init commit

output/Libraries/BouncyCastle.Crypto/Org/BouncyCastle/Crypto/Tls/TlsECDheKeyExchange.cs

@@ -0,0 +1,94 @@
+using System.Collections;
+using System.IO;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities.IO;
+
+namespace Org.BouncyCastle.Crypto.Tls;
+
+public class TlsECDheKeyExchange : TlsECDHKeyExchange
+{
+	protected TlsSignerCredentials mServerCredentials = null;
+
+	public TlsECDheKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, int[] namedCurves, byte[] clientECPointFormats, byte[] serverECPointFormats)
+		: base(keyExchange, supportedSignatureAlgorithms, namedCurves, clientECPointFormats, serverECPointFormats)
+	{
+	}
+
+	public override void ProcessServerCredentials(TlsCredentials serverCredentials)
+	{
+		if (!(serverCredentials is TlsSignerCredentials))
+		{
+			throw new TlsFatalAlert(80);
+		}
+		ProcessServerCertificate(serverCredentials.Certificate);
+		mServerCredentials = (TlsSignerCredentials)serverCredentials;
+	}
+
+	public override byte[] GenerateServerKeyExchange()
+	{
+		DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
+		mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, digestInputBuffer);
+		SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
+		IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
+		SecurityParameters securityParameters = mContext.SecurityParameters;
+		digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
+		digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
+		digestInputBuffer.UpdateDigest(digest);
+		byte[] hash = DigestUtilities.DoFinal(digest);
+		byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
+		DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
+		digitallySigned.Encode(digestInputBuffer);
+		return digestInputBuffer.ToArray();
+	}
+
+	public override void ProcessServerKeyExchange(Stream input)
+	{
+		SecurityParameters securityParameters = mContext.SecurityParameters;
+		SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
+		Stream input2 = new TeeInputStream(input, signerInputBuffer);
+		ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input2);
+		byte[] encoding = TlsUtilities.ReadOpaque8(input2);
+		DigitallySigned digitallySigned = ParseSignature(input);
+		ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
+		signerInputBuffer.UpdateSigner(signer);
+		if (!signer.VerifySignature(digitallySigned.Signature))
+		{
+			throw new TlsFatalAlert(51);
+		}
+		mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding));
+	}
+
+	public override void ValidateCertificateRequest(CertificateRequest certificateRequest)
+	{
+		byte[] certificateTypes = certificateRequest.CertificateTypes;
+		for (int i = 0; i < certificateTypes.Length; i++)
+		{
+			switch (certificateTypes[i])
+			{
+			case 1:
+			case 2:
+			case 64:
+				continue;
+			}
+			throw new TlsFatalAlert(47);
+		}
+	}
+
+	public override void ProcessClientCredentials(TlsCredentials clientCredentials)
+	{
+		if (clientCredentials is TlsSignerCredentials)
+		{
+			return;
+		}
+		throw new TlsFatalAlert(80);
+	}
+
+	protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)
+	{
+		ISigner signer = tlsSigner.CreateVerifyer(algorithm, mServerPublicKey);
+		signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
+		signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
+		return signer;
+	}
+}