GetNegotiatedDheGroupsClientExtension(IDictionary extensions)
{
byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.negotiated_ff_dhe_groups);
if (extensionData != null)
{
return(TlsDHUtilities.ReadNegotiatedDheGroupsClientExtension(extensionData));
}
return(null);
}
protected virtual DHParameters ValidateDHParameters(DHParameters parameters)
{
if (parameters.P.BitLength < MinimumPrimeBits)
{
throw new TlsFatalAlert(AlertDescription.insufficient_security);
}
return(TlsDHUtilities.ValidateDHParameters(parameters));
}
public virtual void Encode(Stream output)
{
DHParameters parameters = this.mPublicKey.Parameters;
BigInteger y = this.mPublicKey.Y;
TlsDHUtilities.WriteDHParameter(parameters.P, output);
TlsDHUtilities.WriteDHParameter(parameters.G, output);
TlsDHUtilities.WriteDHParameter(y, output);
}
/**
* Encode this {@link ServerDHParams} to a {@link Stream}.
*
* @param output
* the {@link Stream} to encode to.
* @throws IOException
*/
public virtual void Encode(Stream output)
{
DHParameters dhParameters = mPublicKey.Parameters;
BigInteger Ys = mPublicKey.Y;
TlsDHUtilities.WriteDHParameter(dhParameters.P, output);
TlsDHUtilities.WriteDHParameter(dhParameters.G, output);
TlsDHUtilities.WriteDHParameter(Ys, output);
}
public override void ProcessClientKeyExchange(Stream input)
{
if (mDHAgreePublicKey != null)
{
// For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
return;
}
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
public static bool ContainsDheCipherSuites(int[] cipherSuites)
{
for (int i = 0; i < cipherSuites.Length; i++)
{
if (TlsDHUtilities.IsDheCipherSuite(cipherSuites[i]))
{
return(true);
}
}
return(false);
}
public override void ProcessServerKeyExchange(Stream input)
{
if (!RequiresServerKeyExchange)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
// DH_anon is handled here, DHE_* in a subclass
this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
}
public override byte[] GeneratePremasterSecret()
{
if (this.mAgreementCredentials != null)
{
return(this.mAgreementCredentials.GenerateAgreement(this.mDHAgreePublicKey));
}
if (this.mDHAgreePrivateKey == null)
{
throw new TlsFatalAlert(80);
}
return(TlsDHUtilities.CalculateDHBasicAgreement(this.mDHAgreePublicKey, this.mDHAgreePrivateKey));
}
public override void GenerateClientKeyExchange(Stream output)
{
/*
* RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman
* key, then Yc is implicit and does not need to be sent again. In this case, the Client Key
* Exchange message will be sent, but will be empty.
*/
if (mAgreementCredentials == null)
{
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
mDHParameters, output);
}
}
public override byte[] GeneratePremasterSecret()
{
if (mAgreementCredentials != null)
{
return(mAgreementCredentials.GenerateAgreement(mDHAgreePublicKey));
}
if (mDHAgreePrivateKey != null)
{
return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey));
}
throw new TlsFatalAlert(AlertDescription.internal_error);
}
public override void ProcessServerKeyExchange(Stream input)
{
if (!RequiresServerKeyExchange)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
// DH_anon is handled here, DHE_* in a subclass
ServerDHParams dhParams = ServerDHParams.Parse(input);
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey);
this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
public override byte[] GenerateServerKeyExchange()
{
if (this.mDHParameters == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
DigestInputBuffer buf = new DigestInputBuffer();
this.mDHAgreeServerPrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(context.SecureRandom,
this.mDHParameters, buf);
/*
* RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
*/
SignatureAndHashAlgorithm signatureAndHashAlgorithm;
IDigest d;
if (TlsUtilities.IsTlsV12(context))
{
signatureAndHashAlgorithm = mServerCredentials.SignatureAndHashAlgorithm;
if (signatureAndHashAlgorithm == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
d = TlsUtilities.CreateHash(signatureAndHashAlgorithm.Hash);
}
else
{
signatureAndHashAlgorithm = null;
d = new CombinedHash();
}
SecurityParameters securityParameters = context.SecurityParameters;
d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
buf.UpdateDigest(d);
byte[] hash = DigestUtilities.DoFinal(d);
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
signed_params.Encode(buf);
return(buf.ToArray());
}
protected virtual byte[] GenerateOtherSecret(int pskLength)
{
if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
return(TlsDHUtilities.CalculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey));
}
if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
return(this.premasterSecret);
}
return(new byte[pskLength]);
}
