public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); Signer signer = initVerifyer(tlsSigner, securityParameters); InputStream sigIn = new SignerInputStream(input, signer); BigInteger p = TlsDHUtils.readDHParameter(sigIn); BigInteger g = TlsDHUtils.readDHParameter(sigIn); BigInteger Ys = TlsDHUtils.readDHParameter(sigIn); byte[] sigBytes = TlsUtils.readOpaque16(input); if (!signer.verifySignature(sigBytes)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.dhAgreeServerPublicKey = validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g))); }
public void processServerKeyExchange(InputStream input) throws IOException { this.psk_identity_hint = TlsUtils.readOpaque16(input); if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK) { byte[] pBytes = TlsUtils.readOpaque16(input); byte[] gBytes = TlsUtils.readOpaque16(input); byte[] YsBytes = TlsUtils.readOpaque16(input); BigInteger p = new BigInteger(1, pBytes); BigInteger g = new BigInteger(1, gBytes); BigInteger Ys = new BigInteger(1, YsBytes); this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g))); } }
public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException { BigInteger Y = key.getY(); DHParameters params = key.getParameters(); BigInteger p = params.getP(); BigInteger g = params.getG(); if (!p.isProbablePrime(2)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (g.compareTo(TWO) < 0 || g.compareTo(p.subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(ONE)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return key; }
public AsymmetricCipherKeyPair generateKeyPair() { BigInteger p, g, x, y; int qLength = param.getStrength() - 1; DHParameters dhParams = param.getParameters(); p = dhParams.getP(); g = dhParams.getG(); // // calculate the private key // x = new BigInteger(qLength, param.getRandom()); // // calculate the public key. // y = g.modPow(x, p); return new AsymmetricCipherKeyPair( new DHPublicKeyParameters(y, dhParams), new DHPrivateKeyParameters(x, dhParams)); }
public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException { BigInteger Y = key.getY(); DHParameters params = key.getParameters(); BigInteger p = params.getP(); BigInteger g = params.getG(); if (!p.isProbablePrime(2)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (g.compareTo(TWO) < 0 || g.compareTo(p.subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return key; }
public byte[] generateClientKeyExchange() throws IOException { // TODO RFC 2246 7.4.72 /* * If the client certificate already contains a suitable Diffie-Hellman key, then * Yc is implicit and does not need to be sent again. In this case, the Client Key * Exchange message will be sent, but will be empty. */ // return new byte[0]; /* * Generate a keypair (using parameters from server key) and send the public value * to the server. */ DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.init(new DHKeyGenerationParameters(handler.getRandom(), dhAgreeServerPublicKey.getParameters())); this.dhAgreeClientKeyPair = dhGen.generateKeyPair(); BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.getPublic()).getY(); return BigIntegers.asUnsignedByteArray(Yc); }
static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof DHPublicKey) { DHPublicKey k = (DHPublicKey)key; return new DHPublicKeyParameters(k.getY(), new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); } throw new InvalidKeyException("can't identify DH public key."); }
public byte[] generateServerKeyExchange() throws IOException { if (this.dhParameters == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } ByteArrayOutputStream buf = new ByteArrayOutputStream(); DHKeyPairGenerator kpg = new DHKeyPairGenerator(); kpg.init(new DHKeyGenerationParameters(context.getSecureRandom(), this.dhParameters)); AsymmetricCipherKeyPair kp = kpg.generateKeyPair(); BigInteger Ys = ((DHPublicKeyParameters)kp.getPublic()).getY(); TlsDHUtils.writeDHParameter(dhParameters.getP(), buf); TlsDHUtils.writeDHParameter(dhParameters.getG(), buf); TlsDHUtils.writeDHParameter(Ys, buf); byte[] digestInput = buf.toByteArray(); Digest d = new CombinedHash(); SecurityParameters securityParameters = context.getSecurityParameters(); d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length); d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length); d.update(digestInput, 0, digestInput.length); byte[] hash = new byte[d.getDigestSize()]; d.doFinal(hash, 0); byte[] sigBytes = serverCredentials.generateCertificateSignature(hash); /* * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm prepended from TLS 1.2 */ TlsUtils.writeOpaque16(sigBytes, buf); return buf.toByteArray(); }
public static byte[] calculateDHBasicAgreement(DHPublicKeyParameters publicKey, DHPrivateKeyParameters privateKey) { DHBasicAgreement basicAgreement = new DHBasicAgreement(); basicAgreement.init(privateKey); BigInteger agreementValue = basicAgreement.calculateAgreement(publicKey); /* * RFC 5246 8.1.2. Leading bytes of Z that contain all zero bits are stripped before it is * used as the pre_master_secret. */ return BigIntegers.asUnsignedByteArray(agreementValue); }
public static DHPrivateKeyParameters generateEphemeralClientKeyExchange(SecureRandom random, DHParameters dhParams, OutputStream output) throws IOException { AsymmetricCipherKeyPair dhAgreeClientKeyPair = generateDHKeyPair(random, dhParams); DHPrivateKeyParameters dhAgreeClientPrivateKey = (DHPrivateKeyParameters)dhAgreeClientKeyPair .getPrivate(); BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.getPublic()).getY(); byte[] keData = BigIntegers.asUnsignedByteArray(Yc); TlsUtils.writeOpaque16(keData, output); return dhAgreeClientPrivateKey; }
/** * given a short term public key from a given party calculate the next * message in the agreement sequence. */ public BigInteger calculateAgreement( CipherParameters pubKey) { DHPublicKeyParameters pub = (DHPublicKeyParameters)pubKey; if (!pub.getParameters().equals(dhParams)) { throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); } return pub.getY().modPow(key.getX(), dhParams.getP()); }
/** * calculate our initial message. */ public BigInteger calculateMessage() { DHKeyPairGenerator dhGen = new DHKeyPairGenerator(); dhGen.init(new DHKeyGenerationParameters(random, dhParams)); AsymmetricCipherKeyPair dhPair = dhGen.generateKeyPair(); this.privateValue = ((DHPrivateKeyParameters)dhPair.getPrivate()).getX(); return ((DHPublicKeyParameters)dhPair.getPublic()).getY(); }
/** * given a message from a given party and the corresponding public key, * calculate the next message in the agreement sequence. In this case * this will represent the shared secret. */ public BigInteger calculateAgreement( DHPublicKeyParameters pub, BigInteger message) { if (!pub.getParameters().equals(dhParams)) { throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); } BigInteger p = dhParams.getP(); return message.modPow(key.getX(), p).multiply(pub.getY().modPow(privateValue, p)).mod(p); }
public AsymmetricKeyParameter readKey(InputStream stream) throws IOException { byte[] V = new byte[(dhParams.getP().bitLength() + 7) / 8]; stream.read(V, 0, V.length); return new DHPublicKeyParameters(new BigInteger(1, V), dhParams); }
public AsymmetricCipherKeyPair generateKeyPair() { DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE; DHParameters dhp = param.getParameters(); BigInteger x = helper.calculatePrivate(dhp, param.getRandom()); BigInteger y = helper.calculatePublic(dhp, x); return new AsymmetricCipherKeyPair( new DHPublicKeyParameters(y, dhp), new DHPrivateKeyParameters(x, dhp)); }
private void adjustPublicKeyParameters(Certificate cert) { try { if (CertificateUtils.hasDHParameters(cert)) { LOGGER.debug("Adjusting DH PublicKey"); DHPublicKeyParameters dhParameters = CertificateUtils.extractDHPublicKeyParameters(cert); adjustDHParameters(dhParameters); } else if (CertificateUtils.hasECParameters(cert)) { LOGGER.debug("Adjusting EC PublicKey"); ECPublicKeyParameters ecParameters = CertificateUtils.extractECPublicKeyParameters(cert); adjustECParameters(ecParameters); } else if (CertificateUtils.hasRSAParameters(cert)) { LOGGER.debug("Adjusting RSA PublicKey"); if (tlsContext.getTalkingConnectionEndType() == ConnectionEndType.CLIENT) { tlsContext.setClientRSAPublicKey(CertificateUtils.extractRSAPublicKey(cert)); tlsContext.setClientRSAPrivateKey(tlsContext.getConfig().getDefaultClientRSAPrivateKey()); tlsContext.setClientRsaModulus(CertificateUtils.extractRSAModulus(cert)); } else { tlsContext.setServerRSAPublicKey(CertificateUtils.extractRSAPublicKey(cert)); tlsContext.setServerRSAPrivateKey(tlsContext.getConfig().getDefaultServerRSAPrivateKey()); tlsContext.setServerRsaModulus(CertificateUtils.extractRSAModulus(cert)); } } else { LOGGER.warn("Could not adjust Certificate publicKey"); } } catch (IOException E) { throw new AdjustmentException("Could not adjust PublicKey Information from Certificate", E); } }
private void adjustDHParameters(DHPublicKeyParameters dhPublicKeyParameters) { if (tlsContext.getTalkingConnectionEndType() == ConnectionEndType.CLIENT) { tlsContext.setClientDhGenerator(dhPublicKeyParameters.getParameters().getG()); tlsContext.setClientDhModulus(dhPublicKeyParameters.getParameters().getP()); tlsContext.setClientDhPublicKey(dhPublicKeyParameters.getY()); } else { tlsContext.setServerDhGenerator(dhPublicKeyParameters.getParameters().getG()); tlsContext.setServerDhModulus(dhPublicKeyParameters.getParameters().getP()); tlsContext.setServerDhPublicKey(dhPublicKeyParameters.getY()); } }
private void applyDHParameters(Config config, DHPublicKeyParameters dhParameters) { config.setDefaultServerDhModulus(dhParameters.getParameters().getP()); config.setDefaultServerDhGenerator(dhParameters.getParameters().getG()); config.setDefaultClientDhModulus(dhParameters.getParameters().getP()); config.setDefaultClientDhGenerator(dhParameters.getParameters().getG()); config.setDefaultClientDhPublicKey(dhParameters.getY()); config.setDefaultServerDhPublicKey(dhParameters.getY()); }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { throw new IOException(); } }
public ServerDHParams(DHPublicKeyParameters publicKey) { if (publicKey == null) { throw new IllegalArgumentException("'publicKey' cannot be null"); } this.publicKey = publicKey; }
/** * Parse a {@link ServerDHParams} from an {@link InputStream}. * * @param input * the {@link InputStream} to parse from. * @return a {@link ServerDHParams} object. * @throws IOException */ public static ServerDHParams parse(InputStream input) throws IOException { BigInteger p = TlsDHUtils.readDHParameter(input); BigInteger g = TlsDHUtils.readDHParameter(input); BigInteger Ys = TlsDHUtils.readDHParameter(input); return new ServerDHParams(TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g)))); }
public void processClientKeyExchange(InputStream input) throws IOException { if (dhAgreePublicKey != null) { // For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate return; } BigInteger Yc = TlsDHUtils.readDHParameter(input); this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters)); }
public static DHPrivateKeyParameters generateEphemeralClientKeyExchange(SecureRandom random, DHParameters dhParams, OutputStream output) throws IOException { AsymmetricCipherKeyPair kp = generateDHKeyPair(random, dhParams); DHPublicKeyParameters dhPublic = (DHPublicKeyParameters) kp.getPublic(); writeDHParameter(dhPublic.getY(), output); return (DHPrivateKeyParameters) kp.getPrivate(); }
public static DHPrivateKeyParameters generateEphemeralServerKeyExchange(SecureRandom random, DHParameters dhParams, OutputStream output) throws IOException { AsymmetricCipherKeyPair kp = generateDHKeyPair(random, dhParams); DHPublicKeyParameters dhPublic = (DHPublicKeyParameters)kp.getPublic(); new ServerDHParams(dhPublic).encode(output); return (DHPrivateKeyParameters)kp.getPrivate(); }
public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException { DHParameters params = validateDHParameters(key.getParameters()); BigInteger Y = key.getY(); if (Y.compareTo(TWO) < 0 || Y.compareTo(params.getP().subtract(TWO)) > 0) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation return key; }
public AsymmetricKeyParameter readKey(InputStream stream) throws IOException { byte[] V = new byte[(dhParams.getP().bitLength() + 7) / 8]; Streams.readFully(stream, V, 0, V.length); return new DHPublicKeyParameters(new BigInteger(1, V), dhParams); }
