diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-03-23 23:20:28 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-13 17:16:19 +0700 |
| commit | 3e7fa55a8dfe954d3be4412b745c7b318e764640 (patch) | |
| tree | ec61c269640aff38ba266bfc4631d14f12358c5b | |
| parent | RFC 9146: TlsBlockCipher support for connection ID (diff) | |
| download | BouncyCastle.NET-ed25519-3e7fa55a8dfe954d3be4412b745c7b318e764640.tar.xz | |
RFC 9146: DtlsEpoch tracks record header lengths
- accounts for whether connection ID is in use for read/write.
| -rw-r--r-- | crypto/src/tls/DtlsEpoch.cs | 9 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsRecordLayer.cs | 10 |
2 files changed, 16 insertions, 3 deletions
diff --git a/crypto/src/tls/DtlsEpoch.cs b/crypto/src/tls/DtlsEpoch.cs index e4ce84948..9d88a3404 100644 --- a/crypto/src/tls/DtlsEpoch.cs +++ b/crypto/src/tls/DtlsEpoch.cs @@ -11,10 +11,11 @@ namespace Org.BouncyCastle.Tls private readonly int m_epoch; private readonly TlsCipher m_cipher; + private readonly int m_recordHeaderLengthRead, m_recordHeaderLengthWrite; private long m_sequenceNumber = 0; - internal DtlsEpoch(int epoch, TlsCipher cipher) + internal DtlsEpoch(int epoch, TlsCipher cipher, int recordHeaderLengthRead, int recordHeaderLengthWrite) { if (epoch < 0) throw new ArgumentException("must be >= 0", "epoch"); @@ -23,6 +24,8 @@ namespace Org.BouncyCastle.Tls this.m_epoch = epoch; this.m_cipher = cipher; + this.m_recordHeaderLengthRead = recordHeaderLengthRead; + this.m_recordHeaderLengthWrite = recordHeaderLengthWrite; } /// <exception cref="IOException"/> @@ -47,6 +50,10 @@ namespace Org.BouncyCastle.Tls get { return m_epoch; } } + internal int RecordHeaderLengthRead => m_recordHeaderLengthRead; + + internal int RecordHeaderLengthWrite => m_recordHeaderLengthWrite; + internal DtlsReplayWindow ReplayWindow { get { return m_replayWindow; } diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs index 3cf04b8ac..5d8c217b0 100644 --- a/crypto/src/tls/DtlsRecordLayer.cs +++ b/crypto/src/tls/DtlsRecordLayer.cs @@ -122,7 +122,8 @@ namespace Org.BouncyCastle.Tls this.m_inHandshake = true; - this.m_currentEpoch = new DtlsEpoch(0, TlsNullNullCipher.Instance); + this.m_currentEpoch = new DtlsEpoch(0, TlsNullNullCipher.Instance, RECORD_HEADER_LENGTH, + RECORD_HEADER_LENGTH); this.m_pendingEpoch = null; this.m_readEpoch = m_currentEpoch; this.m_writeEpoch = m_currentEpoch; @@ -175,8 +176,13 @@ namespace Org.BouncyCastle.Tls * lifetime." */ + var securityParameters = m_context.SecurityParameters; + int recordHeaderLengthRead = RECORD_HEADER_LENGTH + (securityParameters.ConnectionIDPeer?.Length ?? 0); + int recordHeaderLengthWrite = RECORD_HEADER_LENGTH + (securityParameters.ConnectionIDLocal?.Length ?? 0); + // TODO Check for overflow - this.m_pendingEpoch = new DtlsEpoch(m_writeEpoch.Epoch + 1, pendingCipher); + this.m_pendingEpoch = new DtlsEpoch(m_writeEpoch.Epoch + 1, pendingCipher, recordHeaderLengthRead, + recordHeaderLengthWrite); } internal virtual void HandshakeSuccessful(DtlsHandshakeRetransmit retransmit) |