diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-16 22:16:32 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-16 22:16:32 +0700 |
| commit | 3d0253fd6482ba5eead389248729f44099254db8 (patch) | |
| tree | 553a211d899f9c4cc399db4b2c67cae5bd5290f4 | |
| parent | Merge branch 'anhvo/PortOpenSshUtil' (diff) | |
| download | BouncyCastle.NET-ed25519-3d0253fd6482ba5eead389248729f44099254db8.tar.xz | |
FIx binary compatibility issues
| -rw-r--r-- | crypto/src/tls/DtlsRecordLayer.cs | 8 | ||||
| -rw-r--r-- | crypto/src/tls/RecordStream.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsCipher.cs | 1 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsCipher.cs | 56 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/TlsAeadCipher.cs | 28 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/TlsBlockCipher.cs | 34 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/TlsCipherExt.cs | 10 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/TlsNullCipher.cs | 34 |
8 files changed, 84 insertions, 91 deletions
diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs index a18210de2..efe9e7312 100644 --- a/crypto/src/tls/DtlsRecordLayer.cs +++ b/crypto/src/tls/DtlsRecordLayer.cs @@ -240,9 +240,9 @@ namespace Org.BouncyCastle.Tls var cipher = m_readEpoch.Cipher; int plaintextDecodeLimit; - if (cipher is AbstractTlsCipher abstractTlsCipher) + if (cipher is TlsCipherExt tlsCipherExt) { - plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(ciphertextLimit); + plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(ciphertextLimit); } else { @@ -259,9 +259,9 @@ namespace Org.BouncyCastle.Tls int ciphertextLimit = m_transport.GetSendLimit() - m_writeEpoch.RecordHeaderLengthWrite; int plaintextEncodeLimit; - if (cipher is AbstractTlsCipher abstractTlsCipher) + if (cipher is TlsCipherExt tlsCipherExt) { - plaintextEncodeLimit = abstractTlsCipher.GetPlaintextEncodeLimit(ciphertextLimit); + plaintextEncodeLimit = tlsCipherExt.GetPlaintextEncodeLimit(ciphertextLimit); } else { diff --git a/crypto/src/tls/RecordStream.cs b/crypto/src/tls/RecordStream.cs index 5b5ceff34..739ee8d70 100644 --- a/crypto/src/tls/RecordStream.cs +++ b/crypto/src/tls/RecordStream.cs @@ -153,9 +153,9 @@ namespace Org.BouncyCastle.Tls var cipher = m_readCipher; int plaintextDecodeLimit; - if (cipher is AbstractTlsCipher abstractTlsCipher) + if (cipher is TlsCipherExt tlsCipherExt) { - plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(length); + plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(length); } else { diff --git a/crypto/src/tls/crypto/TlsCipher.cs b/crypto/src/tls/crypto/TlsCipher.cs index 9b69923ec..5665cbb7e 100644 --- a/crypto/src/tls/crypto/TlsCipher.cs +++ b/crypto/src/tls/crypto/TlsCipher.cs @@ -23,6 +23,7 @@ namespace Org.BouncyCastle.Tls.Crypto /// <summary>Return the maximum size for the plaintext given ciphertextlimit bytes of ciphertext.</summary> /// <param name="ciphertextLimit">the maximum number of bytes of ciphertext.</param> /// <returns>the maximum size of the plaintext for ciphertextlimit bytes of input.</returns> + // TODO[api] Remove int GetPlaintextLimit(int ciphertextLimit); /// <summary>Encode the passed in plaintext using the current bulk cipher.</summary> diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs b/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs deleted file mode 100644 index 5315eb965..000000000 --- a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs +++ /dev/null @@ -1,56 +0,0 @@ -using System; - -using Org.BouncyCastle.Utilities.IO.Compression; - -namespace Org.BouncyCastle.Tls.Crypto.Impl -{ - public abstract class AbstractTlsCipher - : TlsCipher - { - public abstract int GetCiphertextDecodeLimit(int plaintextLimit); - - public abstract int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit); - - // TODO[api] Remove this method from TlsCipher - public virtual int GetPlaintextLimit(int ciphertextLimit) - { - return GetPlaintextEncodeLimit(ciphertextLimit); - } - - // TODO[api] Add to TlsCipher - public virtual int GetPlaintextDecodeLimit(int ciphertextLimit) - { - return GetPlaintextLimit(ciphertextLimit); - } - - // TODO[api] Add to TlsCipher - public virtual int GetPlaintextEncodeLimit(int ciphertextLimit) - { - return GetPlaintextLimit(ciphertextLimit); - } - - public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, - int headerAllocation, byte[] plaintext, int offset, int len); - -#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, - int headerAllocation, ReadOnlySpan<byte> plaintext); -#endif - - // TODO[api] Add span-based version? - public abstract TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, - byte[] ciphertext, int offset, int len); - - public virtual void RekeyDecoder() - { - throw new TlsFatalAlert(AlertDescription.internal_error); - } - - public virtual void RekeyEncoder() - { - throw new TlsFatalAlert(AlertDescription.internal_error); - } - - public abstract bool UsesOpaqueRecordType { get; } - } -} diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs index f8f01f380..e34ca589d 100644 --- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs @@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl { /// <summary>A generic TLS 1.2 AEAD cipher.</summary> public class TlsAeadCipher - : AbstractTlsCipher + : TlsCipher, TlsCipherExt { public const int AEAD_CCM = 1; public const int AEAD_CHACHA20_POLY1305 = 2; @@ -145,14 +145,14 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl decryptCipher.Init(dummyNonce, macSize, null); } - public override int GetCiphertextDecodeLimit(int plaintextLimit) + public virtual int GetCiphertextDecodeLimit(int plaintextLimit) { int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0); return innerPlaintextLimit + m_macSize + m_record_iv_length; } - public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) + public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) { plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit); @@ -161,21 +161,27 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return innerPlaintextLimit + m_macSize + m_record_iv_length; } - public override int GetPlaintextDecodeLimit(int ciphertextLimit) + // TODO[api] Remove + public virtual int GetPlaintextLimit(int ciphertextLimit) + { + return GetPlaintextEncodeLimit(ciphertextLimit); + } + + public virtual int GetPlaintextDecodeLimit(int ciphertextLimit) { int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length; return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0); } - public override int GetPlaintextEncodeLimit(int ciphertextLimit) + public virtual int GetPlaintextEncodeLimit(int ciphertextLimit) { int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length; return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0); } - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -257,7 +263,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, ReadOnlySpan<byte> plaintext) { byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length]; @@ -334,7 +340,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #endif - public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, + public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, byte[] ciphertext, int ciphertextOffset, int ciphertextLength) { if (GetPlaintextDecodeLimit(ciphertextLength) < 0) @@ -421,17 +427,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType); } - public override void RekeyDecoder() + public virtual void RekeyDecoder() { RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer); } - public override void RekeyEncoder() + public virtual void RekeyEncoder() { RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer); } - public override bool UsesOpaqueRecordType + public virtual bool UsesOpaqueRecordType { get { return m_isTlsV13; } } diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs index bc04caee1..479f00fc9 100644 --- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs @@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl { /// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary> public class TlsBlockCipher - : AbstractTlsCipher + : TlsCipher, TlsCipherExt { protected readonly TlsCryptoParameters m_cryptoParams; protected readonly byte[] m_randomData; @@ -155,7 +155,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } } - public override int GetCiphertextDecodeLimit(int plaintextLimit) + public virtual int GetCiphertextDecodeLimit(int plaintextLimit) { int blockSize = m_decryptCipher.GetBlockSize(); int macSize = m_readMac.Size; @@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit); } - public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) + public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) { plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit); @@ -177,7 +177,13 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit); } - public override int GetPlaintextDecodeLimit(int ciphertextLimit) + // TODO[api] Remove + public virtual int GetPlaintextLimit(int ciphertextLimit) + { + return GetPlaintextEncodeLimit(ciphertextLimit); + } + + public virtual int GetPlaintextDecodeLimit(int ciphertextLimit) { int blockSize = m_decryptCipher.GetBlockSize(); int macSize = m_readMac.Size; @@ -187,7 +193,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0); } - public override int GetPlaintextEncodeLimit(int ciphertextLimit) + public virtual int GetPlaintextEncodeLimit(int ciphertextLimit) { int blockSize = m_encryptCipher.GetBlockSize(); int macSize = m_writeMac.Size; @@ -197,7 +203,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0); } - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, byte[] plaintext, int offset, int len) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -285,7 +291,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, ReadOnlySpan<byte> plaintext) { int blockSize = m_encryptCipher.GetBlockSize(); @@ -369,7 +375,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #endif - public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, + public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, byte[] ciphertext, int offset, int len) { int blockSize = m_decryptCipher.GetBlockSize(); @@ -475,7 +481,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType); } - public override bool UsesOpaqueRecordType + public virtual void RekeyDecoder() + { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + + public virtual void RekeyEncoder() + { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + + public virtual bool UsesOpaqueRecordType { get { return false; } } diff --git a/crypto/src/tls/crypto/impl/TlsCipherExt.cs b/crypto/src/tls/crypto/impl/TlsCipherExt.cs new file mode 100644 index 000000000..8e2742a69 --- /dev/null +++ b/crypto/src/tls/crypto/impl/TlsCipherExt.cs @@ -0,0 +1,10 @@ +namespace Org.BouncyCastle.Tls.Crypto +{ + // TODO[api] Merge into TlsCipher + public interface TlsCipherExt + { + int GetPlaintextDecodeLimit(int ciphertextLimit); + + int GetPlaintextEncodeLimit(int ciphertextLimit); + } +} diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs index 8e52f6374..fa40d7812 100644 --- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs +++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs @@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl { /// <summary>The NULL cipher.</summary> public class TlsNullCipher - : AbstractTlsCipher + : TlsCipher, TlsCipherExt { protected readonly TlsCryptoParameters m_cryptoParams; protected readonly TlsSuiteHmac m_readMac, m_writeMac; @@ -69,14 +69,14 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } } - public override int GetCiphertextDecodeLimit(int plaintextLimit) + public virtual int GetCiphertextDecodeLimit(int plaintextLimit) { int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0); return innerPlaintextLimit + m_readMac.Size; } - public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) + public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit) { plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit); @@ -85,21 +85,27 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return innerPlaintextLimit + m_writeMac.Size; } - public override int GetPlaintextDecodeLimit(int ciphertextLimit) + // TODO[api] Remove + public virtual int GetPlaintextLimit(int ciphertextLimit) + { + return GetPlaintextEncodeLimit(ciphertextLimit); + } + + public virtual int GetPlaintextDecodeLimit(int ciphertextLimit) { int innerPlaintextLimit = ciphertextLimit - m_readMac.Size; return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0); } - public override int GetPlaintextEncodeLimit(int ciphertextLimit) + public virtual int GetPlaintextEncodeLimit(int ciphertextLimit) { int innerPlaintextLimit = ciphertextLimit - m_writeMac.Size; return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0); } - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, byte[] plaintext, int offset, int len) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -129,7 +135,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, + public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion, int headerAllocation, ReadOnlySpan<byte> plaintext) { int macSize = m_writeMac.Size; @@ -155,7 +161,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } #endif - public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, + public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion, byte[] ciphertext, int offset, int len) { int macSize = m_readMac.Size; @@ -196,7 +202,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType); } - public override bool UsesOpaqueRecordType + public virtual void RekeyDecoder() + { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + + public virtual void RekeyEncoder() + { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + + public virtual bool UsesOpaqueRecordType { get { return false; } } |