diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-18 13:23:42 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-18 13:23:42 +0400 |
commit | 1190848be88884358ae50d46c6266ce680492688 (patch) | |
tree | 1cda862732dd59218c367a02232360efc949099f | |
parent | 0c04e0d702ed4afc3f3428f44fb833eeef3cf7d7 (diff) |
More work on server-side DHE key exchange
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | 6 | ||||
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java | 16 |
2 files changed, 14 insertions, 8 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java index 57376592..ed654730 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java @@ -13,12 +13,12 @@ import org.bouncycastle.crypto.generators.DHKeyPairGenerator; import org.bouncycastle.crypto.io.SignerInputStream; import org.bouncycastle.crypto.params.DHKeyGenerationParameters; import org.bouncycastle.crypto.params.DHParameters; +import org.bouncycastle.crypto.params.DHPrivateKeyParameters; import org.bouncycastle.crypto.params.DHPublicKeyParameters; public class TlsDHEKeyExchange extends TlsDHKeyExchange { - protected TlsSignerCredentials serverCredentials = null; public TlsDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters) @@ -29,7 +29,6 @@ public class TlsDHEKeyExchange public void processServerCredentials(TlsCredentials serverCredentials) throws IOException { - if (!(serverCredentials instanceof TlsSignerCredentials)) { throw new TlsFatalAlert(AlertDescription.internal_error); @@ -43,7 +42,6 @@ public class TlsDHEKeyExchange public byte[] generateServerKeyExchange() throws IOException { - if (this.dhParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); @@ -54,6 +52,7 @@ public class TlsDHEKeyExchange DHKeyPairGenerator kpg = new DHKeyPairGenerator(); kpg.init(new DHKeyGenerationParameters(context.getSecureRandom(), this.dhParameters)); AsymmetricCipherKeyPair kp = kpg.generateKeyPair(); + this.dhAgreeServerPrivateKey = (DHPrivateKeyParameters)kp.getPrivate(); BigInteger Ys = ((DHPublicKeyParameters)kp.getPublic()).getY(); @@ -84,7 +83,6 @@ public class TlsDHEKeyExchange public void processServerKeyExchange(InputStream input) throws IOException { - SecurityParameters securityParameters = context.getSecurityParameters(); Signer signer = initVerifyer(tlsSigner, securityParameters); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java index 60e5105c..0e2742a1 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java @@ -20,7 +20,6 @@ import org.bouncycastle.crypto.util.PublicKeyFactory; public class TlsDHKeyExchange extends AbstractTlsKeyExchange { - protected static final BigInteger ONE = BigInteger.valueOf(1); protected static final BigInteger TWO = BigInteger.valueOf(2); @@ -32,11 +31,11 @@ public class TlsDHKeyExchange protected TlsAgreementCredentials agreementCredentials; protected DHPrivateKeyParameters dhAgreeClientPrivateKey; + protected DHPrivateKeyParameters dhAgreeServerPrivateKey; protected DHPublicKeyParameters dhAgreeClientPublicKey; public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters) { - super(keyExchange, supportedSignatureAlgorithms); switch (keyExchange) @@ -77,7 +76,6 @@ public class TlsDHKeyExchange public void processServerCertificate(Certificate serverCertificate) throws IOException { - if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); @@ -196,7 +194,17 @@ public class TlsDHKeyExchange return agreementCredentials.generateAgreement(dhAgreeServerPublicKey); } - return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey); + if (dhAgreeServerPrivateKey != null) + { + return calculateDHBasicAgreement(dhAgreeClientPublicKey, dhAgreeServerPrivateKey); + } + + if (dhAgreeClientPrivateKey != null) + { + return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey); + } + + throw new TlsFatalAlert(AlertDescription.internal_error); } protected boolean areCompatibleParameters(DHParameters a, DHParameters b) |