Merge remote-tracking branch 'origin/master'

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java

@@ -5,14 +5,23 @@
 public abstract class DefaultTlsClient
     extends AbstractTlsClient
 {
+    protected TlsDHVerifier dhVerifier;
+
     public DefaultTlsClient()
     {
-        super();
+        this(new DefaultTlsCipherFactory());
     }
 
     public DefaultTlsClient(TlsCipherFactory cipherFactory)
+    {
+        this(cipherFactory, new DefaultTlsDHVerifier());
+    }
+
+    public DefaultTlsClient(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier)
     {
         super(cipherFactory);
+
+        this.dhVerifier = dhVerifier;
     }
 
     public int[] getCipherSuites()
@@ -77,12 +86,12 @@ public TlsKeyExchange getKeyExchange()
 
     protected TlsKeyExchange createDHKeyExchange(int keyExchange)
     {
-        return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, null);
+        return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, dhVerifier, null);
     }
 
     protected TlsKeyExchange createDHEKeyExchange(int keyExchange)
     {
-        return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, null);
+        return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, dhVerifier, null);
     }
 
     protected TlsKeyExchange createECDHKeyExchange(int keyExchange)

core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsDHVerifier.java

@@ -0,0 +1,104 @@
+package org.bouncycastle.crypto.tls;
+
+import java.math.BigInteger;
+import java.util.Vector;
+
+import org.bouncycastle.crypto.agreement.DHStandardGroups;
+import org.bouncycastle.crypto.params.DHParameters;
+
+public class DefaultTlsDHVerifier
+    implements TlsDHVerifier
+{
+    public static final int DEFAULT_MINIMUM_PRIME_BITS = 2048;
+
+    protected static final Vector DEFAULT_GROUPS = new Vector();
+
+    private static void addDefaultGroup(DHParameters dhParameters)
+    {
+        DEFAULT_GROUPS.addElement(dhParameters);
+    }
+
+    static
+    {
+        addDefaultGroup(DHStandardGroups.rfc7919_ffdhe2048);
+        addDefaultGroup(DHStandardGroups.rfc7919_ffdhe3072);
+        addDefaultGroup(DHStandardGroups.rfc7919_ffdhe4096);
+        addDefaultGroup(DHStandardGroups.rfc7919_ffdhe6144);
+        addDefaultGroup(DHStandardGroups.rfc7919_ffdhe8192);
+
+        addDefaultGroup(DHStandardGroups.rfc3526_1536);
+        addDefaultGroup(DHStandardGroups.rfc3526_2048);
+        addDefaultGroup(DHStandardGroups.rfc3526_3072);
+        addDefaultGroup(DHStandardGroups.rfc3526_4096);
+        addDefaultGroup(DHStandardGroups.rfc3526_6144);
+        addDefaultGroup(DHStandardGroups.rfc3526_8192);
+    }
+
+    // Vector is (DHParameters)
+    protected Vector groups;
+    protected int minimumPrimeBits;
+
+    /**
+     * Accept various standard DH groups with 'P' at least {@link #DEFAULT_MINIMUM_PRIME_BITS} bits.
+     */
+    public DefaultTlsDHVerifier()
+    {
+        this(DEFAULT_MINIMUM_PRIME_BITS);
+    }
+
+    /**
+     * Accept various standard DH groups with 'P' at least the specified number of bits.
+     */
+    public DefaultTlsDHVerifier(int minimumPrimeBits)
+    {
+        this(DEFAULT_GROUPS, minimumPrimeBits);
+    }
+
+    /**
+     * Accept a custom set of group parameters, subject to a minimum bitlength for 'P'.
+     * 
+     * @param groups a {@link Vector} of acceptable {@link DHParameters}.
+     */
+    public DefaultTlsDHVerifier(Vector groups, int minimumPrimeBits)
+    {
+        this.groups = groups;
+        this.minimumPrimeBits = minimumPrimeBits;
+    }
+
+    public boolean accept(DHParameters dhParameters)
+    {
+        return checkMinimumPrimeBits(dhParameters) && checkGroup(dhParameters);
+    }
+
+    public int getMinimumPrimeBits()
+    {
+        return minimumPrimeBits;
+    }
+
+    protected boolean areGroupsEqual(DHParameters a, DHParameters b)
+    {
+        return a == b || (areParametersEqual(a.getP(), b.getP()) && areParametersEqual(a.getG(), b.getG()));
+    }
+
+    protected boolean areParametersEqual(BigInteger a, BigInteger b)
+    {
+        return a == b || a.equals(b);
+    }
+
+    protected boolean checkGroup(DHParameters dhParameters)
+    {
+        for (int i = 0; i < groups.size(); ++i)
+        {
+            if (areGroupsEqual(dhParameters, (DHParameters)groups.elementAt(i)))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    protected boolean checkMinimumPrimeBits(DHParameters dhParameters)
+    {
+        return dhParameters.getP().bitLength() >= getMinimumPrimeBits();
+    }
+}

core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java

@@ -142,12 +142,12 @@ public TlsKeyExchange getKeyExchange()
 
     protected TlsKeyExchange createDHKeyExchange(int keyExchange)
     {
-        return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, getDHParameters());
+        return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, null, getDHParameters());
     }
 
     protected TlsKeyExchange createDHEKeyExchange(int keyExchange)
     {
-        return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, getDHParameters());
+        return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, null, getDHParameters());
     }
 
     protected TlsKeyExchange createECDHKeyExchange(int keyExchange)

core/src/main/java/org/bouncycastle/crypto/tls/PSKTlsClient.java

@@ -5,6 +5,7 @@
 public class PSKTlsClient
     extends AbstractTlsClient
 {
+    protected TlsDHVerifier dhVerifier;
     protected TlsPSKIdentity pskIdentity;
 
     public PSKTlsClient(TlsPSKIdentity pskIdentity)
@@ -13,8 +14,15 @@ public PSKTlsClient(TlsPSKIdentity pskIdentity)
     }
 
     public PSKTlsClient(TlsCipherFactory cipherFactory, TlsPSKIdentity pskIdentity)
+    {
+        this(cipherFactory, new DefaultTlsDHVerifier(), pskIdentity);
+    }
+
+    public PSKTlsClient(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier, TlsPSKIdentity pskIdentity)
     {
         super(cipherFactory);
+
+        this.dhVerifier = dhVerifier;
         this.pskIdentity = pskIdentity;
     }
 
@@ -62,7 +70,7 @@ public TlsAuthentication getAuthentication() throws IOException
 
     protected TlsKeyExchange createPSKKeyExchange(int keyExchange)
     {
-        return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, pskIdentity, null, null, namedCurves,
-            clientECPointFormats, serverECPointFormats);
+        return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, pskIdentity, null, dhVerifier, null,
+            namedCurves, clientECPointFormats, serverECPointFormats);
     }
 }

core/src/main/java/org/bouncycastle/crypto/tls/PSKTlsServer.java

@@ -87,6 +87,6 @@ public TlsKeyExchange getKeyExchange() throws IOException
     protected TlsKeyExchange createPSKKeyExchange(int keyExchange)
     {
         return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, null, pskIdentityManager,
-            getDHParameters(), namedCurves, clientECPointFormats, serverECPointFormats);
+            null, getDHParameters(), namedCurves, clientECPointFormats, serverECPointFormats);
     }
 }

core/src/main/java/org/bouncycastle/crypto/tls/ServerDHParams.java

@@ -7,16 +7,17 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.crypto.params.DHPublicKeyParameters;
 import org.bouncycastle.util.io.TeeInputStream;
 
 public class TlsDHEKeyExchange
     extends TlsDHKeyExchange
 {
     protected TlsSignerCredentials serverCredentials = null;
 
-    public TlsDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
+    public TlsDHEKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsDHVerifier dhVerifier, DHParameters dhParameters)
     {
-        super(keyExchange, supportedSignatureAlgorithms, dhParameters);
+        super(keyExchange, supportedSignatureAlgorithms, dhVerifier, dhParameters);
     }
 
     public void processServerCredentials(TlsCredentials serverCredentials)
@@ -77,7 +78,8 @@ public void processServerKeyExchange(InputStream input)
         SignerInputBuffer buf = new SignerInputBuffer();
         InputStream teeIn = new TeeInputStream(input, buf);
 
-        ServerDHParams dhParams = ServerDHParams.parse(teeIn);
+        this.dhParameters = TlsDHUtils.receiveDHParameters(dhVerifier, teeIn);
+        this.dhAgreePublicKey = new DHPublicKeyParameters(TlsDHUtils.readDHParameter(teeIn), dhParameters);
 
         DigitallySigned signed_params = parseSignature(input);
 
@@ -87,9 +89,6 @@ public void processServerKeyExchange(InputStream input)
         {
             throw new TlsFatalAlert(AlertDescription.decrypt_error);
         }
-
-        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey());
-        this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
     }
 
     protected Signer initVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)

core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java

@@ -4,7 +4,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.math.BigInteger;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.x509.KeyUsage;
@@ -22,6 +21,7 @@ public class TlsDHKeyExchange
     extends AbstractTlsKeyExchange
 {
     protected TlsSigner tlsSigner;
+    protected TlsDHVerifier dhVerifier;
     protected DHParameters dhParameters;
 
     protected AsymmetricKeyParameter serverPublicKey;
@@ -30,7 +30,7 @@ public class TlsDHKeyExchange
     protected DHPrivateKeyParameters dhAgreePrivateKey;
     protected DHPublicKeyParameters dhAgreePublicKey;
 
-    public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
+    public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsDHVerifier dhVerifier, DHParameters dhParameters)
     {
         super(keyExchange, supportedSignatureAlgorithms);
 
@@ -51,6 +51,7 @@ public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DH
             throw new IllegalArgumentException("unsupported key exchange algorithm");
         }
 
+        this.dhVerifier = dhVerifier;
         this.dhParameters = dhParameters;
     }
 
@@ -101,8 +102,8 @@ public void processServerCertificate(Certificate serverCertificate)
         {
             try
             {
-                this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
-                this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
+                this.dhAgreePublicKey = (DHPublicKeyParameters)this.serverPublicKey;
+                this.dhParameters = dhAgreePublicKey.getParameters();
             }
             catch (ClassCastException e)
             {
@@ -161,10 +162,8 @@ public void processServerKeyExchange(InputStream input) throws IOException
 
         // DH_anon is handled here, DHE_* in a subclass
 
-        ServerDHParams dhParams = ServerDHParams.parse(input);
-
-        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey());
-        this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
+        this.dhParameters = TlsDHUtils.receiveDHParameters(dhVerifier, input);
+        this.dhAgreePublicKey = new DHPublicKeyParameters(TlsDHUtils.readDHParameter(input), dhParameters);
     }
 
     public void validateCertificateRequest(CertificateRequest certificateRequest)
@@ -250,9 +249,7 @@ public void processClientKeyExchange(InputStream input) throws IOException
             return;
         }
 
-        BigInteger Yc = TlsDHUtils.readDHParameter(input);
-        
-        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters));
+        this.dhAgreePublicKey = new DHPublicKeyParameters(TlsDHUtils.readDHParameter(input), dhParameters);
     }
 
     public byte[] generatePremasterSecret()
@@ -270,19 +267,4 @@ public byte[] generatePremasterSecret()
 
         throw new TlsFatalAlert(AlertDescription.internal_error);
     }
-
-    protected int getMinimumPrimeBits()
-    {
-        return 1024;
-    }
-
-    protected DHParameters validateDHParameters(DHParameters params) throws IOException
-    {
-        if (params.getP().bitLength() < getMinimumPrimeBits())
-        {
-            throw new TlsFatalAlert(AlertDescription.insufficient_security);
-        }
-
-        return TlsDHUtils.validateDHParameters(params);
-    }
 }