public void generateClientKeyExchange(OutputStream os) throws IOException { /* * RFC 2246 7.4.7.2 If the client certificate already contains a suitable * Diffie-Hellman key, then Yc is implicit and does not need to be sent again. In * this case, the Client Key Exchange message will be sent, but will be empty. */ if (agreementCredentials == null) { generateEphemeralClientKeyExchange(dhAgreeServerPublicKey.getParameters(), os); } }
JCEDHPublicKey( DHPublicKeyParameters params) { this.y = params.getY(); this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); }
BCDHPublicKey( DHPublicKeyParameters params) { this.y = params.getY(); this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); this.dhPublicKey = params; }
BCDHPublicKey( DHPublicKeyParameters params) { this.y = params.getY(); this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); }
JCEDHPublicKey( DHPublicKeyParameters params) { this.y = params.getY(); this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); }
public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException { DHParameters params = validateDHParameters(key.getParameters()); BigInteger Y = key.getY(); if (Y.compareTo(TWO) < 0 || Y.compareTo(params.getP().subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return key; }
BigInteger message) if (!pub.getParameters().equals(dhParams))
if (!pub.getParameters().equals(dhParams))
/** * given a message from a given party and the corresponding public key, * calculate the next message in the agreement sequence. In this case * this will represent the shared secret. */ public BigInteger calculateAgreement( DHPublicKeyParameters pub, BigInteger message) { if (!pub.getParameters().equals(dhParams)) { throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); } BigInteger p = dhParams.getP(); return message.modPow(key.getX(), p).multiply(pub.getY().modPow(privateValue, p)).mod(p); } }
public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException { BigInteger Y = key.getY(); DHParameters params = key.getParameters(); BigInteger p = params.getP(); BigInteger g = params.getG(); if (!p.isProbablePrime(2)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (g.compareTo(TWO) < 0 || g.compareTo(p.subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(ONE)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return key; } }
/** * given a short term public key from a given party calculate the next * message in the agreement sequence. */ public BigInteger calculateAgreement( CipherParameters pubKey) { DHPublicKeyParameters pub = (DHPublicKeyParameters)pubKey; if (!pub.getParameters().equals(dhParams)) { throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); } return pub.getY().modPow(key.getX(), dhParams.getP()); } }
public void processServerKeyExchange(InputStream input) throws IOException { if (!requiresServerKeyExchange()) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } // DH_anon is handled here, DHE_* in a subclass ServerDHParams dhParams = ServerDHParams.parse(input); this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey()); this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters()); }
/** * Encode this {@link ServerDHParams} to an {@link OutputStream}. * * @param output * the {@link OutputStream} to encode to. * @throws IOException */ public void encode(OutputStream output) throws IOException { DHParameters dhParameters = publicKey.getParameters(); BigInteger Ys = publicKey.getY(); TlsDHUtils.writeDHParameter(dhParameters.getP(), output); TlsDHUtils.writeDHParameter(dhParameters.getG(), output); TlsDHUtils.writeDHParameter(Ys, output); }
public void processServerKeyExchange(InputStream input) throws IOException { this.psk_identity_hint = TlsUtils.readOpaque16(input); if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) { ServerDHParams serverDHParams = ServerDHParams.parse(input); this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(serverDHParams.getPublicKey()); this.dhParameters = dhAgreePublicKey.getParameters(); } else if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK) { ECDomainParameters ecParams = TlsECCUtils.readECParameters(namedCurves, clientECPointFormats, input); byte[] point = TlsUtils.readOpaque8(input); this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey( clientECPointFormats, ecParams, point)); } }
public void generateClientKeyExchange(OutputStream os) throws IOException { if (psk_identity_hint == null || psk_identity_hint.length == 0) { pskIdentity.skipIdentityHint(); } else { pskIdentity.notifyIdentityHint(psk_identity_hint); } byte[] psk_identity = pskIdentity.getPSKIdentity(); TlsUtils.writeOpaque16(psk_identity, os); if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK) { this.premasterSecret = TlsRSAUtils.generateEncryptedPreMasterSecret(context, this.rsaServerPublicKey, os); } else if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) { this.dhAgreeClientPrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange( context.getSecureRandom(), dhAgreeServerPublicKey.getParameters(), os); } }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); SignerInputBuffer buf = new SignerInputBuffer(); InputStream teeIn = new TeeInputStream(input, buf); ServerDHParams dhParams = ServerDHParams.parse(teeIn); DigitallySigned signed_params = parseSignature(input); Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey()); this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters()); }
this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());