public override void GenerateClientKeyExchange(Stream output)
{
/*
* RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman
* key, then Yc is implicit and does not need to be sent again. In this case, the Client Key
* Exchange message will be sent, but will be empty.
*/
if (mAgreementCredentials == null)
{
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
mDHParameters, output);
}
}
public override void GenerateClientKeyExchange(Stream output)
{
if (mPskIdentityHint == null)
{
mPskIdentity.SkipIdentityHint();
}
else
{
mPskIdentity.NotifyIdentityHint(mPskIdentityHint);
}
byte[] psk_identity = mPskIdentity.GetPskIdentity();
if (psk_identity == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.mPsk = mPskIdentity.GetPsk();
if (mPsk == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
TlsUtilities.WriteOpaque16(psk_identity, output);
mContext.SecurityParameters.pskIdentity = psk_identity;
if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
{
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
mDHParameters, output);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
{
this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
mServerECPointFormats, mECAgreePublicKey.Parameters, output);
}
else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
this.mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext,
this.mRsaServerPublicKey, output);
}
}