ValidateECPublicKey() public static method

public static ValidateECPublicKey ( ECPublicKeyParameters key ) : ECPublicKeyParameters
key Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters
return Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters
 public override void ProcessClientKeyExchange(Stream input)
 {
     byte[] array = TlsUtilities.ReadOpaque16(input);
     mPsk = mPskIdentityManager.GetPsk(array);
     if (mPsk == null)
     {
         throw new TlsFatalAlert(115);
     }
     mContext.SecurityParameters.pskIdentity = array;
     if (mKeyExchange == 14)
     {
         BigInteger y = TlsDHUtilities.ReadDHParameter(input);
         mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(y, mDHParameters));
     }
     else if (mKeyExchange == 24)
     {
         byte[]             encoding   = TlsUtilities.ReadOpaque8(input);
         ECDomainParameters parameters = mECAgreePrivateKey.Parameters;
         mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding));
     }
     else if (mKeyExchange == 15)
     {
         byte[] encryptedPreMasterSecret = ((!TlsUtilities.IsSsl(mContext)) ? TlsUtilities.ReadOpaque16(input) : Streams.ReadAll(input));
         mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
     }
 }
示例#2
0
 public override void ProcessClientKeyExchange(Stream input)
 {
     if (mECAgreePublicKey == null)
     {
         byte[]             encoding   = TlsUtilities.ReadOpaque8(input);
         ECDomainParameters parameters = mECAgreePrivateKey.Parameters;
         mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mServerECPointFormats, parameters, encoding));
     }
 }
示例#3
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            if (!this.RequiresServerKeyExchange)
            {
                throw new TlsFatalAlert(10);
            }
            ECDomainParameters parameters = TlsEccUtilities.ReadECParameters(this.mNamedCurves, this.mClientECPointFormats, input);

            byte[] encoding = TlsUtilities.ReadOpaque8(input);
            this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(this.mClientECPointFormats, parameters, encoding));
        }
示例#4
0
        public override void ProcessServerCertificate(Certificate serverCertificate)
        {
            if (mKeyExchange == KeyExchangeAlgorithm.ECDH_anon)
            {
                throw new TlsFatalAlert(AlertDescription.unexpected_message);
            }
            if (serverCertificate.IsEmpty)
            {
                throw new TlsFatalAlert(AlertDescription.bad_certificate);
            }

            X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);

            SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;

            try
            {
                this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
            }
            catch (Exception e)
            {
                throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
            }

            if (mTlsSigner == null)
            {
                try
                {
                    this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
                }
                catch (InvalidCastException e)
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
                }

                TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyAgreement);
            }
            else
            {
                if (!mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
                {
                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
                }

                TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature);
            }

            base.ProcessServerCertificate(serverCertificate);
        }
示例#5
0
        public override void ProcessClientKeyExchange(Stream input)
        {
            if (mECAgreePublicKey != null)
            {
                // For ecdsa_fixed_ecdh and rsa_fixed_ecdh, the key arrived in the client certificate
                return;
            }

            byte[] point = TlsUtilities.ReadOpaque8(input);

            ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters;

            this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
                                                                             mServerECPointFormats, curve_params, point));
        }
示例#6
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            if (!RequiresServerKeyExchange)
            {
                throw new TlsFatalAlert(AlertDescription.unexpected_message);
            }

            // ECDH_anon is handled here, ECDHE_* in a subclass

            ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);

            byte[] point = TlsUtilities.ReadOpaque8(input);

            this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
                                                                             mClientECPointFormats, curve_params, point));
        }
 public override void ProcessServerKeyExchange(Stream input)
 {
     mPskIdentityHint = TlsUtilities.ReadOpaque16(input);
     if (mKeyExchange == 14)
     {
         ServerDHParams serverDHParams = ServerDHParams.Parse(input);
         mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(serverDHParams.PublicKey);
         mDHParameters     = mDHAgreePublicKey.Parameters;
     }
     else if (mKeyExchange == 24)
     {
         ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);
         byte[]             encoding     = TlsUtilities.ReadOpaque8(input);
         mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding));
     }
 }
示例#8
0
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = base.mContext.SecurityParameters;
            SignerInputBuffer  tee         = new SignerInputBuffer();
            Stream             stream      = new TeeInputStream(input, tee);
            ECDomainParameters parameters2 = TlsEccUtilities.ReadECParameters(base.mNamedCurves, base.mClientECPointFormats, stream);

            byte[]          encoding = TlsUtilities.ReadOpaque8(stream);
            DigitallySigned signed   = this.ParseSignature(input);
            ISigner         s        = this.InitVerifyer(base.mTlsSigner, signed.Algorithm, securityParameters);

            tee.UpdateSigner(s);
            if (!s.VerifySignature(signed.Signature))
            {
                throw new TlsFatalAlert(0x33);
            }
            base.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(base.mClientECPointFormats, parameters2, encoding));
        }
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = mContext.SecurityParameters;
            SignerInputBuffer  signerInputBuffer  = new SignerInputBuffer();
            Stream             input2             = (Stream)(object)new TeeInputStream(input, (Stream)(object)signerInputBuffer);
            ECDomainParameters curve_params       = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input2);

            byte[]          encoding        = TlsUtilities.ReadOpaque8(input2);
            DigitallySigned digitallySigned = ParseSignature(input);
            ISigner         signer          = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);

            signerInputBuffer.UpdateSigner(signer);
            if (!signer.VerifySignature(digitallySigned.Signature))
            {
                throw new TlsFatalAlert(51);
            }
            mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding));
        }
示例#10
0
        public override void ProcessClientKeyExchange(Stream input)
        {
            byte[] psk_identity = TlsUtilities.ReadOpaque16(input);

            this.mPsk = mPskIdentityManager.GetPsk(psk_identity);
            if (mPsk == null)
            {
                throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
            }

            mContext.SecurityParameters.pskIdentity = psk_identity;

            if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
            {
                BigInteger Yc = TlsDHUtilities.ReadDHParameter(input);

                this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(new DHPublicKeyParameters(Yc, mDHParameters));
            }
            else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
            {
                byte[] point = TlsUtilities.ReadOpaque8(input);

                ECDomainParameters curve_params = this.mECAgreePrivateKey.Parameters;

                this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
                                                                                 mServerECPointFormats, curve_params, point));
            }
            else if (this.mKeyExchange == KeyExchangeAlgorithm.RSA_PSK)
            {
                byte[] encryptedPreMasterSecret;
                if (TlsUtilities.IsSsl(mContext))
                {
                    // TODO Do any SSLv3 clients actually include the length?
                    encryptedPreMasterSecret = Streams.ReadAll(input);
                }
                else
                {
                    encryptedPreMasterSecret = TlsUtilities.ReadOpaque16(input);
                }

                this.mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
            }
        }
        public override void ProcessServerKeyExchange(Stream input)
        {
            this.mPskIdentityHint = TlsUtilities.ReadOpaque16(input);

            if (this.mKeyExchange == KeyExchangeAlgorithm.DHE_PSK)
            {
                this.mDHParameters     = TlsDHUtilities.ReceiveDHParameters(mDHVerifier, input);
                this.mDHAgreePublicKey = new DHPublicKeyParameters(TlsDHUtilities.ReadDHParameter(input), mDHParameters);
            }
            else if (this.mKeyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
            {
                ECDomainParameters ecParams = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input);

                byte[] point = TlsUtilities.ReadOpaque8(input);

                this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
                                                                                 mClientECPointFormats, ecParams, point));
            }
        }
示例#12
0
        public override void ProcessServerCertificate(Certificate serverCertificate)
        {
            if (base.mKeyExchange == 20)
            {
                throw new TlsFatalAlert(10);
            }
            if (serverCertificate.IsEmpty)
            {
                throw new TlsFatalAlert(0x2a);
            }
            X509CertificateStructure certificateAt        = serverCertificate.GetCertificateAt(0);
            SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;

            try
            {
                this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
            }
            catch (Exception exception)
            {
                throw new TlsFatalAlert(0x2b, exception);
            }
            if (this.mTlsSigner == null)
            {
                try
                {
                    this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)this.mServerPublicKey);
                }
                catch (InvalidCastException exception2)
                {
                    throw new TlsFatalAlert(0x2e, exception2);
                }
                TlsUtilities.ValidateKeyUsage(certificateAt, 8);
            }
            else
            {
                if (!this.mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
                {
                    throw new TlsFatalAlert(0x2e);
                }
                TlsUtilities.ValidateKeyUsage(certificateAt, 0x80);
            }
            base.ProcessServerCertificate(serverCertificate);
        }
示例#13
0
        public override void ProcessServerCertificate(Certificate serverCertificate)
        {
            //IL_0058: Expected O, but got Unknown
            if (serverCertificate.IsEmpty)
            {
                throw new TlsFatalAlert(42);
            }
            X509CertificateStructure certificateAt        = serverCertificate.GetCertificateAt(0);
            SubjectPublicKeyInfo     subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;

            try
            {
                mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
            }
            catch (global::System.Exception alertCause)
            {
                throw new TlsFatalAlert(43, alertCause);
            }
            if (mTlsSigner == null)
            {
                try
                {
                    mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)mServerPublicKey);
                }
                catch (InvalidCastException val)
                {
                    InvalidCastException alertCause2 = val;
                    throw new TlsFatalAlert(46, (global::System.Exception)(object) alertCause2);
                }
                TlsUtilities.ValidateKeyUsage(certificateAt, 8);
            }
            else
            {
                if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
                {
                    throw new TlsFatalAlert(46);
                }
                TlsUtilities.ValidateKeyUsage(certificateAt, 128);
            }
            base.ProcessServerCertificate(serverCertificate);
        }
        public override void ProcessServerKeyExchange(Stream input)
        {
            SecurityParameters securityParameters = mContext.SecurityParameters;

            SignerInputBuffer buf   = new SignerInputBuffer();
            Stream            teeIn = new TeeInputStream(input, buf);

            ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, teeIn);

            byte[] point = TlsUtilities.ReadOpaque8(teeIn);

            DigitallySigned signed_params = DigitallySigned.Parse(mContext, input);

            ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);

            buf.UpdateSigner(signer);
            if (!signer.VerifySignature(signed_params.Signature))
            {
                throw new TlsFatalAlert(AlertDescription.decrypt_error);
            }

            this.mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(
                                                                             mClientECPointFormats, curve_params, point));
        }