| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 |
- #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
- #pragma warning disable
- using System;
- using System.Collections;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Agreement;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Math;
- using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
- namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Tls
- {
- public class DefaultTlsDHVerifier
- : TlsDHVerifier
- {
- public static readonly int DefaultMinimumPrimeBits = 2048;
- protected static readonly IList DefaultGroups = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList();
- private static void AddDefaultGroup(DHParameters dhParameters)
- {
- DefaultGroups.Add(dhParameters);
- }
- static DefaultTlsDHVerifier()
- {
- AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe2048);
- AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe3072);
- AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe4096);
- AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe6144);
- AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe8192);
- AddDefaultGroup(DHStandardGroups.rfc3526_1536);
- AddDefaultGroup(DHStandardGroups.rfc3526_2048);
- AddDefaultGroup(DHStandardGroups.rfc3526_3072);
- AddDefaultGroup(DHStandardGroups.rfc3526_4096);
- AddDefaultGroup(DHStandardGroups.rfc3526_6144);
- AddDefaultGroup(DHStandardGroups.rfc3526_8192);
- }
- // IList is (DHParameters)
- protected readonly IList mGroups;
- protected readonly int mMinimumPrimeBits;
- /// <summary>Accept various standard DH groups with 'P' at least <c>DefaultMinimumPrimeBits</c> bits.</summary>
- public DefaultTlsDHVerifier()
- : this(DefaultMinimumPrimeBits)
- {
- }
- /// <summary>Accept various standard DH groups with 'P' at least the specified number of bits.</summary>
- public DefaultTlsDHVerifier(int minimumPrimeBits)
- : this(DefaultGroups, minimumPrimeBits)
- {
- }
- /// <summary>Accept a custom set of group parameters, subject to a minimum bitlength for 'P'.</summary>
- /// <param name="groups">An <c>IList</c> of acceptable <c>DHParameters</c>.</param>
- /// <param name="minimumPrimeBits">The minimum acceptable bitlength of the 'P' parameter.</param>
- public DefaultTlsDHVerifier(IList groups, int minimumPrimeBits)
- {
- this.mGroups = groups;
- this.mMinimumPrimeBits = minimumPrimeBits;
- }
- public virtual bool Accept(DHParameters dhParameters)
- {
- return CheckMinimumPrimeBits(dhParameters) && CheckGroup(dhParameters);
- }
- public virtual int MinimumPrimeBits
- {
- get { return mMinimumPrimeBits; }
- }
- protected virtual bool AreGroupsEqual(DHParameters a, DHParameters b)
- {
- return a == b || (AreParametersEqual(a.P, b.P) && AreParametersEqual(a.G, b.G));
- }
- protected virtual bool AreParametersEqual(BigInteger a, BigInteger b)
- {
- return a == b || a.Equals(b);
- }
- protected virtual bool CheckGroup(DHParameters dhParameters)
- {
- foreach (DHParameters group in mGroups)
- {
- if (AreGroupsEqual(dhParameters, group))
- {
- return true;
- }
- }
- return false;
- }
- protected virtual bool CheckMinimumPrimeBits(DHParameters dhParameters)
- {
- return dhParameters.P.BitLength >= MinimumPrimeBits;
- }
- }
- }
- #pragma warning restore
- #endif
|
