Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java')
-rw-r--r--src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java95
1 files changed, 67 insertions, 28 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java b/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
index 8f40f40d..87cb8d78 100644
--- a/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
+++ b/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
@@ -19,7 +19,9 @@ import org.bouncycastle.crypto.util.PublicKeyFactory;
/**
* TLS 1.0 PSK key exchange (RFC 4279).
*/
-public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
+public class TlsPSKKeyExchange
+ extends AbstractTlsKeyExchange
+{
protected TlsPSKIdentity pskIdentity;
@@ -32,10 +34,12 @@ public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
protected RSAKeyParameters rsaServerPublicKey = null;
protected byte[] premasterSecret;
- public TlsPSKKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsPSKIdentity pskIdentity) {
+ public TlsPSKKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsPSKIdentity pskIdentity)
+ {
super(keyExchange, supportedSignatureAlgorithms);
- switch (keyExchange) {
+ switch (keyExchange)
+ {
case KeyExchangeAlgorithm.PSK:
case KeyExchangeAlgorithm.RSA_PSK:
case KeyExchangeAlgorithm.DHE_PSK:
@@ -47,51 +51,66 @@ public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
this.pskIdentity = pskIdentity;
}
- public void skipServerCredentials() throws IOException {
- if (keyExchange == KeyExchangeAlgorithm.RSA_PSK) {
+ public void skipServerCredentials()
+ throws IOException
+ {
+ if (keyExchange == KeyExchangeAlgorithm.RSA_PSK)
+ {
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
}
- public void processServerCertificate(Certificate serverCertificate) throws IOException {
+ public void processServerCertificate(Certificate serverCertificate)
+ throws IOException
+ {
- if (keyExchange != KeyExchangeAlgorithm.RSA_PSK) {
+ if (keyExchange != KeyExchangeAlgorithm.RSA_PSK)
+ {
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
- if (serverCertificate.isEmpty()) {
+ if (serverCertificate.isEmpty())
+ {
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
- try {
+ try
+ {
this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
- } catch (RuntimeException e) {
+ }
+ catch (RuntimeException e)
+ {
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
// Sanity check the PublicKeyFactory
- if (this.serverPublicKey.isPrivate()) {
+ if (this.serverPublicKey.isPrivate())
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
- this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters) this.serverPublicKey);
+ this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey);
TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment);
super.processServerCertificate(serverCertificate);
}
- public boolean requiresServerKeyExchange() {
+ public boolean requiresServerKeyExchange()
+ {
return keyExchange == KeyExchangeAlgorithm.DHE_PSK;
}
- public void processServerKeyExchange(InputStream input) throws IOException {
+ public void processServerKeyExchange(InputStream input)
+ throws IOException
+ {
this.psk_identity_hint = TlsUtils.readOpaque16(input);
- if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) {
+ if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
+ {
byte[] pBytes = TlsUtils.readOpaque16(input);
byte[] gBytes = TlsUtils.readOpaque16(input);
byte[] YsBytes = TlsUtils.readOpaque16(input);
@@ -105,19 +124,28 @@ public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
}
}
- public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
+ public void validateCertificateRequest(CertificateRequest certificateRequest)
+ throws IOException
+ {
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
- public void processClientCredentials(TlsCredentials clientCredentials) throws IOException {
+ public void processClientCredentials(TlsCredentials clientCredentials)
+ throws IOException
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
- public void generateClientKeyExchange(OutputStream output) throws IOException {
+ public void generateClientKeyExchange(OutputStream output)
+ throws IOException
+ {
- if (psk_identity_hint == null) {
+ if (psk_identity_hint == null)
+ {
pskIdentity.skipIdentityHint();
- } else {
+ }
+ else
+ {
pskIdentity.notifyIdentityHint(psk_identity_hint);
}
@@ -125,16 +153,21 @@ public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
TlsUtils.writeOpaque16(psk_identity, output);
- if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK) {
+ if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
+ {
this.premasterSecret = TlsRSAUtils.generateEncryptedPreMasterSecret(context, this.rsaServerPublicKey,
output);
- } else if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) {
+ }
+ else if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
+ {
this.dhAgreeClientPrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
dhAgreeServerPublicKey.getParameters(), output);
}
}
- public byte[] generatePremasterSecret() throws IOException {
+ public byte[] generatePremasterSecret()
+ throws IOException
+ {
byte[] psk = pskIdentity.getPSK();
byte[] other_secret = generateOtherSecret(psk.length);
@@ -145,24 +178,30 @@ public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
return buf.toByteArray();
}
- protected byte[] generateOtherSecret(int pskLength) {
+ protected byte[] generateOtherSecret(int pskLength)
+ {
- if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) {
+ if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
+ {
return TlsDHUtils.calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
}
- if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK) {
+ if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
+ {
return this.premasterSecret;
}
return new byte[pskLength];
}
- protected RSAKeyParameters validateRSAPublicKey(RSAKeyParameters key) throws IOException {
+ protected RSAKeyParameters validateRSAPublicKey(RSAKeyParameters key)
+ throws IOException
+ {
// TODO What is the minimum bit length required?
// key.getModulus().bitLength();
- if (!key.getExponent().isProbablePrime(2)) {
+ if (!key.getExponent().isProbablePrime(2))
+ {
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-31 11:02:59 +0300