Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java')
-rw-r--r--src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java92
1 files changed, 64 insertions, 28 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java b/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
index 152e371f..094443eb 100644
--- a/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
+++ b/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
@@ -16,38 +16,51 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
/**
* ECDHE key exchange (see RFC 4492)
*/
-public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
+public class TlsECDHEKeyExchange
+ extends TlsECDHKeyExchange
+{
protected TlsSignerCredentials serverCredentials = null;
public TlsECDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, int[] namedCurves,
- short[] clientECPointFormats, short[] serverECPointFormats) {
+ short[] clientECPointFormats, short[] serverECPointFormats)
+ {
super(keyExchange, supportedSignatureAlgorithms, namedCurves, clientECPointFormats, serverECPointFormats);
}
- public void processServerCredentials(TlsCredentials serverCredentials) throws IOException {
+ public void processServerCredentials(TlsCredentials serverCredentials)
+ throws IOException
+ {
- if (!(serverCredentials instanceof TlsSignerCredentials)) {
+ if (!(serverCredentials instanceof TlsSignerCredentials))
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
processServerCertificate(serverCredentials.getCertificate());
- this.serverCredentials = (TlsSignerCredentials) serverCredentials;
+ this.serverCredentials = (TlsSignerCredentials)serverCredentials;
}
- public byte[] generateServerKeyExchange() throws IOException {
+ public byte[] generateServerKeyExchange()
+ throws IOException
+ {
/*
* First we try to find a supported named curve from the client's list.
*/
int namedCurve = -1;
- if (namedCurves == null) {
+ if (namedCurves == null)
+ {
namedCurve = NamedCurve.secp256r1;
- } else {
- for (int i = 0; i < namedCurves.length; ++i) {
+ }
+ else
+ {
+ for (int i = 0; i < namedCurves.length; ++i)
+ {
int entry = namedCurves[i];
- if (TlsECCUtils.isSupportedNamedCurve(entry)) {
+ if (TlsECCUtils.isSupportedNamedCurve(entry))
+ {
namedCurve = entry;
break;
}
@@ -55,20 +68,27 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
}
ECDomainParameters curve_params = null;
- if (namedCurve >= 0) {
+ if (namedCurve >= 0)
+ {
curve_params = TlsECCUtils.getParametersForNamedCurve(namedCurve);
- } else {
+ }
+ else
+ {
/*
* If no named curves are suitable, check if the client supports explicit curves.
*/
- if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves)) {
+ if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves))
+ {
curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.secp256r1);
- } else if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves)) {
+ }
+ else if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves))
+ {
curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.sect233r1);
}
}
- if (curve_params == null) {
+ if (curve_params == null)
+ {
/*
* NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
* a suitable curve.
@@ -77,16 +97,19 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
}
AsymmetricCipherKeyPair kp = TlsECCUtils.generateECKeyPair(context.getSecureRandom(), curve_params);
- this.ecAgreeServerPrivateKey = (ECPrivateKeyParameters) kp.getPrivate();
+ this.ecAgreeServerPrivateKey = (ECPrivateKeyParameters)kp.getPrivate();
byte[] publicBytes = TlsECCUtils.serializeECPublicKey(clientECPointFormats,
- (ECPublicKeyParameters) kp.getPublic());
+ (ECPublicKeyParameters)kp.getPublic());
ByteArrayOutputStream buf = new ByteArrayOutputStream();
- if (namedCurve < 0) {
+ if (namedCurve < 0)
+ {
TlsECCUtils.writeExplicitECParameters(clientECPointFormats, curve_params, buf);
- } else {
+ }
+ else
+ {
TlsECCUtils.writeNamedECParameters(namedCurve, buf);
}
@@ -113,7 +136,9 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
return buf.toByteArray();
}
- public void processServerKeyExchange(InputStream input) throws IOException {
+ public void processServerKeyExchange(InputStream input)
+ throws IOException
+ {
SecurityParameters securityParameters = context.getSecurityParameters();
@@ -125,7 +150,8 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
byte[] point = TlsUtils.readOpaque8(sigIn);
byte[] sigByte = TlsUtils.readOpaque16(input);
- if (!signer.verifySignature(sigByte)) {
+ if (!signer.verifySignature(sigByte))
+ {
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
@@ -133,7 +159,9 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
clientECPointFormats, curve_params, point));
}
- public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
+ public void validateCertificateRequest(CertificateRequest certificateRequest)
+ throws IOException
+ {
/*
* RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable with
* ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is prohibited because
@@ -141,8 +169,10 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
* these algorithms.
*/
short[] types = certificateRequest.getCertificateTypes();
- for (int i = 0; i < types.length; ++i) {
- switch (types[i]) {
+ for (int i = 0; i < types.length; ++i)
+ {
+ switch (types[i])
+ {
case ClientCertificateType.rsa_sign:
case ClientCertificateType.dss_sign:
case ClientCertificateType.ecdsa_sign:
@@ -153,15 +183,21 @@ public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
}
}
- public void processClientCredentials(TlsCredentials clientCredentials) throws IOException {
- if (clientCredentials instanceof TlsSignerCredentials) {
+ public void processClientCredentials(TlsCredentials clientCredentials)
+ throws IOException
+ {
+ if (clientCredentials instanceof TlsSignerCredentials)
+ {
// OK
- } else {
+ }
+ else
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
- protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters) {
+ protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters)
+ {
Signer signer = tlsSigner.createVerifyer(this.serverPublicKey);
signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-31 09:54:11 +0300