Exemplo n.º 1
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = context.SecurityParameters;

            ISigner signer = InitSigner(tlsSigner, securityParameters);
            Stream sigIn = new SignerStream(input, signer, null);

            ECCurveType curveType = (ECCurveType)TlsUtilities.ReadUint8(sigIn);
            ECDomainParameters curve_params;

            //  Currently, we only support named curves
            if (curveType == ECCurveType.named_curve)
            {
                NamedCurve namedCurve = (NamedCurve)TlsUtilities.ReadUint16(sigIn);

                // TODO Check namedCurve is one we offered?

                curve_params = NamedCurveHelper.GetECParameters(namedCurve);
            }
            else
            {
                // TODO Add support for explicit curve parameters (read from sigIn)

                throw new TlsFatalAlert(AlertDescription.handshake_failure);
            }

            byte[] publicBytes = TlsUtilities.ReadOpaque8(sigIn);

            byte[] sigByte = TlsUtilities.ReadOpaque16(input);
            if (!signer.VerifySignature(sigByte))
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error);
            }

            // TODO Check curve_params not null

            ECPoint Q = curve_params.Curve.DecodePoint(publicBytes);

            this.ecAgreeServerPublicKey = ValidateECPublicKey(new ECPublicKeyParameters(Q, curve_params));
        }
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = context.SecurityParameters;

            ISigner signer = InitSigner(tlsSigner, securityParameters);
            Stream sigIn = new SignerStream(input, signer, null);

            byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn);
            byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
            byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn);

            byte[] sigByte = TlsUtilities.ReadOpaque16(input);
            if (!signer.VerifySignature(sigByte))
            {
                throw new TlsFatalAlert(AlertDescription.bad_certificate);
            }

            IBigInteger p = new BigInteger(1, pBytes);
            IBigInteger g = new BigInteger(1, gBytes);
            IBigInteger Ys = new BigInteger(1, YsBytes);

            this.dhAgreeServerPublicKey = ValidateDHPublicKey(
                new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
        }
        public virtual void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = context.SecurityParameters;

            Stream sigIn = input;
            ISigner signer = null;

            if (tlsSigner != null)
            {
                signer = InitSigner(tlsSigner, securityParameters);
                sigIn = new SignerStream(input, signer, null);
            }

            byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn);
            byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
            byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn);
            byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn);

            if (signer != null)
            {
                byte[] sigByte = TlsUtilities.ReadOpaque16(input);

                if (!signer.VerifySignature(sigByte))
                {
                    throw new TlsFatalAlert(AlertDescription.decrypt_error);
                }
            }

            BigInteger N = new BigInteger(1, NBytes);
            BigInteger g = new BigInteger(1, gBytes);

            // TODO Validate group parameters (see RFC 5054)
            //throw new TlsFatalAlert(AlertDescription.insufficient_security);

            this.s = sBytes;

            /*
            * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
            * alert if B % N = 0.
            */
            try
            {
                this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
            }
            catch (CryptoException)
            {
                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
            }

            this.srpClient.Init(N, g, new Sha1Digest(), context.SecureRandom);
        }
Exemplo n.º 4
0
		public void ProcessServerKeyExchange(Stream input, SecurityParameters securityParameters)
		{
			Stream sigIn = input;
			ISigner signer = null;

			if (tlsSigner != null)
			{
				signer = InitSigner(tlsSigner, securityParameters);
				sigIn = new SignerStream(input, signer, null);
			}

			byte[] NBytes = TlsUtilities.ReadOpaque16(sigIn);
			byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
			byte[] sBytes = TlsUtilities.ReadOpaque8(sigIn);
			byte[] BBytes = TlsUtilities.ReadOpaque16(sigIn);

			if (signer != null)
			{
				byte[] sigByte = TlsUtilities.ReadOpaque16(input);

				if (!signer.VerifySignature(sigByte))
				{
					handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate);
				}
			}

			BigInteger N = new BigInteger(1, NBytes);
			BigInteger g = new BigInteger(1, gBytes);

			// TODO Validate group parameters (see RFC 5054)
			//handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_insufficient_security);

			this.s = sBytes;

			/*
			* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
			* alert if B % N = 0.
			*/
			try
			{
				this.B = Srp6Utilities.ValidatePublicValue(N, new BigInteger(1, BBytes));
			}
			catch (CryptoException)
			{
				handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
			}

			this.srpClient.Init(N, g, new Sha1Digest(), handler.Random);
		}
Exemplo n.º 5
0
		private void processSRPKeyExchange(
			MemoryStream	inStr,
			ISigner			signer)
		{
			Stream sigIn = inStr;
			if (signer != null)
			{
				signer.Init(false, this.serverPublicKey);
				signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
				signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);

				sigIn = new SignerStream(inStr, signer, null);
			}

			/*
			* Parse the Structure
			*/
			byte[] NByte = TlsUtilities.ReadOpaque16(sigIn);
			byte[] gByte = TlsUtilities.ReadOpaque16(sigIn);
			byte[] sByte = TlsUtilities.ReadOpaque8(sigIn);
			byte[] BByte = TlsUtilities.ReadOpaque16(sigIn);

			if (signer != null)
			{
				byte[] sigByte = TlsUtilities.ReadOpaque16(sigIn);

				/*
				* Verify the Signature.
				*/
				if (!signer.VerifySignature(sigByte))
				{
					this.FailWithError(AL_fatal, AP_bad_certificate);
				}
			}

			this.AssertEmpty(inStr);

			BigInteger N = new BigInteger(1, NByte);
			BigInteger g = new BigInteger(1, gByte);
			byte[] s = sByte;
			BigInteger B = new BigInteger(1, BByte);

			Srp6Client srpClient = new Srp6Client();
			srpClient.Init(N, g, new Sha1Digest(), random);

			this.SRP_A = srpClient.GenerateClientCredentials(s, this.SRP_identity,
				this.SRP_password);

			try
			{
				BigInteger S = srpClient.CalculateSecret(B);
				this.pms = BigIntegers.AsUnsignedByteArray(S);
			}
			catch (CryptoException)
			{
				this.FailWithError(AL_fatal, AP_illegal_parameter);
			}
		}
Exemplo n.º 6
0
		private void processDHEKeyExchange(
			MemoryStream	inStr,
			ISigner			signer)
		{
			Stream sigIn = inStr;
			if (signer != null)
			{
				signer.Init(false, this.serverPublicKey);
				signer.BlockUpdate(this.clientRandom, 0, this.clientRandom.Length);
				signer.BlockUpdate(this.serverRandom, 0, this.serverRandom.Length);

				sigIn = new SignerStream(inStr, signer, null);
			}

			/*
			* Parse the Structure
			*/
			byte[] pByte = TlsUtilities.ReadOpaque16(sigIn);
			byte[] gByte = TlsUtilities.ReadOpaque16(sigIn);
			byte[] YsByte = TlsUtilities.ReadOpaque16(sigIn);

			if (signer != null)
			{
				byte[] sigByte = TlsUtilities.ReadOpaque16(sigIn);

				/*
				* Verify the Signature.
				*/
				if (!signer.VerifySignature(sigByte))
				{
					this.FailWithError(AL_fatal, AP_bad_certificate);
				}
			}

			this.AssertEmpty(inStr);

			/*
			* Do the DH calculation.
			*/
			BigInteger p = new BigInteger(1, pByte);
			BigInteger g = new BigInteger(1, gByte);
			BigInteger Ys = new BigInteger(1, YsByte);

			/*
			* Check the DH parameter values
			*/
			if (!p.IsProbablePrime(10))
			{
				this.FailWithError(AL_fatal, AP_illegal_parameter);
			}
			if (g.CompareTo(BigInteger.Two) < 0 || g.CompareTo(p.Subtract(BigInteger.Two)) > 0)
			{
				this.FailWithError(AL_fatal, AP_illegal_parameter);
			}
			// TODO For static DH public values, see additional checks in RFC 2631 2.1.5 
			if (Ys.CompareTo(BigInteger.Two) < 0 || Ys.CompareTo(p.Subtract(BigInteger.One)) > 0)
			{
				this.FailWithError(AL_fatal, AP_illegal_parameter);
			}

			/*
			* Diffie-Hellman basic key agreement
			*/
			DHParameters dhParams = new DHParameters(p, g);

			// Generate a keypair
			DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator();
			dhGen.Init(new DHKeyGenerationParameters(random, dhParams));

			AsymmetricCipherKeyPair dhPair = dhGen.GenerateKeyPair();

			// Store the public value to send to server
			this.Yc = ((DHPublicKeyParameters)dhPair.Public).Y;

			// Calculate the shared secret
			DHBasicAgreement dhAgree = new DHBasicAgreement();
			dhAgree.Init(dhPair.Private);

			BigInteger agreement = dhAgree.CalculateAgreement(new DHPublicKeyParameters(Ys, dhParams));

			this.pms = BigIntegers.AsUnsignedByteArray(agreement);
		}
Exemplo n.º 7
0
		public void ProcessServerKeyExchange(Stream input, SecurityParameters securityParameters)
		{
			if (tlsSigner == null)
			{
				handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unexpected_message);
			}

			Stream sigIn = input;
			ISigner signer = null;

			if (tlsSigner != null)
			{
				signer = InitSigner(tlsSigner, securityParameters);
				sigIn = new SignerStream(input, signer, null);
			}

			byte[] pBytes = TlsUtilities.ReadOpaque16(sigIn);
			byte[] gBytes = TlsUtilities.ReadOpaque16(sigIn);
			byte[] YsBytes = TlsUtilities.ReadOpaque16(sigIn);

			if (signer != null)
			{
				byte[] sigByte = TlsUtilities.ReadOpaque16(input);

				if (!signer.VerifySignature(sigByte))
				{
					handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate);
				}
			}

			BigInteger p = new BigInteger(1, pBytes);
			BigInteger g = new BigInteger(1, gBytes);
			BigInteger Ys = new BigInteger(1, YsBytes);

			this.dhAgreeServerPublicKey = ValidateDHPublicKey(
				new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
		}