Port of new TLS API from bc-java

1 files changed, 416 insertions, 0 deletions

diff --git a/crypto/src/tls/NamedGroup.cs b/crypto/src/tls/NamedGroup.cs
new file mode 100644
index 000000000..0035ef9f3
--- /dev/null
+++ b/crypto/src/tls/NamedGroup.cs
@@ -0,0 +1,416 @@
+using System;
+
+namespace Org.BouncyCastle.Tls
+{
+    /// <summary>RFC 7919</summary>
+    public abstract class NamedGroup
+    {
+        /*
+         * RFC 4492 5.1.1
+         * <p>
+         * The named curves defined here are those specified in SEC 2 [13]. Note that many of these curves
+         * are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00 through 0xFEFF are
+         * reserved for private use. Values 0xFF01 and 0xFF02 indicate that the client supports arbitrary
+         * prime and characteristic-2 curves, respectively (the curve parameters must be encoded explicitly
+         * in ECParameters).
+         */
+        public const int sect163k1 = 1;
+        public const int sect163r1 = 2;
+        public const int sect163r2 = 3;
+        public const int sect193r1 = 4;
+        public const int sect193r2 = 5;
+        public const int sect233k1 = 6;
+        public const int sect233r1 = 7;
+        public const int sect239k1 = 8;
+        public const int sect283k1 = 9;
+        public const int sect283r1 = 10;
+        public const int sect409k1 = 11;
+        public const int sect409r1 = 12;
+        public const int sect571k1 = 13;
+        public const int sect571r1 = 14;
+        public const int secp160k1 = 15;
+        public const int secp160r1 = 16;
+        public const int secp160r2 = 17;
+        public const int secp192k1 = 18;
+        public const int secp192r1 = 19;
+        public const int secp224k1 = 20;
+        public const int secp224r1 = 21;
+        public const int secp256k1 = 22;
+        public const int secp256r1 = 23;
+        public const int secp384r1 = 24;
+        public const int secp521r1 = 25;
+
+        /*
+         * RFC 7027
+         */
+        public const int brainpoolP256r1 = 26;
+        public const int brainpoolP384r1 = 27;
+        public const int brainpoolP512r1 = 28;
+
+        /*
+         * RFC 8422
+         */
+        public const int x25519 = 29;
+        public const int x448 = 30;
+
+        /*
+         * RFC 8734
+         */
+        public const int brainpoolP256r1tls13 = 31;
+        public const int brainpoolP384r1tls13 = 32;
+        public const int brainpoolP512r1tls13 = 33;
+
+        /*
+         * draft-smyshlyaev-tls12-gost-suites-10
+         */
+        public const int GC256A = 34;
+        public const int GC256B = 35;
+        public const int GC256C = 36;
+        public const int GC256D = 37;
+        public const int GC512A = 38;
+        public const int GC512B = 39;
+        public const int GC512C = 40;
+
+        /*
+         * RFC 8998
+         */
+        public const int curveSM2 = 41;
+
+        /*
+         * RFC 7919 2. Codepoints in the "Supported Groups Registry" with a high byte of 0x01 (that is,
+         * between 256 and 511, inclusive) are set aside for FFDHE groups, though only a small number of
+         * them are initially defined and we do not expect many other FFDHE groups to be added to this
+         * range. No codepoints outside of this range will be allocated to FFDHE groups.
+         */
+        public const int ffdhe2048 = 256;
+        public const int ffdhe3072 = 257;
+        public const int ffdhe4096 = 258;
+        public const int ffdhe6144 = 259;
+        public const int ffdhe8192 = 260;
+
+        /*
+         * RFC 8446 reserved ffdhe_private_use (0x01FC..0x01FF)
+         */
+
+        /*
+         * RFC 4492 reserved ecdhe_private_use (0xFE00..0xFEFF)
+         */
+
+        /*
+         * RFC 4492
+         */
+        public const int arbitrary_explicit_prime_curves = 0xFF01;
+        public const int arbitrary_explicit_char2_curves = 0xFF02;
+
+        /* Names of the actual underlying elliptic curves (not necessarily matching the NamedGroup names). */
+        private static readonly string[] CurveNames = new string[]{ "sect163k1", "sect163r1", "sect163r2", "sect193r1",
+            "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1",
+            "sect571k1", "sect571r1", "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "secp224k1",
+            "secp224r1", "secp256k1", "secp256r1", "secp384r1", "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
+            "brainpoolP512r1", "X25519", "X448", "brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1",
+            "Tc26-Gost-3410-12-256-paramSetA", "GostR3410-2001-CryptoPro-A", "GostR3410-2001-CryptoPro-B",
+            "GostR3410-2001-CryptoPro-C", "Tc26-Gost-3410-12-512-paramSetA", "Tc26-Gost-3410-12-512-paramSetB",
+            "Tc26-Gost-3410-12-512-paramSetC", "sm2p256v1" };
+
+        private static readonly string[] FiniteFieldNames = new string[]{ "ffdhe2048", "ffdhe3072", "ffdhe4096",
+            "ffdhe6144", "ffdhe8192" };
+
+        public static bool CanBeNegotiated(int namedGroup, ProtocolVersion version)
+        {
+            if (TlsUtilities.IsTlsV13(version))
+            {
+                if ((namedGroup >= sect163k1 && namedGroup <= secp256k1)
+                    || (namedGroup >= brainpoolP256r1 && namedGroup <= brainpoolP512r1)
+                    || (namedGroup >= GC256A && namedGroup <= GC512C)
+                    || (namedGroup >= arbitrary_explicit_prime_curves && namedGroup <= arbitrary_explicit_char2_curves))
+                {
+                    return false;
+                }
+            }
+            else
+            {
+                if ((namedGroup >= brainpoolP256r1tls13 && namedGroup <= brainpoolP512r1tls13)
+                    || (namedGroup == curveSM2))
+                {
+                    return false;
+                }
+            }
+
+            return IsValid(namedGroup);
+        }
+
+        public static int GetCurveBits(int namedGroup)
+        {
+            switch (namedGroup)
+            {
+            case secp160k1:
+            case secp160r1:
+            case secp160r2:
+                return 160;
+
+            case sect163k1:
+            case sect163r1:
+            case sect163r2:
+                return 163;
+
+            case secp192k1:
+            case secp192r1:
+                return 192;
+
+            case sect193r1:
+            case sect193r2:
+                return 193;
+
+            case secp224k1:
+            case secp224r1:
+                return 224;
+
+            case sect233k1:
+            case sect233r1:
+                return 233;
+
+            case sect239k1:
+                return 239;
+
+            case x25519:
+                return 252;
+
+            case brainpoolP256r1:
+            case brainpoolP256r1tls13:
+            case curveSM2:
+            case GC256A:
+            case GC256B:
+            case GC256C:
+            case GC256D:
+            case secp256k1:
+            case secp256r1:
+                return 256;
+
+            case sect283k1:
+            case sect283r1:
+                return 283;
+
+            case brainpoolP384r1:
+            case brainpoolP384r1tls13:
+            case secp384r1:
+                return 384;
+
+            case sect409k1:
+            case sect409r1:
+                return 409;
+
+            case x448:
+                return 446;
+
+            case brainpoolP512r1:
+            case brainpoolP512r1tls13:
+            case GC512A:
+            case GC512B:
+            case GC512C:
+                return 512;
+
+            case secp521r1:
+                return 521;
+
+            case sect571k1:
+            case sect571r1:
+                return 571;
+
+            default:
+                return 0;
+            }
+        }
+
+        public static string GetCurveName(int namedGroup)
+        {
+            if (RefersToASpecificCurve(namedGroup))
+            {
+                return CurveNames[namedGroup - sect163k1];
+            }
+
+            return null;
+        }
+
+        public static int GetFiniteFieldBits(int namedGroup)
+        {
+            switch (namedGroup)
+            {
+            case ffdhe2048:
+                return 2048;
+            case ffdhe3072:
+                return 3072;
+            case ffdhe4096:
+                return 4096;
+            case ffdhe6144:
+                return 6144;
+            case ffdhe8192:
+                return 8192;
+            default:
+                return 0;
+            }
+        }
+
+        public static string GetFiniteFieldName(int namedGroup)
+        {
+            if (RefersToASpecificFiniteField(namedGroup))
+            {
+                return FiniteFieldNames[namedGroup - ffdhe2048];
+            }
+
+            return null;
+        }
+
+        public static int GetMaximumChar2CurveBits()
+        {
+            return 571;
+        }
+
+        public static int GetMaximumCurveBits()
+        {
+            return 571;
+        }
+
+        public static int GetMaximumFiniteFieldBits()
+        {
+            return 8192;
+        }
+
+        public static int GetMaximumPrimeCurveBits()
+        {
+            return 521;
+        }
+
+        public static string GetName(int namedGroup)
+        {
+            if (IsPrivate(namedGroup))
+            {
+                return "PRIVATE";
+            }
+
+            switch (namedGroup)
+            {
+            case x25519:
+                return "x25519";
+            case x448:
+                return "x448";
+            case brainpoolP256r1tls13:
+                return "brainpoolP256r1tls13";
+            case brainpoolP384r1tls13:
+                return "brainpoolP384r1tls13";
+            case brainpoolP512r1tls13:
+                return "brainpoolP512r1tls13";
+            case GC256A:
+                return "GC256A";
+            case GC256B:
+                return "GC256B";
+            case GC256C:
+                return "GC256C";
+            case GC256D:
+                return "GC256D";
+            case GC512A:
+                return "GC512A";
+            case GC512B:
+                return "GC512B";
+            case GC512C:
+                return "GC512C";
+            case curveSM2:
+                return "curveSM2";
+            case arbitrary_explicit_prime_curves:
+                return "arbitrary_explicit_prime_curves";
+            case arbitrary_explicit_char2_curves:
+                return "arbitrary_explicit_char2_curves";
+            }
+
+            string standardName = GetStandardName(namedGroup);
+            if (null != standardName)
+            {
+                return standardName;
+            }
+
+            return "UNKNOWN";
+        }
+
+        public static string GetStandardName(int namedGroup)
+        {
+            string curveName = GetCurveName(namedGroup);
+            if (null != curveName)
+            {
+                return curveName;
+            }
+
+            string finiteFieldName = GetFiniteFieldName(namedGroup);
+            if (null != finiteFieldName)
+            {
+                return finiteFieldName;
+            }
+
+            return null;
+        }
+
+        public static string GetText(int namedGroup)
+        {
+            return GetName(namedGroup) + "(" + namedGroup + ")";
+        }
+
+        public static bool IsChar2Curve(int namedGroup)
+        {
+            return (namedGroup >= sect163k1 && namedGroup <= sect571r1)
+                || (namedGroup == arbitrary_explicit_char2_curves);
+        }
+
+        public static bool IsPrimeCurve(int namedGroup)
+        {
+            return (namedGroup >= secp160k1 && namedGroup <= curveSM2)
+                || (namedGroup == arbitrary_explicit_prime_curves);
+        }
+
+        public static bool IsPrivate(int namedGroup)
+        {
+            return (namedGroup >> 2) == 0x7F || (namedGroup >> 8) == 0xFE;
+        }
+
+        public static bool IsValid(int namedGroup)
+        {
+            return RefersToASpecificGroup(namedGroup)
+                || IsPrivate(namedGroup)
+                || (namedGroup >= arbitrary_explicit_prime_curves && namedGroup <= arbitrary_explicit_char2_curves);
+        }
+
+        public static bool RefersToAnECDHCurve(int namedGroup)
+        {
+            return RefersToASpecificCurve(namedGroup);
+        }
+
+        public static bool RefersToAnECDSACurve(int namedGroup)
+        {
+            /*
+             * TODO[RFC 8998] Double-check whether this method is only being used to mean
+             * "signature-capable" or specifically ECDSA, and consider curveSM2 behaviour
+             * accordingly.
+             */
+            return RefersToASpecificCurve(namedGroup)
+                && !RefersToAnXDHCurve(namedGroup);
+        }
+
+        public static bool RefersToAnXDHCurve(int namedGroup)
+        {
+            return namedGroup >= x25519 && namedGroup <= x448;
+        }
+
+        public static bool RefersToASpecificCurve(int namedGroup)
+        {
+            return namedGroup >= sect163k1 && namedGroup <= curveSM2;
+        }
+
+        public static bool RefersToASpecificFiniteField(int namedGroup)
+        {
+            return namedGroup >= ffdhe2048 && namedGroup <= ffdhe8192;
+        }
+
+        public static bool RefersToASpecificGroup(int namedGroup)
+        {
+            return RefersToASpecificCurve(namedGroup)
+                || RefersToASpecificFiniteField(namedGroup);
+        }
+    }
+}