diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 12:20:51 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 12:20:51 +0400 |
commit | a48e5f6ed184dfbb2fca49b824ec39b07f49e09d (patch) | |
tree | d1427a8bf2c09732aa464ad32196a0a7c17487e2 /core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java | |
parent | 52f489640eab7c59f411ad732e7d41fdeb4381d9 (diff) |
Tighten up the checks that the server is respecting the client's
Supported Elliptic Curves Extension (if any)
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java index 7378c6b2..281a9898 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java @@ -433,6 +433,8 @@ public class TlsECCUtils { case ECCurveType.explicit_prime: { + checkNamedCurve(namedCurves, NamedCurve.arbitrary_explicit_prime_curves); + BigInteger prime_p = readECParameter(input); BigInteger a = readECFieldElement(prime_p.bitLength(), input); BigInteger b = readECFieldElement(prime_p.bitLength(), input); @@ -444,6 +446,8 @@ public class TlsECCUtils } case ECCurveType.explicit_char2: { + checkNamedCurve(namedCurves, NamedCurve.arbitrary_explicit_char2_curves); + int m = TlsUtils.readUint16(input); short basis = TlsUtils.readUint8(input); ECCurve curve; @@ -487,15 +491,7 @@ public class TlsECCUtils throw new TlsFatalAlert(AlertDescription.illegal_parameter); } - if (!TlsProtocol.arrayContains(namedCurves, namedCurve)) - { - /* - * RFC 4492 4. [...] servers MUST NOT negotiate the use of an ECC cipher suite - * unless they can complete the handshake while respecting the choice of curves - * and compression techniques specified by the client. - */ - throw new TlsFatalAlert(AlertDescription.illegal_parameter); - } + checkNamedCurve(namedCurves, namedCurve); return TlsECCUtils.getParametersForNamedCurve(namedCurve); } @@ -509,6 +505,19 @@ public class TlsECCUtils } } + private static void checkNamedCurve(int[] namedCurves, int namedCurve) throws IOException + { + if (namedCurves != null && !TlsProtocol.arrayContains(namedCurves, namedCurve)) + { + /* + * RFC 4492 4. [...] servers MUST NOT negotiate the use of an ECC cipher suite + * unless they can complete the handshake while respecting the choice of curves + * and compression techniques specified by the client. + */ + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + } + public static void writeECExponent(int k, OutputStream output) throws IOException { BigInteger K = BigInteger.valueOf(k); |