1 files changed, 0 insertions, 219 deletions

diff --git a/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/tls/TlsECDHKeyExchange.java b/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/tls/TlsECDHKeyExchange.java
deleted file mode 100644
index 87ecaedba..000000000
--- a/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/tls/TlsECDHKeyExchange.java
+++ /dev/null
@@ -1,219 +0,0 @@
-package org.spongycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Vector;
-
-import org.spongycastle.asn1.x509.KeyUsage;
-import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.spongycastle.crypto.params.AsymmetricKeyParameter;
-import org.spongycastle.crypto.params.ECDomainParameters;
-import org.spongycastle.crypto.params.ECPrivateKeyParameters;
-import org.spongycastle.crypto.params.ECPublicKeyParameters;
-import org.spongycastle.crypto.util.PublicKeyFactory;
-
-/**
- * ECDH key exchange (see RFC 4492)
- */
-public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
-{
-    protected TlsSigner tlsSigner;
-    protected int[] namedCurves;
-    protected short[] clientECPointFormats, serverECPointFormats;
-
-    protected AsymmetricKeyParameter serverPublicKey;
-    protected TlsAgreementCredentials agreementCredentials;
-
-    protected ECPrivateKeyParameters ecAgreePrivateKey;
-    protected ECPublicKeyParameters ecAgreePublicKey;
-
-    public TlsECDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, int[] namedCurves,
-        short[] clientECPointFormats, short[] serverECPointFormats)
-    {
-        super(keyExchange, supportedSignatureAlgorithms);
-
-        switch (keyExchange)
-        {
-        case KeyExchangeAlgorithm.ECDHE_RSA:
-            this.tlsSigner = new TlsRSASigner();
-            break;
-        case KeyExchangeAlgorithm.ECDHE_ECDSA:
-            this.tlsSigner = new TlsECDSASigner();
-            break;
-        case KeyExchangeAlgorithm.ECDH_RSA:
-        case KeyExchangeAlgorithm.ECDH_ECDSA:
-            this.tlsSigner = null;
-            break;
-        default:
-            throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
-
-        this.keyExchange = keyExchange;
-        this.namedCurves = namedCurves;
-        this.clientECPointFormats = clientECPointFormats;
-        this.serverECPointFormats = serverECPointFormats;
-    }
-
-    public void init(TlsContext context)
-    {
-        super.init(context);
-
-        if (this.tlsSigner != null)
-        {
-            this.tlsSigner.init(context);
-        }
-    }
-
-    public void skipServerCredentials() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        if (serverCertificate.isEmpty())
-        {
-            throw new TlsFatalAlert(AlertDescription.bad_certificate);
-        }
-
-        org.spongycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
-
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
-        }
-
-        if (tlsSigner == null)
-        {
-            try
-            {
-                this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey((ECPublicKeyParameters) this.serverPublicKey);
-            }
-            catch (ClassCastException e)
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
-        }
-        else
-        {
-            if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
-        }
-
-        super.processServerCertificate(serverCertificate);
-    }
-
-    public boolean requiresServerKeyExchange()
-    {
-        switch (keyExchange)
-        {
-        case KeyExchangeAlgorithm.ECDHE_ECDSA:
-        case KeyExchangeAlgorithm.ECDHE_RSA:
-        case KeyExchangeAlgorithm.ECDH_anon:
-            return true;
-        default:
-            return false;
-        }
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException
-    {
-        /*
-         * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable with
-         * ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is prohibited because
-         * the use of a long-term ECDH client key would jeopardize the forward secrecy property of
-         * these algorithms.
-         */
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-            case ClientCertificateType.rsa_sign:
-            case ClientCertificateType.dss_sign:
-            case ClientCertificateType.ecdsa_sign:
-            case ClientCertificateType.rsa_fixed_ecdh:
-            case ClientCertificateType.ecdsa_fixed_ecdh:
-                break;
-            default:
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        if (clientCredentials instanceof TlsAgreementCredentials)
-        {
-            // TODO Validate client cert has matching parameters (see 'TlsECCUtils.areOnSameCurve')?
-
-            this.agreementCredentials = (TlsAgreementCredentials) clientCredentials;
-        }
-        else if (clientCredentials instanceof TlsSignerCredentials)
-        {
-            // OK
-        }
-        else
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public void generateClientKeyExchange(OutputStream output) throws IOException
-    {
-        if (agreementCredentials == null)
-        {
-            this.ecAgreePrivateKey = TlsECCUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
-                serverECPointFormats, ecAgreePublicKey.getParameters(), output);
-        }
-    }
-
-    public void processClientCertificate(Certificate clientCertificate) throws IOException
-    {
-        // TODO Extract the public key
-        // TODO If the certificate is 'fixed', take the public key as ecAgreeClientPublicKey
-    }
-
-    public void processClientKeyExchange(InputStream input) throws IOException
-    {
-        if (ecAgreePublicKey != null)
-        {
-            // For ecdsa_fixed_ecdh and rsa_fixed_ecdh, the key arrived in the client certificate
-            return;
-        }
-
-        byte[] point = TlsUtils.readOpaque8(input);
-
-        ECDomainParameters curve_params = this.ecAgreePrivateKey.getParameters();
-
-        this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(
-            serverECPointFormats, curve_params, point));
-    }
-
-    public byte[] generatePremasterSecret() throws IOException
-    {
-        if (agreementCredentials != null)
-        {
-            return agreementCredentials.generateAgreement(ecAgreePublicKey);
-        }
-
-        if (ecAgreePrivateKey != null)
-        {
-            return TlsECCUtils.calculateECDHBasicAgreement(ecAgreePublicKey, ecAgreePrivateKey);
-        }
-
-        throw new TlsFatalAlert(AlertDescription.internal_error);
-    }
-}