bcgit
Curve25519 Implementation
Hi! I am trying to implement the Bouncy castle for my c# project.
I am stuck at implementing Curve25519 in EllipticCurveExtension. trying to access https://www.ja3er.com/json && https://ezdiscord.xyz/fingerprint
I am using the following ciphers
CipherSuite.TLS_AES_128_GCM_SHA256, CipherSuite.TLS_AES_256_GCM_SHA384, CipherSuite.TLS_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.DRAFT_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA
I am trying to implement chrome ja3 signature The current ja3 signature I have is:
771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21-41,23-24,0
as and when I add Curve25519 to EllipticCurvesExtension I get Illegal_argument exception.
I have added the following code as mentioned in the issue => https://github.com/bcgit/bc-java/issues/251: ` static BigInteger P = BigInteger.One.ShiftLeft(255).Subtract(BigInteger.ValueOf(19)); static BigInteger D = BigInteger.ValueOf(3).ModInverse(P).Multiply(BigInteger.ValueOf(486662)).Mod(P);
static byte[] convertInput(byte[] montPubKey)
{
BigInteger Xm = new BigInteger(1, Arrays.Reverse(montPubKey));
BigInteger Xw = Xm.Add(D).Mod(P);
byte[] weierPubKey = BigIntegers.AsUnsignedByteArray(33, Xw);
weierPubKey[0] = 0x02;
return weierPubKey;
}`
and in DeserializeECPoint I added the following code in the beginning:
if(encoding.Length == 32) { byte[] _encoding = convertInput(encoding); return curve.DecodePoint(_encoding); }
after this I am getting handshake_failure exception
Can you help me on this?
We have recently ported the latest Java TLS support to C#, which includes TLS 1.3 and in particular for your case, X25519 support. It will be released in a few weeks, but in the meantime you could get the latest source code and build it yourself. The new implementation is in Org.BouncyCastle.Tls.
Thanks. It works smooth. But TLS1.3 gives me handshake failure. And also there is issue with session ticket[changed the session to null so that I can work with it].
following the issue #317 resolved the session ticket issue. TLS 1.3 still gives Handshake failure
You'll have to give more details of the error if you want any help with the TLS 1.3 handshake failure. A very simple client connects fine to e.g. www.google.com, using X25519 for the key exchange. If you still have code doing anything with EllipticCurvesExtension as you described in the first post here, definitely remove it - firstly, that's not how that extension is used, and secondly, X25519 is already enabled by default.
Thank you for the response.
If you still have code doing anything with EllipticCurvesExtension as you described in the first post here, definitely remove it
This is already removed when I switched from Org.BouncyCastle.Crypto.Tls to Org.BouncyCastle.Tls.
X25519 is already enabled by default.
X25519 is 100% OK
Tls1.3 is working. But since I was testing it on a site [https://ezdiscord.xyz/fingerprint] where Tls1.3 isn't working using Org.BouncyCastle.Tls. Tls1.3 is working on google and other sites too.