| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 |
- #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
- #pragma warning disable
- using System;
- using System.IO;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Tls.Crypto;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.IO;
- namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Tls
- {
- public class TlsDheKeyExchange
- : AbstractTlsKeyExchange
- {
- private static int CheckKeyExchange(int keyExchange)
- {
- switch (keyExchange)
- {
- case KeyExchangeAlgorithm.DHE_DSS:
- case KeyExchangeAlgorithm.DHE_RSA:
- return keyExchange;
- default:
- throw new ArgumentException("unsupported key exchange algorithm", "keyExchange");
- }
- }
- protected TlsDHGroupVerifier m_dhGroupVerifier;
- protected TlsDHConfig m_dhConfig;
- protected TlsCredentialedSigner m_serverCredentials = null;
- protected TlsCertificate m_serverCertificate = null;
- protected TlsAgreement m_agreement;
- public TlsDheKeyExchange(int keyExchange, TlsDHGroupVerifier dhGroupVerifier)
- : this(keyExchange, dhGroupVerifier, null)
- {
- }
- public TlsDheKeyExchange(int keyExchange, TlsDHConfig dhConfig)
- : this(keyExchange, null, dhConfig)
- {
- }
- private TlsDheKeyExchange(int keyExchange, TlsDHGroupVerifier dhGroupVerifier, TlsDHConfig dhConfig)
- : base(CheckKeyExchange(keyExchange))
- {
- this.m_dhGroupVerifier = dhGroupVerifier;
- this.m_dhConfig = dhConfig;
- }
- public override void SkipServerCredentials()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
- public override void ProcessServerCredentials(TlsCredentials serverCredentials)
- {
- this.m_serverCredentials = TlsUtilities.RequireSignerCredentials(serverCredentials);
- }
- public override void ProcessServerCertificate(Certificate serverCertificate)
- {
- this.m_serverCertificate = serverCertificate.GetCertificateAt(0);
- }
- public override bool RequiresServerKeyExchange
- {
- get { return true; }
- }
- public override byte[] GenerateServerKeyExchange()
- {
- DigestInputBuffer digestBuffer = new DigestInputBuffer();
- TlsDHUtilities.WriteDHConfig(m_dhConfig, digestBuffer);
- this.m_agreement = m_context.Crypto.CreateDHDomain(m_dhConfig).CreateDH();
- byte[] y = m_agreement.GenerateEphemeral();
- TlsUtilities.WriteOpaque16(y, digestBuffer);
- TlsUtilities.GenerateServerKeyExchangeSignature(m_context, m_serverCredentials, null, digestBuffer);
- return digestBuffer.ToArray();
- }
- public override void ProcessServerKeyExchange(Stream input)
- {
- DigestInputBuffer digestBuffer = new DigestInputBuffer();
- Stream teeIn = new TeeInputStream(input, digestBuffer);
- this.m_dhConfig = TlsDHUtilities.ReceiveDHConfig(m_context, m_dhGroupVerifier, teeIn);
- byte[] y = TlsUtilities.ReadOpaque16(teeIn, 1);
- TlsUtilities.VerifyServerKeyExchangeSignature(m_context, input, m_serverCertificate, null, digestBuffer);
- this.m_agreement = m_context.Crypto.CreateDHDomain(m_dhConfig).CreateDH();
- m_agreement.ReceivePeerValue(y);
- }
- public override short[] GetClientCertificateTypes()
- {
- return new short[]{ ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign,
- ClientCertificateType.rsa_sign };
- }
- public override void ProcessClientCredentials(TlsCredentials clientCredentials)
- {
- TlsUtilities.RequireSignerCredentials(clientCredentials);
- }
- public override void GenerateClientKeyExchange(Stream output)
- {
- byte[] y = m_agreement.GenerateEphemeral();
- TlsUtilities.WriteOpaque16(y, output);
- }
- public override void ProcessClientKeyExchange(Stream input)
- {
- m_agreement.ReceivePeerValue(TlsUtilities.ReadOpaque16(input, 1));
- }
- public override TlsSecret GeneratePreMasterSecret()
- {
- return m_agreement.CalculateSecret();
- }
- }
- }
- #pragma warning restore
- #endif
|
