protected virtual byte[] GenerateOtherSecret(int pskLength) { if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { if (mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { if (mECAgreePrivateKey != null) { return(TlsEccUtilities.CalculateECDHBasicAgreement(mECAgreePublicKey, mECAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); } if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { return(this.mPremasterSecret); } return(new byte[pskLength]); }
public override void ProcessClientKeyExchange(Stream input) { if (mDHAgreePublicKey != null) { // For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate return; } this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters); }
public override void ProcessServerKeyExchange(Stream input) { if (!RequiresServerKeyExchange) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } // DH_anon is handled here, DHE_* in a subclass this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input); this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters); }
public override void GenerateClientKeyExchange(Stream output) { /* * RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman * key, then Yc is implicit and does not need to be sent again. In this case, the Client Key * Exchange message will be sent, but will be empty. */ if (mAgreementCredentials == null) { this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output); } }
public override byte[] GeneratePremasterSecret() { if (mAgreementCredentials != null) { return(mAgreementCredentials.GenerateAgreement(mDHAgreePublicKey)); } if (mDHAgreePrivateKey != null) { return(TlsDHUtilities.CalculateDHBasicAgreement(mDHAgreePublicKey, mDHAgreePrivateKey)); } throw new TlsFatalAlert(AlertDescription.internal_error); }
public override byte[] GenerateServerKeyExchange() { if (!RequiresServerKeyExchange) { return(null); } // DH_anon is handled here, DHE_* in a subclass MemoryStream buf = new MemoryStream(); this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); return(buf.ToArray()); }
public override void GenerateClientKeyExchange(Stream output) { if (mPskIdentityHint == null) { mPskIdentity.SkipIdentityHint(); } else { mPskIdentity.NotifyIdentityHint(mPskIdentityHint); } byte[] psk_identity = mPskIdentity.GetPskIdentity(); if (psk_identity == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mPsk = mPskIdentity.GetPsk(); if (mPsk == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } TlsUtilities.WriteOpaque16(psk_identity, output); mContext.SecurityParameters.pskIdentity = psk_identity; if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mDHParameters, output); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralClientKeyExchange(mContext.SecureRandom, mServerECPointFormats, mECAgreePublicKey.Parameters, output); } else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { this.mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext, this.mRsaServerPublicKey, output); } }
public override void ProcessServerKeyExchange(Stream input) { this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input); if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input); this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { ECDomainParameters ecParams = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input); byte[] point = TlsUtilities.ReadOpaque8(input); this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey( mClientECPointFormats, ecParams, point)); } }
public override void ProcessServerKeyExchange(Stream input) { SecurityParameters securityParameters = mContext.SecurityParameters; SignerInputBuffer buf = new SignerInputBuffer(); Stream teeIn = new TeeInputStream(input, buf); this.mDHParameters = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, teeIn); this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(teeIn), mDHParameters); DigitallySigned signed_params = ParseSignature(input); ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters); buf.UpdateSigner(signer); if (!signer.VerifySignature(signed_params.Signature)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public override void ProcessClientKeyExchange(Stream input) { byte[] psk_identity = TlsUtilities.ReadOpaque16(input); this.mPsk = mPskIdentityManager.GetPsk(psk_identity); if (mPsk == null) { throw new TlsFatalAlert(AlertDescription.unknown_psk_identity); } mContext.SecurityParameters.pskIdentity = psk_identity; if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { byte[] point = TlsUtilities.ReadOpaque8(input); ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters; this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey( mServerECPointFormats, curve_params, point)); } else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK) { byte[] encryptedPreMasterSecret; if (TlsUtilities.IsSsl(mContext)) { // TODO Do any SSLv3 clients actually include the length? encryptedPreMasterSecret = Streams.ReadAll(input); } else { encryptedPreMasterSecret = TlsUtilities.ReadOpaque16(input); } this.mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret); } }
public override byte[] GenerateServerKeyExchange() { this.mPskIdentityHint = mPskIdentityManager.GetHint(); if (this.mPskIdentityHint == null && !RequiresServerKeyExchange) { return(null); } MemoryStream buf = new MemoryStream(); if (this.mPskIdentityHint == null) { TlsUtilities.WriteOpaque16(TlsUtilities.EmptyBytes, buf); } else { TlsUtilities.WriteOpaque16(this.mPskIdentityHint, buf); } if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK) { if (this.mDHParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); } else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { this.mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, buf); } return(buf.ToArray()); }
public override byte[] GenerateServerKeyExchange() { if (this.mDHParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } DigestInputBuffer buf = new DigestInputBuffer(); this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, this.mDHParameters, buf); /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm( mContext, mServerCredentials); IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = mContext.SecurityParameters; d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length); d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length); buf.UpdateDigest(d); byte[] hash = DigestUtilities.DoFinal(d); byte[] signature = mServerCredentials.GenerateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.Encode(buf); return(buf.ToArray()); }