Пример #1
0
 public override void GenerateClientKeyExchange(Stream output)
 {
     /*
      * RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman
      * key, then Yc is implicit and does not need to be sent again. In this case, the Client Key
      * Exchange message will be sent, but will be empty.
      */
     if (mAgreementCredentials == null)
     {
         this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
                                                                                     mDHParameters, output);
     }
 }
Пример #2
0
        public override void GenerateClientKeyExchange(Stream output)
        {
            if (mPskIdentityHint == null)
            {
                mPskIdentity.SkipIdentityHint();
            }
            else
            {
                mPskIdentity.NotifyIdentityHint(mPskIdentityHint);
            }

            byte[] psk_identity = mPskIdentity.GetPskIdentity();
            if (psk_identity == null)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            this.mPsk = mPskIdentity.GetPsk();
            if (mPsk == null)
            {
                throw new TlsFatalAlert(AlertDescription.internal_error);
            }

            TlsUtilities.WriteOpaque16(psk_identity, output);

            mContext.SecurityParameters.pskIdentity = psk_identity;

            if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
            {
                this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
                                                                                            mDHParameters, output);
            }
            else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
            {
                this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom,
                                                                                             mServerECPointFormats, mECAgreePublicKey.Parameters, output);
            }
            else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
            {
                this.mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext,
                                                                                         this.mRsaServerPublicKey, output);
            }
        }