1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
package org.bouncycastle.crypto.tls;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
public class TlsDHEKeyExchange
extends TlsDHKeyExchange
{
protected TlsSignerCredentials serverCredentials = null;
public TlsDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
{
super(keyExchange, supportedSignatureAlgorithms, dhParameters);
}
public void processServerCredentials(TlsCredentials serverCredentials)
throws IOException
{
if (!(serverCredentials instanceof TlsSignerCredentials))
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
processServerCertificate(serverCredentials.getCertificate());
this.serverCredentials = (TlsSignerCredentials)serverCredentials;
}
public byte[] generateServerKeyExchange()
throws IOException
{
if (this.dhParameters == null)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
ByteArrayOutputStream buf = new ByteArrayOutputStream();
DHKeyPairGenerator kpg = new DHKeyPairGenerator();
kpg.init(new DHKeyGenerationParameters(context.getSecureRandom(), this.dhParameters));
AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
BigInteger Ys = ((DHPublicKeyParameters)kp.getPublic()).getY();
TlsDHUtils.writeDHParameter(dhParameters.getP(), buf);
TlsDHUtils.writeDHParameter(dhParameters.getG(), buf);
TlsDHUtils.writeDHParameter(Ys, buf);
byte[] digestInput = buf.toByteArray();
Digest d = new CombinedHash();
SecurityParameters securityParameters = context.getSecurityParameters();
d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
d.update(digestInput, 0, digestInput.length);
byte[] hash = new byte[d.getDigestSize()];
d.doFinal(hash, 0);
byte[] sigBytes = serverCredentials.generateCertificateSignature(hash);
/*
* TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm prepended from TLS 1.2
*/
TlsUtils.writeOpaque16(sigBytes, buf);
return buf.toByteArray();
}
public void processServerKeyExchange(InputStream input)
throws IOException
{
SecurityParameters securityParameters = context.getSecurityParameters();
Signer signer = initVerifyer(tlsSigner, securityParameters);
InputStream sigIn = new SignerInputStream(input, signer);
BigInteger p = TlsDHUtils.readDHParameter(sigIn);
BigInteger g = TlsDHUtils.readDHParameter(sigIn);
BigInteger Ys = TlsDHUtils.readDHParameter(sigIn);
byte[] sigBytes = TlsUtils.readOpaque16(input);
if (!signer.verifySignature(sigBytes))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
this.dhAgreeServerPublicKey = validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
}
protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters)
{
Signer signer = tlsSigner.createVerifyer(this.serverPublicKey);
signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
return signer;
}
}
|
