99 lines
3.9 KiB
C#
99 lines
3.9 KiB
C#
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
|
|
|
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
|
|
using Org.BouncyCastle.Crypto.Parameters;
|
|
using Org.BouncyCastle.Math;
|
|
using Org.BouncyCastle.Security;
|
|
using Org.BouncyCastle.Utilities.IO;
|
|
|
|
namespace Org.BouncyCastle.Crypto.Tls
|
|
{
|
|
public class TlsDheKeyExchange
|
|
: TlsDHKeyExchange
|
|
{
|
|
protected TlsSignerCredentials mServerCredentials = null;
|
|
|
|
public TlsDheKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, DHParameters dhParameters)
|
|
: base(keyExchange, supportedSignatureAlgorithms, dhParameters)
|
|
{
|
|
}
|
|
|
|
public override void ProcessServerCredentials(TlsCredentials serverCredentials)
|
|
{
|
|
if (!(serverCredentials is TlsSignerCredentials))
|
|
throw new TlsFatalAlert(AlertDescription.internal_error);
|
|
|
|
ProcessServerCertificate(serverCredentials.Certificate);
|
|
|
|
this.mServerCredentials = (TlsSignerCredentials)serverCredentials;
|
|
}
|
|
|
|
public override byte[] GenerateServerKeyExchange()
|
|
{
|
|
if (this.mDHParameters == null)
|
|
throw new TlsFatalAlert(AlertDescription.internal_error);
|
|
|
|
DigestInputBuffer buf = new DigestInputBuffer();
|
|
|
|
this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom,
|
|
this.mDHParameters, buf);
|
|
|
|
/*
|
|
* RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
|
|
*/
|
|
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
|
|
mContext, mServerCredentials);
|
|
|
|
IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
|
|
|
|
SecurityParameters securityParameters = mContext.SecurityParameters;
|
|
d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
|
|
d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
|
|
buf.UpdateDigest(d);
|
|
|
|
byte[] hash = DigestUtilities.DoFinal(d);
|
|
|
|
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
|
|
|
|
DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
|
|
signed_params.Encode(buf);
|
|
|
|
return buf.ToArray();
|
|
}
|
|
|
|
public override void ProcessServerKeyExchange(Stream input)
|
|
{
|
|
SecurityParameters securityParameters = mContext.SecurityParameters;
|
|
|
|
SignerInputBuffer buf = new SignerInputBuffer();
|
|
Stream teeIn = new TeeInputStream(input, buf);
|
|
|
|
ServerDHParams dhParams = ServerDHParams.Parse(teeIn);
|
|
|
|
DigitallySigned signed_params = ParseSignature(input);
|
|
|
|
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
|
|
buf.UpdateSigner(signer);
|
|
if (!signer.VerifySignature(signed_params.Signature))
|
|
throw new TlsFatalAlert(AlertDescription.decrypt_error);
|
|
|
|
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
|
|
this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
|
|
}
|
|
|
|
protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm,
|
|
SecurityParameters securityParameters)
|
|
{
|
|
ISigner signer = tlsSigner.CreateVerifyer(algorithm, this.mServerPublicKey);
|
|
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
|
|
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
|
|
return signer;
|
|
}
|
|
}
|
|
}
|
|
|
|
#endif
|