diff --git a/crypto/src/crypto/tls/DefaultTlsClient.cs b/crypto/src/crypto/tls/DefaultTlsClient.cs
index 7dadf8a1a..32a86e503 100644
--- a/crypto/src/crypto/tls/DefaultTlsClient.cs
+++ b/crypto/src/crypto/tls/DefaultTlsClient.cs
@@ -52,6 +52,7 @@ namespace Org.BouncyCastle.Crypto.Tls
switch (keyExchangeAlgorithm)
{
+ case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.DH_DSS:
case KeyExchangeAlgorithm.DH_RSA:
return CreateDHKeyExchange(keyExchangeAlgorithm);
diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs
index 87d0539b3..8b9a7c9a0 100644
--- a/crypto/src/crypto/tls/DefaultTlsServer.cs
+++ b/crypto/src/crypto/tls/DefaultTlsServer.cs
@@ -79,6 +79,7 @@ namespace Org.BouncyCastle.Crypto.Tls
case KeyExchangeAlgorithm.DHE_DSS:
return GetDsaSignerCredentials();
+ case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.ECDH_anon:
return null;
@@ -104,6 +105,7 @@ namespace Org.BouncyCastle.Crypto.Tls
switch (keyExchangeAlgorithm)
{
+ case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.DH_DSS:
case KeyExchangeAlgorithm.DH_RSA:
return CreateDHKeyExchange(keyExchangeAlgorithm);
diff --git a/crypto/src/crypto/tls/TlsDHKeyExchange.cs b/crypto/src/crypto/tls/TlsDHKeyExchange.cs
index 93ef1fa4a..eec9daaca 100644
--- a/crypto/src/crypto/tls/TlsDHKeyExchange.cs
+++ b/crypto/src/crypto/tls/TlsDHKeyExchange.cs
@@ -27,6 +27,7 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (keyExchange)
{
+ case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.mTlsSigner = null;
@@ -56,11 +57,14 @@ namespace Org.BouncyCastle.Crypto.Tls
public override void SkipServerCredentials()
{
- throw new TlsFatalAlert(AlertDescription.unexpected_message);
+ if (mKeyExchange != KeyExchangeAlgorithm.DH_anon)
+ throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
+ if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
+ throw new TlsFatalAlert(AlertDescription.unexpected_message);
if (serverCertificate.IsEmpty)
throw new TlsFatalAlert(AlertDescription.bad_certificate);
@@ -109,9 +113,9 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (mKeyExchange)
{
+ case KeyExchangeAlgorithm.DH_anon:
case KeyExchangeAlgorithm.DHE_DSS:
case KeyExchangeAlgorithm.DHE_RSA:
- case KeyExchangeAlgorithm.DH_anon:
return true;
default:
return false;
@@ -119,6 +123,32 @@ namespace Org.BouncyCastle.Crypto.Tls
}
}
+ public override byte[] GenerateServerKeyExchange()
+ {
+ if (!RequiresServerKeyExchange)
+ return null;
+
+ // DH_anon is handled here, DHE_* in a subclass
+
+ MemoryStream buf = new MemoryStream();
+ this.mDHAgreePrivateKey = TlsDHUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom,
+ this.mDHParameters, buf);
+ return buf.ToArray();
+ }
+
+ public override void ProcessServerKeyExchange(Stream input)
+ {
+ if (!RequiresServerKeyExchange)
+ throw new TlsFatalAlert(AlertDescription.unexpected_message);
+
+ // DH_anon is handled here, DHE_* in a subclass
+
+ ServerDHParams dhParams = ServerDHParams.Parse(input);
+
+ this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
+ this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
+ }
+
public override void ValidateCertificateRequest(CertificateRequest certificateRequest)
{
byte[] types = certificateRequest.CertificateTypes;
@@ -140,6 +170,9 @@ namespace Org.BouncyCastle.Crypto.Tls
public override void ProcessClientCredentials(TlsCredentials clientCredentials)
{
+ if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+
if (clientCredentials is TlsAgreementCredentials)
{
// TODO Validate client cert has matching parameters (see 'areCompatibleParameters')?
@@ -172,12 +205,11 @@ namespace Org.BouncyCastle.Crypto.Tls
public override void ProcessClientCertificate(Certificate clientCertificate)
{
- // TODO Extract the public key and validate
+ if (mKeyExchange == KeyExchangeAlgorithm.DH_anon)
+ throw new TlsFatalAlert(AlertDescription.unexpected_message);
- /*
- * TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey and check
- * that the parameters match the server's (see 'areCompatibleParameters').
- */
+ // TODO Extract the public key
+ // TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey
}
public override void ProcessClientKeyExchange(Stream input)
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs
index 05f06f5ea..c6c3375d9 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -1214,6 +1214,9 @@ namespace Org.BouncyCastle.Crypto.Tls
switch (ciphersuite)
{
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
@@ -1317,6 +1320,7 @@ namespace Org.BouncyCastle.Crypto.Tls
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
diff --git a/crypto/src/crypto/tls/TlsUtilities.cs b/crypto/src/crypto/tls/TlsUtilities.cs
index d51a8ff48..4f709a645 100644
--- a/crypto/src/crypto/tls/TlsUtilities.cs
+++ b/crypto/src/crypto/tls/TlsUtilities.cs
@@ -1260,6 +1260,7 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (ciphersuite)
{
+ case CipherSuite.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
case CipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
@@ -1279,6 +1280,8 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
return EncryptionAlgorithm.cls_3DES_EDE_CBC;
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
@@ -1325,6 +1328,7 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
return EncryptionAlgorithm.AES_128_CCM_8;
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
@@ -1347,6 +1351,8 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.DRAFT_TLS_PSK_WITH_AES_128_OCB:
return EncryptionAlgorithm.AES_128_OCB_TAGLEN96;
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA:
@@ -1393,6 +1399,7 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
return EncryptionAlgorithm.AES_256_CCM_8;
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
@@ -1415,17 +1422,16 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.DRAFT_TLS_PSK_WITH_AES_256_OCB:
return EncryptionAlgorithm.AES_256_OCB_TAGLEN96;
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:
- case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:
- case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
- case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
- case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
- return EncryptionAlgorithm.CAMELLIA_128_CBC;
-
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
@@ -1433,10 +1439,12 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
- case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
return EncryptionAlgorithm.CAMELLIA_128_CBC;
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
@@ -1451,30 +1459,29 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
return EncryptionAlgorithm.CAMELLIA_128_GCM;
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
- case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
- case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
- case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
- case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
- return EncryptionAlgorithm.CAMELLIA_256_CBC;
-
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+ case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+ case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
- case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
- case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
- return EncryptionAlgorithm.CAMELLIA_256_CBC;
-
case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+ case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+ case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+ case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+ case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
return EncryptionAlgorithm.CAMELLIA_256_CBC;
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
@@ -1542,6 +1549,7 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
return EncryptionAlgorithm.RC4_128;
+ case CipherSuite.TLS_DH_anon_WITH_SEED_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
@@ -1558,6 +1566,23 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (ciphersuite)
{
+ case CipherSuite.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_GCM_SHA384:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
+ case CipherSuite.TLS_DH_anon_WITH_RC4_128_MD5:
+ case CipherSuite.TLS_DH_anon_WITH_SEED_CBC_SHA:
+ return KeyExchangeAlgorithm.DH_anon;
+
case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
@@ -1837,6 +1862,10 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (ciphersuite)
{
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_GCM_SHA384:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
@@ -1926,10 +1955,17 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
return MacAlgorithm.cls_null;
+ case CipherSuite.TLS_DH_anon_WITH_RC4_128_MD5:
case CipherSuite.TLS_RSA_WITH_NULL_MD5:
case CipherSuite.TLS_RSA_WITH_RC4_128_MD5:
return MacAlgorithm.hmac_md5;
+ case CipherSuite.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA:
+ case CipherSuite.TLS_DH_anon_WITH_SEED_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
@@ -2018,6 +2054,10 @@ namespace Org.BouncyCastle.Crypto.Tls
case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
return MacAlgorithm.hmac_sha1;
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
@@ -2092,6 +2132,10 @@ namespace Org.BouncyCastle.Crypto.Tls
{
switch (ciphersuite)
{
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_CBC_SHA256:
+ case CipherSuite.TLS_DH_anon_WITH_AES_256_GCM_SHA384:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
|
