diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-08-01 17:27:58 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-08-01 17:27:58 +0700 |
| commit | 6fd2fc61dd607475c367d3ee828c659a1651eb4e (patch) | |
| tree | 6349d86f8723158e1cb43c73e0cb810f1ea3201a | |
| parent | Make nextUpdate nullable (diff) | |
| download | BouncyCastle.NET-ed25519-6fd2fc61dd607475c367d3ee828c659a1651eb4e.tar.xz | |
TLS: 'tls-exporter' channel binding
- defined in RFC 9266 - see https://github.com/bcgit/bc-java/issues/1198
| -rw-r--r-- | crypto/src/tls/AbstractTlsContext.cs | 3 | ||||
| -rw-r--r-- | crypto/src/tls/ChannelBinding.cs | 5 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/MockTlsClient.cs | 3 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/MockTlsServer.cs | 3 |
4 files changed, 14 insertions, 0 deletions
diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs index be7a67dfc..a5ac85962 100644 --- a/crypto/src/tls/AbstractTlsContext.cs +++ b/crypto/src/tls/AbstractTlsContext.cs @@ -170,6 +170,9 @@ namespace Org.BouncyCastle.Tls SecurityParameters securityParameters = SecurityParameters; + if (ChannelBinding.tls_exporter == channelBinding) + return ExportKeyingMaterial("EXPORTER-Channel-Binding", TlsUtilities.EmptyBytes, 32); + if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion)) return null; diff --git a/crypto/src/tls/ChannelBinding.cs b/crypto/src/tls/ChannelBinding.cs index 84f8bc4df..d6e0cbe27 100644 --- a/crypto/src/tls/ChannelBinding.cs +++ b/crypto/src/tls/ChannelBinding.cs @@ -15,5 +15,10 @@ namespace Org.BouncyCastle.Tls public const int tls_server_end_point = 0; public const int tls_unique = 1; public const int tls_unique_for_telnet = 2; + + /* + * RFC 9266 + */ + public const int tls_exporter = 3; } } diff --git a/crypto/test/src/tls/test/MockTlsClient.cs b/crypto/test/src/tls/test/MockTlsClient.cs index 98898dd30..731504757 100644 --- a/crypto/test/src/tls/test/MockTlsClient.cs +++ b/crypto/test/src/tls/test/MockTlsClient.cs @@ -127,6 +127,9 @@ namespace Org.BouncyCastle.Tls.Tests byte[] tlsUnique = m_context.ExportChannelBinding(ChannelBinding.tls_unique); Console.WriteLine("Client 'tls-unique': " + ToHexString(tlsUnique)); + + byte[] tlsExporter = m_context.ExportChannelBinding(ChannelBinding.tls_exporter); + Console.WriteLine("Client 'tls-exporter': " + ToHexString(tlsExporter)); } } diff --git a/crypto/test/src/tls/test/MockTlsServer.cs b/crypto/test/src/tls/test/MockTlsServer.cs index d4e885117..c4aa2c74d 100644 --- a/crypto/test/src/tls/test/MockTlsServer.cs +++ b/crypto/test/src/tls/test/MockTlsServer.cs @@ -155,6 +155,9 @@ namespace Org.BouncyCastle.Tls.Tests byte[] tlsUnique = m_context.ExportChannelBinding(ChannelBinding.tls_unique); Console.WriteLine("Server 'tls-unique': " + ToHexString(tlsUnique)); + + byte[] tlsExporter = m_context.ExportChannelBinding(ChannelBinding.tls_exporter); + Console.WriteLine("Server 'tls-exporter': " + ToHexString(tlsExporter)); } public override void ProcessClientExtensions(IDictionary<int, byte[]> clientExtensions) |