init commit

2025-10-09 09:57:24 +09:00
commit 4d551bd74f
6636 changed files with 1218703 additions and 0 deletions
--- a/output/Libraries/BouncyCastle.Crypto/Org/BouncyCastle/Crypto/Tls/TlsRsaKeyExchange.cs
+++ b/output/Libraries/BouncyCastle.Crypto/Org/BouncyCastle/Crypto/Tls/TlsRsaKeyExchange.cs
@@ -0,0 +1,120 @@
+using System;
+using System.Collections;
+using System.IO;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities.IO;
+
+namespace Org.BouncyCastle.Crypto.Tls;
+
+public class TlsRsaKeyExchange : AbstractTlsKeyExchange
+{
+	protected AsymmetricKeyParameter mServerPublicKey = null;
+
+	protected RsaKeyParameters mRsaServerPublicKey = null;
+
+	protected TlsEncryptionCredentials mServerCredentials = null;
+
+	protected byte[] mPremasterSecret;
+
+	public TlsRsaKeyExchange(IList supportedSignatureAlgorithms)
+		: base(1, supportedSignatureAlgorithms)
+	{
+	}
+
+	public override void SkipServerCredentials()
+	{
+		throw new TlsFatalAlert(10);
+	}
+
+	public override void ProcessServerCredentials(TlsCredentials serverCredentials)
+	{
+		if (!(serverCredentials is TlsEncryptionCredentials))
+		{
+			throw new TlsFatalAlert(80);
+		}
+		ProcessServerCertificate(serverCredentials.Certificate);
+		mServerCredentials = (TlsEncryptionCredentials)serverCredentials;
+	}
+
+	public override void ProcessServerCertificate(Certificate serverCertificate)
+	{
+		if (serverCertificate.IsEmpty)
+		{
+			throw new TlsFatalAlert(42);
+		}
+		X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
+		SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
+		try
+		{
+			mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
+		}
+		catch (Exception alertCause)
+		{
+			throw new TlsFatalAlert(43, alertCause);
+		}
+		if (mServerPublicKey.IsPrivate)
+		{
+			throw new TlsFatalAlert(80);
+		}
+		mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)mServerPublicKey);
+		TlsUtilities.ValidateKeyUsage(certificateAt, 32);
+		base.ProcessServerCertificate(serverCertificate);
+	}
+
+	public override void ValidateCertificateRequest(CertificateRequest certificateRequest)
+	{
+		byte[] certificateTypes = certificateRequest.CertificateTypes;
+		for (int i = 0; i < certificateTypes.Length; i++)
+		{
+			switch (certificateTypes[i])
+			{
+			case 1:
+			case 2:
+			case 64:
+				continue;
+			}
+			throw new TlsFatalAlert(47);
+		}
+	}
+
+	public override void ProcessClientCredentials(TlsCredentials clientCredentials)
+	{
+		if (!(clientCredentials is TlsSignerCredentials))
+		{
+			throw new TlsFatalAlert(80);
+		}
+	}
+
+	public override void GenerateClientKeyExchange(Stream output)
+	{
+		mPremasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(mContext, mRsaServerPublicKey, output);
+	}
+
+	public override void ProcessClientKeyExchange(Stream input)
+	{
+		byte[] encryptedPreMasterSecret = ((!TlsUtilities.IsSsl(mContext)) ? TlsUtilities.ReadOpaque16(input) : Streams.ReadAll(input));
+		mPremasterSecret = mServerCredentials.DecryptPreMasterSecret(encryptedPreMasterSecret);
+	}
+
+	public override byte[] GeneratePremasterSecret()
+	{
+		if (mPremasterSecret == null)
+		{
+			throw new TlsFatalAlert(80);
+		}
+		byte[] result = mPremasterSecret;
+		mPremasterSecret = null;
+		return result;
+	}
+
+	protected virtual RsaKeyParameters ValidateRsaPublicKey(RsaKeyParameters key)
+	{
+		if (!key.Exponent.IsProbablePrime(2))
+		{
+			throw new TlsFatalAlert(47);
+		}
+		return key;
+	}
+}