diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-11 19:09:20 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-11 19:09:20 +0700 |
| commit | dbeaae6ba4f8b709246d1f67bfb675f4133ffb8f (patch) | |
| tree | 265595215c41b436b3fd3c67aca4f0e2abd48c90 | |
| parent | Improve HMac reset (diff) | |
| download | BouncyCastle.NET-ed25519-dbeaae6ba4f8b709246d1f67bfb675f4133ffb8f.tar.xz | |
Improve anon suites
| -rw-r--r-- | crypto/src/tls/DefaultTlsServer.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsServerProtocol.cs | 8 | ||||
| -rw-r--r-- | crypto/src/tls/KeyExchangeAlgorithm.cs | 13 | ||||
| -rw-r--r-- | crypto/src/tls/TlsServerProtocol.cs | 7 | ||||
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 5 |
5 files changed, 30 insertions, 7 deletions
diff --git a/crypto/src/tls/DefaultTlsServer.cs b/crypto/src/tls/DefaultTlsServer.cs index edab24b71..2df6c37eb 100644 --- a/crypto/src/tls/DefaultTlsServer.cs +++ b/crypto/src/tls/DefaultTlsServer.cs @@ -85,10 +85,6 @@ namespace Org.BouncyCastle.Tls case KeyExchangeAlgorithm.DHE_DSS: return GetDsaSignerCredentials(); - case KeyExchangeAlgorithm.DH_anon: - case KeyExchangeAlgorithm.ECDH_anon: - return null; - case KeyExchangeAlgorithm.ECDHE_ECDSA: return GetECDsaSignerCredentials(); diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index c019eb9fb..b01c6e34f 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -155,7 +155,13 @@ namespace Org.BouncyCastle.Tls } state.keyExchange = TlsUtilities.InitKeyExchangeServer(state.serverContext, state.server); - state.serverCredentials = TlsUtilities.EstablishServerCredentials(state.server); + + state.serverCredentials = null; + + if (!KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm)) + { + state.serverCredentials = TlsUtilities.EstablishServerCredentials(state.server); + } // Server certificate { diff --git a/crypto/src/tls/KeyExchangeAlgorithm.cs b/crypto/src/tls/KeyExchangeAlgorithm.cs index 1dfa6db66..fdb2773f1 100644 --- a/crypto/src/tls/KeyExchangeAlgorithm.cs +++ b/crypto/src/tls/KeyExchangeAlgorithm.cs @@ -59,5 +59,18 @@ namespace Org.BouncyCastle.Tls * GMT 0024-2014 */ public const int SM2 = 25; + + public static bool IsAnonymous(int keyExchangeAlgorithm) + { + switch (keyExchangeAlgorithm) + { + case DH_anon: + case DH_anon_EXPORT: + case ECDH_anon: + return true; + default: + return false; + } + } } } diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs index f32ecc2da..c90ef4109 100644 --- a/crypto/src/tls/TlsServerProtocol.cs +++ b/crypto/src/tls/TlsServerProtocol.cs @@ -953,7 +953,12 @@ namespace Org.BouncyCastle.Tls this.m_keyExchange = TlsUtilities.InitKeyExchangeServer(m_tlsServerContext, m_tlsServer); - TlsCredentials serverCredentials = TlsUtilities.EstablishServerCredentials(m_tlsServer); + TlsCredentials serverCredentials = null; + + if (!KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm)) + { + serverCredentials = TlsUtilities.EstablishServerCredentials(m_tlsServer); + } // Server certificate { diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index f6e509b7d..72ff92271 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -4799,8 +4799,11 @@ namespace Org.BouncyCastle.Tls MemoryStream buf) { SecurityParameters securityParameters = clientContext.SecurityParameters; - if (null != securityParameters.PeerCertificate) + if (KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm) + || null != securityParameters.PeerCertificate) + { throw new TlsFatalAlert(AlertDescription.unexpected_message); + } MemoryStream endPointHash = new MemoryStream(); |