diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-07-25 01:59:33 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-07-25 01:59:33 +0700 |
| commit | f79b4569885ff0d6e2443a21706f3e95f1c7c9d7 (patch) | |
| tree | 7ac2b74593a878feb0ff112ddfc35457d3a108b1 | |
| parent | Refactoring around TLS HKDF (diff) | |
| download | BouncyCastle.NET-ed25519-f79b4569885ff0d6e2443a21706f3e95f1c7c9d7.tar.xz | |
Store the PRF CryptoHashAlgorithm
| -rw-r--r-- | crypto/src/tls/AbstractTlsContext.cs | 9 | ||||
| -rw-r--r-- | crypto/src/tls/DeferredHash.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/SecurityParameters.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 22 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsCryptoUtilities.cs | 9 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/TlsAeadCipher.cs | 2 |
6 files changed, 28 insertions, 26 deletions
diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs index e8071bfab..c70312721 100644 --- a/crypto/src/tls/AbstractTlsContext.cs +++ b/crypto/src/tls/AbstractTlsContext.cs @@ -208,7 +208,7 @@ namespace Org.BouncyCastle.Tls SecurityParameters sp = SecurityParameters; return ExportKeyingMaterial13(CheckEarlyExportSecret(sp.EarlyExporterMasterSecret), - sp.PrfHashAlgorithm, asciiLabel, context, length); + sp.PrfCryptoHashAlgorithm, asciiLabel, context, length); } public virtual byte[] ExportKeyingMaterial(string asciiLabel, byte[] context, int length) @@ -235,7 +235,7 @@ namespace Org.BouncyCastle.Tls if (TlsUtilities.IsTlsV13(sp.NegotiatedVersion)) { - return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfHashAlgorithm, + return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfCryptoHashAlgorithm, asciiLabel, context, length); } @@ -244,7 +244,7 @@ namespace Org.BouncyCastle.Tls return TlsUtilities.Prf(sp, CheckExportSecret(sp.MasterSecret), asciiLabel, seed, length).Extract(); } - protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, short hashAlgorithm, string asciiLabel, + protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, int cryptoHashAlgorithm, string asciiLabel, byte[] context, int length) { if (null == context) @@ -256,7 +256,8 @@ namespace Org.BouncyCastle.Tls throw new ArgumentException("must have length less than 2^16 (or be null)", "context"); } - return TlsCryptoUtilities.HkdfExpandLabel(secret, hashAlgorithm, asciiLabel, context, length).Extract(); + return TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, asciiLabel, context, length) + .Extract(); } protected virtual TlsSecret CheckEarlyExportSecret(TlsSecret secret) diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs index 43d60d07c..0532d523c 100644 --- a/crypto/src/tls/DeferredHash.cs +++ b/crypto/src/tls/DeferredHash.cs @@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Tls } default: { - CheckTrackingHash(securityParameters.PrfHashAlgorithm); + CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm); if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion)) { SealHashAlgorithms(); @@ -116,7 +116,7 @@ namespace Org.BouncyCastle.Tls } default: { - CloneHash(newHashes, securityParameters.PrfHashAlgorithm); + CloneHash(newHashes, securityParameters.PrfCryptoHashAlgorithm); break; } } @@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls } default: { - prfHash = CloneHash(securityParameters.PrfHashAlgorithm); + prfHash = CloneHash(securityParameters.PrfCryptoHashAlgorithm); break; } } diff --git a/crypto/src/tls/SecurityParameters.cs b/crypto/src/tls/SecurityParameters.cs index f4aa1ac5a..a04c0af8c 100644 --- a/crypto/src/tls/SecurityParameters.cs +++ b/crypto/src/tls/SecurityParameters.cs @@ -12,6 +12,7 @@ namespace Org.BouncyCastle.Tls internal int m_cipherSuite = Tls.CipherSuite.TLS_NULL_WITH_NULL_NULL; internal short m_maxFragmentLength = -1; internal int m_prfAlgorithm = -1; + internal int m_prfCryptoHashAlgorithm = -1; internal short m_prfHashAlgorithm = -1; internal int m_prfHashLength = -1; internal int m_verifyDataLength = -1; @@ -238,6 +239,11 @@ namespace Org.BouncyCastle.Tls get { return m_prfAlgorithm; } } + public int PrfCryptoHashAlgorithm + { + get { return m_prfCryptoHashAlgorithm; } + } + public short PrfHashAlgorithm { get { return m_prfHashAlgorithm; } diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index adead624b..9a8665cf5 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -1462,7 +1462,7 @@ namespace Org.BouncyCastle.Tls private static byte[] CalculateFinishedHmac(SecurityParameters securityParameters, TlsSecret baseKey, byte[] transcriptHash) { - int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm); + int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm; TlsSecret finishedKey = TlsCryptoUtilities.HkdfExpandLabel(baseKey, cryptoHashAlgorithm, "finished", EmptyBytes, securityParameters.PrfHashLength); @@ -1501,20 +1501,20 @@ namespace Org.BouncyCastle.Tls { TlsCrypto crypto = context.Crypto; SecurityParameters securityParameters = context.SecurityParameters; - int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm); + int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm; string label = isExternalPsk ? "ext binder" : "res binder"; byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash(); - TlsSecret baseKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash); + TlsSecret binderKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash); try { - return CalculateFinishedHmac(securityParameters, baseKey, transcriptHash); + return CalculateFinishedHmac(securityParameters, binderKey, transcriptHash); } finally { - baseKey.Destroy(); + binderKey.Destroy(); } } @@ -1551,7 +1551,7 @@ namespace Org.BouncyCastle.Tls { TlsCrypto crypto = context.Crypto; SecurityParameters securityParameters = context.SecurityParameters; - int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm); + int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm; TlsSecret zeros = crypto.HkdfInit(cryptoHashAlgorithm); byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash(); @@ -1686,7 +1686,7 @@ namespace Org.BouncyCastle.Tls private static TlsSecret Update13TrafficSecret(SecurityParameters securityParameters, TlsSecret secret) { - return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfHashAlgorithm, "traffic upd", + return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfCryptoHashAlgorithm, "traffic upd", EmptyBytes, securityParameters.PrfHashLength); } @@ -5106,6 +5106,7 @@ namespace Org.BouncyCastle.Tls case PrfAlgorithm.ssl_prf_legacy: case PrfAlgorithm.tls_prf_legacy: { + securityParameters.m_prfCryptoHashAlgorithm = -1; securityParameters.m_prfHashAlgorithm = -1; securityParameters.m_prfHashLength = -1; break; @@ -5113,7 +5114,9 @@ namespace Org.BouncyCastle.Tls default: { short prfHashAlgorithm = GetHashAlgorithmForPrfAlgorithm(prfAlgorithm); + int prfCryptoHashAlgorithm = TlsCryptoUtilities.GetHash(prfHashAlgorithm); + securityParameters.m_prfCryptoHashAlgorithm = prfCryptoHashAlgorithm; securityParameters.m_prfHashAlgorithm = prfHashAlgorithm; securityParameters.m_prfHashLength = HashAlgorithm.GetOutputSize(prfHashAlgorithm); break; @@ -5206,13 +5209,14 @@ namespace Org.BouncyCastle.Tls internal static TlsSecret DeriveSecret(SecurityParameters securityParameters, TlsSecret secret, string label, byte[] transcriptHash) { - short prfHashAlgorithm = securityParameters.PrfHashAlgorithm; + int prfCryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm; int prfHashLength = securityParameters.PrfHashLength; if (transcriptHash.Length != prfHashLength) throw new TlsFatalAlert(AlertDescription.internal_error); - return TlsCryptoUtilities.HkdfExpandLabel(secret, prfHashAlgorithm, label, transcriptHash, prfHashLength); + return TlsCryptoUtilities.HkdfExpandLabel(secret, prfCryptoHashAlgorithm, label, transcriptHash, + prfHashLength); } internal static TlsSecret GetSessionMasterSecret(TlsCrypto crypto, TlsSecret masterSecret) diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs index adea49017..a22049e5d 100644 --- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs +++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs @@ -127,15 +127,6 @@ namespace Org.BouncyCastle.Tls.Crypto } /// <exception cref="IOException"/> - public static TlsSecret HkdfExpandLabel(TlsSecret secret, short hashAlgorithm, string label, byte[] context, - int length) - { - int cryptoHashAlgorithm = GetHash(hashAlgorithm); - - return HkdfExpandLabel(secret, cryptoHashAlgorithm, label, context, length); - } - - /// <exception cref="IOException"/> public static TlsSecret HkdfExpandLabel(TlsSecret secret, int cryptoHashAlgorithm, string label, byte[] context, int length) { diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs index 80851e440..ec76e98c1 100644 --- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs @@ -339,7 +339,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl if (null == secret) throw new TlsFatalAlert(AlertDescription.internal_error); - Setup13Cipher(cipher, nonce, secret, TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm)); + Setup13Cipher(cipher, nonce, secret, securityParameters.PrfCryptoHashAlgorithm); } protected virtual void Setup13Cipher(TlsAeadCipherImpl cipher, byte[] nonce, TlsSecret secret, |