diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 10:56:26 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 10:56:26 +0400 |
| commit | a1255722486d074260f8eaefbd0ea383f64c31f8 (patch) | |
| tree | c7aba18ee7ea21a4be2e058bdc134e75a94ef972 /core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | |
| parent | a30169f9ef80a631056934c29d6d21473cbde018 (diff) | |
Add ServerDHParams and refactor DHE key exchange code
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java index ed654730..66f3e170 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java @@ -3,15 +3,12 @@ package org.bouncycastle.crypto.tls; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; import java.util.Vector; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Signer; -import org.bouncycastle.crypto.generators.DHKeyPairGenerator; import org.bouncycastle.crypto.io.SignerInputStream; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; import org.bouncycastle.crypto.params.DHParameters; import org.bouncycastle.crypto.params.DHPrivateKeyParameters; import org.bouncycastle.crypto.params.DHPublicKeyParameters; @@ -49,16 +46,8 @@ public class TlsDHEKeyExchange ByteArrayOutputStream buf = new ByteArrayOutputStream(); - DHKeyPairGenerator kpg = new DHKeyPairGenerator(); - kpg.init(new DHKeyGenerationParameters(context.getSecureRandom(), this.dhParameters)); - AsymmetricCipherKeyPair kp = kpg.generateKeyPair(); - this.dhAgreeServerPrivateKey = (DHPrivateKeyParameters)kp.getPrivate(); - - BigInteger Ys = ((DHPublicKeyParameters)kp.getPublic()).getY(); - - TlsDHUtils.writeDHParameter(dhParameters.getP(), buf); - TlsDHUtils.writeDHParameter(dhParameters.getG(), buf); - TlsDHUtils.writeDHParameter(Ys, buf); + this.dhAgreeServerPrivateKey = TlsDHUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(), + this.dhParameters, buf); byte[] digestInput = buf.toByteArray(); @@ -88,9 +77,7 @@ public class TlsDHEKeyExchange Signer signer = initVerifyer(tlsSigner, securityParameters); InputStream sigIn = new SignerInputStream(input, signer); - BigInteger p = TlsDHUtils.readDHParameter(sigIn); - BigInteger g = TlsDHUtils.readDHParameter(sigIn); - BigInteger Ys = TlsDHUtils.readDHParameter(sigIn); + ServerDHParams serverDHParams = ServerDHParams.parse(sigIn); byte[] sigBytes = TlsUtils.readOpaque16(input); if (!signer.verifySignature(sigBytes)) @@ -98,7 +85,7 @@ public class TlsDHEKeyExchange throw new TlsFatalAlert(AlertDescription.decrypt_error); } - this.dhAgreeServerPublicKey = validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g))); + this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(serverDHParams.getPublicKey()); } protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters) |