public static BigInteger ComputeSharedSecret(string A, AsymmetricKeyParameter bPrivateKey, DHParameters internalParameters)
{
var importedKey = new DHPublicKeyParameters(new BigInteger(A), internalParameters);
var internalKeyAgree = AgreementUtilities.GetBasicAgreement("DH");
internalKeyAgree.Init(bPrivateKey);
return internalKeyAgree.CalculateAgreement(importedKey);
}
public static AsymmetricCipherKeyPair GenerateKeys(DHParameters parameters)
{
var keyGen = GeneratorUtilities.GetKeyPairGenerator("DH");
var kgp = new DHKeyGenerationParameters(new SecureRandom(), parameters);
keyGen.Init(kgp);
return keyGen.GenerateKeyPair();
}
public DHKeyGenerationParameters(
SecureRandom random,
DHParameters parameters)
: base(random, GetStrength(parameters))
{
this.parameters = parameters;
}
public DHKeyGenerationParameters(
SecureRandom random,
DHParameters parameters)
: base(random, parameters.P.BitLength)
{
this.parameters = parameters;
}
public DHPrivateKeyParameters(
BigInteger x,
DHParameters parameters)
: base(true, parameters)
{
this.x = x;
}
public void Init(
ICipherParameters parameters)
{
AsymmetricKeyParameter kParam;
if (parameters is ParametersWithRandom)
{
ParametersWithRandom rParam = (ParametersWithRandom)parameters;
this.random = rParam.Random;
kParam = (AsymmetricKeyParameter)rParam.Parameters;
}
else
{
this.random = new SecureRandom();
kParam = (AsymmetricKeyParameter)parameters;
}
if (!(kParam is DHPrivateKeyParameters))
{
throw new ArgumentException("DHEngine expects DHPrivateKeyParameters");
}
this.key = (DHPrivateKeyParameters)kParam;
this.dhParams = key.Parameters;
}
internal IBigInteger CalculatePrivate(
DHParameters dhParams,
ISecureRandom random)
{
int limit = dhParams.L;
if (limit != 0)
{
return new BigInteger(limit, random).SetBit(limit - 1);
}
IBigInteger min = BigInteger.Two;
int m = dhParams.M;
if (m != 0)
{
min = BigInteger.One.ShiftLeft(m - 1);
}
IBigInteger max = dhParams.P.Subtract(BigInteger.Two);
IBigInteger q = dhParams.Q;
if (q != null)
{
max = q.Subtract(BigInteger.Two);
}
return BigIntegers.CreateRandomInRange(min, max, random);
}
protected DHKeyParameters(
bool isPrivate,
DHParameters parameters)
: base(isPrivate)
{
// TODO Should we allow parameters to be null?
this.parameters = parameters;
}
public DHPrivateKeyParameters(
BigInteger x,
DHParameters parameters,
DerObjectIdentifier algorithmOid)
: base(true, parameters, algorithmOid)
{
this.x = x;
}
public DHPublicKeyParameters(
BigInteger y,
DHParameters parameters)
: base(false, parameters)
{
if (y == null)
throw new ArgumentNullException("y");
this.y = y;
}
protected DHKeyParameters(
bool isPrivate,
DHParameters parameters,
DerObjectIdentifier algorithmOid)
: base(isPrivate)
{
// TODO Should we allow parameters to be null?
this.parameters = parameters;
this.algorithmOid = algorithmOid;
}
public DHProvider(DHParameters parameters)
{
_parameters = parameters;
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH");
KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), _parameters);
keyGen.Init(kgp);
_kp = keyGen.GenerateKeyPair();
}
public DHPublicKeyParameters(
BigInteger y,
DHParameters parameters,
DerObjectIdentifier algorithmOid)
: base(false, parameters, algorithmOid)
{
if (y == null)
throw new ArgumentNullException("y");
this.y = y;
}
public ServerAuthority(DHParameters parameters)
{
this.parameters = parameters;
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH");
KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), parameters);
keyGen.Init(kgp);
kp = keyGen.GenerateKeyPair();
agreement = AgreementUtilities.GetBasicAgreement("DH");
agreement.Init(kp.Private);
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.Instance;
ElGamalParameters egp = param.Parameters;
DHParameters dhp = new DHParameters(egp.P, egp.G, null, 0, egp.L);
BigInteger x = helper.CalculatePrivate(dhp, param.Random);
BigInteger y = helper.CalculatePublic(dhp, x);
return new AsymmetricCipherKeyPair(
new ElGamalPublicKeyParameters(y, egp),
new ElGamalPrivateKeyParameters(x, egp));
}
public static DHPrivateKeyParameters GenerateEphemeralClientKeyExchange(SecureRandom random,
DHParameters dhParams, Stream output)
{
AsymmetricCipherKeyPair dhAgreeClientKeyPair = GenerateDHKeyPair(random, dhParams);
DHPrivateKeyParameters dhAgreeClientPrivateKey =
(DHPrivateKeyParameters)dhAgreeClientKeyPair.Private;
BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.Public).Y;
byte[] keData = BigIntegers.AsUnsignedByteArray(Yc);
TlsUtilities.WriteOpaque16(keData, output);
return dhAgreeClientPrivateKey;
}
public void Init(ICipherParameters parameters)
{
if (parameters is ParametersWithRandom)
{
parameters = ((ParametersWithRandom) parameters).Parameters;
}
if (!(parameters is DHPrivateKeyParameters))
{
throw new ArgumentException("DHEngine expects DHPrivateKeyParameters");
}
this._key = (DHPrivateKeyParameters) parameters;
this._dhParams = _key.Parameters;
}
/// <summary>
/// Create a Diffie-Hellman key pair mixture.
/// </summary>
/// <returns>KeyPair mixture</returns>
public KeyPair Mix()
{
var cipherKeyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("DiffieHellman");
var diffieHellmanParameters = new DHParameters(_common.P, _common.G, null);
KeyGenerationParameters diffieHellmanKeyGenerationParameters = new DHKeyGenerationParameters(new Org.BouncyCastle.Security.SecureRandom(), diffieHellmanParameters);
cipherKeyPairGenerator.Init(diffieHellmanKeyGenerationParameters);
var asymmetricKeyPair = cipherKeyPairGenerator.GenerateKeyPair();
var agreement = AgreementUtilities.GetBasicAgreement("DiffieHellman");
agreement.Init(asymmetricKeyPair.Private);
return new KeyPair() { Private = ((DHPrivateKeyParameters)asymmetricKeyPair.Private).X.ToString(), Public = ((DHPublicKeyParameters)asymmetricKeyPair.Public).Y.ToString() };
}
public override bool Equals(
object obj)
{
if (obj == this)
{
return(true);
}
DHParameters other = obj as DHParameters;
if (other == null)
{
return(false);
}
return(Equals(other));
}
internal BigInteger CalculatePrivate(
DHParameters dhParams,
SecureRandom random)
{
int limit = dhParams.L;
if (limit != 0)
{
int minWeight = limit >> 2;
for (;;)
{
BigInteger x = new BigInteger(limit, random).SetBit(limit - 1);
if (WNafUtilities.GetNafWeight(x) >= minWeight)
{
return x;
}
}
}
BigInteger min = BigInteger.Two;
int m = dhParams.M;
if (m != 0)
{
min = BigInteger.One.ShiftLeft(m - 1);
}
BigInteger q = dhParams.Q;
if (q == null)
{
q = dhParams.P;
}
BigInteger max = q.Subtract(BigInteger.Two);
{
int minWeight = max.BitLength >> 2;
for (;;)
{
BigInteger x = BigIntegers.CreateRandomInRange(min, max, random);
if (WNafUtilities.GetNafWeight(x) >= minWeight)
{
return x;
}
}
}
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
throw new TlsFatalAlert(AlertDescription.bad_certificate);
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (mTlsSigner == null)
{
try
{
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey);
this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
}
catch (InvalidCastException e)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
}
else
{
if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
}
base.ProcessServerCertificate(serverCertificate);
}
private static BigInteger Validate(BigInteger y, DHParameters dhParams)
{
if (y == null)
{
throw new ArgumentNullException("y");
}
BigInteger p = dhParams.P;
// TLS check
if (y.CompareTo(BigInteger.Two) < 0 || y.CompareTo(p.Subtract(BigInteger.Two)) > 0)
{
throw new ArgumentException("invalid DH public key", "y");
}
BigInteger q = dhParams.Q;
// We can't validate without Q.
if (q == null)
{
return(y);
}
if (p.TestBit(0) &&
p.BitLength - 1 == q.BitLength &&
p.ShiftRight(1).Equals(q))
{
// Safe prime case
if (1 == Legendre(y, p))
{
return(y);
}
}
else
{
if (BigInteger.One.Equals(y.ModPow(q, p)))
{
return(y);
}
}
throw new ArgumentException("value does not appear to be in correct group", "y");
}
public TlsDHKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, DHParameters dhParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.mTlsSigner = null;
break;
case KeyExchangeAlgorithm.DHE_RSA:
this.mTlsSigner = new TlsRsaSigner();
break;
case KeyExchangeAlgorithm.DHE_DSS:
this.mTlsSigner = new TlsDssSigner();
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mDHParameters = dhParameters;
}
public TlsPskKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, TlsPskIdentity pskIdentity,
DHParameters dhParameters, int[] namedCurves, byte[] clientECPointFormats, byte[] serverECPointFormats)
: base(keyExchange, supportedSignatureAlgorithms)
{
switch (keyExchange)
{
case KeyExchangeAlgorithm.DHE_PSK:
case KeyExchangeAlgorithm.ECDHE_PSK:
case KeyExchangeAlgorithm.PSK:
case KeyExchangeAlgorithm.RSA_PSK:
break;
default:
throw new InvalidOperationException("unsupported key exchange algorithm");
}
this.mPskIdentity = pskIdentity;
this.mDHParameters = dhParameters;
this.mNamedCurves = namedCurves;
this.mClientECPointFormats = clientECPointFormats;
this.mServerECPointFormats = serverECPointFormats;
}
private static BigInteger Validate(BigInteger y, DHParameters dhParams)
{
if (y == null)
{
throw new ArgumentNullException("y");
}
// TLS check
if (y.CompareTo(BigInteger.Two) < 0 || y.CompareTo(dhParams.P.Subtract(BigInteger.Two)) > 0)
{
throw new ArgumentException("invalid DH public key", "y");
}
// we can't validate without Q.
if (dhParams.Q != null &&
!y.ModPow(dhParams.Q, dhParams.P).Equals(BigInteger.One))
{
throw new ArgumentException("y value does not appear to be in correct group", "y");
}
return(y);
}
public void TestDH()
{
IBigInteger DHParraP = new BigInteger(Base64.Decode("ALJCm1CUL6mOnyVqWTSV6Z2+DVSGOvgboOhmbyyxCrym59uVnXMmPjIgQTrmniFg7PvdcN7NNFwFmcZleULso1s="));
IBigInteger DHParraQ = new BigInteger(Base64.Decode("WSFNqEoX1MdPkrUsmkr0zt8GqkMdfA3QdDM3lliFXlNz7crOuZMfGRAgnXNPELB2fe64b2aaLgLM4zK8oXZRrQ=="));
IBigInteger DHPubY = new BigInteger(Base64.Decode("AIki+8/zggCS2e488AsTNULI4LujdUeQQsZI949Dc9lKXZRmrPIC1h8NRoneHQEhpAe4Rhe0nhUOGZJekT5++SA="));
IBigInteger DHPrivX = new BigInteger(Base64.Decode("Apo67noMRO5eDWo/TtpRiBmKGw7ywh25shIu0Rs03krQmWKRbDPvdygWdJ5IpW6ZbKlCTAMhSxpz03YSeSEDmw=="));
DHParameters dhPara = new DHParameters(DHParraP, DHParraQ);
DHPublicKeyParameters dhPublic = new DHPublicKeyParameters(DHPubY, dhPara);
DHPrivateKeyParameters dhPrivate = new DHPrivateKeyParameters(DHPrivX, dhPara);
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(dhPublic);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dhPrivate);
DHPublicKeyParameters testPubKey = (DHPublicKeyParameters) PublicKeyFactory.CreateKey(pubInfo);
DHPrivateKeyParameters testPrivKey = (DHPrivateKeyParameters) PrivateKeyFactory.CreateKey(privInfo);
Assert.IsFalse(!testPrivKey.Equals(dhPrivate), "DH: Private key to info back to key");
Assert.IsFalse(!testPubKey.Equals(dhPublic), "DH: Public key to info back to key");
Assert.IsTrue(true, "Diffe Helman Test worked.");
}
public DHKeyGenerationParameters(SecureRandom random, DHParameters parameters) : base(random, GetStrength(parameters))
{
this.parameters = parameters;
}
protected DHKeyParameters(bool isPrivate, DHParameters parameters, DerObjectIdentifier algorithmOid)
: base(isPrivate)
{
this.parameters = parameters;
this.algorithmOid = algorithmOid;
}
public DHParameters(BigInteger p, BigInteger g, BigInteger q, int l) : this(p, g, q, DHParameters.GetDefaultMParam(l), l, null, null)
{
}
public DHPrivateKeyParameters(BigInteger x, DHParameters parameters, DerObjectIdentifier algorithmOid) : base(true, parameters, algorithmOid)
{
this.x = x;
}
protected virtual bool Equals(DHParameters other) => ((this.p.Equals(other.p) && this.g.Equals(other.g)) && object.Equals(this.q, other.q));
protected virtual bool AreCompatibleParameters(DHParameters a, DHParameters b)
{
return a.P.Equals(b.P) && a.G.Equals(b.G);
}
public DHPrivateKeyParameters(BigInteger x, DHParameters parameters) : base(true, parameters)
{
this.x = x;
}
protected bool Equals(DHParameters other)
{
return(p.Equals(other.p) && g.Equals(other.g) && object.Equals(q, other.q));
}
protected DHKeyParameters(
bool isPrivate,
DHParameters parameters)
: this(isPrivate, parameters, PkcsObjectIdentifiers.DhKeyAgreement)
{
}
private DHKeyPairGenerator getDHKeyPairGenerator(
BigInteger g,
BigInteger p)
{
DHParameters dhParams = new DHParameters(p, g);
DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
DHKeyPairGenerator kpGen = new DHKeyPairGenerator();
kpGen.Init(dhkgParams);
return kpGen;
}
public static AsymmetricKeyParameter CreateKey(
PrivateKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
DerObjectIdentifier algOid = algID.ObjectID;
// TODO See RSAUtil.isRsaOid in Java build
if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
|| algOid.Equals(X509ObjectIdentifiers.IdEARsa)
|| algOid.Equals(PkcsObjectIdentifiers.IdRsassaPss)
|| algOid.Equals(PkcsObjectIdentifiers.IdRsaesOaep))
{
RsaPrivateKeyStructure keyStructure = new RsaPrivateKeyStructure(
Asn1Sequence.GetInstance(keyInfo.PrivateKey));
return new RsaPrivateCrtKeyParameters(
keyStructure.Modulus,
keyStructure.PublicExponent,
keyStructure.PrivateExponent,
keyStructure.Prime1,
keyStructure.Prime2,
keyStructure.Exponent1,
keyStructure.Exponent2,
keyStructure.Coefficient);
}
else if (algOid.Equals(PkcsObjectIdentifiers.DhKeyAgreement))
{
DHParameter para = new DHParameter(
Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
DerInteger derX = (DerInteger)keyInfo.PrivateKey;
BigInteger lVal = para.L;
int l = lVal == null ? 0 : lVal.IntValue;
DHParameters dhParams = new DHParameters(para.P, para.G, null, l);
return new DHPrivateKeyParameters(derX.Value, dhParams);
}
else if (algOid.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter(
Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
DerInteger derX = (DerInteger)keyInfo.PrivateKey;
return new ElGamalPrivateKeyParameters(
derX.Value,
new ElGamalParameters(para.P, para.G));
}
else if (algOid.Equals(X9ObjectIdentifiers.IdDsa))
{
DerInteger derX = (DerInteger) keyInfo.PrivateKey;
Asn1Encodable ae = algID.Parameters;
DsaParameters parameters = null;
if (ae != null)
{
DsaParameter para = DsaParameter.GetInstance(ae.ToAsn1Object());
parameters = new DsaParameters(para.P, para.Q, para.G);
}
return new DsaPrivateKeyParameters(derX.Value, parameters);
}
else if (algOid.Equals(X9ObjectIdentifiers.IdECPublicKey))
{
X962Parameters para = new X962Parameters(algID.Parameters.ToAsn1Object());
X9ECParameters ecP;
if (para.IsNamedCurve)
{
// TODO ECGost3410NamedCurves support (returns ECDomainParameters though)
DerObjectIdentifier oid = (DerObjectIdentifier) para.Parameters;
ecP = X962NamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = SecNamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = NistNamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = TeleTrusTNamedCurves.GetByOid(oid);
}
}
}
}
else
{
ecP = new X9ECParameters((Asn1Sequence) para.Parameters);
}
ECDomainParameters dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
ECPrivateKeyStructure ec = new ECPrivateKeyStructure(
Asn1Sequence.GetInstance(keyInfo.PrivateKey));
return new ECPrivateKeyParameters(ec.GetKey(), dParams);
}
else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
ECPrivateKeyStructure ec = new ECPrivateKeyStructure(
Asn1Sequence.GetInstance(keyInfo.PrivateKey));
ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);
if (ecP == null)
return null;
return new ECPrivateKeyParameters(ec.GetKey(), gostParams.PublicKeyParamSet);
}
else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x94))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
DerOctetString derX = (DerOctetString) keyInfo.PrivateKey;
byte[] keyEnc = derX.GetOctets();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyEnc.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
}
BigInteger x = new BigInteger(1, keyBytes);
return new Gost3410PrivateKeyParameters(x, gostParams.PublicKeyParamSet);
}
else
{
throw new SecurityUtilityException("algorithm identifier in key not recognised");
}
}
private DHBasicKeyPairGenerator getDHBasicKeyPairGenerator(
BigInteger g,
BigInteger p,
int privateValueSize)
{
DHParameters dhParams = new DHParameters(p, g, null, privateValueSize);
DHKeyGenerationParameters dhkgParams = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
DHBasicKeyPairGenerator kpGen = new DHBasicKeyPairGenerator();
kpGen.Init(dhkgParams);
return kpGen;
}
protected bool Equals(DHParameters other)
{
return(this.p.Equals(other.p) && this.g.Equals(other.g) && object.Equals(this.q, other.q));
}
protected virtual AsymmetricCipherKeyPair GenerateDHKeyPair(DHParameters dhParams)
{
return TlsDHUtilities.GenerateDHKeyPair(context.SecureRandom, dhParams);
}
internal static int GetStrength(DHParameters parameters) => ((parameters.L == 0) ? parameters.P.BitLength : parameters.L);
protected DHKeyParameters(
bool isPrivate,
DHParameters parameters)
: this(isPrivate, parameters, PkcsObjectIdentifiers.DhKeyAgreement)
{
}
protected virtual void GenerateEphemeralClientKeyExchange(DHParameters dhParams, Stream output)
{
this.dhAgreeClientPrivateKey = TlsDHUtilities.GenerateEphemeralClientKeyExchange(
context.SecureRandom, dhParams, output);
}
internal static int GetStrength(
DHParameters parameters)
{
return(parameters.L != 0 ? parameters.L : parameters.P.BitLength);
}
