diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs
index a18210de2..efe9e7312 100644
--- a/crypto/src/tls/DtlsRecordLayer.cs
+++ b/crypto/src/tls/DtlsRecordLayer.cs
@@ -240,9 +240,9 @@ namespace Org.BouncyCastle.Tls
var cipher = m_readEpoch.Cipher;
int plaintextDecodeLimit;
- if (cipher is AbstractTlsCipher abstractTlsCipher)
+ if (cipher is TlsCipherExt tlsCipherExt)
{
- plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(ciphertextLimit);
+ plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(ciphertextLimit);
}
else
{
@@ -259,9 +259,9 @@ namespace Org.BouncyCastle.Tls
int ciphertextLimit = m_transport.GetSendLimit() - m_writeEpoch.RecordHeaderLengthWrite;
int plaintextEncodeLimit;
- if (cipher is AbstractTlsCipher abstractTlsCipher)
+ if (cipher is TlsCipherExt tlsCipherExt)
{
- plaintextEncodeLimit = abstractTlsCipher.GetPlaintextEncodeLimit(ciphertextLimit);
+ plaintextEncodeLimit = tlsCipherExt.GetPlaintextEncodeLimit(ciphertextLimit);
}
else
{
diff --git a/crypto/src/tls/RecordStream.cs b/crypto/src/tls/RecordStream.cs
index 5b5ceff34..739ee8d70 100644
--- a/crypto/src/tls/RecordStream.cs
+++ b/crypto/src/tls/RecordStream.cs
@@ -153,9 +153,9 @@ namespace Org.BouncyCastle.Tls
var cipher = m_readCipher;
int plaintextDecodeLimit;
- if (cipher is AbstractTlsCipher abstractTlsCipher)
+ if (cipher is TlsCipherExt tlsCipherExt)
{
- plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(length);
+ plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(length);
}
else
{
diff --git a/crypto/src/tls/crypto/TlsCipher.cs b/crypto/src/tls/crypto/TlsCipher.cs
index 9b69923ec..5665cbb7e 100644
--- a/crypto/src/tls/crypto/TlsCipher.cs
+++ b/crypto/src/tls/crypto/TlsCipher.cs
@@ -23,6 +23,7 @@ namespace Org.BouncyCastle.Tls.Crypto
/// <summary>Return the maximum size for the plaintext given ciphertextlimit bytes of ciphertext.</summary>
/// <param name="ciphertextLimit">the maximum number of bytes of ciphertext.</param>
/// <returns>the maximum size of the plaintext for ciphertextlimit bytes of input.</returns>
+ // TODO[api] Remove
int GetPlaintextLimit(int ciphertextLimit);
/// <summary>Encode the passed in plaintext using the current bulk cipher.</summary>
diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs b/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs
deleted file mode 100644
index 5315eb965..000000000
--- a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System;
-
-using Org.BouncyCastle.Utilities.IO.Compression;
-
-namespace Org.BouncyCastle.Tls.Crypto.Impl
-{
- public abstract class AbstractTlsCipher
- : TlsCipher
- {
- public abstract int GetCiphertextDecodeLimit(int plaintextLimit);
-
- public abstract int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit);
-
- // TODO[api] Remove this method from TlsCipher
- public virtual int GetPlaintextLimit(int ciphertextLimit)
- {
- return GetPlaintextEncodeLimit(ciphertextLimit);
- }
-
- // TODO[api] Add to TlsCipher
- public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
- {
- return GetPlaintextLimit(ciphertextLimit);
- }
-
- // TODO[api] Add to TlsCipher
- public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
- {
- return GetPlaintextLimit(ciphertextLimit);
- }
-
- public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
- int headerAllocation, byte[] plaintext, int offset, int len);
-
-#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
- int headerAllocation, ReadOnlySpan<byte> plaintext);
-#endif
-
- // TODO[api] Add span-based version?
- public abstract TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
- byte[] ciphertext, int offset, int len);
-
- public virtual void RekeyDecoder()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
-
- public virtual void RekeyEncoder()
- {
- throw new TlsFatalAlert(AlertDescription.internal_error);
- }
-
- public abstract bool UsesOpaqueRecordType { get; }
- }
-}
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index f8f01f380..e34ca589d 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>A generic TLS 1.2 AEAD cipher.</summary>
public class TlsAeadCipher
- : AbstractTlsCipher
+ : TlsCipher, TlsCipherExt
{
public const int AEAD_CCM = 1;
public const int AEAD_CHACHA20_POLY1305 = 2;
@@ -145,14 +145,14 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
decryptCipher.Init(dummyNonce, macSize, null);
}
- public override int GetCiphertextDecodeLimit(int plaintextLimit)
+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);
return innerPlaintextLimit + m_macSize + m_record_iv_length;
}
- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
@@ -161,21 +161,27 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return innerPlaintextLimit + m_macSize + m_record_iv_length;
}
- public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+ // TODO[api] Remove
+ public virtual int GetPlaintextLimit(int ciphertextLimit)
+ {
+ return GetPlaintextEncodeLimit(ciphertextLimit);
+ }
+
+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
{
int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;
return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
}
- public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
{
int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;
return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
}
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -257,7 +263,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];
@@ -334,7 +340,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#endif
- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int ciphertextOffset, int ciphertextLength)
{
if (GetPlaintextDecodeLimit(ciphertextLength) < 0)
@@ -421,17 +427,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType);
}
- public override void RekeyDecoder()
+ public virtual void RekeyDecoder()
{
RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer);
}
- public override void RekeyEncoder()
+ public virtual void RekeyEncoder()
{
RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer);
}
- public override bool UsesOpaqueRecordType
+ public virtual bool UsesOpaqueRecordType
{
get { return m_isTlsV13; }
}
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index bc04caee1..479f00fc9 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary>
public class TlsBlockCipher
- : AbstractTlsCipher
+ : TlsCipher, TlsCipherExt
{
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly byte[] m_randomData;
@@ -155,7 +155,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
}
- public override int GetCiphertextDecodeLimit(int plaintextLimit)
+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
int blockSize = m_decryptCipher.GetBlockSize();
int macSize = m_readMac.Size;
@@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);
}
- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
@@ -177,7 +177,13 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);
}
- public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+ // TODO[api] Remove
+ public virtual int GetPlaintextLimit(int ciphertextLimit)
+ {
+ return GetPlaintextEncodeLimit(ciphertextLimit);
+ }
+
+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
{
int blockSize = m_decryptCipher.GetBlockSize();
int macSize = m_readMac.Size;
@@ -187,7 +193,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
}
- public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
{
int blockSize = m_encryptCipher.GetBlockSize();
int macSize = m_writeMac.Size;
@@ -197,7 +203,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
}
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -285,7 +291,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
int blockSize = m_encryptCipher.GetBlockSize();
@@ -369,7 +375,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#endif
- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len)
{
int blockSize = m_decryptCipher.GetBlockSize();
@@ -475,7 +481,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);
}
- public override bool UsesOpaqueRecordType
+ public virtual void RekeyDecoder()
+ {
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+ }
+
+ public virtual void RekeyEncoder()
+ {
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+ }
+
+ public virtual bool UsesOpaqueRecordType
{
get { return false; }
}
diff --git a/crypto/src/tls/crypto/impl/TlsCipherExt.cs b/crypto/src/tls/crypto/impl/TlsCipherExt.cs
new file mode 100644
index 000000000..8e2742a69
--- /dev/null
+++ b/crypto/src/tls/crypto/impl/TlsCipherExt.cs
@@ -0,0 +1,10 @@
+namespace Org.BouncyCastle.Tls.Crypto
+{
+ // TODO[api] Merge into TlsCipher
+ public interface TlsCipherExt
+ {
+ int GetPlaintextDecodeLimit(int ciphertextLimit);
+
+ int GetPlaintextEncodeLimit(int ciphertextLimit);
+ }
+}
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
index 8e52f6374..fa40d7812 100644
--- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
{
/// <summary>The NULL cipher.</summary>
public class TlsNullCipher
- : AbstractTlsCipher
+ : TlsCipher, TlsCipherExt
{
protected readonly TlsCryptoParameters m_cryptoParams;
protected readonly TlsSuiteHmac m_readMac, m_writeMac;
@@ -69,14 +69,14 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
}
- public override int GetCiphertextDecodeLimit(int plaintextLimit)
+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
{
int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);
return innerPlaintextLimit + m_readMac.Size;
}
- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
{
plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
@@ -85,21 +85,27 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return innerPlaintextLimit + m_writeMac.Size;
}
- public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+ // TODO[api] Remove
+ public virtual int GetPlaintextLimit(int ciphertextLimit)
+ {
+ return GetPlaintextEncodeLimit(ciphertextLimit);
+ }
+
+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
{
int innerPlaintextLimit = ciphertextLimit - m_readMac.Size;
return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
}
- public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
{
int innerPlaintextLimit = ciphertextLimit - m_writeMac.Size;
return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
}
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int offset, int len)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -129,7 +135,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, ReadOnlySpan<byte> plaintext)
{
int macSize = m_writeMac.Size;
@@ -155,7 +161,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
}
#endif
- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
byte[] ciphertext, int offset, int len)
{
int macSize = m_readMac.Size;
@@ -196,7 +202,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);
}
- public override bool UsesOpaqueRecordType
+ public virtual void RekeyDecoder()
+ {
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+ }
+
+ public virtual void RekeyEncoder()
+ {
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+ }
+
+ public virtual bool UsesOpaqueRecordType
{
get { return false; }
}
|
