More work on server-side DHE key exchange

author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-18 13:23:42 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-18 13:23:42 +0400
commit: 1190848be88884358ae50d46c6266ce680492688 (patch)
tree: 1cda862732dd59218c367a02232360efc949099f
parent: 0c04e0d702ed4afc3f3428f44fb833eeef3cf7d7 (diff)
2 files changed, 14 insertions, 8 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
index 57376592..ed654730 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
@@ -13,12 +13,12 @@ import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
 import org.bouncycastle.crypto.io.SignerInputStream;
 import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
 import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DHPublicKeyParameters;
 
 public class TlsDHEKeyExchange
     extends TlsDHKeyExchange
 {
-
     protected TlsSignerCredentials serverCredentials = null;
 
     public TlsDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
@@ -29,7 +29,6 @@ public class TlsDHEKeyExchange
     public void processServerCredentials(TlsCredentials serverCredentials)
         throws IOException
     {
-
         if (!(serverCredentials instanceof TlsSignerCredentials))
         {
             throw new TlsFatalAlert(AlertDescription.internal_error);
@@ -43,7 +42,6 @@ public class TlsDHEKeyExchange
     public byte[] generateServerKeyExchange()
         throws IOException
     {
-
         if (this.dhParameters == null)
         {
             throw new TlsFatalAlert(AlertDescription.internal_error);
@@ -54,6 +52,7 @@ public class TlsDHEKeyExchange
         DHKeyPairGenerator kpg = new DHKeyPairGenerator();
         kpg.init(new DHKeyGenerationParameters(context.getSecureRandom(), this.dhParameters));
         AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
+        this.dhAgreeServerPrivateKey = (DHPrivateKeyParameters)kp.getPrivate();
 
         BigInteger Ys = ((DHPublicKeyParameters)kp.getPublic()).getY();
 
@@ -84,7 +83,6 @@ public class TlsDHEKeyExchange
     public void processServerKeyExchange(InputStream input)
         throws IOException
     {
-
         SecurityParameters securityParameters = context.getSecurityParameters();
 
         Signer signer = initVerifyer(tlsSigner, securityParameters);
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
index 60e5105c..0e2742a1 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
@@ -20,7 +20,6 @@ import org.bouncycastle.crypto.util.PublicKeyFactory;
 public class TlsDHKeyExchange
     extends AbstractTlsKeyExchange
 {
-
     protected static final BigInteger ONE = BigInteger.valueOf(1);
     protected static final BigInteger TWO = BigInteger.valueOf(2);
 
@@ -32,11 +31,11 @@ public class TlsDHKeyExchange
     protected TlsAgreementCredentials agreementCredentials;
     protected DHPrivateKeyParameters dhAgreeClientPrivateKey;
 
+    protected DHPrivateKeyParameters dhAgreeServerPrivateKey;
     protected DHPublicKeyParameters dhAgreeClientPublicKey;
 
     public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
     {
-
         super(keyExchange, supportedSignatureAlgorithms);
 
         switch (keyExchange)
@@ -77,7 +76,6 @@ public class TlsDHKeyExchange
     public void processServerCertificate(Certificate serverCertificate)
         throws IOException
     {
-
         if (serverCertificate.isEmpty())
         {
             throw new TlsFatalAlert(AlertDescription.bad_certificate);
@@ -196,7 +194,17 @@ public class TlsDHKeyExchange
             return agreementCredentials.generateAgreement(dhAgreeServerPublicKey);
         }
 
-        return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
+        if (dhAgreeServerPrivateKey != null)
+        {
+            return calculateDHBasicAgreement(dhAgreeClientPublicKey, dhAgreeServerPrivateKey);
+        }
+
+        if (dhAgreeClientPrivateKey != null)
+        {
+            return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
+        }
+
+        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     protected boolean areCompatibleParameters(DHParameters a, DHParameters b)
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-18 13:23:42 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-18 13:23:42 +0400
commit	1190848be88884358ae50d46c6266ce680492688 (patch)
tree	1cda862732dd59218c367a02232360efc949099f
parent	0c04e0d702ed4afc3f3428f44fb833eeef3cf7d7 (diff)